Download - Basic DNS Course
![Page 1: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/1.jpg)
Basic DNS Course
Lecturer: Ron Aitchison
![Page 2: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/2.jpg)
Module 1
DNS Theory
![Page 3: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/3.jpg)
Objectives Function of Name Servers Names Servers play critical role DNS Hierarchy (root, TLDs, Users) DNS Delegation and Authority DNS Operational Structure DNS Servers and Resolvers DNS Master and Slaves DNS Queries
![Page 4: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/4.jpg)
Name Server Function
The purpose of any name server is to translate a name into something, typically an address, that can be used by network software to access a resource.
![Page 5: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/5.jpg)
Why not use an address?
Names are easier to remember (google.com vs 206.23.9.4)
Multiple addressing schemes can be used (IPv4 and IPv6)
We can relocate the resource without affecting the user's view of the network
We can duplicate the resource for resilience
![Page 6: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/6.jpg)
History of Name Servers Historically used files to name local
devices 1974'ish IBM's SNA contained name
translation capabilities 1978 Open system Interconnect (OSI)
Model – Name/Address Translation (L4) 1984 NetBIOS Name Server -> WINS 1981 – 1987 RFC 1034/1034 DNS
![Page 7: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/7.jpg)
Name Server becomes Critical No Name Server = no network
access Resilience Performance
Number of Names LANS – 10s ->1,000s of addresses WANs (Internet) 1,000s -> millions
Frequency of Change
![Page 8: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/8.jpg)
Domain Name System (DNS)
Multiple Name Servers Performance Resilience
Hierarchy of names (Domains) volume of names frequency of changes performance
![Page 9: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/9.jpg)
DNS Name Hierarchy Organized into tree hierarchy
Top of the tree is called the root Each branch is called a Domain
Any number of branches or levels Top Level Domain (TLD), Second Level Domain
(SLD) Responsibility for Domain is Delegated Each Level is Authoritative
![Page 10: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/10.jpg)
DNS Hierarchy
Since 1998 the responsibility for the allocation and operation of the domain name hierarchy lies with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization but operates under a MOU with the US. Dept. of Commerce.
![Page 11: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/11.jpg)
DNS Domain Name
Typical user domain name Each level is separated by dots Highest level is on the right Authority controls everything to the left
left of example.com in above case Authority may delegate
www.example.com
![Page 12: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/12.jpg)
DNS Name Hierarchy
root
.us.com .arpaTLDs
Delegation
Authoritative
![Page 13: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/13.jpg)
DNS TLD's gTLDs (generic Top Level Domains)
.com, .net, .org, .mil, .edu, .int, etc.
Some are open .com, .net, .org
Some restricted .mil, .edu, .int
Since 2004 sTLDs Sponsored
.coop, .museum, .aero, .travel, .jobs, .mobi, .cat, .tel, .asia Generic .info, .biz, .pro, .name
Since 2011 auction (essentially no limits only $)
![Page 14: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/14.jpg)
DNS TLDsccTLDs (country code)
.us, .ca, .uk etc. Defined by ISO 3166
.arpa (technically a gTLD) ICANN (IANA) use only specialized uses
![Page 15: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/15.jpg)
DNS – Some Terminology TLD
Top Level Domain SLD
Second Level Domain Can be used to refer to a user domain Confusing since in many countries the
user domain is the third level (TLD!)
![Page 16: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/16.jpg)
DNS Name Hierarchy
TLDs
SLDs/User
![Page 17: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/17.jpg)
Delegation and AuthorityOwner is authoritative at levelOwner may do anything to left of
nameOwner may delegate
![Page 18: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/18.jpg)
DNS Domain Name
.com is gTLDexample is user domain namewho chose www?what is www?
www.example.com
![Page 19: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/19.jpg)
DNS Domain Name
www.example.com.
![Page 20: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/20.jpg)
DNS Domain Name
With the ending dot Fully Qualified Domain Name (FQDN) unambiguously defines a name to the root the dot (.) is the root and is normally
silent
www.example.com.
![Page 21: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/21.jpg)
Domain Nameswww.example.md.uswww.guardian.co.ukwww.bancobrasil.com.brftp.example.orgwww.nashville.tn.uswww.br.example.netwww.un.int
![Page 22: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/22.jpg)
Module 1
DNS Operations and Protocol
![Page 23: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/23.jpg)
DNS - Operations/Protocol Authoritative DNS at every level in
name hierarchy DNS is interrogated using queries
Port 53 UDP (mostly) 512 byte blocks (EDNS0 64K)
Other Operations TCP on port 53
![Page 24: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/24.jpg)
DNS - Operations
![Page 25: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/25.jpg)
DNS Operations
root DNS Servers
user DNS Servers(example.com)
TLD DNS Servers
www.example.com
Queries
Query
Query
Query
Referral
Answer
Referral
![Page 26: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/26.jpg)
DNS Operations Authoritative Name Server at every
level in domain name Name lookup asks (Queries) each
level in hierarchy If Name Server not authoritative it
returns a referral to next level If Name Server authoritative it
returns an answer
![Page 27: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/27.jpg)
DNS - Operations 13 root servers a.root-servers.net – m.root-servers.net gTLD/ccTLD servers – variable
.com = 12 .net = 12 .org = 6
User servers – variable 2 minimum (Microsoft 5, Google 4)
![Page 28: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/28.jpg)
DNS Operations
root DNS Servers
user DNS Servers(example.com)
TLD DNS Servers
www.example.com
caching DNS Server
Resolver
Queries
![Page 29: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/29.jpg)
DNS Servers and Resolvers DNS (name) servers are:
Authoritative Caching Combinations
Resolvers are: Never Authoritative Full – Function (follows referrals) Stub-Resolver (cannot follow referrals) Caching Stub-Resolver
![Page 30: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/30.jpg)
Authoritative DNSMay be a Master or Slave
Sometimes called Primary and Secondary
Responds authoritatively to a query for the complete address example.com authoritative server will
respond to www.example.com
![Page 31: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/31.jpg)
DNS – Master and Slave
![Page 32: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/32.jpg)
DNS - Master and Slave Master reads zone file from local storage Slave reads via network from Master Both Master and Slave are Authoritative May be one or more Slaves May be no slaves (multiple Masters) May be no visible masters (hidden
Master)
![Page 33: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/33.jpg)
DNS – Zone Transfers Passive – Slave Initiated
Slave reads zone record (SOA) periodically Full Transfer (AXFR) Incremental Transfer (IXFR) Uses TCP on port 53
Active - Master sends NOTIFY Slave reads SOA on receipt of NOTIFY AXFR or IXFR Speeds up zone change propagation to slaves
![Page 34: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/34.jpg)
DNS Zone Transfer
![Page 35: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/35.jpg)
DNS QueriesRecursive Queries
requested server will provide answer Optional
Iterative (non-recursive) Queries Server will provide answer if available Else sends referral Mandatory
![Page 36: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/36.jpg)
DNS Recursive/Iterative Queries
![Page 37: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/37.jpg)
DNS - Queries Locally configured DNS (properties)
will always point to a recursive (caching) name server
PC have stub-resolvers (cannot follow referrals)
Windows have caching resolver stub-resolver cache for performance
![Page 38: Basic DNS Course](https://reader035.vdocuments.mx/reader035/viewer/2022062722/5681397f550346895da11251/html5/thumbnails/38.jpg)
Quick Quiz Who controls the domain name space? What is www.ny.us.example.com.br? How many DNS servers may be involved
in the above? One method to speed up name changes? Will an iterative query give me answer? What type of resolver is on your PC?