Understanding Domain Name Service (DNS) in Linux Network Administration

Slide Note
Embed
Share

Domain Name Service (DNS) is a crucial scheme for resolving hostnames in a network, eliminating the need to record all hostnames in a local file. The Berkeley Internet Name Domain service (BIND) is a prominent DNS implementation providing efficient hostname resolution. DNS organizes hostnames in a hierarchical structure, with top-level domains representing different categories such as educational institutions, commercial organizations, and country codes. The functioning of DNS involves contacting nameservers to resolve queries and lookup information.


Uploaded on Sep 07, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. USTM17 Linux Network Administration Lesson 5: Domain Name Service (DNS) Peter CHUNG (cspeter@cse.ust.hk) USTM17 Linux Network Administration - Peter Chung (cspeter) 1

  2. An Overview of Name Service Name Service is a scheme to resolve hostname using the network Using the name service, you are NOT required to record all the hostnames in a local file (e.g. /etc/hosts) Berkeley Internet Name Domain service (BIND) BIND service is provided through a program called named It is a Domain Name Service (DNS) USTM17 Linux Network Administration - Peter Chung (cspeter) 2

  3. A Brief History of BIND BIND Version 4 is obsolete BIND v8.x has been introduced in most modern Linux distributions and BIND v9.x with some additional new features Configuration files for v8.x and v9.x are similar (with minor changes) Configuration files for v4.x are significantly different from v8.x and v9.x USTM17 Linux Network Administration - Peter Chung (cspeter) 3

  4. How DNS Works DNS organizes hostnames in a domain hierarchy Root of this tree is called the root domain In DNS terminology, we use a dot (.) to represent the root The subdivisions are called second-level, or third-level . USTM17 Linux Network Administration - Peter Chung (cspeter) 4

  5. Top-level domains As of June 2020, the root database includes 1,584 Top-level domains. Here are some examples: Domain Description edu (Mostly U.S.) educational institutions such as universities. com Commercial organizations and companies. org Noncommercial organizations. Originally for gateways and other administrative entities, now commercial organizations and companies as well. net mil U.S. military institutions. gov U.S. government institutions. biz For use by companies or commercial entities name Designated for individuals to use for personal web sites info Established for informational resource sites USTM17 Linux Network Administration - Peter Chung (cspeter) 5

  6. Country Code The country code is less common nowadays (thanks to the globalization) Under the root domain, a two-letter country code (ISO-3166) will be used as the top-level domain Examples .hk is used by Hong Kong (Example: yahoo.com.hk) .fr is used by France .de is used by Germany .aq is used by Antarctica Some country codes are being exploited to represent special meanings: Example: .ai is used by Anguilla (United Kingdom), but most AI-tech companies use it USTM17 Linux Network Administration - Peter Chung (cspeter) 6

  7. Name Lookups with DNS DNS is a giant distributed database Example: resolve www.ust.hk 1. Contact the default nameserver 2. If the query can t be resolved, contact the root nameserver 3. Root nameserver will pass back a list of nameservers at the hk zone 4. Contact one of the nameservers at the hk zone and may return the nameserver at the ust.hk zone with the www.ust.hk record 5. Resolve the IP address of www.ust.hk USTM17 Linux Network Administration - Peter Chung (cspeter) 7

  8. Caching DNS Name server stores the previous queries in local cache It improves the response time and reduce network traffic If information weren't cached, it would be inefficient because each query would involve the root name servers The name server will discard the information after some time (time to live or ttl) USTM17 Linux Network Administration - Peter Chung (cspeter) 8

  9. The Resolver Library The Linux operating system need to determine what databases to query, in which order, and other details relevant to how you've configured your environment The older Linux distributions /etc/host.conf (NOT used now) The newer Linux distributions /etc/nsswitch.conf (Still applicable) USTM17 Linux Network Administration - Peter Chung (cspeter) 9

  10. Demo About /etc/nsswitch.conf In this example, Linux resolves the passwords and group information by the following order 1. Resolve by local files (e.g. /etc/passwd) 2. If it can t be resolved, search DNS # are comment lines in /etc/nsswitch.conf # Entry: resolve orders . hosts: files dns USTM17 Linux Network Administration - Peter Chung (cspeter) 10

  11. Advanced settings Action statements can be added for advanced settings The general syntax of the action statement is: [ [!] status = action ... ] USTM17 Linux Network Administration - Peter Chung (cspeter) 11

  12. Example: Advanced settings For this advanced settings, they mean 1. When resolving the hostname, first consult the DNS (Domain Name Service), stop if the hostname is resolved 2. If the DNS is available, but unable to resolve the hostname using DNS, stop 3. If the DNS is unavailable, continue to resolve the hostname using /etc/hosts # are comment lines in /etc/nsswitch.conf # Entry: resolve orders . hosts: dns [!UNAVAIL=return] files USTM17 Linux Network Administration - Peter Chung (cspeter) 12

  13. Two possible actions The general syntax: [ [!] status = action ... ] return Controls returns to the program that attempted the name resolution. If a lookup attempt was successful, the resolver will return with the details; otherwise, it will return a zero result. continue The resolver will move on to the next service in the list and use it to attempt resolution. The optional (!) character specifies that the status value should be inverted before testing; that is, it means "not." USTM17 Linux Network Administration - Peter Chung (cspeter) 13

  14. Four possible status The general syntax: [ [!] status = action ... ] success The requested entry was found without error. The default action for this status is return. notfound There was no error in the lookup, but the target host or network could not be found. The default action for this status is continue. unavail The service queried was unavailable. This could mean that the hosts or networks file was unreadable for the files service or that a nameserver or NIS server did not respond for the dns or nis services. The default action for this status is continue. tryagain This status means that the service is temporarily unavailable. For the files service, this would usually indicate that the relevant file was locked by some process. For other services, it may mean the server was temporarily unable to accept connections. The default action for this status is continue. USTM17 Linux Network Administration - Peter Chung (cspeter) 14

  15. Demo Configuring Nameserver Lookups Using /etc/resolv.conf /etc/resolv.conf The most important option: nameserver In this example, we are pointing to the HKUST nameserver (143.89.14.7) Comment (#) out all other lines If you don t like the HKUST nameserver, you can use Google Public DNS (8.8.8.8) which claimed to be a fast and secure public DNS # are comment lines in /resolv.conf # nameserver [ IP address ] # Use Google Public DNS nameserver 8 8 8 8 USTM17 Linux Network Administration - Peter Chung (cspeter) 15

  16. Configure DNS Server Configuration of the DNS server is located in /etc/named.conf USTM17 Linux Network Administration - Peter Chung (cspeter) 16

  17. Configure DNS Server (1/4) Configure the DNS server to listen on all interfaces and all IP addresses Change listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; To listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; USTM17 Linux Network Administration - Peter Chung (cspeter) 17

  18. Configure DNS Server (2/4) Add local network to allow-query allow-query { localhost; 143.89.130.0/24; }; USTM17 Linux Network Administration - Peter Chung (cspeter) 18

  19. Configure DNS Server (3/4) Add a forward zone Before zone ".", add a new forward zone zone ITSC_LOGIN.cse.ust.hk" IN { type master; file ITSC_LOGIN.db"; allow-update { none; }; allow-query { any; }; }; The zone file is located at /var/named/ITSC_LOGIN.db USTM17 Linux Network Administration - Peter Chung (cspeter) 19

  20. Configure DNS Server (4/4) Add a backward zone After the forward zone, add a new backward zone zone "1.168.192.in-addr.arpa" IN { type master; file ITSC_LOGIN.rev"; allow-update { none; }; allow-query { any; }; }; The zone file is located at /var/named/ITSC_LOGIN.rev USTM17 Linux Network Administration - Peter Chung (cspeter) 20

  21. Configure Forward Zone File (1/4) Create the zone file at /var/named/ITSC_LOGIN.db This contains information about the new forward zone Add the following segments to the zone file USTM17 Linux Network Administration - Peter Chung (cspeter) 21

  22. Configure Forward Zone File (2/4) The Start of Authority (SOA) record $TTL 86400 @ IN SOA dns.ITSC_LOGIN.cse.ust.hk. ITSC_LOGIN.ust.hk. ( 2020011800 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) USTM17 Linux Network Administration - Peter Chung (cspeter) 22

  23. Configure Forward Zone File (3/4) Information about the DNS server NS record announces the authoritative nameserver for this zone @ IN NS dns.ITSC_LOGIN.cse.ust.hk. A record specifies the IP address of the nameserver dns IN A 143.89.130.89 USTM17 Linux Network Administration - Peter Chung (cspeter) 23

  24. Configure Forward Zone File (4/4) A records for several host names www IN A 192.168.1.10 mail IN A 192.168.1.20 CNAME record for alias ftp IN CNAME www.ITSC_LOGIN.cse.ust.hk. USTM17 Linux Network Administration - Peter Chung (cspeter) 24

  25. Configure Backward Zone File (1/4) Create the zone file at /var/named/ITSC_LOGIN.rev This contains information about the new backward zone Add the following segments to the zone file USTM17 Linux Network Administration - Peter Chung (cspeter) 25

  26. Configure Backward Zone File (2/4) The Start of Authority (SOA) record $TTL 86400 @ IN SOA dns.ITSC_LOGIN.cse.ust.hk. ITSC_LOGIN.ust.hk. ( 2020011800 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) USTM17 Linux Network Administration - Peter Chung (cspeter) 26

  27. Configure Backward Zone File (3/4) Information about the DNS server NS record announces the authoritative nameserver for this zone @ IN NS dns.ITSC_LOGIN.cse.ust.hk. USTM17 Linux Network Administration - Peter Chung (cspeter) 27

  28. Configure Backward Zone File (4/4) PTR record for last digit of IP address 10 IN PTR www.ITSC_LOGIN.cse.ust.hk. USTM17 Linux Network Administration - Peter Chung (cspeter) 28

  29. Demo Starting up the DNS The command to start a DNS systemctl start named If the DNS is already started, you can systemctl restart named You can also check the current DNS status systemctl status named USTM17 Linux Network Administration - Peter Chung (cspeter) 29

  30. Demo Using dig tool dig can be used to query almost anything from a DNS server The syntax for dig is very straightforward: dig [nameserver] [name] [type] Example: dig 143.89.14.7 www.ust.hk A It queries the name server (143.89.14.7) to resolve www.ust.hk and get back the type A record (i.e. the IP address) USTM17 Linux Network Administration - Peter Chung (cspeter) 30

  31. Result of dig command Using dig command Result of the dig command USTM17 Linux Network Administration - Peter Chung (cspeter) 31

  32. Demo Using nslookup nslookup , while now deprecated, is still a good tool for checking the operation of your nameserver setup The command to use nslookup: nslookup hostname You can interactively set different type of query. For example: type=A can be used to query the A records in DNS > set type=A USTM17 Linux Network Administration - Peter Chung (cspeter) 32

  33. Examples of using nslookup (Other records) USTM17 Linux Network Administration - Peter Chung (cspeter) 33

  34. Examples of using nslookup Set the query type as NS and query the root domain (.) Obtain a list of root name server USTM17 Linux Network Administration - Peter Chung (cspeter) 34

  35. Any questions so far? USTM17 Linux Network Administration - Peter Chung (cspeter) 35

Related


More Related Content