DOCSLIB.ORG

Design of a Reactive DNS Measurement System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Design of a Reactive DNS Measurement System Design of a Reactive DNS Measurement System Jochem Braakhuis 13-07-2021, University of Twente [email protected] Abstract—For speed, robustness and safety of the Internet, it is will then delegate the query to the appropriate top-level domain important that information on name servers in every level of the name server dependent on the entered domain (.com, .org, .nl). hierarchical DNS structure is accurate and consistent. OpenIN- Then, the top-level domain name server will in turn delegate TEL, designed in 2016, measures about half of the global names- the query to the authoritative name server for the entered pace every day, but lacks flexibility in reactive measurement. To domain, which finally returns the IP address of the domain’s provide an easily scalable framework for performing research server to the user, or delegate it to authoritative name servers in DNS inconsistencies, we designed and tested a reactive DNS measurement system compatible with OpenINTEL, supported by for further sub-domains. Section II further elaborates on this Apache Kafka message broker functionality. The software can process. query multiple levels in the DNS hierarchy and supports 10 query In addition to storing the IP addresses of name servers types. Initial high-volume testing of the resolver authoritative level shows the software is able to handle large volumes of and domains, name servers also contain other records about queries, but only gives a lower bound on the performance of the domains in their zone. For example, MX records contain the software. Testing of more authoritative levels, testing on purpose- domain names of the servers that handle email traffic for the built hardware and implementation of extended decoder logic and domain, and their priority. A lot of records are related to performance optimisation is required to successfully deploy the security. DNSSEC is a system that was implemented to verify software. the integrity of DNS traffic and records, and the DNSKEY record for example contains the public key that can be used I. INTRODUCTION to verify signatures. [1] In total, there are over 45 different records that can be stored on a name server [2]. The Domain Name Service (DNS) is a very important part of the modern Internet, providing a service that can translate Figure 2 shows the response of a query for the IPv4 address human readable domain names into the IP address of their of utwente.nl. We provide a more detailed description of the server. DNS uses a hierarchical structure, starting at the Root. form of a DNS resource record and the DNS response in This hierarchical structure of DNS can be seen in figure 1. section II. Fig. 2. DNS Response for an A Query of utwente.nl To make sure that the Internet remains fast and secure, it is important to monitor DNS name servers. Since DNS is such an important link between users of the Internet and the domains they want to visit, impact of failure of this system can be huge. If a name server contains inaccurate information, it is possible the IP address of a domain becomes unresolvable, or hackers Fig. 1. The Hierarchy of DNS can take control of a misconfigured name server and lead users to the wrong domain. Research into the effects and prevalence of inconsistency between name servers in different levels of the All DNS queries, provided the resource record for that hierarchy has shown that this is a relevant problem, and while query is not cached, go to the Root servers first. The Root this research was in part performed by retrieving information from different levels of the DNS hierarchy, and retrieving and VII describes the setup used to perform high-volume testing comparing information form multiple name servers of the same of the software, the results of which are listed in section domain, the measurements were performed in a non-scalable VIII. Lastly, section IX contains the general conclusion, and way. To perform these types of research more easily, a scalable recommendations for future work. and flexible reactive DNS measurement system would be ideal. Reactive measurements in this sense are DNS measurements II. BACKGROUND performed on demand as a reaction to a trigger. Triggers can be for example the registration of a new domain, the issuing DNS Hierarchy Levels of a new certificate of a domain, etc. In this thesis, we will frequently discuss the different levels Multiple large scale active DNS measurement systems have of DNS hierarchy. In this subsection we will elaborate on the already been developed. For example in 2016, researchers at distinction between a so-called ”parent” name server and a Georgia University of Technology developed such a system ”child” name server. We define the ”child” name server as an [3], just like researchers at the University of Vienna in 2015 authoritative name server of a domain. The plural form of this [4], the latter of which focused on the security of email term, i.e. ”children”, refers to all of the authoritative name systems. Another one of these systems, and the system that we servers of a domain. Conversely, ”parent” name server refers will be focusing on most in this paper, is the system developed to the name server of the authoritative level above the domain. by researchers at the University of Twente in 2016 [6]. This For example, the parent of ewi.utwente.nl is utwente.nl, so system is called OpenINTEL, and it measures around 50% of the parent name server is the authoritative name server of the Internet’s Second Level Domain DNS records every day. utwente.nl. When the domain is a second-level domain, such OpenINTEL provides the ability and scalability to perform this as utwente.nl, its parent is the top level domain, and the parent task, however it has certain limitations. Mainly, the system name server is this TLD’s name server. lacks flexibility in being able to perform diverse reactive mea- surements. OpenINTEL takes a bulk of measurement requests The DNS Resolver for second level domains every day, and it requests the same The process by which a domain name is converted to set of predefined queries every day. It lacks any possibility of an IP address is called resolution of a domain name, and reacting to triggers or performing on-demand measurements. this function, as well as the lookup of other DNS records, The main objective of this thesis is to design a system is provided by a recursive resolver. A resolver takes a DNS that can be used in addition to OpenINTEL, sharing the same query and returns the answer, going through the hierarchical data formats and general setup, but that is more flexible in the levels as shown in figure 1. Web browsers mostly use resolver types of queries it can perform and is able to query multiple functionality provided by the ISP, but there are also public levels in the DNS hierarchy. The system should be dynamically DNS resolvers, such as the Google Public Resolver and the scalable and have a performance speed in the same order as Cloudflare DNS Resolver. It is also possible to install a OpenINTEL. recursive DNS resolver on local hardware, we call this a ”local resolver”. In order for our system to maintain compatibility with OpenINTEL, it will use the same data structure. The reasoning DNS Response Format behind maintaining compatibility with this data structure is to allow for the reuse of data analysis code developed for previous The format of a DNS resource record is described in works on OpenINTEL. Section II contains more information RFC1035 [5]. This format is shared between the answer, about the OpenINTEL data format. authority and additional sections. Table I shows the fields in a resource records, with a short description of what the field To accomplish this design, several research questions can contains. be formulated. The following questions will be discussed in this report: TABLE I. THE FORMAT OF A DNS RESOURCE RECORD Field Description 1) How can the system query different hierarchical lev- NAME The domain name the record belongs to els? TYPE The record type, e.g. A, NS, MX etc. 2) How can a DNS response be converted to the desired CLASS The class of data in the record TTL The time that the record may be cached data format? RDLENGTH The length in octets of the RDATA field 3) How can dynamic scalability be achieved? This contains the actual information contained 4) Can the performance in terms of measurements per RDATA in the record, e.g. the domain’s IP address, second be compared to OpenINTEL? its name servers, or its mail servers Structure of the Thesis When a name server is queried, it will return the appropri- ate resource record. It is important to note here that the data Section II lists important background concepts for the contained within the record is stored in just 1 field, RDATA. design of our software, in section III we list existing work This means we have to implement some sort of decoder logic related to the objective of this thesis, and start to form in our software to convert this single field into information that design objectives. Section V list the design objectives in a can be stored in the fields of our output data format. concise manner, so they can be referred back to. In section V we list and motivate design decisions, and in section VI Figure 3 shows the DNS response for an MX query of the actual implementation of the design is described. Section utwente.nl. This response contains in order the NAME, TTL, CLASS, TYPE and RDATA fields from the resource record.
Load more

Recommended publications
  • Domain Name System 1 Domain Name System
    Domain Name System 1 Domain Name System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service translates queries for domain names (which are easier to understand and utilize when accessing the internet) into IP addresses for the purpose of locating computer services and devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6). The Domain Name System makes it possible to assign domain names to groups of Internet resources and users in a meaningful way, independent of each entity's physical location. Because of this, World Wide Web (WWW) hyperlinks and Internet contact information can remain consistent and constant even if the current Internet routing arrangements change or the participant uses a mobile device. Internet domain names are easier to remember than IP addresses such as 208.77.188.166 (IPv4) or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail addresses without having to know how the computer actually locates them. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain.
    [Show full text]
  • DNS Performance – a Study of Free, Public and Popular DNS Servers in 2019
    Linköping University | Department of Computer and Information Science Bachelor’s thesis, 16 ECTS | Informationsteknologi 2019 | LIU-IDA/LITH-EX-G--19/037--SE DNS Performance – A study of free, public and popular DNS servers in 2019 DNS prestanda – En studie av gratis, publika och populära DNS servrar år 2019 Filip Ström Felix Zedén Yverås Supervisor : Niklas Carlsson Examiner : Marcus Bendtsen Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publicer- ingsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka ko- pior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervis- ning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säker- heten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dok- umentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för up- phovsmannens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida http://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances.
    [Show full text]
  • How Linux Containers Have Evolved Daniel Walsh 11 Containers Have Come a Long Way in the Past Few Years
    . ........ .... ... .. .. .. ... .. OPENSOURCE.COM Opensource.com publishes stories about creating, adopting, and sharing open source solutions. Visit Opensource.com to learn more about how the open source way is improving technologies, education, business, government, health, law, entertainment, humanitarian efforts, and more. Submit a story idea: https://opensource.com/story Email us: [email protected] Chat with us in Freenode IRC: #opensource.com . OPEN SOURCE YEARBOOK 2017 . OPENSOURCE.COM 3 ............................. AUTOGRAPHS . .... ... .. .. .. ........ ... .. ............................. AUTOGRAPHS . .... ... .. .. .. ........ ... .. OPENSOURCE.COM............................. ........ WRITE FOR US ................... 7 big reasons to contribute to Opensource.com: Career benefits: “I probably would not have gotten my most recent job if it had not been for my articles on 1 Opensource.com.” Raise awareness: “The platform and publicity that is available through Opensource.com is extremely 2 valuable.” Grow your network: “I met a lot of interesting people after that, boosted my blog stats immediately, and 3 even got some business offers!” Contribute back to open source communities: “Writing for Opensource.com has allowed me to give 4 back to a community of users and developers from whom I have truly benefited for many years.” Receive free, professional editing services: “The team helps me, through feedback, on improving my 5 writing skills.” We’re loveable: “I love the Opensource.com team. I have known some of them for years and they are 6 good people.” 7 Writing for us is easy: “I couldn't have been more pleased with my writing experience.” Email us to learn more or to share your feedback about writing for us: https://opensource.com/story Visit our Participate page to more about joining in the Opensource.com community: https://opensource.com/participate Find our editorial team, moderators, authors, and readers on Freenode IRC at #opensource.com: https://opensource.com/irc .
    [Show full text]
  • CS 43: Computer Networks
    CS 43: Computer Networks 10: Naming and DNS September 24, 2018 Last class • Distributed systems architectures – Client-Server – Peer-to-Peer • Challenges in design – Partial failures – Event ordering Lecture 10 - Slide 2 Today • Identifiers and addressing • Domain Name System – History – Query sequences – Record types – Load balancing Lecture 10 - Slide 3 DNS: domain name system People: many identifiers: – SSN, name, passport # Internet hosts, routers: – IP address (32 bit) - used for addressing datagrams – “name”, e.g., www.google.com - used by humans How do we map between IP address and name, and vice versa ? Lecture 10 - Slide 4 DNS: domain name system • distributed database implemented in hierarchy of many name servers. • application-layer protocol: hosts, name servers communicate to resolve names à addresses – note: core Internet function, implemented as application-layer protocol – complexity at network’s “edge” Lecture 10 - Slide 5 Recall: TCP/IP Protocol Stack host host HTTP Application Layer HTTP TCP Transport Layer TCP router router IP IP Network Layer IP IP Ethernet Ethernet SONET SONET Ethernet Ethernet interface interface interface Link Layerinterface interface interface Lecture 10 - Slide 6 Recall: TCP/IP Protocol Stack host host HTTP Human-readable strings: www.example.com HTTP TCP (Not much addressing here, ports to ID socket) TCP router router IP IP addressesIP (32-bit IPv4, 128-bitIP IPv6) IP Ethernet Ethernet SONET SONET Ethernet Ethernet interface (Networkinterface dependent)interface Ethernet:interface 48-bit MACinterface address interface Lecture 10 - Slide 7 Why do we need to map names to IP addresses? Why not route on names at the network layer? A. Domain names are hierarchical, so we can route on domain names too.
    [Show full text]
  • DNS for Rocket Scientists Section 1 Overview
    DNS for Rocket Scientists This Open Source Guide is about DNS and (mostly) BIND 9.x on Linux (REDHAT Versions 6.x and 7.x) and the BSD's (FreeBSD, OpenBSD and NetBSD). It is meant for newbies, Rocket Scientist wannabees and anyone in between. This Guide was born out of our first attempts a number of years ago at trying to install a much needed DNS service on an early Redhat Linux system. We completed the DNS 'rite of passage' and found it a pretty unedifying and pointless experience. Health Warning: This is still a work-in-progress. If you have expertise in something - contribute some text. If you find errors don't grumble - tell us. Look at our to do list and if you want to contribute something please do so. And for all that hard work we promise only a warm sense of well-being and an acknowledgment of your work in the licence. Section 1 Overview What's new in Guide version 0.1.27 1. Boilerplate and Terminology 1.1 Objectives and Scope 1.2 How to read this Guide 1.3 Terminology and Conventions used 1.4 Acknowledgements 1.5 Copyright and License 2. DNS - Overview 2.1 A brief History of Name Servers 2.2 DNS Concepts & Implementation 2.2.1 DNS Overview 2.2.2 Domains and Delegation 2.2.3 DNS Organization and Structure 2.2.4 DNS System Components 2.2.5 Zones and Zone Files 2.2.6 DNS Queries 2.2.6.1 Recursive Queries 2.2.6.2 Iterative Queries 2.2.6.3 Inverse Queries 2.2.7 Zone Updates 2.2.7.1 Full Zone Transfer (AXFR) 2.2.7.2 Incremental Zone Transfer (IXFR) 2.2.7.3 Notify (NOTIFY) 2.2.7.4 Dynamic Zone Updates 2.2.7.5 Alternative Dynamic DNS Approaches 2.3 DNS Security Overview 2.3.1 Security Threats 2.3.2 Security Types 2.3.3 Local Security 2.3.4 Server-Server (TSIG Transactions) 2.3.5 Server-Client (DNSSEC) 3.
    [Show full text]
  • DNS and BIND
    DNS and BIND David White DNS: Backbone of the Internet • Translates Domains into unique IP Addresses – i.e. “developcents.com” = “66.228.59.103” • Distributed Database of Host Information • Works seamlessly “behind the scenes” So what is a “Domain”? • RFC 920: Domains are Administrative entities • A unique name • Can contain subdomain names Basic Structure • Hierarchical, Tree-like structure • Made up of individual Nodes DNS: Series of Delegated Information A Silly Example… checkers.boardgames.games.fun.com checkers.boardgames.games.fun.com . (root) .games .boardgames .com .fun Domain Namespace: Another Picture This “tree” is also called a “domain namespace.” root (.) com edu google developcents taylor server1 server2 Components of DNS • Domain Name Space • Name Servers (Authoritative Name Servers) • Resolvers (Caching Name Servers) DNS Zones • A portion of a Domain Namespace defined by Zone Files (which contain Zone Records) • Portion of a Domain Namespace that has been administratively delegated • … Therefore, this information comes from an authoritative source (Master Name Server) • Can be loaded by Slave Name Servers (for backup and redundancy purposes) Components of Zone Files • TTL (Time to Live) – Tells caching nameservers how long they should cache information from an authoritative source • The domain administrator’s contact information • DNS Records Common DNS Records (Resource Records) • SOA Record (Start of Authority) – Indicates that the nameserver is the best source of info for data within a domain’s zone • A Record (Address) – Directly maps a name to an IP address • MX Record (Mail Exchanger) – Specifies which servers receive email for a domain (and in what order they should be tried) Common DNS Records (Resource Records) • NS Records (nameserver) – Required – Identify which servers are a particular zone’s nameservers – Does NOT have to be the same as the zone’s domain Glue Records: What and Why? • Solve a circular dependency problem: – The TLD delegates DNS requests for “example.com” to the particular authoritative name servers for example.com.
    [Show full text]
  • Naming and DNS
    CS 43: Computer Networks Naming and DNS Kevin Webb Swarthmore College September 21, 2017 Agenda • Identifiers and addressing • Domain Name System – History – Query sequences – Record types – Load balancing Recall: TCP/IP Protocol Stack host host HTTP Application Layer HTTP TCP Transport Layer TCP router router IP IP Network Layer IP IP Ethernet Ethernet SONET SONET Ethernet Ethernet interface interface interfaceLink Layerinterface interface interface Recall: TCP/IP Protocol Stack host host HTTP Human-readable strings: www.example.com HTTP TCP (Not much addressing here, ports to ID socket) TCP router router IP IP addressesIP (32-bit IPv4, 128-bitIP IPv6) IP Ethernet Ethernet SONET SONET Ethernet Ethernet interface (Networkinterface dependent)interface Ethernet:interface 48-bit MACinterface address interface Identifiers • Host name (e.g., www.swarthmore.edu) – Used by humans to specify host of interest – Unique, selected by host administrator – Hierarchical, variable-length string of alphanumeric characters • IP address (e.g., 130.58.68.164) – Used by routers to forward packets – Unique, topologically meaningful locator – Hierarchical namespace of 32 bits • MAC address (e.g., D8:D3:85:94:5F:1E) – Used by network adaptors to identify interesting frames – Unique, hard-coded identifier burned into network adaptor – Flat name space (of 48 bits in Ethernet) What’s in a name? • Host name: web.cs.swarthmore.edu – Domain: registrar for each top-level domain (e.g., .edu) – Host name: local administrator assigns to each host • IP addresses: 130.58.68.164
    [Show full text]
  • An Introduction to Computer Networks (Week 4) Stanford Univ CS144 Fall 2012
    An Introduction to Computer Networks (week 4) Stanford Univ CS144 Fall 2012 PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Thu, 11 Oct 2012 19:28:39 UTC Contents Articles Names and addresses 1 Address Resolution Protocol 1 Dynamic Host Configuration Protocol 6 Domain Name System 18 IPv4 31 IPv6 41 Network address translation 54 Ebooks Dedicated to Richard Beckett 64 References Article Sources and Contributors 65 Image Sources, Licenses and Contributors 67 Article Licenses License 68 1 Names and addresses Address Resolution Protocol Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982.[1] It is Internet Standard STD 37. It is also the name of the program for manipulating these addresses in most operating systems. ARP has been implemented in many combinations of network and overlaying internetwork technologies, such as IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP) using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM), IPv4 over IEEE 802.3 and IEEE 802.11 being the most common cases. In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP). Operating scope The Address Resolution Protocol is a request and reply protocol that runs encapsulated by the line protocol. It is communicated within the boundaries of a single network, never routed across internetwork nodes. This property places ARP into the Link Layer of the Internet Protocol Suite, while in the Open Systems Interconnection (OSI) model, it is often described as residing between Layers 2 and 3, being encapsulated by Layer 2 protocols.
    [Show full text]
  • Domain Name System - Wikipedia, the Free Encyclopedia
    Domain Name System - Wikipedia, the free encyclopedia Create account Log in Article Talk Read Edit View history Domain Name System From Wikipedia, the free encyclopedia Main page The ( ) is a hierarchical Domain Name System DNS Internet protocol suite Contents distributed naming system for computers, services, or Application layer Featured content any resource connected to the Internet or a private DHCP · DHCPv6 · DNS · FTP · HTTP · Current events network. It associates various information with domain IMAP · IRC · LDAP · MGCP · NNTP · BGP · Random article names assigned to each of the participating entities. NTP · POP · RPC · RTP · RTSP · RIP · SIP · Donate to Wikipedia Most prominently, it translates easily memorised domain SMTP · SNMP · SOCKS · SSH · Telnet · TLS/SSL · XMPP · (more) · Interaction names to the numerical IP addresses needed for the Transport layer Help purpose of locating computer services and devices TCP · UDP · DCCP · SCTP · RSVP · (more) · About Wikipedia worldwide. By providing a worldwide, distributed Internet layer Community portal keyword-based redirection service, the Domain Name IP(IPv4 · IPv6 · ·ICMP · ICMPv6 · ECN · System is an essential component of the functionality of Recent changes IGMP · IPsec · (more) · the Internet. Contact Wikipedia Link layer An often-used analogy to explain the Domain Name ARP/InARP · NDP · OSPF · Toolbox System is that it serves as the phone book for the Tunnels(L2TP · ·PPP · Print/export Internet by translating human-friendly computer Media access control(Ethernet · DSL · ISDN · FDDI · ·(more) · hostnames into IP addresses. For example, the domain Languages V T E name www.example.com translates to the addresses · · · Afrikaans 192.0.43.10 (IPv4) and 2001:500:88:200::10 (IPv6).
    [Show full text]
  • Secureplatform Administration Guide
    SecurePlatform R75 Administration Guide 15 December 2010 © 2010 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=11666 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date Description 15 December 2010 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation.
    [Show full text]
  • Administrowanie Sieciami Lokalnymi I Serwerami • Temd) Jacek Kobus 2
    1 Program wykładu 2 Program 1. Uruchamianie systemu operacyjnego (w tym GNU/Linux) sprawdzanie sprzętu i ładowanie systemu operacyjnego • uruchamianie usług i zarządzanie usługami (poziomy pracy, sys- Administrowanie sieciami lokalnymi i serwerami • temd) Jacek Kobus 2. Metody uruchamiania systemu Linux (dysk, USB, PXE, tryb rescue) konfigurowanie i instalacja GRUB/GRUB2 • protokoły BOOTP (ARP/RARP), DHCP, TFTP, PXE • 3. Wykrywanie i dynamiczna konfiguracja urządzeń (udev) 4. Konfiguracja interfejsów sieciowych i mostu (przełącznika etherne- Wydział Fizyki, Astronomii i Informatyki Stosowanej UMK towego) http://jkob.fizyka.umk.pl/_downloads/ssk-admin[4].pdf 5. Usługa nazw domenowych (DNS) 6. Bezpieczne rejestrowanie się i budowa tuneli (SSH) ostatnia aktualizacja: 23-04-2020 7. Sieciowy system plików (NFS) Program wykładu 3 Rozruch systemu 4 Literatura Uruchamiania systemu operacyjnego1 [1] D. J. Barrett, R. E. Silverman, and R. G. Byrnes. SSH, the Secure W jaki sposób ładowane jest jądro systemu operacyjnego do pamięci kom- Shell: The Definitive Guide. O’Reilly, Sebastopol, 2005. putera? [2] Free OnLine Books. http://www.linux.org/docs/online books.html/. Proces uruchamiania/ładowania systemu operacyjnego określa się (żargonowo) terminem bootowanie: [3] R. Love. Linux kernel. Przewodnik programisty. Wydawnictwo Helion, Gliwice, 2004. boot bootstrap bootstrap load • ← ← [4] M. Mitchell, J. Oldham, and A. Samuel. Advanced Linux Programming. to bootstrap – to pull oneself up by one’s bootstraps, i.e improve one’s http://www.advancedlinuxprogramming.com/. • situation by one’s own efforts [5] D. Mosberger i S. Eranian. IA-64 Linux Kernel. Design and Implemen- bootstrap – ucho z tyłu cholewki buta tation. Prentice-Hall PTR, Upper Saddle River, 2002. • [6] A. Silberschatz i P.
    [Show full text]
  • How to Deploy a Secure DNS Server
    How to Deploy a Secure DNS Server Motivation My primary motivation with this paper is to share how to configure a secure DNS server for an enterprise environment. Below, in the examples you will find the domain name is “fortress.lan” and all of the workstation names are star wars character names. The original setup of this was deployed on a firewall that had several subnets routing and performing DNS queries, e.g. 192.168.139.0/24, 172.31.253.0/24, 10.101.101.0/24 and 10.99.99.0/24. DNS will continue to be attacked by various sources, continue to follow best practices. This is a solid baseline, but should not be considered fool proof; meaning don’t just set it up, but continue to follow security best practices on DNS to ensure you continue to have the right configuration deployed. History ‘Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of computer services and devices worldwide. The Domain Name System is an essential component of the functionality of most Internet services. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their supported domains, and may delegate authority over subdomains to other name servers.
    [Show full text]