CS计算机代考程序代写 dns database cache algorithm Slide 1

Slide 1

Networking

DNS
© Janice Regan, 2006-2017

© Janice Regan, 2006-2017
2
Database / authoritative servers
When a authoritative master or slave DNS server is initialized it loads a configuration file which associates domain names with data files containing DNS resource records for that domain
For linux systems that file is usually /etc/named.conf, configuration for the DNS daemon named. This file will be present only on hosts running DNS servers
Next we need to look at what is in the files referred to in the configuration file. There will be one file for each domain this DNS server serves.

© Janice Regan, 2006-2017
3
Format of resource records
The detailed format depends on the particular resource record, but all resource records follow the pattern
name ttl class type data
The first two items may be omitted,
name defaults to the last specified name
ttl defaults to the value given in the SOA record
Class is usually IN for internet
Type is a code from the RFC (A, SOA, MX, PTR)
Data depends on the type of record

© Janice Regan, 2006-2017
4
Organization of DNS data file
Remember domain names are case insensitive
All records start in the first column of the file
The usual order for records in the file is
$TTL: set time to live (bind 8 and later only)
SOA record: indicates authority for the zone
NS record: gives a name authoritative name servers for the zone
Other records giving data on hosts in the zone
A: Name to address mapping records
PTR: Address to name mapping records
CNAME: canonical name data (aliases)

© Janice Regan, 2006-2017
5
SOA record
zone IN SOA primarymasterNS contact (
serial
refresh time
retry time
expire time
negative caching ttl )
Zone, primarymasterNS and contact must be fully qualified domain names ending in .
The contact is the mail address of the contact assuming that the first . in the domain name is replaced with @
The parentheses allow the record to span more than one line

© Janice Regan, 2006-2017
6
SOA record fields
serial is a serial number indicating the age of the data file (last update). Used when a slave server contacts the master server. The slave will update its database if the serial number indicates its database is older that the master’s.
Serial is incremented each time data in the DNS database is changed
You should use a tool to update your DNS database, this will prevent you from forgetting to update serial
refresh gives the interval at which the slave server should check with the master server to determine if an update is needed (RFC 1537 recommends 24 hours)
An update is needed if the serial number of the master server’s data base is larger than the serial number of the slave server’s

© Janice Regan, 2006-2017
7
SOA record fields
Retry: if the slave cannot reach the master at the end of a refresh interval, it will retry after the interval specified in the retry field (recommended 2 hours)
Expire: If the slave fails to contact the master within the expire interval the slave stops giving answers about the zone. (recommended 30 days)

© Janice Regan, 2006-2017
8
SOA record fields: TTL
For BIND versions before version 8 the TTL was set using the last field in the SOA record
For versions 8 and above of BIND the final field is used for the negative caching TTL, the time a remote name server can cache negative responses about our zone (non existent hosts)
In v8 and above the TTL is set using the $TTL statement.
$TTL 3h indicates a TTL of 3 hours
RFC 1537 recommends a default TTL of 4 days
Server supplies TTL in query responses, telling the server receiving the response how long it may cache the information.

© Janice Regan, 2006-2017
9
Nameserver records
One record for each authoritative DNS name server for the zone is added to the zone file
Zone IN NS nameserver
Zone and nameserver must be fully qualified domain names ending in .
Nameservers should be well connected (stable, accessible)

One record for each name to address mapping. Each interface on a multihomed host must have its own record
Hostname IN A IPaddress
Hostname must be a fully qualified domain name
Address records

© Janice Regan, 2006-2017
10
Alias records
One record for each alias for a given host
hostalias IN CNAME hostname
OR
hostname IN A IPaddress
hostname and hostalias must be fully qualified domain names ending in .
Do not use aliases in the data portion of the database file (
A server will replace the alias with the canonical name then look up the canonical name (both returned)
The second form can be used to differentiate between multiple interfaces on a single host
The first form will choose one of the multiple interfaces according to a simple algorithm (alternate, first in list, …)

© Janice Regan, 2006-2017
11
One record for each address to name mapping. Each interface on a multihomed host must have its own record
Arpaaddress IN PTR hostname
hostname must be a fully qualified domain name
Arpaaddress must have the form 123.123.123.123.in-addr.arpa.
Arpaaddress of host 123.15.87.23 is 23.87.15.123.in-addr.arpa.
PTR records

© Janice Regan, 2006-2017
12
Example from Albitz + Liu
We are making the database files for a DNS server on the machine terminator.movie.edu. This DNS server will serve zone movie.edu
terminator has two network interfaces one on network 192.249.249.0/24, and one on 192.253.253.0/24.
Since a DNS server must also service inverse queries we must also service the zones
249.249.192.in-addr.arpa
253.253.192.in-addr.arpa
We will need to make an initialization file for each of these zones. These files will be db.movie.edu, db.249.249.192, and db.253.253.192

bigt.movie.edu. 75012 IN CNAME terminator.movie.edu
4.253.253.192.in-addr.arpa. IN PTR carrie.movie.edu

The second number in the first three records is the TTL, this is often omitted when records are input but appears in output of dig and other resolvers.
isc.org. 2898 IN NS ns-ext.lga1.isc.org.
ns-ext.lga1.isc.org. 75012 IN A 192.228.91.19

© Janice Regan, 2006-2017
14
server data file db.movie.edu: 1
$TTL 3h
Movie.edu. IN SOA terminatior.movie.edu. al.robocob.movie.edu.(
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL 1 hour
;
; Name servers
;
Movie.edu. IN NS terminator.movie .edu.
Movie.edu. IN NS wormhole.movie.edu.
:
:Addresses
;
Localhost.movie.edu. IN A 127.0.0.1
robocop.movie.edu. IN A 192.249.249.2
terminator.movie.edu. IN A 192.249.249.3

© Janice Regan, 2006-2017
15
server data file db.movie.edu: 2
diehard.movie.edu IN A 192.249.249.4
misery.movie.edu IN A 192.253.253.2
shining.movie.edu IN A 192.253.253.3
carrie.movie.edu IN A 192.253.253.4
Wormhole.movie.edu. IN A 192.249.249.1
Wormhole.movie.edu. IN A 192.253.253.1
:
:Aliases
;
bigtt.movie.edu IN CNAME terminatior.movie.edu.
dh.movie.edu IN CNAME diehard.movie.edu.
wh.movie.edu IN CNAME wormhole.movie.edu.
;
; Interface specific names
;
Wh249.movie.edu. IN A 192.249.249.1
Wh253.movie.edu IN A 192.253.253.1

Aliases
The CNAME is used to look up the name of the host (not the alias)
Then the name is looked up to find the requested information describing the host
Requesting the information for a dns name for a multihomed host will return all information regarding all interfaces of the multihomed host (in a list)
If we ping, or execute another command that does a dns lookup it will use the first name in the list (which one is it?) not the interface we want. We also need interface specific names

© Janice Regan, 2006-2017
17
server data file, db.249.249.192
$TTL 3h
249.249.192.in-addr.arpa..IN SOA terminatior.movie.edu. al.robocob.movie.edu.(
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL 1 hour
;
; Name servers
;
249.249.192.in-addr.arpa. IN NS terminator.movie .edu.
249.249.192.in-addr.arpa. IN NS wormhole.movie.edu.
;
:Addresses point to canonical name
;
1.249.249.192.in-addr.arpa. IN PTR wormhole.movie.edu.
2,249.249.192.in-addr.arpa. IN PTR robocop.movie.edu.
3.249.249.192.in-addr.arpa. IN PTR terminator.movie.edu.
4.249.249.192.in-addr.arpa. IN PTR diehard.movie.edu.

© Janice Regan, 2006-2017
18
Server data file, db.253.253.192
$TTL 3h
253.253.192.in-addr.arpa..IN SOA terminatior.movie.edu. al.robocob.movie.edu.(
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL 1 hour
;
; Name servers
;
253.253.192.in-addr.arpa. IN NS terminator.movie .edu.
253.253.192.in-addr.arpa. IN NS wormhole.movie.edu.
;
:Addresses point to canonical name
;
1.253.253.192.in-addr.arpa. IN PTR wormhole.movie.edu.
2,253.253.192.in-addr.arpa. IN PTR misery.movie.edu.
3.253.253.192.in-addr.arpa. IN PTR shining.movie.edu..
4.253.253.192.in-addr.arpa. IN PTR carrie.movie.edu.

© Janice Regan, 2006-2017
19
Comments on the example
Aliases, alternate names for particular domains, can be implemented in different ways
Using a CNAME record. A CNAME record maps a alias onto its canonical name. A nameserver replaces the alias with the canonical name.
In a multihomed system we can have a name for each interface of the system, we do not want these names to be aliases. The name and address of each interface will be in a separate address record.
Using an additional address record to define an alias that are not due to multiple interfaces may confuse the sendmail or require additional configuration to make sure in understands all possible aliases

© Janice Regan, 2006-2017
20
Root Hints Data
In addition to your local data you need to know where the name servers for the root zone are
Remember every DNS server needs to know the addresses of the root server
Download a copy of named.root from the root zone servers (ftp.rs.internic.net, 198.41.0.6) to make sure your list of root server information is current
The names and addresses of the root servers are stored in this file which should be renamed db.cache to prepare it for use

© Janice Regan, 2006-2017
21
Sample contents of db.cache
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
. 3600000 IN NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 IN A 128.9.0.7
;
. 3600000 IN NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
;
; more similar entries
;
. 3600000 IN NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33

© Janice Regan, 2006-2017
22
Configuration File
The nameserver needs to be instructed to read all of the data files we have constructed
The file containing these instructions is the configuration file in
/src/bin/named-bootconf (BIND 8)
contrib/named-bootconf (BIND 9)

options{
directory “/var/named”;
// additional options
};
zone “movie.edu”{
type master;
file “db.movie.edu”;
};

zone “249.249.192.in-addr.arpa”{
type master;
file “db.192.249.249”
};

© Janice Regan, 2006-2017
24
Configuration file format (1)
zone “253.253.192.in-addr.arpa”{
type master;
file “db.192.253.253”
};

zone “0.0.127.in-addr.arpa”{
type master;
file “db.127.0.0”
};

zone “.”{
type hint;
file “db.cache”
};

options{
directory “/var/named”;
// additional options
};
zone “movie.edu”{
type slave;
file “bak.movie.edu”;
masters{ 192.249.249.3; }
};

zone “249.249.192.in-addr.arpa”{
type slave;
file “bak.192.249.249”
masters{ 192.249.249.3; }
};

© Janice Regan, 2006-2017
26
Configuration file format (1)
zone “253.253.192.in-addr.arpa”{
type slave;
file “bak.192.253.253”
masters{ 192.249.249.3; }
};

zone “0.0.127.in-addr.arpa”{
type master;
file “db.127.0.0”
};
zone “.”{
type hint;
file “db.cache”
};

© Janice Regan, 2006-2017
27
Tools
Tools to help an administrator set up these files are available
Can make the zone data files using h2n which generates files based on your /etc/hosts file

zone “movie.edu”{
type slave;
masters{ 192.249.249.1 };
file “bak.movie.edu”;
};
Can have multiple levels of slaves (slaves using other slaves as masters) but it does take longer for updates

© Janice Regan, 2006-2017
29
Caching only nameserver
Not authoritative for any domain (except 0.0.127.in-addr.arpa)
Needs a root hints file
Configuration file contains only options, zone “0.0.127.in-addr.arpa”, and zone “.”

/docProps/thumbnail.jpeg

Related Posts