PRESENTATION

OF DOMAIN NAME SYSTEM

 Details of Contents
 Introduction and History of DNS
 Structure of DNS :TLD & SLD
 Name Server
 FQDN
 DNS Zone and Zone Transfer
 DNS query and resource record
 LOAD balancing of DNS & Round Robin DNS
 DNS & ADS
 DNS and Windows Server
 IPV6 & DNS Sever Windows 2008
 DNS server monitoring and security
 Domain name registration
 DNS and SWAN network
 DNS

The Domain Name System (DNS) is a hierarchical naming system built on

for computers, services, or any resource connected to the Internet or a
private network.

 It translates IP address to meaningful name

 DNS also provides the directory service
 Definition of Domain

A domain consists of a set of network addresses. This domain is

organized in multiple or single levels. A domain is part of every
network address, including Web site addresses, email addresses, and
addresses for other Internet protocols such as FTP .So the domain can
be set on a single network address also.
 History Of DNS
 Mr. Postel, Paul Mockapetris invented the Domain Name System in 1983
and wrote the first implementation. They developed one file “HOST.TXT”

 In 1984 , four student of Berkeley collage was developed the first DNS
server - Berkeley Internet Name Domain (BIND) and it was Unix based .

 DNS was introduced by Microsoft on windows NT sever 3.51 on 1995

.Microsoft DNS is based on RFC(Requests for comments) 974, 1034, and
1035
 DNS Structure

The domain name space consists of a tree of domain names. Each node
or leaf in the tree has zero or more resource records, which hold
information associated with the domain name. The tree sub-divides into
zones beginning at the root zone. It is also identified as Top Label
Domain and The hierarchy of domains descends from right to left; each
label to the left specifies a sub domain (SLD).
 TLD AND SLD
Each label may contain up to 63 characters. The full domain name
may not exceed the total length of 253 characters .
 com- Commercial organizations
 edu - Educational institutions
 org - Nonprofits
 net - Network support canters and network service
 gov -U.S. government

SLD can be divided in 3rd level domain and virtually it can be divided
more than that and there is no limit.
•Query one of the root servers to find the server authoritative for the top-
level domain.

•Query the obtained TLD DNS server for the address of a DNS server
authoritative for the second-level domain.

•Repeating the previous step to process each domain name label in

sequence, until the final step which would, rather than generating the
address of the next DNS server, return the IP address of the host sought.
How DNS works
 Name Server

Name server consists of a program or computer server that implements a

name-service protocol. It maps a human-recognizable identifier to a
system-internal, often numeric, identification or addressing component. The
most prominent types of name servers in operation today are the name
servers of the DNS Server ,WINS
 FQDN
Is a domain name(Fully Qualified Domain Name) that specifies its
exact location in the tree hierarchy of the Domain Name System
(DNS). It specifies all domain levels, including the top-level domain
and the root domain. This is used to identify the exact name of the
sever for fast searching .

Example, given a device with a local hostname test and a parent domain
name example.com, the fully qualified domain name is
test.example.com.
 DNS Zones

• Forward Lookup Zone- A forward lookup zone is a DNS zone in

which hostname to IP address relations are stored.

• Reverse Lookup Zone- Resolves the IP address into a hostname. It

introduced a new domain name - in-addr arpa(Internet - Address –
Address and Routing Parameter Area ).This zone solves reverse DNS
query

• Conditional Forwarder- Forward the query of other DNS server

Primary and Secondary Zone
The primary zone is a master read-write copy of a DNS hostname
database, which is used to commit any sort of zone configuration or
resource record changes. The primary zone is the source of DNS
information for all.

The secondary zone is used reliability of the DNS service, single point
of failure, distributes the DNS query traffic between several nodes
• Zone transfers are configured in the properties of the primary zones
and during secondary zone setup.
• Standard zone replication can be classified in two types of transfers:
full transfer and incremental transfer .
• Incremental transfer communicates only those records in the
primary zone that have changed since the last replication cycle.
• full transfer transfers of entire copies of the zone may still be
necessary.
 DNS Query

 Recursive Query-it expects a clear -yes/no reply from the other party.

 Iterative queries(Non Recursive ) -DNS client allows the DNS server to

return the best answer it can give based on its cache or zone data.

 Reverse Query - used to resolve IP addresses into hostnames

 Inverse Query - used to resolve hostnames into IP addresses

 Resource Records

RR specifies information about a particular object. Zone files

contain numerous records that follow a certain format and describe
specific types and addresses of the resources. These records are called
resource records (RRs). Depending on the type, resource records may
contain information about the zone itself, about other DNS servers
maintaining the zone, or about mail servers, network nodes, network
services, and numerous other types of resources. The various
resource records are – SOA,NS,A,CNAME,PTR,MX ,SRV,WINS
etc.
 “A” and “CNAME”

 A- The most basic type of mapping in the DNS, used to map hostnames
to IP addresses. These simple mappings do not point to any service only
network node. So in one single IP We can register multiple domain name

 CNAME(Canonical) -It may be necessary to assign more than one

FQDN to the same physical host, or more specifically, to the same IP
address. CNAME resource records, also called aliases .It is generally used
to create multiple sever like - software app & ftp for one single system.
 PTR” and “MX” Records

 PTR(pointer record)- provide the opposite function of ―”A” records.

They provide reverse mapping of IP addresses to hostnames.

 A mail exchanger record (MX record) is a type of resource record in the

Domain Name System that specifies a mail server responsible for
accepting email messages on behalf of a recipient's domain and a
preference value used to prioritize mail delivery if multiple mail servers
are available
 “SOA” and “NS” Records

 The first resource record in any Domain Name System (DNS) Zone file
should be a Start of Authority (SOA) resource record. A SOA record is
information stored in a DNS zone about that zone and about other
DNS records.

 Name Server Record. An NS record declares that a given zone is served by

a given name server. NS resource records indicate which servers have been
delegated authority for the domain.
 DNS -Resolver

The DNS server receives the request to resolve a name into an IP

address and vice versa. It checks its local cache .The DNS sever then
go to and then the zones supported on the server. If no matches are
found, it proceeds to submit the requests to upstream DNS servers
configured as forwarders.
 DDNS
 DDNS allows dynamic registration of DNS hostname, and the
ability to locate network services. Dynamic registration also occurs if
the IP configuration changes on the client, if a hostname is modified
on the client.

 DDNS needs the DHCP sever for configuring on windows active

directory .

The drawbacks of DDNS is it slow down the response .

 Load Balancing of DNS

 It is recommended to use additional DNS server instead of one single

server.

 In AD environment , I it is better to configure additional domain

controller with zone transfer facility

 AD DNS it is better to use CDC (child domain controller) for different

division
 Round-Robin Functionality

The term round-robin describes correspondence to a single address

authored or signed by numerous individuals .
In its simplest implementation Round-robin DNS works by
responding to DNS requests not only with a single IP address, but a
list of IP addresses of several servers that host identical services.
It also supports poor man load balancing .
 DNS & ADS
The physical structure of Active Directory information in DNS is
represented in DNS zones and resource records, which, in turn, are
typically stored in Active Directory as Active Directory–integrated DNS
zones. The DNS zones that support Active Directory domains can also be
stored in standard, file-based, DNS zones. In addition, the DNS dynamic
update protocol is utilized by Active Directory in order to make the
registration of domain controller DNS resource records automatic.

In Ad , DNS uses _msdcs DNS sub domain & SRV records

DNS Structure in AD
 DNS of WINDOWS 2003 & 08

The Windows 2008 DNS sever support the additional following

features

 Windows 2008 support IPV6 also .

 Windows 2008 Support Read Only Domain Controller
(RODC).The RODC is the read only image of AD used for security
purpose.
 Windows 2008 I can support large active directory integrated zone
and are able to respond client more quickly.
 Windows 2008 also Provides the CLI mode management .
 IPV6 and DNS 2008

 This is a new internet protocol and windows 2008 DNS sever can be
configure with that .
 The IPV6 support a wide network address space than IPV4
 The IPV6 subnet size is standardized with the combination of MAC
address .

In DNS 2008 , hostname are mapped with “AAAA“ resource record and for
reverse query they used ip6.arpa
 DNS Server Security
 Interfaces -Restrict a DNS server to listen only on selected addresses.
 Disable recursion-recursion is not disabled for the DNS Server service.
Recursion can be used by attackers it should be disabled. the server will
attempt to resolve a query from its own database only. It will not query any
additional servers. SDNS –Secure DNS Server
 DNS Server Monitoring
We need to monitor DNS server Response Time, Record Type,
Record Available, Search Field, Search Value, Search Value Status
and Search Time. We can use 3rd party tool- like-Applications
Manager and We can check from DNS event also.

 By providing a useful benchmark for predicting, estimating, and

optimizing DNS server performance.
 DNS servers has degraded either over time or during periods of
peak activity.
The right to use a domain name is delegated by domain name
registrars which are accredited by the Internet Corporation for
Assigned Names and Numbers (ICANN), the organization charged
with overseeing the name and number systems of the Internet.

Example of DNS name registration organization :

• 0101 Internet, Inc. Hong Kong.
• 1st-for-domain-names, LLC United States
Implementation of DNs on swan
 Additional DNS sever for load balancing

 Implementation of CDC(child domain controller)

 Using forward zone for enabling hostname query

THANK you