netravnen/NetworkLabNotes
1
0
Fork 0
mirror of https://gitlab.com/netravnen/NetworkLabNotes.git synced 2024-12-26 21:07:55 +00:00
Code Releases Activity
NetworkLabNotes/chapter/dns.tex
netravnen 7c22c00f90 DNS chapter: Normal dns content added 
DNSSEC follows
2017-09-10 20:22:33 +02:00

64 lines
3.5 KiB
TeX
Raw Blame History

\chapter{DNS}
\begin{quote}
Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.
This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.
\end{quote}\footnote{\href{http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does-it-work/}{networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does-it-work/}}
\pagebreak
\section{Hierarchy}
\wikicommonspublicdomain{Domain_name_space}
\pagebreak
Is hierarchical by design going from:
\begin{enumerate}
\item the root zone at the top of the pyramid,
\item to the \gls{tld} zones\footnote{Fx. \gls{cctld}/\gls{gtld} zones: .org, .net, .uk, .au, .mil, .aero},
\item to the sub-zones\footnote{Fx. .co.uk, .org.uk, .net.au, .co.cc} a level below.
\end{enumerate}
\wikicommonspublicdomain{Example_of_an_iterative_DNS_resolver}
\pagebreak
\section{Record Types}
\begin{itemize}
\item \itemhead{\gls{a}} Stores info on \gls{ip4} address.
\item \itemhead{\gls{aaaa}} Store info on \gls{ip6} address.
\item \itemhead{\gls{cname}} Store URL pointing to another URL (a.k.a. \gls{a}/\gls{aaaa} records).
\item \itemhead{\gls{hinfo}} Used to acquire general information about a host. For security reasons the HINFO records are not typically used on public servers.\cite{DNSRecor50:online}
\item \itemhead{\gls{isdn}} The ISDN resource record specifies ISDN address for a host. An ISDN address is a telephone number that consists of a country code, a national destination code, a ISDN Subscriber number and, optionally, a ISDN subaddress. The function of the record is only variation of the A resource record function.\cite{DNSRecor50:online}
\item \itemhead{\gls{mx}} Store info pointing to responsible e-mail server for the domain.
\item \itemhead{\gls{ns}} Info on Authoritative Name Server for domain.
\item \itemhead{\gls{ptr}} Reverse-lookup pointers. Returning a domain name when asked about an \gls{ip} address.
\item \itemhead{\gls{soa}} Contains core info on on \gls{dns} zone. Primary \gls{ns} server, e-mail of domain administrator, domain serial number, and several timers related to refreshing of the zone.
\item \itemhead{\gls{txt}} Can hold arbitrary non-formatted text string(s). Often used for \gls{spf} records, and domain owner verification. Note the following examples:
\begin{itemize}
\item \texttt{\gls{spf}} records,
\item \texttt{keybase-site-verification} for site owner verification,
\item \texttt{dnslink} for site owner verification,
\item \texttt{google-site-verification=} for site owner verification.
\end{itemize}
\end{itemize}
\pagebreak
\section{DNSSEC}
\subsection[KSK]{Key Signing Key}
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
A prime example of this the current \gls{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.}
The \gls{ksk} is used to sign the DNS root-zone. All the TLD zones then have their own key called a \gls{zsk} used to sign all the domains requesting a key to sign their domain. The \gls{zsk} is signed by the root-zone \gls{ksk}.
\subsection[Rollover]{KSK-Rollover}
View git blame Copy permalink