itec350 networks i lecture 3. dns (domain name service)
TRANSCRIPT
ITEC350 Networks ILecture 3
DNS (Domain Name Service)
Address “translation”
Domain Name Service (DNS) Given a Domain Name
(e.g., yahoo.com), lookup the IP address.
Command nslookup <somedomain.com> returns:
• DNS Server name & IP addr
• IP address(es) of the domain
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.
H:\>nslookup yahoo.comServer: newriver.radford.eduAddress: 137.45.26.19
Non-authoritative answer:Name: yahoo.comAddresses: 64.58.79.230, 66.218.71.198
U.S. Top Level Domains
Address Resolution Early Internet had no Domain Name System – Just HOSTS
file Win2K: C:\WINNT\system32\drivers\etc\HOSTS Unix\Linux: /etc/hosts
Ancient History: Before DNS, The master HOSTS file was maintained by SRI International Periodically, every computer in the internet reloaded HOSTS file
~1984 someone realized that millions of computers and domains needed a central database – DNS was born
Still, when a host needs to translate yahoo.com, First, HOSTS file is scanned Then DNS is used.
Domain Name Service (DNS)Developed by Postel & Mockapetriswww.internic.net is a good site to browseThe phone book of the internet
But more restrictive … Each entry must be• Unique• Authentic
Universal Resolvability is ensured Distributed Database
Figure 1.27: Domain Name System (DNS)
DNS Request Message“The host name is Voyager.cba.hawaii.edu”
OriginatingHost
DNSServer
Figure 1.27: Domain Name System (DNS)
DNS Table
Host Name……Voyager.cba.hawaii.edu…
IP Address……128.171.17.13…
DNS Response Message“The IP address is 128.171.17.13”Originating
HostDNS
Server
DNS
13 Identical Root Servers All Top Level Domain (TLD) Registries Database for each TLD
• .com .org .edu .biz …. (gTLDs)
• .fr .ca etc. country-specific TLDs, or ccTLDs
Root Servers are Authoritative Maintained by ICANN, www.icann.org (International Corporation for Assigned Names and Numbers)
Structure of DNSStructure of DNS
The DNS TreeThe DNS Tree
jp uk com org edu
acco
keio
sfcmed
Root Zone File
icann
TLDs
Map of the Root ServersMap of the Root Servers
DNS
Why does Radford have a DNS server called newriver.radford.edu ? The 13 authoritative servers could not handle
the load of billions of name resolutions Faster to have a “non-authoritative” local server If there is a domain name that
newriver.radford.edu does not have• Newriver can contact one of the authoritative root
servers
DNS NamesHierarchical, right to left
nth level ……. Top Level Domain (Label) yadda.yadda.yadda.yadda……….edu
TLD, or Label may be up to 63 chars longTotal length of name must be <= 255 charsTotal length <= 127 labelsDNS Names are either
Relative (newriver) Fully qualified (newriver.radford.edu, an actual host or
server)
Sidebar on Domain Names in USA
ISO 3166 is a standard that defines a unique TLD for each country (i.e., .fr = France)
Why don’t we see radford.edu.us? Because the USA, alone among all other countries,
decided not to bother using the ISO’s TLD schemeOther variations adopted by some countries
include “sub-domains” e.g.: In the UK, ac.uk, co.uk, and sch.uk are reserved for
academic, company and schools In Australia, a blend of the US and ISO is used: .edu.au,
.com.au
The root zone, AKA
DNS Zones: Any collection of hosts
.edu
radford.edu
Network lab in DA214
.
DNS ServersEach DNS zone has
A domain name At least a primary server Probably a secondary server as well
A computer that maintains a single master list of DNS Names and IP Addresses for a zone Has Authority for that Zone Is known as the primary server for the zone
Application (Host Process) Interfaces
Given a domain Name there are several methods of resolution Host table lookup (on Unix, /etc/hosts is a
text file ) Local name server process (on Unix, named) Send msg to a DNS primary or secondary
server
NSlookup – DNS Translation
Manual Page for nslookup can be found at
http://www.stopspam.org/usenet/mmf/man/nslookup.html
http://www.kloth.net/services/nslookup-man.php It is for Unix shell, but most operation is same for WIN2K
or up. The command nslookup allows DNS translation to a
DOS cmd window.
H:\>nslookupDefault Server: newriver.radford.eduAddress: 137.45.26.19> ?Commands: (identifiers are shown in uppercase, [] means optional)NAME - print info about the host/domain NAME using default serverNAME1 NAME2 - as above, but use NAME2 as serverhelp or ? - print info on common commandsset OPTION - set an option all - print options, current server and host [no]debug - print debugging information [no]d2 - print exhaustive debugging information [no]defname - append domain name to each query [no]recurse - ask for recursive answer to query [no]search - use domain search list [no]vc - always use a virtual circuit domain=NAME - set default domain name to NAME srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc. root=NAME - set root server to NAME retry=X - set number of retries to X timeout=X - set initial time-out interval to X seconds type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV) querytype=X - same as type class=X - set query class (ex. IN (Internet), ANY) [no]msxfr - use MS fast zone transfer ixfrver=X - current version to use in IXFR transfer requestserver NAME - set default server to NAME, using current default serverlserver NAME - set default server to NAME, using initial serverfinger [USER] - finger the optional NAME at the current default hostroot - set current default server to the rootls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE) -a - list canonical names and aliases -d - list all records -t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)view FILE - sort an 'ls' output file and view it with pgexit - exit the program
(Example) Nslookup
Server newriver.radford.edu Not authoritative for
yahoo.com Authoritative for
neelix• Relative form used
C:\>nslookup yahoo.comServer: newriver.radford.eduAddress: 137.45.26.19
Non-authoritative answer:Name: yahoo.comAddresses: 64.58.79.230, 66.218.71.198
C:\>nslookup neelixServer: newriver.radford.eduAddress: 137.45.26.19
Name: neelix.RADFORD.EDUAddresses: 137.45.192.213, 137.45.192.215
DNS records
Domain Name Servers get their information from a database maintained by the domain administrator.
A client sends a message to the DNS using the UDP protocol.
A server has different types of entries
DNS Query types
A, CNAME, NS, MX, PTR, SOA, TXT http://www.kloth.net/services/nslookup-man.php
Each query type returns slightly different subset of the total information.
Following slides were the output from http://www.kloth.net/services/nslookup.php Using radford.edu as the domain Each different query type selected in turn
DNS Resource Records (RR)
Start of Authority (SOA) – denotes the primary DNS and time limits.
Address (A) – supplies a host name's IP address Canonical Name (CNAME) – provides alias host
names Mail Exchanger (MX) – defines a domain's mail
systems Name Server (NS) – defines a domain's name
servers
DNS uses two request flavors
A recursive request will respond with the answer or an error message if the host is not known. This is the type of request made by a client when the user program executes a “gethostbyname” function.
An Interactive request will respond with the answer or the name of a DNS that may be able to answer the question. This type of request is usually used between Domain Name Servers. http://cr.yp.to/djbdns/intro-dns.html
DNS Search Example
. (ROOT)
Newriver.radford.edu
Cist_hp_da.radford.edu
.COM DNS zone Server
DNS.yahoo.com
yahoo.com
Cist_hp_da.radford.edu needs the address of a web server on yahoo.com
1
234
5
67
8
Radford University
Yahoo
One of the 13 root servers
Each blue oval is a network operated by a distinct organization. (ISP networks not shown)
Second DNS Search Example
. (ROOT)
Newriver.radford.edu
Cist_da_hp.radford.edu
.COM DNS
DNS.yahoo.com
ftp.yahoo.com
cist_da_hp.radford.edu needs the address of ftp.yahoo.com after
finding yahoo.com
.arpa
An explicit way to signal for reverse translation
http://cr.yp.to/djbdns/dot-arpa.html
Reverse lookups
http://cr.yp.to/djbdns/intro-dns.html#reverse