DNS

Download Report

Transcript DNS 

DNS
1
BIND
• DNS
– Resolve names to IP address
– Resolve IP address to names (reverse DNS)
• BIND
– Berkeley Internet Name Domain system
• Version 4 is still in use, but should be considered
obsolete
• Version 8 improves efficiency, security, and robustness
• Version 9 is a total rewrite and supports threads,
multiprocessor and more
2
Who needs DNS?
• DNS defines
– A hierarchical namespace for hosts and IP
addresses
– A distributed database of hostname and address
information
– A “resolver” to query this database
– Improved routing for email
– A mechanism for finding services on a network
– A protocol for exchanging naming information
3
4
5
DNS Lookup
• Application
– Becomes DNS client
– Sends request to local DNS server
• Local server
– If answer known, returns response
– If answer unknown
• Starts at top-level server
• Follows links
• Returns response
• Called name resolution
6
Resource Records
• Name: The domain name or IP address
• TTL: Time to Live
– Indicate the maximum amount of time a server
may keep a record in cache before checking
whether a newer one is available
• Class: Always IN for the Internet
• Type: Record type
• Data: Varies with record type
7
DNS Types
• Each entry in server consists of
– Domain name
– DNS type for name
– Value to which name corresponds
• During lookup, client must supply
– Name
– Type
• Server
– Matches both name and type
8
Example DNS Types
• Type A (Address)
– Name-to-address mapping
• Type MX (Mail eXchanger)
– Value is IP address of computer with mail server for name
• Type CNAME (Computer NAME)
– Canonical name (for aliases)
– Used to establish alias (www)
• SOA (Start of Authority)
– Indicate authority for this zone data
• NS (Name Server)
– A name server for this zone
• PTR
– IP-Address to domain name mapping
9
Reverse Name Resolution
• To look up domain names given an IP address
• Implemented by means of special domains
– in-adde.arpa
10
Reverse name resolution in-addr.arpa domain
IP address: 82.211.81.150
11
Domain: 150.81.211.82.in-addr.arpa
DNS Record Types
12
Components of BIND
• Daemon named
• Library routines
– Resolve hosts queries by contacting the servers of
the DNS distributed database
• Command-line interface:
– nslookup, dig, and host
13
Masters, Slaves, and the Authorities
• Authoritative Servers
– Master Server (keeps official copy of zone info on disk)
– Slave server (gets copy of zone info from master via zone transfer)
• Cache Servers
– Never authoritative
– Load “root” domain servers but all others are accumulated in memory
only
• Resource Records
–
–
–
–
stored in zone data
retrieved by resolvers sending queries to nameservers
Different types of resource records: A, CNAME, MX…
Each resource record has a TTL specified in the zone data
14
Name Server Taxonomy
15
@
IN
SOA beast.TCNJ.EDU. admin.beast.TCNJ.EDU. (
5923 ; serial number
10800
; Refresh 3 hours
3600
; Retry
1 hour
604800
; Expire
168 hours/1 week
43200 ) ; Minimum 12 hour
localhost
43200
IN
NS
beast.TCNJ.EDU.
IN
NS
seuss.TCNJ.EDU.
IN
NS
snuffy.TCNJ.EDU.
IN
A
127.0.0.1
beast
IN
A
159.91.15.220
beast
IN
MX 20
beast.TCNJ.EDU.
TCNJ.EDU.
IN
MX 20
beast.TCNJ.EDU.
lion
IN
A
159.91.15.221
lion
IN
MX 20
beast.TCNJ.EDU.
tsclion
IN
CNAME
lion.TCNJ.EDU.
sa.tcnj.edu.
IN
NS
cartman.sa.tcnj.edu.
cartman.sa.tcnj.edu.
IN
A
159.91.8.228
16
91.159.in-addr.arpa.
IN SOA beast.TCNJ.EDU. ssivy.beast.TCNJ.EDU. (
5774 ; serial number
10800
; Refresh 3 hours
3600
; Retry
1 hour
604800
; Expire
168 hours/1 week
43200 ) ; Minimum 12 hour
localhost
43200
IN
NS
beast.Trenton.EDU.
IN
NS
snuffy.Trenton.EDU.
IN
NS
seuss.Trenton.EDU.
IN
A
127.0.0.1
220.15.91.159.IN-ADDR.ARPA.
PTR beast.TCNJ.EDU.
221.15.91.159.IN-ADDR.ARPA.
PTR lion.TCNJ.EDU.
228.8.91.159.IN-ADDR.ARPA.
cartman.sa.tcnj.edu.
17
@
IN
SOA
beast.trenton.edu. admin.beast.tcnj.edu. (
3
; Serial number
10800
; Refresh rate in seconds for secondary servers
3600
; Retry in seconds after failure
3600000 ; Expire in seconds
1
86400)
; Default time-to-live in seconds
IN
NS
beast.tcnj.edu.
IN
PTR
localhost.
18
DNS Query
19
DNS Server Architecture
20
Example - /etc/named.conf
21
Example - /etc/named.conf cont’d
22
/etc/named.conf cont’d
23
Security Features in named.conf
24