The Domain Name System (DNS)

Network Connections Over IP

Suppose Alice wishes to connect to Bob's server.

What information does she need to do this?

• MAC of Default Gateway (we can use ARP for this)
• IP of Bob's server (what can we use for this?)

People like names – and computer’s like numbers!

• It would be very difficult to remember all of the IP addresses for servers we visit
• What if they are (gasp) IPv6 addresses?!

Sometimes the IP isn't always consistent!

• Load-balancing, virtualization, and other technologies mean that IP’s might change often

Domain Name System (DNS)

The distributed, hierarchical naming structure for Internet systems

Root DNS Servers: The ”Top” of the hierarchy

• The authoritative name servers that serve the DNS root zone

Configured as 13 named authorities

• But in physical form, they are a network of hundreds of servers!

Top-Level Domain (TLD) Servers

• Responsible for domains like .com, .net, .org, .gov, and so on
• Full List

Authoritative Name Servers

• The servers that actually provide the answer for a query about a specific name in a zone/domain.
• For example, IP addresses for google.com hosts can be answered by the authoritative name servers for the google.com domain.

nslookup

We can use nslookup to view the servers at each level!

 C:\> nslookup

> set type=ns 	(tells nslookup we want name server records)
> .			(will return the root server names/IPs)
> edu.		(will return the .edu TDP server names/IPs)
> champlain.edu. (will return the champlain.edu DNS 					    server IP)

Authoritative Name Servers contain “records” for the domains they are responsible for:

Resource Records (RRs): Contain the name-resolution information, it includes:

• Name (Fully-qualified Domain Name (FQDN))
• Type (The type of record)
• TTL (Time is seconds that the answer can be cached)
• Value (What the FQDN resolves to – either an IP or other FQDN)

DNS Resolution Techniques

DNS has two methods of resolution:

• Iterative
• Recursive

When a client sends an iterative request to a name server:

• The server responds the name of another server that has the information

Recursive resolution:

• A client sends a request to a server
• That server then sends requests to other servers (iterative) to find the necessary records
• And then returns, them to the client.

DNS Recursion

Not all servers support Recursion

Typically, local DNS servers will support recursion only for clients on it’s local network

• e.g. Champlain Name Servers would only perform recursion to clients on the Champlain network

This is for security and performance issues

Open Resolvers and Amplification Attacks

If a DNS server supports recursion to the outside world:

• Known as Open Resolver
• Can be used in Denial-of Service Attacks!
• DNS uses UDP, so source address of requests can be spoofed
• The spoofed requests use victims IP
• All answers get sent to victim
• Can “Amplify”: Small Question and Large Answer

Some Resource Record- Types

Type = A

• Name is the hostname
• Value is the IP address
• This type is simply a hostname-to-IP address mapping

Type = NS

• Name is the domain, e.g., champlain.edu
• Value is the hostname of the authoritative name server for this domain
• This type is used as a routing function for queries

Type = CNAME

• Name is the alias name, e.g., www.champlain.com
• Value is the canonical name, e.g., servereast.backup2.amazoneast.com
• This type simply provides the canonical name when requested

Type = MX

• Name is domain name
• Value is the name of the mail server associated with this domain

DNS Caching

Just like with ARP, it would be inefficient to make systems and name servers continually ask the same questions over and over

How often do you think the Champlain DNS servers are asked to resolve Google.com?

DNS Records include a TTL vaule

• Time-to-live
• In seconds

DNS TTL

Time To Live, or TTL for short, is the “expiration date” that is put on a DNS record.

The TTL tells the recursive server or local resolver how long it should keep said record in its cache.

• The longer the TTL, the longer the resolver holds that information in its cache.
• The shorter the TTL, the shorter amount of time the resolver holds that information in its cache.

System and Network Admins have to strategically plan TTL’s

• Balance query volume to server (longer TTL) and
• Quicker propagation if a Record changes (e.g. new IP address) (shorter TTL)

DNS Considerations for Network Design

Recursion

Internal and External Views

Load-Balancing

Redundancy

Disaster Planning