dns & pnrp
DESCRIPTION
Name Resolution in Windows Server 2008 (R2). DNS & PNRP. Name Resolution Overview. NetBIOS name resolution Host name resolution Peer Name Resolution. Name Resolution Overview. - PowerPoint PPT PresentationTRANSCRIPT
DNS & PNRPName Resolution in Windows Server 2008 (R2)
Name Resolution Overview NetBIOS name resolution Host name resolution Peer Name Resolution
Name Resolution Overview NetBIOS name resolution
* Originally a broadcast-based NR protocol in PC-LAN & LM networks on top of NetBEUI* Based on single-label names (non-hierarchical)* Uses lmhosts (static) files, broadcasts and WINS (NBNS) servers in TCP/IP networks
Host name resolution* Original ARPANET (Internet) NR protocol* Based on multi-level names (hierarchical)* Distributed database model* Uses hosts (static) files and DNS Servers
Name Resolution Overview Peer Name Resolution
* Strictly for IPv6 addresses* Distributed and serverless protocol* Real-time updates* Adresses computers, ports and services* Unsecured or secured with PK-cryptography
Protocol stack comparison
P
A
D
N
T
S
P
NetBIOS Interface WinSock Interface
LLCMAC
NetBEUI(NBF)
SMB
SMB, CIFS, HTTP
TCP UDP
IP
medium
ARP, PPP, xDLC802.n
Broadcast NR Traffic Unicast NR Traffic
medium
802.n
Protocol stack comparison
P
A
D
N
T
S
P
NetBIOS InterfaceWinSock Interface
LLCMAC
SMB
SMB, CIFS, HTTP
TCP UDP
IP
medium
ARP, PPP, xDLC802.n
Broadcast NR Traffic Unicast NR Traffic
NBT
NetBIOS over TCP/IP helper
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
.yale .ucla.mit
.army.airforce.navySecond LevelDomains
.math.physics
.lawThird LevelDomains
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
.yale .ucla.mit
.army.airforce.navySecond LevelDomains
.math.physics
.lawThird LevelDomains
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
ISO 3166 country codes
.be.de
.jp.fr
.nl.il .ru .tw .tv.nu.au
.gb.gb
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
Internet DNS Namespace“ “root
.com.edu
.gov.int
.mil.net
.org
“13” root-servers.net
gTLD’sgeneric Top Level Domains
ISO 3166 country codes
.be.de
.jp.fr
.nl.il .ru .tw .tv.nu.au
.ukccTLD’s
Country codeTop Level Domains
a.root-servers.netb.root-servers.netc.root-servers.netd.root.servers.nete.root-servers.netf.root-servers.netg.root-servers.net
…l.root-servers.netm.root-servers.net
m.root-servers.net.
202.12.27.33l.root-servers.net.198.32.64.12k.root-servers.net.
193.0.14.129j.root-servers.net.198.41.0.10i.root-servers.net.192.36.148.17h.root-servers.net.
128.63.2.53g.root-servers.net.
192.112.36.4f.root-servers.net.192.5.5.241e.root-servers.net.
192.203.230.10d.root-servers.net.
128.8.10.90c.root-servers.net.
192.33.4.12b.root-servers.net.
128.9.0.107a.root-servers.net.
198.41.0.4
Recursive query“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
ww
w.a
maz
on.c
om?
? Root hints
Own zone? No!…
Cached? No!…
Cached? No!…Ask my DNS server
www
Iterative query“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
ww
w.a
maz
on.c
om?
? www.amazon.com?
Don’t know … ask .com
server!www.amazon.com?
amazon.com NS = 93.151.75.200 !www.amazon.com?
Oh, it’s … 93.151.75.13!
www
Recursive response“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
ww
w.a
maz
on.c
om?
? www.amazon.com?
Don’t know … ask .com
server!www.amazon.com?
amazon.com NS = 93.151.75.200 !www.amazon.com?
Oh, it’s … 93.151.75.13!
Ah, i
t’s
…
93.1
51.7
5.13
!
www
Recursive response“ “root
.amazon
.com
“13” root-servers.net
http://www.amazon.com
?
www
Cached: www.amazon.com = 93.181.75.13TTL = 3600
Domain vs. Zone
Domain is a node in the Internet namespace
Root domain is largest domain Zone is a file that contains records
for a domain with or without child domains
Zones can only contain contiguous domains
Child domains can be delegated to separate DNS servers (=zone delegation)
Domain vs. Zone.a
rpa .in
t
.gov
.mil
.co
m
.net
.ed
u
.org
.ccTLD’s
.acm
e.a
maz
on.b
ol.h
p.m
icro
soft
.con
toso
.goo
gle
.mys
pace
.you
tube
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
Root Domain
.com Domain.microsoft Domain
“.” (root)
Domain vs. Zone.a
rpa .in
t
.gov
.mil
.co
m
.net
.ed
u
.org
.ccTLD’s
.acm
e.a
maz
on.b
ol.h
p.m
icro
soft
.con
toso
.goo
gle
.mys
pace
.you
tube
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Domain vs. Zone
.co
m.m
icro
soft
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Single contiguous DNS zonefilecontains all records for domains:microsoft.comone.microsoft.comtechnet.microsoft.commsdn.microsoft.commcp.microsoft.comupdate.microsoft.comsupport.microsoft.com
Domain vs. Zone
.co
m.m
icro
soft
“.” (root)
DNS zonefilecontains only records for:microsoft.com
Delegated zonesEach DNS server contains a separate zone for each delegation:one.microsoft.comtechnet.microsoft.commsdn.microsoft.commcp.microsoft.comupdate.microsoft.comsupport.microsoft.com
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
Partly delegated contiguous DNS zonefilecontains records for:microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com
Domain vs. Zone
.co
m.m
icro
soft
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Delegated zonesEach DNS server contains a separate zone for each delegation:update.microsoft.comsupport.microsoft.com
Partly delegated contiguous DNS zonefilecontains records for:microsoft.com one.microsoft.com technet.microsoft.com msdn.microsoft.com mcp.microsoft.com
Domain vs. Zone
.co
m.m
icro
soft
.one
.tec
hnet
.msd
n.m
cp.u
pdat
e.s
uppo
rt
“.” (root)
Illegal delegationDomains .update and .support are non-contiguous(common parent needed)
Zone types
Primary zone Secondary zone Stub zone AD integrated zone (acts as primary
zone) RODC AD integrated zone (acts as
primary Read-Only zone)
Primary Zone
.co
m
“.” (root)
Primary Zone file contains R/W-version of data
acme.com.dnsacme.com IN SOAwww.acme.com 10.10.0.50srv1.acme.com 10.10.0.20mail.acme.com 10.10.0.30
Manual updates
Automatic updates
Refreshes
ns1.acme.com 10.10.0.40ns2.acme.com 10.10.0.60pc1.acme.com 10.10.0.100pc2.acme.com 10.10.0.101pc3.acme.com 10.10.0.102
.acm
e
Secondary Zone
Primary Zone file contains R/W-version of data
acme.com.dnsacme.com IN SOAwww.acme.com 10.10.0.50srv1.acme.com 10.10.0.20mail.acme.com 10.10.0.30
Manual updates
Automatic updates
Refreshes
ns1.acme.com 10.10.0.40ns2.acme.com 10.10.0.60pc1.acme.com 10.10.0.100pc2.acme.com 10.10.0.101pc3.acme.com 10.10.0.102
Secondary Zone file contains R/O-version of data
.co
m
“.” (root)
.acm
e
Secondary Zone
Primary Zone file contains R/W-version of data
Secondary Zone file contains R/O-version of data
.co
m
“.” (root)
.acm
e
Request full zone transfer (AXFR)
Authorized?…Yes!
And Full Zone Transfer (AXFR)
DNS Notify
Primary Zone file contains R/W-version of data
Secondary Zone file contains R/O-version of data
.co
m
“.” (root)
.acm
e
And Incremental Zone Transfer (IXFR)
Update
DNS Notify
Database version increment
Get SOA recordVersion increment = 1IXFR (1 record)(send 1 record)
Database version increment
Aging and Scavenging
T0
Dis
cover O
ffer
Request
Ackn
ow
led
ge
Registe
r D
NS
Request
Ackn
ow
led
ge
Registe
r D
NS
Request
Ackn
ow
led
ge
Registe
r D
NS
Tl
1 st No-Refresh Interval Refresh Interval2nd No-Refresh Interval
DHCP
DNS
Lease
0,5 Lease Renewed Lease
0,5 Lease Renewed Lease
Zone fileversion: 1
2
3
Aging and Scavenging
T0
Dis
cover O
ffer
Request
Ackn
ow
led
ge
Registe
r D
NS
Tl
1 st No-Refresh Interval Refresh Interval
DHCP
Lease
0,5 Lease
Scavenging Interval
DNS
Reverse Lookups
Resolve IP-addresses to FQDN’s Reverse indexes the Internet Uses the in-addr.arpa or ip6.arpa
Domain Requires participation of domain
holders Used for inbound SMTP server
determination(and more)
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.Internet rootdomaingTLD
2nd Leveldomain
3rd Leveldomain
Hostname
Left-to-rig
ht = Up th
e hierarchy
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.
191.124.17.201/24191.124.17.201
Host-IDNet-IDLeft-to-right = Down the hierarchy
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.
191.124.17.201/24191.124.17.201
Host-IDNet-IDLeft-to-right = Down the hierarchy
Reverse Lookups
Compare:hostname structure IP-address structure
Srv3.east.acme.com.
191.124.17.201
201.17.124.191.in-addr.arpa.“Host-ID” “Internet root”Left-to-right = Up the hierarchy
Reverse Lookups
Example IP-address 191.124.17.201 Find PTR 201.17.124.191.in-
addr.arpa. Iterates between DNS servers to find:
17.124.191.in-addr.arpa zone Finds 201 PTR record with name:
201 IN PTR srv3.acme.com Responsibility of acme.com domain
holder to maintain PTR records
Reverse Lookups.in
t
.gov
.mil
.in-a
ddr
.arp
a
.org
.ccTLD’s
1 2 3 … 191
192
… 254
255
1
“.” (root)
2 3 … 124
125
… 254
255
2 3 … 17 18 … 254
255
1
17.124.191.in-addr.arpa.acme.com IN SOA……199 PTR srv1.acme.com200 PTR srv2.acme.com201 PTR srv3.acme.com202 PTR srv4.acme.com……
What name belongs to IP:191.124.17.201 ?
srv3.acme.com !
191
.in-addr.arpa191.124.17.201.
Peer Name Resolution Protocol Mentioned on P2P conference
November 2001 July 2003: Advanced Networking Pack
for XP Later SP2 for XP PNRP 2.0 in Windows Vista, available for
XP PNRP 2.1 in:
* Windows Vista SP1* Windows Server 2008* Windows XP SP3* Windows 7 Easy Connect (Remote Assistance)
Peer Name Resolution Protocol
PNRP Clouds:A Cloud is a group of connected PNRP nodes(any node can resolve a name published by another node in the cloud)
Three cloud scopes:1. Global2. Site Local (deprecated)3. Link Local
When starting PNRP service it joins multiple clouds
Transient connectivity and shortcomings in DNS
Easily scales to billions of names
Peer name is a communications endpoint
Consists of Authority.Classifier (256 bits)
P2P and PNRP ID’s
e06bf33a5b21 …
SHA-1
. Friendly Name
= P2P ID
SHA-1
5ff01aac793c121f … (128 – bits hash)
Service Location (128 – bits) = PNRP ID
Authority Classifier
256 bits
Peer name is a communications endpoint
Consists of Authority.Classifier (256 bits)
P2P and PNRP ID’s
e06bf33a5b21 …
SHA-1
. Friendly Name
= P2P ID
SHA-1
5ff01aac793c121f … (128 – bits hash)
Service Location (128 – bits) = PNRP ID
Authority Classifier
256 bits
PNRP ID
Authority = 0 if unsecure, value if secure
P2P and PNRP ID’s
PNRP ID
Cache
End
Questions??