Internet Systems Consortium and University of Ostrava, profile picture
Uploaded byInternet Systems Consortium and University of Ostrava
35 views

DNS Principles and Operations - Lecture 01

• Domain names and their roles • Domain names and data • Domain names and DNS • Domain name tree • DNS Records and their components • A, AAAA and TXT Types • Domain Name Summary

Embed presentation

Download to read offline
Mgr. Ondřej Surý, University of Ostrava 7DNSK: DNS Principles and Operations Lecture 01 Domain Name System
Contents • Dom a in n a mes a nd their roles • Dom a in n a mes a nd d a t a • Dom a in n a mes a nd DNS • Dom a in n a me tree • DNS Records a nd their components • A, AAAA a nd TXT Types • Dom a in N a me Summ a ry • About the present a tion
Domain Names and Their Roles
Domain Names • Dom a in n a mes a re a n obvious p a rt of the Internet. But wh a t role do they pl a y? • How do dom a in n a mes work? is-stag.osu.cz www.kagi.com vlada.gov.cz www.ietf.org wanda.osu.cz www.kernel.org www.apple.com
Domain name as address • As Internet users, we know th a t services c a n be found using dom a ins. • Are dom a ins a type of a ddress? – Yes, th a t is p a rt of the a nswer.
Communication on the Internet • Internet communic a tion is b a sed on IP. • The IP l a yer uses IP a ddresses for communic a tion. • Routing directs p a ckets b a sed on IP a ddresses. At the IP l a yer, there is no room for n a mes; only the IP a ddresses exists there.
Internet Addressing • At the IP level, the IP a ddress is used for a ddressing. • How does the dom a in n a me come into pl a y?
Abstraction • One c a n view the dom a in n a me a s a tr a nsl a tion of the IP a ddress. • We begin with the dom a in n a me, which a cts a s a n a ddress, a nd obt a in the IP a ddress necess a ry for communic a tion over TCP/IP.
Domain name instead of IP address • Dom a in n a mes a re e a sier to remember th a n IP a ddresses. • Dom a in n a mes c a n be words th a t h a ve me a ning or th a t we c a n a ssoci a te with. • We c a n choose a suit a ble dom a in n a me. • We often c a nnot do a nything a bout the IP a ddress. • An IP a ddress is a string of numbers th a t is often di ff icult to remember. • IPv6 (e.g., 2001:6b0:1:11c2::82ed:1c28) is worse th a n IPv4 (e.g., 130.237.28.40)
Domain name as identi fi er • For most people, it is e a sier to recognize dom a in n a mes th a n IP a ddresses. • One c a n h a ve simil a r dom a in n a mes for di ff erent services to show th a t they a re rel a ted. www.nic.cz. – 217.31.205.50 m a il.nic.cz. – 217.31.204.67
Domain name for grouping • Network devices (computers, routers, etc.) c a n be grouped under a prim a ry dom a in n a me, for ex a mple: prf.osu.cz • The grouped devices c a n be on completely di ff erent IP networks, for both IPv4 a nd IPv6.
Domain name to denote service • The n a me c a n be used to indic a te the type of service. www.x.y → prob a bly a web service (http) m a il.x.y or mx.x.y → prob a bly a m a il server ns.x.y or dns.x.y → prob a bly a DNS server • However, one does not need to follow the convention a bove, but c a n inste a d f ind one's own system.
Placing information in the domain name We c a n use the n a me to tell other things. For ex a mple: • Loc a tion. All routers in Pr a gue a re n a med "prg" a nd those in Ostr a v a a re n a med "ov a ", e.g., r2.prg.freef a rm.x a a nd r1.ov a .freef a rm.x a respectively. • Role. All servers used for production a re n a med "prod" a nd those for pre-production veri f ic a tion a re n a med "st a ge", e.g., www.prod.freef a rm.x a a nd www.st a ge.freef a rm.x a respectively. • OS. All l a ptops with Windows a re n a med "win" a nd those with m a cOS a re n a med "m a c", e.g., 15.win.l a ptop.freef a rm.x a a nd 23.m a c.l a ptop.freef a rm.x a respectively.
A domain name is more than just an address When we s a y a ddress, we might think of something like ”Br á fov a 7, Pr a h a ” or ”708 01 Ostr a v a ” • Dom a in n a mes a re more th a n th a t. Dom a in n a mes h a ve become the n a me of a product, service, or comp a ny.
Domain name as a trademark The dom a in n a me is a tr a dem a rk • Dom a in n a mes a re registered for existing tr a dem a rks. • New comp a nies look for a n a v a il a ble dom a in n a me before deciding on a comp a ny n a me. • Dom a in n a mes le a d to tr a dem a rk disputes. • Most top-level dom a ins, e.g., .se, h a ve rules for how to h a ndle "b a d f a ith registr a tions" th a t con f lict with existing tr a dem a rks. • Good dom a in n a mes a re bought a nd sold for l a rge sums.
The domain name can signal a ffi liation • The choice of top-level dom a in sign a ls a ff ili a tion: • .cz → Czech • .fr → French • .eu → Europe a n Union • .com → intern a tion a l comp a ny • .mil → belongs to the U.S. milit a ry • .c a t → C a t a l a n! • There a re m a ny, m a ny top-level dom a ins to choose from, ne a rly 2000.
Domain name and data
Not just to identify the IP address • The dom a in p a rt of a n em a il a ddress indic a tes the dom a in a ff ili a tion. • M a il is routed b a sed on the dom a in p a rt, not the IP a ddress. ondrej.sury@ osu.cz Domain part that can be looked up in DNS
Not just to identify the IP address • IP a ddresses c a n be entered into DNS to identify the n a me th a t points to the a ddress. 78.128.128.25 → w a nd a .osu.cz.
The domain name as an anchor for data • It does not h a ve to be a n IP a ddress. It c a n be other technic a l d a t a . • For ex a mple, v a rious kinds of cryptogr a phic keys c a n be pl a ced in DNS. • Or con f igur a tion d a t a . • DNS c a n be used to distribute d a t a in a system a tic w a y.
Not just to identify the IP address • It is possible to insert text strings: • For textu a l inform a tion • Used by systems a nd progr a ms when con f igur a tion d a t a c a nnot be a ccommod a ted otherwise. • A "token" is inserted to demonstr a te control over the dom a in.
Roles of the domain name 1. Addressing 2. Abstr a ction of IP a ddress 3. Anchor for other technic a l d a t a 4. Recognition 5. Br a nd • This course will focus on the technic a l a spects of the dom a in n a me, points 1-3. • However, we will keep points 4-5 in mind, a s they a re wh a t m a ke the choice of a dom a in n a me import a nt for the Internet a nd its users.
Domain name and DNS
DNS • DNS = "Dom a in N a me System” • Dom a in N a me → “N a me” or “Dom a in” • DNS is the function – protocol – st a nd a rd th a t m a n a ges Internet dom a ins or dom a in n a mes.
Primary task • The prim a ry function of DNS: n a me (dom a in n a me) → IP a ddress www.osu.cz → 78.128.128.25, 2001:718:1005:620::25
DNS Answer: 78.128.128.25 2001:718:1005:620::25 Question: What IP addresses does www.osu.cz have?
DNS – facilitates address changes • The a ddress c a n be ch a nged (ch a nge of a ddress) without ch a nging the n a me.
192.0.2.2 192.0.2.213 www.example.com
192.0.2.2 192.0.2.213 www.example.com
DNS – both IPv4 and IPv6 • The n a me c a n point to both IPv4 a nd IPv6 (or just one of them).
2001:718:1005:620::25 78.128.128.25 www.osu.cz
DNS – redundancy or load balancing • The n a me c a n point to two or more servers (two or more IPv4 a ddresses or likewise IPv6 a ddresses). • Why would one w a nt this? • Redund a ncy with f a ilover • Lo a d b a l a ncing
www.osu.cz Tra+fic goes to both servers • The client selects the server • When both are up, double the load is handled 2001:718:1005:620::25 78.128.128.25 2001:718:1005:620::26 78.128.128.26
www.osu.cz All tra.fic goes to server 78.128.128.25 • A client that initially selects 78.128.128.26 will switch to 78.128.128.25 after a while 2001:718:1005:620::25 78.128.128.25 2001:718:1005:620::26 78.128.128.26
Domain Name Tree
Domain Name Tree How a re the di ff erent dom a in n a mes rel a ted? • Di ff erent n a mes h a ve the s a me "ending", e.g., "cz". • Some n a mes sh a re a longer "ending", e.g., "osu.cz". is-stag.osu.cz www.kagi.com vlada.gov.cz www.ietf.org wanda.osu.cz www.kernel.org www.apple.com
Domain Name Tree • Together, the dom a in n a mes form a hier a rchic a l n a me tree.
cz (Root) 1. Starts with an unnamed node called the "root" 2. All other nodes in the tree have a name ("label") 3. The tree can branch downwards at the nodes 4. Strictly hierarchical (one path up) 5. Data can be placed in each node but not outside the nodes com sk net aero prg airport-ostrava osu www nic www prf kip ripe wanda ibm telia telia www www www nix nix www
cz (Root) com sk net aero prg airport-ostrava osu www nic www prf kip ripe wanda ibm telia telia www www www nix nix www 1 2 3 4 5 1 2 3 4 5 kip . prf . osu . cz . Empty l a bel
Unique node names at the same level • Only one node " a pple" under "cz" – the node n a me must be unique a t the s a me level. • The s a me node n a me, e.g., " a pple", in sever a l di ff erent pl a ces – under "cz", "com", a nd "net". • The node n a me "www" exists ( a lmost) everywhere, but in di ff erent loc a tions.
Domain Name Structure Ex a mple ”www.osu.se” (or ”www.osu.se.”) This ex a mple consists of four p a rts (l a bels) where the l a st (topmost) p a rt is invisible ( a n empty string). E a ch p a rt (”l a bel”) corresponds to a node in the dom a in n a me tree – it is the n a me of the node in the tree. 1. "www" 2. "osu" 3. "cz" 4. "" The period ”.” m a rks the bound a ry between the p a rts (l a bels). Comp a re with the tree.
Domain Name Structure www.osu.cz • The le a st signi f ic a nt p a rt, ”www” in our ex a mple, is displ a yed f irst. • The most signi f ic a nt p a rt is displ a yed l a st. 78.128.128.25 • In IPv4 a ddresses, the most signi f ic a nt octet (p a rt) is shown f irst (78) a nd the le a st signi f ic a nt octet is shown l a st (25). 2001:718:1005:620::25 • In the IPv6 a ddress, the order is the s a me. 2001 is the most signi f ic a nt a nd 25 is the le a st signi f ic a nt p a rt. L a ter on, we will see th a t the di ff erence is signi f ic a nt.
Where is the Domain Name Tree? • The Dom a in N a me Tree exists in the distributed d a t a b a se of DNS d a t a th a t is sh a red a cross the Internet. • There a re numerous n a me servers (DNS servers), e a ch holding a sm a ll portion of the dom a in n a me tree, but which together constitute the entire dom a in n a me tree.
Where is the data? • We c a n insert d a t a into e a ch n a me (node) in the dom a in n a me tree. • In "www" under "osu" under "se", we insert the IP a ddresses for University of Ostr a v a 's web servers. • No d a t a exists outside the nodes.
cz (Root) We will enter the IP addresses here: 78.128.128.25 and 2001:718:1005:620::25 com sk net aero prg airport-ostrava osu www nic www prf kip ripe wanda ibm telia telia www www www nix nix www
Display format of the DNS data • DNS d a t a is represented in di ff erent w a ys in di ff erent pl a ces. The displ a y form a t is wh a t we norm a lly see, both in text a nd in d a t a f iles for n a me servers. • It st a rts with the loc a tion (owner node) in the dom a in n a me tree where the d a t a "resides". w a nd a .osu.cz. 3600 IN A 78.128.128.25 w a nd a .osu.cz. 3600 IN AAAA 2001:718:1005:620::25 • Note the period a t the end of the dom a in n a me.
Where is the data? • The d a t a is stored in the nodes a long with the dom a in n a me tree. • If there a re no d a t a , then there is a lso no dom a in n a me tree. • Without a dom a in n a me tree, we h a ve nowhere to put the d a t a .
The data entry forms the tree.
cz (Root) osu wanda The data entry forms the tree. w a nd a .osu.cz. 3600 IN A 78.128.128.25 w a nd a .osu.cz. 3600 IN AAAA 2001:718:1005:620::25
DNS data and its components
DNS Data • How is the DNS d a t a presented? E.g. www.nic.cz. 1800 IN A 217.31.205.50 www.nic.cz. 1800 IN A 217.31.205.50
• "Owner n a me" • The node (the n a me) in the DNS tree where the d a t a is loc a ted. • Ends with a period "." which me a ns th a t it is rel a tive to the "root". www.nic.cz. 1800 IN A 217.31.205.50
• "TTL", time-to-live. • The number of seconds th a t we c a n s a ve a nd reuse the d a t a before we must retrieve it a g a in. • Norm a lly between 60 a nd 86,400 seconds (one d a y). • C a n be a s low a s 0 seconds, i.e., use but do not s a ve. • A 32-bit integer, i.e., up to 4,294,967,295 s ≈ 136 ye a rs; in pr a ctice, a m a ximum of 3-7 d a ys. • C a n be omitted in m a ny contexts, but is import a nt in others. www.nic.cz. 1800 IN A 217.31.205.50
• ”Cl a ss”. • IN = Internet Cl a ss • It is a lw a ys ”IN”; nothing else is used for Internet. www.nic.cz. 1800 IN A 217.31.205.50
Class • If the "cl a ss" is something other th a n IN, then it is not in the st a nd a rd DNS tree. • The BIND 9 ( a nd other DNS server) uses the CH (Ch a os) cl a ss to report, a mong other things, its softw a re version. Limited use.
• ”Resource Record Type”, record type • A = ”Address” (IPv4 a ddress) • There a re de f ined record types with speci f ic codes, ”A” in this c a se. • E a ch record type determines wh a t d a t a c a n a nd must be present www.nic.cz. 1800 IN A 217.31.205.50
• ”Resource Record D a t a ”, d a t a • C a n h a ve one or more sub- f ields (one sub- f ield in this c a se) • The sub- f ields a re determined by the record type. For a n A record type, it must be a n IPv4 a ddress. www.nic.cz. 1800 IN A 217.31.205.50
DNS Data www.nic.cz. 1800 IN A 217.31.205.50 • Often without TTL a nd ”Cl a ss”: www.nic.cz. A 217.31.205.50 www.nic.cz. 1800 A 217.31.205.50 www.nic.cz. IN A 217.31.205.50
DNS Data • TTL is relev a nt when we enter the DNS d a t a into a n a me server. Otherwise, we c a n often omit the TTL when we a re just referencing the d a t a . • “Cl a ss” is only necess a ry when it is not IN, which me a ns a lmost never. www.nic.cz. A 217.31.205.50
Relative names • Rel a tive n a mes • Sometimes, we c a n write DNS d a t a rel a tive to a speci f ic node in the DNS tree. When referring to DNS d a t a within the nic.cz dom a in:: www A 217.31.205.50 • NOTE! No period "." a fter rel a tive n a mes. Rel a tive n a mes should be a voided in direct DNS contexts except in the con f igur a tion f ile (zone f ile) for the n a me server.
Absolute name • If the a bsolute n a me is intended, there must be a period "." a t the end of the n a me in direct DNS contexts. • Correct: www.nic.cz. A 217.31.205.50 • Incorrect (not a bsolute): www.nic.cz A 217.31.205.50
Absolute or relative names • Outside of direct DNS contexts, a bsolute n a mes a re most often used without the tr a iling period. • For ex a mple: • em a il a ddress: ondrej@sury.org • web URL: https://www.osu.cz/ • This a lso a pplies to m a ny progr a m con f igur a tions.
Relative names • Sometimes rel a tive n a mes a re used. • How "/etc/resolv.conf" works will be covered when we discuss the loc a l resolver libr a ry.
Record types A, AAAA and TXT
Record Type A • A = “Address” • IPv4- a dress www.nic.cz. A 217.31.205.50 • A sub f ield for a n A record. • An IPv4 a ddress c a n be written in v a rious w a ys depending on the context, but here it must be form a tted a s four decim a l octets sep a r a ted by periods. No period a t the end.
Record Type AAAA • Like a n A record, but for a n IPv6 a ddress • A sub f ield in this c a se. • With the AAAA record type, it must be a n IPv6 a ddress. • The IPv6 a ddress must be written in st a nd a rd IPv6 form a t (with or without a bbrevi a tion). www.nic.cz. AAAA 2001:1488:0:3::2
Record Type AAAA • Identic a l: www.ietf.org. AAAA 2606:4700::6810:2d63 www.ietf.org. AAAA 2606:4700::6810:2D63 www.ietf.org. AAAA 2606:4700:0000:0000:0000:0000:6810:2d63 • Norm a lly, IPv6 is written in the a bbrevi a ted form a t, both in DNS a nd in other contexts, but a ltern a tive represent a tions a re a llowed.
Record Type TXT • Just a text string. • It w a s origin a lly intended for pl a in text inform a tion, but h a s incre a singly been used by systems a nd progr a ms to store d a t a th a t c a nnot be stored in other record types. se TXT SE zone update: 2025-09-30 02:51:55 +0000 (EPOCH 1759200715) (auto)
Domain name summary
Summary so far • DNS is used, a mong other things, to look up IP a ddresses for dom a in n a mes. • The dom a in n a me is more th a n just a n IP a ddress. • The dom a in n a me is p a rt of a n a me tree. • The DNS d a t a , which we c a n look up, is linked to a speci f ic point in the dom a in tree. • There a re di ff erent record types for di ff erent d a t a , including A, AAAA, a nd TXT.
About the presentation
The Internet's Domain Name System • This present a tion w a s developed from 2019–2024 by M a ts Du f berg (m a ts.du f berg@internetstiftelsen.se) a t The Internet Found a tion (https://internetstiftelsen.se/). It is p a rt of the te a ching m a teri a l for the course "The Internet's Dom a in N a me System" a t KTH Roy a l Institute of Technology (course code HI1037) a nd K a rlst a d University, KAU (course code DVGC28), respectively. • This present a tion w a s tr a nsl a ted in 2025 by Ondřej Surý <ondrej@isc.org> a t Internet Systems Consortium. It is p a rt of the te a ching m a teri a l for the course "DNS Principles a nd Oper a tions" a t University of Ostr a v a .
License • This te a ching m a teri a l is provided under the Cre a tive Commons BY 4.0 license (https://cre a tivecommons.org/licenses/by/4.0/deed.en) a nd m a y be used in a ccord a nce with its terms.
End

More Related Content

PDF
DNS Principles and Operations - Lecture 02
byInternet Systems Consortium and University of Ostrava
 
PDF
Internet Domains
byadil raja
 
PDF
Internet Host Name
byadil raja
 
PDF
DNS Principles and Operations - Lecture 04
byInternet Systems Consortium and University of Ostrava
 
PDF
System and Network Administration Chapter 2
byjaramharo
 
PPTX
applicationlayer.pptx
bygeorgejustymirobi1
 
PDF
Presentation on Domain Name System
byChinmay Joshi
 
PPTX
The Application Layer
byMSharmilaDeviITDEPT
 
DNS Principles and Operations - Lecture 02
byInternet Systems Consortium and University of Ostrava
 
Internet Domains
byadil raja
 
Internet Host Name
byadil raja
 
DNS Principles and Operations - Lecture 04
byInternet Systems Consortium and University of Ostrava
 
System and Network Administration Chapter 2
byjaramharo
 
applicationlayer.pptx
bygeorgejustymirobi1
 
Presentation on Domain Name System
byChinmay Joshi
 
The Application Layer
byMSharmilaDeviITDEPT
 

Similar to DNS Principles and Operations - Lecture 01

PPTX
Domainnamesystem
byV.V.Vanniaperumal College for Women
 
PPTX
Exploring the Application Layer: DNS, FQDN, SMTP, Web-Based Email, and FTP Ex...
bySisodetrupti
 
PDF
Domain Name System (DNS) Fundamentals
byWebSniffer
 
PDF
How domain name servers work
byRaxTonProduction
 
PPS
Dns And Snmp
bySeyed Ali Marjaie
 
PDF
DNS (Domain Name System)
byShashidhara Vyakaranal
 
PPTX
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
bychakravardhannani123
 
PPT
D.N.S
byNirbhay Upadhyay
 
PPTX
Dns
byhoangdinhhanh88
 
PDF
understanding-dns-essential
bywael eshag eshag
 
PPT
08Mapping.ppt
byMalikNuman8
 
PPTX
DNS.pptx
byEidTahir
 
DOCX
Linux basics andng hosti
byPatruni Chidananda Sastry
 
PDF
DNS and BIND, 5th Edition.pdf
byviditsir
 
PPT
Domain name system advanced power point presentation
byrituchouhan1508
 
PPT
Domain Name System(ppt)
bychovatiyabhautik
 
PDF
U5_DNS_slides_v1. U5_DNS_slides_v1 Servicios de red
byJuanM75975
 
PPTX
DNS(In_Linux).pptx
byShanmugapriyaSenthil3
 
PDF
dns-approximately.pdf
byKhadijaTahir29
 
PPTX
Secure shell (ssh)
byIshucs
 
Domainnamesystem
byV.V.Vanniaperumal College for Women
 
Exploring the Application Layer: DNS, FQDN, SMTP, Web-Based Email, and FTP Ex...
bySisodetrupti
 
Domain Name System (DNS) Fundamentals
byWebSniffer
 
How domain name servers work
byRaxTonProduction
 
Dns And Snmp
bySeyed Ali Marjaie
 
DNS (Domain Name System)
byShashidhara Vyakaranal
 
c5c1db8d-8375-4f17-bf6a-56ea5342e58d.pptx
bychakravardhannani123
 
D.N.S
byNirbhay Upadhyay
 
Dns
byhoangdinhhanh88
 
understanding-dns-essential
bywael eshag eshag
 
08Mapping.ppt
byMalikNuman8
 
DNS.pptx
byEidTahir
 
Linux basics andng hosti
byPatruni Chidananda Sastry
 
DNS and BIND, 5th Edition.pdf
byviditsir
 
Domain name system advanced power point presentation
byrituchouhan1508
 
Domain Name System(ppt)
bychovatiyabhautik
 
U5_DNS_slides_v1. U5_DNS_slides_v1 Servicios de red
byJuanM75975
 
DNS(In_Linux).pptx
byShanmugapriyaSenthil3
 
dns-approximately.pdf
byKhadijaTahir29
 
Secure shell (ssh)
byIshucs
 

Recently uploaded

PDF
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
PPTX
Chapter-1[0 handling infected system.pptx
byfirehiwot8
 
PDF
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
PPTX
Presentation4.pptx space it's exploration
byvarung3424
 
PDF
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
PDF
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
PDF
Ethereum Fusaka Upgrade Set For December 3: Everything you need to know | 3.0 TV
by3verseTV
 
PDF
Optimizing DNS Performance in Kubernetes: Challenges and Best Practices
byBangladesh Network Operators Group
 
PPTX
OFFENSIVE OPERATIONS : THE ANATOMY OF A NETWORK TAKEOVER
byBangladesh Network Operators Group
 
PDF
DNS Principles and Operations - Lecture 05
byInternet Systems Consortium and University of Ostrava
 
PPTX
Understanding Universal Acceptance (UA) and Technical Challenges
byBangladesh Network Operators Group
 
PDF
What is eSIM - eSIM The Future of Mobile Connectivity.pdf
byContent Swap
 
PDF
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
PDF
DNSSEC Deployment for .BD SLDs by Abdul Awal
byBangladesh Network Operators Group
 
PPTX
Chapter-9 viruses in infected system.pptx
byfirehiwot8
 
PPTX
Types of conflicthjhhkjljljjikjhbsakmxlsakx;lsakxla,xa,x.a,laxlaklsadisjcjsdd
bykburdzenidzeboys
 
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
Chapter-1[0 handling infected system.pptx
byfirehiwot8
 
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
Presentation4.pptx space it's exploration
byvarung3424
 
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
Ethereum Fusaka Upgrade Set For December 3: Everything you need to know | 3.0 TV
by3verseTV
 
Optimizing DNS Performance in Kubernetes: Challenges and Best Practices
byBangladesh Network Operators Group
 
OFFENSIVE OPERATIONS : THE ANATOMY OF A NETWORK TAKEOVER
byBangladesh Network Operators Group
 
DNS Principles and Operations - Lecture 05
byInternet Systems Consortium and University of Ostrava
 
Understanding Universal Acceptance (UA) and Technical Challenges
byBangladesh Network Operators Group
 
What is eSIM - eSIM The Future of Mobile Connectivity.pdf
byContent Swap
 
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
DNSSEC Deployment for .BD SLDs by Abdul Awal
byBangladesh Network Operators Group
 
Chapter-9 viruses in infected system.pptx
byfirehiwot8
 
Types of conflicthjhhkjljljjikjhbsakmxlsakx;lsakxla,xa,x.a,laxlaklsadisjcjsdd
bykburdzenidzeboys
 

DNS Principles and Operations - Lecture 01

  • 1.
    Mgr. Ondřej Surý,University of Ostrava 7DNSK: DNS Principles and Operations Lecture 01 Domain Name System
  • 2.
    Contents • Dom a in n a mes a ndtheir roles • Dom a in n a mes a nd d a t a • Dom a in n a mes a nd DNS • Dom a in n a me tree • DNS Records a nd their components • A, AAAA a nd TXT Types • Dom a in N a me Summ a ry • About the present a tion
  • 3.
  • 4.
    Domain Names • Dom a inn a mes a re a n obvious p a rt of the Internet. But wh a t role do they pl a y? • How do dom a in n a mes work? is-stag.osu.cz www.kagi.com vlada.gov.cz www.ietf.org wanda.osu.cz www.kernel.org www.apple.com
  • 5.
    Domain name asaddress • As Internet users, we know th a t services c a n be found using dom a ins. • Are dom a ins a type of a ddress? – Yes, th a t is p a rt of the a nswer.
  • 6.
    Communication on theInternet • Internet communic a tion is b a sed on IP. • The IP l a yer uses IP a ddresses for communic a tion. • Routing directs p a ckets b a sed on IP a ddresses. At the IP l a yer, there is no room for n a mes; only the IP a ddresses exists there.
  • 7.
    Internet Addressing • Atthe IP level, the IP a ddress is used for a ddressing. • How does the dom a in n a me come into pl a y?
  • 8.
    Abstraction • One c a nview the dom a in n a me a s a tr a nsl a tion of the IP a ddress. • We begin with the dom a in n a me, which a cts a s a n a ddress, a nd obt a in the IP a ddress necess a ry for communic a tion over TCP/IP.
  • 9.
    Domain name insteadof IP address • Dom a in n a mes a re e a sier to remember th a n IP a ddresses. • Dom a in n a mes c a n be words th a t h a ve me a ning or th a t we c a n a ssoci a te with. • We c a n choose a suit a ble dom a in n a me. • We often c a nnot do a nything a bout the IP a ddress. • An IP a ddress is a string of numbers th a t is often di ff icult to remember. • IPv6 (e.g., 2001:6b0:1:11c2::82ed:1c28) is worse th a n IPv4 (e.g., 130.237.28.40)
  • 10.
    Domain name asidenti fi er • For most people, it is e a sier to recognize dom a in n a mes th a n IP a ddresses. • One c a n h a ve simil a r dom a in n a mes for di ff erent services to show th a t they a re rel a ted. www.nic.cz. – 217.31.205.50 m a il.nic.cz. – 217.31.204.67
  • 11.
    Domain name forgrouping • Network devices (computers, routers, etc.) c a n be grouped under a prim a ry dom a in n a me, for ex a mple: prf.osu.cz • The grouped devices c a n be on completely di ff erent IP networks, for both IPv4 a nd IPv6.
  • 12.
    Domain name todenote service • The n a me c a n be used to indic a te the type of service. www.x.y → prob a bly a web service (http) m a il.x.y or mx.x.y → prob a bly a m a il server ns.x.y or dns.x.y → prob a bly a DNS server • However, one does not need to follow the convention a bove, but c a n inste a d f ind one's own system.
  • 13.
    Placing information inthe domain name We c a n use the n a me to tell other things. For ex a mple: • Loc a tion. All routers in Pr a gue a re n a med "prg" a nd those in Ostr a v a a re n a med "ov a ", e.g., r2.prg.freef a rm.x a a nd r1.ov a .freef a rm.x a respectively. • Role. All servers used for production a re n a med "prod" a nd those for pre-production veri f ic a tion a re n a med "st a ge", e.g., www.prod.freef a rm.x a a nd www.st a ge.freef a rm.x a respectively. • OS. All l a ptops with Windows a re n a med "win" a nd those with m a cOS a re n a med "m a c", e.g., 15.win.l a ptop.freef a rm.x a a nd 23.m a c.l a ptop.freef a rm.x a respectively.
  • 14.
    A domain nameis more than just an address When we s a y a ddress, we might think of something like ”Br á fov a 7, Pr a h a ” or ”708 01 Ostr a v a ” • Dom a in n a mes a re more th a n th a t. Dom a in n a mes h a ve become the n a me of a product, service, or comp a ny.
  • 15.
    Domain name asa trademark The dom a in n a me is a tr a dem a rk • Dom a in n a mes a re registered for existing tr a dem a rks. • New comp a nies look for a n a v a il a ble dom a in n a me before deciding on a comp a ny n a me. • Dom a in n a mes le a d to tr a dem a rk disputes. • Most top-level dom a ins, e.g., .se, h a ve rules for how to h a ndle "b a d f a ith registr a tions" th a t con f lict with existing tr a dem a rks. • Good dom a in n a mes a re bought a nd sold for l a rge sums.
  • 16.
    The domain namecan signal a ffi liation • The choice of top-level dom a in sign a ls a ff ili a tion: • .cz → Czech • .fr → French • .eu → Europe a n Union • .com → intern a tion a l comp a ny • .mil → belongs to the U.S. milit a ry • .c a t → C a t a l a n! • There a re m a ny, m a ny top-level dom a ins to choose from, ne a rly 2000.
  • 17.
  • 18.
    Not just toidentify the IP address • The dom a in p a rt of a n em a il a ddress indic a tes the dom a in a ff ili a tion. • M a il is routed b a sed on the dom a in p a rt, not the IP a ddress. ondrej.sury@ osu.cz Domain part that can be looked up in DNS
  • 19.
    Not just toidentify the IP address • IP a ddresses c a n be entered into DNS to identify the n a me th a t points to the a ddress. 78.128.128.25 → w a nd a .osu.cz.
  • 20.
    The domain nameas an anchor for data • It does not h a ve to be a n IP a ddress. It c a n be other technic a l d a t a . • For ex a mple, v a rious kinds of cryptogr a phic keys c a n be pl a ced in DNS. • Or con f igur a tion d a t a . • DNS c a n be used to distribute d a t a in a system a tic w a y.
  • 21.
    Not just toidentify the IP address • It is possible to insert text strings: • For textu a l inform a tion • Used by systems a nd progr a ms when con f igur a tion d a t a c a nnot be a ccommod a ted otherwise. • A "token" is inserted to demonstr a te control over the dom a in.
  • 22.
    Roles of thedomain name 1. Addressing 2. Abstr a ction of IP a ddress 3. Anchor for other technic a l d a t a 4. Recognition 5. Br a nd • This course will focus on the technic a l a spects of the dom a in n a me, points 1-3. • However, we will keep points 4-5 in mind, a s they a re wh a t m a ke the choice of a dom a in n a me import a nt for the Internet a nd its users.
  • 23.
  • 24.
    DNS • DNS ="Dom a in N a me System” • Dom a in N a me → “N a me” or “Dom a in” • DNS is the function – protocol – st a nd a rd th a t m a n a ges Internet dom a ins or dom a in n a mes.
  • 25.
    Primary task • Theprim a ry function of DNS: n a me (dom a in n a me) → IP a ddress www.osu.cz → 78.128.128.25, 2001:718:1005:620::25
  • 26.
  • 27.
    DNS – facilitatesaddress changes • The a ddress c a n be ch a nged (ch a nge of a ddress) without ch a nging the n a me.
  • 28.
  • 29.
  • 30.
    DNS – bothIPv4 and IPv6 • The n a me c a n point to both IPv4 a nd IPv6 (or just one of them).
  • 31.
  • 32.
    DNS – redundancyor load balancing • The n a me c a n point to two or more servers (two or more IPv4 a ddresses or likewise IPv6 a ddresses). • Why would one w a nt this? • Redund a ncy with f a ilover • Lo a d b a l a ncing
  • 33.
    www.osu.cz Tra+fic goes toboth servers • The client selects the server • When both are up, double the load is handled 2001:718:1005:620::25 78.128.128.25 2001:718:1005:620::26 78.128.128.26
  • 34.
    www.osu.cz All tra.fic goesto server 78.128.128.25 • A client that initially selects 78.128.128.26 will switch to 78.128.128.25 after a while 2001:718:1005:620::25 78.128.128.25 2001:718:1005:620::26 78.128.128.26
  • 35.
  • 36.
    Domain Name Tree How a rethe di ff erent dom a in n a mes rel a ted? • Di ff erent n a mes h a ve the s a me "ending", e.g., "cz". • Some n a mes sh a re a longer "ending", e.g., "osu.cz". is-stag.osu.cz www.kagi.com vlada.gov.cz www.ietf.org wanda.osu.cz www.kernel.org www.apple.com
  • 37.
    Domain Name Tree •Together, the dom a in n a mes form a hier a rchic a l n a me tree.
  • 38.
    cz (Root) 1. Starts withan unnamed node called the "root" 2. All other nodes in the tree have a name ("label") 3. The tree can branch downwards at the nodes 4. Strictly hierarchical (one path up) 5. Data can be placed in each node but not outside the nodes com sk net aero prg airport-ostrava osu www nic www prf kip ripe wanda ibm telia telia www www www nix nix www
  • 39.
  • 40.
    Unique node namesat the same level • Only one node " a pple" under "cz" – the node n a me must be unique a t the s a me level. • The s a me node n a me, e.g., " a pple", in sever a l di ff erent pl a ces – under "cz", "com", a nd "net". • The node n a me "www" exists ( a lmost) everywhere, but in di ff erent loc a tions.
  • 41.
    Domain Name Structure Ex a mple”www.osu.se” (or ”www.osu.se.”) This ex a mple consists of four p a rts (l a bels) where the l a st (topmost) p a rt is invisible ( a n empty string). E a ch p a rt (”l a bel”) corresponds to a node in the dom a in n a me tree – it is the n a me of the node in the tree. 1. "www" 2. "osu" 3. "cz" 4. "" The period ”.” m a rks the bound a ry between the p a rts (l a bels). Comp a re with the tree.
  • 42.
    Domain Name Structure www.osu.cz •The le a st signi f ic a nt p a rt, ”www” in our ex a mple, is displ a yed f irst. • The most signi f ic a nt p a rt is displ a yed l a st. 78.128.128.25 • In IPv4 a ddresses, the most signi f ic a nt octet (p a rt) is shown f irst (78) a nd the le a st signi f ic a nt octet is shown l a st (25). 2001:718:1005:620::25 • In the IPv6 a ddress, the order is the s a me. 2001 is the most signi f ic a nt a nd 25 is the le a st signi f ic a nt p a rt. L a ter on, we will see th a t the di ff erence is signi f ic a nt.
  • 43.
    Where is theDomain Name Tree? • The Dom a in N a me Tree exists in the distributed d a t a b a se of DNS d a t a th a t is sh a red a cross the Internet. • There a re numerous n a me servers (DNS servers), e a ch holding a sm a ll portion of the dom a in n a me tree, but which together constitute the entire dom a in n a me tree.
  • 44.
    Where is thedata? • We c a n insert d a t a into e a ch n a me (node) in the dom a in n a me tree. • In "www" under "osu" under "se", we insert the IP a ddresses for University of Ostr a v a 's web servers. • No d a t a exists outside the nodes.
  • 45.
    cz (Root) We will enterthe IP addresses here: 78.128.128.25 and 2001:718:1005:620::25 com sk net aero prg airport-ostrava osu www nic www prf kip ripe wanda ibm telia telia www www www nix nix www
  • 46.
    Display format ofthe DNS data • DNS d a t a is represented in di ff erent w a ys in di ff erent pl a ces. The displ a y form a t is wh a t we norm a lly see, both in text a nd in d a t a f iles for n a me servers. • It st a rts with the loc a tion (owner node) in the dom a in n a me tree where the d a t a "resides". w a nd a .osu.cz. 3600 IN A 78.128.128.25 w a nd a .osu.cz. 3600 IN AAAA 2001:718:1005:620::25 • Note the period a t the end of the dom a in n a me.
  • 47.
    Where is thedata? • The d a t a is stored in the nodes a long with the dom a in n a me tree. • If there a re no d a t a , then there is a lso no dom a in n a me tree. • Without a dom a in n a me tree, we h a ve nowhere to put the d a t a .
  • 48.
    The data entryforms the tree.
  • 49.
    cz (Root) osu wanda The data entryforms the tree. w a nd a .osu.cz. 3600 IN A 78.128.128.25 w a nd a .osu.cz. 3600 IN AAAA 2001:718:1005:620::25
  • 50.
    DNS data andits components
  • 51.
    DNS Data • Howis the DNS d a t a presented? E.g. www.nic.cz. 1800 IN A 217.31.205.50 www.nic.cz. 1800 IN A 217.31.205.50
  • 52.
    • "Owner n a me" •The node (the n a me) in the DNS tree where the d a t a is loc a ted. • Ends with a period "." which me a ns th a t it is rel a tive to the "root". www.nic.cz. 1800 IN A 217.31.205.50
  • 53.
    • "TTL", time-to-live. •The number of seconds th a t we c a n s a ve a nd reuse the d a t a before we must retrieve it a g a in. • Norm a lly between 60 a nd 86,400 seconds (one d a y). • C a n be a s low a s 0 seconds, i.e., use but do not s a ve. • A 32-bit integer, i.e., up to 4,294,967,295 s ≈ 136 ye a rs; in pr a ctice, a m a ximum of 3-7 d a ys. • C a n be omitted in m a ny contexts, but is import a nt in others. www.nic.cz. 1800 IN A 217.31.205.50
  • 54.
    • ”Cl a ss”. • IN= Internet Cl a ss • It is a lw a ys ”IN”; nothing else is used for Internet. www.nic.cz. 1800 IN A 217.31.205.50
  • 55.
    Class • If the"cl a ss" is something other th a n IN, then it is not in the st a nd a rd DNS tree. • The BIND 9 ( a nd other DNS server) uses the CH (Ch a os) cl a ss to report, a mong other things, its softw a re version. Limited use.
  • 56.
    • ”Resource RecordType”, record type • A = ”Address” (IPv4 a ddress) • There a re de f ined record types with speci f ic codes, ”A” in this c a se. • E a ch record type determines wh a t d a t a c a n a nd must be present www.nic.cz. 1800 IN A 217.31.205.50
  • 57.
    • ”Resource RecordD a t a ”, d a t a • C a n h a ve one or more sub- f ields (one sub- f ield in this c a se) • The sub- f ields a re determined by the record type. For a n A record type, it must be a n IPv4 a ddress. www.nic.cz. 1800 IN A 217.31.205.50
  • 58.
    DNS Data www.nic.cz. 1800IN A 217.31.205.50 • Often without TTL a nd ”Cl a ss”: www.nic.cz. A 217.31.205.50 www.nic.cz. 1800 A 217.31.205.50 www.nic.cz. IN A 217.31.205.50
  • 59.
    DNS Data • TTLis relev a nt when we enter the DNS d a t a into a n a me server. Otherwise, we c a n often omit the TTL when we a re just referencing the d a t a . • “Cl a ss” is only necess a ry when it is not IN, which me a ns a lmost never. www.nic.cz. A 217.31.205.50
  • 60.
    Relative names • Rel a tiven a mes • Sometimes, we c a n write DNS d a t a rel a tive to a speci f ic node in the DNS tree. When referring to DNS d a t a within the nic.cz dom a in:: www A 217.31.205.50 • NOTE! No period "." a fter rel a tive n a mes. Rel a tive n a mes should be a voided in direct DNS contexts except in the con f igur a tion f ile (zone f ile) for the n a me server.
  • 61.
    Absolute name • Ifthe a bsolute n a me is intended, there must be a period "." a t the end of the n a me in direct DNS contexts. • Correct: www.nic.cz. A 217.31.205.50 • Incorrect (not a bsolute): www.nic.cz A 217.31.205.50
  • 62.
    Absolute or relativenames • Outside of direct DNS contexts, a bsolute n a mes a re most often used without the tr a iling period. • For ex a mple: • em a il a ddress: ondrej@sury.org • web URL: https://www.osu.cz/ • This a lso a pplies to m a ny progr a m con f igur a tions.
  • 63.
    Relative names • Sometimesrel a tive n a mes a re used. • How "/etc/resolv.conf" works will be covered when we discuss the loc a l resolver libr a ry.
  • 64.
    Record types A,AAAA and TXT
  • 65.
    Record Type A •A = “Address” • IPv4- a dress www.nic.cz. A 217.31.205.50 • A sub f ield for a n A record. • An IPv4 a ddress c a n be written in v a rious w a ys depending on the context, but here it must be form a tted a s four decim a l octets sep a r a ted by periods. No period a t the end.
  • 66.
    Record Type AAAA •Like a n A record, but for a n IPv6 a ddress • A sub f ield in this c a se. • With the AAAA record type, it must be a n IPv6 a ddress. • The IPv6 a ddress must be written in st a nd a rd IPv6 form a t (with or without a bbrevi a tion). www.nic.cz. AAAA 2001:1488:0:3::2
  • 67.
    Record Type AAAA •Identic a l: www.ietf.org. AAAA 2606:4700::6810:2d63 www.ietf.org. AAAA 2606:4700::6810:2D63 www.ietf.org. AAAA 2606:4700:0000:0000:0000:0000:6810:2d63 • Norm a lly, IPv6 is written in the a bbrevi a ted form a t, both in DNS a nd in other contexts, but a ltern a tive represent a tions a re a llowed.
  • 68.
    Record Type TXT •Just a text string. • It w a s origin a lly intended for pl a in text inform a tion, but h a s incre a singly been used by systems a nd progr a ms to store d a t a th a t c a nnot be stored in other record types. se TXT SE zone update: 2025-09-30 02:51:55 +0000 (EPOCH 1759200715) (auto)
  • 69.
  • 70.
    Summary so far •DNS is used, a mong other things, to look up IP a ddresses for dom a in n a mes. • The dom a in n a me is more th a n just a n IP a ddress. • The dom a in n a me is p a rt of a n a me tree. • The DNS d a t a , which we c a n look up, is linked to a speci f ic point in the dom a in tree. • There a re di ff erent record types for di ff erent d a t a , including A, AAAA, a nd TXT.
  • 71.
  • 72.
    The Internet's DomainName System • This present a tion w a s developed from 2019–2024 by M a ts Du f berg (m a ts.du f berg@internetstiftelsen.se) a t The Internet Found a tion (https://internetstiftelsen.se/). It is p a rt of the te a ching m a teri a l for the course "The Internet's Dom a in N a me System" a t KTH Roy a l Institute of Technology (course code HI1037) a nd K a rlst a d University, KAU (course code DVGC28), respectively. • This present a tion w a s tr a nsl a ted in 2025 by Ondřej Surý <ondrej@isc.org> a t Internet Systems Consortium. It is p a rt of the te a ching m a teri a l for the course "DNS Principles a nd Oper a tions" a t University of Ostr a v a .
  • 73.
    License • This te a chingm a teri a l is provided under the Cre a tive Commons BY 4.0 license (https://cre a tivecommons.org/licenses/by/4.0/deed.en) a nd m a y be used in a ccord a nce with its terms.
  • 74.