12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Domain Name System (DNS) 2G1701 Lecture Jon-Olov Vatn KTH/IMIT/TSLab © 2003

12 September 2003

Jon-Olov Vatn, KTH/IMIT/TSLab

Domain Name System (DNS)

2G1701 LectureJon-Olov Vatn

KTH/IMIT/TSLab © 2003

12 September 2003


Introduction

The domain name system (DNS) can be considered as a distributed hierarchical database, with the primary purpose of resolving domain name to IP address mappings.

It is also used for other resolution cases such as inverse lookup (IP=>domain name), mail and SIP servers, IPv6 addresses etc.

12 September 2003


Resolution examplesNormal lookup (domain name to IPv4 address)ripper:~>host trillian.it.kth.se

trillian.it.kth.se has address 130.237.212.43

Reverse lookup

ripper:~>host 130.237.212.6

6.212.237.130.IN-ADDR.ARPA domain name pointer gaia.it.kth.se

Hosts can have multiple domain names (aliases)ripper:~>host www.it.kth.se

www.it.kth.se is a nickname for fluff.it.kth.se

fluff.it.kth.se has address 130.237.203.50

12 September 2003


Resolution examples (cont)Finding a mail server for email address

[email protected]:~>host -t mx it.kth.se

it.kth.se mail is handled (pri=0) by mail.it.kth.se

ripper:~>host mail.it.kth.se

mail.it.kth.se has address 130.237.212.132

Looking up an IPv6 addressripper:~>host -t AAAA www.ssvl.kth.se

www.ssvl.kth.se IPv6 address 3ffe:4008:2:4:a00:20ff:fe81:78c5

12 September 2003


Some terminology Domain

Domain (e.g., kth.se) Subdomain (e.g., imit.kth.se), also

part of the parent domain (kth.se). Could specify the name of a host (e.g.

www.imit.kth.se) Zone

Defines the border of responsibility

12 September 2003


domain kth.sezone kth.se

Domain vs zoneLet’s consider the kth.se domain. If the

whole kth.se was managed by a central KTH organization the domain and the zone kth.se would be the same.

kth.se

se

it.kth.se imit.kth.se ssvl.kth.se

12 September 2003


domain kth.se

Domain vs zone (cont.)

To simplify maintenance the authority of a subdomain can be delegated (here it.kth.se)

se

zone it.kth.se

it.kth.se

kth.se

imit.kth.se ssvl.kth.se

zone kth.se

12 September 2003


DNS hierarchy

Organized similar to a file hierarchy, but written in reverse order:”/usr/sbin/ifconfig” ”cs.mit.edu.”

”.”

com org edu se arpa

in-addr.arpastanford

cs

(For reverse lookup)

Top levelDomains(TLD)

Root

mit

math cs math

root leaf rootleaf

kth

ssvl

12 September 2003


Small exerciseAssume the following: Your host is in the ssvl.kth.se domain and that

your name server is ns.ssvl.kth.se. You would like to browse www.cs.mit.edu.Your host will send the DNS query to ns.ssvl.kth.se: How will your host find the IP address of its

name server ns.ssvl.kth.se? Who will ns.ssvl.kth.se contact next in order to

find the IP address? A DNS server in its parent domain, a root DNS server or some other server?

12 September 2003


Small exercise (cont.) If you then would like to lookup the

address for www.cs.mit.edu again, would that DNS lookup be faster? Yes, since your host keeps a cache with

domain name to IP address mappings. Yes, since ns.ssvl.kth.se has cached the

mapping. No, the DNS lookup will take the same time

as before.

12 September 2003


Hierarchy of name servers Root name servers

13 DNS servers located around the world. Authoritative for the root domain ”.” Knows how to find name servers authoritative for the

different top level domains (TLD) TLD name servers

Each authoritative for some of the TLDs (com., edu., se., fi., uk., …)

Knows how to find name servers authoritative for the 2nd level domains (google.com, hotmail.com, kth.se, …)

And so on …

12 September 2003


Finding the root DNS servers Your name server can

recursively ask root DNS server, TLD DNS server, and so on until it reaches the name server authoritative for the target domain (e.g. cs.mit.edu)

But how will your DNS server find the root DNS server(s)? It keeps them in a file,often called ”root.hints”!

. 371742 IN NS L.ROOT-SERVERS.NET.

. 371742 IN NS M.ROOT-SERVERS.NET.

. 371742 IN NS A.ROOT-SERVERS.NET.

. 371742 IN NS B.ROOT-SERVERS.NET.

. 371742 IN NS C.ROOT-SERVERS.NET.

. 371742 IN NS D.ROOT-SERVERS.NET.

. 371742 IN NS E.ROOT-SERVERS.NET.

. 371742 IN NS F.ROOT-SERVERS.NET.

. 371742 IN NS G.ROOT-SERVERS.NET.

. 371742 IN NS H.ROOT-SERVERS.NET.

. 371742 IN NS I.ROOT-SERVERS.NET.

. 371742 IN NS J.ROOT-SERVERS.NET.

. 371742 IN NS K.ROOT-SERVERS.NET.L.ROOT-SERVERS.NET. 499062 IN A 198.32.64.12M.ROOT-SERVERS.NET. 499062 IN A 202.12.27.33A.ROOT-SERVERS.NET. 487141 IN A 198.41.0.4B.ROOT-SERVERS.NET. 487141 IN A 128.9.0.107C.ROOT-SERVERS.NET. 499062 IN A 192.33.4.12D.ROOT-SERVERS.NET. 499062 IN A 128.8.10.90E.ROOT-SERVERS.NET. 487141 IN A 192.203.230.10F.ROOT-SERVERS.NET. 462023 IN A 192.5.5.241G.ROOT-SERVERS.NET. 487141 IN A 192.112.36.4H.ROOT-SERVERS.NET. 487141 IN A 128.63.2.53I.ROOT-SERVERS.NET. 499062 IN A 192.36.148.17J.ROOT-SERVERS.NET. 458200 IN A 192.58.128.30K.ROOT-SERVERS.NET. 462023 IN A 193.0.14.129

12 September 2003


Our example (bogus) domain Your own domain,

sports.bogus IP address range

192.168.0.0/24 Routers, name

servers, web and mail servers, ordinary hosts

www

gw2

gw1

mail/ftp golf basket

.1

.2

.14

.129

.144 .137 .201

192.168.0.0/25

192.168.0.128/25

ns

.4

ns2

.11

Internet

12 September 2003


Multiple name servers For increased reliability each domain

should have (at least) two DNS servers DNS information is only entered at one

of the servers (primary master DNS) Slave (secondary) DNS servers receive

DNS configuration from the master. This procedure is known as zone transfer. Refresh interval, or triggered updates.

12 September 2003


Configuring a name serverBIND is a widespread DNS server. It has

two types of configuration files: The ”zone files”

The DNS ”database” files Resource records (RR): A, PTR, CNAME, … In our example the zones ”sports.bogus” and

”192.168.0” (reverse lookup) are of interest The main configuration file ”named.conf”

Organizes/glues the zone files

12 September 2003


Main configuration fileoptions {

directory ”/var/named”;};

zone ”sports.bogus” in {type master;file ”pz/db.sport.bogus”;

};

zone ”0.168.192.in-addr-arpa” {type master;file ”pz/db.192.168.0”;

};

zone ”.” in {

type hint;

file ”root.hints”;

};

zone ”0.0.127.in-addr-arpa” {

type master;

file ”pz/db.127.0.0”;

};

named.conf named.conf (cont)

origin

12 September 2003


Zone file (sport.bogus)

$TTL 3h

sports.bogus. IN SOA ns.sports.bogus. staff.sports.bogus. (

1 ; Serial

3h ; Refresh

1h ; Retry

1w ; Expire

1h ; Negative TTL

)

; Name servers (NS records)

sports.bogus. IN NS ns.sports.bogus.

sports.bogus. IN NS ns2.sports.bogus.

db.sports.bogus

12 September 2003


Zone file (cont)

; Addresses for canonical names (A records)

gw1.sports.bogus. IN A 192.168.0.1



ns.sports.bogus. IN A 192.168.0.4

ns2.sports.bogus. IN A 192.168.0.11

www.sports.bogus. IN A 192.168.0.14

golf.sports.bogus. IN A 192.168.0.137

mail.sports.bogus. IN A 192.168.0.144

basket.sports.bogus. IN A 192.168.0.201

db.sports.bogus

12 September 2003


Zone file (cont)

; Aliases (CNAME records)

ftp.sports.bogus. IN CNAME mail.sports.bogus.

; Mail servers

sports.bogus. IN MX 10 mail.sports.bogus.

db.sports.bogus

Mail server priority

12 September 2003


db.sports.bogus

Abbreviations

$TTL 3h

@ IN SOA ns.sports.bogus. staff.sports.bogus. (

1 ; Serial

3h ; Refresh

1h ; Retry

1w ; Expire

1h ; Negative TTL

)


IN NS ns

IN NS ns2

”@”implied

12 September 2003


Abbreviations (cont)

; Addresses for canonical names (A records)

gw1 IN A 192.168.0.1

gw2 IN A 192.168.0.2

IN A 192.168.0.129

ns IN A 192.168.0.4

ns2 IN A 192.168.0.11

www IN A 192.168.0.14

golf IN A 192.168.0.137

mail IN A 192.168.0.144

basket IN A 192.168.0.201

db.sports.bogus

repeatlast

12 September 2003


Abbreviations (cont)

; Aliases (CNAME records)

ftp IN CNAME mail

; Mail servers

@ IN MX 10 mail

db.sports.bogus

12 September 2003


Reverse look-up Compare a domain name and an IP address. IP

addresses also have a hierarchy, although the direction of root to leaf is reversed (left to right)

Possible to use the same technique to look up domain names from IP address (reverse look up)

Use of specific top and second level domain (in-addr.arpa) for this purpose, e.g., 14.0.168.192.in-addr.arpa

www.sports.bogus 192.168.0.14

12 September 2003


DNS hierarchy

”.”

com org edu se arpa

in-addr.arpastanford

cs

(For reverse lookup)

Top levelDomains(TLD)

Root

mit

math cs math

kth

ssvl 192

168

12 September 2003


Reverse look up (named.conf)options {

directory ”/var/named”;}

zone ”sports.bogus” in {type master;file ”pz/db.sport.bogus”;

};

zone ”0.168.192.in-addr-arpa” {type master;file ”pz/db.192.168.0”;

};

zone ”.” in {

type hint;

file ”root.hints”;

};

zone ”0.0.127.in-addr-arpa” {

type master;

file ”pz/db.127.0.0”;

};

named.conf named.conf (cont)

origin

12 September 2003


db.192.168.0

Reverse look up (zone file)

$TTL 3h


1 ; Serial

3h ; Refresh

1h ; Retry

1w ; Expire

1h ; Negative TTL

)


IN NS ns.sports.bogus.

IN NS ns2.sports.bogus.

”@” is0.168.192.in-addr.arpa

12 September 2003


Reverse zone file (cont)

; Address to name POINTER records (PTR records)

1 IN PTR gw.sports.bogus.

2 IN PTR gw2.sports.bogus.

4 IN PTR ns.sports.bogus.

11 IN PTR ns2.sports.bogus.

14 IN PTR www.sports.bogus.

…

201 IN PTR basket.sports.bogus.

db.192.168.0

”@” (0.168.192.in-addr.arpa) appended

12 September 2003


Primary and slave DNS servers Master and slave servers can answer to DNS

queries in the same way Primary Master DNS

This is were the administrator manually configures the zone files

Can specify which slaves that can get copies of the zone files

Slave DNS Specifies which zone files to download and which DNS

server to download this from Polls DNS server at specific interval. May store the transfered zone files locally.

Procedure is called ”zone transfer”

12 September 2003


SOA resource record revisited$TTL 3h


1 ; Serial

3h ; Refresh

1h ; Retry

1w ; Expire

1h ; Negative TTL

) Serial, Refresh and Expire related to master/slave zone

transfers $TTL and ”Negative TTL” related to lifetime of result of

previous DNS queries (caching is what makes DNS scalable!!)

12 September 2003


Delegation If someone would like to look up www.sports.bogus

its name server may recursively send its query to a root DNS (”.”), e.g., a.root-servers.net a TLD DNS (”bogus.”), e.g., ns.bogus our DNS (”sports.bogus.”), ns.sports.bogus

But how can ns.bogus know that the query should be sent to ns.sports.bogus?

And how can it know the IP address of ns.sports.bogus?

There is need for some glue information in the parent name server. This is what delegation is about!

12 September 2003


db.bogus

Delegation (cont)

$TTL 3h

@ IN SOA ns.bogus. staff.bogus. (

1 ; Serial

3h ; Refresh

1h ; Retry

1w ; Expire

1h ; Negative TTL

)

IN NS ns

; Name servers in delegated zones

sports.bogus. IN NS ns.sports.bogus.

IN NS ns2.sports.bogus.

ns.sports.bogus. IN A 192.168.0.4

ns2.sports.bogus. IN A 192.168.0.11

”@” is”bogus”

glue

12 September 2003


Delegation (cont) How to delegate the reverse look up?

The really hard thing is if there address blocks are not divided on octet borders.

How can you delegate a sub domain in your own domain?

For example, what if a the basket balls players would like to maintain their own domain ”basket.sports.bogus”

Documents

12 September 2003Jon-Olov Vatn, KTH/IMIT/TSLab Domain Name System (DNS) 2G1701 Lecture Jon-Olov Vatn KTH/IMIT/TSLab © 2003