Domain Name System

2
3
4
5
6
Need for DNS
7
 If you want to…
 Call someone, you need to ask for their phone number
 You can’t just dial “P R O F G I L L ”
 Mail someone, you need to get their address first
 What about the Internet?
 If you need to reach Google, you need their IP
 Does anyone know Google’s IP?
 Problem:
 People can’t remember IP addresses
 Need human readable names that map to IPs
8
Google Ip Adresses
9
 iPv4
 64.233.160.0 – 64.233.191.255
 66.102.0.0 – 66.102.15.255
 66.249.64.0 – 66.249.95.255
 72.14.192.0 – 72.14.255.255
 74.125.0.0 – 74.125.255.255
 209.85.128.0 – 209.85.255.255
 216.239.32.0 – 216.239.63.255
 64.18.0.0 - 64.18.15.255
 108.177.8.0 - 108.177.15.255
 172.217.0.0 - 172.217.31.255
 173.194.0.0 - 173.194.255.255
 207.126.144.0 - 207.126.159.255
 216.58.192.0 - 216.58.223.255
 iPv6
 2001:4860:4000:0:0:0:0:0 - 2001:4860:4fff:ffff:ffff:ffff:ffff:ffff
 2404:6800:4000:0:0:0:0:0 - 2404:6800:4fff:ffff:ffff:ffff:ffff:ffff
 2607:f8b0:4000:0:0:0:0:0 - 2607:f8b0:4fff:ffff:ffff:ffff:ffff:ffff
 2800:3f0:4000:0:0:0:0:0 - 2800:3f0:4fff:ffff:ffff:ffff:ffff:ffff
 2a00:1450:4000:0:0:0:0:0 - 2a00:1450:4fff:ffff:ffff:ffff:ffff:ffff
 2c0f:fb50:4000:0:0:0:0:0 - 2c0f:fb50:4fff:ffff:ffff:ffff:ffff:ffff
Internet Names and Addresses
10
 Addresses, e.g. 129.10.117.100
 Computer usable labels for machines
 Conform to structure of the network
 Names, e.g. www.northeastern.edu
 Human usable labels for machines
 Conform to organizational structure
 How do you map from one to the other?
 Domain Name System (DNS)
 ICANN: Internet Corporation for Assigned Names and Numbers
 What is ICANN's Role? ICANN is responsible for coordinating the
management of the technical elements of the DNS to ensure
universal resolvability so that all users of the Internet can find all
valid addresses.
History
11
 The idea of mapping human-readable hostnames to numerical addresses
originated in the 1970s, with ARPANET, the predecessor of the modern
internet. The Stanford Research Institute (SRI) was responsible for
maintaining a text file called hosts.txt that mapped hostnames to computer
addresses on ARPANET.
 Before DNS, all mappings were in hosts.txt
 /etc/hosts on Linux
 C:\Windows\System32\drivers\etc\hosts on Windows
 Centralized, manual system
 Changes were submitted to SRI(Stanford Research Institute ) via email
 Machines periodically FTP new copies of hosts.txt
 Administrators could pick names at their discretion
 Any name was allowed
 alans_server_at_sbu_pwns_joo_lol_kthxbye
Towards DNS
12
 Eventually, the hosts.txt system fell apart
 Not scalable, SRI couldn’t handle the load
 Hard to enforce uniqueness of names
 e.g MIT
 Massachusetts Institute of Technology?
 Melbourne Institute of Technology?
 Many machines had inaccurate copies of hosts.txt
 Thus, DNS was born
Interview question
13
 DNS uses which protocol at transport layer
Interview question
14
 DNS uses which protocol at transport layer
 Why DNS uses UDP by default protocol
 Does really TCP supports DNS when and why
 Which port number DNS is supported
Interview question
15
 Why DNS uses UDP by default protocol
 UDP is for primary queries.
 UDP is faster than TCP and UDP uses less network
resources
 Does really TCP supports DNS when and why
 TCP used in Zone transfer like big amount of data or
information which we want to share that time TCP will
come into the picture on port 53
16
Domain Name
17
 It is the sequence of labels. In domain name the
sequence of labels are separated by dot (.). The domain
name is always read from the lower level to higher level
i.e., from the leaf node to root node. Since the root node
always represent NULL string, all the domain name end
with dot.
18

Basic rules of Domain names

● Domain can consists of Alphabets a through z, and the digits 0 through 9.
● Hyphens are allowed, but hyphens can not be used as first character of a domain name.
● Spaces are not allowed
● Special symbols (such as !, $, &, _ and so on) are not permitted.
● Domain names have the minimum length of 2, and the maximum length of 63 characters.
The entire name may be at most 253 characters long.
● Domain names are not case-sensitive. (It may be upper, lower or mixing of both case letters)
 19-3 DNS IN THE INTERNET

DNS is a protocol that can be used in different

platforms. In the Internet, the domain name space
(tree) is divided into three different sections: generic
domains, country domains, and the inverse domain
(see Figure 19.8).

19 TCP/IP Protocol Suite

20
Domain Name Space
21
 Domain name space was designed to achieve hierarchical name space. In this, the
names are represented as a tree like structure with root element on the top and
this tree can have a maximum of 128 levels starting from root element taking the
level 0 to level 127.
22
 The information which needs to be stored in Domain name
space is quite large. Single system would be inefficient and
insufficient to store such a huge amount as responding to
requests from all over the world. It also becomes unreliable
because in case of any failure the data becomes inaccessible.

 The solution to this problem is to distribute the information

among many computers. The best way to do that is to divide
the entire space into many domains and sub domains. DNS
also allows domains to be further divided into sub domains.
By this, the solution to the problem is obtained and hierarchy
of servers is also maintained.
23
24

"edu" is one of the top-level

domain names that can be used
when choosing a domain name. It
generally describes the entity
owning the domain educational
institution.
 Topics Discussed in the Section
 Generic Domains
 Country Domains
 Inverse Domain
 Registrar

25 TCP/IP Protocol Suite

 Figure 19.8 DNS used in the Internet

26 TCP/IP Protocol Suite

27
 Figure 19.9 Generic domains

28 TCP/IP Protocol Suite

29 TCP/IP Protocol Suite
30
31
32
 Figure 19.10 Country domains

33 TCP/IP Protocol Suite

34
 Figure 19.11 Inverse domain

35 TCP/IP Protocol Suite

36
DNS at a High-Level
37
 Domain Name System
 Distributed database
 No centralization
 Simple client/server architecture
 UDP port 53, some implementations also use TCP
 Why?
 Hierarchical namespace
 As opposed to original, flat namespace
 e.g. .com  google.com  mail.google.com
38
NameSpace
39
 A namespace is a context within which the names of all
objects must be unambiguously resolvable. For example,
the internet is a single DNS name space, within which all
network devices with a DNS name can be resolved to a
particular address (for example, www.microsoft.com resolves
to 207.46. 131.13)
 Name Space
 The domain names must be very unique and appropriate. The
names should be selected from a names pace. The name space
can be organized in two ways
 ● Flat name space
 ● Hierarchical name space
40
41
Naming Hierarchy
42
Root

net edu com gov mil org uk fr etc.

 Top Level Domains (TLDs) are at the
neu mit top
 Maximum tree depth: 128
ccs ece husky  Each Domain Name is a subtree
 .edu  neu.edu  ccs.neu.edu 
www.ccs.neu.edu
www login mail  Name collisions are avoided
 neu.com vs. neu.edu
HierarchicalRootAdministration
name server
43

Verisign Root ICANN

net edu com gov mil org uk fr etc.

 ICANN-Internet Corporation for
neu mit Assigned Names and Numbers
 Tree is divided into zones
 Each zone has an administrator
ccs
 Responsible for the part of the hierarchy
 Example:
www login mail
 CCIS controls *.ccs.neu.edu
 NEU controls *.neu.edu
TLD Top Level Domain
44
 A TLD is a top-level domain, which is the last segment
in a domain name as seen in the image below.

The sequence .ac (short for academia) is in use in many countries as a

second-level domain for academic institutions such as universities, colleges, and
research institutes.In the United Kingdom and Japan, for example, academic
institutions use domain names ending in .ac.uk and .ac.jp respectively.
TLD
45
 A TLD is used to help identify the website that it belongs to.
 For example, this could be its purpose, geographical area
where the website originates from, or the organization that
owns it.
 For example if you see a website that ends in .gov, then you
know that that website is a government run site.
 If you see a web address that ends in .uk, then you’ll know
that the person who registered that site is either a United
Kingdom resident or organization that does business in the
UK.
 The most common TLDs are generic and sponsored.
Generic TLDs are
46
 .com (commercial)

 .org (organization)

 .net (network)

 .name (name)

 .biz (business)

 .info (information
Sponsored TLDs are restricted and certain guidelines must be met by
the person or company that wants to use them. They are:
47
 .edu - Only educational institutions can use this.

 .int - This one is used by international organizations and requires a United

Nations registration number. It is only ever used for treaty-related reasons.

 .gov - For use by the United States government .

 .mil - Can only be used by the United States military.

 .tel - Can only host contact info, never an actual website.

 .jobs - Can only be used by an organization or company in relation to

employment.
ICANN identifies the following categories of TLDs:
48
 Infrastructure top-level domain (ARPA): This group consists of one domain, the Address
and Routing Parameter Area. It is managed by IANA on behalf of the Internet Engineering
Task Force for various purposes specified in the Request for Comments publications.
 Generic top-level domains (gTLD): Top-level domains with three or more characters
 Restricted generic top-level domains (grTLD): These domains are managed under official
ICANN accredited registrars.
 Sponsored top-level domains (sTLD): These domains are proposed and sponsored by
private agencies or organizations that establish and enforce rules restricting the eligibility
to use the TLD. Use is based on community theme concepts; these domains are managed
under official ICANN accredited registrars.
 Country-code top-level domains (ccTLD): Two-letter domains established for countries or
territories. With some historical exceptions, the code for any territory is the same as its
two-letter ISO 3166 code.
 Internationalized country code top-level domains (IDN ccTLD): ccTLDs in non-Latin
character sets (e.g., Arabic, Cyrillic, Hebrew, or Chinese).
 Test top-level domains (tTLD): These domains were installed under .test for testing
purposes in the IDN development process; these domains are not present in the root zone.
Server Hierarchy
49
 Functions of each DNS server:
 Authority over a portion of the hierarchy
 No need to store all DNS names
 Store all the records for hosts/domains in its zone
 May be replicated for robustness
 Know the addresses of the root servers
 Resolve queries for unknown names
 Root servers know about all TLDs
 The buck stops at the root servers
50
 Domain Name Space
 Domain name space was designed to achieve hierarchical name space. In
this, the names are represented as a tree like structure with root element on
the top and this tree can have a maximum of 128 levels starting from root
element taking the level 0 to level 127.
 Name Server is a main part in the Domain Name System (DNS). It translate
the domain names to IP addresses. Name server contains the DNS database
which consists of domain names and their corresponding IP addresses. There
is a need to store large number of domain names for the world wide usage,
so plenty of servers are used in the hierarchical manner. Name servers do the
important task of searching the domain names. While you searching a
website, Local Name server (provided by ISP) ask the different name servers
until one of them find out your answer. At last it returns IP address for that
domain name. Your computer can now connect to the requested webpage
stored on the webserver.
Resolver
51
 The resolver is a program which is responsible for
initiating the translation of a domain name into an IP
address. Since a resolver is stored in the host, There is
no need of any protocol to form a connection between
the resolver and the user program.
Name server
52
Root Name Servers
53
 Responsible for the Root Zone File
 Lists the TLDs and who controls them
 ~272KB in size

com. 172800 IN NS a.gtld-servers.net.

com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.

 Administered by ICANN
 13 root servers, labeled AM
 6 are anycasted, i.e. they are globally replicated
 Contacted when names cannot be resolved
 In practice, most systems cache this information
Map of the Roots
54
56

A primary DNS server is the first point of contact for a browser,

application or device that needs to translate a human-readable hostname
into an IP address. The primary DNS server contains a DNS record that has
the correct IP address for the hostname.
The secondary DNS server is an authoritative server that obtains
information about a zone from the primary server via zone transfer.
(RFC 2182) The secondary DNS server is therefore tied to the primary
server.
A DNS zone is an administrative suvdivision of the DNS namespace.
 Note

A primary server loads all information

from the disk file; the secondary server
loads all information from the primary
server.

When the secondary downloads

information from the primary, it is
called zone transfer.
57 TCP/IP Protocol Suite
DNS name servers are usually split into two categories:
58
 a. Authoritative name servers
 b. Non-authoritative name servers or Recursive name
servers
Authoritative
59
 This server holds the records for a domain. It controls
which records are being used. This is where you go to
add new A/CNAME/MX records within a portal. You
are in control of the records.
 If you own a domain name, at some point you will need
to use an Authoritative DNS server to map your domain
names to an IP address. This is only done on an
Authoritative DNS server.
LIST of Root Servers
61
HOSTNAME IP ADDRESSES OPERATOR

a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 Verisign, Inc.

b.root-servers.net 199.9.14.201, 2001:500:200::b University of Southern California,

Information Sciences Institute

c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications

d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland

e.root-servers.net 192.203.230.10, 2001:500:a8::e NASA (Ames Research Center)

f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc.

g.root-servers.net 192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC)

h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab)

i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod

j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 Verisign, Inc.

k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC

l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN

m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Project

Root servers in India
62
 ROOT SERVERS
 NIXI has sponsored three Root Servers, at Mumbai (I
Root), Delhi ( K Root) and Chennai (F Root). These are
hosted at our Exchange points at these locations.
Non-authoritative/Recursive
63
 This server does NOT hold any record for a domain but
instead has a cache file that was built with all the DNS
lookups it has performed in the past which received an
authoritative response. If there’s not record in it’s cache,
it will look for the Authoritative.
Nslookup command
64
 Nslookup (stands for “Name Server Lookup”) is a useful command
for getting information from the DNS server. It is a network
administration tool for querying the Domain Name System (DNS)
to obtain domain name or IP address mapping or any other specific
DNS record. It is also used to troubleshoot DNS-related problems.
 The DNS 'start of authority' (SOA) record stores important
information about a domain or zone such as the email address of the
administrator, when the domain was last updated, and how long the
server should wait between refreshes.
 set type=<resourcerecordtype>
 65
Description
•Specifies a DNS resource record type. The default resource record type is A, but you can use any of the following values:
•A: Specifies a computer's IP address.
•ANY: Specifies a computer's IP address.
•CNAME: Specifies a canonical name for an alias.
•GID Specifies a group identifier of a group name.
•HINFO: Specifies a computer's CPU and type of operating system.
•MB: Specifies a mailbox domain name.
•MG: Specifies a mail group member.
•MINFO: Specifies mailbox or mail list information.
•MR: Specifies the mail rename domain name.
•MX: Specifies the mail exchanger.
•NS: Specifies a DNS name server for the named zone.
•PTR: Specifies a computer name if the query is an IP address; otherwise, specifies the pointer to other information.
•SOA: Specifies the start-of-authority for a DNS zone.
•TXT: Specifies the text information.
•UID: Specifies the user identifier.
•UINFO: Specifies the user information.
•WKS: Describes a well-known service.
Example
66
67
 ipconfig /displaydns
 To delete the entries, type ipconfig /flushdns
Recursive DNS
68
Iterative Resolution
a.root
server
69

a3.nstl a.gtld-
d.com server
5
udel ns1.goo
server gle.com
3 iterative response (referral) 7
“I don't know. Try a.root-servers.net.”
iterative response (referral) 9
“I don't know. Try a.gtld-servers.net.”
1 iterative response (referral)
iterative response (referral)
“I don't know. Try a3.nstld.com.”
2 4 “I don't know. Try ns1.google.com.”
6 iterative response
8 “The IP address of www.google.com
Local 10 is 216.239.37.99.”
dns
iterative request
“What is the IP address of
www.google.com?”
DNS Server Class
70
 All DNS servers fall into one of four categories:
Recursive resolvers, root nameservers, TLD
nameservers, and authoritative nameservers. In a typical
DNS lookup (when there is no caching in play), these
four DNS servers work together in harmony to
complete the task of delivering the IP address for a
specified domain to the client (the client is usually a
stub resolver - a simple resolver built into an operating
system).
 https://ns1.com/resources/dns-types-records-servers-
and-queries
Local Name Servers
71 Where is
google.com?

Northeastern

 Each ISP/company has a local, default name server

 Often configured via DHCP
 Hosts begin DNS queries by contacting the local name
server
 Frequently cache query results
Authoritative Name Servers
72

www.neu.edu =
Where is www.neu.edu
155.33.17.68
www.neu.edu?

Northeastern
Root edu neu

Authority Authority for

for ‘edu’ ‘neu.edu’

 Stores the nameIP mapping for a given host

Basic Domain Name Resolution
73
 Every host knows a local DNS server
 Sends all queries to the local DNS server
 If the local DNS can answer the query, then you’re done
1. Local server is also the authoritative server for that name
2. Local server has cached the record for that name
 Otherwise, go down the hierarchy and search for the
authoritative name server
 Every local DNS server knows the root servers
 Use cache to skip steps if possible
 e.g. skip the root and go directly to .edu if the root file is cached
Recursive DNS Query
74
www.google.com
Where is www.google.com?

 Puts the burden of resolution

on the contacted name server
 How does asgard know who to
forward responses too?
ns1.google.com
 Random IDs embedded in DNS asgard.ccs.neu.edu
queries

com

Root
Iterated DNS query
75
www.google.com
Where is www.google.com?

 Contact server replies with

the name of the next
authority in the hierarchy
asgard.ccs.neu.edu ns1.google.com
 “I don’t know this name,
but this other server might”
 This is how DNS works
today com

Root
DNS Propagation
76
 How many of you have purchased a domain name?
 Did you notice that it took ~72 hours for your name to
become accessible?
 This delay is called DNS Propagation
www.my-new-site.com

Root com

asgard.ccs.neu.edu ns.godaddy.com

 Why would this process fail for a new DNS name?

Caching vs. Freshness
77
 DNS Propagation delay is caused by caching
Where is That name does • Cached Root Zone File
www.my-new-site.com?not exist. • Cached .com Zone File
• Cached .net Zone File
• Etc.

asgard.ccs.neu.edu

Root
 Zone files may be cached com
for 1-72 hours

www.my-new-site.com ns.godaddy.com
What Are DNS Records?
78
 When you enter an internet address in the browser, the system
first has to look up which IP address belongs to this domain.
 This sometimes occurs even in the computer’s memory itself,
often in the internet provider’s database or other DNS servers,
and in cases of uncertainty, via one of the large root servers that
monitor the entire Domain Name System as authority entities.
 In order to perform a name resolution, the DNS records,
specifically the resource records, must be searched for in the
DNS and/or name servers.
 Here, each IP address (known to the server) is assigned a
domain name.
How Do DNS Records Work?
79
 DNS records are primarily located in zone files. With
respect to DNS, a zone denotes an organizational area.
It is possible for a domain to consist of a single zone.
Extensive domains, however, are often divided into
several zones.
 Each DNS server is responsible for a zone. If a client
therefore wishes to activate a specific domain, it (or
more specifically, the DNS server) has a look in the
zone files for the appropriate records and forwards the
request to a lower-level server until the final destination
is reached.
DNS Record Syntax
80
 Resource records are structured according to a simple
system and coded in ASCII. There is a separate line for
each DNS record. The records typically follow the
following format:

 <name> <ttl> <class> <type> <rdlength> <radata>

<name> <ttl> <class> <type> <rdlength> <radata>

81
 <name>: The domain name is the name that the user enters into their
browser.
 <ttl>: TTL stands for “time to live” and denotes the time (in seconds) that a
record may be temporarily stored in the cache. After the time has lapsed, it
cannot be ensured that the resource record is still current. This information is
optional.
 <class>: In theory, there are different classes of DNS records. In practice,
however, the records always refer to the internet (marked as IN), which is
why this information is also optional.
 <type>: Different types of resource records appear in a zone file (for more
on this, see below).
 <rdlength>: This optional field specifies the size of the subsequent data
field.
 <rdata>: Resource data is the information according to which the domain
name can be resolved (such as the IP address).
The DNS record for the example.com web server thus
looks like this:
82
 www.example.com. 12879 IN A 93.184.216.34
 A client can store the record for 12,879 seconds (around
three and a half hours) in the cache before the
information must again be requested from the DNS
server. It involves a DNS record on the internet (IN) and
a type A record (A). The domain is resolved to an IP
address.
83
 Another notation is also possible:

 $TTL 12879
 $ORIGIN example.com.
 www A 93.184.216.34
 This notation illustrates that the computer with the name
www is part of the example.com domain. This way,
other computers such as mail or ftp can be placed under
the origin domain.
 The Most Important DNS Record
Types
84
 A Record
 The largest portion of name resolution on the internet takes place via the
type A record. An IPv4 address is located in its data field. Through these
records, it is possible for the internet user to enter a domain name in the
browser and for the client to send an HTTP request to the appropriate IP
address. Since an IPv4 address always has a size of 4 bytes, the value under
rdlength – if specified – is always 4.

 AAAA Record
 An AAAA record, also known as “quad A”, functions exactly like the A
record. However, it uses an IPv6 address instead of an IPv4 address to
resolve the name. Because IPv6 has a length of 128 bits (16 bytes), the data
field length is also predefined here. The AAAA designation is based on the
fact that the data field has four times the length of an A record data field.
85
 SOA Record
 SOA stands for Start of Authority. The records for this type contain
information on the zone that is organized by the zone file and/or the DNS
server. This is important – among other scenarios – during a zone transfer.
Here, zone files are mirrored to other servers in order to prevent failures. The
zone transfer regulates the periodic distribution of the original file. In this kind
of DNS record, a serial number is therefore also placed next to the mailing
address of the responsible administrator. This increases with each file update.

 CNAME Record
 Under a CNAME record (canonical name record), one finds an alias – an
additional name for a domain. Using this, the record refers to an existing A
record or AAAA record. With this type, the rdata field is filled with a domain
name that was previously linked with an IP address in the file. In this way,
different addresses can refer to the same server.
86
 MX Record
 An MX record refers to a mail exchange or an SMTP email server. One
or several email servers are defined here that belong to the relevant
domain. When using several mail servers (for example, to offset a
failure), they specify different priority levels. In this way, the DNS
knows in which sequence the contact attempt should proceed.

 PTR Record
 The PTR record (pointer) is a DNS record that permits a reverse lookup.
Through this technique, the DNS server can also provide information
regarding which host names belong to a specific IP address. For every IP
address that is used in A or AAAA records, there also exists a
corresponding PTR record. At the same time, the IP address is structured
in reverse sequence and is also provided with the name of a zone.
87
 NS Record
 In the NS record – a zone file’s name server record – the jurisdiction for
a specific zone is clarified. For this reason, this record is mandatory for
each zone file. This resource record gives the DNS server information
on whether it is responsible for the request – thus requiring it to
organize the relevant zone – and to whom it must forward the request.

 TXT Record
 The TXT record contains text that either is intended for human users as
an information source or is machine-readable information. This DNS
record gives an administrator the option of storing unstructured Text (in
contrast to the structured data of the other DNS records). This could
also include details about the company behind the domain.
88
 SRV Record
 Via the SRV record, a server can provide information
about other services (SRV). For this purpose, the service,
including the port at which it can be reached, is specified. In
addition, the used protocol forms part of the name. Via the
DNS record, a client can receive information on LDAP or
XMPP services.
 LOC Record
 Through the LOC record, the location of the physical
server can be disclosed. For this purpose, the latitude,
longitude, height above sea level as well as an error
deviation are given at the end of the record.
Zone File
89
 In the zone file (a type of simple text file), all of the
DNS records are listed. In order for the data to be
correctly processed, specific guidelines must be
observed. Otherwise the DNS cannot function, and the
client will receive the SERVFAIL error message. For this
reason, it is necessary to adhere to a special structure:
Initially the zone name is specified, and then, in many
cases, the TTL. Adding the time information right here
has the advantage that, in the individual resource
records, the information can be omitted. The TTL is
then valid globally for the entire zone.
90
 $ORIGIN example.com.
 $TTL 12879
 The first DNS record is a SOA record. Without this, a
zone file cannot function. Conversely, a zone file is then
also valid only if the SOA record is available. After that,
there are the first records for the name server, and then
the A and AAAA records.
DNS Resource Records
91
 DNS queries have two fields: name and type
 Resource record is the response to a query
 Four fields: (name, value, type, TTL)
 There may be multiple records returned for one query
 What do the name and value mean?
 Depends on the type of query and response
DNS Types
92

Type = A / AAAA

Query
 Name: www.ccs.neu.edu
 Name = domain name Type: A
 Value = IP address
Name: www.ccs.neu.edu

Resp.
 A is IPv4, AAAA is IPv6 Value: 129.10.116.81

 Type = NS
 Name = partial domain Query Name: ccs.neu.edu
Type: NS
 Value = name of DNS server
for this domain
Name: ccs.neu.edu
Resp.

 “Go send your query to this Value: 129.10.116.51

other server”
DNS Types, Continued
93

Type = CNAME

Query
 Name: foo.mysite.com
 Name = hostname Type: CNAME
 Value = canonical hostname
Name: foo.mysite.com

Resp.
 Useful for aliasing Value: bar.mysite.com
 CDNs use this

Type = MX Query Name: ccs.neu.edu


Type: MX
 Name = domain in email
address
Name: ccs.neu.edu
Resp.

 Value = canonical name of Value: amber.ccs.neu.edu

mail server
Reverse Lookups
94
 What about the IPname mapping?
 Separate server hierarchy stores reverse mappings
 Rooted at in-addr.arpa and ip6.arpa
 Additional DNS record type: PTR
 Name = IP address
 Value = domain name
 Not guaranteed to exist Query Name: 129.10.116.51 Type:
PTR
for all IPs
Name: 129.10.116.51 Value:
Resp.

ccs.neu.edu
DNS as Indirection Service
95
 DNS gives us very powerful capabilities
 Not only easier for humans to reference machines!

 Changing the IPs of machines becomes trivial

 e.g. you want to move your web server to a new host
 Just change the DNS record!
Aliasing and Load Balancing
96
 One machine can have many aliases
www.reddit.com david.choffnes.com
www.foursquare.com alan.mislo.ve
www.huffingtonpost.com *.blogspot.com

 One domain can map to multiple machines

www.google.com
Content Delivery Networks
97

DNS responses may

vary based on
geography, ISP, etc
98
99
100
101
 The Importance of DNS
103
 Without DNS…
 How could you get to any websites?
 How about your mail server
 When you sign up for websites, you use your email address
 What if someone hijacks the DNS for your mail server?
 DNS is the root of trust for the web
 When a user types www.bankofamerica.com, they expect to
be taken to their bank’s website
 What if the DNS record is compromised?
 Denial Of Service
104
 Flood DNS servers with requests until they fail
 October 2002: massive DDoS against the root name
servers
 What was the effect?
 … users didn’t even notice
 Root zone file is cached almost everywhere
 More targeted attacks can be effective
 Local DNS server  cannot access DNS
 Authoritative server  cannot access domain
 DNS Hijacking
105
 Infect their OS or browser with a virus/trojan
 e.g. Many trojans change entries in /etc/hosts
 *.bankofamerica.com  evilbank.com
 Man-in-the-middle

 Response Spoofing
 Eavesdrop on requests
 Where is
DNS Spoofing
bankofamerica.com? 123.45.67.89
106
How do you know that a given
nameIP mapping is correct?

Where is dns.bofa.com

bankofamerica.com?
66.66.66.93
123.45.67.89

dns.evil.com

66.66.66.93
 Where is
DNS Cache Poisoning
www.google.com? www.google.com =
Where is
107
bankofamerica.com? 74.125.131.26

dns.neu.edu ns1.google.com

 Until the TTL expires, all queries for BofA to

bankofamerica.com =
dns.neu.edu will return poisoned result
 66.66.66.92
Much worse than spoofing/man-in-the-middle
 Whole ISPs can be impacted!
 How will the attacker get his entry into the cache? 2
ways
108
 1. Tell resolver that NS for victim is at adversary’s IP
 Issue query: subdomain.attacker.example IN A
 Attacker’s response:
 Answer: (no response)
 Authority Section: attacker.example. 3600 IN NS ns.target.example.
 Additional Section: ns.target.example. IN A w.x.y.z

Adversary says “authoritative server for my domain is

ns.target.example and oh by the way here is the IP for it
(adversary’s IP)
 How will the attacker get his entry into the cache? 2
ways
109
 2. Redirect the NS record to the adversary’s domain
 Issue query: subdomain.attacker.example IN A
 Answer: (no response)
 Authority section:
 Target.example. 3600 IN NS ns.attacker.example.
 Additional section:
 Ns.attacker.example. IN A w.x.y.z

The attacker has inserted an unrelated piece of

information that will be cached by the server
(that target.example.’s ADNS is ns.attacker.example.)
 Solution: DNSSEC
110
 Cryptographically sign critical resource records
 Resolver can verify the cryptographic signature
 Two new resource types Creates a hierarchy of
 Type = DNSKEY trust within each
Prevents zone
hijacking
 Name = Zone domain name
 Value = Public key for the zone
and spoofing
 Type = RRSIG
 Name = (type, name) tuple, i.e. the query itself
 Value = Cryptographic signature of the query results

 Deployment
 On the roots since July 2010
 Verisign enabled it on .com and .net in January 2011
 DNSSEC Hierarchy of Trust
111

Root Zone (ICANN)

.com (Verisign)

IP:
IP:123.45.67.89
66.66.66.93
Key: < >
Where is SIG:
SIG: 9na8x7040a3
x9fnskflkalk
bankofamerica.com? dns.bofa.com
dns.evil.com
 Does DNSSEC Solve all our
problems?
112
 No.
 DNS still vulnerable to reflection attacks + injected
responses
113