DNS and CDNs 14-740: Fundamentals of Computer Networks Bill Nace - - PowerPoint PPT Presentation

Material from Computer Networking: A Top Down Approach, 6th edition. J.F. Kurose and K.W. Ross

DNS and CDNs

14-740: Fundamentals of Computer Networks Bill Nace

Administrivia

• HW #1 is posted
• Mission: Learn to use network tools to

gather information and for debugging

• Due in 2 weeks (30 Sep)
• Close to Quiz and Lab #1, so don’t

procrastinate

• Report due to Canvas

2

Last lecture

• Application level protocols
• Ignore details of transport and below
• Included example of how abstraction

sometimes is incomplete

• HTTP
• Request / Response messages
• Parallel, Persistent, Pipelining
• Caching

3

traceroute

• Overview
• DNS: Domain Name System
• The Protocol
• Organization of domains, zones,

nameservers

• Content Distribution Networks

4

Address Conversion

• Protocols often have their own address

mechanism

• URL, Domain Names, Ports, IP

, MAC, ...

• Designed w/requirements of that protocol
• Conversion needed when communication

traverses protocols (layer boundaries)

5

A Need for Domain Names?

• The venerable Dr Amend (Foxtrot) saith...

6

Characteristics of a Name

• Human readable
• String, often variable length
• Format is important: [Title][f_initial][l_name]
• Generally not unique
• Perhaps unique in a particular area
• Siblings don’t have same first name
• Computers have trouble with names
• Hard to process and store

7

Translating a Domain Name

• Application sends a request to a DNS

server

• Who answers with an IP address
• Complications:
• Navigation
• Caching

8

Where is www.cmuj.jp? 60.43.157.130

traceroute

• Overview
• DNS: Domain Name System
• The Protocol
• Organization of domains, zones,

nameservers

• Content Distribution Networks

10

What is DNS?

• A directory1 service for the Internet
• Translates (“maps”) names to IP addresses
• plus some other services
• A distributed database
• Implemented in a hierarchy of name servers
• Name servers are distributed globally
• Maintained / administered by different organizations
• An application-layer protocol
• Allows host to query the database and handle replies

11

1 Pedantic Warning: I use the term “directory” very loosely in this

• context. True directory services are related, but different.

DNS History

• DNS created in early 1980s
• IETF process ➙ RFC 1034, 1035
• Documented in Mockapetris88
• DNS has grown since then
• How many pages is original RFC?
• How many subsequent RFCs are there?
• 12

DNS Services

• Host name to IP address translation
• Mapping www.ini.cmu.edu ➙ 128.2.42.69
• Host aliasing
• Mapping between alias and canonical hostnames
• Canonical: “real,” difficult to remember
• www-cmu-prod-vip.andrew.cmu.edu (try it!)
• Alias: shorter, easier to remember
• www.cmu.edu

13

DNS Services (2)

• Mail server aliasing
• Similar to host aliasing, but for mail servers
• you@andrew.cmu.edu
• alias of andrew-mx-0[1-6].andrew.cmu.edu
• you@cmu.edu
• alias of cmu-mx-0[1-4].andrew.cmu.edu
• Try it!

14

DNS Services (3)

• Load distribution across replicated servers
• A name can map to multiple hosts
• thus multiple addresses
• DNS server returns all addresses
• but rotates ordering
• ex: for joe@aplace.edu, one of a group of 4 mail servers
• 1st request returns address for: mx3, mx4, mx1, mx2
• 2nd request returns: mx4, mx1, mx2, mx3
• Why a list? Why not just return first address?

15

traceroute

• Overview
• DNS: Domain Name System
• The Protocol
• Organization of domains, zones,

nameservers

• Content Distribution Networks

16

DNS Protocol

• Simple query and reply mechanism
• Runs over UDP on port 53
• as recommended by RFC 1035
• Exception: zone transfer (records of entire

zone)

• TCP for reliable delivery
• Exception: Answers longer than 512 bytes
• TCP for bulk data transfer

17

UDP?

• Why UDP?
• Shouldn’t this be a reliable protocol?
• DNS is not real-time audio or video!

18

Protocol

• Query and reply messages
• Both use the same message format
• Data being queried is in a form known as

Resource Record (RR)

19

Resource Records

• Each server stores some resource records (RRs)
• Each RR is a 5-tuple: (Name, Value, Type, Class, TTL)
• Name: Owner name, depends on type
• Value: Value associated with name
• Type: Denotes type of RR
• Class: Almost always IN (Internet)
• TTL: Cache timeout value, 32-bits, in seconds
• a zero value means do not cache
• Size limits
• 63 bytes for labels (parts of domain name separated by dots)
• 255 bytes for names

20

Types

• A = Address (AAAA for IPv6 address)
• Name = hostname, e.g. pi.ece.cmu.edu
• Value = IP address, e.g. 31.41.59.26
• NS = Nameserver
• Name = domain, e.g. cmu.edu
• Value = hostname of an authoritative

name server, e.g. dns.cmu.edu

21

Types (2)

• CNAME = Canonical Name
• Name = alias hostname, e.g. www.cmu.edu
• Value = canonical (real) hostname, e.g.

www-cmu-prod-vip.andrew.cmu.edu

• MX = Mail Exchange
• Name = alias hostname, e.g. cmu.edu
• Value = hostname of a mail server, e.g.

cmu-mx-03.andrew.cmu.edu

22

Types (3)

• There are 32 other types defined for a

variety of uses

• Research project: Look up the SINK type

23

Message Format

• Message Header (12 bytes)
• Identification: 16 bit number
• Reply uses same id as query
• Flags (1 bit each)
• query or reply
• recursion desired
• recursion available
• reply is authoritative
• ... and others

identification flags number of questions number of answer RRs number of authority RRs number of additional RRs questions (variable number of questions) answers (variable number of RRs) authority (variable number of RRs) additional information (variable number of RRs)

⇤ 4 Bytes ⇥

Message Format

• Message Payload (no more than

500 bytes)

• Sequence of name, type fields for

a query

• RRs in response to a query
• RRs for authoritative servers
• Additional “helpful” information

identification flags number of questions number of answer RRs number of authority RRs number of additional RRs questions (variable number of questions) answers (variable number of RRs) authority (variable number of RRs) additional information (variable number of RRs)

⇤ 4 Bytes ⇥

What if your DNS server doesn’t know the answer?

Where is www.cmuj.jp?

I don’t know. Ask .jp nameserver

Navigation

• How a client traverses

nameservers in search of an answer is called navigation

• Iterative Navigation
• Client asks a series of NS
• Each NS responds with a

pointer to another NS with more info

• Client eventually asks the

authoritative server

Client Local NS NS0 NS1 NS2 ? NS0 NS1 NS2 Answer ? ? ?

Server controlled navigation

• Server may take over navigation

job from client

• Reduces response bandwidth
• Results can be cached in a

manner useful to other clients

• Some domains limit access to

DNS for security reasons

• Two forms
• Non-recursive: server iterates
• Recursive: Each NS takes over

the job, sends results

Client Local NS NS0 NS1 NS2 ? ? NS1 NS2 Answer ? ? Answer Client Local NS NS0 NS1 NS2 ? ? Answer ? Answer ? Answer Answer

Caching

• Once (any) name server learns mapping, it

caches mapping

• Cache entries timeout (disappear) after

some time

• Controlled by the TTL of that RR
• Default TTL is 2 days
• TLD servers typically cached in local name

servers

• Thus root name servers not often visited

29

traceroute

• Overview
• DNS: Domain Name System
• The Protocol
• Organization of domains, zones,

nameservers

• Content Distribution Networks

30

Distributed, Hierarchical Design

• Why not a central server? (RFC-811)
• Single point of failure
• If the only DNS server crashes, the entire Internet dies
• Immense traffic volume
• Needs to handle all query requests for entire world
• Location?
• Close to some, far from others
• Maintenance
• Nightmare to get records updated
• Doesn’t scale!

31

Domain Namespace

• Hierarchical structure
• Written in a dot-separated

form, from specific to general

• ignoring the root

Root (/) com

• rg

edu jp cmu cmuj ne biglobe msi cs ece drama

Domain Name Types

ICANN registers TLDs, manages IANA

generic TLD (gTLD) country code TLD (ccTLD) sponsored TLD (sTLD) .com .org .edu cmu.edu .ca .fr .jp cmuj.jp .gov .aero .au Top-Level Domain (TLD) infrastructure TLD .arpa .cat

ISO 3166-1 lists country codes

Registrars assign within TLD

Verisign: .com Educause: .edu Japan Registry Services: .jp

Not the same as name server hierarchy!

Name Server Hierarchy

• Types of DNS name servers
• Root
• Top-level domain (TLD)
• Authoritative
• Local

Root Name Servers (A-M) com name servers

• rg

name servers edu name servers jp name servers CMU name servers

Mapping name to server

• Administrative authority doesn’t always

match namespace hierarchy

• Some organizations want to maintain

their own name server

• Others don’t
• ex: CMU’s CS dept wants to run their
• wn name server. Drama doesn’t, but

still wants drama.cmu.edu name

35

Zones

• Namespace hierarchy is partitioned into

subtrees called zones

• Each zone corresponds to authority over

that portion of the namespace

• Also represents the unit of

implementation -- the nameserver

• Authority is delegated from parent to child
• Parent: CMU ➙ child: CS

36

Root (/) com

• rg

edu jp cmu cmuj ne biglobe msi cs ece drama

Zones

Zones

• An organization should be able to have

its own domain, even though it lacks resources to support DNS

• One nameserver can also support many

zones (think hosting company)

• Zone owner must:
• Maintain zone data
• Run redundant nameservers

38

Root (/) com

• rg

edu jp cmu cmuj ne biglobe msi cs ece drama Root nameservers (A-M) .com nameserver .org nameserver .edu nameserver .jp nameserver cmu NS cmuj NS ne NS biglobe NS msi NS cs NS ece NS

Zones ➙ Nameservers

Root Nameservers

• 13 root servers (labeled A through M)
• Each server is actually a cluster of replicated

servers (i.e. C server has 8 sites)

b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 17 other

locations)

i Autonomica, Stockholm (plus 3 other locations) k RIPE London (also Amsterdam, Frankfurt) m WIDE Tokyo a Verisign, Dulles, VA c Cogent, Herndon, VA (also Los Angeles) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD

j Verisign, ( 11 locations)

Globally Distributed

Map courtesy of www.root-servers.org. Data as of 7 Sep 13

Root Server’s Job

• Root nameserver knows TLD nameservers

and their IP addresses

• Q: How do I get to www.library.cmu.edu?
• A: I don’t exactly know, but you should ask

the .edu TLD server at:

• l3.nstld.com, 192.41.162.32
• d2.nstld.com, 192.31.80.32
• and others

42

Root servers don’t know much

• One small zonefile
• Contains names and IP addresses of

authoritative DNS servers for each TLD

• Small (2.3MB as of 6 Sep 2018)
• Changes infrequently (every couple of

days)

43

K Root Name Server

• Operated by RIPE NW Coordination

Center

• k.root-servers.org
• London, Amsterdam, Athens, Brisbane,

Tokyo, Delhi etc

• How many queries per second do you

think a root server receives?

44

TLD Name Servers

• Top-level domain (TLD) servers
• Responsible for gTLDs
• com, org, net, edu, ...
• and ccTLDs
• uk, fr, ca, jp ...
• Versign maintains servers for com TLD
• EDUCAUSE for edu TLD
• …

45

TLD NS’s Job

• Knows the authoritative (or intermediate) name

servers of its domain and their IP addresses

• Q: How do I get to www.library.cmu.edu?
• A: I don’t exactly know, but you can ask the name

server for cmu.edu, at one of these places:

• t-ns1.net.cmu.edu, 128.2.4.14
• cabbage.srv.cs.cmu.edu, 128.2.194.121
• And others
• Note this is not the authoritative NS for the library

46

Authoritative NS

• Organization’s DNS servers
• Provides authoritative hostname to IP

mappings for organization’s servers (e.g., Web and mail)

• Authoritative: Actually knows the answer
• Can be maintained by organization or

service provider

47

Authoritative NS’s Job

• Q: How do I get to www.library.cmu.edu?
• A: I know! 


libsearch-vip.andrew.cmu.edu 128.2.42.76 Authoritative!

Local Name Server

• Does not strictly belong to hierarchy
• Each ISP (residential ISP

, company, university, etc) has one

• Also called default name server or resolver
• When a host makes a DNS query, query is

sent to its local DNS server

• Acts as a proxy, forwards query into

hierarchy

49

traceroute

• Overview
• DNS: Domain Name System
• The Protocol
• Organization of domains, zones,

nameservers

• Content Distribution Networks

50

Content Distribution Network

• Goal: Offload some of the work done by

an origin server to geographically distributed edge caches

• Edge caches
• Closer to end-hosts than origin server
• Work with ISPs over the world to be co-

located

• Examples: Akamai, Limelight, CDNetworks

51

Content Distribution Network

• Selective mirroring
• A subset of content, e.g. multimedia files, is

mirrored at the edge caches

• Website owner (www.cnn.com) works with CDN to

replicate its content

• Redirection (Secret Sauce)
• Client requests are forwarded to the most

appropriate edge cache

• Improves response time, system throughput
• Done with DNS redirection plus URL rewriting

52

How does it work?

Origin Server (Customer of CDN Co.)

• 1. Web user wants to see content.

Requests standard URL.

• 2. HTTP request with

standard URL

• 3. HTML page

contains CDN Co's URLs

• 4. CDN URLs directed

to local CDN servers

• 5. Content

served locally Edge Cache

Image from: http://www.flickr.com/photos/ntr23/

CDN Technologies

• URL Rewriting
• HTML code on Content Server must

have URLs changed to CDN URLs

• Prepend a specific prefix
• www.cnn.com/logo.gif ➙

a13g.akamai.net/cnn.com/logo.gif

54

CDN Technologies (2)

• DNS Redirection
• CDN URLs must be resolved to find

local edge-cache

• Where is a13g.akamai.net?
• CDN’s DNS name server looks at

network address of requestor

• Answers with edge cache nearby

55

Thinking Time

• What is the difference between a CDN

and a web proxy?

56

• Proxy Caching
• Content Distribution Network

CDN Secret Sauce

• Remarkably, CDNs use non-proprietary,

standard mechanisms

• DNS to direct user to closest edge

cache

• DNS TTL to time-out resource records
• Only the algorithms to pick the “best”

edge cache is secret

• Purists hate this: See Vixie2009

57

Lesson Objectives

• Now, you should be able to:
• describe the DNS service, including mission,

interaction model, nameservers, domains, zones, load distribution, and domain name types

• explain the DNS protocol, including message

format, reliability, resource records, types, and caching mechanisms

• describe the navigation mechanisms of DNS

nameservers

58

Now, you should be able to:

• describe the roles of the different

nameservers in the DNS

• describe how a CDN operates,

including goals, host-roles, URL rewriting and DNS redirection

• contrast the advantages of CDNs and

web proxies

59