DNS : A STUDY

Presented By- MAUOOD HAMIDI

MSC CS
CUB1102312006

GUIDED BY:-
NEMI CHANDRA RATHORE SIR
HOD Dept. Of Computer Science
Central University Of Bihar
8/2/2013 Presented For Dissertation On DNS
 COVERAGE
 DNS DEFINITION

 DNS SERVER

 DNS TOOLS

 DNS QUERY

 DNS RECORDS
8/2/2013 Presented For Desertation On DNS
 COVERAGE
 NETWORK TOOLS

 NEED OF DNS

 DNS COMPONENTS

 DNS TYPES

 DNS CONTEXT
8/2/2013 Presented For Desertation On DNS
 DOMAIN NAME SYSTEM
 DNS Technology Allows Hosts On
TCP/IP Networks To Be Address By Its
Name. DNS Automatically Convert The
Names We Type In Our Web Browsers
Address Bar To The IP Addresses Of
Web Servers Hosting Those Sites.
Internet.w3school.com

Hostname Organization Top-level

domain
8/2/2013 Presented For Desertation On DNS
 DNS CONTINUED
• DNS Include A Network Protocol for
Memorizing Host Name And Addresses
Through A Distributed Data Base.
• All The Top-Level domains, delegates
authority for second-level domains, and a
database of registered name servers for
all second-level domains Monitored by
The Network Information System(NIC).

8/2/2013 Presented For Desertation On DNS

 DNS CONT………
• Host name assignments maintained
through zone files on primary DNS
server. Secondary DNS server gets zone
file from primary server.

8/2/2013 Presented For Desertation On DNS

 DNS SERVER
• There are different types of DNS
SERVER available we can install any of
them as per our requirement. It Is Of
Three Types,
• Primary:- Locally stored files exists on
the name server data base.
• Secondary:- Gets data called a zone
transfer from another server that is the
zone authority.
8/2/2013 Presented For Desertation On DNS
 DNS SERVERS
• Caching:- Only caches name server
information and does not contain its own
files.

• For example:-
• BIND, DJBDNS, ANS/CNS, POWER
DNS etc.

8/2/2013 Presented For Desertation On DNS

 SERVER SUBSCRIPTION
• Costs range from $20 to $50 per year.
• ISP’s beginning to offer domain name
registration as part of other packages.
• Need to register a primary and secondary
domain name servers for your domain
and arrange to have zone files created on
DNS servers.

8/2/2013 Presented For Desertation On DNS

 DNS IN ACTION….

8/2/2013 Presented For Desertation On DNS

 DNS TOOLS
• There are several tools for monitoring
DNS information:
– whois – tells you the owner and
primary DNS servers associated with a
domain (e.g. whois yahoo.com). Also
available via web browser at
www.networksolutions.com

8/2/2013 Presented For Desertation On DNS

 DNS TOOLS
• -nslookup and host (on UNIX machines)
tell you IP address information for a
particular hostname on the internet (e.g.
-nslookup www.gmail.com or host
www.nic.edu)

8/2/2013 Presented For Desertation On DNS

 DNS TASKS
• What are IP addresses of the DNS
servers that contain information about
rutgers.edu?
• What are the IP address of:
– www.ahuja.com
– sandy.admin.tcs.com
– www.linux.org
8/2/2013 Presented For Desertation On DNS
 DNS Queries
• A DNS query packet is formed at the
application layer.

• DNS is unique, as it can utilize either

UDP/IP or TCP/IP to send a message.
– Uses UDP by defult – if message is too
bit (>512 bytes), it will use TCP

8/2/2013 Presented For Desertation On DNS

 Types of DNS Records
 There are several types of DNS records
that are kept by DNS servers:
– “A” Records: give the IP address for a
hostname.
– CNAME Records: give aliases for
hostanmes (i.e. web.cub.ac.in =
www.cub.ac.in)

8/2/2013 Presented For Desertation On DNS

 DNS RECORDS
 -MX Records: give the IP address of the
‘mail host’ for a hostname or domain
(I.e. “Mail addressed to anyone
@cub.ac.in gets handled by the ‘mail
server’ mail.cub.ac.in)
 Some more are,
 - SOA, NS, PTR, HINFO, TXT

8/2/2013 Presented For Desertation On DNS

 Network Tools
• Ping (Windows and UNIX)

• Traceroute (tracert on Windows,

traceroute on UNIX)

• Nslookup (UNIX only)

• Host (UNIX only)

8/2/2013 Presented For Desertation On DNS
 Why We Need DNS
• As the system grew, HOSTS.TXT had
problems with:
– Scalability (traffic and load)
– Reliability
– Dynamicity
– Name collisions
– Consistency

8/2/2013 Presented For Desertation On DNS

 DNS NAME SPACE
• The name space is the structure of the
DNS database
– An inverted tree with the root node at the
top
• Each node has a label
– The root node has a null label, written as “”

8/2/2013 Presented For Desertation On DNS

 DNS ROOTS
T h e ro o t n o d e
""

t o p -le v e l n o d e t o p -le v e l n o d e t o p -le v e l n o d e

s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e

t h ir d -le v e l n o d e t h ir d -le v e l n o d e t h ir d -le v e l n o d e

8/2/2013 Presented For Desertation On DNS

 Domain Names
 A domain name is the sequence of labels
from a node to the root, separated by
dots (“.”s), read left to right
– The name space has a maximum depth
of 127 levels
– Domain names are limited to 255
characters in length
 A node’s domain name identifies its
position in the name space
8/2/2013 Presented For Desertation On DNS
 TYPES OF DOMAIN
 GENERIC DOMAIN

 COUNTRY DOMAIN

8/2/2013 Presented For Desertation On DNS

 GENERIC DOMAIN

""

com edu gov in t m il net o rg

n o m in u m m e ta in fo b e r k e le y nwu n a to a rm y uu

w est e a st www

d a k o ta to rn a d o
8/2/2013 Presented For Desertation On DNS
 COUNTRY DOMAIN
 Each Country Is Assigned A Single
Top Level Domain, Like

 .in(ac.in, nic.in, gov.in)

 .us(ac.us, af.gov.us)

8/2/2013 Presented For Desertation On DNS

 Subdomains
 One domain is a subdomain of another
if its top node is a descendant of the
other’s top node
 More simply, one domain is a
subdomain of another if its domain
name ends in the other’s domain name
So
purchase.tradus.com is a subdomain of
tradus.com
8/2/2013 Presented For Desertation On DNS
 Delegation
 Administrators can create subdomains to
group hosts
– According to geography, organizational
affiliation etc.
 An administrator of a domain can
delegate responsibility for managing a
subdomain to someone else
 The parent domain retains links to the
delegated subdomain
8/2/2013 Presented For Desertation On DNS
 Zones By Delegation
 Each time an administrator delegates a
subdomain, a new unit of administration is
created
– The subdomain and its parent domain can now be
administered independently
– These units are called zones
– The boundary between zones is a point of delegation
in the name space
 Delegation is good: it is the key to scalability
8/2/2013 Presented For Desertation On DNS
 Name Servers
 Name servers store information about the name
space in units called “zones”
– The name servers that load a complete zone are said
to “have authority for” or “be authoritative for” the
zone
 Usually, more than one name server are
authoritative for the same zone
– This ensures redundancy and spreads the load
 Also, a single name server may be authoritative
for many zonesPresented For Desertation On DNS
8/2/2013
 Name Servers and Zones
10.0.0.6 serves Name Servers Zones
data for both
centraluniversity
ofbihar.ac.in and 10.0.0.6
cub.org zones cub.ac.in
10.0.0.5
serves data for
cub.ac.in zone 10.0.0.5
only
cu.com

20.1.1.1 serves
data for cu.com
20.1.1.1
zone only

8/2/2013 Presented For Desertation On DNS

 Types of Name Servers
 Two main types of servers
– Authoritative – maintains the data
• Master – where the data is edited
• Slave – where data is replicated
– Caching – stores data obtained from an
authoritative server
 Other types exist…
 No special hardware necessary

8/2/2013 Presented For Desertation On DNS

 Loads On DNS
 DNS can handle the load
– DNS root servers get approximately 3000
queries per second
o Empirical proofs (DDoS attacks) show root name
servers can handle 50,000 queries per second
o Limitation is network bandwidth, not the DNS
protocol
– in-addr.arpa zone, which translates numbers
to names, gets about 2000 queries per second
8/2/2013 Presented For Desertation On DNS
 DNS Efficiency
 DNS is a very lightweight protocol
– Simple query – response
 Any performance limitations are due to
the network limitations
– Speed of light
– Network congestion
– Switching/forwarding latencies

8/2/2013 Presented For Desertation On DNS

 DNS Security
 Base DNS protocol (RFC 1034, 1035) is
insecure
– “Spoof” attacks are possible
 DNS Security Enhancements (DNSSEC, RFC
2565) remedies this flaw
– But creates new ones
• DoS attacks
• Amplification attacks
 DNSSEC strongly discourages large flat zones
– Hierarchy (delegation) is good
8/2/2013 Presented For Desertation On DNS
 REFERENCES
• Computer Networks-Andrew S
Tanenbaum
• Fundamental Of Computer Networks
• CDEEP BOMBAY(TUTORIALS)
• Wikipedia.com
• W3school.com

8/2/2013 Presented For Desertation On DNS

 Time To Ask

?
8/2/2013 Presented For Desertation On DNS