intro to dns 101: dyn chief scientist tom daly

Dyn.com | @dyninc

DNS 101: The Domain Name System (DNS)

Tom Daly Chief Scien5st, Dyn Labs [email protected] | @tomdyninc

DNS 101: The Domain Name System (DNS) Tom Daly @tomdyninc Dyn.com | @dyninc

Agenda •  Welcome and Introduc5on

•  DNS Components and Terminology

•  DNS is Cri5cal Internet Infrastructure

•  Challenges of Opera5ng DNS

•  Introduc5on to DynECT Managed DNS

•  Q&A

Let’s dive into DNS

hMp://www.flickr.com/photos/maM_gibson/2559703930/sizes/o/in/photostream/


An Analogy to Start… •  Servers on the Internet have IP Addresses, like a telephone number.

•  A Domain Name (like dyn.com, twiMer.com, and amazon.com) is a name badge on the Internet.

•  DNS (domain name system) service is the Internet’s Telephone Book.

•  If you have someone’s name, you can look up their phone number.

•  DNS maps domain names to IP addresses and other pieces of network data to get you to the right place.


Domain Names •  Domain Names are registered through ICANN accredited registrars – companies who work with domain name registries.

•  Example Registrars: –  Dyn.com –  GoDaddy –  Network Solu5ons

•  Example Registries: –  .com, .net, .org, .info, .biz, .mobi, .co.uk, .com.cn, .de, .dk


The Domain Name System (DNS) •  Fundamentally, the DNS is a mul5-‐level database distributed throughout the world.

•  DNS maps domain names to network resources, such as the IP address of a web server, FTP server, or e-‐mail server.

•  This is accomplished through a variety of DNS record types. Record types give you the hint about the type of remote server you’re contac5ng.


The Goal: Your Customers Connect

Components and Terminology

hMp://www.flickr.com/photos/kryptos5/3281740790/sizes/z/in/photostream/


Naming in DNS •  Fully Qualified Domain Name (FQDN): A complete name for something in the DNS. –  ex: server1.www.dyn.com. –  Alterna5vely known as a “Hostname”

•  Domain Name: A registered name with a registry. –  ex: dyn.com

•  Subdomain Name: A registered name within a Domain, but not an FQDN. –  ex: www.dyn.com


The DNS Hierarchy •  There are over 141,922,316 domain names registered in the main TLDs today.

•  That’s a lot of data for a single sever to have mapping informa5on about.

•  The DNS is broken up into various levels to help spread out the database.

•  Let’s look at how server1.www.dyn.com is setup in DNS – shall we?

It all starts at <root>

<root>

server1.www.dyn.com. ? A

With databases for each Top Level Domain

<root>


.com .net .org

With databases for each Domain in the TLD

<root>


.com

dyn.com cnn.com cnbc.com

Combining data helps to find the answer…

<root>

server1.www.dyn.com. ? A 204.13.248.106

.com

dyn.com

AuthoritaZve DNS servers have a copy of the data at every level.

<root>

.com

dyn.com

Root DNS Servers

.com Servers

dyn.com Servers

And delegaZons help us find relaZonships…

<root>

.com

dyn.com

Root DNS Servers

.com Servers

dyn.com Servers


What are we searching for? •  FQDNs and DNS Records – Ul5mate answers about where you want to go.

•  DelegaZons – Points to help you find the right path if the current authorita5ve server doesn’t know the answer.

•  DNS Security (DNSSEC) InformaZon – Secret passphrases and keys to secure DNS informa5on (an advanced topic!)


Popular Record Types •  (A) – point names to IPv4 addresses

–  ex. dyn.com A to 204.13.248.106

•  (AAAA) – points names to IPv6 addresses –  ex. dyn.com AAAA to 2600:2001:0:3::106

•  (CNAME) – points one name to another –  ex. www.dyn.com CNAME is an alias for dyn.com

•  (MX) – points email to an inbound email server –  ex. dyn.com MX to zmta-‐01-‐mht.dyndns.com.

•  (SPF) – declares authorized email servers for a domain –  ex. dyn.com TXT to "v=spf1 ip4:216.146.45.0/24”


DNS Servers in Two Parts •  AuthoritaZve DNS: The copies of maps about where to

go. –  We some5mes call this part “the Internet’s telephone book.” –  Geeks think of it as a huge, globally distributed database. –  Generally run by registrars, hos5ng providers, and managed DNS

providers.

•  Recursive DNS: The driver looking for maps, and taking you to the informa5on. –  More like “Directory Assistance” –  Ability to search for informa5on across lots of different

Authorita5ve DNS servers and temporarily store a copy of the info. –  Generally run by ISPs, or Dyn Internet Guide, OpenDNS, GoogleDNS


The AuthoritaZve DNS Server •  Clusters of authorita5ve DNS servers work together to provide redundancy.

•  Delega5ons indicate all of a domain’s poten5al servers in a cluster.

dyn.com

ns1.dyn.com ns2.dyn.com

ns3.dyn.com ns4.dyn.com


The Recursive DNS Server •  One or two recursive DNS servers are given to your ISP or provider – you only use one at a 5me.

•  They help find you answers about the Internet, places to go, things to do.

•  Recursive DNS servers cache DNS answers for a period of 5me, known as the Time to Live (TTL).

•  This helps DNS be less noisy on the Internet.

Recursive DNS

Working Together: The Lifecycle of a DNS Request

<root>

server1.www.dyn.com.

204.13.248.106

.com

dyn.com

Root DNS Servers

.com Servers

dyn.com Servers

Recursive DNS

DNS is core Internet Infrastructure

hMp://www.poslovnipuls.com/wp-‐content/uploads/2011/05/sta5s5ka_v.jpg


Internet ApplicaZons Depends on DNS •  Web: U5lizes A (IPv4) and AAAA (IPv6) records to locate web servers for web sites.

•  Email: U5lizes MX records to locate email servers and to implement automated email server failover.

•  An5-‐SPAM: SPF, DKIM and DMARC all used to prevent junk from gesng to the inbox.

•  VPN: IPSECKEY records help secure connec5ons. •  Collabora5on: SRV records help locate chat, audio, and video conferencing bridges and components.


DNS for the Web


DNS for Email


DNS for VOIP


DNS for Audio and Video

Challenges of OperaZng DNS

hMp://www.poslovnipuls.com/wp-‐content/uploads/2011/05/sta5s5ka_v.jpg


DNS MisconfiguraZon •  Misconfigura5on of DNS s5ll accounts for a significant number of site outages worldwide.

•  State of the Art is a Text Editor: •  Some appliances have a fancy UI on them.


Availability and Performance •  DNS must always be available, otherwise, web, email, video, VOIP, and online services are down.

•  Need to build redundancy into the network, and maintain specially clustered systems.

•  Risk of aMack on your DNS? •  When things go wrong, people say:


Limited Visibility and Monitoring •  Except for custom tools, repor5ng for DNS is limited.

•  DNS needs global monitoring and availability repor5ng.

•  Can you really tell if you are up or down from within your network?

•  Even worse, what happens when your customers noZce?!!!

SoluZon: DynECT Managed DNS

hMp://www.flickr.com/photos/nhuisman/3168683736/sizes/l/in/photostream/


Web UI or API?

DNS Core Engine

WebUI

SOAP API

REST API

Dynamic DNS API


Global ResoluZon Network


Extensive ReporZng

A Proven Track Record

And an amazing team!

Dyn.com | @dyninc

Stay Tuned!

DNS 102: Managing Traffic with DynECT Managed DNS Advanced Services

October 31st @ 02:00pm Eastern Time

Thanks for listening!

Dyn.com | @dyninc

Thank You!

Email: [email protected]

TwiMer: @tomdyninc

Thanks for listening!

intro to dns 101: dyn chief scientist tom daly

Technology

generally

ip addresses

email

network

informa5on

data

internet

components