Domain Name System DNS - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Domain Name System DNS

Description:

Primarily for mapping host names to IP addresses. E.g. as used in URLs ... responsible for a more specific sub-domain. And so on. wu.foo.com? (A records, INternet) ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 27
Provided by: mrob8
Category:
Tags: dns | domain | name | subdomain | system

less

Transcript and Presenter's Notes

Title: Domain Name System DNS


1
Domain Name System(DNS)
  • G53ACC

Chris Greenhalgh School of Computer Science and IT
2
Contents
  • Introduction
  • DNS names and name space
  • Resource records
  • Applications
  • Administration and zones
  • Query patterns
  • Message format
  • Cacheing
  • Books Comer Ch. 31

3
Domain Name System (DNS)
  • DNS provides name-to-value mapping through
  • hierarchicaldomain-based naming scheme
  • distributed database system
  • Primarily for mapping host names to IP addresses
  • E.g. as used in URLs
  • (other local solutions, e.g. Sun NIS, MS
    ActiveDirectory)
  • Defined in RFC1034 and RFC1035.

4
DNS Name Space
  • The Internet is divided into several hundred
    top-level domains
  • Each domain covers many hosts
  • Each domain is partitioned into subdomains
  • these too are further partitioned, and so on.
  • These domains can be represented by a tree

5
A Portion of the DNS Name Tree
com
edu
gov
mil
org
uk
ac
co
mit
nottingham
warwick
demon
ftp
cs
ccc
much
6
Names
  • A domain is named by the path from it to the
    (unnamed) root.
  • The components are separated by dots.
  • e.g. a Nottingham CS machine might
    bemuch.cs.nottingham.ac.uk
  • Hierarchical, so
  • much at CS (much.cs.nott.ac.uk) is notmuch at
    Warwick (much.warwick.ac.uk)

7
Names Restrictions
  • Domain names are case insensitive
  • edu and EDU mean the same thing
  • Component names can be up to 63 characters long
  • Full path names must not exceed 255 characters

8
DNS Resource Records
  • Each domain has a set of resource records
    associated with it.
  • For a single host, the most common resource
    record is just its IP address
  • but many other kinds of resource records exist
  • When a query is directed to a domain, the result
    is the relevant resource record(s) associated
    with that name

9
Resource Record structure
  • Each resource record comprises
  • Owner domain name
  • Type entry type, 16 bits, e.g. A, CNAME,
  • Class protocol or protocol family, 16 bits,
    e.g. IN (the INternet)
  • TTL time, 32 bits, seconds, that this resource
    record can be cached
  • RDATA type-specific information, e.g. IP
    address for type A record

10
Resource record Types
Type Meaning Value SOA Start of
Authority Parameters for this zone A IP address
of a host 32bit integer MX Mail
Exchange Priority, domain willing to accept
email CNAME Canonical Name Domain
Name PTR Pointer Alias for an IP
address HINFO Host Description CPU and OS in
ASCII (security risk rarely
used) TXT Text Uninterpreted ASCII text
11
A Simple Example
Resource Records for Much (Class (IN) and TTL
are nameserver defaults) much A
128.243.21.21 MX 1 marian MX 2 pat MX
5 nfs-relay.ac.uk HINFO Sparc UNIX
12
Applications (1)
  • Host Naming
  • ASCII names
  • e.g. marian.cs.nott.ac.uk
  • human readable
  • memorable
  • Numerical addresses
  • e.g. 128.243.21.16
  • needed by network (e.g. for routing)
  • DNS host name domain name, A record contains
    numerical IP address

13
Applications (2)
  • Host aliases
  • CNAME records, e.g. www.cs.nott.ac.uk gt
    pat.cs.nott.ac.uk
  • Note a node with a CNAME record should only have
    a CNAME record
  • All other queries are answered using records for
    the pointed-to domain name
  • PTR records, which just point to another domain
    name
  • Other queries not automatically forwarded
  • E.g. reverse lookup

14
Applications (3)
  • Reverse lookup IP address to host name
  • Special domain IN-ADDR.ARPA is root of tree with
    (reversed) dot-separated IP addresses as
    nodes/sub-nodes.
  • PTR records identify host domain name records
  • 131.21.243.128.IN-ADDR.ARPA gt (PTR)
    picasso.mrl.nottingham.ac.uk
  • picasso.mrl.nottingham.ac.uk gt (A)
    128.243.21.131
  • Why?
  • for security (delegation of sub-zones follows IP
    address allocation)
  • Is this really the machine which it says it is?
  • Is it entitled to use this IP address?

15
Applications (4)
  • Email addresses (Internet)
  • for example, mjr_at_cs.nott.ac.uk
  • MX record - Mail eXchanger gt host to deliver
    mail to for the given address
  • for cs.nott.ac.uk the answer is (with priority,
    low best)MX 5 pat.cs.nott.ac.uk.MX 8
    marian.cs.nott.ac.uk.MX 10
    pat.ccc.nottingham.ac.uk.

16
Administration Name Allocation
  • Naming follows organisational boundaries, not
    physical networks
  • Departments sharing the same LAN can have
    distinct domains
  • Hosts in departments split over several buildings
    can have the same domain

ac.uk
nottingham
warwick
cs
ccc
much
17
Administration Domain Allocation
  • Each domain controls how it allocates domains
    underneath it.
  • To create a new domain, permission is required of
    the domain in which it will be included
  • e.g. to create psychology.nott.ac.uk needs
    permission from nott.ac.uk
  • A new domain can create sub-domains without
    needing external permission
  • Top-level domains are administered by registries,
    e.g. interNIC for .com, .org, .net, .edu

18
Administration Zones
  • A zone is a fully connected subset of the domain
    name space which is administered as a single
    unit.
  • A zone will be a single sub-tree, less those
    sub-sub-trees which have been delegated to other
    administrative zones.
  • A zone must have at least two name servers, and
    must identify all sub-zone name servers.
  • Root zone information is cached by hand at
    most/all name servers.

19
A Portion of the DNS Name Space with Possible
Zones
uk
ac
co
warwick
demon
nott
cs
ccc
mrl
20
DNS Protocol Operation
  • Simple request-response protocol over UDP
  • Client forms request
  • uses UDP
  • sends to default server (e.g. from
    /etc/resolv.conf)
  • Server receives request
  • uses UDP
  • sends response back to client
  • may make additional (recursive) queries to other
    servers (if permitted by query flag RD)

21
DNS Message Format (i)
  • bytes 0,1 Client query identification no.
  • 2,3 Flags, including
  • QR (1 bit) query (0), response (1)
  • AA (1 bit) authoritative answer, i.e. by DNS
    server responsible for the domain in question.
  • RD (1 bit) recursion desired
  • RA (1 bit) recursion available (from server)
  • RCODE (4 bits) ok/error response (from server)

22
DNS Message Format (ii)
  • 4,5 number of questions
  • 6,7 number of answers
  • 8,9 number of authority records
  • 10,11 number of additional records
  • Followed by questions, answers, authority
    records, and additional records in turn.
  • Question comprises domain name, type (can be
    any) and class.
  • Answers and other records comprise standard
    resource records (see earlier)
  • Standard encodings and compression scheme using
    for domain names defined in RFC.

23
DNS Recursive Query (normal)
.com
.foo.com
Client
wu.foo.com? (A records, INternet)
marian .cs.nott.ac.uk
1. Client queries default (local) DNS server. 2.
If server cannot resolve query, it in turn
queries a DNS server which is responsible for
the root of that domain. 3. That server may pass
the request on to another DNS server
responsible for a more specific sub-domain. And
so on.
24
DNS Iterative Query
4.
3.
Client
2.
1.
1. Query sent to local DNS server 2. Local server
cannot resolve it, but returns address of DNS to
query next (server with authority for
domain) 3. Client queries authority DNS server 4.
That server returns results of query, or goto
step 2.
25
Response Caching
  • DNS servers (and clients) can cache responses to
    previous recursive queries
  • gives a non-authoritative answer
  • the server in not responsible for that domain but
    has a recent response
  • Needed for scalability, e.g. avoid accessing US
    for every .com domain name request
  • (also uses replication of servers)
  • Can optionally cache negative responses(e.g.
    common typos or defunct domains)

26
Tools
  • Command-line
  • dig
  • E.g. dig any cs.nott.ac.uk
  • nslookup
  • Web sites
  • Various
  • Providing access to similar facilities (and more)
Write a Comment
User Comments (0)
About PowerShow.com