Domain Name System

2
3
4
5
6
Need for DNS
7

◻ If you want to…

Call someone, you need to ask for their phone number
■ You can’t just dial “P R O F G I L L ”
Mail someone, you need to get their address first
◻ What about the Internet?
If you need to reach Google, you need their IP
Does anyone know Google’s IP?
◻ Problem:
People can’t remember IP addresses
Need human readable names that map to IPs
8
Google Ip Adresses
9
◻ iPv4
◻ 64.233.160.0 – 64.233.191.255
◻ 66.102.0.0 – 66.102.15.255
◻ 66.249.64.0 – 66.249.95.255
◻ 72.14.192.0 – 72.14.255.255
◻ 74.125.0.0 – 74.125.255.255
◻ 209.85.128.0 – 209.85.255.255
◻ 216.239.32.0 – 216.239.63.255
◻ 64.18.0.0 - 64.18.15.255
◻ 108.177.8.0 - 108.177.15.255
◻ 172.217.0.0 - 172.217.31.255
◻ 173.194.0.0 - 173.194.255.255
◻ 207.126.144.0 - 207.126.159.255
◻ 216.58.192.0 - 216.58.223.255
◻ iPv6
◻ 2001:4860:4000:0:0:0:0:0 - 2001:4860:4fff:ffff:ffff:ffff:ffff:ffff
◻ 2404:6800:4000:0:0:0:0:0 - 2404:6800:4fff:ffff:ffff:ffff:ffff:ffff
◻ 2607:f8b0:4000:0:0:0:0:0 - 2607:f8b0:4fff:ffff:ffff:ffff:ffff:ffff
◻ 2800:3f0:4000:0:0:0:0:0 - 2800:3f0:4fff:ffff:ffff:ffff:ffff:ffff
◻ 2a00:1450:4000:0:0:0:0:0 - 2a00:1450:4fff:ffff:ffff:ffff:ffff:ffff
◻ 2c0f:fb50:4000:0:0:0:0:0 - 2c0f:fb50:4fff:ffff:ffff:ffff:ffff:ffff
Internet Names and Addresses
10

◻ Addresses, e.g. 129.10.117.100

Computer usable labels for machines
Conform to structure of the network
◻ Names, e.g. www.northeastern.edu
Human usable labels for machines
Conform to organizational structure
◻ How do you map from one to the other?
Domain Name System (DNS)
ICANN: Internet Corporation for Assigned Names and Numbers
What is ICANN's Role? ICANN is responsible for coordinating
the management of the technical elements of the DNS to ensure
universal resolvability so that all users of the Internet can find all
valid addresses.
History
11
◻ The idea of mapping human-readable hostnames to numerical addresses
originated in the 1970s, with ARPANET, the predecessor of the modern
internet. The Stanford Research Institute (SRI) was responsible for
maintaining a text file called hosts.txt that mapped hostnames to computer
addresses on ARPANET.
◻ Before DNS, all mappings were in hosts.txt
/etc/hosts on Linux
C:\Windows\System32\drivers\etc\hosts on Windows
◻ Centralized, manual system
Changes were submitted to SRI(Stanford Research Institute ) via
email
Machines periodically FTP new copies of hosts.txt
Administrators could pick names at their discretion
Any name was allowed
■ alans_server_at_sbu_pwns_joo_lol_kthxbye
Towards DNS
12

◻ Eventually, the hosts.txt system fell apart

Not scalable, SRI couldn’t handle the load
Hard to enforce uniqueness of names
■ e.g MIT
■ Massachusetts Institute of Technology?
■ Melbourne Institute of Technology?
Many machines had inaccurate copies of hosts.txt
◻ Thus, DNS was born
Interview question
13

◻ DNS uses which protocol at transport layer

Interview question
14

◻ DNS uses which protocol at transport layer

◻ Why DNS uses UDP by default protocol
◻ Does really TCP supports DNS when and why
◻ Which port number DNS is supported
Interview question
15

◻ Why DNS uses UDP by default protocol

◻ UDP is for primary queries.
◻ UDP is faster than TCP and UDP uses less network
resources
◻ Does really TCP supports DNS when and why
◻ TCP used in Zone transfer like big amount of data or
information which we want to share that time TCP will
come into the picture on port 53
16
Domain Name
17

◻ It is the sequence of labels. In domain name the

sequence of labels are separated by dot (.). The domain
name is always read from the lower level to higher level
i.e., from the leaf node to root node. Since the root node
always represent NULL string, all the domain name end
with dot.
18

Basic rules of Domain names

● Domain can consists of Alphabets a through z, and the digits 0 through 9.
● Hyphens are allowed, but hyphens can not be used as first character of a domain name.
● Spaces are not allowed
● Special symbols (such as !, $, &, _ and so on) are not permitted.
● Domain names have the minimum length of 2, and the maximum length of 63 characters.
The entire name may be at most 253 characters long.
● Domain names are not case-sensitive. (It may be upper, lower or mixing of both case letters)
19-3 DNS IN THE INTERNET

DNS is a protocol that can be used in different

platforms. In the Internet, the domain name space
(tree) is divided into three different sections: generic
domains, country domains, and the inverse domain
(see Figure 19.8).

19 TCP/IP Protocol
Suite
20
Domain Name Space
21
◻ Domain name space was designed to achieve hierarchical name space. In this, the
names are represented as a tree like structure with root element on the top and this
tree can have a maximum of 128 levels starting from root element taking the level
0 to level 127.
22

◻ The information which needs to be stored in Domain name

space is quite large. Single system would be inefficient and
insufficient to store such a huge amount as responding to
requests from all over the world. It also becomes unreliable
because in case of any failure the data becomes inaccessible.

◻ The solution to this problem is to distribute the information

among many computers. The best way to do that is to divide
the entire space into many domains and sub domains. DNS
also allows domains to be further divided into sub domains.
By this, the solution to the problem is obtained and hierarchy
of servers is also maintained.
23
24

"edu" is one of the top-level

domain names that can be used
when choosing a domain name. It
generally describes the entity
owning the domain educational
institution.
 Topics Discussed in the Section

✔ Generic Domains
✔ Country Domains
✔ Inverse Domain
✔ Registrar

25 TCP/IP Protocol
Suite
 Figure 19.8 DNS used in the Internet

26 TCP/IP Protocol
Suite
27
 Figure 19.9 Generic domains

28 TCP/IP Protocol
Suite
29 TCP/IP Protocol
Suite
30
31
32
 Figure 19.10 Country domains

33 TCP/IP Protocol
Suite
34
 Figure 19.11 Inverse domain

35 TCP/IP Protocol
Suite
36
DNS at a High-Level
37

◻ Domain Name System

◻ Distributed database
No centralization
◻ Simple client/server architecture
UDP port 53, some implementations also use TCP
Why?
◻ Hierarchical namespace
As opposed to original, flat namespace
e.g. .com google.com mail.google.com
38
NameSpace
39

◻ A namespace is a context within which the names of all

objects must be unambiguously resolvable. For example,
the internet is a single DNS name space, within which all
network devices with a DNS name can be resolved to a
particular address (for
example, www.microsoft.com resolves to 207.46. 131.13)
◻ Name Space
◻ The domain names must be very unique and appropriate.
The names should be selected from a names pace. The name
space can be organized in two ways
◻ ● Flat name space
◻ ● Hierarchical name space
40
41
Naming Hierarchy
42
Root

net edu com gov mil org uk f etc.

r
◻ Top Level Domains (TLDs) are at
neu mit the top
◻ Maximum tree depth: 128
ccs ece husky ◻ Each Domain Name is a subtree
.edu neu.edu ccs.neu.edu
www.ccs.neu.edu
www login mail ◻ Name collisions are avoided
neu.com vs. neu.edu
HierarchicalRootAdministration
name server
43

Verisign Root ICANN

net edu com gov mil org uk f etc.

r
◻ ICANN-Internet Corporation for
neu mit Assigned Names and Numbers
◻ Tree is divided into zones
Each zone has an administrator
ccs Responsible for the part of the hierarchy
◻ Example:
CCIS controls *.ccs.neu.edu
www login mail NEU controls *.neu.edu
TLD Top Level Domain
44

◻ A TLD is a top-level domain, which is the last segment

in a domain name as seen in the image below.

The sequence .ac (short for academia) is in use in many countries as a second-level
domain for academic institutions such as universities, colleges, and research
institutes.In the United Kingdom and Japan, for example, academic institutions use
domain names ending in .ac.uk and .ac.jp respectively.
TLD
45

◻ A TLD is used to help identify the website that it belongs to.

◻ For example, this could be its purpose, geographical area
where the website originates from, or the organization that
owns it.
◻ For example if you see a website that ends in .gov, then you
know that that website is a government run site.
◻ If you see a web address that ends in .uk, then you’ll know
that the person who registered that site is either a United
Kingdom resident or organization that does business in the
UK.
◻ The most common TLDs are generic and sponsored.
Generic TLDs are
46

◻ .com (commercial)

◻ .org (organization)

◻ .net (network)

◻ .name (name)

◻ .biz (business)

◻ .info (information
Sponsored TLDs are restricted and certain guidelines must be met by
the person or company that wants to use them. They are:
47
◻ .edu - Only educational institutions can use this.

◻ .int - This one is used by international organizations and requires a

United Nations registration number. It is only ever used for
treaty-related reasons.

◻ .gov - For use by the United States government .

◻ .mil - Can only be used by the United States military.

◻ .tel - Can only host contact info, never an actual website.

◻ .jobs - Can only be used by an organization or company in relation to

employment.
ICANN identifies the following categories
of TLDs:
48
◻ Infrastructure top-level domain (ARPA): This group consists of one domain, the Address
and Routing Parameter Area. It is managed by IANA on behalf of the Internet
Engineering Task Force for various purposes specified in the Request for Comments
publications.
◻ Generic top-level domains (gTLD): Top-level domains with three or more characters
◻ Restricted generic top-level domains (grTLD): These domains are managed under official
ICANN accredited registrars.
◻ Sponsored top-level domains (sTLD): These domains are proposed and sponsored by
private agencies or organizations that establish and enforce rules restricting the eligibility
to use the TLD. Use is based on community theme concepts; these domains are managed
under official ICANN accredited registrars.
◻ Country-code top-level domains (ccTLD): Two-letter domains established for countries or
territories. With some historical exceptions, the code for any territory is the same as its
two-letter ISO 3166 code.
◻ Internationalized country code top-level domains (IDN ccTLD): ccTLDs in non-Latin
character sets (e.g., Arabic, Cyrillic, Hebrew, or Chinese).
◻ Test top-level domains (tTLD): These domains were installed under .test for testing
purposes in the IDN development process; these domains are not present in the root zone.
Server Hierarchy
49

◻ Functions of each DNS server:

Authority over a portion of the hierarchy
■ No need to store all DNS names
Store all the records for hosts/domains in its zone
■ May be replicated for robustness
Know the addresses of the root servers
■ Resolve queries for unknown names
◻ Root servers know about all TLDs
The buck stops at the root servers
50
◻ Domain Name Space
◻ Domain name space was designed to achieve hierarchical name space. In
this, the names are represented as a tree like structure with root element
on the top and this tree can have a maximum of 128 levels starting from
root element taking the level 0 to level 127.
◻ Name Server is a main part in the Domain Name System (DNS). It
translate the domain names to IP addresses. Name server contains the
DNS database which consists of domain names and their corresponding
IP addresses. There is a need to store large number of domain names for
the world wide usage, so plenty of servers are used in the hierarchical
manner. Name servers do the important task of searching the domain
names. While you searching a website, Local Name server (provided by
ISP) ask the different name servers until one of them find out your
answer. At last it returns IP address for that domain name. Your
computer can now connect to the requested webpage stored on the
webserver.
Resolver
51

◻ The resolver is a program which is responsible for

initiating the translation of a domain name into an IP
address. Since a resolver is stored in the host, There is
no need of any protocol to form a connection between
the resolver and the user program.
Name server
52
Root Name Servers
53

◻ Responsible for the Root Zone File

Lists the TLDs and who controls them
~272KB in size

com. 172800 IN NS a.gtld-servers.net.

com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.

◻ Administered by ICANN
13 root servers, labeled A M
6 are anycasted, i.e. they are globally replicated
◻ Contacted when names cannot be resolved
In practice, most systems cache this information
Map of the Roots
54
55
56

A primary DNS server is the first point of contact for a browser,

application or device that needs to translate a human-readable
hostname into an IP address. The primary DNS server contains a
DNS record that has the correct IP address for the hostname.
The secondary DNS server is an authoritative server that obtains
information about a zone from the primary server via zone
transfer. (RFC 2182) The secondary DNS server is therefore tied to the
primary server.
A DNS zone is an administrative suvdivision of the DNS namespace.
 Note

A primary server loads all information

from the disk file; the secondary server
loads all information from the primary
server.

When the secondary downloads

information from the primary, it is
called zone transfer.
57 TCP/IP Protocol
Suite
DNS name servers are usually split into
two categories:
58

◻ a. Authoritative name servers

◻ b. Non-authoritative name servers or Recursive name
servers
Authoritative
59

◻ This server holds the records for a domain. It controls

which records are being used. This is where you go to
add new A/CNAME/MX records within a portal. You
are in control of the records.
◻ If you own a domain name, at some point you will need
to use an Authoritative DNS server to map your domain
names to an IP address. This is only done on an
Authoritative DNS server.
Authoritative Servers
60

◻ The authoritative name servers that serve the DNS root

zone, commonly known as the “root servers”, are a
network of hundreds of servers in many countries
around the world. They are configured in the DNS root
zone as 13 named authorities, as follows
LIST of Root Servers
61
HOSTNAME IP ADDRESSES OPERATOR

a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 Verisign, Inc.

b.root-servers.net 199.9.14.201, 2001:500:200::b University of Southern California,

Information Sciences Institute

c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications

d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland

e.root-servers.net 192.203.230.10, 2001:500:a8::e NASA (Ames Research Center)

f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc.

g.root-servers.net 192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC)

h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab)

i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod

j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 Verisign, Inc.

k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC

l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN

m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Project

Root servers in India
62

◻ ROOT SERVERS
◻ NIXI has sponsored three Root Servers, at Mumbai (I
Root), Delhi ( K Root) and Chennai (F Root). These are
hosted at our Exchange points at these locations.
Non-authoritative/Recursive
63

◻ This server does NOT hold any record for a domain but
instead has a cache file that was built with all the DNS
lookups it has performed in the past which received an
authoritative response. If there’s not record in it’s cache,
it will look for the Authoritative.
Nslookup command
64

◻ Nslookup (stands for “Name Server Lookup”) is a useful command

for getting information from the DNS server. It is a network
administration tool for querying the Domain Name System (DNS)
to obtain domain name or IP address mapping or any other specific
DNS record. It is also used to troubleshoot DNS-related problems.
◻ The DNS 'start of authority' (SOA) record stores important
information about a domain or zone such as the email address of the
administrator, when the domain was last updated, and how long the
server should wait between refreshes.
◻ set type=<resourcerecordtype>
 65
Description
Specifies a DNS resource record type. The default resource record type is A, but you can use any of the following
values:
A: Specifies a computer's IP address.
ANY: Specifies a computer's IP address.
CNAME: Specifies a canonical name for an alias.
GID Specifies a group identifier of a group name.
HINFO: Specifies a computer's CPU and type of operating system.
MB: Specifies a mailbox domain name.
MG: Specifies a mail group member.
MINFO: Specifies mailbox or mail list information.
MR: Specifies the mail rename domain name.
MX: Specifies the mail exchanger.
NS: Specifies a DNS name server for the named zone.
PTR: Specifies a computer name if the query is an IP address; otherwise, specifies the pointer to other
nformation.
SOA: Specifies the start-of-authority for a DNS zone.
TXT: Specifies the text information.
UID: Specifies the user identifier.
UINFO: Specifies the user information.
WKS: Describes a well-known service.
Example
66
67

◻ ipconfig /displaydns
◻ To delete the entries, type ipconfig /flushdns
Recursive DNS
68
Iterative Resolution
a.root
server
69

a3.nstl a.gtld-
d.com server
5
udel ns1.goo
server gle.com
3 iterative response (referral)7
“I don't know. Try a.root-servers.net.”
iterative response (referral) 9
“I don't know. Try a.gtld-servers.net.”
1 iterative response (referral)
iterative response (referral)
“I don't know. Try a3.nstld.com.”
2 4 “I don't know. Try ns1.google.com.”
6 iterative response
8 “The IP address of www.google.com
Local 10 is 216.239.37.99.”
dns
iterative request
“What is the IP address of
www.google.com?”
DNS Server Class
70

◻ All DNS servers fall into one of four categories:

Recursive resolvers, root nameservers, TLD
nameservers, and authoritative nameservers. In a typical
DNS lookup (when there is no caching in play), these
four DNS servers work together in harmony to complete
the task of delivering the IP address for a
specified domain to the client (the client is usually a
stub resolver - a simple resolver built into an operating
system).
◻ https://ns1.com/resources/dns-types-records-servers-and
-queries
Local Name Servers
71 Where is
google.com?

Northeastern

◻ Each ISP/company has a local, default name server

◻ Often configured via DHCP
◻ Hosts begin DNS queries by contacting the local name
server
◻ Frequently cache query results
Authoritative Name Servers
72

www.neu.edu =
Where is www.neu.edu
155.33.17.68
www.neu.edu?

Northeastern
Root edu neu

Authority Authority for

for ‘edu’ ‘neu.edu’

◻ Stores the name IP mapping for a given host

Basic Domain Name Resolution
73

◻ Every host knows a local DNS server

Sends all queries to the local DNS server
◻ If the local DNS can answer the query, then you’re done
1. Local server is also the authoritative server for that name
2. Local server has cached the record for that name
◻ Otherwise, go down the hierarchy and search for the
authoritative name server
Every local DNS server knows the root servers
Use cache to skip steps if possible
■ e.g. skip the root and go directly to .edu if the root file is cached
 Recursive DNS Query
74
www.google.com
Where is www.google.com?

◻ Puts the burden of resolution

on the contacted name server
◻ How does asgard know who to
forward responses too?
ns1.google.com
Random IDs embedded in DNS asgard.ccs.neu.edu
queries

com

Root
 Iterated DNS query
75
www.google.com
Where is www.google.com?

◻ Contact server replies with

the name of the next
authority in the hierarchy
asgard.ccs.neu.edu ns1.google.com
◻ “I don’t know this name,
but this other server might”
◻ This is how DNS works
today com

Root
DNS Propagation
76

◻ How many of you have purchased a domain name?

Did you notice that it took ~72 hours for your name to
become accessible?
This delay is called DNS Propagation
www.my-new-site.com

Root com

asgard.ccs.neu.edu ns.godaddy.com

◻ Why would this process fail for a new DNS name?

Caching vs. Freshness
77

◻ DNS Propagation delay is caused by caching

Where is That name does • Cached Root Zone File
www.my-new-site.com?not exist. • Cached .com Zone File
• Cached .net Zone File
• Etc.

asgard.ccs.neu.edu

Root
◻ Zone files may be cached com
for 1-72 hours

www.my-new-site.com ns.godaddy.com
What Are DNS Records?
78

◻ When you enter an internet address in the browser, the

system first has to look up which IP address belongs to this
domain.
◻ This sometimes occurs even in the computer’s memory
itself, often in the internet provider’s database or other DNS
servers, and in cases of uncertainty, via one of the large root
servers that monitor the entire Domain Name System as
authority entities.
◻ In order to perform a name resolution, the DNS records,
specifically the resource records, must be searched for in the
DNS and/or name servers.
◻ Here, each IP address (known to the server) is assigned a
domain name.
How Do DNS Records Work?
79

◻ DNS records are primarily located in zone files. With

respect to DNS, a zone denotes an organizational area.
It is possible for a domain to consist of a single zone.
Extensive domains, however, are often divided into
several zones.
◻ Each DNS server is responsible for a zone. If a client
therefore wishes to activate a specific domain, it (or
more specifically, the DNS server) has a look in the
zone files for the appropriate records and forwards the
request to a lower-level server until the final destination
is reached.
DNS Record Syntax
80

◻ Resource records are structured according to a simple

system and coded in ASCII. There is a separate line for
each DNS record. The records typically follow the
following format:

◻ <name> <ttl> <class> <type> <rdlength> <radata>

<name> <ttl> <class> <type> <rdlength> <radata>

81
◻ <name>: The domain name is the name that the user enters into their
browser.
◻ <ttl>: TTL stands for “time to live” and denotes the time (in seconds)
that a record may be temporarily stored in the cache. After the time has
lapsed, it cannot be ensured that the resource record is still current. This
information is optional.
◻ <class>: In theory, there are different classes of DNS records. In
practice, however, the records always refer to the internet (marked as
IN), which is why this information is also optional.
◻ <type>: Different types of resource records appear in a zone file (for
more on this, see below).
◻ <rdlength>: This optional field specifies the size of the subsequent data
field.
◻ <rdata>: Resource data is the information according to which the
domain name can be resolved (such as the IP address).
The DNS record for the example.com web
server thus looks like this:
82

◻ www.example.com. 12879 IN A 93.184.216.34

◻ A client can store the record for 12,879 seconds (around
three and a half hours) in the cache before the
information must again be requested from the DNS
server. It involves a DNS record on the internet (IN) and
a type A record (A). The domain is resolved to an IP
address.
83

◻ Another notation is also possible:

◻ $TTL 12879
◻ $ORIGIN example.com.
◻ www A 93.184.216.34
◻ This notation illustrates that the computer with the name
www is part of the example.com domain. This way,
other computers such as mail or ftp can be placed under
the origin domain.
The Most Important DNS Record
Types
84
◻ A Record
◻ The largest portion of name resolution on the internet takes place via the
type A record. An IPv4 address is located in its data field. Through these
records, it is possible for the internet user to enter a domain name in the
browser and for the client to send an HTTP request to the appropriate IP
address. Since an IPv4 address always has a size of 4 bytes, the value
under rdlength – if specified – is always 4.

◻ AAAA Record
◻ An AAAA record, also known as “quad A”, functions exactly like the A
record. However, it uses an IPv6 address instead of an IPv4 address to
resolve the name. Because IPv6 has a length of 128 bits (16 bytes), the
data field length is also predefined here. The AAAA designation is
based on the fact that the data field has four times the length of an A
record data field.
85
◻ SOA Record
◻ SOA stands for Start of Authority. The records for this type contain
information on the zone that is organized by the zone file and/or the
DNS server. This is important – among other scenarios – during a zone
transfer. Here, zone files are mirrored to other servers in order to prevent
failures. The zone transfer regulates the periodic distribution of the
original file. In this kind of DNS record, a serial number is therefore also
placed next to the mailing address of the responsible administrator. This
increases with each file update.

◻ CNAME Record
◻ Under a CNAME record (canonical name record), one finds an alias – an
additional name for a domain. Using this, the record refers to an existing
A record or AAAA record. With this type, the rdata field is filled with a
domain name that was previously linked with an IP address in the file. In
this way, different addresses can refer to the same server.
86
◻ MX Record
◻ An MX record refers to a mail exchange or an SMTP email server. One
or several email servers are defined here that belong to the relevant
domain. When using several mail servers (for example, to offset a
failure), they specify different priority levels. In this way, the DNS
knows in which sequence the contact attempt should proceed.

◻ PTR Record
◻ The PTR record (pointer) is a DNS record that permits a reverse lookup.
Through this technique, the DNS server can also provide information
regarding which host names belong to a specific IP address. For every IP
address that is used in A or AAAA records, there also exists a
corresponding PTR record. At the same time, the IP address is structured
in reverse sequence and is also provided with the name of a zone.
87
◻ NS Record
◻ In the NS record – a zone file’s name server record – the
jurisdiction for a specific zone is clarified. For this reason, this
record is mandatory for each zone file. This resource record gives
the DNS server information on whether it is responsible for the
request – thus requiring it to organize the relevant zone – and to
whom it must forward the request.

◻ TXT Record
◻ The TXT record contains text that either is intended for human
users as an information source or is machine-readable
information. This DNS record gives an administrator the option of
storing unstructured Text (in contrast to the structured data of the
other DNS records). This could also include details about the
company behind the domain.
88

◻ SRV Record
◻ Via the SRV record, a server can provide information
about other services (SRV). For this purpose, the service,
including the port at which it can be reached, is specified. In
addition, the used protocol forms part of the name. Via the
DNS record, a client can receive information on LDAP or
XMPP services.
◻ LOC Record
◻ Through the LOC record, the location of the physical
server can be disclosed. For this purpose, the latitude,
longitude, height above sea level as well as an error
deviation are given at the end of the record.
Zone File
89

◻ In the zone file (a type of simple text file), all of the

DNS records are listed. In order for the data to be
correctly processed, specific guidelines must be
observed. Otherwise the DNS cannot function, and the
client will receive the SERVFAIL error message. For
this reason, it is necessary to adhere to a special
structure: Initially the zone name is specified, and then,
in many cases, the TTL. Adding the time information
right here has the advantage that, in the individual
resource records, the information can be omitted. The
TTL is then valid globally for the entire zone.
90

◻ $ORIGIN example.com.
◻ $TTL 12879
◻ The first DNS record is a SOA record. Without this, a
zone file cannot function. Conversely, a zone file is then
also valid only if the SOA record is available. After that,
there are the first records for the name server, and then
the A and AAAA records.
DNS Resource Records
91

◻ DNS queries have two fields: name and type

◻ Resource record is the response to a query
Four fields: (name, value, type, TTL)
There may be multiple records returned for one query
◻ What do the name and value mean?
Depends on the type of query and response
 DNS Types
92

Query
◻ Type = A / AAAA Name: www.ccs.neu.edu
Name = domain name Type: A
Value = IP address

Resp.
Name: www.ccs.neu.edu
A is IPv4, AAAA is IPv6 Value: 129.10.116.81

◻ Type = NS
Name = partial domain Query Name: ccs.neu.edu
Type: NS
Value = name of DNS
server for this domain
Resp.

Name: ccs.neu.edu
“Go send your query to this Value: 129.10.116.51
other server”
DNS Types, Continued
93

Type = CNAME

Query
◻ Name: foo.mysite.com
Name = hostname Type: CNAME
Value = canonical

Resp.
hostname Name: foo.mysite.com
Useful for aliasing Value: bar.mysite.com
CDNs use this

◻ Type = MX Query Name: ccs.neu.edu

Type: MX
Name = domain in email
address
Resp.

Name: ccs.neu.edu
Value = canonical name of Value: amber.ccs.neu.edu
mail server
Reverse Lookups
94

◻ What about the IP name mapping?

◻ Separate server hierarchy stores reverse mappings
Rooted at in-addr.arpa and ip6.arpa
◻ Additional DNS record type: PTR
Name = IP address
Value = domain name
◻ Not guaranteed to exist Query Name: 129.10.116.51
Type: PTR
for all IPs
Resp.

Name: 129.10.116.51 Value:

ccs.neu.edu
DNS as Indirection Service
95

◻ DNS gives us very powerful capabilities

Not only easier for humans to reference machines!

◻ Changing the IPs of machines becomes trivial

e.g. you want to move your web server to a new host
Just change the DNS record!
Aliasing and Load Balancing
96

◻ One machine can have many aliases

www.reddit.com david.choffnes.co
m
www.foursquare.com alan.mislo.v
e
www.huffingtonpost.com *.blogspot.com

◻ One domain can map to multiple machines

www.google.com
Content Delivery Networks
97

DNS responses may

vary based on
geography, ISP, etc
98
99
100
101
102
 The Importance of DNS
103

◻ Without DNS…
How could you get to any websites?
◻ How about your mail server
When you sign up for websites, you use your email address
What if someone hijacks the DNS for your mail server?
◻ DNS is the root of trust for the web
When a user types www.bankofamerica.com, they expect to
be taken to their bank’s website
What if the DNS record is compromised?
 Denial Of Service
104

◻ Flood DNS servers with requests until they fail

◻ October 2002: massive DDoS against the root name
servers
What was the effect?
… users didn’t even notice
Root zone file is cached almost everywhere
◻ More targeted attacks can be effective
Local DNS server cannot access DNS
Authoritative server cannot access domain
 DNS Hijacking
105

◻ Infect their OS or browser with a virus/trojan

e.g. Many trojans change entries in /etc/hosts
*.bankofamerica.com evilbank.com
◻ Man-in-the-middle

◻ Response Spoofing
Eavesdrop on requests
 Where is
DNS Spoofing
bankofamerica.com? 123.45.67.89
106
How do you know that a given
name IP mapping is correct?

Where is dns.bofa.com

bankofamerica.com?
66.66.66.93
123.45.67.89

dns.evil.com

66.66.66.93
 Where is
DNS Cache Poisoning
www.google.com? www.google.com =
Where is
107
bankofamerica.com? 74.125.131.26

dns.neu.edu ns1.google.com

◻ Until the TTL expires, all queries for BofA to

bankofamerica.com =
dns.neu.edu will return poisoned result
◻
66.66.66.92
Much worse than spoofing/man-in-the-middle
Whole ISPs can be impacted!
 How will the attacker get his entry into the
cache? 2 ways
108

◻ 1. Tell resolver that NS for victim is at adversary’s IP

Issue query: subdomain.attacker.example IN A
Attacker’s response:
◻ Answer: (no response)
◻ Authority Section: attacker.example. 3600 IN NS ns.target.example.
◻ Additional Section: ns.target.example. IN A w.x.y.z

Adversary says “authoritative server for my domain is

ns.target.example and oh by the way here is the IP for it
(adversary’s IP)
 How will the attacker get his entry into the
cache? 2 ways
109

◻ 2. Redirect the NS record to the adversary’s domain

Issue query: subdomain.attacker.example IN A
Answer: (no response)
Authority section:
■ Target.example. 3600 IN NS ns.attacker.example.
Additional section:
■ Ns.attacker.example. IN A w.x.y.z

The attacker has inserted an unrelated piece of

information that will be cached by the server
(that target.example.’s ADNS is ns.attacker.example.)
 Solution: DNSSEC
110

◻ Cryptographically sign critical resource records

Resolver can verify the cryptographic signature
◻ Two new resource types Creates a hierarchy of
Type = DNSKEY trust within each zone
■ Name = Zone domain name
Prevents hijacking
■ Value = Public key for the zone and spoofing
Type = RRSIG
■ Name = (type, name) tuple, i.e. the query itself
■ Value = Cryptographic signature of the query results
◻ Deployment
On the roots since July 2010
Verisign enabled it on .com and .net in January 2011
Comcast is the first major ISP to support it (January 2012)
 DNSSEC Hierarchy of Trust
111

Root Zone (ICANN)

.com (Verisign)

IP:
IP:123.45.67.89
66.66.66.93
Key: < >
Where is SIG:
SIG: 9na8x7040a3
x9fnskflkalk
bankofamerica.com? dns.bofa.com
dns.evil.com
 Does DNSSEC Solve all our
problems?
112

◻ No.
◻ DNS still vulnerable to reflection attacks + injected
responses
113