internet lab ilab1 domain name sytem
play

Internet Lab (iLab1) Domain Name Sytem Dominik Scholz - PowerPoint PPT Presentation

Nov 06, 2022 •462 likes •1.01k views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Domain Name Sytem Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Domain Name Sytem Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 5 – WiSe 2018

  2. Outline Meta Domain Name System Authoritative name server Resolver Security 1/32

  3. Outline Meta Domain Name System Authoritative name server Resolver Security 2/32

  4. Oral attestations Scope of the oral attestations: • expert knowledge of the lecture content • show us your individual understanding of the labs • labs and lectures 1–5 (including crypto) • you may choose the lab to start with • prepare for oral attestation: you have to explain things • duration 10 minutes • 20% of grade • room 03.05.051 (or 03.05.033) 3/32

  5. Oral Attestations • Make sure you can access lecture recordings NOW • Make sure you confirmed your time slot! • We assume you show up for your designated slot • Attestation is required for passing the course 4/32

  6. Outline Meta Domain Name System Authoritative name server Resolver Security 5/32

  7. The quest for memorable names • IP addresses hard to remember for humans • symbolic names mapped to addresses address resolution 1. host files file with mappings • copy between all machines • • /etc/hosts 2. protocol: Domain Name System by Paul Mockapetris in 1983 • wide deployment in 1988 • 6/32

  8. Domain Name System • application layer protocol on UDP , TCP glibc call getaddrinfo(3) • • distributed name database deployed globally • hierarchical structure • • extensible e.g. DNSSEC: security extensions inside the protocol itself • 7/32

  9. Distributed hierarchical name space . net edu org lwn tum gnu debian cs ma ei mail Fully qualified domain name (FQDN) by label concatenation: mail.cs.tum.edu. 8/32

  10. Distributed hierarchical name space root zone (empty label) . top level domain net edu org second level domain lwn tum gnu debian cs ma ei mail Fully qualified domain name (FQDN) by label concatenation: mail.cs.tum.edu. 8/32

  11. Name server Name servers can fulfill different functions: 1. authoritative name servers operated by a site on the Internet • 2. resolver asked to resolve names • contacts authoritative name servers • Example Knot and unbound 9/32

  12. Outline Meta Domain Name System Authoritative name server Resolver Security 10/32

  13. Zone • subtree of the global name space • delegated by parent • managed by one organization • hosted on an authoritative name server Example tum.edu. delegated by edu., containing www.tum.edu. and mail.in.tum.edu. 11/32

  14. Authoritative name server • only knows about its own part of the name space • responsible, “authoritative”, for its zone • may serve multiple zones • usually primary and secondary servers exist for a zone synchronized with zone transfer • avoid disappearance of the zone in case of outage • load balancing • 12/32

  15. Zones: example . net edu org lwn tum gnu debian cs ma ei mail 13/32

  16. Resource record • zone contains resource records (RR) example.net. 3600 IN A 198.51.100.5 owner TTL class type RDATA domain name where RR is found 14/32

  17. Resource record • zone contains resource records (RR) example.net. 3600 IN A 198.51.100.5 owner TTL class type RDATA validity period in seconds when cached 14/32

  18. Resource record • zone contains resource records (RR) example.net. 3600 IN A 198.51.100.5 owner TTL class type RDATA only Internet is relevant for us 14/32

  19. Resource record • zone contains resource records (RR) example.net. 3600 IN A 198.51.100.5 owner TTL class type RDATA record type, e.g. IPv4 address 14/32

  20. Resource record • zone contains resource records (RR) example.net. 3600 IN A 198.51.100.5 owner TTL class type RDATA resource data: e.g. 32 bit IPv4 address 14/32

  21. Resource records owner TTL class type RDATA i.example.net. 3600 IN AAAA 2001:db8::1 like.example.net. 3600 IN AAAA 2001:db8:af23::eb2 dns.example.net. 3600 IN A 192.0.2.25 i.example.net. 3600 IN A 192.0.2.205 15/32

  22. Resource records owner type RDATA i.example.net. AAAA 2001:db8::1 like.example.net. AAAA 2001:db8:af23::eb2 dns.example.net. A 192.0.2.25 i.example.net. A 192.0.2.205 i.example.net. AAAA 2001:db8::2 • RRset for i.example.net. type AAAA with more than one record! • note: TTL and class usually omitted 15/32

  23. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later 16/32

  24. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later example.net. IN SOA ns1 hostmaster [. . . ] 16/32

  25. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later example.net. IN SOA ns1 hostmaster [. . . ] ; RRset with two records: NS example.net. NS ns1 ; primary authoritative NS example.net. NS ns2.registrar.example. ; secondary 16/32

  26. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later example.net. IN SOA ns1 hostmaster [. . . ] ; RRset with two records: NS example.net. NS ns1 ; primary authoritative NS example.net. NS ns2.registrar.example. ; secondary ns1 A 198.51.100.1 16/32

  27. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later example.net. IN SOA ns1 hostmaster [. . . ] ; RRset with two records: NS example.net. NS ns1 ; primary authoritative NS example.net. NS ns2.registrar.example. ; secondary ns1 A 198.51.100.1 example.net. MX 10 mail ; priority to order multiple MX RRs 16/32

  28. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later example.net. IN SOA ns1 hostmaster [. . . ] ; RRset with two records: NS example.net. NS ns1 ; primary authoritative NS example.net. NS ns2.registrar.example. ; secondary ns1 A 198.51.100.1 example.net. MX 10 mail ; priority to order multiple MX RRs mail AAAA 2001:db8::1 A 198.51.100.2 16/32

  29. Zone file and record types $ORIGIN example.net. ; everything will be relative to this $TTL 1h ; default TTL could be overwritten later example.net. IN SOA ns1 hostmaster [. . . ] ; RRset with two records: NS example.net. NS ns1 ; primary authoritative NS example.net. NS ns2.registrar.example. ; secondary ns1 A 198.51.100.1 example.net. MX 10 mail ; priority to order multiple MX RRs mail AAAA 2001:db8::1 A 198.51.100.2 webmail CNAME mail ; alias for a canonical name 16/32

  30. Delegation sub.example.net. NS ns.sub.example.net. ns.sub.example.net. A 198.51.100.3 • make ns.sub.example.net. responsible for the sub.example.net. zone • glue record to make the new name server findable • possible misconfigurations 1. missing glue records 2. delegation loops 17/32

  31. Outline Meta Domain Name System Authoritative name server Resolver Security 18/32

  32. Resolving name server tasks • query: owner, class, type • resolve a query from the root downwards • cache responses based on TTL • changes might only be visible after days Allow access only from your network, never open for everybody 19/32

  33. DNS packet layout IP UDP DNS header query answer authoritative additional ID, flags, number of RRs records header c,s QR query or response s AA authoritative answer s TC truncation (TCP as fallback) c RD recursion desired s RA recursion available s 4 bit response code: no error, name error, server failure, refused • number of resource records in each section 20/32

  34. DNS packet layout IP UDP DNS header query answer authoritative additional ID, flags, number of RRs records record sections • query: only one record with owner, type, class • answer: answer RRs • authoritative section: name server delegation • additional section: glue records, EDNS pseudo record packet size limited to 512 octets 20/32

  35. Lookup stub forwarder recursor IP? in.tum.de. • recursive queries 21/32

  36. Lookup k.root-servers.net. 2001:7fd::1 in.tum.de. A de. NS a.nic.de. a.nic.de. A 194.0.0.53 stub forwarder recursor in.tum.de. • recursive queries • iterative queries • glue 21/32

  37. Lookup k.root-servers.net. a.nic.de. in.tum.de. A tum.de. NS dns1.lrz.de. stub forwarder recursor dns1.lrz.de A 129.187.19.183 in.tum.de. • recursive queries • iterative queries • glue 21/32

  38. Lookup k.root-servers.net. a.nic.de. in.tum.de. A stub forwarder recursor dns1.lrz.de. in.tum.de. A 131.159.0.35 in.tum.de. • recursive queries • iterative queries • glue 21/32

  39. Lookup k.root-servers.net. a.nic.de. stub forwarder recursor dns1.lrz.de. in.tum.de. • recursive queries • iterative queries • glue 21/32

  40. Lookup k.root-servers.net. a.nic.de. stub forwarder recursor dns1.lrz.de. 131.159.0.35 in.tum.de. • recursive queries • iterative queries • glue 21/32

Recommend

Internet Lab (iLab1) Introduction to Cryptography Lars Wstrich ilab1@net.in.tum.de Chair of

Internet Lab (iLab1) Introduction to Cryptography Lars Wstrich ilab1@net.in.tum.de Chair of

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Introduction to Cryptography Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department

694 views • 57 slides
Internet Lab (iLab1) Wireless Networks Lars Wstrich ilab1@net.in.tum.de Chair of Network

Internet Lab (iLab1) Wireless Networks Lars Wstrich ilab1@net.in.tum.de Chair of Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Wireless Networks Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department of

715 views • 32 slides
Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network

Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) NAT / DHCP Dominik Scholz ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics

1.11k views • 63 slides
Internet Lab (iLab1) Basics Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures

Internet Lab (iLab1) Basics Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Basics Lars Wstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics

240 views • 22 slides
Internet Lab (iLab1) Basics Minoo Rouhi ilab1@net.in.tum.de Chair of Network Architectures and

Internet Lab (iLab1) Basics Minoo Rouhi ilab1@net.in.tum.de Chair of Network Architectures and

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Basics Minoo Rouhi ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical

609 views • 24 slides
iLab DNS and DNSSEC Dominik Scholz Slides by Benjamin Hof ilab1 @list.net.in.tum.de Chair of

iLab DNS and DNSSEC Dominik Scholz Slides by Benjamin Hof ilab1 @list.net.in.tum.de Chair of

iLab DNS and DNSSEC Dominik Scholz Slides by Benjamin Hof ilab1 @list.net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 5 17ws 1 / 32 Outline Domain Name System

853 views • 58 slides
Welcome to ICANN A glimpse of today s Internet Dec 2011: More than 225 million domain

Welcome to ICANN A glimpse of today s Internet Dec 2011: More than 225 million domain

Welcome to ICANN A glimpse of today s Internet Dec 2011: More than 225 million domain names Source: VeriSign Domain Name Industry Brief, March 2012 2 Who is in charge of Internet? Governed through a distributed system Not governed

712 views • 25 slides
Web Hosting and Domain Names Introduction to Web Design Web Hosting and Domain Names

Web Hosting and Domain Names Introduction to Web Design Web Hosting and Domain Names

Web Hosting and Domain Names Introduction to Web Design Web Hosting and Domain Names Introduction to Web Design Domain names serve as a more memorable reference to Domain Names Internet resources. Domain names are used to identify Internet

288 views • 11 slides
Summary Internet, domain names & cybersquatting ADRs UDRP URS UDRP+

Summary Internet, domain names & cybersquatting ADRs UDRP URS UDRP+

W ILSON P INHEIRO J ABUR ADR S IN DOMAIN NAME DISPUTES : FAST , EFFICIENT AND COST - EFFECTIVE TOOLS AGAINST CYBERSQUATTING Summary Internet, domain names & cybersquatting ADRs UDRP URS UDRP+ Conclusion The Creation of

695 views • 48 slides
New gTLD Basics New Internet Extensions Agenda Overview about domain names, gTLD timeline and

New gTLD Basics New Internet Extensions Agenda Overview about domain names, gTLD timeline and

New gTLD Basics New Internet Extensions Agenda Overview about domain names, gTLD timeline and the New gTLD Program Why is ICANN doing this; potential impact of this initiative to businesses, governments, Internet communities and users

555 views • 30 slides
New gTLD Basics New Internet Exentsions Agenda Overview about domain names, gTLD timeline and

New gTLD Basics New Internet Exentsions Agenda Overview about domain names, gTLD timeline and

New gTLD Basics New Internet Exentsions Agenda Overview about domain names, gTLD timeline and the New gTLD Program Why is ICANN doing this; potential impact of this initiative to businesses, governments, Internet communities and users

577 views • 31 slides
The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations

The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations

The Other 95%: The Unsecure Internet You Dont Know About Internet Protocol Manipulations Sharon Goldberg BGP : Border Gateway Protocol DNS : Domain Name System BGP manipulation from July 2013 Abroad USA Qwest/ Centurylink Endpoint in

381 views • 11 slides
Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The

Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The

Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The directory system for the Internet v Used by other application layer protocols v via socket programming q Maps a hostname to an IP address v Host

431 views • 19 slides
CSE 336 Internet Programming Why You Need CSE336 Concepts like bits and bytes, domain names,

CSE 336 Internet Programming Why You Need CSE336 Concepts like bits and bytes, domain names,

Session 1 - Introduction CSE 336 Internet Programming Why You Need CSE336 Concepts like bits and bytes, domain names, ISPs, IPAs, RPCs, P2P protocols, infinite loops, and cloud computing are strictly the province of geeks or nerds who

511 views • 13 slides
CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services

CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services

10/2/12 CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services Aaron Stevens (azs@bu.edu) 2 October 2012 Computer Science What Youll Learn Today Computer Science What is the Internet? What

546 views • 13 slides
Understanding the Domain Registration Behavior of Spammers Shuang Hao, Matthew Thomas, Vern

Understanding the Domain Registration Behavior of Spammers Shuang Hao, Matthew Thomas, Vern

Understanding the Domain Registration Behavior of Spammers Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, Scott Hollenbeck Overview Domain Abuse Domain names represent valuable Internet resources

653 views • 25 slides
Future Internet Testbed and Future Internet Testbed and Multi-Domain OpenFlow M Management in

Future Internet Testbed and Future Internet Testbed and Multi-Domain OpenFlow M Management in

Future Internet Testbed and Future Internet Testbed and Multi-Domain OpenFlow M Management in TWAREN t i TWAREN Dr. Te-Lung Liu NCHC,Taiwan Overview TWAREN FI Testbed Multi-Domain OpenFlow Management 2 TWAREN OpenFlow Testbed

337 views • 12 slides
IPv6 - The Next Generation Internet Subnetting and Classless Inter-domain Routing (CIDR)

IPv6 - The Next Generation Internet Subnetting and Classless Inter-domain Routing (CIDR)

IPv6 - The Next Generation Internet Subnetting and Classless Inter-domain Routing (CIDR) improve utilization of IP address space and slow growth of routing information, but at some point, they will not be sufficient more than 32 bits

579 views • 18 slides
The BIND Software Computer Center, CS, NCTU BIND BIND the Berkeley Internet Name Domain

The BIND Software Computer Center, CS, NCTU BIND BIND the Berkeley Internet Name Domain

The BIND Software Computer Center, CS, NCTU BIND BIND the Berkeley Internet Name Domain system Three main versions BIND 4 Announced in 1980s Based on RFC 1034, 1035 BIND 8 Released in 1997 Improvements

917 views • 76 slides
Web Development Web Hosting and Domain Names CSCI-GA 1122 Web Development Web Hosting and

Web Development Web Hosting and Domain Names CSCI-GA 1122 Web Development Web Hosting and

Web Development Web Hosting and Domain Names CSCI-GA 1122 Web Development Web Hosting and Domain Names CSCI-GA 1122 Domain names serve as a more Domain Names memorable reference to Internet resources Domain names are used to identify

319 views • 13 slides
AIMS 2017 Things in a Fog (TGIF): A Framework to Support Multi- domain Research in the Internet

AIMS 2017 Things in a Fog (TGIF): A Framework to Support Multi- domain Research in the Internet

AIMS 2017 Things in a Fog (TGIF): A Framework to Support Multi- domain Research in the Internet of Things Dr Jim Martin School of Computing Clemson University (jmarty@clemson.edu) Talk Overview Setting the stage SC-CVT: South

288 views • 10 slides
Domain name marketing made in Sweden. Matias Vangsnes, Marketing manager A new target market

Domain name marketing made in Sweden. Matias Vangsnes, Marketing manager A new target market

Domain name marketing made in Sweden. Matias Vangsnes, Marketing manager A new target market Why should an average Internet user register a domain name? Activity Identity Independency A new target market The domain name is not

428 views • 10 slides
ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet Week Guyana 11 th October 2017 | 1 What Does ICANN Mean for the End User? POLIC Y The Domain Name System Policy Development is an L-Root is one

636 views • 32 slides
Name service Domain Name System (DNS) Name : identifier Need a system: Name IP

Name service Domain Name System (DNS) Name : identifier Need a system: Name IP

Name service Domain Name System (DNS) Name : identifier Need a system: Name IP address computers, services, remote objects, files, users, When the size of Internet was small, . a host file: two columns. a

375 views • 10 slides

More recommend