Download 02_Domain Name System (DNS)

Domain Name System
(DNS)
What Is a Domain Namespace?
Root Domain
Top-Level Domain
net
org
nwtraders
Second-Level Domain
Subdomains
com
west
FQDN:
server1.sales.south.nwtraders.com
south
sales
east
Host: server1
Network Service -2
Standards for DNS Naming
The following characters are valid for DNS names:
A-Z
a-z
0-9
Hyphen (-)
The underscore (_) is a reserved character
Network Service -3
What Are the Components of a DNS Solution?
Resource
Record
Root “.”
.com
Resource
Record
DNS Clients
DNS Servers
.edu
DNS Servers on the Internet
Network Service -4
What Is a DNS Query?
DNS server에 name resolution 요청하는 방법인 DNS Query가
Recursive(재귀) 와 iterative(반복) Query 2가지가 있다.


DNS clients and DNS servers both initiate queries for name
resolution
An authoritative DNS server for the namespace of the
query will either:
 Check the cache, check the zone, and return the requested IP
address
 Return an authoritative, “No”

A non-authoritative DNS server for the namespace of the
query will either:
 Forward the unresolvable query to a specific query server
called a Forwarder
 Use root hints to locate an answer for the query
Network Service -5
How Recursive Queries Work
Recursive(재귀) Query는 DNS client가 Local DNS Server에
Query를 보내는 종류의 Query로 Query에 대한 응답이 올 때 까지
Query를 계속적으로 Query 보내는 방법을 말한다.
DNS server checks the forward lookup
zone and cache for an answer to the query
Recursive query for
mail1.nwtraders.com
172.16.64.11
Computer1
Database
Local DNS Server
Network Service -6
How Root Hint Works
Root hints 란
Local DNS Server에 Query에 대한 IP addresses 정
보가 없을 때 Local DNS Server가 DNS root servers에게 Query를
보내는 것을 말한다.
Cluster of
DNS Servers
Cluster of
Root (.) Servers
Root Hints
DNS Server
Computer1
com
microsoft
Network Service -7
How Iterative Queries Work
Iterative(반복) Query란 Root server가 하는 것이다. 이름 풀이를 할 때 영역
파일에 정보를 가지고 있을 때만 이름 풀이를 할 것이다. 만일 그렇지 않다면
다른 DNS server들에 Query를 보내는 것을 말한다.
Iterative Query
Local
DNS Server
Ask .com
Root Hint (.)
1
.com
2
Computer1
3
nwtraders.com
Network Service -8
How Forwarders Work
Forwarder(전달자)는 외부 DNS(Domain Name System) 이름에 대한 DNS
쿼리를 네트워크 외부의 DNS 서버에 Forward(전달)하는 데 사용되는
네트워크의 DNS 서버입니다.
Iterative Query
Forwarder
Ask .com
Root Hint (.)
.com
Local
DNS Server
nwtraders.com
Computer1
Network Service -9
How DNS Server Caching Works
Caching Table
Host Name
IP Address
clientA.contoso.msf
t.
192.168.8.4
4
TTL
28
seconds
Where’s
ClientA Client
is at
192.168.8.44
A?
ClientA
Client1
Client2
ClientA Client
is at
Where’s
192.168.8.44
A?
Caching이란 최근에 접근한 정보를 액세스를 빠르게 하기 위해서
메모리에 저장하는 과정을 말한다.
Network Service -10
How DNS Data Is Stored and Maintained
Namespace: training.nwtraders.msft
DNS Server
Resource records for the zone
training.nwtraders.msft
Zone File:
Training.nwtraders.msft.dns
DNS ClientA
DNS ClientB
Host name
IP address
DNS ClientA
192.168.2.45
DNS ClientB
192.168.2.46
DNS ClientC
192.168.2.47
DNS ClientC
Resource record (RR) 는 DNS 쿼리를 처리하는데 사용되는 정보를
포함하고 있는 표준 DNS 데이터베이스 구조
zone 은 DNS 데이터베이스에서 DNS 서버에 의해 하나의 별개 항목으로
관리되는 DNS 트리의 연속되어 있는 부분.
Network Service -11
What Are Resource Records and Record Types?
Record type
Description
A
Resolves a host name to an IP address
PTR
Resolves an IP address to a host name
SOA
The first record in any zone file
SRV
Resolves names of servers providing services
NS
Identifies the DNS server for each zone
MX
The mail server
CNAME
Resolves from a host name to a host name
Network Service -12
What Is a DNS Zone?
Nwtraders
South
North
West
Sales
Support
Training
Network Service -13
What Are DNS Zone Types?
Zones
Read/Write
Description
Read/write copy of a DNS database
Primary
Read-Only
Read-only copy of a DNS database
Secondary
Copy of
limited
records
Copy of a zone containing limited records
Stub
Network Service -14
How to Change a DNS Zone Type
Your instructor will demonstrate how to change a DNS
zone type
Network Service -15
What Are Forward and Reverse Lookup Zones?
Namespace: training.nwtraders.msft.
DNS Server Authorized
for training
DNS Client2 = ?
Forwar
d zone
Revers
e zone
192.168.2.46 = ?
Training
DNS Client1
192.168.2.4
5
DNS Client2
192.168.2.4
6
DNS Client3
192.168.2.4
7
192.168.2.4
5
DNS Client1
1.168.192.
192.168.2.4
in6
addr.arpa
192.168.2.4
7
DNS Client2
DNS Client3
DNS Client3
DNS Client1
DNS Client2
Network Service -16
How DNS Zone Transfers Work
DNS zone transfer는 DNS servers에서 zone data를
synchronization(동기화) 및 authoritative(인증) 작업을 한다.
Secondary Server
1
SOA query for a zone
2
SOA query answered
3
IXFR or AXFR query for a zone
4
IXFR or AXFR query answered
(zone transfer)
Primary and
Master Server
Network Service -17
How DNS Notify Works
DNS notify는 Primary의 Zone 데이터베이스가 수정되었음을 해당
Zone의 Authority를 갖는 Secondary 서버로 알려주어 Primary와
Secondary 네임서버의 동적 동기화를 가능케 한다.
1
Destination Server
2
Secondary Server
Resource record
is updated
SOA serial number
is updated
3
DNS notify
4
Zone transfer
Source Server
Primary and
Master Server
Network Service -18
Lesson: Configuring a DNS Client



How Preferred and Alternate DNS Servers Work
How Suffixes Are Applied
How to Configure a DNS Client
Network Service -19
How Preferred and Alternate DNS Servers Work
3. Optionally, you can enter a whole
list of alternate DNS servers
1. The preferred
DNS server is
the one that the
client tries first
2. If the preferred server
fails, the client tries the
alternate DNS server
4. The preferred and alternate
DNS servers specified on the
Properties page automatically
appear at the top of this list,
and preferred and alternate
servers are queried in the
order they are listed
Network Service -20
How Suffixes Are Applied
Suffix Selection
option
Domain suffix
search list
Name query = server1
server1.sales.south.nwtraders.com
server1.south.nwtraders.com
server1.nwtraders.com
Connection
Specific Suffix
Network Service -21
What Is Delegation of a DNS Zone?
Namespace: training.nwtraders.msft
The administrator, at the
nwtraders.com level of the
namespace, delegates authority
for training.nwtraders.com and
offloads administration of DNS
for that part of the namespace
Training.nwtraders.com now
has its own administrator and
DNS server to resolve queries
in that part of the
namespace/organization
DNS server
training.nwtraders.msft
DNS server
training.nwtraders.msft
Delegation(위임)은 도메인 이름에 대한 책임을 네트워크상의 각기 다른
DNS 서버에 분산시키는 프로세스..
Network Service -22
Lab : Domain Name System(DNS) LAB
1. Windows 2003 Server를 이용하여 DNS 서버
를 구성하고 XP에서 Name Query를 실행한다.
2. DNS Server에 다음 Record를 구성한다.
1.
2.
3.
4.
A
PTR
MX
CNAME
Network Service -23