Guide to TCP/IP, Third Edition : Guide to TCP/IP, Third Edition Chapter 7:
Domain Name System
Objectives : IP Addressing and Related Topics 2 Objectives Understand the history of Domain Name System (DNS), types of services that DNS provides, types of roles that DNS servers can play on a network, and DNS database structure
Understand how DNS servers handle name resolution requests, including the role of nearby and root servers in the resolution process, and the difference between recursive and iterative name resolution requests
Explain the significance of DNS caching and the value of data in DNS caches
Objectives (continued) : IP Addressing and Related Topics 3 Objectives (continued) Understand DNS configuration files and resource record formats, and describe the most common DNS RR types
Understand how to handle the loopback address and root server data
Use the NSLOOKUP command to gather name server information, test DNS server configurations, and inspect the contents of key DNS records on such servers
Objectives (continued) : IP Addressing and Related Topics 4 Objectives (continued) Explain how DNS queries and responses work, and how they handle name resolution, DNS record lookups, zone data transfers, and reverse DNS queries
Understand the purposes of, and drawbacks to, implementing DNS in the real world
DNS History and Background : IP Addressing and Related Topics 5 DNS History and Background RFCs 882 and 883
Original RFCs for DNS
Created by Paul Mockapetris (also created JEEVES)
BIND (Berkeley Internet Name Domain)
Written by Kevin Dunlap in 1988
Database segments
Include only a portion of the overall namespace that DNS can access for its clients
DNS History and Background (continued) : IP Addressing and Related Topics 6 DNS History and Background (continued) DNS combines the following virtues
Allows local control over domain name database segments
Data from all database segments is available everywhere
Database information is robust and highly available
DNS
One of the most effective uses of distributed database technology in the world today
DNS Database Structure : IP Addressing and Related Topics 7 DNS Database Structure Mirrors structure of the domain namespace itself
Top-level domains in the U.S.
.com
.edu
.gov
.mil
.net
.org
Slide 8 : IP Addressing and Related Topics 8
The DNS Namespace : IP Addressing and Related Topics 9 The DNS Namespace DNS
Arbitrarily partitions tree and creates subtrees for database information
Domains (such as ibm.com)
Can be broken into subdomains (such as clearlake.ibm.com)
Any valid domain name
Ultimately resides within some specific DNS database
DNS Database Records : IP Addressing and Related Topics 10 DNS Database Records Resource records
Stores data associated with domain names, address records, and other specific data
Most commonly used types
Address (A) record
Canonical name (CNAME) record
Host information (HINFO) record
Mail exchange (MX) record
Name server (NS) record
Delegating DNS Authority : IP Addressing and Related Topics 11 Delegating DNS Authority DNS
Permits database record for primary DNS server to delegate authority to DNS servers lower in domain namespace
Once authority is delegated
Database for name server includes NS records that point to name servers
Organization of global DNS database
Designed to make it quick and easy for name servers to point to other name servers
Types of DNS Servers : IP Addressing and Related Topics 12 Types of DNS Servers Primary master name DNS server
Where the primary DNS database files for the domain(s) or subdomain(s) reside
Primary master
Distinguished from other name servers for a domain
For any DNS zone
There can be only one primary master name server
Secondary DNS Server : IP Addressing and Related Topics 13 Secondary DNS Server Gets its data for the zone from the master server for that zone
Zone data on a secondary server
Always originates from a primary server
Zone transfer
Secondary DNS server gets data for the zone from the master server for that zone
Secondary, or slave, DNS servers
Provide a back-up copy of the domain database for a specific zone
Caching Servers : IP Addressing and Related Topics 14 Caching Servers Store recently accessed DNS records from other domains
Caching-only server
Speeds access to specific domain names by storing a copy of the lookup data locally
Size and Internet access volume
Factors that determine if an organization implements separate caching-only servers
The Client Side of DNS : IP Addressing and Related Topics 15 The Client Side of DNS Resolvers
Issue requests for service, called name queries or address requests, to domain name servers
An address request
Seeks to resolve a domain name to a corresponding numeric IP address
Name query (inverse DNS query)
Seeks to resolve an address to a domain name
How Domain Name Servers Work : IP Addressing and Related Topics 16 How Domain Name Servers Work A TCP/IP client
Usually some application or service that encounters a domain name for which it needs an IP address
Servers
Queried in the order in which they appear in TCP/IP configuration files (from top down)
DNS servers
Handle real name resolution
Recursive Query : IP Addressing and Related Topics 17 Recursive Query Used by DNS resolvers to
Delegate the first DNS server that they contact to go out and find the necessary address translation
In the grand DNS server hierarchy
Any DNS server can issue iterative queries
Only a DNS client or a root server can issue recursive queries
Iterative or Non-Recursive Queries : IP Addressing and Related Topics 18 Iterative or Non-Recursive Queries Issued when one DNS server receives a recursive request
Do not cause other queries to be issued
Reason some recursive name queries involve a root server
Root server always knows how to find whatever DNS server is authoritative for the domain
The Importance of DNS Caching : IP Addressing and Related Topics 19 The Importance of DNS Caching All data in a DNS cache
Has an expiration value
DNS servers
Cache name and address pairs for addresses they resolved
Keep information about name requests that result in error messages
DNS Configuration Files and Resource Record Formats : IP Addressing and Related Topics 20 DNS Configuration Files and Resource Record Formats domain.dns
The files that map host names to addresses
addr.in-addr.arpa.dns
Files that map addresses to domain names for reverse lookups
Every DNS zone file must contain
SOA and NS records
Records about host names or addresses in that zone
Start of Authority Record : IP Addressing and Related Topics 21 Start of Authority Record Identifies the current name server as the best source of information for data in its zone
Both secondary and primary name servers can
Designate themselves as authoritative in their own SOA records
Address and Canonical Name Records : IP Addressing and Related Topics 22 Address and Canonical Name Records DNS, by default
Accesses only the first IP address for a host when multiple entries for a single domain name are defined
DNS round robin load balancing
Permits a DNS server to keep track of which IP addresses it has provided for a specific translation
Rotates the IP addresses within the list of addresses available
Mapping Addresses to Names : IP Addressing and Related Topics 23 Mapping Addresses to Names Records in the db.addr file
Provided to support reverse DNS lookups
Reverse address lookups
Used primarily to determine if IP address that user presents matches originating domain name
Classful
File structure of reverse DNS lookups
Handling the Loopback Address : IP Addressing and Related Topics 24 Handling the Loopback Address To ensure proper handling of the reserved loopback address
The db.127.0.0 file must be created on each individual machine
db.127.0.0 file
Begins with the required SOA record
Then provides NS records
Concludes with a PTR record
Obtaining and Storing Root Server Data : IP Addressing and Related Topics 25 Obtaining and Storing Root Server Data On a Windows server running DNS
Copy file to directory named %SystemRoot%\System32\DNS directory
Rename the file to cache.dns
The NSLOOKUP Command : IP Addressing and Related Topics 26 The NSLOOKUP Command Supported by Windows and UNIX
Provides access to all kinds of DNS information
Essential tool for testing, when configuring or troubleshooting a DNS server
Syntax
nslookup domain-name [name-server]
Slide 27 : IP Addressing and Related Topics 27
: IP Addressing and Related Topics 28
Using NSLOOKUP : IP Addressing and Related Topics 29 Using NSLOOKUP set OPTION command
Used to examine specific types of resource records
ls –a or ls –d
Used to extract information from certain well-known name servers
Slide 30 : IP Addressing and Related Topics 30
Slide 31 : IP Addressing and Related Topics 31
DNS Query/Response Packet Formats : IP Addressing and Related Topics 32 DNS Query/Response Packet Formats Four sections in the DNS response packets
Question section
Answer section
Authority section
Additional section
Slide 33 : IP Addressing and Related Topics 33
DNS Query/Response Packet Formats (continued) : IP Addressing and Related Topics 34 DNS Query/Response Packet Formats (continued) DNS query packet fields
ID Number Field
QR (Query/Response) Field
Opcode (Operation Code) Field
AA (Authoritative Answer) Field
TC (Truncation) Field
RD (Recursion Desired) Field
RA (Recursion Available) Field
Z (Reserved) Field
Slide 35 : IP Addressing and Related Topics 35
Slide 36 : IP Addressing and Related Topics 36
Slide 37 : IP Addressing and Related Topics 37
DNS Query/Response Packet Formats (continued) : IP Addressing and Related Topics 38 DNS Query/Response Packet Formats (continued) DNS query packet fields
Rcode (Response Code) Field
Question Count Field
Answer Count Field
Name Server Count Field
Additional Records Count Field
Question Name Field
Question Type Field
Question Class Field
DNS Query/Response Packet Formats (continued) : IP Addressing and Related Topics 39 DNS Query/Response Packet Formats (continued) DNS query packet fields
Name Field
Type Field
Class Field
Time to Live Field
Resource Data Length Field
Resource Data Field
DNS Implementation : IP Addressing and Related Topics 40 DNS Implementation Handles two major address related-activities
Resolving symbolic domain names into numeric IP addresses
Providing authoritative hostname-to-IP mapping
DNS servers for internal use
Usually focus on alleviating administration hassles by leveraging DHCP, WINS, Active Directory
The Trouble with DNS : IP Addressing and Related Topics 41 The Trouble with DNS DNS database updates
Require that a qualified administrator operates directly on the DNS database files, or
Uses special-purpose tools to make changes
“Propagation delay”
Time it takes for cached values to catch up with changes to authoritative databases
Additional Readings on DNS : IP Addressing and Related Topics 42 Additional Readings on DNS Cricket Liu, et al.: DNS on Windows Server 2003, O’Reilly & Associates
William Wong: Windows 2000 DNS Server, Osborne/McGraw-Hill
Paul Albitz and Cricket Liu: DNS and BIND, 4th Edition, O’Reilly & Associates
Craig Hunt: Linux DNS Server Administration, Sybex Books, Alameda, CA
Summary : IP Addressing and Related Topics 43 Summary The Domain Name System
Provides key address resolution service that makes today’s Internet possible
Impetus for DNS
Arose from difficulty of maintaining static HOSTS files for computers on the ARPANET
DNS name servers
Come in multiple varieties
Summary (continued) : IP Addressing and Related Topics 44 Summary (continued) DNS
Maintains its data on a large collection of name servers around the Internet
DNS databases
Consist of a collection of resource records (RRs)
DNS clients
Rely on a software component called a resolver to interact with an available
Summary (continued) : IP Addressing and Related Topics 45 Summary (continued) DNS clients
Rely on resolver to interact with available DNS server for name resolution services
DNS packet structures
Incorporate type information that identifies the kind of RR being carried