Intro to DNS

Intro to DNS

• 2.
  1 • November 15th2016 • An overview of the Domain Name System, resources, records, name resolution and name servers. DNS Webinar Series • January 17th 2017 • An in-depth view on how to monitor and alert on DNS availability, response time and record mappings. Intro to DNS Monitoring DNS Records and Servers • December 13th 2016 • Tips and examples covering DNS hijacking and DDoS attacks on DNS infrastructure. DNS Security
• 3.
  2 About ThousandEyes ThousandEyes deliversvisibility into every network your organization relies on. Founded by network experts; strong investor backing Relied on for critical operations by leading enterprises Recognized as an innovative new approach 31 Fortune 500 5 top 5 SaaS Companies 4 top 6 US Banks
• 4.
  3 • The DomainName System (DNS) is a helper system for IP. • DNS is: • A naming hierarchy for the Internet • A directory service to translate (resolve) these names to IP addresses • A protocol to perform name resolution • You can think of DNS as a phone book for the Internet, helping you look up IP addresses for a specific name. The Domain Name System
• 5.
  4 • Domain namesprovide flexibility and human readability to the Internet Protocol. • Domain names used in URLs and email addresses (e.g. www.google.com) are easier for humans to remember than IP addresses. • In addition, network operators may want to switch IP addresses without having to change the domain name. • And network operators may want to have multiple IP addresses assigned to a specific domain name to, for example, serve content from multiple locations. Why DNS Exists
• 6.
  5 There are manyDNS record types that store domain name data. Here are 5 commonly used record types: • A - IPv4 address • AAAA - IPv6 address • MX - Email server • NS - Name server • CNAME – Alias to another domain name A DNS record has a Time-to-Live (TTL) that specifies, in seconds, how long it can be cached by a name server. Once it expires, the name server must query for an updated record. DNS Resources and Records
• 7.
  6 • Clients useDNS to resolve a domain name to an IP address. Name servers store DNS records and respond to domain name queries. • Many clients use a recursive name server located in their network to do work on their behalf. If this domain is unknown to the recursive server, it can start at the root. Each name server will provide the most specific answer it can. The recursive server will iterate through the DNS hierarchy of zones to find an authoritative name server that can answer the query. Name Resolution Client (aka resolver) Recursive server (ISP, company, public DNS) Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com
• 8.
  7 • Recursive nameservers make recursive queries on behalf of DNS clients. They typically exist within ISPs, enterprise networks and public DNS servers (e.g. Google public DNS 8.8.8.8). • Many recursive servers only respond to queries from within their own network. Some, called open resolvers, will respond to queries from any source. • Most recursive servers also cache DNS records, which are valid for the length of the TTL. Recursive Name Servers Client (aka resolver) Recursive server (ISP, company, public DNS) Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com Query: www.google.com
• 9.
  8 • There are13 root name servers that sit atop the DNS hierarchy and are hard coded into any application that uses DNS. These root name servers maintain a list of the top-level domain servers (.com, .uk, .net, etc.). • The answers provided by root and TLD name servers contain the name servers for the next known subdomain. Root and TLD Name Servers Client (aka resolver) Recursive server (ISP, company, public DNS) Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com Query: www.google.com Answer: a.gtld-servers.net Query: www.google.com Answer: ns2.google.com
• 10.
  9 • Authoritative nameservers have authority to answer queries from other name servers or from DNS clients. The DNS records in an authoritative name server are maintained by domain administrator. • A set of authoritative name servers are assigned for each zone. These may be maintained by the organization itself, or by an external company (UltraDNS, Akamai, Dyn, etc). Many organizations will split name servers between multiple providers for redundancy. Authoritative Name Servers Recursive server (ISP, company, public DNS) Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com Query: www.google.com Answer: 172.217.2.46 Answer: 172.217.2.46
• 11.
  10 Why Monitor DNS Record Misconfiguration Serveror Network FailureVendor Availability DNSSEC Expiration Cache PoisoningDDoS Attacks
• 12.
  11 Monitor App &Network Connectivity Anywhere Managed DNS Provider Internet 1 On-Premises DNS Local caching resolvers and self-hosted DNS 2 Hosted DNS Authoritative, TLD and Root Name Servers Access Networks Cloud Agents Enterprise Agents Branch Data Center
• 13.
  12 • ns • @ •+trace • +dnssec • +norec ThousandEyes Approach to DNS Monitoring • Authoritative and caching server network • Routing metrics DIG-like Features And Correlation • Store, save, share, baseline, alert With Analysis Enterprise Vendor
• 14.
  13 See what you’remissing. Watch the webinar: https://www.thousandeyes.com/resources/intro-to-dns-webinar