The name and address space

1
The name and address space
Track1 Host Based Internetworking

• Network Training Workshop
• San Jose, 13-20 June 1999

2
What is a domain name ?
easy to find
3
What is DNS?

• Domain Name Service
• Internet protocol
• Distributed data base system for objects in a
  computer network
• Net-wide Database
• It Maps
• name to address
• address to name
• Set of tools to manage the service

4
IP addresses and names

• Disadvantages of an address
• It is too long (192.162.16.201)
• It has no representation for the organization
• It is difficult to remember
• IP addresses can change
• Names
• Human users prefer to use names instead of
  numbers
• A name can be associated to any device that has
  an IP address
• Advantages of names
• They make reference to an organization name
  .ibm.com
• They are easy to remember

5
Why use hierarchical names?

• Internet hosts and other resources need globally
  unique names
• Difficult to keep unstructured names unique
• would require a single list of all names in use
• Hierarchical names are much easier to make unique

6
Domain Name Hierarchy
Root domain

.
Top-Level-Domains
. . . . . .
edu
com
gov
mil
net
org
ro
fr
at
jp
Second Level Domains
ici
rnc
ase
pub
utt
vsat
ac
co
gv
or . . .
eunet
uni-linz
tuwien
. . . . . . .
univie
roearn ns std
cs
lmn
dsp
cc
mat
exp
itc
. . . . . .
ulise paul
phytia alpha chris
7
Domain name structures

• The root of system is unnamed
• Top level domains are
• Within the United States of America
• edu - educational institutions
• com - commercial institutions
• net - network support organizations
• gov - government agencies
• mil - military organizations
• org - organizations that dont fit in any of the
  above
• country code according to ISO-3316 (uk, de, pl,
  sk, mk, ...)
• Flat structure
• Based on generic categories (ac, co, gv, org,
  net, etc.)
• Based on geographical locations (waw.pl,
  poznan.pl, etc.)

8
ICANN

• ICANN
• Internet Corporation for Assigned Names and
  Numbers
• ICANN is the overall authority for
• IP addresses
• top-level-domains

9
Domain Name Servers

• Usually host names are used in network commands
  (telnet, ftp, mail, gopher clients, www clients,
  etc. )
• Network connections always take place based on
  the IP address
• The system always converts host names to
  addresses before the network connection is made
• How to associate names with addresses?
• Host table
• Domain Name Server

10
Host Table

• host table is a simple text file (/etc/hosts)
  which contains associations between an IP address
  and a list of host names.
• Example
• 130.65.240.254 carlos.t1.isocws.isoc.org carlos
• Disadvantage
• The table should contain all the Internet hosts (
  x 1,000,000 entries)
• The table is very large
• Difficult to update when new hosts are connected
  to Internet or IP addresses are changed

11
Domain Name Server (DNS)

• Overcomes the weaknesses of the host table
• It is a distributed database system
• Host names are automatically disseminated to
  those who ask to have access

12
BIND - UNIX Name Service

• In UNIX, DNS is implemented by the Berkeley
  Internet Name Domain (BIND) software
• It is a client/server software system
• The client is called resolver it generates
  queries for domain name information that are sent
  to the server
• The server is a daemon called named.
• The domain name is actually an argument used by
  the local resolver
• The resolver is responsible for hiding the
  distribution of data among nameservers from the
  user
• The resolver is part of the operating system.

13
DNS Operation

• To establish a connection to a remote host, a
  user program sends a query to the resolover,
  asking the IP number of a specified hostname
• The resolver starts with knowledge of at least
  one nameserver
• The resolver processes a user query by asking a
  known nameserver for the information (IP for the
  remote host)
• If the nameserver has the answer, it will give
  it.
• The local nameservers knows the addresses of
  other nameservers
• If the remote host is in a zone for which the
  local nameserver is not authoritative, queries
  will be sent to other nameservers, starting with
  root servers to find out the delegated nameserver
  for the top-level-domain, the subdomain and so on

14
DNS Operation (continue)

• To minimize the answer time for the next query to
  the same host name, the nameserver caches the
  information obtained by a query the information
  cached is valid a certain time period as defined
  when that zone was configured.
• Finally, the nameserver delegated for the zone
  containing the remote host is reached and the IP
  addresses is obtained and returned to the host
  which initiated the first query

15
The resolver/server model (diagram)
Authoritative Nameserver
Recursive Nameserver CACHE
Resolver
Resolver
16
Resolver Configuration

• Configuration file name
• /etc/resolv.conf.
• Designates the name servers on the network that
  should be sent queries.
• The resolver will try to contact a name server
• The resolv.conf file contains directives
• comment
• another comment
• search search-list
• nameserver server-address multiple lines

17
Example - Resolver Configuration

• search t1.isocws.isoc.org
• nameserver 130.65.37.128
• nameserver 130.65.37.215

18
Checking DNS using nslookup

• nslookup commands
• server ltnameservergt set the server to be
  queriedset type NS queries NS
  resourcesset type SOA queries SOA
  resourcesset type A queries A
  resourcesset type MX queries MX
  resourcesset type CNAME queries CNAME
  resourcesset type PTR queries PTR
  resourcesset type ANY queries ANY
  resourcesls ltdomaingt lists the
  ltdomaingt zonels ltdomaingt gt ltfile-namegt
  gets the zone ltdomaingt into the
• fileltfile-namegt

19
Checking DNS using dig

• Dig
• Tool to manage DNS settings
• Syntax is
• dig domain _at_nameserver query-type

20
Exercise 1. Checking DNS using nslookup

• nslookup commandsserver ltnameservergt set
  the server to be queriedset type NS
  queries NS resourcesset type SOA
  queries SOA resourcesset type A
  queries A resourcesset type MX
  queries MX resourcesset type CNAME
  queries CNAME resourcesset type PTR
  queries PTR resourcesset type ANY
  queries ANY resourcesls ltdomaingt
  lists the ltdomaingt zonels ltdomaingt gt
  ltfile-namegt gets the zone ltdomaingt into
  ltfile-namegtview ltfile-namegt views
  the ltfile-namegt file
• nslookup
• gtset typeany
• gtwww.t1.isocws.isoc.org.
• gtorg.
• gtls isoc.org gt file1
• gtview file1
• You can check other domains, known to you.

21
Exercise 2. Checking DNS using dig

• dig command dig zone _at_nameserver
  query-type
• Exercises
• dig _at_ns.t1.isocws.isoc.org t1.isocws.isoc.org A
• dig _at_ns.t1.isocws.isoc.org t1.isocws.isoc.org
  NS
• dig _at_ns.t1.isocws.isoc.org isocws.isoc.org MX
• What information does give you?
• You can check other domains, known to you.

22
Remarks

• DNS is essential for a proper operation of the
  network
• If DNS fails, connections to any remote host are
  no more possible
• To allow network operation in case of failures of
  a nameserver, each nameserver (called primary
  nameserver should have at least another
  nameserver (called secondary nameserver) which
  holds a copy of the zone file
• The secondary nameserver periodically queries the
  primary nameserver whether the zone was changed.
  In case of the change, it is transferred into its
  cache and also stored in a local file, which will
  be used next time at starting up as initial data
• When data about a new host should be added to the
  DNS database, or a change of address/name should
  be done, the entry is done only on the primary
  nameserver the secondary nameserver will get it
  automatically.

23
Reverse Lookup

• When a source host establishes a connection to a
  destination host, the TCP/IP packets carry out
  only IP addresses of the source host
• For authentication, access rights or accounting
  information, the destination host wants to know
  the name of the source host
• For this purpose, a special domain in-addr.arpa
  is used
• The reverse name is obtained by reversing the IP
  number and adding the name in-addr.arpa
• Example address 130.65.240.254
• reverse name 254.240.65.130.in-addr.arpa
• Reverse domains form a hierarchical tree and are
  treated as any other Internet domain.

24
Reverse Domain Hierarchy
.arpa

.in-addr
. . . . . .
187
188
189
190
191
192
193
194
195
157
158
159
160
165
166
167
168 . . .
162
161
163
164
16
15
14
13
12
17
18
19
20
21
3
1
2
4
5
25
Hierarchy of nameservers

• Root nameserver - delegates nameservers for
  top-level-domains
• Nameserver for each top level domain - holds
  information about the top level domain, delegates
  nameservers for subdomains
• Nameserver for each subdomain
• Nameserver for each reverse domain

26
Requirements for a nameserver

• A query should be resolved as fast as possible
• It should be available 24 hours a day
• It should be reachable via fast communication
  lines
• It should be located in the central in the
  network topology
• It should run robust, without errors and
  interrupts.

27
Type of servers

• DNS server
• primary for some zones
• secondary for others,
• Caching Only Server
• All servers not authoritative for any zone
• Forwarding Server
• always forwards queries it cannot satisfy from
  its cache, to a fixed list of forwarding servers
  the queries to the forwarding servers are
  recursive queries.

28
Files

• Name server uses several files to load its data
  base
• This section covers the files and their formats
  needed for named
• Boot File
• file - first read when named starts up
• tells the server what type of server it is, which
  zones it has authority over and where to get its
  initial data.
• The default location /etc/named.conf
• Can be changed by setting the BOOTFILE variable
  when you compile named or by specifying the
  location on the command line when named is
  started up.

29
Domain data files

• Two standard files for specifying the data for a
  domain
• mapping addresses in names
• mapping name in addresses
• These files use the Standard Resource Record
  Format (RR)
• Note
• The file names are arbitrary many network
  administrators prefer to name their zone files
  after the domains they contain, especially in the
  average case which is where a given server is
  primary and/or secondary for many different zones.

30
Forward mapping File

• This file contains all the data about the
  machines in this zone.
• The location of this file is specified in the
  boot file.
• Declare in named.conf file

31
Reverse mapping File

• This file specifies the IN-ADDR.ARPA domain
• Declared in named.conf file
• This is a special domain for allowing address to
  name mapping.
• Special domain formed to allow inverse mapping
• The IN-ADDR.ARPA domain has four labels preceding
  it. (4 octets of an Internet address)
• E.g. Internet address 128.32.0.4
• domain 4.0.32.128.IN-ADDR.ARPA.

32
Standard Resource Record Format (RR)

• The records in the name server data files are
  called resource records. The Standard Resource
  Record Format (RR) is specified in RFC1035.
• General description of these records
• name ttl addr-class Record Type
  Record Specific data
• the name may be left blank
• The second field is an optional time to live
  field. (default ttl is specified in the Start Of
  Authority resource record).
• The third field is the address class currently,
  only one class is supported IN

33
IP address for a host

• A record
• Owner is host name
• Data is IP address
• IP address of infoserver.xyz.com
• www.dns.net. 86400 IN A 196.34.13.9

34
Information needed by the DNS infrastructure
itself

• SOA record
• Each zone has exactly one SOA record
• NS records
• Each zone has several nameservers that are listed
  as having authoritative information about domains
  in the zone
• One NS record for each such nameserver

35
SOA record

• Every zone has exactly one SOA record
• The domain name at the top of the zone owns the
  SOA record
• Data portion of SOA record contains
• MNAME - name of master nameserver
• RNAME - email address of zone administrator
• The Five Magic Numbers
• SERIAL - serial number
• REFRESH RETRY EXPIRE MINIMUM - timing parameters

36
NS record

• Each zone has several listed nameservers
• One NS record for each listed nameserver
• primary and secondary
• the data portion of each NS record contains the
  domain name of a nameserver
• Does not contain IP address
• Get that from an A record for the nameserver

37
SOA and NS record example

• owner TTL class type data
• xyz.com. 86400 IN SOA ns1.xyz.com.
  fred.xyz.com. (
• 
  199906141 serial
• 21600
  refresh
• 3600
  retry
• 
  2600000 expire
• 900
  ) minimum
• xyz.com. 86400 IN NS ns1.xyz.com.
• xyz.com. 86400 IN NS ns2.xyz.com.
• xyz.com. 86400 IN NS server.where.exampl
  e.

38
SOA and NS example using some shortcuts

• ORIGIN xyz.com.
• TTL 86400
• owner TTL class type data
• _at_ IN SOA ns1.xyz.com.
  fred.xyz.com. (
• 
  199710161 serial
• 21600
  refresh
• 3600
  retry
• 
  2600000 expire
• 900
  ) minimum
• NS ns1
• NS ns2
• NS
  server.where.example.

39
More RRs above and below zone cuts

• RRs in the child zone (below the cut)
• SOA and NS records (authoritative)
• RRs in the parent zone (above the cut)
• NS records (should be identical to those in the
  child zone)
• glue records
• the child zones nameservers sometimes need A
  records in the parent zone

40
Zone cut example - RRs in the child zone

• parent is COM zone child is XYZ.COM zone
• child zone has SOA and NS records, and A records
  for hosts
• xyz.com. IN SOA xxx xxx xxx xxx
  xxx xxx xxx
• NS
  ns1.xyz.com.
• NS
  another.where.edu.
• ns1.xyz.com. A 193.226.0.3
• the xyz.com zone does not have an A record
• for another.where.edu.

41
Zone cut example - RRs in the parent zone

• parent is COM zone child is XYZ.COM zone
• parent zone has its own SOA and NS records, plus
  copies of child zones NS records, plus glue
  records
• COM. IN SOA xxx xxx xxx xxx
  xxx xxx xxx
• NS xxxxxxx
• NS yyyyyyy
• xyz.com. NS ns1.xyz.com.
• NS
  another.where.ro.
• ns1.xyz.com. A 192.0.2.3
• the com zone does not have an A record
• for another.elsewhere.edu.

42
Hostname for an IP address

• PTR record
• Owner is IP address, mapped into the in-addr.arpa
  domain
• Data is name of host with that IP address
• host name for IP address 192.0.3.2
• 3.0.226.193.in-addr.arpa. PTR infoserver.ici.ro.

43
Information about mail routing

• MX record
• Owner is name of email domain
• Data contains preference value, and name of host
  that receives incoming email
• send xyz.coms email to mailserver or
  backupserver
• xyz.com. MX 0 mail.xyz.ro.
• xyz.com. MX 10 backup.xyz.ro.

44
Free form text

• TXT record
• Owner is any domain name
• Data is any text associated with the domain name
• Very few conventions about how to use it
• .ro. TXT George Macri -
  Tech-contact

45
Alias to canonical name mapping

• CNAME record
• Owner is non-canonical domain name (alias)
• Data is canonical domain name
• ftp.rnc.ro is an alias
• info.ici.ro is the canonical name
• ftp.rnc.ro. CNAME info.ici.ro.

46
BIND 8 Highlights

• DNS Dynamic Updates (RFC 2136)
• DNS Change Notification (RFC 1996)
• Completely new configuration syntax
• Flexible, categorized logging system
• IP-address-based access control for queries, zone
  transfers, and updates that may be specified on a
  zone-by-zone basis
• More efficient zone transfers
• Improved performance for servers with thousands
  of zones
• The server no longer forks for outbound zone
  transfers
• Many bug fixes

47
Statements

• A BIND 8 configuration consists of statements and
  comments.
• Statements end with a semicolon.
• Statements supported
• acl
• defines a named IP address matching list, for
  access control and other uses
• include
• includes a file
• key
• specifies key information for use in
  authentication and authorization
• logging
• specifies what the server logs, and where the log
  messages are sent
• options
• controls global server configuration options and
  sets defaults for other statements
• server
• zone

48
Example Config File

• / A simple BIND 8 configuration /
• options
• directory "/var/named"
• zone rnc.ro" in
• type master
• file "master/isc.org"

49
Example Config File (cont.)

• zone ici.ro" in
• type slave
• file "slave/vix.com"
• masters 192.162.16.31
• zone "." in
• type hint
• file "named.cache"
• zone "0.0.127.in-addr.arpa" in
• type master
• file "master/127.0.0"

50
Domain Management

• Starting named
• Named signaling processing
• Debugging DNS
• Tools
• nslookup
• dig
• host

51
Questions
52
REFERENCES

• Christian Huitema, Routing in the Internet,
  Prentice Hall, ISBN 013-132192-7, 1996
• Kevin Dowd, Getting Connected, Internet at 56K
  and Up, OReilly Associates, Inc., Bonn, 1996
• Network Technology Workshop, Tracks, 1996-1998
• Craig Hunt, TCP/IP Network Administration,
  OReilly Associates, Inc., Sebastopol, 1993
• Internetworking Technology Overview, Cisco
  Systems, Inc., 1993
• Book text of the 4th Network Seminar and
  Intensive Course for Scientists and Network
  Managers from Central Europe, Feb. 1993, Vienna
  University Computer Center
• E. Comer, Internetworking with TCP/IP, Vol I,
  Principles, Protocols and Architecture, Prentice
  Hall, Englewood Cliffs, New Jersey, 1991.
• William Stallings, Data and Computer
  Communications, Macmillan Publishing Company, New
  York, 1985.