0% found this document useful (0 votes)
22 views11 pages

Chapter4 - DNS

Uploaded by

Nguyễn Du
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
22 views11 pages

Chapter4 - DNS

Uploaded by

Nguyễn Du
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

VNUHCM UNIVERSITY OF SCIENCE

FACULTY OF ELECTRONICS TELECOMMUNICATIONS


DEPARTMENT OF TELECOMMUNICATIONS NETWORKS

COURSE
Network Technology

Network Basic Input/Output System


Chapter 1 (NetBIOS)
DOMAIN NAME SYSTEM
04
Editor: Nguyen Viet Ha, Ph.D.

Lecturer: Nguyen Minh Tri, Ph.D. Email: [email protected] 2

NetBIOS NetBIOS
While FQDNs (Fully qualified domain name ) The 16th character is reserved to identify the functionality (service) that
are the preferred method for identifying computers on networks today, is installed on the registered network device.
NetBIOS to identify systems on a network, and many apps still
support NetBIOS.

NetBIOS is a legacy protocol that has been used in Microsoft operating


systems since 1985 to identify computers on a network.
NetBIOS name is generated from the first 15 characters of the
computer name.

\\server1\data Cmd>

NetBIOS name (NetBIOS over TCP/IP statistic)


3/42
/50 4/42
/50
NetBIOS NetBIOS
NetBIOS names must be resolved to IP addresses before you are able To reduce NetBIOS name broadcasts as well as ensure that NetBIOS
to connect to them. names can be resolved for computers on other LANs in your
By default, your computer will send a NetBIOS broadcast on the organization, you can implement one or more Windows Internet Name
network to resolve the NetBIOS name. Service (WINS) servers to provide centralized NetBIOS name
resolution that does not use broadcasts.
Because broadcasts are interpreted by each computer on the LAN, each
NetBIOS name resolution request results in additional processor cycles
for each computer as well as increased network traffic.

Routers do not forward broadcast traffic to other LANs Must be


on the same LAN.

5/42
/50 6/42
/50

NetBIOS NetBIOS

7/42
/50 8/42
/50
NetBIOS
To configure a Windows Server computer as a WINS server, you must
install and configure the WINS Server feature.

2 Domain Name System (DNS)

9/42
/50 10

Understanding DNS Understanding DNS


DNS is a hierarchical namespace used to identify computers on large IP DNS servers have resource records that contain the FQDN (Fully
networks such as the Internet. qualified domain name) and IP information for computers in a zone.
Each part of this namespace is called a zone
(Root)

DNS servers typically resolve:


FQDNs to IP addresses (called a forward lookup)
IP addresses to FQDNs (called a reverse lookup)
11/42
/50 12/42
/50
DNS Lookup Process DNS Lookup Process
Step 1:
The client computer (resolver) first
checks its DNS cache to see if the
IP address for
is listed from a previous forward
lookup request.

13/42
/50 14/42
/50

DNS Lookup Process


Recursive
DNS Lookup Process
Recursive Iterative query
query query
Step 2: Step 3:
Client sends a forward lookup If it has not, the ISP DNS server
request to Preferred DNS server, or contacts a DNS server for the
the Alternate DNS server. .com top-level zone and repeats
The Preferred DNS server is the forward lookup request for
typically a DNS server at your ISP. (called a
iterative query).

Step 4:
If the ISP DNS server has recently resolved and The .com DNS server will not contain the IP address for the
placed the result in its DNS cache, computer in its zone
It returns the result immediately to the client computer (called an But will reply with the IP address of a DNS server for the
recursive query) microsoft.com zone.
15/42
/50 16/42
/50
DNS Lookup Process
Recursive Iterative query DNS Lookup Process
query
Step 5: Step 6:
The ISP DNS server then contacts The DNS server for the microsoft.com
the DNS server for the domain contains a resource record
microsoft.com zone and repeats that lists the IP address for the
the forward lookup request for computer and
(another Iterative query returns this IP address to the ISP DNS
iterative query). server.

17/42
/50 18/42
/50

DNS Lookup Process DNS Lookup Process


Step 7: All DNS servers contain a root hints
The ISP DNS server caches the file that contains the IP addresses of
result for future use and then DNS servers that hold top-level DNS
relays it to the client computer. zones.

The amount of time that a computer is


able to cache the result of a lookup is
determined by the Time To live (TTL)
property of the resource record.
Step 8:
The client computer also caches the result for future use before Caching Table
connecting to the IP address of the Web server. Host Name IP Address TTL
clientA.hcmus.edu.vn 192.168.8.44 28s
19/42
/50 20/42
/50
DNS Lookup Process DNS Lookup Process (in an organization)
Authoritative DNS server: A DNS server that contains resource Organizations often deploy their own DNS servers that host zones
records for one or more zones. needed for Active Directory.
Ex: the DNS server. Normally, are also domain controllers
Each computer joined domain must be configured to contact an
organization DNS server instead of the ISP DNS server.

Caching-only DNS server: A


DNS server that does not contain Organization DNS servers are configured to relay forward lookup
any zones, but instead relays requests for zones that they do not host to ISP DNS servers.
forward lookups and caches the These organization DNS servers forward requests they cannot
results. resolve to other DNS servers (forwarder) instead of using root
Ex: The ISP DNS. hints.

21/42
/50 22/42
/50

DNS Lookup Process (in an organization) DNS Lookup Process (in an organization)
Forwarding
Step 1: Step 3:
The client computer first checks its If it does not, the organization
DNS cache to see if the IP address DNS server relays the forward
for was lookup request to ISP DNS server.
previously resolved. If the ISP DNS server contains
the IP address for Forwarder
in cache, it
Step 2:
returns the result immediately
If not available, sending a forward lookup request for to the client computer.
to the organization DNS server listed in network
interface properties. Step 4:
If the organization DNS server contains the IP address for If it does not, the ISP DNS server contacts a DNS server for the .com
in its DNS cache from a previous lookup, it top-level zone and repeats the forward lookup request for
returns the result immediately to the client computer. docs.microsoft.com.
23/42
/50 24/42
/50
DNS Lookup Process (in an organization) DNS Lookup Process (in an organization)
Step 5: Step 7:
The .com DNS server replies with The DNS server for the
the IP address of a DNS server for domain returns
the microsoft.com zone. the IP address for the
computer
to the ISP DNS server

Step 6:
The ISP DNS server then contacts the DNS server for the
microsoft.com zone and repeats the forward lookup request for Step 8
docs.microsoft.com. The ISP DNS server caches the result for future use and then relays it
to the organization DNS server

25/42
/50 26/42
/50

DNS Lookup Process (in an organization) DNS Lookup Process (in an organization)
Step 9: In some environments, an organization DNS server may relay requests
The organization DNS server also to other organization DNS servers before those requests are relayed to
caches the result for future use an ISP DNS server.
and then relays it to the client
computer
Relaying requests to other organization DNS servers increases the
likelihood that a lookup is resolved quickly using an entry in the DNS
cache on a DNS server in the organization.
Step 10: Consequently, having multiple default forwarders in an organization
provides faster name resolution.
The client computer then caches the result for future use before
connecting to the IP address of the docs.microsoft.com Web server.

27/42
/50 28/42
/50
Authoritative DNS Server Types Authoritative DNS Server Types
Each zone typically has more than one authoritative DNS server to In Step 5, the DNS server will reply with the IP addresses of the
ensure that names can be resolved if one server is unavailable. primary and secondary DNS servers for .
The ISP DNS server will then contact the first IP address in Step 6 or
Primary DNS server: The first DNS server in a zone. the second IP address if no response is received from the first IP
o Contains a read-write copy of a zone file that stores resource address.
records for the zone.

Secondary DNS servers: Additional DNS servers.


o Contain a read-only copy of the zone file from the primary DNS
server that they can use to respond to DNS lookup requests.

Zone transfer: New resource records are added to the primary DNS
server, and secondary DNS servers periodically copy the new records
from the primary DNS server.
29/42
/50 30/42
/50

Authoritative DNS Server Types Authoritative DNS Server Types


The organization DNS server is also a domain controller (Active To provide fault tolerance for Active Directory and Internet FQDN
Directory-integrated primary DNS server) resolution, an organization should have a minimum of two DNS servers.
Read-write copy of the zone file can be stored in the Active
Directory database and replicated to other domain controllers that
Moreover, each of these organization DNS servers should also be
are also configured as DNS servers.
configured to relay Internet FQDN lookups to at least two different ISP
DNS servers.

New resource records can also be copied from an Active Directory-


integrated primary DNS server to a secondary DNS server (that is not a
domain controller) using a zone transfer.

31/42
/50 32/42
/50
Accessing DNS Servers in Other Organizations Accessing DNS Servers in Other Organizations
When an Active Directory domain is implemented, most organizations However, there are times when one organization may need to resolve
choose to use a domain name that is not registered with the top-level FQDNs for another Active Directory zone, and vice versa.
DNS servers on the Internet. For example, in order to create a trust relationship between two
E.g., domain1.local Active Directory domains in different organizations.
o The DNS servers in
each organization must
be able to resolve the
FQDNs for the other
Active
Directory zone.

Can configure the existing organization DNS servers in each


This is considered secure practice as it ensures that the zone used organization as conditional forwarders that relay forward lookups for the
for Active Directory in an organization is not visible to other other zone directly to one or more DNS servers in the
computers on the Internet using recursive queries. other organization.
33/42
/50 34/42
/50

Accessing DNS Servers in Other Organizations Resource Records


Alternatively, you can configure the DNS servers in each organization as Resource records hold information about a service, FQDN, IP address,
stub DNS servers for the other zone. or zone on an authoritative DNS server.
A stub DNS server forwards requests for a target
zone directly to a DNS server in the target organization.

35/42
/50 36
Resource Records Resource Records
Host records can also be used to perform load balancing of services on For example, that you have two identically configured Web servers
the network using a feature of DNS called round robin. (with IP addresses of 172.16.0.61 and 172.16.0.62) that you would like
clients to access using the FQDN server1.domainX.com.
You can create two A records for the FQDN server1.domainX.com.
First A record associates server1.domainX.com with 172.16.0.61,
Second A record associates server1.domainX.com with 172.16.0.62.
When the first client computer performs a forward lookup of
server1.domainX.com, the DNS server will return both IP addresses
(172.16.0.61 and 172.16.0.62), and the client will contact the first IP
address returned (172.16.0.61).
When the second client computer performs a forward lookup of
server1.domainX.com, the DNS server will rotate the order of both IP
addresses (172.16.0.62 and 172.16.0.61) before returning them to the
client to ensure that the second client contacts 172.16.0.62.

37/42
/50 38/42
/50

Resource Records Delegation


If, however, the two identically configured Web servers have IP A delegation is a record in a parent
addresses on different networks (192.168.1.61 and 172.16.0.61), the zone that lists a name server that is
DNS server will always ensure that the IP address listed first in the authoritative for the zone in the next
returned results most closely matches the IP address of the client level of the hierarchy.
making the request.
Delegations make it possible for
For instance, if a client computer with the IP address 192.168.1.100 servers in one zone to refer clients to
performs a forward lookup of server1.domainX.com, the DNS server will servers in other zones.
always respond with the IP address 192.168.1.61 listed first.
If a client computer with the IP address 172.16.0.100 performs the
same forward lookup of server1.domainX.com, the DNS server will
always respond with the IP address 172.16.0.61 listed first.
This feature, netmask ordering, takes precedence over round robin.
39/42
/50 40/42
/50
Forward Lookup Zone and Reverse Lookup Zone Forward Lookup Zone and Reverse Lookup Zone
Namespace: hcmus.edu.vn.
ClientA 192.168.1.1
Forward ClientB 192.168.1.2
Training
zone
DNS Server ClientC 192.168.1.3
192.168.1.1 ClientA
Reverse 1.168.192.in
192.168.1.2 ClientB
zone -addr.arpa
192.168.1.3 ClientC

DNS Client2 = ?

192.168.2.46 = ?

ClientC

ClientA
ClientB
41/42
/50 42/42
/50

THANK YOU FOR YOUR ATTENTION

Nguyen Minh Tri, Ph.D.


Department of Telecommunications and Networks
Faculty of Electronics and Communications
University of Science, Vietnam National University, Ho Chi Minh City
Email: [email protected]

You might also like