How Public DNS Works – Practical Simulation – InsideOut – Part III
WaheGuru G Ka Khalsa, WaheGuru G Ki Fateh
Here we continue with Public DNS Infrastructure Simulation using RedHat Enterprise Linux 5.2 release as DNS Server. Make Sure you had followed Part I and Part II before continuing.
This Post has been divided into Three Parts. Part I solely relates to Prerequisite Information and Basics while Second and Third Part deal with Simulation of Public DNS Infrastructure thereby mimicking DNS Name resolution as on Public Internet.
In Part II we also highlight the Real World DNS Infrastructure and it’s Equivalent Virtual Setup Infrastructure that will be used for Simulation. So make sure you also follow Part II (in addition to Part I ) – in order to Understand Network and System Configuration implemented in our Equivalent Virtual Setup.
We will be establishing our own Internal Root Hint Servers (.), Global Top-Level Domain(GTLD) Servers (such as .COM), and Second Level Domains (such as VirtualizationMaximus.com.) using RedHat Enterprise Linux 5.2 release as NS Server for all the Domains residing in our in simulated DNS NameSpace Hierarchy.
Root Server – 10.0.0.11 Configuration:
1) Master Zone - . - and set NS Servers as "a.root-servers.net - 10.0.0.11"
and "b.root-servers.net - 10.0.0.12".
2) Create DNS Delegation on 10.0.0.11 - for - NET. and COM. Domains with:
COM. Delegated NS Servers pointing to "a-gtld-servers.net - 10.0.0.13"
and "b.gtld-servers.net - 10.0.0.14"
NET. Delegated NS Servers pointing to "a-gtld-servers.net - 10.0.0.13"
and "b.gtld-servers.net - 10.0.0.14"
3) Zone Transfers of Root Zone allowed to - "b.root-servers.net - 10.0.0.12"
4) Create Slave DNS Zone "." on 10.0.0.12 with Master Server set
to 10.0.0.11 - and initiate DNS Zone Transfer.
.
5) Disable Recursion on a.root-servers.net. & a.root-servers.net. NS Server
Root DNS Domain – Zone Declaration – in named.conf:
zone "." {
allow-transfer {10.0.0.12;};
type master;
file "RootDomain.db";
};
Root DNS Domain – Zone Definition – in RootDomain.db:
$TTL 86400 @ IN SOA a.root-servers.net. webmaster ( 2013021301 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS a.root-servers.net. IN NS b.root-servers.net. a.root-servers.net. IN A 10.0.0.11 b.root-servers.net. IN A 10.0.0.12 $ORIGIN com. @ IN NS a.gtld-servers.net. @ IN NS b.gtld-servers.net. a.gtld-servers.net. IN A 10.0.0.13 b.gtld-servers.net. IN A 10.0.0.14
gTLD Server – 10.0.0.13 Configuration:
1) Create Primary DNS Zone - COM and set NS Servers as
"a.gtld-servers.net - 10.0.0.13" | "b.gtld-servers.net - 10.0.0.14"
.
2) Create Master DNS Zone - NET and set NS Servers as
"a.gtld-servers.net - 10.0.0.13" | "b.gtld-servers.net - 10.0.0.14"
3) Create new Domain - "gtld-servers" under NET Domain with these RRs:
"a.gtld-servers.net - 10.0.0.13" | "b.gtld-servers.net - 10.0.0.14"
4) Create new Domain - "root-servers" under NET Domain with these RRs:
"a.root-servers.net - 10.0.0.11" | "b.root-servers.net - 10.0.0.12"
5) Set Root HINTS on "a.gtld-servers.net - 10.0.0.13" and
"b.gtld-servers.net - 10.0.0.14" as
"a.root-servers.net - 10.0.0.11" & "b.root-servers.net - 10.0.0.12"
6) Disable Recursion on ns1.yahoo.com & ns2.yahoo.com NS Server
7) Zone Transfers of COM. and NET. DNS Zone allowed to -
"b.gtld-servers.net - 10.0.0.14"
8) Create Slave DNS Zone "COM." and "NET."on 10.0.0.14 with
Primary Server set to 10.0.0.13 - and initiate DNS Zone Transfer.
9) Create DNS Delegation for Second Level Domains as:
Yahoo.com - Delegated to - "ns1.yahoo.com - 10.0.0.15" &
"ns2.yahoo.com - 10.0.0.16"
WordPress.com - Delegated to - "ns1.wordpress.com - 10.0.0.17" &
"ns2.wordpress.com - 10.0.0.18"
gTLD Domain – COM. and NET. DNS Domain – Zone Declaration – in named.conf:
zone "com." {
type master;
allow-transfer {10.0.0.14;};
file "gTLD-com.db";
};
zone "net." {
type master;
allow-transfer {10.0.0.14;};
file "gTLD-net.db";
};
gTLD Domain – COM. and NET. DNS Domain – Zone Definition – in gTLD-com.db & gTLD-net.db respectively:
COM. Definitions in gTLD-com.db: $TTL 86400 @ IN SOA a.gtld-servers.net. hostmaster ( 2013021301 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS a.gtld-servers.net. IN NS a.gtld-servers.net. $ORIGIN yahoo.com. @ IN NS ns1.yahoo.com. @ IN NS ns1.yahoo.com. ns1 IN A 10.0.0.15 ns2 IN A 10.0.0.16 $ORIGIN wordpress.com. @ IN NS ns1.wordpress.com. @ IN NS ns1.wordpress.com. ns1 IN A 10.0.0.17 ns2 IN A 10.0.0.18 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; NET. Definitions in gTLD-net.db: $TTL 86400 @ IN SOA a.gtld-servers.net. hostmaster ( 2013021301 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS a.gtld-servers.net. IN NS a.gtld-servers.net. a.gtld-servers A 10.0.0.13 b.gtld-servers A 10.0.0.14 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
gTLD Domain – COM. and NET. NS Servers – Root Hints Declaration – in named.conf:
zone "." IN {
type hint;
file "named.root";
};
gTLD Domain – COM. and NET. NS Servers – Root Hints Definition – in named.root:
[root@rhel-52-13 ~]# cat /var/named/named.root ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7033 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.11 B.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.12 ;; Query time: 110 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Tue Feb 26 15:05:57 2008 ;; MSG SIZE rcvd: 615
Second Level Domain – Yahoo.com – NS Server – 10.0.0.15 – Configuration:
1) Create Master DNS Zone - Yahoo.com
.
2) Disable Recursion on ns1.yahoo.com & ns2.yahoo.com NS Server
3) Set Root Hints on ns1.yahoo.com & ns2.yahoo.com as
"a.root-servers.net - 10.0.0.11" | "b.root-servers.net - 10.0.0.12"
4) Zone Transfers of Yahoo.com Zone allowed to - "ns2.yahoo.com - 10.0.0.16"
5) Create Slave DNS Zone "Yahoo.com." on 10.0.0.16 with Primary Server set
to 10.0.0.15 - and initiate DNS Zone Transfer.
Yahoo.com DNS Domain – Zone Declaration – in named.conf:
zone "yahoo.com" {
type master;
allow-transfer {10.0.0.16;};
file "yahoo.com.db";
};
Yahoo.com DNS Domain – Zone Definition – in yahoo.com.db:
$TTL 86400 @ IN SOA ns1 hostmaster ( 2013021301 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns1 IN NS ns1 ns1 IN A 10.0.0.15 ns1 IN A 10.0.0.16 @ IN A 10.10.10.10
Yahoo.com NS Servers – Root Hints Declaration – in named.conf:
zone "." IN {
type hint;
file "named.root";
};
Yahoo.com NS Servers – Root Hints Definition – in named.root:
[root@rhel-52-15 ~]# cat /var/named/named.root ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7033 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.11 B.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.12 ;; Query time: 110 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Tue Feb 26 15:05:57 2008 ;; MSG SIZE rcvd: 615
Second Level Domain – WordPress.com – NS Server – 10.0.0.17 – Configuration:
1) Create Master DNS Zone - WordPress.com
2) Disable Recursion on ns1.wordpress.com & ns2.wordpress.com NS Server
3) Set Root Hints on ns1.wordpress.com & ns2.wordpress.com as
"a.root-servers.net - 10.0.0.11" | "b.root-servers.net - 10.0.0.12"
4) Zone Transfers of wordpress.com Zone allowed to - "ns2.wordpress.com - 10.0.0.18"
5) Create Slave DNS Zone "Wordpress.com." on 10.0.0.18 with Primary Server set
to 10.0.0.17 - and initiate DNS Zone Transfer.
WordPress.com DNS Domain – Zone Declaration – in named.conf:
zone "wordpress.com" {
type master;
allow-transfer {10.0.0.16;};
file "wordpress.com.db";
};
WordPress.com DNS Domain – Zone Definition – in yahoo.com.db:
$TTL 86400 @ IN SOA ns1 hostmaster ( 2013021301 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns1 IN NS ns1 ns1 IN A 10.0.0.17 ns1 IN A 10.0.0.18 @ IN A 10.10.10.11
WordPress.com NS Servers – Root Hints Declaration – in named.conf:
zone "." IN {
type hint;
file "named.root";
};
WordPress.com NS Servers – Root Hints Definition – in named.root:
[root@rhel-52-17 ~]# cat /var/named/named.root ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7033 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.11 B.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.12 ;; Query time: 110 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Tue Feb 26 15:05:57 2008 ;; MSG SIZE rcvd: 615
We now create an additional DNS Server – running RHEL 5.2 release with IP Addr 10.0.0.21 – which will act as Public DNS Server – such as 8.8.8.8 [google-public-dns-a.google.com] – and will perform standard Recursion for the Incoming DNS Queries. On 10.0.0.21, we simply set Root Hints as “a.root-servers.net – 10.0.0.11 & b.root-servers.net 10.0.0.12″ by editing “named.root” on this Server – depicted below:
Additional DNS Server – 10.0.0.21 – Root Hints Declaration – in named.conf:
zone "." IN {
type hint;
file "named.root";
};
Additional DNS Server – 10.0.0.21 – Root Hints Definition – in named.root:
[root@rhel-52-21 ~]# cat /var/named/named.root ; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7033 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.11 B.ROOT-SERVERS.NET. 3600000 IN A 10.0.0.12 ;; Query time: 110 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Tue Feb 26 15:05:57 2008 ;; MSG SIZE rcvd: 615
We will use DIG Iteration (+trace) to validate our Simulated Public DNS Infrastructure – as seen below:
On 10.0.0.21, we execute DIG with +trace and @ options, as seen below… …
Yahoo.com – Simulated – DIG Results:
[root@rhel-52-21 ~]# dig +trace yahoo.com @127.0.0.1 ; <<>> DiG 9.3.4-P1 <<>> +trace yahoo.com @127.0.0.1 ; (1 server found) ;; global options: printcmd . 86388 IN NS b.root-servers.net. . 86388 IN NS a.root-servers.net. ;; Received 95 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 86400 IN NS b.gtld-servers.net. com. 86400 IN NS a.gtld-servers.net. ;; Received 107 bytes from 10.0.0.12#53(b.root-servers.net) in 0 ms yahoo.com. 86400 IN NS ns1.yahoo.com. ;; Received 61 bytes from 10.0.0.14#53(b.gtld-servers.net) in 5 ms yahoo.com. 86400 IN A 10.10.10.10 yahoo.com. 86400 IN NS ns1.yahoo.com. ;; Received 93 bytes from 10.0.0.16#53(ns1.yahoo.com) in 9 ms
ScreenShot displaying Yahoo.com – Simulated Setup – Results:
Yahoo.com – RHEL 5.2 – Simulated Setup Results – 01
Compare the above shown Simulated output DIG results to the below shown Real World Public DNS Infrastructure DIG results (results Excerpts):
Yahoo.com – Real World – DIG Results:
C:\Users\Harmandeep>dig @8.8.8.8 +trace yahoo.com ; <<>> DiG 9.3.2 <<>> @8.8.8.8 +trace yahoo.com ; (1 server found) ;; global options: printcmd . 13194 IN NS a.root-servers.net. . 13194 IN NS b.root-servers.net. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 62 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 487 bytes from 193.0.14.129#53(k.root-servers.net) in 27 ms yahoo.com. 172800 IN NS ns1.yahoo.com. yahoo.com. 172800 IN NS ns2.yahoo.com. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 197 bytes from 192.5.6.30#53(a.gtld-servers.net) in 327 ms yahoo.com. 1800 IN A 98.138.253.109 yahoo.com. 1800 IN A 206.190.36.45 yahoo.com. 1800 IN A 98.139.183.24 yahoo.com. 172800 IN NS ns1.yahoo.com. yahoo.com. 172800 IN NS ns2.yahoo.com. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 313 bytes from 68.180.131.16#53(ns1.yahoo.com) in 179 ms
WordPress.com – Simulated – DIG Results:
[root@rhel-52-21 ~]# dig +trace wordpress.com @127.0.0.1 ; <<>> DiG 9.3.4-P1 <<>> +trace wordpress.com @127.0.0.1 ; (1 server found) ;; global options: printcmd . 86315 IN NS a.root-servers.net. . 86315 IN NS b.root-servers.net. ;; Received 95 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 86400 IN NS a.gtld-servers.net. com. 86400 IN NS b.gtld-servers.net. ;; Received 111 bytes from 10.0.0.11#53(a.root-servers.net) in 3 ms wordpress.com. 86400 IN NS ns1.wordpress.com. ;; Received 65 bytes from 10.0.0.13#53(a.gtld-servers.net) in 0 ms wordpress.com. 86400 IN A 10.10.10.11 wordpress.com. 86400 IN NS ns1.wordpress.com. wordpress.com. 86400 IN NS ns2.wordpress.com. ;; Received 115 bytes from 10.0.0.17#53(ns1.wordpress.com) in 0 ms
ScreenShot displaying WordPress.com – Simulated Setup – Results:
WordPress.com – RHEL 5.2 – Simulated Setup Results – 01
Compare the above shown Simulated output DIG results to the below shown Real World Public DNS Infrastructure DIG results (results Excerpts):
WordPress.com – Real World – DIG Results:
C:\Users\Harmandeep>dig @8.8.8.8 +trace wordpress.com ; <<>> DiG 9.3.2 <<>> @8.8.8.8 +trace wordpress.com ; (1 server found) ;; global options: printcmd . 12703 IN NS a.root-servers.net. . 12703 IN NS b.root-servers.net. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 138 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 491 bytes from 193.0.14.129#53(k.root-servers.net) in 29 ms wordpress.com. 172800 IN NS ns1.wordpress.com. wordpress.com. 172800 IN NS ns2.wordpress.com. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 235 bytes from 192.5.6.30#53(a.gtld-servers.net) in 576 ms wordpress.com. 300 IN A 72.233.104.124 wordpress.com. 300 IN A 66.155.11.243 wordpress.com. 14400 IN NS ns1.wordpress.com. wordpress.com. 14400 IN NS ns2.wordpress.com. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ;; Received 267 bytes from 72.233.69.14#53(ns1.wordpress.com) in 547 ms
So, we successfully Simulated Public DNS Infrastructure, Hierarchy and Name Resolution process in its entirety using BIND 9.3.4 with RedHat Enterprise Linux 5.2 release.
Hope this Helps and Cheers 
| Your feedback is highly appreciated.
WaheGuru G Ka Khalsa, WaheGuru G Ki Fateh
Copyright © 2013
For copyright purposes, VirtualizationMaximus.com is not in the public domain. The fact that this blog owner publishes an RSS feed does not grant any rights for republication or re-use of the material except in the manner described below.
All content in this blog created by the blog owner and his guest authors is the property of the blog owner and his guest authors and protected by international copyright laws and cannot be stored on any retrieval system, reproduced, reposted, displayed, modified or transmitted in any form, electronic or otherwise without written permission of the copyright owner except as noted below.
A brief excerpt of content that does not exceed 128 words or 512 characters may be quoted as long as a link is provided back to the source page on this blog and authorship is properly attributed.
Posted on February 6, 2013, in DNS and tagged 9.3.4, a.gtld-servers.net, a.root-servers.net, b.gtld-servers.net, b.root-servers.net, BIND, delegated, Delegation, DIG, dns, GTLD, How, iteration, linux, NS Query, ns1.wordpress.com, ns1.yahoo.com, ns2.wordpress.com, ns2.yahoo.com, part I, Part II, Part III, public, recursion, redhat, RHEL, simulate, simulation, trace, wordpress.com, works, yahoo.com. Bookmark the permalink. 2 Comments.
Pingback: How Public DNS Works – Practical Simulation – InsideOut – Part I « VirtualizationMaximus.com
Pingback: How Public DNS Works – Practical Simulation – InsideOut – Part II « VirtualizationMaximus.com