Document 746412
Download
Report
Transcript Document 746412
Track1: Host Based Internetworking
The name and address space
Network Training Workshop
San Jose, 13-20 June 1999
1
What is a domain name ?
Networking language
137.138.131.253
hard to remember
Intermediate language
www.isoc.org
not easy to find
still difficult to remember
DNS: Domain Name Service
Network Training
Workshop
easy to find
2
What is DNS?
Domain Name Service
Internet protocol
Distributed data base system for objects in a computer network
Net-wide Database
It Maps
name to address
address to name
Set of tools to manage the service
3
IP addresses and names
Disadvantages of an address
It is too long (192.162.16.201)
It has no representation for the organization
It is difficult to remember
IP addresses can change
Names
Human users prefer to use names instead of numbers
A name can be associated to any device that has an IP
address
Advantages of names
They make reference to an organization name: *.ibm.com
They are easy to remember
4
Why use hierarchical names?
Internet hosts and other resources need
globally unique names
Difficult to keep unstructured names
unique
would require a single list of all names in use
Hierarchical names are much easier to
make unique
5
Domain Name Hierarchy
Root domain
.
edu
com
gov
mil
net
org
Top-Level-Domains
ro
fr
. . . . . .
at
jp
Second Level Domains
ici
rnc
ase
pub
utt
vsat eunet
univie
roearn
ns
std
cs
ulise
lmn
ac
uni-linz
co
gv
or
...
tuwien
.......
itc
. . . . . .
dsp
paul
cc
mat
exp
phytia alpha
chris
6
Domain name structures
The root of system is unnamed
Top level domains are:
Within the United States of America
edu - educational institutions
com - commercial institutions
net - network support organizations
gov - government agencies
mil - military organizations
org - organizations that don’t fit in any of the above
country code according to ISO-3316 (uk, de, pl, sk, mk, ...)
Flat structure
Based on generic categories (ac, co, gv, org, net, etc.)
Based on geographical locations (waw.pl, poznan.pl, etc.)
7
ICANN
ICANN
Internet Corporation for Assigned Names
and Numbers
ICANN is the overall authority for:
IP addresses;
top-level-domains;
8
Domain Name Servers
Usually host names are used in network commands (telnet, ftp,
mail, gopher clients, www clients, etc. );
Network connections always take place based on the IP address;
The system always converts host names to addresses before the
network connection is made;
How to associate names with addresses?
Host table
Domain Name Server
9
Host Table
host table is a simple text file (/etc/hosts) which
contains associations between an IP address and a
list of host names.
Example:
130.65.240.254
carlos.t1.isocws.isoc.org
carlos
Disadvantage
The table should contain all the Internet hosts (
x 1,000,000 entries);
The table is very large;
Difficult to update when new hosts are
connected to Internet or IP addresses are
changed
10
Domain Name Server (DNS)
Overcomes the weaknesses of the host table
It is a distributed database system
Host names are automatically disseminated
to those who ask to have access
11
BIND - UNIX Name Service
In UNIX, DNS is implemented by the Berkeley Internet Name
Domain (BIND) software;
It is a client/server software system;
The client is called “resolver”; it generates queries for domain
name information that are sent to the server;
The server is a daemon called named.
The domain name is actually an argument used by the local
resolver;
The resolver is responsible for hiding the distribution of data
among nameservers from the user;
The resolver is part of the operating system.
12
DNS Operation
To establish a connection to a remote host, a user program sends a
query to the resolover, asking the IP number of a specified hostname;
The resolver starts with knowledge of at least one nameserver;
The resolver processes a user query by asking a known nameserver for
the information (IP for the remote host);
If the nameserver has the answer, it will give it.
The local nameservers knows the addresses of other nameservers;
If the remote host is in a zone for which the local nameserver is not
authoritative, queries will be sent to other nameservers, starting with
root servers to find out the delegated nameserver for the top-leveldomain, the subdomain and so on;
13
DNS Operation (continue)
To minimize the answer time for the next query to the same host
name, the nameserver caches the information obtained by a
query; the information cached is valid a certain time period as
defined when that zone was configured.
Finally, the nameserver delegated for the zone containing the
remote host is reached and the IP addresses is obtained and
returned to the host which initiated the first query;
14
The resolver/server model (diagram)
Authoritative
Nameserver
Recursive Nameserver
CACHE
Resolver
Resolver
15
Resolver Configuration
Configuration file name
/etc/resolv.conf.
Designates the name servers on the network that
should be sent queries.
The resolver will try to contact a name server
The resolv.conf file contains directives
; comment
# another comment
search search-list
nameserver server-address
; multiple lines
16
Example - Resolver Configuration
search t1.isocws.isoc.org
nameserver 130.65.37.128
nameserver 130.65.37.215
17
Checking DNS using nslookup
nslookup commands:
server <nameserver>
set type = NS
set type = SOA
set type = A
set type = MX
set type = CNAME
set type = PTR
set type = ANY
ls <domain>
ls <domain> > <file-name>
; set the server to be queried
;queries NS resources
;queries SOA resources
;queries A resources
;queries MX resources
;queries CNAME resources
;queries PTR resources
;queries ANY resources
;lists the <domain> zone
;gets the zone <domain> into the
file<file-name>
18
Checking DNS using dig
Dig
Tool to manage DNS settings
Syntax is:
dig [domain] @nameserver [query-type]
19
Exercise 1. Checking DNS using nslookup
nslookup commands:
server <nameserver>
set
set
set
set
set
set
set
type = NS
type = SOA
type = A
type = MX
type = CNAME
type = PTR
type = ANY
ls <domain>
ls <domain> > <file-name>
view <file-name>
#nslookup
>set type=any
>www.t1.isocws.isoc.org.
>org.
>ls isoc.org > file1
>view file1
; set the server to be queried
;queries NS resources
;queries SOA resources
;queries A resources
;queries MX resources
;queries CNAME resources
;queries PTR resources
;queries ANY resources
;lists the <domain> zone
;gets the zone <domain> into <file-name>
;views the <file-name> file
You can check other domains, known to you.
20
Exercise 2. Checking DNS using dig
dig command:
# dig [zone] @nameserver [query-type]
Exercises
# dig @ns.t1.isocws.isoc.org t1.isocws.isoc.org A
# dig @ns.t1.isocws.isoc.org t1.isocws.isoc.org NS
# dig @ns.t1.isocws.isoc.org isocws.isoc.org MX
What information does give you?
You can check other domains, known to you.
21
Remarks
DNS is essential for a proper operation of the network;
If DNS fails, connections to any remote host are no more
possible;
To allow network operation in case of failures of a nameserver,
each nameserver (called primary nameserver should have at
least another nameserver (called secondary nameserver)
which holds a copy of the zone file;
The secondary nameserver periodically queries the primary
nameserver whether the zone was changed. In case of the
change, it is transferred into its cache and also stored in a local
file, which will be used next time at starting up as initial data;
When data about a new host should be added to the DNS
database, or a change of address/name should be done, the
entry is done only on the primary nameserver; the secondary
nameserver will get it automatically.
22
Reverse Lookup
When a source host establishes a connection to a destination host,
the TCP/IP packets carry out only IP addresses of the source host;
For authentication, access rights or accounting information, the
destination host wants to know the name of the source host;
For this purpose, a special domain “in-addr.arpa” is used;
The reverse name is obtained by reversing the IP number and
adding the name “in-addr.arpa”;
Example:
address: 130.65.240.254
reverse name: 254.240.65.130.in-addr.arpa
Reverse domains form a hierarchical tree and are treated as any
other Internet domain.
23
Reverse Domain Hierarchy
.arpa
.in-addr
187
188
157
158
12
189
190
159
13
191
193
194
160 161 162 163 164
14
1
192
15
2
195
165
16
17
18
3
4
5
19
. . . . . .
166
20
167 168 . . .
21
24
Hierarchy of nameservers
Root nameserver - delegates nameservers for
top-level-domains;
Nameserver for each top level domain - holds
information about the top level domain,
delegates nameservers for subdomains;
Nameserver for each subdomain
Nameserver for each reverse domain
25
Requirements for a nameserver
A query should be resolved as fast as possible;
It should be available 24 hours a day;
It should be reachable via fast communication lines;
It should be located in the central in the network
topology;
It should run robust, without errors and interrupts.
26
Type of servers
DNS server
primary for some zones
secondary for others,
Caching Only Server
All servers & not authoritative for any zone
Forwarding Server
always forwards queries it cannot satisfy from its cache, to a fixed list
of forwarding servers; the queries to the forwarding servers are
recursive queries.
27
Files
Name server uses several files to load its data base
This section covers the files and their formats needed
for named
Boot File
file - first read when named starts up
tells the server what type of server it is, which
zones it has authority over and where to get its
initial data.
The default location /etc/named.conf
Can be changed by setting the BOOTFILE variable when
you compile named or by specifying the location on the
command line when named is started up.
28
Domain data files
Two standard files for specifying the data for a domain
mapping addresses in names
mapping name in addresses
These files use the Standard Resource Record Format
(RR)
Note:
The file names are arbitrary; many network administrators
prefer to name their zone files after the domains they contain,
especially in the average case which is where a given server is
primary and/or secondary for many different zones.
29
Forward mapping File
This file contains all the data about the
machines in this zone.
The location of this file is specified in the
boot file.
Declare in named.conf file
30
Reverse mapping File
This file specifies the IN-ADDR.ARPA domain
Declared in named.conf file
This is a special domain for allowing address
to name mapping.
Special domain formed to allow inverse
mapping
The IN-ADDR.ARPA domain has four labels
preceding it. (4 octets of an Internet address)
E.g. Internet address 128.32.0.4
domain 4.0.32.128.IN-ADDR.ARPA.
31
Standard Resource Record Format (RR)
The records in the name server data files are
called resource records. The Standard
Resource Record Format (RR) is specified in
RFC1035.
General description of these records:
{name} {ttl} addr-class Record Type Record Specific
data
the name may be left blank
The second field is an optional time to live field. (default ttl is
specified in the Start Of Authority resource record).
The third field is the address class currently, only one class is
supported: IN
32
IP address for a host
A record
Owner is host name
Data is IP address
; IP address of infoserver.xyz.com
www.dns.net. 86400 IN A 196.34.13.9
33
Information needed by the DNS infrastructure itself
SOA record
Each zone has exactly one SOA record
NS records
Each zone has several nameservers that are
listed as having authoritative information
about domains in the zone
One NS record for each such nameserver
34
SOA record
Every zone has exactly one SOA record
The domain name at the top of the
zone owns the SOA record
Data portion of SOA record contains:
MNAME - name of master nameserver
RNAME - email address of zone administrator
The Five Magic Numbers
SERIAL - serial number
REFRESH RETRY EXPIRE MINIMUM - timing parameters
35
NS record
Each zone has several listed nameservers
One NS record for each listed nameserver
primary and secondary
the data portion of each NS record
contains the domain name of a
nameserver
Does not contain IP address
Get that from an A record for the
nameserver
36
SOA and NS record example
; owner TTL
class type data
xyz.com. 86400 IN
SOA ns1.xyz.com. fred.xyz.com. (
199906141 ; serial
21600
; refresh
3600
; retry
2600000
; expire
900
)
; minimum
xyz.com. 86400 IN
NS ns1.xyz.com.
xyz.com. 86400 IN
NS ns2.xyz.com.
xyz.com. 86400 IN
NS server.where.example.
37
SOA and NS example using some shortcuts
$ORIGIN xyz.com.
$TTL 86400
; owner TTL
class type data
@
IN
SOA ns1.xyz.com. fred.xyz.com. (
199710161 ; serial
21600
; refresh
3600
; retry
2600000
; expire
900
)
; minimum
NS ns1
NS ns2
NS server.where.example.
38
More RRs above and below zone cuts
RRs in the child zone (below the cut)
SOA and NS records (authoritative)
RRs in the parent zone (above the cut)
NS records (should be identical to those in
the child zone)
glue records
the child zone’s nameservers sometimes
need A records in the parent zone
39
Zone cut example - RRs in the child zone
parent is COM zone; child is XYZ.COM zone
child zone has SOA and NS records, and A records for
hosts
xyz.com.
IN
SOA xxx xxx xxx xxx xxx xxx xxx
NS ns1.xyz.com.
NS another.where.edu.
ns1.xyz.com.
A
193.226.0.3
; the xyz.com zone does not have an A record
; for another.where.edu.
40
Zone cut example - RRs in the parent zone
parent is COM zone; child is XYZ.COM zone
parent zone has its own SOA and NS records, plus
copies of child zone’s NS records, plus glue records
COM.
IN
SOA xxx xxx xxx xxx xxx xxx xxx
NS xxxxxxx
NS yyyyyyy
xyz.com.
NS ns1.xyz.com.
NS another.where.ro.
ns1.xyz.com.
A
192.0.2.3
; the com zone does not have an A record
; for another.elsewhere.edu.
41
Hostname for an IP address
PTR record
Owner is IP address, mapped into the inaddr.arpa domain
Data is name of host with that IP address
; host name for IP address 192.0.3.2
3.0.226.193.in-addr.arpa. PTR infoserver.ici.ro.
42
Information about mail routing
MX record
Owner is name of email domain
Data contains preference value, and name of
host that receives incoming email
; send xyz.com’s email to mailserver or backupserver
xyz.com. MX
0 mail.xyz.ro.
xyz.com. MX
10 backup.xyz.ro.
43
Free form text
TXT record
Owner is any domain name
Data is any text associated with the domain
name
Very few conventions about how to use it
.ro.
TXT
“George Macri - Tech-contact”
44
Alias to canonical name mapping
CNAME record
Owner is non-canonical domain name (alias)
Data is canonical domain name
; ftp.rnc.ro is an alias
; info.ici.ro is the canonical name
ftp.rnc.ro. CNAME info.ici.ro.
45
BIND 8 Highlights
DNS Dynamic Updates (RFC 2136)
DNS Change Notification (RFC 1996)
Completely new configuration syntax
Flexible, categorized logging system
IP-address-based access control for queries, zone
transfers, and updates that may be specified on a zone-byzone basis
More efficient zone transfers
Improved performance for servers with thousands of zones
The server no longer forks for outbound zone transfers
Many bug fixes
46
Statements
A BIND 8 configuration consists of statements and comments.
Statements end with a semicolon.
Statements supported:
acl
defines a named IP address matching list, for access control and other uses
include
includes a file
key
specifies key information for use in authentication and authorization
logging
specifies what the server logs, and where the log messages are sent
options
controls global server configuration options and sets defaults for other statements
server
zone
47
Example Config File
/* A simple BIND 8 configuration */
options {
directory "/var/named";
};
};
zone ”rnc.ro" in {
type master;
file "master/isc.org";
};
48
Example Config File (cont.)
zone ”ici.ro" in {
type slave;
file "slave/vix.com";
masters { 192.162.16.31; };
};
zone "." in {
type hint;
file "named.cache";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "master/127.0.0";
};
49
Domain Management
Starting named
Named signaling processing
Debugging DNS
Tools
nslookup
dig
host
50
Questions
51
REFERENCES
Christian Huitema, Routing in the Internet, Prentice Hall, ISBN 013132192-7, 1996
Kevin Dowd, “Getting Connected, Internet at 56K and Up”, O’Reilly &
Associates, Inc., Bonn, 1996
Network Technology Workshop, Tracks, 1996-1998
Craig Hunt, “TCP/IP Network Administration, O’Reilly & Associates, Inc.,
Sebastopol, 1993
Internetworking Technology Overview, Cisco Systems, Inc., 1993
Book text of the 4th Network Seminar and Intensive Course for
Scientists and Network Managers from Central Europe, Feb. 1993,
Vienna University Computer Center
E. Comer, “Internetworking with TCP/IP”, Vol I, Principles, Protocols
and Architecture, Prentice Hall, Englewood Cliffs, New Jersey, 1991.
William Stallings, Data and Computer Communications, Macmillan
Publishing Company, New York, 1985.
52