dns & bind sparcs 12 coffee. ara.kaist.ac.k r 143.248.234.10 3
TRANSCRIPT
DNS & BIND
SPARCS 12coffee
ara.kaist.ac.kr
143.248.234.103
ara.kaist.ac.kr
143.248.234.103
DNS
DNS
• Domain Name System– Hierarchical distributed naming system– Translate b/t two principal namespaces• domain name hierarchy• Internet Protocol(IP) address
–Maintains the domain name hierarchy
www.example.-com
192.0.43.10 (IPv4)2620:0:2d0:200::10 (IPv6)domain name hierar-
chyIP ad-dress
Architecture of DNS
Domain Name Space
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
Domain Name Space
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
DNS is maintained by a distributed database sys-
tem
Domain Name Space
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
Each node or leaf in the tree has zero or more resource records.
Domain Name Space
http://www.example.-co.kr/
Top level
Second level
Sub do-main
Sub do-main
Label : letter(a-z or A-Z), digits(0-9), hyphen(-), cannot use hyphen in first letter
Domain name consists of one or more labelsEach label is delimited by dots
This tree of subdivisions may have up to 127 lev-els.
Each label may contain up to 63 characters.
The full domain name may not exceed a total length of 253 charactersin its external dotted-label specification.
TLD(Top Level Domain)
• 일반 도메인 (generic domain, gTLD)– com, net, org, info, …
• 국가 도메인 (country code domain, ccTLD)– kr, us, eu, jp, …
• 인터넷 인프라 도메인 (infrastructure do-main)
FQDN(Fully Qualified Domain Name)
• 도메인 네임을 루트 도메인으로부터 시작하는 전체 이름의 표기를 사용한 것 .
• 끝에 root domain 의 null label 까지 완전히 표기 ( 끝에 . 으로 끝남 )– ara.kaist.ac.kr (x)
– ara.kaist.ac.kr. (o)
PQDN(Partially Qualified Domain Name)
• Label doesn’t end with null string.
• 시스템 기본 도메인이 kaist.ac.kr 일 경우 www.example.co.kr 은 www.example.-co.kr.kaist.ac.kr 로 해석될 수 있다 .
• Resolver 가 www.example.co.kr.(FQDN) 으로 해석하여 name server 에 전달 -> 없으면 www.example.-co.kr.kaist.ac.kr 로 전달
DNS zone
kaist.ac.kr zone aaaaaaaaa
DNS zone
• Portion of a domain name space.
postech.ac.kr zone aaaaaa
ac.kr zone s
ac.kr
kaist.ac.kr
ara.kaist.ac.kr
otl.kaist.ac.kr
moo-dle.kaist.ac.kr
postech.ac.kr
www.postech.ac.kr
library.-postech.ac.kr
Resource Records
Resource Records(RR)
• Name – Domain name as key index
• TTL – Time to Live on cache table
• Class – only IN(internet)
• Type – A-1, NS-2, SOA-6, etc.
• RDATA – Raw data, depends on the
type
Resource Records - Types
Type Code 의미A 1 A host address 32bit IPv4 주소
AAAA 28 IP6 address 128bit IPv6 주소NS 2 An authoritative name server 네임서버 도메인 네임 지정
CNAME 5 The canonical name for an alias Alias 도메인 네임 지정SOA 6 Marks the start of a zone of authority Zone 의 속성 정보
지정MX 15 Mail exchange 메일서버의 도메인 네임 지정
http://en.wikipedia.org/wiki/List_of_DNS_record_types
Resource Records
DNS protocolSection Value
Header Metadata
Question The question for the name server
Answer RRs answering the question
Authority RRs pointing toward an authority
Additional RRs holding additional information
Querying
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
google.-com?
Querying
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
google.-com?
Querying
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
google.-com?
Querying
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
google.-com?
Update
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle
go
us jp
new resource record(sparcs.kaist.ac.kr)
Update
Sub domains(…)
Second Level Domain
Top Level Domain
Root
com
google naver
org net kr
co ac
kaist
ara otl moodle sparcs
go
us jp
실습 !sudo apt-get install dnsutils
Hosts?
• windows/system32/drivers/etc/hosts• /etc/resolv.conf – in Linux
dig(domain information grouper)
• dig [@global-server] [domain] [q-type] {q-opt} …
• Ex) dig @ns.kaist.ac.kr otl.kaist.ac.kr A
nslookup
쉬었다가 합시다
BIND?
• Berkeley Internet Name Domain• 현재 전 세계에서 가장 많이 사용되는 DNS
용 응용프로그램• 1980 년대 초 UC Berkeley 대학원생 4
명에 의해 시작됨
BIND
• BIND 4 by the Computer Systems Re-search Group(CSRG) at UC Berkeley.
• BIND 8 by the Internet Systems Con-sortium(ISC)
• BIND 9 was released in September 2000
master & slave?
• 같은 내용을 가진 두 개 이상의 DNS 서버를 운영하는 경우
• slave 가 master 로부터 일정한 주기마다 데이터를 가져오도록 설정할 수 있음
• zone 에 따라 한 서버가 master 일 수도 , slave 일 수도 있음
RDATA of SOA
• mname – 해당 zone 의 primary mas-ter name server domain name
• rname – zone 을 관리하는 관리자 이메일• serial – zone 의 변경에 따른 버전번호 정보
필드 (YYYYMMDDNN)• refresh, retry, expire – 변경여부 확인 ,
갱신 재시도 , 유효기간• minimum – dafault TTL
NS, A
• @ IN NS ns.mazic.org.
• coffee IN A 134.248.234.103
바로 실습sudo apt-get install bind9
이걸 보고 따라하면 됩니다• 스팍스 서버에 /etc/bind/ 에 있는• named.conf• sparcs.conf• db.SPARCS.ORG
db.SPARCS.ORG
db.SPARCS.ORG
어디까지 따라해야 하나 ..?
해보자 !
• 각자의 휠 세미나 실습 서버에 DNS 서버를 구현해보자 !
• ( 자기 ID).wseminar#.sparcs.org 로 연결하면 아라가 뜨게 해보자 ㅋ
Reference
• SPARCS seminar – hodduc - 20100705• SPARCS seminar – boolgom – 20110629• SPARCS seminar – gangok – 20110701• http://en.wikipedia.org/wiki/
Domain_Name_System• http://dns.kisa.or.kr/kor/main.jsp– DNS 서버운영지침서 .pdf
Reference
• http://blog.naver.com/une4535?Redi-rect=Log&logNo=140055620130
• http://www.freesoft.org/CIE/Topics/77.htm
감사합니다 !