Raunarske mree 1

10. deo: Aplikativni sloj - DNS

Predava:
dr Slavko Gajin, slavko.gajin@rcub.bg.ac.yu

Autori:
mr Pavle Vuleti, dr Slavko Gajin
2008. god

1
ETF, Katedra za raunarsku tehniku i informatiku

DNS - Domain Name System

DNS je sistem za mapiranje IP adresa u simbolika imena

DNS za komunikaciju koristi UDP i TCP po portu 53
Dizajniran 1983 i definisan u dokumentima: RFC 882, 883, 1034,
1035, i jo dvadesetak
Inicijalno su raunari preuzimali preko mree fajl HOSTS.TXT, od
SRI (Stanford Research Institute)
Hosts fajl i danas postoji u operativnim sistemima i omoguava
razreavanje imena bez korienja DNS
Primer sadraj fajla HOSTS.TXT:
127.0.0.1 localhost
64.233.183.104 www.google.com

2
ETF, Katedra za raunarsku tehniku i informatiku

1
 DNS hijerarhija imena

3
ETF, Katedra za raunarsku tehniku i informatiku

Organizacija DNS
Domen je skup ureaja pod jedinstvenom administrativnom kontrolom u smislu
dodeljivanja imena.
DNS je organizovan u topologiji stabla
Svaki vor ili list u tom stablu ima pridruene resource record podatke
osnovne jedinice informacija o tom voru
Resource record
sadre informacije o imenima i razliita mapiranja
Celo stablo je podeljeno u zone
Zona je skup vorova u DNS stablu administriranih od strane jednog DNS servera

4
ETF, Katedra za raunarsku tehniku i informatiku

2
 DNS hijerarhija servera

5
ETF, Katedra za raunarsku tehniku i informatiku

6
ETF, Katedra za raunarsku tehniku i informatiku

3
 DNS termini
Delegacija zone je proces kada se kontrola nad jednom zonom
prebacuje na drugi DNS server
Resolver je deo DNS servera koji pretrauje informaciju o imenima, bilo
u samom datom DNS serveru, bilo traenjem informacije od drugog DNS
servera
FQDN Fully Qualified Domain Name
pun, apsolutni naziv
raunara sa svim
podomenima i domenima
zavrava se sa takom
Authoritative DNS
server u koji su
upisani parovi (IP,ime)
za jednu zonu

7
ETF, Katedra za raunarsku tehniku i informatiku

DNS termini
Primarni DNS server server u ijim konfiguracionim fajlovima se
nalaze parovi (IP,ime) za zone za koje je on authoritative
Sekundarni DNS server backup DNS server periodino prima
fajlove sa opisom zona
Caching-only DNS server onaj koji nije authoritative ni za jednu zonu
Zone transfer prenos informacija o zoni sa primarnog na sekundarni
DNS server

8
ETF, Katedra za raunarsku tehniku i informatiku

4
 Primer: bg.ac.rs.
.

.rs
.org .co

.ac

authoritative .bg authoritative

.kg .ni

authoritative

cop y
Secondary y cop Secondary

Primary

9
ETF, Katedra za raunarsku tehniku i informatiku

Domain name
Ime se sastoji od vie (najmanje 2) delova (labela):
Primer: aaa.bbbb.cc
cc je Top Level Domain TLD
aaa, bbbb subdomain
aaa moe da bude i ime raunara i ime poddomena
Svaka labela maksimalno 63 karaktera
Maksimalna duina imena 255 karaktera
Koriste se ASCII karakteri, brojevi, _, -,

10
ETF, Katedra za raunarsku tehniku i informatiku

5
 TLD
1985. su definisani sledei TLD:
.com
.edu
.gov
.net
.org
.mil
TLD su dodeljeni i po dvoslovnom ISO 3166 kodu zemlje
http://www.iana.org/gtld/gtld.htm

11
ETF, Katedra za raunarsku tehniku i informatiku

Najnoviji TLD
.aero - for the air transport industry
.biz - for business use
.cat - for Catalan language/culture
.com - for commercial organizations, but unrestricted
.coop - for cooperatives
.edu - for educational establishments
.gov - for governments and their agencies in the United States
.info - for informational sites, but unrestricted
.int - for international organizations established by treaty
.jobs - for employment-related sites
.mil - for the U.S. military
.museum - for museums
.name - for families and individuals
.net - originally for network infrastructures, now unrestricted
.org - originally for organizations not clearly falling within the other gTLDs, now
unrestricted
.pro - for certain professions
.travel - for travel agents, airlines, hoteliers, tourism bureaus, etc.
12
ETF, Katedra za raunarsku tehniku i informatiku

6
 DNS serveri

DNS serveri su organizovani u hijerarhijsko stablo

Na vrhu hijerarhije su root serveri
Postoji 13 operatera root name servera
Svaki operater ima jedan ili vie fizikih raunara koji obavljaju
funkciju root DNS servera
Svi root DNS serveri poseduju relativno mali root zone file (oko
120K) u kojem su IP adrese svih oko 700 servera zaduenih za oko
250 TLD
DNS serveri se retko obraaju root DNS serveru jer informacije o
TLD serverima uvaju relativno dugo (48h)

13
ETF, Katedra za raunarsku tehniku i informatiku

Root serveri

Letter Old name Operator Location

A ns.internic.net
B ns1.isi.edu
C c.psi.net
D terp.umd.edu
E ns.nasa.gov
F ns.isc.org
G ns.nic.ddn.mil
H aos.arl.army.mil
I nic.nordu.net
J VeriSign
VeriSign Dulles, Virginia, USA
ISI Marina Del Rey, California, USA
Cogent distributed using anycast
University of Maryland College Park, Maryland, USA
NASA Mountain View, California, USA
ISC distributed using anycast
U.S. DoD NIC Vienna, Virginia, USA
U.S. Army Research Lab Aberdeen Proving Ground, Maryland, USA
Autonomica distributed using anycast
distributed using anycast

K RIPE NCC distributed using anycast

L ICANN Los Angeles, California, USA

M WIDE Project Tokyo, Japan

14
ETF, Katedra za raunarsku tehniku i informatiku

7
 RIPE K-root serveri
Koriste anycast adrese iz skupa 193.0.14.0/24 ili 2001:7fd::1 u AS 25152
Gde su k-root serveri:

15
ETF, Katedra za raunarsku tehniku i informatiku

Konfiguracija root servera na jednom DNS

;
serveru
; /var/named/named.ca Cache file for the brewery.
; We're not on the Internet, so we don't need
; any root servers. To activate these
; records, remove the semicolons.
;
;. 3600000 IN NS A.ROOT-SERVERS.NET.
;A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;. 3600000 NS B.ROOT-SERVERS.NET.
;B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;. 3600000 NS C.ROOT-SERVERS.NET.
;C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;. 3600000 NS D.ROOT-SERVERS.NET.
;D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;. 3600000 NS E.ROOT-SERVERS.NET.
;E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;. 3600000 NS F.ROOT-SERVERS.NET.
16
.... ETF, Katedra za raunarsku tehniku i informatiku

8
$ORIGIN .
YU 172800 IN NS AUTH03.NS.UU.NET.
$ORIGIN NS.UU.NET.
AUTH03 172800 IN A 198.6.1.83
$ORIGIN .
YU 172800 IN NS MUNNARI.OZ.AU.
$ORIGIN OZ.AU.
MUNNARI 172800 IN A 128.250.1.21
172800 IN A 128.250.22.2
$ORIGIN .
YU 172800 IN NS NS.RIPE.NET.
$ORIGIN RIPE.NET.
NS 172800 IN A 193.0.0.193
$ORIGIN .
YU 172800 IN NS NS.INFOSKY.NET.
$ORIGIN INFOSKY.NET.
NS 172800 IN A 195.250.98.5
$ORIGIN .
YU 172800 IN NS ODISEJ.TELEKOM.YU.
$ORIGIN TELEKOM.YU.
ODISEJ 172800 IN A 195.178.32.2
$ORIGIN .
YU 172800 IN NS SUNIC.SUNET.SE.
$ORIGIN SUNET.SE.
SUNIC 172800 IN A 192.36.125.2
$ORIGIN .
YU 172800 IN NS NS1.NIC.YU.
$ORIGIN NIC.YU.
NS1 172800 IN A 147.91.8.6 17
ETF, Katedra za raunarsku tehniku i informatiku

Razreavanje imena
Koristi se rekurzivno pretraivanje imena
Raunar alje zahtev lokalnom DNS serveru da mu razrei neko ime (UDP 53)
Server ako nema par (IP,ime) u svojim tabelama ili cache-u, alje upit root
serveru (konfigurisano na DNS serveru)
Root server odgovara adresom odgovarajueg DNS servera koji je zaduen
za dati domen, npr. com (delegacija)
Ovaj postupak moe da se ponovi vie puta
Na kraju server koji je zaduen za zonu u kojoj je dato ime odgovara
prvobitnom serveru parom (IP, ime)
Server vraa odgovor raunaru

18
ETF, Katedra za raunarsku tehniku i informatiku

9
 Vrste podataka u DNS bazama
A record mapira ime u IPv4 adresu
AAAA record mapira ime u IPv6 adresu
CNAME canonical name zvanino ime za raunar koji ima vie
imena
MX record mapira ime domena u mail servere u datom domenu
PTR record mapira IP adresu u ime
NS Name server record
SOA Start of authority record

19
ETF, Katedra za raunarsku tehniku i informatiku

Primene DNS sistema

Mapiranje moe da bude:
Jedna IP adresa u jedno ime
Jedna IP adresa u vie imena (hostovanje)
Jedno ime u vie IP adresa (tolerancija na otkaze, balansiranje saobraaja)

20
ETF, Katedra za raunarsku tehniku i informatiku

10
 Keiranje parova (IP, ime)
SOA polje:
Serial
format: yyyymmddnn
mora da se inkrementira prilikom promena, ako je istog datuma, povecavaju se
poslednje dve cifre
Refresh
posle koliko sekundi sekundarni DNS proverava primarni da li ima promena, tj. da
li je Serial povean (npr. 3 sata)
Retry
ako je nesupela prethodna provera, posle koliko sekundi se ponavlja (npr. 5 min)
Expire
koliko dugo u sekundama DNS uva zone uitane od primernog DNS
(npr. 1 mesec)
Minimum TTL
koliko dugo se rekordi dobijeni od drugih DNS-ova uvaju u lokalnom keu
resolvera (npr. 1 sat)

21
ETF, Katedra za raunarsku tehniku i informatiku

SOA primer 1
; Authoritative Information on physics.groucho.edu.
@ IN SOA niels.physics.groucho.edu. janet.niels.physics.groucho.edu.
{
1999090200 ; serial no
360000 ; refresh
3600 ;retry
3600000 ;expire
3600 ; default ttl }

22
ETF, Katedra za raunarsku tehniku i informatiku

11
 SOA primer 2
$ORIGIN example.com.
example.com. IN SOA ns1.example.net.
hostmaster.example.com. (
2003080800 ; serial number
3h ; refresh = 3 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ; minimum = 2 hours + 20 minutes
)
; name servers not in zone - no A records required
IN NS ns1.example.net.
IN NS ns1.example.org.

23
ETF, Katedra za raunarsku tehniku i informatiku

Glue records

; Zone data for the groucho.edu zone.

@ IN SOA vax12.gcc.groucho.edu. joe.vax12.gcc.groucho.edu. {
1999070100 ; serial no
360000 ; refresh
3600 ; retry
3600000 ; expire
3600 ; default ttl }
Glue record
.... ;
; Glue records for the physics.groucho.edu zone
physics IN NS niels.physics.groucho.edu.
IN NS gauss.maths.groucho.edu.
niels.physics IN A 149.76.12.1
gauss.maths IN A 149.76.4.23 24
ETF, Katedra za raunarsku tehniku i informatiku

12
 NS, A Records
; ; Name servers
IN NS niels
IN NS gauss.maths.groucho.edu.
gauss.maths.groucho.edu. IN A 149.76.4.23 ;

; Theoretical Physics (subnet 12)

niels IN A 149.76.12.1
IN A 149.76.1.12
name server IN CNAME niels
otto IN A 149.76.12.2
quark IN A 149.76.12.4
down IN A 149.76.12.5
25
strange IN A 149.76.12.6
ETF, Katedra za raunarsku tehniku i informatiku

Inverzni DNS
Kreiran je domen in-addr.arpa, u kojem su sve IP adrese u inverznom
dotted-decimal formatu:
Adresa 147.91.4.10 se mapira u 10.4.91.147.in-addr.arpa
Koriste se PTR tipovi resource record-a

26
ETF, Katedra za raunarsku tehniku i informatiku

13
 Inverzni DNS
; the 12.76.149.in-addr.arpa domain.
@ IN SOA niels.physics.groucho.edu. janet.niels.physics.groucho.edu. {
1999090200 360000 3600 3600000 3600 }

2 IN PTR otto.physics.groucho.edu.
4 IN PTR quark.physics.groucho.edu.
5 IN PTR down.physics.groucho.edu.
6 IN PTR strange.physics.groucho.edu.

; the 76.149.in-addr.arpa domain.

@ IN SOA vax12.gcc.groucho.edu. joe.vax12.gcc.groucho.edu. {
1999070100 360000 3600 3600000 3600 }
...
; subnet 4: Mathematics Dept.
1.4 IN PTR sophus.maths.groucho.edu.
17.4 IN PTR erdos.maths.groucho.edu.
23.4 IN PTR gauss.maths.groucho.edu.
...
; subnet 12: Physics Dept, separate zone
12 IN NS niels.physics.groucho.edu.
IN NS gauss.maths.groucho.edu.
27
ETF, Katedra za raunarsku tehniku i informatiku

Komande - nslookup
$ nslookup www.cisco.com
Server: 147.91.1.5
Address: 147.91.1.5#53

Non-authoritative answer:
Name: www.cisco.com
Address: 198.133.219.25

$ nslookup www.rcub.bg.ac.yu
Server: 147.91.1.5
Address: 147.91.1.5#53

www.rcub.bg.ac.yu canonical name = afrodita.rcub.bg.ac.yu.

Name: afrodita.rcub.bg.ac.yu
Address: 147.91.1.120

28
ETF, Katedra za raunarsku tehniku i informatiku

14
$ dig

; <<>> DiG 9.2.3 <<>>

;; global options: printcmd
dig
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1024
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 52787 IN NS A.ROOT-SERVERS.NET.
. 52787 IN NS B.ROOT-SERVERS.NET.
. 52787 IN NS C.ROOT-SERVERS.NET.
. 52787 IN NS D.ROOT-SERVERS.NET.
. 52787 IN NS E.ROOT-SERVERS.NET.
. 52787 IN NS F.ROOT-SERVERS.NET.
. 52787 IN NS G.ROOT-SERVERS.NET.
. 52787 IN NS H.ROOT-SERVERS.NET.
. 52787 IN NS I.ROOT-SERVERS.NET.
. 52787 IN NS J.ROOT-SERVERS.NET.
. 52787 IN NS K.ROOT-SERVERS.NET.
. 52787 IN NS L.ROOT-SERVERS.NET.
. 52787 IN NS M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 325126 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 163166 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 163166 IN A 192.33.4.12
29
D.ROOT-SERVERS.NET. 163166 IN A 128.8.10.90
ETF, Katedra za raunarsku tehniku i informatiku
E.ROOT-SERVERS.NET. 163166 IN A 192.203.230.10

dig
$ dig cisco.com

; <<>> DiG 9.2.3 <<>> cisco.com

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63843
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cisco.com. IN A

;; ANSWER SECTION:
cisco.com. 78435 IN A 198.133.219.25

;; AUTHORITY SECTION:
cisco.com. 71514 IN NS ns1.cisco.com.
cisco.com. 71514 IN NS ns2.cisco.com.

;; ADDITIONAL SECTION:
ns1.cisco.com. 78378 IN A 128.107.241.185
ns2.cisco.com. 78378 IN A 64.102.255.44

;; Query time: 21 msec

;; SERVER: 147.91.1.5#53(147.91.1.5) 30
;; WHEN: Sat
ETF, Dec za
Katedra 24raunarsku
10:04:43tehniku
2011 i informatiku
;; MSG SIZE rcvd: 111

15
$ dig -t AAAA pavle-bsd.rcub.bg.ac.yu

; <<>> DiG 9.2.3 <<>> -t AAAA pavle-bsd.rcub.bg.ac.yu

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54012
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;pavle-bsd.rcub.bg.ac.yu. IN AAAA

;; ANSWER SECTION:
pavle-bsd.rcub.bg.ac.yu. 86400 IN AAAA 2001:4170:0:13:210:5aff:fef2:840b

31
ETF, Katedra za raunarsku tehniku i informatiku

Literatura
CCENT/CCNA ICND1,
official exam certification guide,
Wendell Odom, Cisco Press, 2008

CCNA curriculum, Cisco

Douglas Comer Internetworking with TCP/IP

IBM - TCP/IP Tutorial and Technical Overview, www.ibm.com/redbooks

www.wikipedia.org

32
ETF, Katedra za raunarsku tehniku i informatiku

16