Domain Name Server

Document Sample
Domain Name Server Powered By Docstoc
					A-PDF Watermark DEMO: Purchase from www.A-PDF.com to remove the watermark




                             Domain Name Server

                                                                Training Division
                                                     National Informatics Centre
                                                                       New Delhi
    Domain Name Service (DNS)
I.   History of DNS
II. DNS structure and its components
III. Functioning of DNS
IV. Possible Configurations in DNS
V. DNS Server configuration Files in LINUX
VI. DNS Client Configurations in LINUX
VII. DNS Tools
VIII. Common Errors
IX. DNS Debugging Tools
X. DNS Operation Guidelines
XI. Resolution of DNS query
XII. Replication of    DNS Information among   Name
     Servers
XIII.DNS Security
            I.History of DNS


• Resources on the Internet       was   originally
  supported by “HOSTS” file.

• Names and the corresponding IP addresses were
  entered by the network administrators into this
  file.

• HOSTS file was maintained by the Network
  Information Centre (NIC) and contained the
  Host name to address mappings.
• Updating the HOSTS file became difficult with the
  explosive growth of Internet.

• The file grew bigger and could not be partitioned
  as it used a flat namespace.

• The task became      management     intensive   as
  networks grew.

• This called for a more sophistciated and well
  defined naming service structure that was
  hierarchically structured.
• Thus DNS was introduced in the year 1984 for
  translating the resource names into IP addresses.

• The host names reside in a database and can be
  distributed among multiple servers.

• The hierarchical namespace also provided rules
  for dividing the namespace into subsets of names.

• Information about the host names and IP
  addresses could be partitioned and distributed.
II. DNS Structure and its components
a. DNS domain namespace
     Structured hierarchy of domains to organize names.


b. Resource records
     Maps DNS domain names to a specific type of resource information
     when the name is registered or resolved in the namespace.


c. DNS Zones
     Zone is a range of responsibility within the domain name space
     that spans a subtree or a portion of a sub-tree


d. DNS Name servers
     Stores and answer name queries for resource records.


e. DNS clients or resolvers
     Query servers to look up and resolve names to a type of resource
     record specified in the query.
            a. DNS Domain Namespace
• Domain name space is a hierarchical tree
  structure containing the names in a DNS
  database.

• The database consists of Hosts name and Domain
  name.

• A Domain Can be considered as a subtree of the
  domain name space.

• Domain names are of a specific pattern that is
  concatenation of node names eg.training.nic.in.
• The Internet can be thought of as a single DNS
  namespace.

• The root or the top-most level of the Internet
  domain namespace is managed by the Internet
  name registration authority.

• The root has no name but is represented by a
  period or “.”

• Below the root DNS domain are the top level
  domains.

• The Top level domains are child of the root.
          Three Types of Top Level Domains
Organisational
Are represented by a 3-character code that gives a clear
indication of the primary activity of the domain.They are
mainly for organisations within the United States.

Geographical
Are represented by a 2-character code that represents the
country ,region code .These codes are established by the
International Standards organisation (ISO).

Reverse Domains
This is named as in-addr.arpa which is used for IP address-
to-name mappings.
               Domain levels
Name           Child of        Domain

Top-level      Root            in
domain

First-Level    Top-level       nic.in
Domain         domain
Second-Level   First-level     delhi.nic.in
Domain         domain
Third-level    Second-level    gamma.delhi.nic.in
Domain         domain
                    “”




.com                                         .arpa

       .in                       .edu

                         .gov


             nic


mah                kar          Domain Name System
        asm                     (Inverted Tree Structure)
              Domain levels

Top-level   Description       Domain name
domain                        example

.com        Commercial        yahoo.com
            organisation

.edu        Education         buffalo.edu
            institutions

.gov        Government        nasa.gov
            organisations
                “”

         Zone

         in            com                   org




         Zone

     nic        training.nic.in
                domain

                Zone
nic.in
                         training
domain




                                    Fig 1:Zones within the
                                    Domain Namespace
                   “”

 Zone

 in                        com            org


          nic.in domain


 Zone

nic                training.nic.in
                   domain

                    Zone
 asm    Zone
                            training




                                       Fig 2:
DNS in the in-addr.arpa domain
  mapping numbers to Names -’reverse DNS’



           ROOT DNS



                                                           in
            edu
   net                              arpa
                        com
                                in-addr
  apnic
                              164          165             166

                                            101                  102
   Whois          100
                                    100.164.in-addr.arpa
          Why reverse DNS


• Service denial

      That only allow access when fully
      reverse delegated

        Ex: Anonymous ftp


 • Diagnostics

          Assisting in trace routes etc
                  c. DNS Zones


• DNS database is comprised of multiple zones.

• Zones allowed the management of the domain
  space to be delegated.
  Different types of queries from the DNS
             client to DNS Server

• A query for resolution of domain name into
  an IP address.

• A query for the resolution of an IP address
  into a domain name (Reverse DNS).
      Creating Forward Lookup Query
Forward Lookup

                 IP address for trglab.nic.in
                  IP address for trglab.nic.in

                    IP address ==192.168.0.16
                     IP address 192.168.0.16




                                                 DNS Server
     Creating Reverse Lookup Query
Reverse Lookup




                 Name for 192.168.0.16?
                 Name for 192.168.0.16?

                     Name ==trglab.nic.in
                     Name trglab.nic.in
                                            DNS Server
      Different types of Zones and Zone files

There are two types of Zones

• A query uses forward zone when resolution starts
  with a domain name and result in an IP address.

• A query uses reverse zone when the resolution
  starts with an IP address and results in a domain
  name.
                d.DNS Name Servers

• DNS zone database is stored in and accessed
  through a name server.

• Name servers can store data for one zone or
  multiple zones.

• A name server is said to have authority for the
  domain namespace that the zone encompasses.

• There must be at least one name server for a
  zone
            b.Resource Records
• DNS database consists of Resource Records(RR).

• Each resource record is a member of              a
  class.(INTERNET Class is the most popular)

• The Class is further broken down into Types.

• The type corresponds to the type of data stored in
  the record.

  eg: server1.com IN A 124.x.y.z
  (IN stands for INTERNET and A stands for address
  information.)
RECORD   DESCRIPTION                                              USAGE
 TYPE



  A      An address      Maps FQDN into an IP address
         record



 PTR     A pointer       Maps an IP address into FQDN
         record



  NS     A name server   Denotes a name server for a zone
         record



 SOA     A Start of      Specifies many attributes concerning the zone, such as the name of the domain (forward or
         Authority       inverse), administrative contact, the serial number of the zone, refresh interval, retry
         record          interval, etc.



CNAME    A canonical     Defines an alias name and maps it to the absolute (canonical) name
         name record



 MX      A Mail          Used to redirect email for a given domain or host to another host
         Exchanger
         record
         III.Functioning of DNS
•   DNS uses a client/server architecture.

•   Domain name       clients   are   called   name
    resolvers.

•   DNS client requests information from a     DNS
    Server’s database.

•   The request include type of information and
    a key(either a domain name or IP address).
       IV.Possible DNS configurations
•   Master Server
•   Slave Server
•   Caching-only Server
•   Resolver-only client (DNS Client)
•   Also other variants of above configurations
    Configuring Standard Zones


               A            Primary Zone


DNS Server A
                                 Zone
                             Information

             Secondary Zone           Secondary Zone
B          (Master DNS Server =     (Master DNS Server =         C
              DNS Server A)            DNS Server A)

    DNS Server B                                  DNS Server C
          V. DNS Files in Linux
• Zone File
• Reverse zone file
• Configuration file (named.conf)
      Master File Format
         of Zone File
DIRECTIVES
$ORIGIN
Syntax: $ORIGIN domain-name ;comments
Ex:
$ORIGIN nic.in.
$ORIGIN ren
www A          164.100.10.18
is equivalent to
www.ren.nic.in.
Master File Format
  DIRECTIVES
 $INCLUDE
 Syn: $INCLUDE filename origin ; comment

 Ex:
 $INCLUDE nicnet.www nic.in
 $INCLUDE nicnet.www
Master File Format
  DIRECTIVES
 $TTL
 Syn: $TTL default-ttl ;comment
 Set the default Time to Live (TTL) for
 subsequent records with undefined TTL’s
 Valid TTL’s are of the range 0-2147483647
 (TTL is in seconds)
 Ex:
 $TTL 1800
Master File Format
  RESOURCE RECORDS
       SOA, NS, A, MX, CNAME,
 PTR(reverse zone)
 Syn : domain |@| ttl class type rdata
 All resource records have the same basic
 syntax.
 Ex:
 nic.in 60    IN     NS       nicnet.nic.in.
 nicnet 180 IN      A        164.100.3.1
        60     MX       0   nicnet.nic.in.
Master File Format
  SOA RECORDS
 Syn : domain |@| ttl class SOA host
 address (
       serial number
       refresh; refresh time
        retry; retry time
        expire ; expire time
        minimum ; default ttl)
 All resource records have the same basic
 syntax.
    Master File Format


SOA RECORD


@ IN SOA nicnet.nic.in. root.nicnet.nic.in.(
     2001092011 ; Serial (yyyymmddhh)
               3600 ; Refresh 1 hour
               600 ; Retry 10 mins.
               864000 ; Expire 10 days.
               108000 ); Minimum 3
                         hours,default,negative.
                 Reverse Zone File
• It should contain following records
  – SOA
  – NS
  – PTR
• SOA and NS records are similar to previous
  zone file.
• Example of PTR Record
  – 107.0.168.192.in.addr.arpa. IN   PTR cabin7.training.nic.in.
  Named Configuration
  named.conf in Linux

OPTIONS
options {
     directory "/var/named";
     allow-transfer{ 164.100/16; };
     allow-query{ 164.100/16; };
};
  Named Configuration


zone "." {
    type hint;
    file "nicnet.ca";
};

zone "nic.in"{
     type master;
     file "nicnet.hosts";
     allow-transfer{
           !164.100.19.3;
            164.100/16;
     Named Configuration


};
      allow-query{
           any;
      };
  Named Configuration


zone "delhi.nic.in"{
     type master;
     file "delhi.hosts";
     allow-transfer{
           164.100/16;
     };
  Named Configuration


zone "ap.nic.in"{
     type slave;
     file "ap.hosts";
     masters{
           164.100.12.2; };
     allow-query{ any;};
};
zone "12.100.164.in-addr.arpa"{
     type slave;
     file "ap.rev";
     masters{
           164.100.12.2; };
     allow-query{any;}; };
  Named Configuration


logging{
     channel dnsqry{
         file "log/querylog" versions 3 size 10m;
         print-time yes;
     };
   category queries{
         dnsqry;
         default_debug;
     };
      VI. Client Side Configuration
• Make following changes in the resolv.conf
  – Search training.nic.in

  – Nameserver 192.168.0.101
        VII. DNS TOOLS


•Nslookup

•DIG (Domain Information Groper)

•Host
 VIII. Common Errors


•Domain not fully qualified
•Entries in Zone which do not belong
there
•NS not reachable, NS not set up
•CNAME Problem
•Host name contains unusual characters
•Ambiguous MX records
        IX. DNS Debugging Tools
• named-checkconf
  – Used for checking the syntax of named.conf file.
• named-checkzone
  – Used for checking the syntax for the forward and
    reverse zone files.
   X. DNS Operation Guidelines
        Daily Check up

1.Check whether named is running
(# ps -ef |grep named )
      OR
(# ps ax|grep named )
If not running, execute the following
#/usr/sbin/named
Verify whether named process started . If not started , please
see the /var/log/messages file for the possible cause.
DNS Operation Guidelines
 Daily Check up

 Possible Causes may be :
 • named.conf file is missing or some
 errors in it.
 •Host files is missing or syntax errors
 •Zone file missing or syntax errors
 2.Use nslookup command to query some
 popular sites like www.nic.in,
 hotmail.com, yahoo.com etc , in case of
 any problem try to rectify it on the basis
 of error message generated by nslookup.
      DNS Operation Guidelines
             Weekly Backup
1. Create bak directory under /var/named or any other
  directory
2. copy all the dns files of your zone, training.nic.zone and
  168.192.rev
3. copy /usr/local/etc/named.conf (In case of SunOS ) or
  /etc/named.conf (In case of Linux OS ) file which ever is
  applicable to bak directory.
      DNS Operation Guidelines
            Always Remember!!!
After making any addition, deletion and
modification following points to be followed:
1.Always increase serial number
2. Kill the named daemon (ps -ef |grep named)
  kill -9 pid (process id)
3. Restart it (/usr/sbin/named).

4.For ensuring it is working fine, refer “Daily
checkup”.
              XI. Resolution

A DNS Server receives two types of requests

• Recursive

• Iterative

  DNS clients always makes recursive
  requests whereas DNS server uses both
  types of requests.
    The following is a list of responses :


•      Positive authoritative

•      NonAuthoritative

•      Referral

•      Negative
                                                       DNS Server                     “”
                                                      Primary zone
                                           4
                                                      Root “.”

                                                  DNS Server
                                                                              in
                                                 Primary zone
                                    6
                                                          in

                                           DNS Server
                                                                             nic
                                         Primary zone
3      5         7      8
                                                 nic.in

    DNS Server 1
                             9            DNS Server
      2       Cache                     Primary zone              training
              <empty>        10         training.nic.in



          1      11


                                                                    training.nic.in
                            •Fig1:Iterative Name Resolution
           DNS Client                                               domain
                            starting from the root name server.
                                                 DNS Server                     “”
                                                 Primary zone
                                      4
                                                 Root “.”

                                             DNS Server
                                                                       in
                                            Primary zone
                                 6
                                                     in

                                      DNS Server
                                                                     nic
                                     Primary zone
3      5         7      8
                                            nic.in

    DNS Server 1
                            9          DNS Server
      2       Cache                  Primary zone           training
              <empty>       10       training.nic.in



          1      11


                                                              training.nic.in
           DNS Client                                                                Fig 2
                                                              domain
           XII. Replication of DNS

• Replicating a zone file to multiple name servers
  is called zone transfer.

• Zone transfer is accomplished by copying the
  zone file information from master server to slave
  server.

• There are two types of zone file replication

  – Full zone transfer (AXFR), replicates the entire zone file.
  – Incremental zone transfer (IXFR), replicates only the
    changed records of the zone.
                    Zone Transfer Process




DNS
                                                                    DNS
Server
                                                                    Server
(Master)


           Master Zone             trglab           Client Zone
           Database File                            Database File

                           expt1            expt2

                                   Zone 1
Zone Types,Zone Names and Zone File
Standard Zones

   Change
   Change
                               Zone Transfer



                 Master Zone               Slave Zone
  XIII. DNS Security


•Cache Poisoning
•Client Flooding
•Dynamic Update Vulnerabilities
•Information Leakage
•Compromise of DNS server’s
authoritative data

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:27
posted:5/31/2010
language:English
pages:57