IPS
IPS as slideshow
An Introduction to DNS
- Hiawatha Demby, Ph.D
- UNC ITS Networking
- IP Services - Applications Analyst
DNS: Background and History
Origins
- Computer networking on ARPAnet
- small friendly community of computers
- utilized the '/etc/hosts' file for mapping host to IP addresses
- maintained by InterNIC using TCP/IP
- updated by hand
- hostname to IP address mapping
- RFC 811 - Hostnames server
DNS: Background and History
Physical Layer
- unique MAC address per NIC
- MAC - media access control
- 01-23-45-67-89-ab | 01:23:45:67:89:ab | 0123.4567.89ab
- NIC - network interface controller
- one IP address per 'physical' NIC
DNS: Background and History
Evolution
- ARPAnet becomes the Internet (ARPA - Advanced Research Projects Agency)
- problems with the '/etc/hosts' method:
- scale
- update logistics
- name collisions
DNS: Background and History
Reason for DNS
The Creation of DNS
- RFC 1034 Domain Names--Concepts and Facilities
- RFC 1035 Domain Names--Implementation and Specification
- Other DNS related RFCs
- 1101, 1122, 1183, 1706, 1876, 1982, 2181, 2308, and 2535
DNS: Domain Registration
Acquiring a Domain Name
- You must submit an application for a domain name to InterNIC using an ICANN accredited domain registrar
- InterNIC - Internet Network Information Center
- ICANN - Internet Corporation for Assigned Names and Numbers
DNS: Concepts
Structure of DNS
- The Domain Name System
- DNS is a distributed database
- access to other information using the DNS hierarchical domain name space structure
- similar to a *nix file system structure
- "/" unix root ==> "." DNS root
- FQDN relative to domain root
- FQDN - fully qualified domain name
- Domain relative to parent namespace
- namespace arrangement reduces hostname collisions
- up to 127 levels allowed
DNS: Concepts
Naming Hierarchy
- DNS nodes and hostname creation
DNS: Concepts
DNS Domains
DNS: Concepts
DNS Domains
- InterNIC - .com, .org, .net, .info, .biz, .us, etc.
- Arin - reverse IP address space
- Educause - .edu domains
- GSA (General Services Administration) - .gov domains
DNS: Implementation
Types of DNS servers
- Root DNS server
- Domain Primary/Master DNS server
- Domain Secondary/Slave DNS server
- Caching Only DNS server
DNS: Implementation
Issues with DNS servers
- Authoritative vs. non-Authoritative replies
- confirming information authenticity
- DNS zone updates
- AXFR zone transfers
- IXFR zone transfers
DNS Implementation
Protocol in Action
- The DNS client/server model
- Authoritative DNS servers
- DNS clients/resolvers
- types of DNS queries
- recursive/iterative
- non-recursive
DNS Implementation
A recursive query
DNS Implementation
An iterative, non-recursive query
DNS Implementation: Building a DNS server
Files required for a DNS server
- root.cache / named.root / db.cache
- db.localhost, db.127.0.0.1
- named.conf
- zone data files
- resolv.conf
- hosts.txt
DNS Implementation: Anatomy of the named.root file
- A sample of the named.root file
DNS Implementation: Anatomy of the named.conf file
- A sample of the named.conf file
DNS: Implementation: db.localhost and db.127.0.0.1
- db.localhost
- db.127.0.0.1
DNS Implementation: /etc/resolve.conf
DNS Implementation: /etc/hosts
DNS Implementation
- DNS Record types
- Basic
- SOA record
- primary maser nameserver, contact email, serial number, refresh, retry, expire, min TTL
- A record
- myterm.domain.unc.edu in a 152.2.24.153
- MX record
- myterm.domain.unc.edu in mx 0 mailhost.domain.unc.edu.
- Cname record
- me.domain.unc.edu in cname myterm.domain.unc.edu.
- PTR record
- 153.24.2.152.in-addr.arpa in ptr myterm.domain.unc.edu
- Information
- TXT record
- myterm.domain.unc.edu in txt "mymail@mailhost.unc.edu"
- HINFO record
- myterm.domain.unc.edu in hinfo "IBM-PCC" "WinXP-sp2"
DNS Implementation
- Other important DNS Record types
- Zone records
- -->
- Other Record types
- Extended function
- NAPTR, SRV, WKS, RP
- AFSDB, X25, ISDN, RT
- ... more to come!
DNS and IPv6 records
- the IPv6 AAAA/A6 records
- 8 groups of 4 hex digits (shortcuts allowed)
- ipv6-host in aaaa 4321:0:01:0212:3:4:567:89ab
- ipv6-host in a6 4321::1:221:3:4:567:89ab
- ip6.int PTR records
- 32 hex digits – no shortcuts!!
- b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.1.2.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.int
- b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.1.2.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.int.in ptr ipv6-host.domain.unc.edu.
DNS Security
- Typical DNS attacks
- cache poisoning
- spoofing
- DOS attacks
- TSIG keys
- DNSSEC
- Chroot jail
- user named with limited privilege
- Restricted access
- ACLs
- non-recursive queries
DNS IPAMs
- Why use an IPAM?
- Text files don't scale well to new security needs and IPv6 representation
- Better access to DNS data for reporting
- Some IPAM implementations
- Spreadsheets
- Databases
- Commercial applications
- Client/Server applications
- Web applications
- DNS Appliances
DNS Troubleshooting
- nslookup
- command line
- interactive
- zone dumps
- host
- dig
- whois
- Online tools
Break
DHCP: Background
- The need for Automatic configuration
- BootP
- used for printer configuration
- BootP server would tell a newly connected printer all setting needed to operate correctly on the network.
- static
- DHCP
- used to configure host that connect to the network
- DHCP configures a connecting computer for everything it will need to use the network to which it is attached.
- dynamic vs. static IP address allocation
DHCP at UNC
- Registering for DHCP at UNC
DHCP: Background
- The DHCP lease
- lease IP address
- lease start time
- lease expire time
- lease request time
- binding state
- (NIC) MAC address
- UserID
- Client hostname
- lease 152.23.136.222 {
starts 4 2006/03/23 14:50:58;
ends 4 2006/03/23 14:56:56;
tstp 4 2006/03/23 14:56:56;
binding state free;
hardware ethernet 00:05:4e:4b:25:75;
uid "\001\000\005NK%u"
client-hostname "NET-TODD-T42";
}
DHCP at UNC
- DHCP configuration
- Files needed
- DHCPD - the server program
- DHCPD.CONF - the program configuration file
- File produced
- Other files used
- configuration
- registrations.dhcp
- dhcpd.conf.tmpl
The DHCP protocol
- DHCP protocol
- DHCPDISCOVER
- DHCPOFFER
- DHCPREQUEST
- DHCPACKNOWLEDGE
The DHCP protocol
- new connection
- renew connection
DHCP and DNS
- DNS and DHCP
- all DHCP addresses must be defined in DNS
- DHCP can dynamically update DNS
- DyDNS
- MS Active Directory
- This can be a security problem if not done correctly
- the ability to add, change or delete all associated records
- DHCP and DNS
- DHCP must use the DNS server to resolve assigned hostnames
- DHCP can be used to configure IP networks based on subnet classes
DHCP Troubleshooting
- Mostly it works or it doesn't work
- the client unable to reach the server
- no link or connection path available (firewall)
- server not on same network segment
- no helper address installed on the router
- the server is unable to respond to the client
- server process has died
- rogue DHCP server is interfering with the response
- the server can't allocate an IP address
- ip address range exhausted
- host is unknown to the server
- IP address is already taken
- server is mis-configured for the client
DHCP Troubleshooting
- Server side
- /var/log/syslog or other designated log file
- network analyzers and sniffers
- Client side
- syslog
- network analyzers and sniffers
DNS and DHCP
