The Domain Name System (DNS) Jason Hermance Nerces Kazandjian Long-Quan Nguyen
Introduction Machines find 32-bit IP addresses just peachy. • Some Computer Science majors don’t seem to mind either… Normal people prefer names in general. • easier to remember • possibly more coherent So we need some sort of name-assigning scheme… • IP name • geographical considerations
Names For Machines Early naming conventions • assigned based on machines’ purpose • accounting , talent , shipping , sales Low-level (IP) to High-level (name) • A common concern in computer science. By 1986, 3100 officially registered, 6500 official aliases By today, hundreds of millions (of hundreds?)
Flat Namespace Just a sequence of characters Network Information Center (NIC) • determined appropriate-ness of names (conflict, obscenity) Pros of a flat namespace • names are short and convenient Cons of a flat namespace • a single, predetermined (and thus finite) set of names • a single site to handle all work and all traffic
Hierarchical Names & Delegation Of Authority What exactly are we aiming for? • efficient name mapping • autonomous name assignment Current system functions similar to a large corporation. • split the responsibility • autonomous operation Possible namespace partition pattern: local.site • site- authorized by central authority • local- authorized by the site • ex. msn.com , laccd.edu
Subset Authority Keep subdividing to become manageable Let’s try something like group.local.site • site- authorized by central authority • local- authorized by the site • group- subdivision of local • eg. moneycentral.msn.com , research.laccd.edu Not necessarily based on a physical mapping
Internet Domain Names The Domain Name System (DNS)… we meet at last! • Job 1: rules for syntax and authority • Job 2: rules for implementing name-to-address mapping Syntax rules • local label first, top domain last • scope goes from small to big Let’s take research.laccd.edu for example. • research.laccd.edu is the lowest-level domain • laccd.edu is the second-level domain • edu is the top-level domain
Some common top-level domain names .com Commercial Organizations .edu Educational Institutions .gov US Government .net Major Network Support Centers .org Organizations Not Classified .us, .uk, .fr, .kz Country codes (geographic scheme) Have you been paying attention so far? • If .us belongs to the USA, then it can delegate ca.us to California.
Top-Level Domains Two hierarchies: geographical and organizational • countries are assigned a two-letter top-level domain • organizations submit requests for registration So what went into getting python.ecs.csun.edu ? • CSUN: “Hey, Internet. I want csun.edu .” • Internet: “Okay, you got it.” • ECS@CSUN: “Hey CSUN, I want ecs.csun.edu .” • CSUN: “Okay, you got it.” • Unnamed Python Admin: “Hey, ECS@CSUN. I want…” • ECS@CSUN: “Yeah, yeah. You got it. Now go away.”
Name Syntax And Type Houston, we have a problem. • Multiple naming hierarchies leads to confusion. Confusion leads to anger. Anger leads to hate. Hate leads to suffering. • mail.yahoo.com or nercesk.yahoo.com Let’s introduce the idea of address type. • The client specifies type in addition to the name to resolve. • eg. machine, mailbox, user Can’t determine type by syntax or number of labels alone. • Hey, nercesk.yahoo.com could be a domain… maybe.
Mapping Domain Names To Addresses Name server(s) • program for name-to-address translation • typically on a dedicated processor • Name resolver: Client-side software for submitting requests Back to the corporation model and python.ecs.csun.edu • “root” server sends request to top-level server ( edu) • top-level server sends request to level 2 ( csun.edu ) • level 2 server sends request to level 3 ( ecs.csun.edu ) • level 3 server sends request to level 4 ( python.ecs.csun.edu ) • level 4 sends a response back up
Mapping Domain Names To Addresses Think of it as a tree structure. • First level: root • Second level: top-level domain • Third level: local domain But this does not imply a direct physical connection. In actuality, not quite this involved • “root” server knows enough to contact csun.edu directly
Domain Name Resolution Resolution query • name to be resolved, class of the name, type of answer • code for partial or complete translations Partial translation • contact name servers one at a time Complete translation • have name server system do the whole thing You gotta have at least one connection, pal.
Efficient Translation Do we have to go to “root” every single time? • Think about dialing the area code each time, even for local calls. Going through the whole process is inefficient. • Most name resolution is local. • “Root” level would be overloaded. • Higher-level failure need not be fatal. We can send the query locally first. • If the current level can’t resolve it, move to the parent.
Caching: The Key To Efficiency Why look the same thing up 100 times? Router : ARP Cache :: name server : DNS Cache DNS Cache entry • domain name of server • IP binding to that name But can’t the IP binding change, you ask? • Time To Live value given by authority • depends on likelihood of change
Domain Name System Message Format More message format diagrams! 3-for-1 deal!
Compressed Name Format Domain names are stored as sequence of labels. • Can be literal string or a pointer to a literal string. Literal string • 1 st octet first 2 bits = 00, last 6 bits = length n • next n octets label • Rinse. Repeat. End with n = 0. Pointer to a literal string • 1 st octet first 2 bits = 11, next 14 bits = integer pointer
Abbreviation Of Domain Names Outside domain name system • introduced by client software List of possible suffixes to append to Possible uses include: • convenient lookups • restricted access
Inverse Mappings Working backwards… like Jeopardy! Some problems with this • Not every answer has a unique question. • Even then, the server might not be able to provide one. • We might have to search all the servers…yuck. Implemented, but not really used
Pointer Queries One form of inverse mapping that’s actually useful! • Checks that the query is generated from an authorized domain. Mapping a client’s IP to a domain name • IP address aaa.bbb.ccc.ddd • Pointer query ddd.ccc.bbb.aaa.in-addr.arpa But what if the local server is not in-addr.arpa or .arpa? • Internet root domain servers are left in charge to make things efficient.
Some common object types A 32-bit IP address HINFO CPU & OS information MINFO Mailbox/Mail List information MX Mail exchanger information NS Name of authoritative server for domain TXT Uninterpreted string of ASCII text Let’s try to be a little efficient for a moment. • Servers will return any additionally known bindings in responses. • Additional Information Section of responses
Obtaining Authority For A Subdomain In order to be granted authority for a second-level domain: • agree to operate a domain name server that meets Internet standards • know the addresses of subdomain servers and at least one root Servers can typically handle concurrent requests • Processing older requests while accepting new ones • Recursive requests, remember? There are more rules? Sheesh! • All information must appear in at least two separate machines. • Technically, the servers cannot have a single common point of failure.
Dynamic DNS Update And Notification Dynamic DNS update • DHCP (Dynamic Host Configuration Protocol) assigns host obtains IP • Sends update notice to DNS server • NAT (Network Address Translation) sits “before” name server • Coordinates translation with DNS server • Multiple parties share administration Dynamic DNS notification • DNS server propagates the update • Sends notification to backup servers • Backup servers request actual update
DNS Security Extensions (DNSSEC) Digital signature mechanism to protect DNS • Check message authenticity • Check data integrity Possible side effects include: • No confidentiality from snooping • (Deliberate-)Denial-Of-Service Public key encryption • Server contains keys for authority zones further down • Must manually configure keys for root servers.
Recommend
More recommend