SlideShare una empresa de Scribd logo

Internet and DNS evolution

Bill Miller
Bill Miller

Brief History of the inteternet and DNS.

1 de 20
Brief Internet History & DNS (Domain Name System) Bill Miller
Short History of the Internet -- Packet switching as opposed to circuit switching. Designed to avoid any failures. ○ ARPANET -- Advanced Research Projects Agency Network -- the 1st packet switching (or store and foward) network (DARPA work) (split DDD/MILNET in 80's) i. internet precursor a. AlohaNet -- First wireless packet network ii. Used packet radios, and led to CSMA leading to ethernet by Robert Metcalf (Xerox Parc-> 3com) iii. precursor to 1G+ mobile channels... for GPRS and SMS, AX.25 (amature X.25 -- packet switched WAN non ISO, non TCP/IP) ●
Some the real inventors (Gore) A ● Vint Cerf ○ TCP/IP (co-inventor) / program manager of DARPA ○ Moved to MCI (email), key figure in setting up ICANN (Internet Corporation for Assigned Numbers and Names), Internet Society, ... ● Bob Kahn ○ TCP/IP (co-inventor) ○ BBN and first IMPs (interface Message Processor) , (ran ARAPNET routers), ... ● Leonard Klienrock ○ UCLA prof. -- queiueng theory (packet networks) ○ Supervized first ARPANET connection at UCLA - '69 ○ IMP build out and usage ●
Some the real inventors (Gore) ● John Postel ○ RFC's (Request For Commments) editor ■ intially idea flesh out for ARPANET or any DARPA research ■ now memoradim of ITEF , sometimes standard ○ coordinated IANA (Internet Assigned Numbers Authority) ○ Setup NIC (Network Information Center) with SRI (Standford Research Institute) ■ 1st DNS authority was the NIC ■ Requested current DNS -- wrote by Paul Mockepetris in 1983
Some the real inventors (Gore) ● Paul Vixie ○ BIND and Cron -- author of current versions ■ BIND - from UCB unix, Berkely Internet Name Domain ○ Founder of ISC -- Internet Systems Consortium (BIND, DHCP, internet survey report (ML), ...) ○ co-inventor maintainer of MAPS (Mail Abuse Prevention System) ■ 1st email spam blocking lists built on DNS ○ ARIN board member ○ Security/Stability member for ICANN
Internet Growth and Size
Todays Organizations ● ICANN - Internet Corporation for Assigned Names and Numbers a. Coordination of internet unique identifiers (Domains, IPs, ASNs, ...) b. SRI's NIC-->NSI --> ICANN(IANA) / (NSI-> Verisign) / ARIN c. Approves registries and registrars (EPP,DNS,whois) d. Oversee TLDs, root DNS servers (13), IP assignment, ASN(s) (for BGP between seperate networks) e. gTLD and ccTLD, and ...New generic TLD(s) .... a new era... i. current TLDs http:// www.iana. org/domains/root/db ●
Todays Organizations ● ARIN - American Registry for Internet Numbers a. oversee IPs, ASNs, WHOIS, Reverse DNS b. one of 5 RIR (Regional Internet Registries) ● IANA - Internet Assigned Numbers Authority a. Ran by ICANN i. manages DNS root servers and .int, .arpa domains TLDs ii. manages global IPs and ASNs to individual RIRs like ARIN iii. Protocol Assignments (which sockets/ports/services)
DNS (Domain Name System) DNS ○ Map Names to IPs (forward map), and IPs to Names (reverse mapping) ○ With Millions of servers(hosts), unreliable networks, servers, no SPOFs -- how do we do it. ■ Delegation / Authorization ● hierarchical sctructure of data (zones) , any zone can be Delegated. This is a Tree structure of data. ● Root Level Zones (historically gTLD & ccTLD...) ● ●
DNS (Domain Name System) DNS ● Authoritative DNS ○ each Domain must have authoritative HOST who is the master in terms of lookups ■ Any level (or zone) can be delegated to another host. ■ The top level is called the root level or zone ( each TLD zone is delegated to a registrar (as defined by ICANN for each gTLD, and to a country for each ccTLD) see http:// www.iana. org/domains/root/db ●
DNS (Domain Name System) ● DNS port 53 (UDP 1st, TCP/Ip port failback) ● DNS DATA and RecordTypes ○ SOA - Start of Authority Record name ttl class rr name-server email-addr (sn ref ret ex min) example.com. IN SOA ns.example.com. hostmaster.example.com. ( 2003080800 ; sn = serial number 172800 ; ref = refresh = 2d 900 ; ret = update retry = 15m 1209600 ; ex = expiry = 2w 3600 ; min = minimum = 1h ) ; the following are also valid using @ and blank @ IN SOA ns.example.com. hostmaster.example.com. ( IN SOA ns.example.com. hostmaster.example.com. ( ● ●
DNS (Domain Name System) ● NS - Name Server ; zone file fragment for example.com $TTL 2d ; zone TTL default = 2 days or 172800 seconds $ORIGIN example.com. @ IN SOA ns.example.com. hostmaster.example.com. ( 2003080800 ; serial number 1d12h ; refresh = 1 day 12 hours 15M ; update retry = 15 minutes 3W12h ; expiry = 3 weeks + 12 hours 2h20M ; minimum = 2 hours + 20 minutes ) IN NS ns.example.com. IN NS ns.example.net. ... ; A record for ns.example.com. RR above ns IN A 192.168.2.1 ; the above could have been written as ; ns.example.com. IN A 192.168.2.1 ; ns.example.net is out-of-zone (or out-of-bailiwick) ; an A RRs is not required (and will be rejected if present) ○ NS - Name Server name ttl class rr name example.com. IN NS ns1.example.com. ; the in-zone name server(s) have an A record ns1 IN A 192.168.0.3 ns2 IN A 192.168.0.3 ; name servers not in zone - no A records required IN NS ns1.example.net. IN NS ns1.example.org. ● ●
DNS (Domain Name System) ● A - Address (IPv4) ; zone fragment for example.com $TTL 2d ; zone default = 2 days or 172800 seconds joe IN A 192.168.0.3 ; joe & www = same ip www IN A 192.168.0.3 ; functionally the same as the record above www.example.com. A 192.168.0.3 fred 3600 IN A 192.168.0.4 ; ttl overrides $TTL default ftp IN A 192.168.0.24 ; round robin with next ● AAA - Address (Ipv60 ; zone fragment for example.com $TTL 2d ; zone default = 2 days or 172800 seconds $ORIGIN example.com. .... joe IN AAAA 2001:db8::3 ; joe & www = same ip www IN AAAA 2001:db8::3 ; functionally the same as the record above www.example.com. AAAA 2001:db8::3 fred 3600 IN AAAA 2001:db8::4 ; ttl =3600 overrides $TTL default ftp IN AAAA 2001:db8::5 ; round robin with next IN AAAA 2001:db8::6 mail IN AAAA 2001:db8::7 ; mail = round robin mail IN AAAA 2001:db8::32 mail IN AAAA 2001:db8::33 ●
DNS (Domain Name System) ● MX - Mail eXchanger name ttl class rr pref name example.com. IN MX 10 mail.example.com. IN MX 10 mail ; short form ; the line above is functionally the same as the line below ; example.com. IN MX 10 mail.example.com. ; any number of mail servers may be defined IN MX 20 mail2.example.com. ; use an external back-up IN MX 30 mail.example.net. ○ PTR - Pointer (reverse -- opposite of A record) name ttl class rr name 15 IN PTR www.example.com. $TTL 2d ; 172800 secs $ORIGIN 23.168.192.IN-ADDR.ARPA. ; 2 below is actually an unqualified name and becomes ; 2.23.168.192.IN-ADDR.ARPA. 2 IN PTR joe.example.com. ; FDQN .... 15 IN PTR www.example.com. .... $ORIGIN 0.0.0.0.8.b.d.0.1.0.0.2.IP6.ARPA. ; the second name servers is ; external to this zone (domain). IN NS ns2.example.net. ; PTR RR maps a IPv6 address to a host name ; hosts in subnet ID 1 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 IN PTR ns1.example.com. ●
DNS (Domain Name System) ● CNAME - aliase or realname mapped to Canocial Name $ORIGIN example.com. .... server1 IN A 192.168.0.3 www IN CNAME server1 ftp IN CNAME server1 ○ TXT - text ○ other special cases ( ■ TTL on data, and via client server DNS software ■ DNS Caching (at client, at hosts, .... recursive in nature) ■ Recursive lookups ■ DNS format types ●
DNS (Domain Name System) -- special cases ○ TXT - text ○ other special cases ( ■ TTL on data, and via client server DNS software ■ DNS Caching (at client, at hosts, .... recursive in nature) ■ Recursive lookups ■ TSEC, notify, txfr, ... ● ●
DNS (Domain Name System) DNS ● ■ DNS Caching (at client, at hosts, .... recursive in nature) ■ Recursive lookups ● ●
Whois (DB lookups for Domains / IPs /....) ● whois -- system for Domains and IPs ○ simple telnet TCP/IP for data using authoritative server ● examples ○ whois webhero.com ○ whois billmiller.tel ○ whois 204.215.60.0 ■ whois -h whois.arin.net NET-204-215-60-0-1
DNS config / tools ● DNS config (*nix) ○ /etc/resolv.conf -- specify DNS servers ○ /etc/nsswitch.conf -- order of DNS lookup (files,db, DNS) ○ /etc/hosts -- flat file of hardcoded DNS lookups ● DNS Server S/w ○ BIND ○ djbdns / tinydns -- by D. J. Bernstien
DNS config / tools ● DNS Tools ( and live examples) ○ nslookup ○ host bill$ host www.allplayers.com www.allplayers.com has address 174.129.39.74 bill$ host 209.217.1.2 2.1.217.209.in-addr.arpa domain name pointer ns1.catalog.com. ○ dig ○ web-based ... (iptools.com, www.intodns.com, ...)

Recomendados

Linux System Administration - DNS
Linux System Administration - DNSLinux System Administration - DNS
Linux System Administration - DNSSreenatha Reddy K R
 
Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Yen-Kuan Wu
 
2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshow
2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshow2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshow
2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshowsman_dk
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3DNS Entrepreneurship Center
 
The History of DNS
The History of DNSThe History of DNS
The History of DNSMichael McLean
 
BIND DNS Configuration Red Hat 5
BIND DNS Configuration Red Hat 5BIND DNS Configuration Red Hat 5
BIND DNS Configuration Red Hat 5Cheri Amour Calicdan
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4DNS Entrepreneurship Center
 
Dns introduction
Dns introduction Dns introduction
Dns introduction sunil kumar
 

Recomendados

Linux System Administration - DNS
Linux System Administration - DNSLinux System Administration - DNS
Linux System Administration - DNSSreenatha Reddy K R
 
Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Yen-Kuan Wu
 
2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshow
2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshow2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshow
2012 07-24 dnssec-og_open_dnssec_-_martin_toft_og_georg_sluyterman_slideshowsman_dk
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3DNS Entrepreneurship Center
 
The History of DNS
The History of DNSThe History of DNS
The History of DNSMichael McLean
 
BIND DNS Configuration Red Hat 5
BIND DNS Configuration Red Hat 5BIND DNS Configuration Red Hat 5
BIND DNS Configuration Red Hat 5Cheri Amour Calicdan
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4DNS Entrepreneurship Center
 
Dns introduction
Dns introduction Dns introduction
Dns introduction sunil kumar
 
1 technical-dns-workshop-day1
1 technical-dns-workshop-day11 technical-dns-workshop-day1
1 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Dns
DnsDns
Dnsdeshvikas
 
Dns
DnsDns
DnsPatruni Chidananda Sastry
 
2009 Itc Nslookup Rev01
2009 Itc Nslookup Rev012009 Itc Nslookup Rev01
2009 Itc Nslookup Rev01JayMNEA
 
Dns
DnsDns
Dnsjulien pauli
 
4 technical-dns-workshop-day2
4 technical-dns-workshop-day24 technical-dns-workshop-day2
4 technical-dns-workshop-day2DNS Entrepreneurship Center
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1DNS Entrepreneurship Center
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
 
Drill 1.0
Drill 1.0Drill 1.0
Drill 1.0MapR Technologies
 
DNS Server Configuration
DNS Server ConfigurationDNS Server Configuration
DNS Server Configurationchacheng oo
 
DNS Configuration
DNS ConfigurationDNS Configuration
DNS ConfigurationVinod Gour
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNSMifrazMurthaja
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Basic unix
Basic unixBasic unix
Basic unixRaghu nath
 
DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name ServiceJohnny Fortune
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat SheetTola LENG
 
Full Text Search in PostgreSQL
Full Text Search in PostgreSQLFull Text Search in PostgreSQL
Full Text Search in PostgreSQLAleksander Alekseev
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)Venkatesh Jambulingam
 
Teaching PostgreSQL to new people
Teaching PostgreSQL to new peopleTeaching PostgreSQL to new people
Teaching PostgreSQL to new peopleTomek Borek
 
Linux resource limits
Linux resource limitsLinux resource limits
Linux resource limitsMarian Marinov
 
DNSSEC - Amsterdam Roundtable 2011
DNSSEC - Amsterdam Roundtable 2011DNSSEC - Amsterdam Roundtable 2011
DNSSEC - Amsterdam Roundtable 2011RIPE NCC
 
080 DHCP
080 DHCP080 DHCP
080 DHCPVIPAL PATEL
 

Más contenido relacionado

La actualidad más candente

2009 Itc Nslookup Rev01
2009 Itc Nslookup Rev012009 Itc Nslookup Rev01
2009 Itc Nslookup Rev01JayMNEA
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
 
DNS Server Configuration
DNS Server ConfigurationDNS Server Configuration
DNS Server Configurationchacheng oo
 
DNS Configuration
DNS ConfigurationDNS Configuration
DNS ConfigurationVinod Gour
 
DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name ServiceJohnny Fortune
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat SheetTola LENG
 
Teaching PostgreSQL to new people
Teaching PostgreSQL to new peopleTeaching PostgreSQL to new people
Teaching PostgreSQL to new peopleTomek Borek
 

La actualidad más candente (20)

1 technical-dns-workshop-day1
1 technical-dns-workshop-day11 technical-dns-workshop-day1
1 technical-dns-workshop-day1
 
Dns
DnsDns
Dns
 
Dns
DnsDns
Dns
 
2009 Itc Nslookup Rev01
2009 Itc Nslookup Rev012009 Itc Nslookup Rev01
2009 Itc Nslookup Rev01
 
Dns
DnsDns
Dns
 
4 technical-dns-workshop-day2
4 technical-dns-workshop-day24 technical-dns-workshop-day2
4 technical-dns-workshop-day2
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
 
Drill 1.0
Drill 1.0Drill 1.0
Drill 1.0
 
DNS Server Configuration
DNS Server ConfigurationDNS Server Configuration
DNS Server Configuration
 
DNS Configuration
DNS ConfigurationDNS Configuration
DNS Configuration
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNS
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Basic unix
Basic unixBasic unix
Basic unix
 
DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name Service
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat Sheet
 
Full Text Search in PostgreSQL
Full Text Search in PostgreSQLFull Text Search in PostgreSQL
Full Text Search in PostgreSQL
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Teaching PostgreSQL to new people
Teaching PostgreSQL to new peopleTeaching PostgreSQL to new people
Teaching PostgreSQL to new people
 
Linux resource limits
Linux resource limitsLinux resource limits
Linux resource limits
 

Destacado

DNSSEC - Amsterdam Roundtable 2011
DNSSEC - Amsterdam Roundtable 2011DNSSEC - Amsterdam Roundtable 2011
DNSSEC - Amsterdam Roundtable 2011RIPE NCC
 
DNS(Domain Name System)
DNS(Domain Name System)DNS(Domain Name System)
DNS(Domain Name System)Hasham khan
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPVuz Dở Hơi
 
The Application Layer
The Application LayerThe Application Layer
The Application Layeradil raja
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentationraini
 
Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.abhishek bhandare
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 

Destacado (16)

DNSSEC - Amsterdam Roundtable 2011
DNSSEC - Amsterdam Roundtable 2011DNSSEC - Amsterdam Roundtable 2011
DNSSEC - Amsterdam Roundtable 2011
 
080 DHCP
080 DHCP080 DHCP
080 DHCP
 
Dns
DnsDns
Dns
 
DNS(Domain Name System)
DNS(Domain Name System)DNS(Domain Name System)
DNS(Domain Name System)
 
Domain name server
Domain name serverDomain name server
Domain name server
 
Dns
DnsDns
Dns
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCP
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
 
The Application Layer
The Application LayerThe Application Layer
The Application Layer
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
 
Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp ppt
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 

Similar a Internet and DNS evolution

DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits
Demystifying MS17-010: Reverse Engineering the ETERNAL ExploitsDemystifying MS17-010: Reverse Engineering the ETERNAL Exploits
Demystifying MS17-010: Reverse Engineering the ETERNAL ExploitsPriyanka Aash
 
dns.workshop.hsgr
dns.workshop.hsgrdns.workshop.hsgr
dns.workshop.hsgrebalaskas
 
DNS Survival Guide.
DNS Survival Guide.DNS Survival Guide.
DNS Survival Guide.Qrator Labs
 
DNS Survival Guide
DNS Survival GuideDNS Survival Guide
DNS Survival GuideAPNIC
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 
A curious case of broken dns responses - RIPE75
A curious case of broken dns responses - RIPE75A curious case of broken dns responses - RIPE75
A curious case of broken dns responses - RIPE75Babak Farrokhi
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep DiveGraham Hayes
 
A curious case of broken DNS responses (Coloclue Presents - Nov 2019)
A curious case of broken DNS responses (Coloclue Presents - Nov 2019)A curious case of broken DNS responses (Coloclue Presents - Nov 2019)
A curious case of broken DNS responses (Coloclue Presents - Nov 2019)Babak Farrokhi
 
Learning Erlang (from a Prolog dropout's perspective)
Learning Erlang (from a Prolog dropout's perspective)Learning Erlang (from a Prolog dropout's perspective)
Learning Erlang (from a Prolog dropout's perspective)elliando dias
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSDefconRussia
 

Similar a Internet and DNS evolution (20)

DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
Introduction
IntroductionIntroduction
Introduction
 
Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC Deployment
 
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits
Demystifying MS17-010: Reverse Engineering the ETERNAL ExploitsDemystifying MS17-010: Reverse Engineering the ETERNAL Exploits
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits
 
dns.workshop.hsgr
dns.workshop.hsgrdns.workshop.hsgr
dns.workshop.hsgr
 
DNS Survival Guide.
DNS Survival Guide.DNS Survival Guide.
DNS Survival Guide.
 
DNS Survival Guide
DNS Survival GuideDNS Survival Guide
DNS Survival Guide
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
 
A curious case of broken dns responses - RIPE75
A curious case of broken dns responses - RIPE75A curious case of broken dns responses - RIPE75
A curious case of broken dns responses - RIPE75
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx
 
Designate - Operators Deep Dive
Designate - Operators Deep DiveDesignate - Operators Deep Dive
Designate - Operators Deep Dive
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dns
 
A curious case of broken DNS responses (Coloclue Presents - Nov 2019)
A curious case of broken DNS responses (Coloclue Presents - Nov 2019)A curious case of broken DNS responses (Coloclue Presents - Nov 2019)
A curious case of broken DNS responses (Coloclue Presents - Nov 2019)
 
Learning Erlang (from a Prolog dropout's perspective)
Learning Erlang (from a Prolog dropout's perspective)Learning Erlang (from a Prolog dropout's perspective)
Learning Erlang (from a Prolog dropout's perspective)
 
Dns
DnsDns
Dns
 
Network.pptx
Network.pptxNetwork.pptx
Network.pptx
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNS
 

Internet and DNS evolution

  • 1. Brief Internet History & DNS (Domain Name System) Bill Miller
  • 2. Short History of the Internet -- Packet switching as opposed to circuit switching. Designed to avoid any failures. ○ ARPANET -- Advanced Research Projects Agency Network -- the 1st packet switching (or store and foward) network (DARPA work) (split DDD/MILNET in 80's) i. internet precursor a. AlohaNet -- First wireless packet network ii. Used packet radios, and led to CSMA leading to ethernet by Robert Metcalf (Xerox Parc-> 3com) iii. precursor to 1G+ mobile channels... for GPRS and SMS, AX.25 (amature X.25 -- packet switched WAN non ISO, non TCP/IP) ●
  • 3. Some the real inventors (Gore) A ● Vint Cerf ○ TCP/IP (co-inventor) / program manager of DARPA ○ Moved to MCI (email), key figure in setting up ICANN (Internet Corporation for Assigned Numbers and Names), Internet Society, ... ● Bob Kahn ○ TCP/IP (co-inventor) ○ BBN and first IMPs (interface Message Processor) , (ran ARAPNET routers), ... ● Leonard Klienrock ○ UCLA prof. -- queiueng theory (packet networks) ○ Supervized first ARPANET connection at UCLA - '69 ○ IMP build out and usage ●
  • 4. Some the real inventors (Gore) ● John Postel ○ RFC's (Request For Commments) editor ■ intially idea flesh out for ARPANET or any DARPA research ■ now memoradim of ITEF , sometimes standard ○ coordinated IANA (Internet Assigned Numbers Authority) ○ Setup NIC (Network Information Center) with SRI (Standford Research Institute) ■ 1st DNS authority was the NIC ■ Requested current DNS -- wrote by Paul Mockepetris in 1983
  • 5. Some the real inventors (Gore) ● Paul Vixie ○ BIND and Cron -- author of current versions ■ BIND - from UCB unix, Berkely Internet Name Domain ○ Founder of ISC -- Internet Systems Consortium (BIND, DHCP, internet survey report (ML), ...) ○ co-inventor maintainer of MAPS (Mail Abuse Prevention System) ■ 1st email spam blocking lists built on DNS ○ ARIN board member ○ Security/Stability member for ICANN
  • 7. Todays Organizations ● ICANN - Internet Corporation for Assigned Names and Numbers a. Coordination of internet unique identifiers (Domains, IPs, ASNs, ...) b. SRI's NIC-->NSI --> ICANN(IANA) / (NSI-> Verisign) / ARIN c. Approves registries and registrars (EPP,DNS,whois) d. Oversee TLDs, root DNS servers (13), IP assignment, ASN(s) (for BGP between seperate networks) e. gTLD and ccTLD, and ...New generic TLD(s) .... a new era... i. current TLDs http:// www.iana. org/domains/root/db ●
  • 8. Todays Organizations ● ARIN - American Registry for Internet Numbers a. oversee IPs, ASNs, WHOIS, Reverse DNS b. one of 5 RIR (Regional Internet Registries) ● IANA - Internet Assigned Numbers Authority a. Ran by ICANN i. manages DNS root servers and .int, .arpa domains TLDs ii. manages global IPs and ASNs to individual RIRs like ARIN iii. Protocol Assignments (which sockets/ports/services)
  • 9. DNS (Domain Name System) DNS ○ Map Names to IPs (forward map), and IPs to Names (reverse mapping) ○ With Millions of servers(hosts), unreliable networks, servers, no SPOFs -- how do we do it. ■ Delegation / Authorization ● hierarchical sctructure of data (zones) , any zone can be Delegated. This is a Tree structure of data. ● Root Level Zones (historically gTLD & ccTLD...) ● ●
  • 10. DNS (Domain Name System) DNS ● Authoritative DNS ○ each Domain must have authoritative HOST who is the master in terms of lookups ■ Any level (or zone) can be delegated to another host. ■ The top level is called the root level or zone ( each TLD zone is delegated to a registrar (as defined by ICANN for each gTLD, and to a country for each ccTLD) see http:// www.iana. org/domains/root/db ●
  • 11. DNS (Domain Name System) ● DNS port 53 (UDP 1st, TCP/Ip port failback) ● DNS DATA and RecordTypes ○ SOA - Start of Authority Record name ttl class rr name-server email-addr (sn ref ret ex min) example.com. IN SOA ns.example.com. hostmaster.example.com. ( 2003080800 ; sn = serial number 172800 ; ref = refresh = 2d 900 ; ret = update retry = 15m 1209600 ; ex = expiry = 2w 3600 ; min = minimum = 1h ) ; the following are also valid using @ and blank @ IN SOA ns.example.com. hostmaster.example.com. ( IN SOA ns.example.com. hostmaster.example.com. ( ● ●
  • 12. DNS (Domain Name System) ● NS - Name Server ; zone file fragment for example.com $TTL 2d ; zone TTL default = 2 days or 172800 seconds $ORIGIN example.com. @ IN SOA ns.example.com. hostmaster.example.com. ( 2003080800 ; serial number 1d12h ; refresh = 1 day 12 hours 15M ; update retry = 15 minutes 3W12h ; expiry = 3 weeks + 12 hours 2h20M ; minimum = 2 hours + 20 minutes ) IN NS ns.example.com. IN NS ns.example.net. ... ; A record for ns.example.com. RR above ns IN A 192.168.2.1 ; the above could have been written as ; ns.example.com. IN A 192.168.2.1 ; ns.example.net is out-of-zone (or out-of-bailiwick) ; an A RRs is not required (and will be rejected if present) ○ NS - Name Server name ttl class rr name example.com. IN NS ns1.example.com. ; the in-zone name server(s) have an A record ns1 IN A 192.168.0.3 ns2 IN A 192.168.0.3 ; name servers not in zone - no A records required IN NS ns1.example.net. IN NS ns1.example.org. ● ●
  • 13. DNS (Domain Name System) ● A - Address (IPv4) ; zone fragment for example.com $TTL 2d ; zone default = 2 days or 172800 seconds joe IN A 192.168.0.3 ; joe & www = same ip www IN A 192.168.0.3 ; functionally the same as the record above www.example.com. A 192.168.0.3 fred 3600 IN A 192.168.0.4 ; ttl overrides $TTL default ftp IN A 192.168.0.24 ; round robin with next ● AAA - Address (Ipv60 ; zone fragment for example.com $TTL 2d ; zone default = 2 days or 172800 seconds $ORIGIN example.com. .... joe IN AAAA 2001:db8::3 ; joe & www = same ip www IN AAAA 2001:db8::3 ; functionally the same as the record above www.example.com. AAAA 2001:db8::3 fred 3600 IN AAAA 2001:db8::4 ; ttl =3600 overrides $TTL default ftp IN AAAA 2001:db8::5 ; round robin with next IN AAAA 2001:db8::6 mail IN AAAA 2001:db8::7 ; mail = round robin mail IN AAAA 2001:db8::32 mail IN AAAA 2001:db8::33 ●
  • 14. DNS (Domain Name System) ● MX - Mail eXchanger name ttl class rr pref name example.com. IN MX 10 mail.example.com. IN MX 10 mail ; short form ; the line above is functionally the same as the line below ; example.com. IN MX 10 mail.example.com. ; any number of mail servers may be defined IN MX 20 mail2.example.com. ; use an external back-up IN MX 30 mail.example.net. ○ PTR - Pointer (reverse -- opposite of A record) name ttl class rr name 15 IN PTR www.example.com. $TTL 2d ; 172800 secs $ORIGIN 23.168.192.IN-ADDR.ARPA. ; 2 below is actually an unqualified name and becomes ; 2.23.168.192.IN-ADDR.ARPA. 2 IN PTR joe.example.com. ; FDQN .... 15 IN PTR www.example.com. .... $ORIGIN 0.0.0.0.8.b.d.0.1.0.0.2.IP6.ARPA. ; the second name servers is ; external to this zone (domain). IN NS ns2.example.net. ; PTR RR maps a IPv6 address to a host name ; hosts in subnet ID 1 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 IN PTR ns1.example.com. ●
  • 15. DNS (Domain Name System) ● CNAME - aliase or realname mapped to Canocial Name $ORIGIN example.com. .... server1 IN A 192.168.0.3 www IN CNAME server1 ftp IN CNAME server1 ○ TXT - text ○ other special cases ( ■ TTL on data, and via client server DNS software ■ DNS Caching (at client, at hosts, .... recursive in nature) ■ Recursive lookups ■ DNS format types ●
  • 16. DNS (Domain Name System) -- special cases ○ TXT - text ○ other special cases ( ■ TTL on data, and via client server DNS software ■ DNS Caching (at client, at hosts, .... recursive in nature) ■ Recursive lookups ■ TSEC, notify, txfr, ... ● ●
  • 17. DNS (Domain Name System) DNS ● ■ DNS Caching (at client, at hosts, .... recursive in nature) ■ Recursive lookups ● ●
  • 18. Whois (DB lookups for Domains / IPs /....) ● whois -- system for Domains and IPs ○ simple telnet TCP/IP for data using authoritative server ● examples ○ whois webhero.com ○ whois billmiller.tel ○ whois 204.215.60.0 ■ whois -h whois.arin.net NET-204-215-60-0-1
  • 19. DNS config / tools ● DNS config (*nix) ○ /etc/resolv.conf -- specify DNS servers ○ /etc/nsswitch.conf -- order of DNS lookup (files,db, DNS) ○ /etc/hosts -- flat file of hardcoded DNS lookups ● DNS Server S/w ○ BIND ○ djbdns / tinydns -- by D. J. Bernstien
  • 20. DNS config / tools ● DNS Tools ( and live examples) ○ nslookup ○ host bill$ host www.allplayers.com www.allplayers.com has address 174.129.39.74 bill$ host 209.217.1.2 2.1.217.209.in-addr.arpa domain name pointer ns1.catalog.com. ○ dig ○ web-based ... (iptools.com, www.intodns.com, ...)