Scribd Logo
Upload

Welcome to Scribd!

  • DNS Resolving Tools

    Uploaded by

    Munivel Ellappan
    26 views12 pages
    DNS Resolving Tools

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    DNS Resolving Tools

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views12 pages

    DNS Resolving Tools

    Uploaded by

    Munivel Ellappan
    DNS Resolving Tools

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    DNS SERVER

    Basic DNS

     DNS is the network service that translates a fully qualified


    domain name, such as www.india.gov.in, to a numeric IP
    address, such as 164.100.129.97.
    DNS
    Server
    Client

    data

     DNS can also potentially do the reverse translating a


    numeric IP address to a fully qualified domain name.

     DNS also map different types of records like MX, TXT,


    CNAME etc.

    Page 2 National Informatics Centre


    DNS Concept

     Distributed ‘Database’ to resolve domain name.

     DNS uses both UDP and TCP protocols for the


    transport of its queries/Zone files.

     UDP is a connectionless protocol or not a secure


    protocol. It uses port 53 for both protocols (i.e., ports
    53/UDP and 53/TCP for Zone transfer).

     Common queries such as the translation of a name to


    an IP address and vice versa are performed by UDP
    protocol.

    Page 3 National Informatics Centre


    DNS Concept Why DNS Servers Required -4

    Using BIND (Berkeley Internet Name Daemon) software for


    running DNS services. It is the most popular software for
    providing DNS services Slave
    DNS

    ► Types of name servers


    ► Authoritative servers Master Slave
    DNS DNS
    ► master (primary)
    ► slave (secondary)
    ► (Caching) recursive servers Slave
    ► also caching forwarders DNS

    ► Mixture of functionality

    Page 4 National Informatics Centre


    Hierarchy of Name Servers Why DNS Servers Required -5

    The structure of the DNS system relies on a tree structure where the higher level
    Domains called TLD ( TOP Level Domain) , All TLD attached to a root node
    represented by a dot. There are two categories of TLD (Top Level Domains):

     gTLD (generic TLD). gTLDs


    are top level generic domain
    names offering a classification
    according to the sector of
    activity. Ex:

    .com relates to commercial use.


    .edu relates to educational organizations
    .gov relates to governmental organizations

     ccTLD (country code TLD).


    Ex: Code Country
    AU Australia
    HK Hong Kong
    JP Japan
    IN India

    Page 5 National Informatics Centre


    DNS Query Resolving Steps Why DNS Servers Required -6

    1. Client ask for www.nic.in


    from caching server.
    2. Caching or Recursive
    server forward request
    root server.
    3. Root server further sent
    request to known .IN
    server
    4. .IN server know the
    location of nic.in server
    thus send it further to
    nameserver of nic.in.
    5. Nic.in nameserver gives
    it answer to the
    crosponding servers.
    6. Finally session
    esablished with desired
    server having web site
    www.nic.in.

    Page 6 National Informatics Centre


    NIC Authoritative DNS Servers Overview of NIC DNS Servers

    DNS server Location of the


    S No. IP Address
    Name Server
    DNS Server
    1 NS1.NIC.IN 164.100.14.3 NIC-HQ Delhi
    registered for 3rd
    .4th level of
    2 NICNET.NIC.IN 164.100.9.3 NIC- HQ Delhi
    nic.in domains
    3 NS6.NIC.IN 164.100.2.3 NIC-HYD
    4 NS8.NKN.IN 2405:8a00:1000::2 NIC- Shastri Park

    DNS server Location of the


    S No. IP Address
    Name Server
    DNS Server
    1 NS1.NIC.IN 164.100.14.3 NIC-HQ Delhi registered for
    gov.in and
    2 NS2.NIC.IN 164.100.10.18 NIC- HQ Delhi other URLs
    3 NS7.NIC.IN 164.100.2.11 NIC-HYD
    4 NS10.NKN.IN 2405:8a00:1000::2 NIC-Shastri Park

    Page 7 National Informatics Centre


    Anycast Caching DNS Servers Overview of NIC DNS Servers

    Multiple nodes configured to accept DNS


    traffic on single IP address. Anycast DNS
    Traffic from different node may follow 164.100.3.1

    separate path. S No. Location


    1 Delhi
    164.100.3.1
    DELHI
    164.100.3.1 2 Bhopal
    Gauhatty
    3 Gandhinagar
    Client INTERNET 4 Kolkatta
    CLOUD 164.100.3.1
    Kolkatta
    5 Bhuvneshwer
    6 Gauhatty
    164.100.3.1
    164.100.3.1
    Hyderabad
    7 Hyderabad
    Banglore
    8 Banglore
    In this scenario clients choose a nearby DNS 9 Chennai
    server 164.100.3.1 for their DNS query 10 Chandigarh
    resolving.
    Page 8 National Informatics Centre
    Benefits of Anycast DNS Server Overview of NIC DNS Servers

    ► Automate failover, When an Anycast DNS servers gets down


    due to power failure or some other reason then route is
    withdrawn from that server then user query will be resolve
    from next nearby Anycast DNS server. Thus no need to
    configure other DNS
    ► Decrease latency
    ► Improve load distribution
    ► Simplify configuration and maintenance
    ► Increase resiliency to DoS and DDoS attacks

    Page 9 National Informatics Centre


    Overview of NIC DNS Servers

    Protection from malware domains


    ► Using latest BIND (Berkeley Internet Name Daemon ) software, it
    is an open source DNS software, it is being maintained by ISC
    (Internet System Consortium) .
    ► Maintaining a list of malware domains in 164.100.3.1 &
    164.100.17.3 as per instruction from NIC Cyber Security
    Division. These Caching server are announced for NICNET users.
    ► Configured DNS RPZ in all caching servers. It is a service which
    provides reputation information of domains and accordingly
    prepare a list of URLs which can be blocked. ISC maintain list of
    RPZ.
    We are blocking certain domains or URLs as per instruction from Security
    Division because these domains can damage users data and even can
    spread virus/worm in the entire Network.

    Page 10 National Informatics Centre


    DNS resolving tools

    ► Nslookup
    ► Dig
    ► Host
    ► Online sites for testing domain resolving

    1. http://network-tools.com,
    2. http://mxtools.com
    3. http://www.kloth.net/services/nslookup.php

    Page 11 National Informatics Centre


    THANKS

    Page 12 National Informatics Centre

    You might also like