Notes5:DNS - echadbourne/NET-330 GitHub Wiki

Network Connections Over IP

People like names, computers like numbers!

Plus IP addresses can change due to load balancing,, virtualization, and other technologies that can change IPs

Domain Name System (DNS)

Distributed, hierarchical naming structure for internet systems

{B425E047-81FA-42A9-A227-5839A2F5CE3D}

Root DNS Servers: "Top" of the hierarchy

  • Authoritative name servers that serve the DNS root zone

Configured as 13 named authorities

  • But in physical form, they are a network of hundreds of servers

{FFAC93B2-13B1-4757-9C2C-FF395D99C5A2}

Top-Level Domain (TLD) Servers

  • Responsible for domains like .com, .net, .org, .gov, and so on

Authoritative Name Servers

  • The servers that actually provide the answer for a query about a specific name in a zone/domain
  • For example, IP addresses for google.com hosts can be answered by the authoritative name servers for the google.com domain

nslookup

  • Can be used to view the servers at each level

{E36B0B83-F072-4B39-B38A-8A14356616B6}

DNS Resolution Techniques

Two methods:

  • Iterative
  • Recursive

When a client sends an iterative request to a name server

  • The server responds the name of another server that has the information

{791C80CF-A9B7-4647-8E09-933C1B21C42E}

Recursive resolution:

  • A client sends a request to a server
  • That server then sends requests to other servers (iterative) to find the necessary records
  • And then returns them to the client

{53A446C0-7D94-4EB8-BBD6-C87CB483DEDF}

DNS Recursion

Not all servers support recursion

Typically, local DNS servers will support recursion only for clients on it's local network

  • ex Champlain Name Servers would only perform recursion to clients on the Champlain network

This is for security and performance issues

Open Resolvers and Amplification Attacks

If a DNS server supports recursion to the outside world:

  • Known as Open Resolver
  • Can be used in Denial of Service Attacks
  • DNS uses UDP, so source address of requests can be spoofed
  • The spoofed requests use victims IP
  • All answers get sent to victim
  • Can amplify: Small Question and Large Answer

Records

Authoritative Name Servers contain "records" for the domains they are responsible for

Resource Records (RR): Contain the name-resolution information. Include:

  • Name (Fully Qualified Domain Name (FQDN))
  • Type of Record
  • TTL (Time to Live)
  • Value (what it resolves to - IP or FQDN)

Type A

  • Name is hostname
  • Value is IP address
  • Simply a hostname to ip address mapping

Type NS

  • Name is domain (ex champlain.edu)
  • Value is hostname of authoritative name server for this domain
  • Type is used as a routing function for queries

Type CNAME

  • Name is the alias name (ex www.champlain.edu)
  • Value is canonical name (ex servereast.backup2.amazoneast.com)
  • This type simply provides the canonical name when requested

Type: MX

  • Name is domain name
  • Value is the name of the mail server

Caching

Just like with ARP, it would be inefficient to make systems and name server continually ask the same questions over and over

DNS Records include a TTL value (Time to live in seconds)

  • Expiration date for a record
  • Tells the recursive server or local resolver how long it should keep said record in its cache
  • System and network admins have to strategically plan TTLs

Balance query volume to server (longer TTL) and quicker propagation if a record changes (ex new ip address) (shorter TTL)

DNS Consideration for Network Design

  • Recursion
  • Internal and External Views
  • Load-Balancing
  • Redundancy
  • Disaster Planning