SlideShare uma empresa Scribd logo

DNS_Tutorial 2.pptx

Transferir como PPTX, PDF
V
viditsir

DNS

Tecnologia
1 de 41
DNS refresher
Overview         Goal of this session What is DNS ? How is DNS built and how does it work? How does a query work ? Record types Caching and Authoritative Delegation: domains vs zones Finding the error: where is it broken?
Goal of this session  We will review the basics of DNS, including query mechanisms, delegation, and caching.  The aim is to be able to understand enough of DNS to be able to configure a caching DNS server, and troubleshoot common DNS problems, both local and remote (on the Internet)
What is DNS ?  System to convert names to IP addresses: skill.org → 128.223.157.19 www.skilled.net → 2001:42d0::200:80:1 ... and back: 128.223.157.19 → skill.org  1.0.0.0.0.8.0.0.0.0.2.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.d.2.4.1.0.0.2.ip6.arpa. → www.skilled.net.
What is DNS ?  Other information can be found in DNS:  where to send mail for a domain  who is responsible for this system  geographical information  etc...  How do we look this information up ?
Basic DNS tools  Using the host command: # host skill.org. skill.org. has address 128.223.157.19 # host 128.223.157.19 19.157.223.128.in-addr.arpa domain name pointer skill.org.
Basic DNS tools  Host with IPv6: # host www.skilled.net www.skilled.net has IPv6 address 2001:42d0::200:80:1 # host 2001:42d0::200:80:1 1.0.0.0.0.8.0.0.0.0.2.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.d.2.4.1.0.0.2.ip6.arpa domain name pointer www.skilled.net.
Basic DNS tools  Try this yourself with other names – first lookup the names below, then do the same for the IP address returned: www.skill.com www.skill.org ipv6.google.com   Does the lookup of the IP match the name ? Why ? Where did the 'host' command find the information ?
How is DNS built ? org com DNS Database etc usr bin Unix Filesystem ... forms a tree structure ac.ma afnog.org skill.org usr/local usr/sbin /etc/rc.d skill.com usr/local/src .(root) / (root) ma emi.ac.ma www.afnog.org
How is DNS built ?  DNS is hierarchical  DNS administration is shared – no single central entity administrates all DNS data  This distribution of the administration is called delegation
How does DNS work ?    Clients use a mechanism called a resolver and ask servers – this is called a query The server being queried will try to find the answer on behalf of the client The server functions recursively, from top (the root) to bottom, until it finds the answer, asking other servers along the way - the server is referred to other servers
How does DNS work ?    The client (web browser, mail program, ...) use the OS’s resolver to find the IP address. For example, if we go to the webpage www.skill.com:  the web browser asks the OS « I need the IP for www.skill.com »  the OS looks in the resolver configuration which server to ask, and sends the query On UNIX, /etc/resolv.conf is where the resolver is configured.
A DNS query «. »(root) client server .com DNS skill.com DNS www.skill.com ? ask skill DNS www.skill.com ? Q 1 2 3 4 5 6 87.140.2.33 A
Query detail with tcpdump  On the server, become root: $ sudo -s passwd: # tcpdump -s1500 -n port 53  In another window/screen do: # host … (whatever you like)
Query detail – example output   1: 18:40:38.62 IP 192.168.1.1.57811 > 192.112.36.4.53: 29030 [1au] A? h1-web.hosting.catpipe.net. (55) 2: 18:40:39.24 IP 192.112.36.4.53 > 192.168.1.1.57811: 29030- 0/13/16 (540)   3: 18:40:39.24 IP 192.168.1.1.57811 > 192.43.172.30.53: 7286 [1au] A? h1-web.hosting.catpipe.net. (55) 4: 18:40:39.93 IP 192.43.172.30.53 > 192.168.1.1.57811: 7286 FormErr- [0q] 0/0/0 (12)   5: 18:40:39.93 IP 192.168.1.1.57811 > 192.43.172.30.53: 50994 A? h1-web.hosting.catpipe.net. (44) 6: 18:40:40.60 IP 192.43.172.30.53 > 192.168.1.1.57811: 50994- 0/3/3 (152)   7: 18:40:40.60 IP 192.168.1.1.57811 > 83.221.131.7.53: 58265 [1au] A? h1-web.hosting.catpipe.net. (55) 8: 18:40:41.26 IP 83.221.131.7.53 > 192.168.1.1.57811: 58265* 1/2/3 A 83.221.131.6 (139)
Query detail - analysis  We use a packet analyzer (wireshark) to view the contents of the query... http://www.wireshark.org/
Resolver configuration    So how does your computer know which server to ask to get answers to DNS queries ? On UNIX, look in /etc/resolv.conf Look now in the file, and verify that you have a 'nameserver' statement of the form: nameserver a.b.c.d or nameserver ip:v6:ad:dr:es:ss ... where a.b.c.d is the IP/IPv6 of a functioning DNS server (it should).
Finding the root...  The first query is directed to: 192.112.36.4 (G.ROOT-SERVERS.NET.)     How does the server know where to reach the root servers ? Chicken-and-egg problem Each namerserver has a list of the root nameservers (A – M.ROOT- SERVERS.NET) and their IP address In BIND, named.root
Using 'dig' to get more details    the 'host' command is limited in its output – good for lookups, but not enough for debugging. we use the 'dig' command to obtain more details dig shows a lot of interesting stuff...
ns# dig @147.28.0.39 www.skill.org. a ; <<>> DiG 9.3.2 <<>> @147.28.0.39 www.skill.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4620 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2 ;; QUESTION SECTION: IN A 14400 IN A 128.223.162.29 14400 IN 14400 IN NS NS rip.psg.com. arizona.edu. ;www.skill.org. ;; ANSWER SECTION: www.skill.org. ;; AUTHORITY SECTION: skill.org . skill.org . ;; ADDITIONAL SECTION: rip.psg.com. arizona.edu. 77044 IN 2301 IN A A 147.28.0.39 128.196.128.233 ;; Query time: 708 msec ;; SERVER: 147.28.0.39#53(147.28.0.39) ;; WHEN: Wed May 10 15:05:55 2007 ;; MSG SIZE rcvd: 128 Using 'dig' to get more details
noc# dig www.skilled.net any ; <<>> DiG 9.4.2 <<>> any www.skilled.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36019 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 10 ;; QUESTION SECTION: ;www.skilled.net. IN ANY ;; ANSWER SECTION: www.skilled.net. 477 IN AAAA 2001:42d0::200:80:1 www.skilled.net. 65423 IN A 196.216.2.1 ;; AUTHORITY SECTION: skilled.net. 65324 IN NS sec1.apnic.net. skilled.net. 65324 IN NS sec3.apnic.net. skilled.net. 65324 IN NS ns1.skilled.net. skilled.net. 65324 IN NS tinnie.arin.net. skilled.net. 65324 IN NS ns.lacnic.net. skilled.net. 65324 IN NS ns-sec.ripe.net. ;; ADDITIONAL SECTION: ns.lacnic.net. 151715 IN A 200.160.0.7 ns.lacnic.net. 65315 IN AAAA 2001:12ff::7 ns-sec.ripe.net. 136865 IN A 193.0.0.196 ns-sec.ripe.net. 136865 IN AAAA 2001:610:240:0:53::4 ns1.skilled.net. 65315 IN A 196.216.2.1 tinnie.arin.net. 151715 IN A 168.143.101.18 sec1.apnic.net. 151715 IN A 202.12.29.59 sec1.apnic.net. 151715 IN AAAA 2001:dc0:2001:a:4608::59 sec3.apnic.net. 151715 IN A 202.12.28.140 sec3.apnic.net. 151715 IN AAAA 2001:dc0:1:0:4777::140 ;; Query time: 1 msec ;; SERVER: 196.200.218.1#53(196.200.218.1) ;; WHEN: Tue May 27 08:48:13 2008 ;; MSG SIZE rcvd: 423
dig output  Some interesting fields:  flags section: qr aa ra rd  status  answer section  authority section  TTL (numbers in the left column)  query time  server  Notice the 'A' and 'AAAA' record type in the output.
Record types  Basic record types:      A, AAAA: NS: MX: CNAME: PTR: IPv4, IPv6 address NameServer Mail eXchanger Canonical name (alias) Reverse information
Types There are many types, most famous ones (IPv4 mostly) A: Maps a hostname to an IPv4 address NS: Maps a domain name to a list of authoritative DNS servers CNAME: Makes one domain name an alias of another MX: Maps a domain name to a list of mail exchange servers PTR: Maps an IPv4 address to canonical name for that host SOA: Specifies the authoritative DNS server Info like email of the domain administrator, serial number, …
DNS Caching and Updating Records Once a name server learns mapping, it caches it It’ll expire (TTL defined by the authoritative server) TLD servers typically cached in local name server Root name servers not often visited Update/Notify Mechanisms RFC 2136 TTL is specified in the Start Of Authority (SOA) record Serial – Incremented when the zone file modified, others know when the zone has been changed and should be reloaded Refresh – Number of seconds between update requests Retry – Number of seconds between retries (if a request failed) Expire – Number of seconds before considering the data stale Minimum – Used for minimum TTL, used for negative caching
Caching vs Authoritative     In the dig output, and in subsequent outputs, we noticed a decrease in query time if we repeated the query. Answers are being cached by the querying nameserver, to speed up requests and save network ressources The TTL value controls the time an answer can be cached DNS servers can be put in two categories: caching and authoritative.
Caching vs Authoritative: authoritative   Authoritative servers typically only answer queries for data over which they have authority, i.e.: data of which they have an external copy, i.e. from disk (file or database) If they do not know the answer, they will point to a source of authority, but will not process the query recursively.
Caching vs Authoritative: caching    Caching nameservers act as query forwarders on behalf of clients, and cache answers for later. Can be the same software (often is), but mixing functionality (recursive/caching and authoritative) is discouraged (security risks + confusing) The TTL of the answer is used to determine how long it may be cached without re-querying.
TTL values  TTL values decrement and expire  Try repeatedly asking for the A record for www.skill.com: # dig www.skill.com  What do you observe about the query time and the TTL ?
SOA  Let's query the SOA for a domain: # dig SOA <domain> ... ;; AUTHORITY SECTION: <domain>. 860 IN SOA ns.<domain>. root.<domain>. 200702270 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; neg ttl ...
SOA  The first two fields highlighted are:  the SOA (Start Of Authority), which the administrator sets to the name of the « source » server for the domain data (this is not always the case)  the RP (Responsible Person), which is the email address (with the first @ replaced by a '.') to contact in case of technical problems.
SOA   The other fields are:  serial: the serial number of the zone: this is used for replication between two nameservers  refresh: how often a replica server should check the master to see if there is new data  retry: how often to retry if the master server fails to answer after refresh.  expire: when the master server has failed to answer for too long, stop answering clients about this data. Why is expire necessary ?
Running a caching nameserver   Running a caching nameserver locally can be very useful Easy to setup, for example on FreeBSD:  add named_enable="YES" to /etc/rc.conf  start named: /etc/rc.d/named start  What is a good test to verify that named is running ?
Running a caching nameserver  When you are confident that your caching nameserver is working, enable it in your local resolver configuration (/etc/resolv.conf): nameserver 127.0.0.1
Delegation  We mentioned that one of the advantages of DNS was that of distribution through shared administration. This is called delegation.  We delegate when there is an administrative boundary and we want to turn over control of a subdomain to:  a department of a larger organization  an organization in a country  an entity representing a country's domain
Delegation
Delegation: Domains vs Zones  When we talk about the entire subtree, we talk about domains  When we talk about part of a domain that is administered by an entity, we talk about zones
Delegation: Domains vs Zones
Finding the error: using doc      When you encounter problems with your network, web service or email, you don't always suspect DNS. When you do, it's not always obvious what the problem is – DNS is tricky. A great tool for quickly spotting configuration problems is 'doc' /usr/ports/dns/doc – install it now! Let's do a few tests on screen with doc...
Conclusion      DNS is a vast subject It takes a lot of practice to pinpoint problems accurately the first time – caching and recursion are especially confusing Remember that there are several servers for the same data, and you don't always talk to the same one Practice, practice, practice! Don't be afraid to ask questions...
? Questions ?

Recomendados

dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slideskj teoh
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Introduction
IntroductionIntroduction
Introductionhajafaarukh
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)chovatiyabhautik
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
M7 - Manual
M7 - ManualM7 - Manual
M7 - ManualGabrielPostigo1
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 
Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentBangladesh Network Operators Group
 

Recomendados

dns-sec-4-slides
dns-sec-4-slidesdns-sec-4-slides
dns-sec-4-slideskj teoh
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Introduction
IntroductionIntroduction
Introductionhajafaarukh
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)chovatiyabhautik
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
M7 - Manual
M7 - ManualM7 - Manual
M7 - ManualGabrielPostigo1
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 
Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentBangladesh Network Operators Group
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
BIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedBIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedMustafa Golam
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2phanleson
 
Dns presentation
Dns presentationDns presentation
Dns presentationgaurav_c
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]APNIC
 
RP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonRP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonXavier Torrent Gorjón
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECDeploy360 Programme (Internet Society)
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practicekuchinskaya
 
Dns server
Dns serverDns server
Dns serverSubrata Kumer Paul
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...Felipe Prado
 
Interview questions
Interview questionsInterview questions
Interview questionsxavier john
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingYiwei Gong
 
Network Testing ques
Network Testing quesNetwork Testing ques
Network Testing quesPragya Rastogi
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache PoisoningKourosh Sajjadi
 
Dns
DnsDns
DnsMd Shihab
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILUtah Networxs Consultoria e Treinamento
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemGurkamal Rakhra
 
DHCP
DHCPDHCP
DHCPviditsir
 
DNS
DNSDNS
DNSviditsir
 

Mais conteúdo relacionado

Semelhante a DNS_Tutorial 2.pptx

DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
BIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedBIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedMustafa Golam
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2phanleson
 
Dns presentation
Dns presentationDns presentation
Dns presentationgaurav_c
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]APNIC
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practicekuchinskaya
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...Felipe Prado
 
Interview questions
Interview questionsInterview questions
Interview questionsxavier john
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingYiwei Gong
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 

Semelhante a DNS_Tutorial 2.pptx (20)

DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
BIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedBIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To Advanced
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2
 
Dns presentation
Dns presentationDns presentation
Dns presentation
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
 
RP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonRP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjon
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
Mens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practiceMens jan piet_dnssec-in-practice
Mens jan piet_dnssec-in-practice
 
Dns server
Dns serverDns server
Dns server
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
 
Interview questions
Interview questionsInterview questions
Interview questions
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Network Testing ques
Network Testing quesNetwork Testing ques
Network Testing ques
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
 
Dns
DnsDns
Dns
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptx
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
 

Mais de viditsir

DNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdfDNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdfviditsir
 
ASM Course Content.pdf
ASM Course Content.pdfASM Course Content.pdf
ASM Course Content.pdfviditsir
 
Course Agendaf5ltm.pptx
Course Agendaf5ltm.pptxCourse Agendaf5ltm.pptx
Course Agendaf5ltm.pptxviditsir
 
F5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdfF5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdfviditsir
 
Fortigate Mock Interview.pptx
Fortigate Mock Interview.pptxFortigate Mock Interview.pptx
Fortigate Mock Interview.pptxviditsir
 

Mais de viditsir (7)

DHCP
DHCPDHCP
DHCP
 
DNS
DNSDNS
DNS
 
DNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdfDNS and BIND, 5th Edition.pdf
DNS and BIND, 5th Edition.pdf
 
ASM Course Content.pdf
ASM Course Content.pdfASM Course Content.pdf
ASM Course Content.pdf
 
Course Agendaf5ltm.pptx
Course Agendaf5ltm.pptxCourse Agendaf5ltm.pptx
Course Agendaf5ltm.pptx
 
F5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdfF5 LTM Course Content_2.pdf
F5 LTM Course Content_2.pdf
 
Fortigate Mock Interview.pptx
Fortigate Mock Interview.pptxFortigate Mock Interview.pptx
Fortigate Mock Interview.pptx
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

DNS_Tutorial 2.pptx

  • 2. Overview         Goal of this session What is DNS ? How is DNS built and how does it work? How does a query work ? Record types Caching and Authoritative Delegation: domains vs zones Finding the error: where is it broken?
  • 3. Goal of this session  We will review the basics of DNS, including query mechanisms, delegation, and caching.  The aim is to be able to understand enough of DNS to be able to configure a caching DNS server, and troubleshoot common DNS problems, both local and remote (on the Internet)
  • 4. What is DNS ?  System to convert names to IP addresses: skill.org → 128.223.157.19 www.skilled.net → 2001:42d0::200:80:1 ... and back: 128.223.157.19 → skill.org  1.0.0.0.0.8.0.0.0.0.2.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.d.2.4.1.0.0.2.ip6.arpa. → www.skilled.net.
  • 5. What is DNS ?  Other information can be found in DNS:  where to send mail for a domain  who is responsible for this system  geographical information  etc...  How do we look this information up ?
  • 6. Basic DNS tools  Using the host command: # host skill.org. skill.org. has address 128.223.157.19 # host 128.223.157.19 19.157.223.128.in-addr.arpa domain name pointer skill.org.
  • 7. Basic DNS tools  Host with IPv6: # host www.skilled.net www.skilled.net has IPv6 address 2001:42d0::200:80:1 # host 2001:42d0::200:80:1 1.0.0.0.0.8.0.0.0.0.2.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.d.2.4.1.0.0.2.ip6.arpa domain name pointer www.skilled.net.
  • 8. Basic DNS tools  Try this yourself with other names – first lookup the names below, then do the same for the IP address returned: www.skill.com www.skill.org ipv6.google.com   Does the lookup of the IP match the name ? Why ? Where did the 'host' command find the information ?
  • 9. How is DNS built ? org com DNS Database etc usr bin Unix Filesystem ... forms a tree structure ac.ma afnog.org skill.org usr/local usr/sbin /etc/rc.d skill.com usr/local/src .(root) / (root) ma emi.ac.ma www.afnog.org
  • 10. How is DNS built ?  DNS is hierarchical  DNS administration is shared – no single central entity administrates all DNS data  This distribution of the administration is called delegation
  • 11. How does DNS work ?    Clients use a mechanism called a resolver and ask servers – this is called a query The server being queried will try to find the answer on behalf of the client The server functions recursively, from top (the root) to bottom, until it finds the answer, asking other servers along the way - the server is referred to other servers
  • 12. How does DNS work ?    The client (web browser, mail program, ...) use the OS’s resolver to find the IP address. For example, if we go to the webpage www.skill.com:  the web browser asks the OS « I need the IP for www.skill.com »  the OS looks in the resolver configuration which server to ask, and sends the query On UNIX, /etc/resolv.conf is where the resolver is configured.
  • 13. A DNS query «. »(root) client server .com DNS skill.com DNS www.skill.com ? ask skill DNS www.skill.com ? Q 1 2 3 4 5 6 87.140.2.33 A
  • 14. Query detail with tcpdump  On the server, become root: $ sudo -s passwd: # tcpdump -s1500 -n port 53  In another window/screen do: # host … (whatever you like)
  • 15. Query detail – example output   1: 18:40:38.62 IP 192.168.1.1.57811 > 192.112.36.4.53: 29030 [1au] A? h1-web.hosting.catpipe.net. (55) 2: 18:40:39.24 IP 192.112.36.4.53 > 192.168.1.1.57811: 29030- 0/13/16 (540)   3: 18:40:39.24 IP 192.168.1.1.57811 > 192.43.172.30.53: 7286 [1au] A? h1-web.hosting.catpipe.net. (55) 4: 18:40:39.93 IP 192.43.172.30.53 > 192.168.1.1.57811: 7286 FormErr- [0q] 0/0/0 (12)   5: 18:40:39.93 IP 192.168.1.1.57811 > 192.43.172.30.53: 50994 A? h1-web.hosting.catpipe.net. (44) 6: 18:40:40.60 IP 192.43.172.30.53 > 192.168.1.1.57811: 50994- 0/3/3 (152)   7: 18:40:40.60 IP 192.168.1.1.57811 > 83.221.131.7.53: 58265 [1au] A? h1-web.hosting.catpipe.net. (55) 8: 18:40:41.26 IP 83.221.131.7.53 > 192.168.1.1.57811: 58265* 1/2/3 A 83.221.131.6 (139)
  • 16. Query detail - analysis  We use a packet analyzer (wireshark) to view the contents of the query... http://www.wireshark.org/
  • 17. Resolver configuration    So how does your computer know which server to ask to get answers to DNS queries ? On UNIX, look in /etc/resolv.conf Look now in the file, and verify that you have a 'nameserver' statement of the form: nameserver a.b.c.d or nameserver ip:v6:ad:dr:es:ss ... where a.b.c.d is the IP/IPv6 of a functioning DNS server (it should).
  • 18. Finding the root...  The first query is directed to: 192.112.36.4 (G.ROOT-SERVERS.NET.)     How does the server know where to reach the root servers ? Chicken-and-egg problem Each namerserver has a list of the root nameservers (A – M.ROOT- SERVERS.NET) and their IP address In BIND, named.root
  • 19. Using 'dig' to get more details    the 'host' command is limited in its output – good for lookups, but not enough for debugging. we use the 'dig' command to obtain more details dig shows a lot of interesting stuff...
  • 20. ns# dig @147.28.0.39 www.skill.org. a ; <<>> DiG 9.3.2 <<>> @147.28.0.39 www.skill.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4620 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2 ;; QUESTION SECTION: IN A 14400 IN A 128.223.162.29 14400 IN 14400 IN NS NS rip.psg.com. arizona.edu. ;www.skill.org. ;; ANSWER SECTION: www.skill.org. ;; AUTHORITY SECTION: skill.org . skill.org . ;; ADDITIONAL SECTION: rip.psg.com. arizona.edu. 77044 IN 2301 IN A A 147.28.0.39 128.196.128.233 ;; Query time: 708 msec ;; SERVER: 147.28.0.39#53(147.28.0.39) ;; WHEN: Wed May 10 15:05:55 2007 ;; MSG SIZE rcvd: 128 Using 'dig' to get more details
  • 21. noc# dig www.skilled.net any ; <<>> DiG 9.4.2 <<>> any www.skilled.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36019 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 10 ;; QUESTION SECTION: ;www.skilled.net. IN ANY ;; ANSWER SECTION: www.skilled.net. 477 IN AAAA 2001:42d0::200:80:1 www.skilled.net. 65423 IN A 196.216.2.1 ;; AUTHORITY SECTION: skilled.net. 65324 IN NS sec1.apnic.net. skilled.net. 65324 IN NS sec3.apnic.net. skilled.net. 65324 IN NS ns1.skilled.net. skilled.net. 65324 IN NS tinnie.arin.net. skilled.net. 65324 IN NS ns.lacnic.net. skilled.net. 65324 IN NS ns-sec.ripe.net. ;; ADDITIONAL SECTION: ns.lacnic.net. 151715 IN A 200.160.0.7 ns.lacnic.net. 65315 IN AAAA 2001:12ff::7 ns-sec.ripe.net. 136865 IN A 193.0.0.196 ns-sec.ripe.net. 136865 IN AAAA 2001:610:240:0:53::4 ns1.skilled.net. 65315 IN A 196.216.2.1 tinnie.arin.net. 151715 IN A 168.143.101.18 sec1.apnic.net. 151715 IN A 202.12.29.59 sec1.apnic.net. 151715 IN AAAA 2001:dc0:2001:a:4608::59 sec3.apnic.net. 151715 IN A 202.12.28.140 sec3.apnic.net. 151715 IN AAAA 2001:dc0:1:0:4777::140 ;; Query time: 1 msec ;; SERVER: 196.200.218.1#53(196.200.218.1) ;; WHEN: Tue May 27 08:48:13 2008 ;; MSG SIZE rcvd: 423
  • 22. dig output  Some interesting fields:  flags section: qr aa ra rd  status  answer section  authority section  TTL (numbers in the left column)  query time  server  Notice the 'A' and 'AAAA' record type in the output.
  • 23. Record types  Basic record types:      A, AAAA: NS: MX: CNAME: PTR: IPv4, IPv6 address NameServer Mail eXchanger Canonical name (alias) Reverse information
  • 24. Types There are many types, most famous ones (IPv4 mostly) A: Maps a hostname to an IPv4 address NS: Maps a domain name to a list of authoritative DNS servers CNAME: Makes one domain name an alias of another MX: Maps a domain name to a list of mail exchange servers PTR: Maps an IPv4 address to canonical name for that host SOA: Specifies the authoritative DNS server Info like email of the domain administrator, serial number, …
  • 25. DNS Caching and Updating Records Once a name server learns mapping, it caches it It’ll expire (TTL defined by the authoritative server) TLD servers typically cached in local name server Root name servers not often visited Update/Notify Mechanisms RFC 2136 TTL is specified in the Start Of Authority (SOA) record Serial – Incremented when the zone file modified, others know when the zone has been changed and should be reloaded Refresh – Number of seconds between update requests Retry – Number of seconds between retries (if a request failed) Expire – Number of seconds before considering the data stale Minimum – Used for minimum TTL, used for negative caching
  • 26. Caching vs Authoritative     In the dig output, and in subsequent outputs, we noticed a decrease in query time if we repeated the query. Answers are being cached by the querying nameserver, to speed up requests and save network ressources The TTL value controls the time an answer can be cached DNS servers can be put in two categories: caching and authoritative.
  • 27. Caching vs Authoritative: authoritative   Authoritative servers typically only answer queries for data over which they have authority, i.e.: data of which they have an external copy, i.e. from disk (file or database) If they do not know the answer, they will point to a source of authority, but will not process the query recursively.
  • 28. Caching vs Authoritative: caching    Caching nameservers act as query forwarders on behalf of clients, and cache answers for later. Can be the same software (often is), but mixing functionality (recursive/caching and authoritative) is discouraged (security risks + confusing) The TTL of the answer is used to determine how long it may be cached without re-querying.
  • 29. TTL values  TTL values decrement and expire  Try repeatedly asking for the A record for www.skill.com: # dig www.skill.com  What do you observe about the query time and the TTL ?
  • 30. SOA  Let's query the SOA for a domain: # dig SOA <domain> ... ;; AUTHORITY SECTION: <domain>. 860 IN SOA ns.<domain>. root.<domain>. 200702270 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ; neg ttl ...
  • 31. SOA  The first two fields highlighted are:  the SOA (Start Of Authority), which the administrator sets to the name of the « source » server for the domain data (this is not always the case)  the RP (Responsible Person), which is the email address (with the first @ replaced by a '.') to contact in case of technical problems.
  • 32. SOA   The other fields are:  serial: the serial number of the zone: this is used for replication between two nameservers  refresh: how often a replica server should check the master to see if there is new data  retry: how often to retry if the master server fails to answer after refresh.  expire: when the master server has failed to answer for too long, stop answering clients about this data. Why is expire necessary ?
  • 33. Running a caching nameserver   Running a caching nameserver locally can be very useful Easy to setup, for example on FreeBSD:  add named_enable="YES" to /etc/rc.conf  start named: /etc/rc.d/named start  What is a good test to verify that named is running ?
  • 34. Running a caching nameserver  When you are confident that your caching nameserver is working, enable it in your local resolver configuration (/etc/resolv.conf): nameserver 127.0.0.1
  • 35. Delegation  We mentioned that one of the advantages of DNS was that of distribution through shared administration. This is called delegation.  We delegate when there is an administrative boundary and we want to turn over control of a subdomain to:  a department of a larger organization  an organization in a country  an entity representing a country's domain
  • 37. Delegation: Domains vs Zones  When we talk about the entire subtree, we talk about domains  When we talk about part of a domain that is administered by an entity, we talk about zones
  • 39. Finding the error: using doc      When you encounter problems with your network, web service or email, you don't always suspect DNS. When you do, it's not always obvious what the problem is – DNS is tricky. A great tool for quickly spotting configuration problems is 'doc' /usr/ports/dns/doc – install it now! Let's do a few tests on screen with doc...
  • 40. Conclusion      DNS is a vast subject It takes a lot of practice to pinpoint problems accurately the first time – caching and recursion are especially confusing Remember that there are several servers for the same data, and you don't always talk to the same one Practice, practice, practice! Don't be afraid to ask questions...