Name resolution, service discovery: Difference between revisions

Name resolution

hosts file

DNS

Authoritative and non-authoritative; iteration and recursion

Duplication and minimizing load

Resource record; zones

A

NS, SOA, and delegation

CNAME

TXT

MX

AAAA

HINFO

PTR

DNSSEC records

Zone transfers

NXDOMAIN records

Domain name transfers

Public DNS

The first few also known as

'simple-to-remember things to ping to test connectivity without name resolution'

'easy for helpdesk to speak out over the phone if they suspect DNS issues'

4.2.2.2  Level 3, also 4.2.2.1, 4.2.2.3
8.8.8.8  Google, also 8.8.4.4
1.1.1.1  cloudflare DNS, also 1.0.0.1

UltraDNS

OpenDNS

Unsorted

Internet TLDs

infrastructure top-level domain

.arpa

Mainly meant as a transition from ARPANET to DNS naming.

Has stuck around because it was used to implement reverse DNS lookup, and has found some similar uses since.

testing top-level domains (tTLD)

.test

.example

.invalid

.localhost

...some of those to say to should never become part of the DNS root zone.

country code top-level domains (ccTLD)

Strongly correlated to ISO 3166-1 alpha-2 codes; see also Language codes, country codes

...though there are a few unused

...and a few that are not in that list, e.g. uk, eu, ac (arguably GeoTLDs instead)

There were quickly between 200 and 300 of these in use.

generic top-level domains (gTLD)

The original set of top level domains (1984(verify)) was roughly

.com - intended for commercial things, but not effectively restricted

.net - originally for network infrastructure, since unrestrcted

.edu - US education (mostly)

.gov - US government (mostly)

.mil - US military (mostly)

.int -

.org - was meant as a 'doesn't fit into the above' organisations, now unrestricted and has some correlation to less-commerical organisations

and later the ccTLDs (1985(verify))

Those became managed by ICANN once it existed(verify)

ICANN (founded 1997) has introduced

2000 .aero, .biz, .coop, .info, .museum, .name, .pro

2004 .asia, .cat, .jobs, .mobi, .tel, .travel

...so up to then there were about two gTLD (alongside the ccTLDs, infrastructure and testing(verify))

around 2009 ICANN introduced the New gTLD Program which is basically the start of hundreds of extra TLDs, some of which can be categorized into the below

Geographic gTLD (GeoTLD)

"....invoking an association with a geographical, geopolitical, ethnic, linguistic or cultural community"

Initially (2007?(verify)) only

.cat (Catelan language)

.asia

.eu (European Union)

There have since been thousands of proposals (2000+ in 2012), things like:

.london

.paris

.berlin

.nyc

.amsterdam

.wien (Vienna)

.toronto (Toronto)

.αθήνα (Athens)

.bcn (Barcelona)

.lat (Latin America)

.saarland

.kiwi (New Zealand)

.quebec

.corsica

.africa

.scot

.cym (Wales, Cymru)

.cymru (Wales, Cymru))

.wales (Wales)

.vlaanderen (Flanders)

.bzh (Breton community)

.scot (Scots community)

.eus (Basque language)

.gal (Galician language)

.上海 (Shanghai)

...which seem to be examined and approved on an ongoing basis(verify).

Apparently 50 of them are current?(verify)

https://en.wikipedia.org/wiki/GeoTLD

https://geotld.group/geotlds/

restricted generic top-level domains (grTLD)

Domains you can only get after you prove eligibility.

This includes

.name - personal name

.pro - certified professionals

sponsored top-level domains (sTLD)

Sponsored by specific organizations, restricted by said agencies.

Older ones considered sponsored:

.edu - US education (mostly)

.gov - US government (mostly)

.mil - US military (mostly)

.int -

Newer ones include:

.aero

.asia

.cat

.coop

.jobs

.museum

.post

.tel

.travel

.xxx

https://en.wikipedia.org/wiki/Sponsored_top-level_domain

Internationalized country code top-level domains (IDN ccTLD)

Internationalized domain name (IDN) allows non-ASCII coding in DNS, using IDNA encoding (see also punycode).

This is mostly used for ccTLDs in the relevant language's own alphabet,

There are currently around 50 in use.

https://en.wikipedia.org/wiki/Internationalized_country_code_top-level_domain

See also

• http://en.wikipedia.org/wiki/Dns

• http://www.dns.net/dnsrd/rfc/ ("DNS related RFCs")

NSS

Originally, account and host information came from /etc/{passwd, group, shadow, hosts}, which you could sort of do yourself though usually had a library or other interface for.

(note that hosts.allow and hosts.deny is not part of NSS, but of tcpwrappers and applies only to it(verify))

Then NIS and DNS and such came about, and it became a more pressingly good idea to have a single interface unify lookup of accounts, passwords, and hostnames.

This is basically what the Name Service Switch (NSS) subsystem is. It's part of glibc and used to backs calls like getaddrinfo() and gethostbyname().

NSS allows dynamically hooking things into hostname resolution, user/group, password. Since you can have multiple sources, it also lets you configure when and how each is used and in what order.

A sensible question is "So what about PAM? it deals with similar stuff."

PAM is primarily the logic of how to apply such sources of information (when and how to authenticate, what to allow, etc.), but not itself the thing that accesses them.

So in most ways, it's a generalizing layer on top of NSS, and other things.

So yes, there are a subset of things you can get done in either NSS and PAM. (which you'd choose depends a bit on what your program is. If you're part of the OS you would probably use PAM because it ends up being more flexible, if you're just a random application that wants to look up a username or such you would probably use NSS because it's easier to hook into than PAM.

There's some funny specific cases, particularly hostname lookup.

Some command line tools (e.g. dig, host, nslookup) only query the nameserver, and bypass your local system (so great for people debugging DNS)

"I want hostname lookup the same way the OS does" basically means using gethostbyname() (or getent), which is actually backed by NSS, so whatever /etc/nsswitch.conf configures

That NSS configuration is at /etc/nsswitch.conf and the relevant line is usually at least (the order can vary):

hosts:  	 files dns myhostname 

On workstations it may be something like:

hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname

Where

order is fallback style

files refers to files like /etc/hosts,

dns is basically whatever's configured in /etc/resolv.conf

some form of mDNS

(mdns4_minimal: 4 to avoid timeout-based delays when you don't use IPv6, and _minimal to avoid attempts to resolve things that don't end in .local (which is why the "if tried but not found, then give up resolving it completely" makes sense))

myhostname is /etc/hostname and /etc/hosts (mainly to ensure your own hostname always resolves).

may be added last in a "well in case everything fails at least we have a name"

there are a few more, like nis, nisplus, hesiod, windbind, wins, systemd

local DNS (mDNS, LLMNR)

Multicast DNS is the concept of having a functional subset of DNS communicating on your LAN via local multicast.

Basically exists in two forms:

• Apple's mDNS (moderately common)
• Microsoft's LLMNR [1] (less common)

The two are similar, and apparently the only reason they aren't the same thing is some popcorn-worthy drama - mDNS is essentially the standard, and MS continues to do their own thing.

mDNS notes

So how do you resolve .local?

OSX does this pretty natively

Linux does lookups typically through avahi, so requires that to be installed, and hooked into nss.

Windows by default chooses not to support mDNS (or, since ~Win10, only some of it), because of LLMNR related grump.

There's Bonjour for windows, though a newer version of it is only available packaged with iTunes and a few other things[2].

Also note

some apps have their own mDNS built in

devices (like printers) may have it to ease finding them for initial setup

https://serverfault.com/questions/118237/how-to-use-zeroconf

https://en.wikipedia.org/wiki/.local

http://archive.is/mkDws

https://serverfault.com/questions/118652/how-to-use-bonjour

https://www.ibm.com/support/knowledgecenter/en/SSB2MG_4.6.0/com.ibm.ips.doc/concepts/gx_gv_using_avahi.htm

-->

On zeroconf and service discovery

Zeroconf refers broadly to whatever allows automated network configuration, and also to discovery of services available on the (sub)net.

A little more precisely:

assignment of addresses for devices,

resolution of hostnames,

location of network services.

The first wasn't really necessary due to the already-existing DHCP, so zeroconf may largely refer to the latter two, often:

• Multicast DNS for name resolution, often either
  • mDNS (all platforms)
  • LLMNR (mostly for windows)

• plus some means of service discovery, for example
  • Apple's DNS-SD (DNS based Service Discovery)
  • Microsoft's SSDP (Simple Service Discovery Protocol), part of UPnP [3]

Implementations:

• Bonjour (probably the most common Zeroconf setup) (previously 'Rendezvous')
  • from Apple
  • is mDNS and DNS-SD
  • available for Mac, Linux, other POSIX, and Windows

• Avahi [4] [5]
  • is mDNS and DNS-SD
  • available for Linux, BSD

• XLLMNRD
  • is LLMNR on linux

• systemd-resolved
  • mDNS and LLMNR? (verify)

seems to mostly be a local cache(verify)

• Howl (old, not developed anymore [6])

• UPnP allows network device setup [7]

(though its lack of authentication makes it a security problem in a few cases)

• Windows CE 5.0 has an LLMNR-based implementation

• Windows 10 seems to have an mDNS for printers

apparently for proper mDNS, you should disable that and install Bonjour(verify)

Related:

• SLP (Service Location Protocol) [8]

seemlingly aimed at printers, also used for some other shared services(verify)

systems that already use LDAP will probably use that instead of SLP

• WS-Discovery [9]

multicast

• Jini [10]

Device/service coordination

• Salutation [11]

Device/service coordination

• Other device configurers:
  • Bluetooth's [12]

• a comparison of some of the above

• https://www.eiman.tv/blog/posts/lannames/

• https://en.wikipedia.org/wiki/Zero-configuration_networking