SlideShare uma empresa Scribd logo

DNS

Transferir como PPT, PDF
V
viditsir

DNS

Tecnologia
1 de 30
DNS – Domain Name Service WeeSan Lee <weesan@cs.ucr.edu> http://www.cs.ucr.edu/~weesan/cs183/
Roadmap  Introduction  The DNS Namespace  Top-level Domains  Second-level Domains  Domain Names  How to Register a Domain Name?  How DNS Works?  BIND  Tools  Q&A
Introduction  A service that maps between hostnames and IP addresses  A hierarchical distributed caching database with delegated authority.  Uses port 53  UDP for the queries and responses  TCP for the zone transfer
Introduction (cont) momo.cs.ucr.edu root name server (.) edu berkeley.edu cs.berkeley.edu Q Q R Q R Q R Q A A Recursive servers Non-recursive servers eon http://www.cs.berkeley.edu/
The DNS Namespace  A tree structure that starts with the root (.)  Each node represents a domain name  2 branches  Forward mapping  hostnames → IP addresses  Reverse mapping  IP addresses → hostnames
Top-level Domains  gTLDs (generic TLDs)  com, edu, net, org, gov, mil, int, arpa  aero, biz, coop, info, jobs, museum, name, pro  ccTLDs (country code TLDs)  au, ca, br, de, fi, fr, jp, se, hk, cn, tw, my, …  Profitable domain names  CreditCards.com - $2.75M  Loans.com – $3M  Business.com - $7.5M
Second-level Domain Name  Examples  ucr.edu  sony.co.jp  Must apply to a registrar for the appropriate TLD  Network Solutions, Inc used to monopolize the name registration  Now, ~500 registrars
Domain Names  Valid domain names  Each component: [a-zA-Z0-9-]{1,63}  Each name < 256 chars  Case insensitive  www.cs.ucr.edu == WWW.CS.UCR.EDU  FQDN  Fully Qualified Domain Name  eon.cs.ucr.edu  eon – hostname  cs.ucr.edu – domain name
How To Register A Domain Name?  Pick a domain name of interest  Dedicate 2 NS servers  RFC1219 stated that each domains should be served by at least 2 servers: a master & a slave  One technical contact person  One administrative contact person  Then, register the name to a registrar of your choice  Used to be done via email or fax, now all web-based
How DNS Works?  Delegation  All name servers read all the 13 root servers from a local configuration file  [a-m].root-servers.net  $ dig  Those servers in turn knows all the TLDs  .edu knows .ucr.edu  .com knows .google.com  etc
DNS Caching  DNS servers cache results they receive from other servers  Each result is saved based on its TTL  Negative caching  For nonexistent hostname (for 10 mins)  Also for unreachable/unresponsive servers
Authoritative vs. Non-authoritative  An authoritative answer from a name server (such as reading the data from the disk) is “guaranteed” to be accurate  A non-authoritative answer (such as an answer from the cache) may not  Primary and secondary servers are authoritative for their own domains
Recursive vs. Non-recursive  Recursive  Queries on a client behalf until it returns either an answer or an error  Non-recursive  Refers the client to another server if it can’t answer a query
DNS Database  A set of text files, called zone files, maintained by the system admin. on the master NS  2 types of entries  Parser commands, eg.  $ORIGIN and $TTL  Resource Records (RR)  [name] [tt] [class] type data  eon 76127 IN A 138.23.169.9  orpheus.cs.ucr.edu. 76879 IN A 138.23.169.17 A very important . there!
DNS Database (cont)  Resource Record Types  SOA Start Of Authority  NS Name Server  A IPv4 name-to-address translation  AAAA IPv6 name-to-address translation  PTR Address-to-name translation  MX Mail eXchanger  CNAME Canonical NAME  TXT Text  …
BIND  The Berkeley Internet Name Domain system  Current maintainer: Paul Vixie @ ISC  BIND 9  Use RTT to pick the best root servers and use them in round-robin fashion  named
/etc/named.conf  options {  directory "/var/named";  // query-source address * port 53;  forwarders { 138.23.169.10; };  };  zone "." IN {  type hint;  file "named.ca"; // Read from /var/named/named.ca  };
/etc/named.conf  zone "localhost" IN {  type master;  file "localhost.zone"; // Read from /var/named/localhost.zone  allow-update { none; };  };  zone "0.0.127.in-addr.arpa" IN {  type master;  file "named.local"; // Read from /var/named/named.local  allow-update { none; };  };
/etc/named.conf  zone "voicense.com" IN {  type master;  file "voicense.com.zone";  };  zone "0.0.10.in-addr.arpa" IN {  type master;  file "voicense.com.rev";  };  zone "macrohard.com IN {  type slave;  file "macrohard.com.zone.bak";  masters { 10.0.0.1; };  };
/var/named/voicense.com.zone  $TTL 86400  $ORIGIN voicense.com.  @ IN SOA voicense.com. weesan.voicense.com. (  20040304 ; serial #  7200 ; refresh (2 hrs)  1800 ; retry (30 mins)  604800 ; expire (1 week)  7200 ) ; mininum (2 hrs)  IN NS ns.voicense.com.  IN MX 10 mail.voicense.com.  IN MX 20 mail.myisp.com.  IN A 10.0.0.1  mail IN CNAME voicense.com.  www IN CNAME voicense.com.  ns IN CNAME voicense.com.  lee IN A 10.0.0.31  wee IN A 10.0.0.32 Email address: weesan@voicense.com Remember to increment the serial # after each editing
/var/named/voicense.com.zone  Serial #  An increasing integer number (for sync’ing)  Refresh  How often the slave servers should sync. with the master  Retry  How long the slave servers should retry before giving up  Expire  How long should the slave servers continue to serve the domains in the absent of the master  Mininum  TTL for negative answers that are cached
/var/named/voicense.com.rev  $TTL 86400  @ IN SOA voicense.com. weesan.voicense.com. (  20040304 ; serial #  7200 ; refresh (2 hrs)  1800 ; retry (30 mins)  604800 ; expire (1 week)  7200 ) ; mininum (2 hrs)  IN NS ns.voicense.com.  1 IN PTR fw.voicense.com.  31 IN PTR lee.voicense.com.  32 IN PTR wee.voicense.com.
How To Load Balance A Web Server?  www IN A 10.0.0.1  www IN A 10.0.0.2  www IN A 10.0.0.3
How To Load Balance A Web Server?  $ host www.google.com  www.google.com is an alias for www.l.google.com.  www.l.google.com has address 74.125.19.104  www.l.google.com has address 74.125.19.103  www.l.google.com has address 74.125.19.147  www.l.google.com has address 74.125.19.99  $ host www.google.com  www.google.com is an alias for www.l.google.com.  www.l.google.com has address 74.125.19.99  www.l.google.com has address 74.125.19.104  www.l.google.com has address 74.125.19.103  www.l.google.com has address 74.125.19.147
Zone Transfer  DNS servers sync with each other via zone transfer  All-at-once and incremental updates  A slave server compares the serial number on the master’s and save backup zone files on disk.  Uses TCP on port 53
Tools  dig  $ dig eon.cs.ucr.edu  $ dig eon.cs.ucr.edu ns  $ dig @momo.cs.ucr.edu eon.cs.ucr.edu mx  $ man dig  host  $ host eon.cs.ucr.edu  $ host -t ns cs.ucr.edu  $ host -t mx eon.cs.ucr.edu momo.cs.ucr.edu  $ man host
Tools (cont)  nslookup  $ nslookup eon.cs.ucr.edu  $ nslookup eon.cs.ucr.edu momo.cs.ucr.edu  whois  $ whois google.com  $ whois ucr.edu
/etc/resolv.conf  Resolver  $ cat /etc/resolv.conf  search cs.ucr.edu weesan.com  nameserver 138.23.169.10  nameserver 138.23.178.2
/etc/nsswitch.conf  Used by C library  gethostbyname()  $ cat /etc/nsswitch.conf  hosts: file nis dns
Reference  LAH  Ch 15: DNS – The Domain Name System

Recomendados

DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name ServiceJohnny Fortune
 
DNS.pptx
DNS.pptxDNS.pptx
DNS.pptxEidTahir
 
Dns
DnsDns
Dnshoangdinhhanh88
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Dns And Snmp
Dns And SnmpDns And Snmp
Dns And SnmpSeyed Ali Marjaie
 
Domain name system
Domain name systemDomain name system
Domain name systemSiddharth Chandel
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)chovatiyabhautik
 
The Application Layer
The Application LayerThe Application Layer
The Application LayerMSharmilaDeviITDEPT
 

Recomendados

DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name ServiceJohnny Fortune
 
DNS.pptx
DNS.pptxDNS.pptx
DNS.pptxEidTahir
 
Dns
DnsDns
Dnshoangdinhhanh88
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Dns And Snmp
Dns And SnmpDns And Snmp
Dns And SnmpSeyed Ali Marjaie
 
Domain name system
Domain name systemDomain name system
Domain name systemSiddharth Chandel
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)chovatiyabhautik
 
The Application Layer
The Application LayerThe Application Layer
The Application LayerMSharmilaDeviITDEPT
 
Domain Name Service
Domain Name ServiceDomain Name Service
Domain Name Servicewebhostingguy
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
Dns
DnsDns
Dnstmavroidis
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)Prakhar Rastogi
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.pptKirthiKanthN
 
Dns
DnsDns
DnsMd Shihab
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILUtah Networxs Consultoria e Treinamento
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Dns
DnsDns
DnsIntekhab Alam Khan
 
Domain name system
Domain name systemDomain name system
Domain name systemRahul Baghla
 
Introduction
IntroductionIntroduction
Introductionhajafaarukh
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
Linux basics andng hosti
Linux basics andng hostiLinux basics andng hosti
Linux basics andng hostiPatruni Chidananda Sastry
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)Shashidhara Vyakaranal
 
Dns1111111111
Dns1111111111Dns1111111111
Dns1111111111hhaazzeemm
 
Dns
DnsDns
Dnsleminhvuong
 
Dns2
Dns2Dns2
Dns2Himani Singh
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 
Lec 11(DNs)
Lec 11(DNs)Lec 11(DNs)
Lec 11(DNs)maamir farooq
 
DHCP
DHCPDHCP
DHCPviditsir
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxviditsir
 

Mais conteúdo relacionado

Semelhante a DNS

DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)Prakhar Rastogi
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Domain name system
Domain name systemDomain name system
Domain name systemRahul Baghla
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 

Semelhante a DNS (20)

Domain Name Service
Domain Name ServiceDomain Name Service
Domain Name Service
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptx
 
Dns
DnsDns
Dns
 
Content Navigation
Content NavigationContent Navigation
Content Navigation
 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt
 
Dns
DnsDns
Dns
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
Dns
DnsDns
Dns
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Introduction
IntroductionIntroduction
Introduction
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
Linux basics andng hosti
Linux basics andng hostiLinux basics andng hosti
Linux basics andng hosti
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
 
Dns1111111111
Dns1111111111Dns1111111111
Dns1111111111
 
Dns
DnsDns
Dns
 
Dns2
Dns2Dns2
Dns2
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
 
Lec 11(DNs)
Lec 11(DNs)Lec 11(DNs)
Lec 11(DNs)
 

Mais de viditsir

DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxviditsir
 
DNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdfDNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdfviditsir
 
ASM Course Content.pdf
ASM Course Content.pdfASM Course Content.pdf
ASM Course Content.pdfviditsir
 
Course Agendaf5ltm.pptx
Course Agendaf5ltm.pptxCourse Agendaf5ltm.pptx
Course Agendaf5ltm.pptxviditsir
 
F5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdfF5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdfviditsir
 
Fortigate Mock Interview.pptx
Fortigate Mock Interview.pptxFortigate Mock Interview.pptx
Fortigate Mock Interview.pptxviditsir
 

Mais de viditsir (7)

DHCP
DHCPDHCP
DHCP
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptx
 
DNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdfDNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdf
 
ASM Course Content.pdf
ASM Course Content.pdfASM Course Content.pdf
ASM Course Content.pdf
 
Course Agendaf5ltm.pptx
Course Agendaf5ltm.pptxCourse Agendaf5ltm.pptx
Course Agendaf5ltm.pptx
 
F5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdfF5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdf
 
Fortigate Mock Interview.pptx
Fortigate Mock Interview.pptxFortigate Mock Interview.pptx
Fortigate Mock Interview.pptx
 

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

DNS

  • 1. DNS – Domain Name Service WeeSan Lee <weesan@cs.ucr.edu> http://www.cs.ucr.edu/~weesan/cs183/
  • 2. Roadmap  Introduction  The DNS Namespace  Top-level Domains  Second-level Domains  Domain Names  How to Register a Domain Name?  How DNS Works?  BIND  Tools  Q&A
  • 3. Introduction  A service that maps between hostnames and IP addresses  A hierarchical distributed caching database with delegated authority.  Uses port 53  UDP for the queries and responses  TCP for the zone transfer
  • 4. Introduction (cont) momo.cs.ucr.edu root name server (.) edu berkeley.edu cs.berkeley.edu Q Q R Q R Q R Q A A Recursive servers Non-recursive servers eon http://www.cs.berkeley.edu/
  • 5. The DNS Namespace  A tree structure that starts with the root (.)  Each node represents a domain name  2 branches  Forward mapping  hostnames → IP addresses  Reverse mapping  IP addresses → hostnames
  • 6. Top-level Domains  gTLDs (generic TLDs)  com, edu, net, org, gov, mil, int, arpa  aero, biz, coop, info, jobs, museum, name, pro  ccTLDs (country code TLDs)  au, ca, br, de, fi, fr, jp, se, hk, cn, tw, my, …  Profitable domain names  CreditCards.com - $2.75M  Loans.com – $3M  Business.com - $7.5M
  • 7. Second-level Domain Name  Examples  ucr.edu  sony.co.jp  Must apply to a registrar for the appropriate TLD  Network Solutions, Inc used to monopolize the name registration  Now, ~500 registrars
  • 8. Domain Names  Valid domain names  Each component: [a-zA-Z0-9-]{1,63}  Each name < 256 chars  Case insensitive  www.cs.ucr.edu == WWW.CS.UCR.EDU  FQDN  Fully Qualified Domain Name  eon.cs.ucr.edu  eon – hostname  cs.ucr.edu – domain name
  • 9. How To Register A Domain Name?  Pick a domain name of interest  Dedicate 2 NS servers  RFC1219 stated that each domains should be served by at least 2 servers: a master & a slave  One technical contact person  One administrative contact person  Then, register the name to a registrar of your choice  Used to be done via email or fax, now all web-based
  • 10. How DNS Works?  Delegation  All name servers read all the 13 root servers from a local configuration file  [a-m].root-servers.net  $ dig  Those servers in turn knows all the TLDs  .edu knows .ucr.edu  .com knows .google.com  etc
  • 11. DNS Caching  DNS servers cache results they receive from other servers  Each result is saved based on its TTL  Negative caching  For nonexistent hostname (for 10 mins)  Also for unreachable/unresponsive servers
  • 12. Authoritative vs. Non-authoritative  An authoritative answer from a name server (such as reading the data from the disk) is “guaranteed” to be accurate  A non-authoritative answer (such as an answer from the cache) may not  Primary and secondary servers are authoritative for their own domains
  • 13. Recursive vs. Non-recursive  Recursive  Queries on a client behalf until it returns either an answer or an error  Non-recursive  Refers the client to another server if it can’t answer a query
  • 14. DNS Database  A set of text files, called zone files, maintained by the system admin. on the master NS  2 types of entries  Parser commands, eg.  $ORIGIN and $TTL  Resource Records (RR)  [name] [tt] [class] type data  eon 76127 IN A 138.23.169.9  orpheus.cs.ucr.edu. 76879 IN A 138.23.169.17 A very important . there!
  • 15. DNS Database (cont)  Resource Record Types  SOA Start Of Authority  NS Name Server  A IPv4 name-to-address translation  AAAA IPv6 name-to-address translation  PTR Address-to-name translation  MX Mail eXchanger  CNAME Canonical NAME  TXT Text  …
  • 16. BIND  The Berkeley Internet Name Domain system  Current maintainer: Paul Vixie @ ISC  BIND 9  Use RTT to pick the best root servers and use them in round-robin fashion  named
  • 17. /etc/named.conf  options {  directory "/var/named";  // query-source address * port 53;  forwarders { 138.23.169.10; };  };  zone "." IN {  type hint;  file "named.ca"; // Read from /var/named/named.ca  };
  • 18. /etc/named.conf  zone "localhost" IN {  type master;  file "localhost.zone"; // Read from /var/named/localhost.zone  allow-update { none; };  };  zone "0.0.127.in-addr.arpa" IN {  type master;  file "named.local"; // Read from /var/named/named.local  allow-update { none; };  };
  • 19. /etc/named.conf  zone "voicense.com" IN {  type master;  file "voicense.com.zone";  };  zone "0.0.10.in-addr.arpa" IN {  type master;  file "voicense.com.rev";  };  zone "macrohard.com IN {  type slave;  file "macrohard.com.zone.bak";  masters { 10.0.0.1; };  };
  • 20. /var/named/voicense.com.zone  $TTL 86400  $ORIGIN voicense.com.  @ IN SOA voicense.com. weesan.voicense.com. (  20040304 ; serial #  7200 ; refresh (2 hrs)  1800 ; retry (30 mins)  604800 ; expire (1 week)  7200 ) ; mininum (2 hrs)  IN NS ns.voicense.com.  IN MX 10 mail.voicense.com.  IN MX 20 mail.myisp.com.  IN A 10.0.0.1  mail IN CNAME voicense.com.  www IN CNAME voicense.com.  ns IN CNAME voicense.com.  lee IN A 10.0.0.31  wee IN A 10.0.0.32 Email address: weesan@voicense.com Remember to increment the serial # after each editing
  • 21. /var/named/voicense.com.zone  Serial #  An increasing integer number (for sync’ing)  Refresh  How often the slave servers should sync. with the master  Retry  How long the slave servers should retry before giving up  Expire  How long should the slave servers continue to serve the domains in the absent of the master  Mininum  TTL for negative answers that are cached
  • 22. /var/named/voicense.com.rev  $TTL 86400  @ IN SOA voicense.com. weesan.voicense.com. (  20040304 ; serial #  7200 ; refresh (2 hrs)  1800 ; retry (30 mins)  604800 ; expire (1 week)  7200 ) ; mininum (2 hrs)  IN NS ns.voicense.com.  1 IN PTR fw.voicense.com.  31 IN PTR lee.voicense.com.  32 IN PTR wee.voicense.com.
  • 23. How To Load Balance A Web Server?  www IN A 10.0.0.1  www IN A 10.0.0.2  www IN A 10.0.0.3
  • 24. How To Load Balance A Web Server?  $ host www.google.com  www.google.com is an alias for www.l.google.com.  www.l.google.com has address 74.125.19.104  www.l.google.com has address 74.125.19.103  www.l.google.com has address 74.125.19.147  www.l.google.com has address 74.125.19.99  $ host www.google.com  www.google.com is an alias for www.l.google.com.  www.l.google.com has address 74.125.19.99  www.l.google.com has address 74.125.19.104  www.l.google.com has address 74.125.19.103  www.l.google.com has address 74.125.19.147
  • 25. Zone Transfer  DNS servers sync with each other via zone transfer  All-at-once and incremental updates  A slave server compares the serial number on the master’s and save backup zone files on disk.  Uses TCP on port 53
  • 26. Tools  dig  $ dig eon.cs.ucr.edu  $ dig eon.cs.ucr.edu ns  $ dig @momo.cs.ucr.edu eon.cs.ucr.edu mx  $ man dig  host  $ host eon.cs.ucr.edu  $ host -t ns cs.ucr.edu  $ host -t mx eon.cs.ucr.edu momo.cs.ucr.edu  $ man host
  • 27. Tools (cont)  nslookup  $ nslookup eon.cs.ucr.edu  $ nslookup eon.cs.ucr.edu momo.cs.ucr.edu  whois  $ whois google.com  $ whois ucr.edu
  • 28. /etc/resolv.conf  Resolver  $ cat /etc/resolv.conf  search cs.ucr.edu weesan.com  nameserver 138.23.169.10  nameserver 138.23.178.2
  • 29. /etc/nsswitch.conf  Used by C library  gethostbyname()  $ cat /etc/nsswitch.conf  hosts: file nis dns
  • 30. Reference  LAH  Ch 15: DNS – The Domain Name System