advertisement

chapter16

80 %
20 %
advertisement
Information about chapter16
Science-Technology
dns

Published on October 7, 2007

Author: Aric85

Source: authorstream.com

advertisement

Chapter 16 – The Domain Name System (DNS):  Chapter 16 – The Domain Name System (DNS) Presented by Shari Holstege Tuesday, June 18, 2002 What does DNS provide?:  What does DNS provide? A hierarchical namespace for hosts and IP addresses A host table implemented as a distributed database A “resolver” – library routines that query this database Improved routing for e-mail A mechanism for finding services on a network A protocol for exchanging naming information BIND:  BIND Berkeley Internet Name Domain System An implementation of DNS for UNIX Maintained by the Internet Software Consortium Has been ported to Windows NT DNS Namespace:  DNS Namespace There are two types of top-level domains (TLDs): Generic Top-Level Domains (gTLDs) such as com, org, and net describe organizational and political structure and are used primarily within the United States Country codes (ccTLDs) are used outside the United States Naming Tree:  Naming Tree The forward-mapping branch maps hostnames to IP addresses and uses forward zone files. The reverse-mapping branch maps IP addresses back to hostnames and uses reverse zone files. Domain Names:  Domain Names Domain names are case insensitive. An Internet host’s fully qualified name is formed by appending its domain name to its hostname. Within the DNS system, fully qualified names are terminated by a dot, but this dot is generally hidden from ordinary users. Names without dots terminating them are relative addresses. Components of BIND:  Components of BIND A daemon called named that answers queries Library routines that resolve host queries by contacting the servers of the DNS distributed database Command-line interfaces to DNS: nslookup, dig, and host named:  named It answers queries about hostnames and IP addresses If it does not know the answer to a query, it asks other servers and caches the response It performs “zone transfers” to copy data among the servers of a domain Authoritative and Caching-only Servers:  Authoritative and Caching-only Servers Each zone has one master name server that keeps the official copy of the zone’s data on disk. A slave server gets its data from the master server through a “zone transfer” operation. A stub server is a slave that loads only the NS records from the master. A caching-only name server loads the addresses of the servers for the root domain from a startup file and accumulates the rest of its data by caching answers to the queries it resolves. Recursive and Nonrecursive Servers:  Recursive and Nonrecursive Servers If a nonrecursive server has the asnwer to a query cached from a previous transaction or is authoritative for the domain to which the query pertains, it provides the appropriate response. Otherwise, instead of returning the real answer, it returns a referral to the authoritative servers of another domain that are more likely to know the answer. A recursive server returns only real answers or error messages. It follows referrals itself, relieving the client of the responsibility. Negative Caching:  Negative Caching Perhaps 60% of DNS queries are for non-existent data Negative caching saves answers of the following types: No host or domain matches the name queried The type of data requested does not exist for this host The server to ask is not responding The server is unreachable because of network problems Resolver Configuration:  Resolver Configuration Each host on the network has a file called /etc/resolv.conf that lists the DNS servers the host should query. Format: search domainname . . . nameserver ipaddress Example: search cs.colorado.edu colorado.edu ee.colorado.edu nameserver 128.138.243.151 ; ns nameserver 128.138.204.4 ; piper nameserver 128.138.240.1 ; anchor Hardware Requirements:  Hardware Requirements BIND is a memory hog. IPv6 and DNSSEC in BIND 9 are CPU-intensive. To determine if a server has enough memory, let it run for awhile and watch the size of the named process. It will take a week or two to converge on a stable size at which old cache records are expiring at about the same rate as new ones are being inserted. Configuration Files:  Configuration Files The complete configuration for named consists of the config file, the hints file, and, for master servers, the zone data files that contain address mappings for each host. The configuration file specifies the role (master, slave, or stub) of this host relative to each zone and the way in which it should get its copy of the resource records that make up the local part of the database. Statement Types in named.conf:  Statement Types in named.conf include – Interpolates a file (e.g., trusted keys readable only by named) options – Sets global name server configuration options and defaults server – Specifies per-server options key – Defines authentication information acl – Defines access control lists zone – Defines a zone of resource records Statement Types in named.conf:  Statement Types in named.conf trusted-keys – Uses preconfigured keys controls – Defines channels used to control the name server with ndc logging – Specifies logging categories and their destinations view – Defines a view of the namespace (BIND 9 only) DNS Database:  DNS Database A set of text files maintained by the system administrator on the domain’s master name server Contain two types of entries: parser commands resource records (RRs) Zone Records:  Zone Records SOA – Start of Authority – Defines a DNS zone of authority NS – Name Server – Identifies zone servers, delegates subdomains Basic Records:  Basic Records A – IPv4 Address – Name-to-address translation AAAA – Original IPv6 address – Now obsolete – DO NOT USE A6 – IPv6 Address – Name-to-IPv6-address translation (V9 only) PTR – Pointer – Address-to-name translation DNAME – Redirection – Redirection for reverse IPv6 lookups (V9 only) MX – Mail Exchanger – Controls e-mail routing Security Records:  Security Records KEY – Public Key – Public key for DNS name NXT – Next – Used with DNSSEC for negative answers SIG – Signature – Signed, authenticated zone Optional Records:  Optional Records CNAME – Canonical Name – Nicknames or aliases for a host LOC – Location – Geographic location and extent RP – Responsible Person – Specifies per-host contact info SRV – Services – Gives locations of well-known services TXT – Text – Comments or untyped information Commands in Zone Files:  Commands in Zone Files $ORIGIN domain-name – Sets the origin for relative filenames $INCLUDE filename – The specified file is read into the database at the point of the directive $TTL default-ttl – Sets a default value for the time-to-live field of the records that follow it $GENERATE lots-of-args – Provides a simple way to generate a series of similar records Updating Zone Files:  Updating Zone Files When you make a change to a domain (such as adding or deleting a host): The data files on the master server must be updated You must increment the serial number in the SOA record for the zone Run ndc reload to signal named to pick up the changes Security Features in named.conf:  Security Features in named.conf allow-query (options, zone) – Who can query a zone or server allow-transfer (options, zone) – Who can request zone transfers allow-update (zone) – Who can make dynamic updates blackhole (options) – Which servers to ignore completely bogus (server) – Which servers should never be queried acl (various) – Access control lists Transaction Signatures (TSIG):  Transaction Signatures (TSIG) Developed by the IETF while DNSSEC was being specified Use a symmetric encryption scheme Use a shared-secret key that must be exchanged manually for every pair of servers that needs to communicate Not scalable to large networks DNSSEC:  DNSSEC A set of DNS extensions that authenticate the origin of zone data and verify its integrity Uses public key cryptography Provides: Key distribution by means of KEY resource records stored in the zone files Origin verification for servers and data Verification of the integrity of zone data Testing and Debugging:  Testing and Debugging named provides highly configurable logging. It is possible to select the severity and type of messages logged. nslookup queries the DNS database dig is similar to nslookup, but has more sensible defaults, provides more information, and has a nicer user interface host is similar to dig but less verbose

Add a comment

Related presentations

Related pages

Chapter 16

Chapter 16 is a digital language & literature program of Humanities Tennessee. Executive Director: Tim Henderson. Director of Literature & Language Programs:
Read more

Chapter 16 (@chapter16) | Twitter

The latest Tweets from Chapter 16 (@chapter16). ... a community of Tennessee writers, readers, & passersby. Tennessee
Read more

Home [nechapter16.com]

International Right of Way Association (IRWA) New England Chapter 16 . IRWA Chapter members, It is hard to believe we are more than half way through ...
Read more

Chapter 16

Chapter 16. 2,127 likes · 157 talking about this. A daily online journal about books and author events in Tennessee, Chapter 16 offers reviews,...
Read more

Chapter 16: Questions and Answers

Another device which is not hard to build is the Charles Flynn magnet motor (chapter 1): And if the electronics used to drive it is something which you ...
Read more

Wedding Planner Nottingham - Chapter16.co.uk

Chapter16 is a company that specialises in planning wedding and special events in and around the East Midlands
Read more

Chapter16-10 - Scribd - Read Unlimited Books

Managerial Accounting Excel Models by dharunb in Types > School Work and managerial accounting models
Read more

Chapter 16 - American Studies @ The University of Virginia

Billy Budd Melville Chapter 16 ... This incident sorely puzzled Billy Budd. It was an entirely new experience; the first time in his life that he had ever ...
Read more

Pennsylvania Chapter 16 Regulations for Gifted Education

CHAPTER 16. SPECIAL EDUCATION FOR GIFTED STUDENTS GENERAL PROVISIONS. Sec. 16.1. Definitions. 16.2. Purpose. 16.3. Experimental programs. 16.4.
Read more