Intro

• Hosts are configured with IP addresses: hard-coded, from a DHCP server or by zeroconf self-assignment

• Hosts can also be assigned names as easier for users

• Mapping between names and IP addresses is performed by the Domain Name Service (DNS)

• DNS is a distributed service with millions of servers world-wide

Root servers

• DNS servers form a "tree", with a root node which has branches and sub-branches, and sub-sub-branches, etc

• There are actually multiple root servers for redundancy and load balancing, listed by DNS Root Zone — Hints File such as 198.41.0.4, 192.228.79.201, ...

• Why are IP addresses and not names given in this file? Do the root servers have names? Who looks after these names?

Authoritative name servers

• A name server will look after a particular domain such as bhtafe.edu.au

• A name server can be declared as authoritative for that domain

• A name server can declare other servers as authoritative for sub-domains

Caching name servers

• A name server can caches answers passing through it

• When the same DNS query is presented again, it can return the answer from its cache

• This optimisation allows DNS to function as a distributed service without overloading the root servers

Types of DNS entries

A DNS server will store several types of entries in its database

• A records: these are authoritative records mapping a hostname to an IPv4 address

• AAA records: these are authoritative records mapping a hostname to an IPv6 address

• PTR records: these are used for reverse DNS lookups - IP address to names

• CNAME (canonical name) records: these are used for common names such as "www", "ftp" which are mapped to a specific host

DNS clients

• The simplest is host

• Redundant is nslookup

• Preferred is dig

  $dig www.google.com
  
  ; <<>> DiG 9.5.1-P2 <<>> www.google.com
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15794
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;www.google.com.			IN	A
  
  ;; ANSWER SECTION:
  www.google.com.		584983	IN	CNAME	www.l.google.com.
  www.l.google.com.	168	IN	A	66.102.11.104
  www.l.google.com.	168	IN	A	66.102.11.99
  
  ;; Query time: 36 msec
  ;; SERVER: 192.168.1.1#53(192.168.1.1)
  ;; WHEN: Mon Oct 12 21:32:31 2009
  ;; MSG SIZE  rcvd: 84
  	    

BIND

• The Berkeley Internet Name Domain server is now up to version 9

• It is the principal DNS server used on the internet

• It is a critical piece of software but still has possible security issues

• DNS "poisoning" techniques exist and are extremely dangerous

• BIND used flat text configuration files; BIND 9 now supports LDAP, MySQL, etc (Wikipedia)

Sample Bind configuration

• The configuration file is /etc/named.conf

  options {
          allow-query     { any; };
  };
  
  zone "jan.home" {
          type master;
          file "/var/named/jan.home.hosts";
  };
  	    

• In /var/named/jan.home.hosts is

  $ttl 38400
  jan.home.       IN      SOA     server.jan.home. jan.newmarch.name. (
                          1233387073
                          10800
                          3600
                          604800
                          38400 )
  jan.home.       IN      NS      server.jan.home.
  
  server.jan.home.        IN      A       192.168.1.4
  jannote.jan.home.       IN      A       192.168.1.11
  sun.jan.home.           IN      A       192.168.1.6
  gateway.jan.home.       IN      A       192.168.1.1
  netbook.jan.home.       IN      A       192.168.1.8
  
  192.168.1.8.jan.home.   IN      PTR     netbook
  	    

• The configuration can be checked by

  named-checkconfig /etc/named.conf
  	    

• The files are messy, and it may be easier to use Webmin to generate them and make any other changes later by hand (e.g. change the vallue of allow-query