1 The name and address space Network Training Workshop San Jose, 13-20 June 1999 Track1: Host Based...

Post on 28-Dec-2015

217 views 2 download

Tags:

transcript

1

The name and address space

Network Training WorkshopSan Jose, 13-20 June 1999

Track1: Host Based Internetworking

2

What is a domain name ?

Networking language

137.138.131.253hard to remember

Network Training Workshop

www.isoc.orgIntermediate language not easy to find

still difficult to rememberDNS: Domain Name Service

easy to find

3

What is DNS?

Domain Name Service Internet protocol Distributed data base system for objects in a computer

network Net-wide Database It Maps

name to address address to name

Set of tools to manage the service

4

IP addresses and names

Disadvantages of an address It is too long (192.162.16.201) It has no representation for the organization It is difficult to remember IP addresses can change

Names Human users prefer to use names instead of numbers A name can be associated to any device that has an IP

address Advantages of names

They make reference to an organization name: *.ibm.com They are easy to remember

5

Why use hierarchical names?

Internet hosts and other resources need globally unique names

Difficult to keep unstructured names unique would require a single list of all names

in useHierarchical names are much easier

to make unique

6

Domain Name Hierarchy

.

edu

Root domain

com gov mil net org ro fr at . . . . . . jp

ici rnc ase pub utt vsat

roearn ns std cs lmn dsp

ulise paul

ac co gv or . . .

uni-linz tuwien . . . . . . .

eunet

cc

univie

mat exp itc . . . . . .

phytia alpha chris

Top-Level-Domains

Second Level Domains

7

Domain name structures

The root of system is unnamed Top level domains are:

Within the United States of Americaedu - educational institutionscom - commercial institutionsnet - network support organizationsgov - government agenciesmil - military organizationsorg - organizations that don’t fit in any of the above

country code according to ISO-3316 (uk, de, pl, sk, mk, ...) Flat structure Based on generic categories (ac, co, gv, org, net, etc.) Based on geographical locations (waw.pl, poznan.pl, etc.)

8

ICANN

ICANN

Internet Corporation for Assigned Names and Numbers

ICANN is the overall authority for:

IP addresses; top-level-domains;

9

Domain Name Servers

Usually host names are used in network commands (telnet, ftp, mail, gopher clients, www clients, etc. );

Network connections always take place based on the IP address; The system always converts host names to addresses before the

network connection is made; How to associate names with addresses?

Host table Domain Name Server

10

Host Table

host table is a simple text file (/etc/hosts) which contains associations between an IP address and a list of host names.

Example: 130.65.240.254 carlos.t1.isocws.isoc.org

carlos Disadvantage

The table should contain all the Internet hosts ( x 1,000,000 entries);

The table is very large; Difficult to update when new hosts are connected to

Internet or IP addresses are changed

11

Domain Name Server (DNS)

Overcomes the weaknesses of the host table

It is a distributed database system

Host names are automatically disseminated to those who ask to have access

12

BIND - UNIX Name Service

In UNIX, DNS is implemented by the Berkeley Internet Name Domain (BIND) software;

It is a client/server software system; The client is called “resolver”; it generates queries for domain

name information that are sent to the server; The server is a daemon called named. The domain name is actually an argument used by the local

resolver; The resolver is responsible for hiding the distribution of data

among nameservers from the user; The resolver is part of the operating system.

13

DNS Operation

To establish a connection to a remote host, a user program sends a query to the resolover, asking the IP number of a specified hostname;

The resolver starts with knowledge of at least one nameserver; The resolver processes a user query by asking a known nameserver

for the information (IP for the remote host); If the nameserver has the answer, it will give it. The local nameservers knows the addresses of other nameservers; If the remote host is in a zone for which the local nameserver is not

authoritative, queries will be sent to other nameservers, starting with root servers to find out the delegated nameserver for the top-level-domain, the subdomain and so on;

14

DNS Operation (continue)

To minimize the answer time for the next query to the same host name, the nameserver caches the information obtained by a query; the information cached is valid a certain time period as defined when that zone was configured.

Finally, the nameserver delegated for the zone containing the remote host is reached and the IP addresses is obtained and returned to the host which initiated the first query;

15

The resolver/server model (diagram)

AuthoritativeNameserver

Recursive Nameserver

CACHE

Resolver Resolver

16

Resolver Configuration

Configuration file name /etc/resolv.conf.

Designates the name servers on the network that should be sent queries.

The resolver will try to contact a name server The resolv.conf file contains directives

; comment # another comment search search-list nameserver server-address ; multiple

lines

17

Example - Resolver Configuration

search t1.isocws.isoc.org

nameserver 130.65.37.128

nameserver 130.65.37.215

18

Checking DNS using nslookup

nslookup commands:server <nameserver> ; set the server to be queriedset type = NS ;queries NS resourcesset type = SOA ;queries SOA resourcesset type = A ;queries A resourcesset type = MX ;queries MX resourcesset type = CNAME ;queries CNAME resourcesset type = PTR ;queries PTR resourcesset type = ANY ;queries ANY resourcesls <domain> ;lists the <domain> zonels <domain> > <file-name> ;gets the zone <domain> into the

file<file-name>

19

Checking DNS using dig

Dig Tool to manage DNS settings Syntax is:

dig [domain] @nameserver [query-type]

20

Exercise 1. Checking DNS using nslookup

nslookup commands:server <nameserver> ; set the server to be queriedset type = NS ;queries NS resourcesset type = SOA ;queries SOA resourcesset type = A ;queries A resourcesset type = MX ;queries MX resourcesset type = CNAME ;queries CNAME resourcesset type = PTR ;queries PTR resourcesset type = ANY ;queries ANY resources

ls <domain> ;lists the <domain> zonels <domain> > <file-name> ;gets the zone <domain> into <file-name>view <file-name> ;views the <file-name> file

#nslookup>set type=any>www.t1.isocws.isoc.org.>org.>ls isoc.org > file1>view file1

You can check other domains, known to you.

21

Exercise 2. Checking DNS using dig

dig command:# dig [zone] @nameserver [query-type]

Exercises # dig @ns.t1.isocws.isoc.org t1.isocws.isoc.org A # dig @ns.t1.isocws.isoc.org t1.isocws.isoc.org NS # dig @ns.t1.isocws.isoc.org isocws.isoc.org MX

What information does give you?

You can check other domains, known to you.

22

Remarks

DNS is essential for a proper operation of the network; If DNS fails, connections to any remote host are no more

possible; To allow network operation in case of failures of a nameserver,

each nameserver (called primary nameserver should have at least another nameserver (called secondary nameserver) which holds a copy of the zone file;

The secondary nameserver periodically queries the primary nameserver whether the zone was changed. In case of the change, it is transferred into its cache and also stored in a local file, which will be used next time at starting up as initial data;

When data about a new host should be added to the DNS database, or a change of address/name should be done, the entry is done only on the primary nameserver; the secondary nameserver will get it automatically.

23

Reverse Lookup

When a source host establishes a connection to a destination host, the TCP/IP packets carry out only IP addresses of the source host;

For authentication, access rights or accounting information, the destination host wants to know the name of the source host;

For this purpose, a special domain “in-addr.arpa” is used; The reverse name is obtained by reversing the IP number and

adding the name “in-addr.arpa”; Example: address: 130.65.240.254

reverse name: 254.240.65.130.in-addr.arpa Reverse domains form a hierarchical tree and are treated as any

other Internet domain.

24

Reverse Domain Hierarchy

187 188 189 190 191 192 193 194 195 . . . . . .

157 158 159 160 165 166 167 168 . . .

.in-addr

.arpa

162161 163 164

161514 1312 17 18 19 20 21

31 2 4 5

25

Hierarchy of nameservers

Root nameserver - delegates nameservers for top-level-domains;

Nameserver for each top level domain - holds information about the top level domain, delegates nameservers for subdomains;

Nameserver for each subdomainNameserver for each reverse domain

26

Requirements for a nameserver

A query should be resolved as fast as possible; It should be available 24 hours a day; It should be reachable via fast communication lines; It should be located in the central in the network

topology; It should run robust, without errors and interrupts.

27

Type of servers

DNS server primary for some zones secondary for others,

Caching Only Server All servers & not authoritative for any zone

Forwarding Server always forwards queries it cannot satisfy from its cache, to a

fixed list of forwarding servers; the queries to the forwarding servers are recursive queries.

28

Files

Name server uses several files to load its data base This section covers the files and their formats

needed for named Boot File

file - first read when named starts up tells the server what type of server it is, which

zones it has authority over and where to get its initial data.

The default location /etc/named.confCan be changed by setting the BOOTFILE variable when

you compile named or by specifying the location on the command line when named is started up.

29

Domain data files

Two standard files for specifying the data for a domain mapping addresses in names mapping name in addresses

These files use the Standard Resource Record Format (RR)

Note: The file names are arbitrary; many network administrators

prefer to name their zone files after the domains they contain, especially in the average case which is where a given server is primary and/or secondary for many different zones.

30

Forward mapping File

This file contains all the data about the machines in this zone.

The location of this file is specified in the boot file.

Declare in named.conf file

31

Reverse mapping File

This file specifies the IN-ADDR.ARPA domainDeclared in named.conf fileThis is a special domain for allowing address

to name mapping. Special domain formed to allow inverse

mappingThe IN-ADDR.ARPA domain has four labels

preceding it. (4 octets of an Internet address) E.g. Internet address 128.32.0.4 domain 4.0.32.128.IN-ADDR.ARPA.

32

Standard Resource Record Format (RR)

The records in the name server data files are called resource records. The Standard Resource Record Format (RR) is specified in RFC1035.

General description of these records: {name} {ttl} addr-class Record Type Record

Specific data the name may be left blank The second field is an optional time to live field. (default

ttl is specified in the Start Of Authority resource record). The third field is the address class currently, only one

class is supported: IN

33

IP address for a host

A recordOwner is host nameData is IP address

; IP address of infoserver.xyz.comwww.dns.net. 86400 IN A

196.34.13.9

34

Information needed by the DNS infrastructure itself

SOA record Each zone has exactly one SOA record

NS records Each zone has several nameservers that

are listed as having authoritative information about domains in the zone

One NS record for each such nameserver

35

SOA record

Every zone has exactly one SOA record

The domain name at the top of the zone owns the SOA record

Data portion of SOA record contains: MNAME - name of master nameserver RNAME - email address of zone administrator The Five Magic Numbers

SERIAL - serial numberREFRESH RETRY EXPIRE MINIMUM - timing parameters

36

NS record

Each zone has several listed nameserversOne NS record for each listed nameserver

primary and secondarythe data portion of each NS record contains

the domain name of a nameserverDoes not contain IP address

Get that from an A record for the nameserver

37

SOA and NS record example

; owner TTL class type dataxyz.com. 86400 IN SOA ns1.xyz.com. fred.xyz.com. ( 199906141 ; serial 21600 ; refresh 3600 ; retry 2600000 ; expire 900 ) ; minimumxyz.com. 86400 IN NS ns1.xyz.com.xyz.com. 86400 IN NS ns2.xyz.com.xyz.com. 86400 IN NS server.where.example.

38

SOA and NS example using some shortcuts

$ORIGIN xyz.com.$TTL 86400; owner TTL class type data@ IN SOA ns1.xyz.com. fred.xyz.com. ( 199710161 ; serial 21600 ; refresh 3600 ; retry 2600000 ; expire 900 ) ; minimum NS ns1 NS ns2 NS server.where.example.

39

More RRs above and below zone cuts

RRs in the child zone (below the cut) SOA and NS records (authoritative)

RRs in the parent zone (above the cut) NS records (should be identical to those

in the child zone)glue records

the child zone’s nameservers sometimes need A records in the parent zone

40

Zone cut example - RRs in the child zone

parent is COM zone; child is XYZ.COM zone child zone has SOA and NS records, and A

records for hostsxyz.com. IN SOA xxx xxx xxx xxx xxx xxx xxx NS ns1.xyz.com. NS another.where.edu. ns1.xyz.com. A 193.226.0.3; the xyz.com zone does not have an A record; for another.where.edu.

41

Zone cut example - RRs in the parent zone

parent is COM zone; child is XYZ.COM zone parent zone has its own SOA and NS records, plus

copies of child zone’s NS records, plus glue recordsCOM. IN SOA xxx xxx xxx xxx xxx xxx xxx

NS xxxxxxx

NS yyyyyyy

xyz.com. NS ns1.xyz.com.

NS another.where.ro.

ns1.xyz.com. A 192.0.2.3

; the com zone does not have an A record

; for another.elsewhere.edu.

42

Hostname for an IP address

PTR record Owner is IP address, mapped into the in-

addr.arpa domain Data is name of host with that IP address

; host name for IP address 192.0.3.23.0.226.193.in-addr.arpa. PTR

infoserver.ici.ro.

43

Information about mail routing

MX record Owner is name of email domain Data contains preference value, and name

of host that receives incoming email

; send xyz.com’s email to mailserver or backupserver

xyz.com. MX 0 mail.xyz.ro.

xyz.com. MX 10 backup.xyz.ro.

44

Free form text

TXT record Owner is any domain name Data is any text associated with the

domain name Very few conventions about how to use it

.ro. TXT “George Macri - Tech-contact”

45

Alias to canonical name mapping

CNAME record Owner is non-canonical domain name (alias) Data is canonical domain name

; ftp.rnc.ro is an alias; info.ici.ro is the canonical nameftp.rnc.ro. CNAME info.ici.ro.

46

BIND 8 Highlights

DNS Dynamic Updates (RFC 2136) DNS Change Notification (RFC 1996) Completely new configuration syntax Flexible, categorized logging system IP-address-based access control for queries, zone

transfers, and updates that may be specified on a zone-by-zone basis

More efficient zone transfers Improved performance for servers with thousands of

zones The server no longer forks for outbound zone transfers Many bug fixes

47

Statements

A BIND 8 configuration consists of statements and comments. Statements end with a semicolon.

Statements supported: acl

defines a named IP address matching list, for access control and other uses include

includes a file key

specifies key information for use in authentication and authorization logging

specifies what the server logs, and where the log messages are sent options

controls global server configuration options and sets defaults for other statements

server zone

48

Example Config File

/* A simple BIND 8 configuration */options { directory "/var/named";};

};zone ”rnc.ro" in { type master; file "master/isc.org";};

49

Example Config File (cont.)

zone ”ici.ro" in { type slave; file "slave/vix.com"; masters { 192.162.16.31; };};zone "." in { type hint; file "named.cache";};zone "0.0.127.in-addr.arpa" in { type master; file "master/127.0.0";};

50

Domain Management

Starting namedNamed signaling processingDebugging DNS

Toolsnslookupdighost

51

Questions

52

REFERENCES

Christian Huitema, Routing in the Internet, Prentice Hall, ISBN 013-132192-7, 1996

Kevin Dowd, “Getting Connected, Internet at 56K and Up”, O’Reilly & Associates, Inc., Bonn, 1996

Network Technology Workshop, Tracks, 1996-1998 Craig Hunt, “TCP/IP Network Administration, O’Reilly & Associates,

Inc., Sebastopol, 1993 Internetworking Technology Overview, Cisco Systems, Inc., 1993 Book text of the 4th Network Seminar and Intensive Course for

Scientists and Network Managers from Central Europe, Feb. 1993, Vienna University Computer Center

E. Comer, “Internetworking with TCP/IP”, Vol I, Principles, Protocols and Architecture, Prentice Hall, Englewood Cliffs, New Jersey, 1991.

William Stallings, Data and Computer Communications, Macmillan Publishing Company, New York, 1985.