Docstoc

Difference between DNS and BIND

Document Sample
Difference between DNS and BIND Powered By Docstoc
					                                                                                                                      1




                                         DNS and BIND
                                     Student:Chiragkumar Barot(6638333)
                                  Unit: Unix for Telecommunications HET306
                                              Assignment:Part A
                                           Due date:14th April 2011
                                        Date submitted:14th April 2011



  Abstract—This document provides information about          Mail servers ,ftp programs, ssh all use DNS virtually.
DNS(Domain Name System) and functionality of DNS in          [1],[2]
the network.                                                       b) Functionality: A DNS system is divided into
                                                             domains and subdomains. DNS is a logically divided hi-
                   I. I NTRODUCTION                          erarchical structure.this domain name structure is called
                                                             namespace DNS namespace is like a tree of named
   DNS and BIND are distributed database systems. they       domains. A domain may have subdomain. For example
are the core of an internet connection and web browsing      http://Hello.example.com Domain is a subdomain of
.user will not be able start browsing internet without       http:/example.com. Domains are referred as levels. There
using these systems. DNS and BIND are fundamental            are total seven top-level domain which are sub-domains
building blocks of internetworking thus it is important      or second-level Childs of root domain like in Unix file
to understand the way of DNS and BIND behave.how             system which is also hierarchal root is on the top of
and why they were deployed in internet? Today number         all file system, root in DNS is on the top managed by
of hosts on internet increasing exponentially thus ,how      internet root servers.
DNS and BIND fulfill their requirements with efficiency        DNS protocol works with different functions. The most
and accuracy?                                                common function of DNS protocol is DNS Query, which
The following document provides an information about         consist od request and reply. The query request for
distributed database system. additionally, this document     Resource record from DNS database. The reply could be
also provides information about dynamic DNS and im-          ultimate answer iteration or denial if requested record is
portance of DDNS, to serve increasing number of hosts        not found.
on internet, DNS and BIND security, multi-user func-         [1],[2],[3]
tionality and two different type of scripts to design DNS       Further more, A Domain information(database) is
and BIND application.also, Issues and requirements as-       stored in a name server, the name server stores informa-
sociated with two types of scripts.                          tion about some part of domain referred as Zone.thus,
                                                             the domain information can be stored into one name
                        II. DNS                              server or can be divided into independent name servers
     a) Overview: DNS(Domain Name Systems) pro-              for some subdomains. If the subdomains are further
vides a mapping from a names to internet addresses.          divided into subordinates zones than the subordinates
Instead of using hostnames user can type IP address to       zones will be managed by subdomains name servers and
communicate with any device. But it will be difficult for     the domain and subdomains will be administered by the
user to remember ip addresses thus DNS was designed to       original name server. To elaborate further, let’s look at
make users lives easier. DNS consist of string separated     the example of xyz.com domain. The xyz domain is first
by dots called FQDN(fully qualified domain name). the         administered by one name server. xyz is configured as
highest authority is referred as root domain expressed as    a single zone. Now, xyz is subdivided to ”abc” those
dot(.) in DNS.                                               subdomains needs to be delegated by separate zone
Moreover, DNS is just not used for mapping hostnames.        means database or information for abc.xyz.com will be
But also provides all kind of information, advertise those   managed by separate name server in separate zone away
information about hosts. The DNS database is distributed     from xyz name server. If information for abc is not stored
world wide. DNS database contains records called ”Re-        in separate name server than the subdomain information
source Record (RR)”.Each part of DNS database is             will be part of xyz’s name server.
called ”zone” stored in particular ”name server”.            [1],[2]
                                                                                                                        2


   DNS Queries                                                [4]
   DNS protocol performs different functions. The most             d) Implementation: DNS Database is a core of
common function of DNS protocol is DNS Query,                 DNS.DNS servers handle databases. When user request
which consist od request and reply. The query request         for particular record from the database DNS protocol
for Recourse record from DNS database. The reply              searches the Resource Records(RR) files stored in
could be ultimate answer iteration or denial if requested     primary DNS server’s local hard drive. These files
record is not found. There are three types of DNS             are called DNS Databases.DNS database may contain
queries as below:.                                            different types of records as below:
                                                              SOA record: Authoritative data must start with the SOA
                                                              record. SOA indicates that this name server is best
  •   Recursive queries
                                                              source of information. there is always one SOA record
      In recursive query DNS server will try to answer
                                                              in a zone database file.
      with full reply or else it will give an error.
                                                              Brief description of field in SOA record.
  •   Iterative queries In Iterative query DNS server will
      partially answer a query of else reply with an error.
  •   Inverse queries Inverse queries support is optional       •   Name
      and reply from DNS server is NOT IMPLE-                       zone domain name.
      MENTED. ineverse queries are not used to fine host         •   ttl
      name to give domain name.                                     Duration for record in second for when record will
                                                                    be cached.
     c) Implementation: DNS Database is a core of               •   class
DNS.DNS servers handle databases.when user request                  Define the class of record normally which is
for particular record from the database DNS protocol                IN=internet.
searches the Resource Records(RR) files stored in                •   name server
primaray DNS server’s local hard drive.these files                   Name of authoritative domain.
are called DNS Databases.DNS database may contain               •   email-addr
differen types of records as below:                                 Responsible person email address.
                                                                •   sn-serial number
   Name server stores information about translation of              when the zone updates the value will increment by
computer names to IP addresses. name server takes care              one. Slave uses this value to initiate zone transfer
of curtains parts of computer names. Which is called                from master if the value for master is higher than
zone. There are mainly two types of name servers,                   salve.
primary name server and secondary name server. in               •   refresh
primary name server zone database is saved on local                 refresh is also used by slave when this value expires
host. Secondary name server acquires zone database                  slave will fetch data from master.
from primary name server at regular interval of time.           •   retry
Which is called zone transfer. there is one more name               If slave can not contact master retry will begin
server called master name server. Normally master                   normally after 180 seconds hold time.
server is primary server but that’s not required.               •   expiry
Types of DNS servers                                                expiry is used by slave server. After expiry slave do
                                                                    not respond to any query from master.
  1) Master(Primary) DNS server                               [4]
     Master can have one or more zone files. When                 Next entry is DNS record server: this entry defines
     master receive query for authorized zone than reply      the authoritative name server for a zone. There could
     as ”Authoritative. Master NOTIFY slave if there is       be one or more name servers for a zone.
     any zone changes.                                        A record: Address record assigns ip address to domain
  2) Slave(Secondary) DNS server                              names of a computer.
     Slave is performs zone transfer to fetch data from       CNAME record: CNAME records are used to assign
     master.                                                  aliases for a domain names.
  3) Caching name server                                      MX record: Mx record is used for the mail server
  4) Forwarding name server                                   for a domain.MX record hides the name of the mail
  5) Stealth name server                                      server.MX record use the priority to send mail to domain.
  6) Authoritative name server
                                                                                                                         3


   PTR record: this are reverse zone files. PTR records          New version of BIND(version 8.1 and onwards)
translate an IP address to domain name. The address is          supports dynamic update, DNS notification with new
reversed and appended with in-addr.arpa. [2],[1]                configuration file and syntax. more efficient zone
     e) Dynamic update: Now a days, dynamic DNS is              transfer, improved performance for server and other
essential since the growth of hosts in internetworking.         bugs were fixed in new version of BIND. Security was
Dynamic updates are essential by DNS client while               improved with support of new version of IPv6.
client changes location and uses DHCP to obtain an IP           BIND server uses port 53 to access network. Both
address. DNS client need to register and update resource        reliable and non-reliable protocols TCP and UDP are
records with DNS server. Dynamic updates reduce the             used by BIND respectively. queries are made by UDP.
overhead for manual maintenance for zones records.              if the responses are too large than TCP is used for
Additionally, zone files would not take effect until             reliability.[6]
server is restarted and also slave can not access data
from master with out zone transfer.to solve this problem             g) Implementation: Old version: A name server
dynamic DNS update was necessary.                               BIND is implemented as emphnamed program. Zone
                                                                database files are stored in a configuration file called
   ”Full Zone Transfer Process: To perform a zone               named. Boot. the named. Boot file loads zone database
transfer, the secondary name server queries the primary         file in to cache from the disk.the database files are stored
name server to determine if any changes have been               in a namedb file inside a named. Boot configuration
made to the zone. The query is based on data in the             file.
primary server? @ Ys SOA record: the Serial Number,             directory /etc/namedb
and the interval speci? Aed by the Minimum TTL value.           primary:Specify the primary name server for the zone
The secondary server downloads all RRs even if there            stated and the relevant database in a text file stated.
are only a few modified records. Primary and secondary           secondary:Specify the secondary name server for the
name servers are typically out of synchronization by            zone stated and the ip address of the server from which
approximately one hour. Incremental Zone Transfer               the data will be transferred. the last parameter will
Process:                                                        be the name of file where the transferred data will be
If the primary name server supports the NOTIFY and              stored.
Incremental Zone Transfer (IXFR) protocol, then the             cache: cache file is where the information about root
primary name server can NOTIFY the secondary name               servers should be copied from to the memory.
server that a portion of its data has changed. After            Forwarder:forwarder server will handle the query from
receiving the NOTIFY command, the secondary name                local name server.
server can request only the data that has changed from
the primary using the IXFR command.”[5]                               h) Implementation: New version:
                                                                  •   Delegation
   Dynamic update is prone to security threat , if not            •   Zone Vs. Domains
properly implemented.BIND provide ACL(Access con-                 •   Types of name servers
trol list) which is helpfull to permit or block ip addresses.     •   Zone Transfers
To secure server to server transfer use TKEY.TKEY                       1) Delegation
uses shared secret which is called key exchange between                    Administrators can subdivide domains into
master and slave.                                                          subdomains to delegate responsibility to man-
DNSSEC is public or private Key Authentication.                            age them. creation of subdomain is like cre-
citePRO:DNSandBIND                                                         ating a new administration thus domain and
                                                                           subdomain can be managed by different ad-
                        III. BIND                                          ministration. delegation of domain to subdo-
     f) Overview: BIND is a client-server software                         main is called zones.
system. Client in BIND is called Resolver , which                       2) Zone Vs. Domains
sends query for domain name and server which is                            Zone is a part of domain. For example
called daemon in unix, which replies a query. BIND is                      domain string.com contains all data for
an implementation of DNS and it is widely use DNS                          string.com,abc.string.com but zone string.com
software on internet. BIND is open source sofware.                         contains information for string.com only
BIND is similar to name server called ”named” in                           managed by authoritative name server for the
UNIX.                                                                      subdomain.
                                                                                                                       4


                                                            must be updated to map the hostname to IP address.
      3) Types of name servers                              For this purpose DHCPD and BIND will be working
         Name servers stores database about name            together.[7]
         space in units of zones.to ensure redundancy
         there are more than one name server
                                                            COMMAND LINE TOOLS FOR DYNAMIC UPDATE
         authoritative for same zone.
                                                            To enable dynamic update edit configuration file called
         Master name server loads data for a zone
                                                                                    named.conf
         from a file on a disk.
                                                                 Create a key using dnssec-key(” DNSSEC was
         Slave name server loads data for zone from
                                                             designed to protect the Internet from certain attacks,
         primary name server.
                                                            such as DNS cache poisoning. It is a set of extensions
                                                              to DNS, which provide: a) origin authentication of
      4) Zone Transfers
                                                            DNS data, b) data integrity, and c) authenticated denial
         Slave servers fetch zone database from author-
                                                            of existence.”[8]) generator this command will c these
         itative name server using zone transfer. Master
                                                                keys are used to secure communication between
         server may notify slave server when new data
                                                                               DHCPD and named.
         is available. Data is transferred using TCP
                                                                 put this key into global portion of named.conf.
         connection.
                                                                  next step is to allow updates for all zones in
                                                                    named.conf. This information is for dhcp.
     i) Dynamic update: Manual approach to edit re-
                                                             last step is to restart named server which should be
source records and updating zone files for large organi-
                                                               able to push dynamic updates to the DNS server.
zation is cumbersome and after updating files manually
                                                                 to test the updates use the nsupdate command.
needs to restart BIND server is time consuming. Today,
addresses are assigned by DHCP on all type of internet
                                                                      IV. M ULTI - USER FUNCTIONALITY
connection thus DNS has to support. of records. RFC
2316 introduce this mechanism called DNS dynamic              To allow access to the customers to update their own
update.                                                         entry using script ,jail need to be created. Jail is a
Dynamic update can be performed without restarting            software that allow user to access recourses outside a
server using external application. Only drawback using      limited area by keeping security in mind. Jail is created
external application to update is new domain can not         using chroot()(change root),BIND will live inside this
be created dynamically.to secure DDNS updates it is            chroot().now, move named.conf and zone file under
essential to use TSIG/TKEY authentications. The up-           chroot jail thus BIND can have access to them. Once
dates can be allowed to hosts using allw-update in BIND     the BIND is inside the chroot directory it will not have
named.conf file.                                                access to outside files. Next step is to create user or
As mentioned earlier domain can not be created using                     group and restrict user as require.
standar dynamic approach , to overcome this problem             Using web page(CGI) approach is much easier to
major database like (MYSQL,LDAP) can be used to add          permit user to add, remove and delete entries. in CGI
new domain without restarting BIND.[4]                       user specific web pages can be created based on their
As described in RFC 2316 DDNN supports administrator             input. Reply will be based on user submission of
to add and delete records from a authoritative zone              information. create html textbox ,buttons for add
name server. this task is done by retrieving zone NS               remove and delete entries using CGI interface.
record. If the update message received by name server
is not from primary master for the zone, it forwards                     V. C OMMAND - LINE S CRIPTS
update ”UPSTREAM” to primary master, this process is        Command-line script is simply collection of executable
called ”update forwarding”. slave server also use update         operating system commands put into text file in
forwarding to copy all zone data from primary master.       sequence they are needed for execution.in UNIX world
Once the primary master performs thr dynamic update ,       it is called shell script. There are three versions of shell
slaves update their data via zone transfer.                   ,Bourne shell(sh),C shell(csh) and ”korn shell”. korn
Using dynamic update , updater can also add or delete         she shell is a default program when user logs in but
individual resource records, set of resource records with   user can change to different shell using chsh command.
same domain name. For the most part, dynamic update          shell is a user interface program. shell reads line from
comes in a scene where IP addresses are assigned by            either file or terminal, interprets them and generally
DHCP to DNS client thus the DNS server for that client        executes other commands and provide input, output,
                                                                                                                                  5


  decision making, variable storage and so on. This is        Adding domains dynamically is pssible and imoroving
   call shell programming. Shell programming is like           with different databases. managing users is possible
 other programming language, which performs specific            and giving privileges with keeping security can be
   tasks.it is excellent for system-management task.as         performed using different database and webservers.
        mention earlier shell program is like other           Easy to manage DNS and BIND server using various
      programming language and so memory can be                graphical user interfaces and programming scripts.
     allocated to variable as like other programming
 language. type of variable could be any type. Variable                                 R EFERENCES
  do not have to be declare in Bourne shell. For loop,         [1] A. Dostalek, Libor Kabelova, “Dns in action,” April 2006.
  while loop and functions can also be written in shell        [2] P. Liu, Cricket; Albitz, “Dns and bind,” Feb 2009.
 script. Few commands are very useful in UNIX utility          [3] [Online].       Available:       http://technet.microsoft.com/en-
             for example grep, tr, expr and cut.                   us/library/default.aspx
                                                               [4] PRO DNS AND BIND, 2003-2011. [Online]. Available:
”Unix is full of text manipulating utilities, some of the          http://www.zytrax.com/books/dns/
  more powerful of which we will now discuss in this           [5] “Understanding dns,” January 2007.
 section of this tutorial. The significance of this, is that    [6] “Configuring            bind         is         available       at
    virtually everything under Unix is text. Virtually             http://linuxvm.org/present/share102/s9261hpa.pdf.”
                                                               [7] “Dns and bind 4th edition,” 2002.
anything you can think of is controlled by either a text       [8] “http://www.dnssec.net/.”
  file, or by a command-line-interface (CLI). The only          [9] “A bourne shell programming,” 2000-2001. [Online]. Available:
    thing you can’t automate using a shell script is a             http://steve-parker.org/sh/sh.shtml
                                                              [10] “http://modperlbook.org/pdf/ch01.pdf.”
   GUI-only utility or feature. And under Unix, there
aren’t too many of them!” [9] Program interpretation is
slow and needs to launch other programs for execution.
    syntax errors are likely in command line scripts.

                        VI. CGI
CGI stand for common Gateway Interface. CGI is used
to create web pages. CGI can fetch data from databases
      and other documents. CGI loads wen contents
 dynamically. CGI script is used to queries database or
submit a form. CGI acts as a interface between browser
  and server to read data and to generate response.CGI
     script is used with perl programming language.
    CGI program can be written in any language.CGI
 function is very simple, reading a data submitted by a
  user via an html form, proceessing data and returnig
 response in html format.In unix to distribute database
 to world and allow user to query unix database, there
  could be CGI script used by web deamon to transmit
information to database , and result can be displayed to
 user.Implementation of CGI script is difficult.there are
       some security issues with CGI scripts. [10]
Advantages of using CGI, it is open source.they run on
  web server, calculate counts and monitor web traffic.
user specific webpage can be created. Disadvantages of
 using CGI, since CGI runs on web server the load on
                   web server increases.

                  VII. C ONCLUSIONS
Conclusively, DNS and BIND are essential for present
 internet world and it has also improved with current
    version of ineternet protocol IPv6. DDNS plays
       important role for updating informations.

				
DOCUMENT INFO
Shared By:
Stats:
views:55
posted:10/3/2012
language:Unknown
pages:5
Description: This document is a report on DNS and BIND, Differences, functionality.How they work on different platforms, BIND and DNS implementation