Date published 


Americans use the Internet. While that might sound pretty average, let's compare that to the whole planet where only 4 in 10 people use the Internet. With all this. and has a built in table of name to address translation u Problem: Not scalable u Solution: DNS (Adopted in ) u Hierarchical Names: In this tutorial I will explain the basics of DNS starting with the hosts file, and explain how and why DNS evolved,, and the problems DNS was.

Language:English, Spanish, Hindi
Country:Czech Republic
Genre:Personal Growth
Published (Last):30.07.2016
Distribution:Free* [*Registration needed]
Uploaded by: AMALIA

45394 downloads 124453 Views 31.70MB PDF Size Report

Dns Tutorial Pdf

The Domain Name System (DNS) handles the growing number of Internet users. Cisco Prime Network Registrar Caching and Authoritative DNS User. Tutorial Focus: Big picture. - Not software help. - DNS!= BIND. - No gory protocol Domain name: any name represented in the DNS format. And in the case of DNS, practically all Internet hosts participate directly in the DNS as a client, server or both. .. DNS Tutorial @ IETF 80 – Gudmundsson, Koch.

First among these is the fact that if someone controls where you are sent when you ask for a given name, they control something quite powerful. Spoofing a legitimate site Modifying DNS servers for clients is often a primary objective of an attacker after gaining control to a system or network. This means changing the DNS resolution so that certain sensitive names like bankofamerica. This enables an attacker to present a login form that looks similar to or even identical to the real thing. If the user signs into the fake site it means the attacker now has stolen their credentials. In many cases You can simply send a response to a client and it will assume that you made a previous request and update the record in the cache. It is primarily concerned with helping resolvers clients ensure that DNS data in fact came from an authorized origin. DNSSEC works by digitally signing responses using public-key cryptography and uses several new resource records, shown below. DS — holds the name of a delegated zone. You place the DS record in the parent zone along with the delegating NS-records. These records can be used by resolvers to verify the non-existence of a record name and type as part of DNSSEC validation. This results in that victim being melted by all the response traffic. Many tools exist for doing this.

Zone File A zone file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name. Zone files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.

Records Within a zone file, records are kept. In its simplest form, a record is basically a single mapping between a resource and a name. These can map a domain name to an IP address, define the name servers for the domain, define the mail servers for the domain, etc.

The system is very simple at a high-level overview, but is very complex as you look at the details. Overall though, it is a very reliable infrastructure that has been essential to the adoption of the internet as we know it today.

At the top of this system is what are known as "root servers". There are currently 13 root servers in operation. However, as there are an incredible number of names to resolve every minute, each of these servers is actually mirrored. The interesting thing about this set up is that each of the mirrors for a single root server share the same IP address.

When requests are made for a certain root server, the request will be routed to the nearest mirror of that root server. What do these root servers do? Root servers handle requests for information about Top-level domains. So if a request comes in for something a lower-level name server cannot resolve, a query is made to the root server for the domain.

The root servers won't actually know where the domain is hosted. They will, however, be able to direct the requester to the name servers that handle the specifically requested top-level domain.

So if a request for " www. It will check its zone files for a listing that matches " www. It will not find one. It will instead find a record for the "org" TLD and give the requesting entity the address of the name server responsible for "org" addresses. TLD Servers The requester then sends a new request to the IP address given to it by the root server that is responsible for the top-level domain of the request.

So, to continue our example, it would send a request to the name server responsible for knowing about "org" domains to see if it knows where " www. Once again, the requester will look for " www. It will not find this record in its files. However, it will find a record listing the IP address of the name server responsible for "wikipedia. This is getting much closer to the answer we want.

Domain-Level Name Servers At this point, the requester has the IP address of the name server that is responsible for knowing the actual IP address of the resource. It sends a new request to the name server asking, once again, if it can resolve " www.

The name server checks its zone files and it finds that it has a zone file associated with "wikipedia. Inside of this file, there is a record for the "www" host. This record tells the IP address where this host is located. The name server returns the final answer to the requester. What is a Resolving Name Server? In the above scenario, we referred to a "requester". What is the requester in this situation? In almost all cases, the requester will be what we call a "resolving name server" A resolving name server is one configured to ask other servers questions.

It is basically an intermediary for a user which caches previous query results to improve speed and knows the addresses of the root servers to be able to "resolve" requests made for things it doesn't already know about. Basically, a user will usually have a few resolving name servers configured on their computer system. The resolving name servers are usually provided by an ISP or other organizations.

For instance Google provides resolving DNS servers that you can query. These can be either configured in your computer automatically or manually. When you type a URL in the address bar of your browser, your computer first looks to see if it can find out locally where the resource is located.

It checks the "hosts" file on the computer and a few other locations.


It then sends the request to the resolving name server and waits back to receive the IP address of the resource. The resolving name server then checks its cache for the answer. If it doesn't find it, it goes through the steps outlined above. Resolving name servers basically compress the requesting process for the end user. The clients simply have to know to ask the resolving name servers where a resource is located and be confident that they will investigate and return the final answer.

DNS (Domain Name Server) | NetWorking

Zone Files We mentioned in the above process the idea of "zone files" and "records". Zone files are the way that name servers store information about the domains they know about. Every domain that a name server knows about is stored in a zone file. Most requests coming to the average name server are not something that the server will have zone files for.

If it is configured to handle recursive queries, like a resolving name server, it will find out the answer and return it. Otherwise, it will tell the requesting party where to look next.

The more zone files that a name server has, the more requests it will be able to answer authoritatively. It generally is used to configure just a single domain. It can contain a number of records which define where resources are for the domain in question. So if a zone file is used to configure the "example.

This is either configured at the top of the zone file or it can be defined in the DNS server's configuration file that references the zone file. Either way, this parameter describes what the zone is going to be authoritative for. It is basically a timer. A caching name server can use previously queried results to answer questions until the TTL value runs out. Record Types Within the zone file, we can have many different record types.

We will go over some of the more common or mandatory types here. It is also one of the most complex to understand. The start of authority record looks something like this: domain. IN SOA ns1. This specifies that the zone file is for the domain.

Name servers can either be master or slaves, and if dynamic DNS is configured one server needs to be a "primary master", which goes here. If you haven't configured dynamic DNS, then this is just one of your master name servers.

The " " is replaced with a dot in the email address. Every time you edit a zone file, you must increment this number for the zone file to propagate correctly. Slave servers will check if the master server's serial number for a zone is larger than the one they have on their system.

If it is, it requests the new zone file, if not, it continues serving the original file. This is the amount of time that the slave will wait before polling the master for zone file changes. If the slave cannot connect to the master when the refresh period is up, it will wait this amount of time and retry to poll the master. If a slave name server has not been able to contact the master for this amount of time, it no longer returns responses as an authoritative source for this zone.

The record could look something like this: ns1 IN A However, we could just as easily use the entire FQDN if we feel like being semantic: ns1. IN A We can do this like this: domain.

For instance, we could have an A name record defining the "server1" host and then use the "www" as an alias for this host: server1 IN A One case when a CNAME is recommended is to provide an alias for a resource outside of the current zone. MX Records MX records are used to define the mail exchanges that are used for the domain. This helps email messages arrive at your mail server correctly.

Unlike many other record types, mail records generally don't map a host to something, because they apply to the entire zone. As such, they usually look like this: IN MX 10 mail.

An Introduction to DNS Terminology, Components, and Concepts | DigitalOcean

Note that there is no host name at the beginning. Also note that there is an extra number in there. This is the preference number that helps computers decide which server to send mail to if there are multiple mail servers defined. The client needs to find the IP address where google. Your browser will send this query to the operating system. Each operating system is configured to query certain dns servers.

The resolving name server does not aware of the location of the google.

Next, the resolving name server find the location of the top-level domain name server to send query for google. Each domain on the Internet has authoritative name server.

DNS Tutorials

Finally, the authoritative name server will give you exact IP address of google. This information will come back to to the resolving name server, which caches the information and send backs an answer answer to your query what is IP address of google. The end result you will see google search engine home page.

NET in ms google. NET one of root server queries top level domain name server.

Similar files:

Copyright © 2019
DMCA |Contact Us