Scribd
Upload
553 views23 pages

Domain Name System (DNS) : RFC 1034 RFC 1035

The document discusses the Domain Name System (DNS) which maps between hostnames and IP addresses. DNS is implemented as a distributed database across multiple name servers in a hierarchy. It uses application layer protocols for name servers and clients to communicate and resolve names and IP addresses. The DNS database is distributed across root servers, authoritative name servers for domains, and local caching name servers to improve performance and reliability.

Uploaded by

MOhamad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
553 views23 pages

Domain Name System (DNS) : RFC 1034 RFC 1035

The document discusses the Domain Name System (DNS) which maps between hostnames and IP addresses. DNS is implemented as a distributed database across multiple name servers in a hierarchy. It uses application layer protocols for name servers and clients to communicate and resolve names and IP addresses. The DNS database is distributed across root servers, authoritative name servers for domains, and local caching name servers to improve performance and reliability.

Uploaded by

MOhamad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Domain Name System (DNS)

RFC 1034
RFC 1035
http://www.ietf.org
TCP/IP Protocol Suite

Application Layer
DHCP DNS SNMP HTTP SMTP POP

Transport Layer
UDP TCP

ICMP IGMP

Network Layer
IP

ARP ARP
Link Layer

Ethernet/FastEthernet/802.11/PPP
DNS: Domain Name System
People: many identifiers: Domain Name System:
¨ SSN, name, Passport # n distributed database
Internet hosts, routers: implemented in hierarchy of
¨ IP address (32 bit) - used for many name servers
addressing datagrams n application-layer protocol host,
¨ “name”, e.g., routers, name servers to
gaia.cs.umass.edu - used by communicate to resolve names
humans (address/name translation)
Q: map between IP addresses and ¨ note: core Internet function
name ? implemented as application-
layer protocol
¨ complexity at network’s
“edge”
DNS name servers
no server has all name-to-IP
Why not centralize DNS? •
address mappings
• local name servers:
• single point of failure • each ISP, company has local
(default) name server
• traffic volume
• host DNS query first goes to
• distant centralized local name server
database • authoritative name server:
• maintenance • for a host: stores that host’s
IP address, name
• can perform name/address
• doesn’t scale! translation for that host’s
name
DNS: root name servers
n contacted by local name server that can not resolve name
n root name server:
¨ contacts authoritative name server if name mapping not
known
¨ gets mapping
¨ returns mapping to local name server
c. Cogent, Herndon, VA (5 other sites)
d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other sites)

e. NASA Mt View, CA m. WIDE Tokyo


f. Internet Software C. (5 other sites)
Palo Alto, CA (and 48 other
sites)

a. Verisign, Los Angeles CA


13 root name
(5 other sites)
b. USC-ISI Marina del Rey, CA
servers worldwide
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)

2-5 Application Layer


The DNS Name Space

A portion of the Internet domain name space showing


some top Level Domains (TLDs).
Name Servers

Part of the DNS name space showing the


division into zones.
Simple DNS example
root name server
host sun.lopsys.net wants IP
address of mail.yahoo.com
1. Contacts its local DNS server, 2 4
dns.lopsys.net 5 3

2. dns.lopsys.net contacts
root name server, if necessary
3. root name server contacts local name server authorititive name server
dns.lopsys.net dns.yahoo.com
authoritative name server,
dns.yahoo.com, if necessary 1 6

requesting host mail.yahoo.com


Sun.lopsys.net
DNS example root name server

Root name server: 2 6


n may not know 7 3
authoratiative
name server
n may know intermediate name server
local name server
intermediate name dns.lopsys.net dns.wmich.edu

server: who to 4 5
1 8
contact to find
authoritative name authoritative name server
hal.cs.wmich.edu
server requesting host
Sun.lopsys.net

Csy01.cs.wmich.edu
DNS: Iterated queries root name server

recursive query: iterated query


2
n puts burden of name
3
resolution on
4
contacted name
server 7

local name server intermediate name server


n heavy load?
dns.lopsys.net dns.wmich.edu

iterated query: 1 8
5 6

n contacted server
authoritative name server
replies with name of dns.cs.wmich.edu
server to contact requesting host
Sun.lopsys.net
n “I don’t know this
name, but ask this Csy01.cs.wmich.edu

server”
DNS: caching and updating records
n once (any) name server learns mapping, it
caches mapping
¨ cache entries timeout (disappear) after
some time (TTL usually 24 hours)

n update/notify mechanisms under design by


IETF
¨ RFC 2136
¨ http://www.ietf.org/html.charters/dnsind-charter.html
Domains, Zones, Authority, Delegation
•Domain: is a node in the DNS tree,
which includes all the nodes root
(domains) underneath it.
edu
•Zone: is a portion of the DNS tree
that a particular DNS server is
wmich.edu zone
authoritative for.
wmich cs.wmich.edu zone
•A DNS Server may delegate wmich.edu domain

authority of its subdomains


to other organizations or hr ee
departments.
cs
Deployment Example
ISP
DNS
(as secondary)

Internet
DNS queries
from mail
server do not Mail Server
travel over
any network
Primary DHCP 1
DNS Cache DNS
Secondary
DNS
DHCP 2
Outside
(External)

firewall
DMZ
Primary
Secondary DHCP Proxy
Inside
DNS
DNS
(Internal)

HOST(S)
DNS Clients (resolver configuration)
n A DNS client is called a
resolver.
n A call to getByName()is
handled by a resolver
(typically part of the client).
UNIX: /etc/resolv.conf

nameserver 141.218.143.12
nameserver 141.218.40.10
nameserver 141.218.1.100
domain cs.wmich.edu
DNS Servers
n The name of the DNS server in UNIX is named

n The configuration file for named can be found usually in


/etc/named.conf

n The zone files are usually kept in /var/named with all the the zone
resource records (e.g., A, PTR, MX, NS, CNAME).

n BIND (Berkeley Internet Name Domain) is an common


implementation of DNS server, source code and binaries are freely
available http://www.isc.org
DNS records
DNS: distributed db storing resource records
(RR) RR format: (name, value, type, ttl)

• Type=A • Type=CNAME
n name is hostname n name is an alias
n value is IP address name for some
“cannonical” (the real)
name
n value is cannonical
• Type=NS name
n name is domain (e.g.
foo.com) • Type=MX
n value is IP address of n value is hostname of
authoritative name server for mailserver associated with
this domain name
Resource Records
The principal DNS resource records types.
Resource Records (2)

A portion of a possible DNS database for cs.vu.nl.


DNS protocol, messages
DNS protocol : query and reply messages, both
with same message format
msg header
• identification: 16 bit #
for query, reply to query
uses same #
• flags:
n query or reply

n recursion desired

n recursion available

n reply is authoritative
DNS protocol, messages
Name, type fields
for a query

RRs in response
to query

records for
authoritative servers

additional “helpful”
info that may be used
nslookup
$ nslookup -d csy01.cs.wmich.edu $ nslookup -querytype=MX cnn.com

------------ Server: hal.cs.wmich.edu


Got answer: Address: 141.218.143.10
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR Non-authoritative answer:
header flags: response, auth. answer, want cnn.com MX preference = 10, mail exchanger = atlmail1.turner.com
recursion, recursion avail. cnn.com MX preference = 10, mail exchanger = atlmail4.turner.com
questions = 1, answers = 1, authority records = 4, cnn.com MX preference = 20, mail exchanger = atlmail2.turner.com
additional = 4 cnn.com MX preference = 30, mail exchanger = nymail1.turner.com
cnn.com MX preference = 5, mail exchanger = atlmail3.turner.com
QUESTIONS:
csy01.cs.wmich.edu, type = A, class = IN com nameserver = a.gtld-servers.net
ANSWERS: com nameserver = g.gtld-servers.net
-> csy01.cs.wmich.edu com nameserver = h.gtld-servers.net
internet address = 141.218.143.215 com nameserver = c.gtld-servers.net
ttl = 14400 (4 hours) com nameserver = i.gtld-servers.net
AUTHORITY RECORDS: com nameserver = b.gtld-servers.net
-> cs.wmich.edu com nameserver = d.gtld-servers.net
nameserver = gumby.cc.wmich.edu com nameserver = l.gtld-servers.net
ttl = 14400 (4 hours) com nameserver = f.gtld-servers.net
-> cs.wmich.edu com nameserver = j.gtld-servers.net
nameserver = hal.cs.wmich.edu com nameserver = k.gtld-servers.net
ttl = 14400 (4 hours) com nameserver = e.gtld-servers.net
ADDITIONAL RECORDS: com nameserver = m.gtld-servers.net
-> gumby.cc.wmich.edu atlmail1.turner.com internet address = 64.236.240.146
internet address = 141.218.20.114 atlmail4.turner.com internet address = 64.236.221.5
ttl = 3120 (52 mins) atlmail2.turner.com internet address = 64.236.240.147
-> hal.cs.wmich.edu nymail1.turner.com internet address = 64.236.170.7
internet address = 141.218.143.10 nymail1.turner.com internet address = 64.236.170.8
ttl = 14400 (4 hours) atlmail3.turner.com internet address = 64.236.240.169
------------ g.gtld-servers.net internet address = 192.42.93.30
Name: csy01.cs.wmich.edu h.gtld-servers.net internet address = 192.54.112.30
Address: 141.218.143.215
Inserting records into DNS
n example: new startup Network Utopia
n register name networkuptopia.com at DNS
registrar (e.g., Network Solutions)
¨ provide names, IP addresses of authoritative
name server (primary and secondary)
¨ registrar inserts two RRs into .com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)

n create authoritative server type A record for


www.networkuptopia.com;
2-22 ¨ type MX record for networkutopia.com Application Layer
Attacking DNS
DDoS attacks Redirect attacks
n Bombard root servers n Man-in-middle
with traffic ¨ Intercept queries
¨ Not successful to date n DNS poisoning
¨ TrafficFiltering ¨ Send bogus replies
¨ Local DNS servers to DNS server,
cache IPs of TLD n which caches
servers, Exploit DNS for DDoS
n allowing root server
bypass n Send queries with
n Bombard TLD servers spoofed source
2-23 ¨ Potentially more address: target IP
Application Layer

You might also like