DNS Domain Name Service

WeeSan Lee <weesan@cs.ucr.edu> http://www.cs.ucr.edu/~weesan/cs183/

Roadmap

Introduction The DNS Namespace Top-level Domains Second-level Domains Domain Names How to Register a Domain Name? How DNS Works? BIND Tools Q&A

Introduction

A service that maps between hostnames and IP addresses A hierarchical distributed caching database with delegated authority. Uses port 53

UDP for the queries and responses TCP for the zone transfer

Introduction (cont)
Recursive servers Non-recursive servers root name server (.) Q
http://www.cs.berkeley.edu/

R Q momo.cs.ucr.edu R A Q R cs.berkeley.edu berkeley.edu Q edu

Q A eon

The DNS Namespace

A tree structure that starts with the root (.) Each node represents a domain name 2 branches

Forward mapping

hostnames IP addresses IP addresses hostnames

Reverse mapping

Top-level Domains

gTLDs (generic TLDs)

com, edu, net, org, gov, mil, int, arpa aero, biz, coop, info, jobs, museum, name, pro au, ca, br, de, fi, fr, jp, se, hk, cn, tw, my, CreditCards.com - $2.75M Loans.com $3M Business.com - $7.5M

ccTLDs (country code TLDs)

Profitable domain names

Second-level Domain Name

Examples

ucr.edu sony.co.jp

Must apply to a registrar for the appropriate TLD Network Solutions, Inc used to monopolize the name registration Now, ~500 registrars

Domain Names

Valid domain names

Each component: [a-zA-Z0-9\-]{1,63} Each name < 256 chars www.cs.ucr.edu == WWW.CS.UCR.EDU Fully Qualified Domain Name eon.cs.ucr.edu

Case insensitive

FQDN

eon hostname cs.ucr.edu domain name

How To Register A Domain Name?

Pick a domain name of interest Dedicate 2 NS servers

RFC1219 stated that each domains should be served by at least 2 servers: a master & a slave

One technical contact person One administrative contact person Then, register the name to a registrar of your choice Used to be done via email or fax, now all web-based

How DNS Works?

Delegation

All name servers read all the 13 root servers from a local configuration file

[a-m].root-servers.net $ dig

Those servers in turn knows all the TLDs .edu knows .ucr.edu .com knows .google.com etc

DNS Caching

DNS servers cache results they receive from other servers Each result is saved based on its TTL Negative caching

For nonexistent hostname (for 10 mins) Also for unreachable/unresponsive servers

Authoritative vs. Nonauthoritative

An authoritative answer from a name server (such as reading the data from the disk) is guaranteed to be accurate A non-authoritative answer (such as an answer from the cache) may not Primary and secondary servers are authoritative for their own domains

Recursive vs. Non-recursive

Recursive

Queries on a client behalf until it returns either an answer or an error Refers the client to another server if it cant answer a query

Non-recursive

DNS Database

A set of text files, called zone files, maintained by the system admin. on the master NS 2 types of entries

Parser commands, eg.

$ORIGIN and $TTL [name] [tt] [class] type data eon 76127 IN A 138.23.169.9 orpheus.cs.ucr.edu. 76879 IN A 138.23.169.17
A very important . there!

Resource Records (RR)

DNS Database (cont)

Resource Record Types

SOA NS A AAAA PTR MX CNAME TXT

Start Of Authority Name Server IPv4 name-to-address translation IPv6 name-to-address translation Address-to-name translation Mail eXchanger Canonical NAME Text

BIND

The Berkeley Internet Name Domain system Current maintainer: Paul Vixie @ ISC BIND 9 Use RTT to pick the best root servers and use them in round-robin fashion named

/etc/named.conf

options { directory "/var/named"; // query-source address * port 53; forwarders { 138.23.169.10; }; }; zone "." IN { type hint; file "named.ca"; // Read from /var/named/named.ca };

/etc/named.conf

zone "localhost" IN { type master; file "localhost.zone"; // Read from /var/named/localhost.zone allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; // Read from /var/named/named.local allow-update { none; }; };

/etc/named.conf

zone "voicense.com" IN { type master; file "voicense.com.zone"; }; zone "0.0.10.in-addr.arpa" IN { type master; file "voicense.com.rev"; }; zone "macrohard.com IN { type slave; file "macrohard.com.zone.bak"; masters { 10.0.0.1; }; };

/ Email address: Remember to var/named/voicense.com.zon weesan@voicense.com increment the serial # $TTL 86400 after each editing $ORIGIN voicense.com. e@ IN SOA voicense.com. weesan.voicense.com. (

mail www ns lee wee

IN NS IN MX IN MX IN A IN CNAME IN CNAME IN CNAME IN A IN A

20040304 ; serial # 7200 ; refresh (2 hrs) 1800 ; retry (30 mins) 604800 ; expire (1 week) 7200 ) ; mininum (2 hrs) ns.voicense.com. 10 mail.voicense.com. 20 mail.myisp.com. 10.0.0.1 voicense.com. voicense.com. voicense.com. 10.0.0.31 10.0.0.32

/ var/named/voicense.com.zon Serial # e An increasing integer number (for syncing)

Refresh

How often the slave servers should sync. with the master How long the slave servers should retry before giving up How long should the slave servers continue to serve the domains in the absent of the master TTL for negative answers that are cached

Retry

Expire

Mininum

/var/named/voicense.com.rev

$TTL @

1 31 32

86400 IN SOA voicense.com. weesan.voicense.com. ( 20040304 ; serial # 7200 ; refresh (2 hrs) 1800 ; retry (30 mins) 604800 ; expire (1 week) 7200 ) ; mininum (2 hrs) IN NS ns.voicense.com. IN PTR fw.voicense.com. IN PTR lee.voicense.com. IN PTR wee.voicense.com.

How To Load Balance A Web Server?

www IN A 10.0.0.1 www IN A 10.0.0.2 www IN A 10.0.0.3

How To Load Balance A Web Server?

$ host www.google.com

www.google.com is an alias for www.l.google.com. www.l.google.com has address 74.125.19.104 www.l.google.com has address 74.125.19.103 www.l.google.com has address 74.125.19.147 www.l.google.com has address 74.125.19.99 www.google.com is an alias for www.l.google.com. www.l.google.com has address 74.125.19.99 www.l.google.com has address 74.125.19.104 www.l.google.com has address 74.125.19.103 www.l.google.com has address 74.125.19.147

$ host www.google.com

Zone Transfer

DNS servers sync with each other via zone transfer All-at-once and incremental updates A slave server compares the serial number on the masters and save backup zone files on disk. Uses TCP on port 53

Tools

dig

$ dig eon.cs.ucr.edu $ dig eon.cs.ucr.edu ns $ dig @momo.cs.ucr.edu eon.cs.ucr.edu mx

$ man dig

host

$ host eon.cs.ucr.edu $ host -t ns cs.ucr.edu $ host -t mx eon.cs.ucr.edu momo.cs.ucr.edu $ man host

Tools (cont)

nslookup

$ nslookup eon.cs.ucr.edu $ nslookup eon.cs.ucr.edu momo.cs.ucr.edu $ whois google.com $ whois ucr.edu

whois

/etc/resolv.conf

Resolver $ cat /etc/resolv.conf

search cs.ucr.edu weesan.com nameserver 138.23.169.10 nameserver 138.23.178.2

/etc/nsswitch.conf

Used by C library

gethostbyname() hosts: file nis dns

$ cat /etc/nsswitch.conf

Reference

LAH

Ch 15: DNS The Domain Name System