Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a DNS: How Domain Name System Works
Semelhante a DNS: How Domain Name System Works (20)
Último
Último (20)
DNS: How Domain Name System Works
- 1. IDRBT • DNS data files match names with numbers (IP) and vice-versa • Internet hosts and servers advertise their identity with unique symbolic/logical names also called as domain names • TCP/IP protocol suite demands each computer to be assigned unique 4-byte IP address for computers to communicate • DNS essentially does the IP to domain and domain to IP matching Domain Name system
- 2. IDRBT Domain Name system • DNS was developed in 1980’s when the no. of hosts on Internet grew dramatically • DNS database is a tree structure called Domain Name Space • Each domain can contain sub-domains below it • Root and Top level domains are managed by InterNIC • the domains below the top level are delegated to other organizations by InterNIC • A Critical Service binding the Internet Servers all over the world • The Largest Distributed Database running without fail
- 3. IDRBT Private DNS • DNS can be operated in corporate private networks • These domain names and IP numbers shouldn’t conflict with public ie Internet world • Private DNS should be isolated from Internet to avoid major conflicts
- 4. IDRBT Host names • RFC 952 standard describes what makes names valid or legal • Name can be up to 24 characters from (A-Z), (0-9), (-) and (.) • No blanks or spaces permitted • No distinction between upper and lower letters of the alphabets • First character must be alphabet • Last must not be a minus sign or period • Single character names or nicknames are not allowed
- 5. IDRBT Fully Qualified Domain Names • Host names are not truly complete or unique unless they include the domain the host belongs to • An FQDN is the domain full path (ie ----.---.sub domain) plus the host name • FQDNS are fully expressed host names that leaves nothing unsaid • E-mail addresses contain FQDNS after the recipient name
- 6. IDRBT DNS Structure Root“ “ uk Com edu In idrbt Research tech org IMF Infinet org RBI Andb Mahb
- 7. IDRBT Name resolution Methods • NetBIOS Name Cache • Broadcast Queries • WINS • LMHOSTS • HOSTS • DNS
- 8. IDRBT DNS Queries • Recursive Name queries • Iterative Name queries • Reverse Name Queries
- 9. IDRBT
- 10. IDRBT Domain Name System • DNS is a practical repository and clearinghouse for network host and domain names • UDP port 53 for queries and responses • TCP port 53 for server to server connections
- 11. IDRBT Name server Types • Primary Name servers – Original Source of Address data – They control zone transfers and publishing the domain names • Secondary Name Servers – Gets data from primary DNS – Authorized to answer the DNS queries – Helps as backup/redundant server and balances the work load
- 12. IDRBT Name server Types • Caching Name Servers – Improve performance – Forward requests to a DNS and then cache the results – May not have right info always – TTL plays a crucial role • Forwarders and Slaves – Send queries to other DNS for an answer – Slave has to depend upon that server only – Forwarder can answer the query on its own also
- 13. IDRBT
- 14. IDRBT DNS Resource Records • Start of authority Owner, Class, TTL, Type, Zone File Source, Responsible person e-mail, Serial No, Refresh Time, Retry Interval, Expire Time, Min. TTL
- 15. IDRBT DNS Resource Records • Name Server (NS) Records NS records specify which servers are authorized to answer the domain or sub domain queries A Name Server can delegate authority of an entire Sub domain below it to another Name Server
- 16. IDRBT DNS Resource Records • Pointer (PTR) Records Are keys to reverse address resolution • Address (A) Records Map host names to IP addresses for forward queries • Mail Exchange (MX) Records Specify the host name to which mails be routed for that domain Order of preference can be tagged to each MX host
- 17. IDRBT DNS Resource Records • Canonical Name (CNAME) Records CNAME creates an alias An alias is a name that points to another host
- 18. IDRBT Designing a good DNS • All organizations need 2 DNS servers • Capacity of the server depends on – No. of domains the server hosts – No. of subnets to which server is directly attached to – No. of hits the server receives
- 19. The ISP provides primary DNS services for this domain Local DNS Router Primary DNS Caching or Secondary •Authority is with ISP •Every change requires communication with ISP
- 20. The ISP provides secondary DNS service for this domain XYZ.COM Primary DNS Router Secondary DNS ABC.COM Secondary DNS XYZ •Source and authority is with organization only •Only copy of primary is managed at secondaries •Provides good load distribution
- 21. Protecting Primary DNS from unauthorized access Secondary DNS Secondary DNS Router Secondary DNS Primary DNS ISP Router •Both Primary and secondary manned by orgn •Primaries will never be open to outside
- 22. Split-Brain DNS Primary External DNS Router Router Secondary DNS (INT) Primary Internal DNS ISP •External DNS contains only public hosts •Internal DNS contains all orgn wide hosts
- 23. IDRBT DNS
- 24. IDRBT DNS Security • Without DNS, the Internet in its present form might never have existed • DNS is the first entry to your n/w or servers • yet, DNS suffers from serious security problems • DOS and Buffer Overflow attacks • DNS in its present form provides no authentication of the name- address mappings it provides.
- 25. IDRBT DNS Security • in July 1997, Eugene Kashpureff redirected Internet users from Network Solutions' Web page to his own site • RFC 2535 was ultimately issued in March 1999 to address DNS Security Extensions (DNSSEC) • you can trust the information provided by security-aware DNS servers with DNSSEC.
- 26. IDRBT DNS Security • DNSSEC is complex to implement • It also requires a hierarchy of signing authorities • DNSSEC will make the Internet much safer for e-commerce • DNSSEC is not yet in wide use.
- 27. IDRBT Utility Description Arp Allows viewing and editing of the Address Resolution Protocol (ARP) cache. Ipconfig Displays current TCP/IP configuration values. Also used to manually release and renew a TCP/IP configuration lease assigned by a DHCP server and to reset DNS name registrations. Nbtstat Checks the state of current NetBIOS over TCP/IP connections, updates the Lmhosts cache, and determines the registered names and scope ID. Netstat Displays protocol statistics and information on current TCP/IP connections. Nslookup Checks records, domain host aliases, domain host services, and operating system information by querying DNS server. Ping Verifies whether TCP/IP is configured correctly and tests connectivity to other host systems. Route Allows viewing and editing of the local IP routing table. Tracert Traces the network route taken by an IP datagram to its destination. Pathping Traces the route a packet takes to a destination and displays information on packet losses for each router in the path. Pathping can also be used to troubleshoot Quality of Service (QoS) connectivity.
- 28. IDRBT Thank You