What To Do For World Nature Conservation Day by Slidesgo.pptx
DNS: How Domain Name System Works
1. IDRBT
• DNS data files match names with numbers
(IP) and vice-versa
• Internet hosts and servers advertise their
identity with unique symbolic/logical names
also called as domain names
• TCP/IP protocol suite demands each
computer to be assigned unique 4-byte IP
address for computers to communicate
• DNS essentially does the IP to domain and
domain to IP matching
Domain Name system
2. IDRBT
Domain Name system
• DNS was developed in 1980’s when the no. of hosts
on Internet grew dramatically
• DNS database is a tree structure called Domain Name
Space
• Each domain can contain sub-domains below it
• Root and Top level domains are managed by
InterNIC
• the domains below the top level are delegated to
other organizations by InterNIC
• A Critical Service binding the Internet Servers all over
the world
• The Largest Distributed Database running without fail
3. IDRBT
Private DNS
• DNS can be operated in corporate
private networks
• These domain names and IP numbers
shouldn’t conflict with public ie Internet
world
• Private DNS should be isolated from
Internet to avoid major conflicts
4. IDRBT
Host names
• RFC 952 standard describes what makes
names valid or legal
• Name can be up to 24 characters from (A-Z),
(0-9), (-) and (.)
• No blanks or spaces permitted
• No distinction between upper and lower
letters of the alphabets
• First character must be alphabet
• Last must not be a minus sign or period
• Single character names or nicknames are not
allowed
5. IDRBT
Fully Qualified Domain Names
• Host names are not truly complete or unique unless
they include the domain the host belongs to
• An FQDN is the domain full path (ie ----.---.sub
domain) plus the host name
• FQDNS are fully expressed host names that leaves
nothing unsaid
• E-mail addresses contain FQDNS after the recipient
name
10. IDRBT
Domain Name System
• DNS is a practical repository and
clearinghouse for network host and
domain names
• UDP port 53 for queries and responses
• TCP port 53 for server to server
connections
11. IDRBT
Name server Types
• Primary Name servers
– Original Source of Address data
– They control zone transfers and publishing the
domain names
• Secondary Name Servers
– Gets data from primary DNS
– Authorized to answer the DNS queries
– Helps as backup/redundant server and balances
the work load
12. IDRBT
Name server Types
• Caching Name Servers
– Improve performance
– Forward requests to a DNS and then cache
the results
– May not have right info always
– TTL plays a crucial role
• Forwarders and Slaves
– Send queries to other DNS for an answer
– Slave has to depend upon that server only
– Forwarder can answer the query on its own also
14. IDRBT
DNS Resource Records
• Start of authority
Owner, Class, TTL, Type, Zone File
Source, Responsible person e-mail,
Serial No, Refresh Time, Retry Interval,
Expire Time, Min. TTL
15. IDRBT
DNS Resource Records
• Name Server (NS) Records
NS records specify which servers are
authorized to answer the domain or sub
domain queries
A Name Server can delegate authority of
an entire Sub domain below it to
another Name Server
16. IDRBT
DNS Resource Records
• Pointer (PTR) Records
Are keys to reverse address resolution
• Address (A) Records
Map host names to IP addresses for forward
queries
• Mail Exchange (MX) Records
Specify the host name to which mails be
routed for that domain
Order of preference can be tagged to each
MX host
17. IDRBT
DNS Resource Records
• Canonical Name (CNAME) Records
CNAME creates an alias
An alias is a name that points to
another host
18. IDRBT
Designing a good DNS
• All organizations need 2 DNS servers
• Capacity of the server depends on
– No. of domains the server hosts
– No. of subnets to which server is directly
attached to
– No. of hits the server receives
19. The ISP provides primary DNS
services for this domain
Local
DNS
Router
Primary
DNS
Caching or Secondary
•Authority is with ISP
•Every change requires
communication with ISP
20. The ISP provides secondary DNS
service for this domain
XYZ.COM
Primary
DNS
Router
Secondary
DNS
ABC.COM
Secondary
DNS XYZ
•Source and authority is
with organization only
•Only copy of primary is
managed at secondaries
•Provides good load
distribution
21. Protecting Primary DNS from
unauthorized access
Secondary
DNS
Secondary
DNS
Router
Secondary
DNS
Primary
DNS
ISP
Router
•Both Primary and secondary
manned by orgn
•Primaries will never be open to
outside
24. IDRBT
DNS Security
• Without DNS, the Internet in its
present form might never have
existed
• DNS is the first entry to your n/w
or servers
• yet, DNS suffers from serious
security problems
• DOS and Buffer Overflow attacks
• DNS in its present form provides
no authentication of the name-
address mappings it provides.
25. IDRBT
DNS Security
• in July 1997, Eugene Kashpureff
redirected Internet users from
Network Solutions' Web page to his
own site
• RFC 2535 was ultimately issued in
March 1999 to address DNS Security
Extensions (DNSSEC)
• you can trust the information
provided by security-aware DNS
servers with DNSSEC.
26. IDRBT
DNS Security
• DNSSEC is complex to
implement
• It also requires a hierarchy
of signing authorities
• DNSSEC will make the Internet
much safer for e-commerce
• DNSSEC is not yet in wide
use.
27. IDRBT
Utility Description
Arp Allows viewing and editing of the Address Resolution Protocol (ARP)
cache.
Ipconfig Displays current TCP/IP configuration values. Also used to manually
release and renew a TCP/IP configuration lease assigned by a DHCP
server and to reset DNS name registrations.
Nbtstat Checks the state of current NetBIOS over TCP/IP connections,
updates the Lmhosts cache, and determines the registered names
and scope ID.
Netstat Displays protocol statistics and information on current TCP/IP
connections.
Nslookup Checks records, domain host aliases, domain host services, and
operating system information by querying DNS server.
Ping Verifies whether TCP/IP is configured correctly and tests connectivity
to other host systems.
Route Allows viewing and editing of the local IP routing table.
Tracert Traces the network route taken by an IP datagram to its destination.
Pathping Traces the route a packet takes to a destination and displays
information on packet losses for each router in the path. Pathping can
also be used to troubleshoot Quality of Service (QoS) connectivity.