DNS (Domain Name Server)

Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Domain Name Service (DNS)
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Jose L. Muoz, Oscar Esparza, Juanjo Alins, Jorge Mata

Telematics Engineering
Universitat Politcnica de Catalunya (UPC)
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
1/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
3 Example: a little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
6 Practical Name Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
11 Administration Authorities
12 Final remarks
2/68
Domain Name
Service (DNS)
Introduction
Bibliography
DNS & BIND. Paul Albitz & Cricket Liu. OReally &
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Associates.
DNS HOWTO. Nicolai Langfeldt and others.
RFC-1034. Domain Names. Concepts and Facilities.
RFC-1035. Domain Names. Implementation and
Specification.
RFC-1591. Domain Name System Structure and
Delegation.
RFC-1912. Common DNS Operational and
Configuration Errors.
RFC-2219. Use of DNS Aliases for Network Services.
RFC-2317. Classless IN-ADDR.ARPA delegation.
RIPE-114. Taking care of your domain.
RIPE-192. Simple DNS configuration example.
RIPE-203. Recommendations for DNS SOA values.
3/68
Domain Name
Service (DNS)
Introduction
Introduction
Domains &
Zones
Packets in the Internet use IP addresses.
Example: a
little Internet
How many IP addresses can you remember?
Implementation
For users names are easier to remember than numeric
Queries &
Replies
Practical
Name
Resolutions
addresses.
The Domain Name System (DNS) links names and
addresses.
Real Root
Servers
Example, www.upc.edu corresponds to 147.83.2.135
Other RRs
The translation between IP addresses and domain
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
names may not be unique.

An IP address can translate to several names (virtual
domains) and a name can translate to multiple IP

addresses.
4/68
Domain Name
Service (DNS)
How To Implement DNS?
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
A local file in each

computer:
/etc/hosts (Unix)
containing
entries for all
the other hosts.
147.83.2.3
backus.upc.es
backus
A plain text file in a server:

Hosts file maintained centrally by InterNIC.
Early days of the Arpanet but it is not scalable.
The current implementation:
A distributed database with a variable depth hierarchical
name space.
This implementation provides efficient translations
and delegation.
5/68
Domain Name
Service (DNS)
Domain Name example
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
More
specific
Less
specific
www.entel.upc.edu.es.
Country
Organization type
Organization name
Department
Hostname
Caseless
Administration
Authorities
Final remarks
6/68
Domain Name
Service (DNS)
Unique names & Delegation
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
The DNS name
tree efficiently
solves the problem
of uniqueness.
Also allows
delegation of
subdomains.
We can have
com
edu net
...
www
cat
es
upc
...
...
entel
www
several hosts with

the unqualified
name www.
But each host has a different complete name or Fully
Qualified Domain Name (FQDN).
E.g. www.upc.edu. or www.entel.upc.edu.
7/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
8/68
Domain Name
Service (DNS)
Domains & Zones I
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Domains are classified according to their level or depth
inside the DNS hierarchy.

First level domains are managed by governmental
organizations, countries or special agencies related

with Internet.
Second level are managed by private entities.
Additionally, there is a top level or root domain. This
domain is noted as dot .

edu
com
org
net
mil
gov
Universities
Commercial Organizations
Non commercial Organizations
Administrative networks
US Army
US Government
9/68
Domain Name
Service (DNS)
Domains & Zones II
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
The name space of the DNS tree is divided into
domains.
Domains overlap: the domain upc.edu includes the
domain entel.upc.edu.
The DNS tree is administratively divided into zones.
A zone is a delegation & administration point.
Each zone is managed by a different name server1 .
Other RRs
Zones do not overlap.
Reverse
Lookup
For example, the address of a leaf of the DNS is only
Zone Transfer
present at the name server(s) of its related zone.
Administration
Authorities
Final remarks
1
In fact, as we explain later, a zone can be managed by a group of name
servers in a master-slave configuration.
10/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
11/68
Domain Name
Service (DNS)
Names
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
com
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
example
bob.com
ROOT-SERVER.
nsc.com
net
example
nsn.net
nsne.example.net
nsce.example.com
david.example.com
alice.example.com
left
bob.left.example.net
david.example.net
right
nsner.right.example.net
carla.right.example.net
Final remarks
12/68
Domain Name
Service (DNS)
Domains
Introduction
Domains &
Zones
Example: a
little Internet
.com.
com
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
7 domains
.net.
net
root
.example.net.
.example.com.
example
bob
nsc
example
nsn
david
nsne
alice
nsce
left
david
right
Other RRs
Reverse
Lookup
Zone Transfer
bob
.left.example.net.
nsner
carla
.right.example.net.
Administration
Authorities
Final remarks
13/68
Domain Name
Service (DNS)
Zones
Introduction
Domains &
Zones
6 zones
Example: a
little Internet
com
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
nsc
example
nsce
net
root
bob
example
nsn
david
nsne
left
alice
right
david
bob
nsner
carla
Administration
Authorities
Final remarks
14/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Network Addressing
The DNS hierarchy is orthogonal with respect to the
network topology.
Example: a
little Internet
Implementation
Queries &
Replies
com
Practical
Name
Resolutions
Real Root
Servers
example
nsce
.021
Reverse
Lookup
Administration
Authorities
Final remarks
nsc
.011
david
Other RRs
Zone Transfer
bob
.012
alice
.022
net
root
.001
nsn
.111
example
nsne
.121
left
david
.122
right
10.0.0.0/24
bob
.133
nsner
.131
carla
.132
15/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
16/68
Domain Name
Service (DNS)
Resource Records (RRs)
Introduction
Resource Records (RRs) are associated to nodes of
Domains &
Zones
the DNS tree.

The general format of RR is the following:
Owner [TTL] Class Type RDATA
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Owner : RR owner, i.e. a name.

TTL : the time that a RR may be cached by any
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
resolver (optional).
Class : Resource records belong to a class. Typically,
the class is IN (Internet).
Type : There are different types of records, e.g. Type =
A is an address.
RDATA : Record Information. E.g. A records contain an
IP address.
Note. We need to use parenthesis if the RR does not fit
into a single line.
17/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Resource Records: A & SOA

The A resource record contains an IP Address. E.g. for
alice.example.com (30 is the TTL for caching):
alice.example.com
30
IN
10.0.0.22
The SOA record contains administrative information about

the zone:
Origin : name of the zones primary server.
Person : e-mail of the zones administrator.
Serial : integer (YYYY/MM/DD/XX) that must be
increased after any modification of the zone data.
Refresh : time between zone transfer requests by
secondary servers (usually days).
Retry : time between requests whenever a zone
transfer request fails (usually hours).
Expire : time a secondary server keeps the data if the
connection to the master fails (usually months).
Negative cache : the time that a name error result may
be cached by any resolver.
18/68
Domain Name
Service (DNS)
BIND
Introduction
Domains &
Zones
Berkeley Internet Name Domain.
Example: a
little Internet
Most popular implementation of DNS.
Implementation
Maintained by http://www.isc.org
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Bind services
Names to IP addresses translation.
Inverse Translation.
Access Control Lists (ACL).
Secondary servers.
Secure zones transfers between primary and
secondary servers (and ports).
Service Location (SRV records).
Parameterized replies depending on the origin of the
request (views).
Custom logs.
19/68
Domain Name
Service (DNS)
ROOT-SERVER
named.conf
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
You can start, stop or restart BIND using the command:

$ /etc/init.d/bind9 stop/start/restart
In a Debian distro the log file of BIND is /var/log/daemon.log.

Configuration files of BIND are in /etc/bind and the primary
configuration file for BIND is /etc/bind/named.conf
options {
directory "/var/cache/bind";
};
zone "." {
type master;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.10.0.0";
};
20/68
Domain Name
Service (DNS)
ROOT-SERVER
Zone .
Introduction
Domains &
Zones
Example: a
little Internet
The file /etc/bind/db.root contains the configuration of the

zone .:
Practical
Name
Resolutions
$TTL
60000 ; 16h40m default Time to Live of the DNS records
.
IN
SOA
ROOT-SERVER.
admin-mail.ROOT-SERVER.(
2006031201 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
0 ; negative cache ttl
)
Real Root
Servers
.
ROOT-SERVER.
IN
IN
Other RRs
com.
nsc.com.
IN NS
IN A
net.
nsn.net.
IN
IN
Implementation
Queries &
Replies
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
NS
A
NS
A
ROOT-SERVER.
10.0.0.1
nsc.com.
10.0.0.11
nsn.net.
10.0.0.111
Notice that in this zone configuration all the names are

FQDN and end with a dot.
21/68
Domain Name
Service (DNS)
Record NS
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
The NS (Name Server) record contains the name of an
authoritative name server of a zone.

NS records are also created for delegation in the
parent zone.
In the parents zone configuration, there will be as many
NS records as authoritative servers in the delegated

zone.
Usually, in the parent zone the NS record is followed by
an A record called glue record.
Administration
Authorities
Final remarks
22/68
Domain Name
Service (DNS)
Glue record
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
The glue record is necessary when the server of the
delegated zone has a name within the delegated

domain.
com.
nsc.com.
IN NS
IN A
nsc.com.
10.0.0.11
; need glue record
org.
IN NS
nsc.com.
; dont need glue record
If you did not provide the glue records for name servers
that have names within the delegated domain, you get

stuck in a loop:
What is the
nsc.com
What is the
Dont know,
What is the
nsc.com
name server for .com?

IP address of nsc.com?
try looking at name server for .com
name server for .com?
Final remarks
23/68
Domain Name
Service (DNS)
NSC.COM
named.conf
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
options {
min-roots 1;
};
zone "." {
type hint;
};
zone "localhost" {
type master;
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
type master;
};
type master;
};
// add entries for other zones below here
zone "com" {
type master;
file "/etc/bind/db.com";
};
24/68
Domain Name
Service (DNS)
NSC.COM
Zone .com
Introduction
Domains &
Zones
Example: a
little Internet
$TTL
com.
60000
IN SOA
nsc.com.
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
com.
nsc.com.
bob.com.
30
IN
IN
IN
admin-mail.nsc.com. (
2006031201 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
)
NS
nsc.com.
A
10.0.0.11
A
10.0.0.12
Other RRs
Reverse
Lookup
example.com.
nsce.example.com.
IN
IN
NS
A
nsce.example.com.
10.0.0.21
Zone Transfer
Administration
Authorities
Final remarks
Notice that the A record of bob.com is only going to be
cached during 30 seconds by any resolver.

25/68
Domain Name
Service (DNS)
NSCE.EXAMPLE.COM
named.conf
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
options {
min-roots 1;
};
zone "." {
type hint;
};
zone "localhost" {
type master;
};
type master;
};
type master;
};
type master;
};
// add entries for other zones below here
zone "example.com" {
type master;
file "/etc/bind/db.com.example";
};
26/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
NSCE.EXAMPLE.COM
Zone .example.com
; /etc/bind/db.com.example
$ORIGIN example.com.
$TTL
60000
@
IN
SOA
nsce admin-mail.nsce (
2006031201 ; serial
28 ; refresh
14 ; retry
3600000 ; expire
20 ; 20 secs of negative cache ttl
)
@
IN
NS
nsce
; unqualified name
nsce
IN
A
10.0.0.21
david
IN
CNAME david.example.net.
@
IN
MX
10 mailserver1
@
IN
MX
20 mailserver2.example.com.
alice
IN
A
10.0.0.22
mailserver1
IN
A
10.0.0.25
mailserver2
IN
A
10.0.0.26
; alice.example.com IN
A
10.0.0.22
Zone Transfer
Administration
Authorities
Final remarks
$ORIGIN appends the domain name to unqualified names.

The default value for the $ORIGIN is the zone name
specified in /etc/named.conf and it can be used in the
configuration file with the symbol @.
27/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
RR CNAME
The record CNAME is used to create an alias or a canonical name
(CNAME).
This RR associates a name with another name of the DNS tree.
Example: a
little Internet
Implementation
Queries &
Replies
com
net
Practical
Name
Resolutions
Real Root
Servers
example
example
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
david
david
Record CNAME
to david.example.net.
Notice that for a configuration with several names translating to the same IP
address, we can also use A records.
28/68
Domain Name
Service (DNS)
MX Record
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
MX (Mail eXchanger) records designate multiple mail
servers for a given domain.

They allow finding the location of mail exchange
servers.
Example:
@
IN
MX
20
mail.upc.edu.
The e-mail servers will be contacted by priority order
(lower number first).
Zone Transfer
Administration
Authorities
Final remarks
29/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
30/68
Domain Name
Service (DNS)
Client configuration I
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
As we previously said, clients may have their own local
name translations.
In Unix systems this configuration is stored in the
/etc/hosts file. A sample configuration line:

147.83.2.3
backus.upc.es backus
If the client wants to use the DNS service it must
configure one or several name servers.

In Unix systems this configuration is stored in the file
/etc/resolv.conf. Example:
nameserver 147.83.2.3
search upc.edu
31/68
Domain Name
Service (DNS)
Client configuration II
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
nameserver @IP.
Points out to the name server you will ask for
translations.
Up to 3 name servers may be listed.
Your name server has to be configured to accept your
queries
Filters based on IP addresses can be defined with
BIND.
The name server is typically provided by your ISP or
your organization.
There are also open name servers like 8.8.8.8 and
8.4.4.4 (from Google) that anyone can use.
Administration
Authorities
Final remarks
32/68
Domain Name
Service (DNS)
Client configuration III
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
search upc.edu.
Users can use unqualified names and network
applications add the search list (upc.edu in this case).
If you do not want to add the search, you can use the
trailing dot.
In Linux, we have a couple of useful commands to
perform DNS queries from clients: host and dig.

alice$
alice$
alice$
alice$
host
host
dig
dig
alice
alice.example.com
alice
alice.example.com
Reverse
Lookup
Zone Transfer
Administration
Authorities
Notice that the dig command does not use unqualified
names.
Final remarks
33/68
Domain Name
Service (DNS)
Queries I
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Each query specifies the domain name, class and type
of the queried RR.

Example: www.upc.edu IN A
There are two types of queries: iterative and
recursive.
In an iterative query, the queried name server returns
the address of the next name server that you must

consult to obtain the response.
In a recursive query, the name server tries to find the
final response, making several queries to different

name servers if necessary.
Final remarks
34/68
Domain Name
Service (DNS)
Queries II
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
If we want to do a recursive query, we have to activate
a flag (recursion flag).

In addition, the server must support recursion.
Usually:
Clients perform recursive queries.
Name servers perform iterative queries to other name
servers.
A name server can also act as recursive for a given set
of nodes (IP networks) and as non-recursive for the rest

of nodes.
Administration
Authorities
Final remarks
35/68
Domain Name
Service (DNS)
Responses
Introduction
Domains &
Zones
Example: a
little Internet
Recursive name servers can use a cache to improve
the performance in providing responses to their clients:
Implementation
A name server can use a response for a previous query
Queries &
Replies
The time that a response is cached is configured by the
Practical
Name
Resolutions
Real Root
Servers
to answer subsequent queries.

original source administrator (in the SOA record).
When we use a cache, we have two possible types of
responses: authoritative and non authoritative.
Other RRs
An authoritative name server provides authoritative
Reverse
Lookup
A non-authoritative name server provides cached
Zone Transfer
Administration
Authorities
answers (not cached) because it is the original source.

responses (with a valid TTL).
Note. In general, final clients do not use cache.
Final remarks
36/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
37/68
Domain Name
Service (DNS)
Name resolutions in Unix
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
A client begins a resolution using its local information
(in Unix-like systems the file /etc/hosts).

If no valid information is found there, the client uses the
DNS service.
The DNS client must know at least one DNS (in
Unix-like systems this information is in the file

/etc/resolv.conf).
Typically, the clients use recursive queries.
Applications that use the network like your WEB
browser or the ping command use the DNS service.
Final remarks
38/68
Domain Name
Service (DNS)
Query an authoritative server
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
com
Queries &
Replies
Practical
Name
Resolutions
example
david
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
bob
.012
nsce
.021
alice
.022
(1)
# /etc/resolv.conf
search example.com
alice.example.com IN A
net
root
.001
nsc
.011
nsn
.111
example
nsne
.121
left
david
.122
right
(2)
bob
.133
nsner
.131
carla
.132
Final remarks
39/68
Domain Name
Service (DNS)
Non authoritative server I
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
com
Queries &
Replies
Practical
Name
Resolutions
example
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
bob
.012
david
Real Root
Servers
alice
.022
bob.com IN A
(1)
(6)
(2)
nsc
.011
(5)
nsce
.021
net
root
.001
nsn
.111
example
nsne
.121
left
(4)
david
.122
right
(3)
bob
.133
nsner
.131
carla
.132
Final remarks
40/68
Domain Name
Service (DNS)
Non authoritative server II
Introduction
Domains &
Zones
Example: a
little Internet
com
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
example
bob
.012
david
nsce
.021
alice
.022
# /etc/resolv.conf
search example.com
bob.com IN A
net
root
.001
nsc
.011
nsn
.111
example
nsne
.121
left
david
.122
right
(2)
(1)
time<TTL=30
bob
.133
nsner
.131
carla
.132
Administration
Authorities
Final remarks
41/68
Domain Name
Service (DNS)
Non authoritative server III
Introduction
Domains &
Zones
Example: a
little Internet
com
Implementation
Queries &
Replies
Practical
Name
Resolutions
example
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
bob
.012
david
Real Root
Servers
alice
.022
bob.com IN A
(1)
(4)
(2)
nsc
.011
(3)
nsce
.021
net
root
.001
nsn
.111
example
nsne
.121
left
(2)
david
.122
right
(3)
bob
.133
nsner
.131
carla
.132
Final remarks
42/68
Domain Name
Service (DNS)
List of ROOT-SERVERs I
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
In bind, the list of ROOT-SERVERS is configured as
follows:
; /etc/bind/named.conf
options {
min-roots 1;
};
zone "." {
type hint;
};
...
min-roots is the minimum number of root servers in order for

the server to answer any queries regarding the root servers
(default is 2).
; /etc/bind/db.root
.
IN
ROOT-SERVER.
IN
NS
A
ROOT-SERVER.
10.0.0.1
43/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
List of ROOT-SERVERs II
Lets try an iterative (non recursive) query with dig
from alice.
For convenience, we will avoid displaying question
section in the output of dig:

alice$ dig +noquestion +norecurse bob.com
; <<>> DiG 9.6-ESV-R4 <<>> +noquestion +norecurse bob.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30988
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; AUTHORITY SECTION:
.
0
IN
NS
ROOT-SERVER.
If alice asks to the ROOT-SERVER for bob.com:

alice$ dig +noquestion +norecurse @10.0.0.1 bob.com
; <<>> DiG 9.6-ESV-R4 <<>> +noquestion +norecurse @10.0.0.1 bob.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; AUTHORITY SECTION:
com.
60000
IN
NS
nsc.com.
;; ADDITIONAL SECTION:
nsc.com.
60000
IN
A
10.0.0.11
44/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
45/68
Domain Name
Service (DNS)
Old root servers
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Root servers
know which are

the name
servers for the
1st level
domains.
Initially, there
were 13 root
servers in the
Internet.
These servers were maintained by voluntary
cooperation of organizations, had different names

(including a letter from A to M) and were located in
different continents.
46/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
13 root servers
Nowadays, we have the 13 root name servers2
specified with names in the form letter.root-servers.net,

where letter ranges from A to M.
The reason of having exactly 13 root servers is the
following:
The RFC 791 specified that the minimum MTU is 576
Bytes.
This value was chosen to allow a reasonable sized
data block of at least 512 bytes, plus room for the

standard IP header and options.
We do not want fragmentation of DNS messages, thus,
only 13 NS records and their corresponding A records
fit into an UDP-based DNS message 512 bytes long.
However, does it mean that we have only 13
physical servers?
2
You can obtain additional information about root name servers in
http://en.wikipedia.org/wiki/Root_name_server.
47/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Reliability
Each operator uses redundant computer equipment to
provide reliable service even if failure of hardware or
software occur.
Additionally, some servers operate in multiple geographical
locations using a routing technique called anycast.
Only 13 names and IP addresses are used but servers A, C,
E, F, G, I, J, K, L and M servers now exist in multiple
locations on different continents using anycast.
As a result most of the physical root servers are now outside
the United States, allowing for high performance worldwide.
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
48/68
Domain Name
Service (DNS)
Anycast
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Anycast addresses allow you to send a packet to a set of

receivers but only one of them will receive it.
The packet will not be copied.
The idea behind anycast is that the packet is sent to the
nearest receiver.
Note. There is no universal way to determine if an IP address
is an unicast address or an anycast address just by looking
at it.
To implement anycast, we simultaneously announce the
same destination IP address range from many different
places on the Internet.
This results in packets addressed to destination addresses in
this range being routed to the nearest point on the net
announcing the given destination IP address.
Final remarks
49/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
50/68
Domain Name
Service (DNS)
Records for IPv6
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
There are two records for IPv6 addresses: AAAA and
A6.
The use of AAAA records is recommended, as A6
records have been made experimental by RFC 3363.

The AAAA record is a parallel to the IPv4 A record.
It specifies the entire address in a single record. For
example:
example.host.com. 3600 IN AAAA 3ffe:8050:201:1860:42::1
Zone Transfer
Administration
Authorities
Final remarks
51/68
Domain Name
Service (DNS)
Optional RRs
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
TXT UPC DNS server .

Plaintext record for information (optional).
The use is free & arbitrary.
Is shown in query result sets of the zone.
HINFO Intel Pentium IV Debian Linux .
Informative plain text optional record.
The purpose is to report about hosts hardware and OS.
LOC 39 34 58 N 2 38 2 E 100m 10000m 20m 100m.
Server geographical location record.
Informative and optional.
Used by graphical representation tools of servers
locations.
Final remarks
52/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
SRV Record I
SRV. Service resource records (RFC2052).
Allow to specify the location of the servers for a certain
service, protocol and DNS.

Format:
Service : specifies the service name: http, telnet, etc..
Protocol : specifies the protocol to be used: TCP or
UDP.
Name : defines the domain name referenced by the
SRV resource record.
TTL & class has been previously defined.
Priority : specifies the order in which clients will contact
the servers.
Weight : a relative weight for records with the same
priority (load balancing).
Port : port for the service at the server.
Destination : complete domain name for the
compatible hosts with the service.
53/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
SRV Record II
Format:
service.protocol.name TTL class SRV priority weight port destination
Examples:
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
http.tcp.upc.es. IN SRV 0 3 80 www1.upc.es.

http.tcp.upc.es. IN SRV 0 1 80 www2.upc.es.
Note. The RFC for SRV records specifies that it may
not be used by pre-existing protocols, which did

not already specify the use of SRV records in their
specifications.
This is the reason why SRV records are not currently
used by WEB browsers (HTTP protocol).

Examples of services using SRV records: SIP, LDAP,
Kerberos, etc.
54/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
55/68
Domain Name
Service (DNS)
PTR
PTR is used in reverse lookups and it is a pointer to another
node in the hierarchy of names.
Introduction
Domains &
Zones
224.39.83.147.in-addr.arpa.
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
arpa
Other RRs
Reverse
Lookup
Final remarks
147 255
upc
Zone Transfer
Administration
Authorities
es
in-addr
Real Root
Servers
83 255
0 . 2
135
255
255
www
IN
PTR cript0.upc.es
A PTR record
D.C.B.A.inaddr.arpa. is defined
for each A.B.C.D IP
address.
These domains are
delegated to the
entities or ISPs
having these IP
ranges of addresses.
E.g. the domain
83.147.in-addr.arpa.
is delegated to the
UPC.
56/68
Domain Name
Service (DNS)
Reverse lookup configuration I
Introduction
Domains &
Zones
Example: a
little Internet
com
Implementation
Queries &
Replies
example
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
bob
.012
nsc
.011
david
nsce
.021
alice
.022
net
root
.001
nsn
.111
example
nsne
.121
left
david
.122
right
10.0.0.0/24
bob
.133
nsner
.131
carla
.132
Administration
Authorities
Final remarks
In our little Internet, the reverse translations are done in the

ROOT-SERVER.
57/68
Domain Name
Service (DNS)
Reverse lookup configuration II
Introduction
Domains &
Zones
Remember that the named.conf file of the root server is the

following:
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
options {
};
zone "." {
type master;
};
zone "localhost" {
type master;
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.10.0.0";
};
Final remarks
58/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Reverse lookup configuration III

The file db.10.0.0 contains the zone 0.0.10.in-addr.arpa:
$TTL
1
@
IN
SOA
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
@
1
11
12
21
22
111
121
122
131
132
133
IN
IN
IN
IN
IN
IN
IN
IN
IN
IN
IN
IN
NS
PTR
PTR
PTR
PTR
PTR
PTR
PTR
PTR
PTR
PTR
PTR
ROOT-SERVER. admin-mail.ROOT-SERVER. (
2006031201 ; serial
28 ; refresh
14 ; retry
3600000 ; expire
)
ROOT-SERVER.
ROOT-SERVER.
nsc.com.
bob.com.
nsce.example.com.
alice.example.com.
nsn.net.
nsne.example.net.
david.example.net.
nsner.right.example.net.
carla.right.example.net.
bob.left.example.net.
59/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
60/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Zone Transfer I
Name servers that store information about a certain
zone are known as authoritative servers.

There can be multiple servers in a zone.
The purposes of using multiple authoritative servers
are:
To distribute the load.
Provide some failure tolerance (when an authoritative
server crashes other server can handle the requests).

Authoritative servers must be synchronized:
One authoritative server is the master (primary).
The other authoritative servers are slaves
(secondary).
Secondary servers periodically fetch information from
the master.
It is also possible to configure a non authoritative name
server just for caching.

61/68
Domain Name
Service (DNS)
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
Zone Transfer II
A procedure called zone transfer is necessary in those
zones where exist several authoritative name servers

(one master and one or more slaves).
Every time changes are made in the master server
zone.
These changes must be mirrored on all secondary
servers for that zone.

There are several types: full and incremental (for further
information, see the IXFR protocol described in

RFC1995).
Secondary servers follow this steps when doing a zone
transfer:
The secondary waits during the refresh time of SOAs
record.
Asks the master for its SOA record.
The master answers with its own SOA.
62/68
Domain Name
Service (DNS)
Zone Transfer III
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
The secondary compares the received serial number
with the one it already has.

If it is greater, the secondary requests a zone transfer.
The master sends the zone database to the secondary.
If the master does not respond:
The secondary will keep trying to contact the master
every retry seconds.
If there is not any response from the master after
expiration seconds, the secondary server stops
delivering the name service to the clients.
Zone Transfer
Administration
Authorities
Final remarks
63/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
64/68
Domain Name
Service (DNS)
Name Admin. Authorities I
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
ICANN: Internet Corporation for Assigned Names and
Numbers
http://www.icann.org
Coordinates root and first level servers.
Delegates zones to RIRs (Regional Internet Registry)
RIRs:
APNIC (Asia-Pacific Network Information Centre)
ARIN (American Registry for Internet Numbers)
LACNIC (Latin-American and Caribbean IP Address
Registry)
RIPE NCC (Rseaux IP Europens)
AfriNIC (African Regional Internet Registry)
Final remarks
65/68
Domain Name
Service (DNS)
Name Admin. Authorities II
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
A RIR:
Assigns ranges of IP addresses to ISPs (or rarely to
organizations).
Implement the whois service (to know to whom
belongs an IP address). Example: try
whois 147.83.2.3
Delegates the authority to each country, so that the
country can manage its domains: .es, .uk, etc.
Real Root
Servers
Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
For the .es domain we have the esNIC
(http://www.nic.es).
For the .cat domain we have puntcat
(http://www.domini.cat).
Final remarks
66/68
Domain Name
Service (DNS)
Outline
Introduction
1 Introduction
Domains &
Zones
2 Domains & Zones
Example: a
little Internet
Implementation
Queries &
Replies
4 Implementation
5 Queries & Replies
Practical
Name
Resolutions
Real Root
Servers
7 Real Root Servers
Other RRs
8 Other RRs
Reverse
Lookup
Zone Transfer
Administration
Authorities
Final remarks
9 Reverse Lookup
10 Zone Transfer
12 Final remarks
67/68
Domain Name
Service (DNS)
Remarks
Introduction
Domains &
Zones
Example: a
little Internet
Implementation
Queries &
Replies
Practical
Name
Resolutions
Real Root
Servers
Other RRs
Reverse
Lookup
This is only an introduction to DNS.

DNS is much more complex and wide.
It can be used for:
Key distribution.
Voice over IP services (voIP).
DNSSec dynamic updates.
etc.
Zone Transfer
Administration
Authorities
Final remarks
68/68

DNS (Domain Name Server)

Uploaded by

Copyright:

Available Formats

You might also like

DNS (Domain Name Server)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DNS (Domain Name Server)

Uploaded by

Copyright:

Available Formats

Domain Name

Domain Name Service (DNS)

Jose L. Muoz, Oscar Esparza, Juanjo Alins, Jorge Mata

2 Domains & Zones

3 Example: a little Internet

6 Practical Name Resolutions

7 Real Root Servers

Packets in the Internet use IP addresses.

How many IP addresses can you remember?

For users names are easier to remember than numeric

Example, www.upc.edu corresponds to 147.83.2.135

The translation between IP addresses and domain

names may not be unique.

domains) and a name can translate to multiple IP

How To Implement DNS?

A local file in each

A plain text file in a server:

Domain Name example

Unique names & Delegation

The DNS name

several hosts with

2 Domains & Zones

3 Example: a little Internet

6 Practical Name Resolutions

7 Real Root Servers

Domains & Zones I

Domains are classified according to their level or depth

inside the DNS hierarchy.

organizations, countries or special agencies related

domain is noted as dot .

Domains & Zones II

The name space of the DNS tree is divided into

Zones do not overlap.

For example, the address of a leaf of the DNS is only

present at the name server(s) of its related zone.

2 Domains & Zones

3 Example: a little Internet

6 Practical Name Resolutions

7 Real Root Servers

2 Domains & Zones

3 Example: a little Internet

6 Practical Name Resolutions

7 Real Root Servers

Resource Records (RRs)

Resource Records (RRs) are associated to nodes of

the DNS tree.

Owner : RR owner, i.e. a name.

Resource Records: A & SOA

The SOA record contains administrative information about

Berkeley Internet Name Domain.

Most popular implementation of DNS.

You can start, stop or restart BIND using the command:

In a Debian distro the log file of BIND is /var/log/daemon.log.

The file /etc/bind/db.root contains the configuration of the

Notice that in this zone configuration all the names are

The NS (Name Server) record contains the name of an

authoritative name server of a zone.

NS records as authoritative servers in the delegated

an A record called glue record.