Domain Name System (DNS) Omer F. Rana. Networks and Data Communications 1

Transcription

1 Domain Name System (DNS) Omer F. Rana Networks and Data Communications 1

2 What is a DNS Each institution on the internet has a host that runs a process called a Domain Name Server (also DNS!) It is not enough for us to be able to communicate with IP address only although this is possible this is hard when we deal with services such as the Web IP address are generally: Hard for people to remember Can change, if a machine is moved to a different network, for instance Are dependent on using the Internet Protocol (hence the IP in IP address ) and this will change in the future Hence, need to free the name of a machine from the underlying protocol that is being used to communicate with other machines hence the use of names which are not tied to a particular protocol Networks and Data Communications 2

3 On the other hand, host names such as cnn.com, cs.cf.ac.uk and are mnemonic and are therefore appreciated by humans. However, host names provide little, if any, information about the location within the Internet of the host A host name such as surf.eurecom.fr, which ends with the country code.fr, tells us that the host is in France, but doesn t say much more. Furthermore, because host names can consist of variable-length alpha-numeric characters, they would be difficult to process by routers

4 What is a DNS... 2 A Name Service is a network information service (run on a server) that maps machine names to their addresses. The service is accessed transparently i.e. the machine that uses it does not really know that it uses it! A Domain Name Server maintains a database called the Directory Information Base (DIB) which contains domains present within each institution hence, when a new host is added (say in engineering), then the part of the database that corresponds to the location of that host (the engineering network) can be updated Question: How do we structure the name space to prevent naming conflicts and provide an efficient means to translate machine names to addresses? Networks and Data Communications 3

5 Flat Name Space For a small number of hosts (early days of the Internet) host names administered by a central authority all host names maintained in a single file hosts.txt However, problems with this: High Probability of Naming Conflict: Choosing a unique name is difficult only so many football teams, players, planets, spices, musicians etc Central name administration is a problem: Long waits for the file to be updated single point of failure. As a consequence of a single administration, the load on the machine hosting the translation service increases rapidly. Consistency: Many hosts tried to copy hosts.txt locally however, these had to be maintained consistent with the central site and this resulted in many versions of the hosts.txt file existing at different sites Networks and Data Communications 4

6 DNS as a Distributed Database The DNS is: A distributed database implemented in a hierarchy of name servers. The database is distributed across the Internet and is independent of the topology of the underlying network. An application-layer protocol that allows hosts and name servers to communicate in order to provide the translation service. Name servers are usually Unix machines running the Berkeley Internet Name Domain (BIND) software. The DNS protocol runs over UDP and uses port 53 Networks and Data Communications 5

7 The Domain Name System... 2 The main goals of DNS are the distribution of data, to support: Hosts that no longer need to download the address corresponding to every machine on the Internet (as with the hosts.txt file before). They simply look up the address of the machine they need to talk to, at the time they need to talk to it Distributed Administration of the name space. Hence, if a new machine is added to your local network, or you change it name, you do not need to inform a central agency. You simply alter your portion of the DNS database In this context the term Name Space (or namespace) refers to the set of all possible (permissible) names hence, whereas a flat namespace limits this set, a hierarchical one allows an almost unlimited choice of names Networks and Data Communications 6

8 Important to note that the DNS is independent of the physical network topology and is not made dependent on the stage and form of physical networks

9 Who uses a DNS? DNS is commonly employed by other application-layer protocols including HTTP, SMTP and FTP - to translate user-supplied host names to IP addresses Consider what happens when a browser (i.e., an HTTP client), running on some user s machine, requests the URL In order for the user s machine to be able to send an HTTP request message to the Web server the user s machine must obtain the IP address of The following sequence of steps take place to answer this query: The user s machine also runs the client-side of the DNS application. The browser extracts the host name, from the URL and passes the host name to the client-side of the DNS application. As part of a DNS query message, the DNS client sends a query containing the host name to a DNS server. Networks and Data Communications 7

10 The DNS client eventually receives a reply, which includes the IP address for the host name The browser then opens a TCP connection to the HTTP server process located at that IP address All IP datagrams sent to from the client to server as part of this connection will include this IP address in the destination address field of the datagrams In particular, the IP datagram(s) that encapsulate the HTTP request message use this IP address DNS adds an additional delay sometimes substantial to the Internet applications that use DNS and there are ways to prevent making this query many times via caching

11 Who uses a DNS... 2? Like HTTP, FTP, and SMTP, the DNS protocol is an application-layer protocol as it runs between communicating end systems, and relies on an underlying end-to-end transport protocol (i.e., UDP) to transfer DNS messages between communicating end systems Unlike Web, file transfer, and applications however, the DNS is not an application with which a user directly interacts. Instead, the DNS provides a core Internet function namely, translating host names to their underlying IP addresses, for user applications and other software in the Internet The DNS is specified in RFC 1034 and RFC 1035, and updated in several additional RFCs. Networks and Data Communications 8

12 Uses of the DNS Host Aliasing: A host with a complicated host name can have one or more alias names. For example, a host name such as relay1.west-coast.enterprise.com could have, say, two aliases such as enterprise.com and In this case, the host name relay1.west-coast.enterprise.com is said to be canonical host name. Alias host names, when present, are typically more mnemonic than a canonical host name. DNS can be invoked by an application to obtain the canonical host name for a supplied alias host name as well as the IP address of the host Mail server aliasing: For obvious reasons, it is highly desirable that addresses be mnemonic. For example, if Bob has an account with Hotmail, Bob s address might be as simple as bob@hotmail.com. However, the host name of the Hotmail mail server is more complicated and much less mnemonic than simply hotmail.com (e.g., the canonical host name might be something like Networks and Data Communications 9

13 relay1.west-coast.hotmail.com). DNS can be invoked by a mail application to obtain the canonical host name for a supplied alias host name as well as the IP address of the host. In fact, DNS permits a company s mail server and Web server to have identical (aliased) host names; for example, a company s Web server and mail server can both be called enterprise.com Load Distribution: Increasingly, DNS is also being used to perform load distribution among replicated servers, such as replicated Web servers. Busy sites, such as cnn.com, are replicated over multiple servers, with each server running on a different end system, and having a different IP address. For replicated Web servers, a set of IP addresses is thus associated with one canonical host name. The DNS database contains this set of IP addresses. When clients make a DNS query for a name mapped to a set of addresses, the server responds with the entire set of IP addresses, but rotates the ordering of the addresses within each reply. Because a client typically sends its HTTP request message to the IP address that is listed first in the

14 set, DNS rotation distributes the traffic among all the replicated servers. DNS rotation is also used for so that multiple mail servers can have the same alias name.

15 Uses of the DNS... 2 From a client perspective DNS is a blackbox The client sends a DNS query message into the black box, specifying the host name that needs to be translated to an IP address. On many Unix-based machines, gethostbyname() is the library routine that an application calls in order to issue the query message After a delay, ranging from milliseconds to tens of seconds, the client receives a DNS reply message that provides the desired mapping. Thus, from the client s perspective, DNS is a simple, straightforward translation service. But in fact, the black box that implements the service is complex, consisting of large number of name servers distributed around the globe, as well as an application-layer protocol that specifies how the name servers and querying hosts communicate Networks and Data Communications 10

16 Domain Names Absolute names are expressed relative to the root so end with the root s label, for instance ns.nasa.gov Relative names represent the lower level labels of an incomplete domain name they are relative either to a well-known origin (most commonly the root domain), or to a list of domains used as a search list Each node in the DNS tree has data associated with it, and can be maintained at a server. Such a server supplies information associated with a node in response to a request. Hence, the domain name is essentially an index into the DNS servers database Networks and Data Communications 11

17 root (no name) edu com uk nl org net ibm sun ac co sales eng cs math sun eng Based on the ISO-3166 standard (except for Great Britain, which uses uk instead of gb) Networks and Data Communications 12

18 Domain Servers We can also identify primary and secondary servers as local, root and authoritative name servers: Local name servers: Each ISP - such as a university, an academic department, an employee s company or a residential ISP - has a local name server (also called a default name server). When a host issues a DNS query message, the message is first sent to the host s local name server. The IP address of the local name server is typically configured by hand in a host. The local name server is typically close to the client; in the case of an institutional ISP, it may be on the same LAN as the client host; for a residential ISP, the name server is typically separated from the client host by no more than a few routers. Networks and Data Communications 13

19 If a host requests a translation for another host that is part of the same local ISP, then the local name server will be able to immediately provide the the requested IP address. For example, when the host surf.eurecom.fr requests the IP address for baie.eurecom.fr, the local name server at Eurecom will be able to provide the requested IP address without contacting any other name servers.

20 Domain Servers... 2 Root name servers: In the Internet there are a dozen or so of root name servers, most of which are currently located in North America. When a local name server cannot immediately satisfy a query from a host (because it does not have a record for the hostname being requested), the local name server behaves as a DNS client and queries one of the root name servers. If the root name server has a record for the host name, it sends a DNS reply message to the local name server, and the local name server then sends a DNS reply to the querying host. If the root name server does not have a record for the host name, the rootname server knows the IP address of an authoritative name server that has the mapping for that particular host name see Networks and Data Communications 14

21 Networks and Data Communications 15

22 Domain Servers... 3 Authoritative Name Servers: Every host is registered with an authoritative name server. Typically, the authoritative name server for a host is a name server in the host s local ISP. Each host is required to have at least two authoritative name servers, in case of failures. By definition, a name server is authoritative for a host if it always has a DNS record that translates the host s name to it s IP address. When an authoritative name server is queried by a root server, the authoritative name server responds with a DNS reply that contains the requested mapping. The root server then forwards the mapping to the local name server, which in turn forwards the mapping to the requesting host. Many name servers act as both local and and authoritative name servers. Networks and Data Communications 16

23 Address Resolution... Example Suppose the host surf.eurecom.fr desires the IP address of gaia.cs.umass.edu Eurecom s local name server is called dns.eurecom.fr and that an authoritative name server for gaia.cs.umass.edu is called dns.umass.edu Sequence of steps: Host surf.eurecom.fr first sends a DNS query message to its local name server, dns.eurecom.fr. The query message contains the host name to be translated, namely, gaia.cs.umass.edu The root name server forwards the query message to the name server that is authoritative for all the hosts in the domain umass.edu, namely, to dns.umass.edu The authoritative name server then sends the desired mapping to the querying host, via the root name server and the local name server Networks and Data Communications 17

24 To obtain the mapping for one host name, six DNS messages were sent: three query messages and three reply messages

25 Networks and Data Communications 18

26 Name Resolution... 2 The root name server may not know the authoritative name server for every host this is true in many practical instances. The root name server is likely to know the IP address of an intermediate server only, rather than the particular authoritative name server that in turn knows the IP address of an authoritative name server for the host name Consider once again the above example with the host surf.eurecom.fr querying for the IP address of gaia.cs.umass.edu Networks and Data Communications 19

27 Suppose that the University of Massachusetts has a name server for the university, called dns.umass.edu and each of the departments at University of Massachusetts has its own name server, and that each departmental name server is authoritative for all the hosts in the department. Hence, when the root name server receives a query for a host with host name ending with umass.edu it forwards the query to the name server dns.umass.edu. This name server forwards all queries with host names ending with.cs.umass.edu to the name server dns.cs.umass.edu, which is authoritative for all host names ending with.cs.umass.edu

28 The authoritative name server sends the desired mapping to the intermediate name server, dns.umass.edu, which forwards the mapping to the root name server, which forwards the mapping to the local name server, dns.eurecom.fr, which forwards the mapping to the requesting host!

29 Networks and Data Communications 20

30 Recursive Queries Queries for address translation are so far recursive Hence, when a host or name server A makes a recursive query to a name server B, then name server B obtains the requested mapping on behalf of A and then forwards the mapping to A Networks and Data Communications 21

31 Iterative Queries The DNS protocol also allows for iterative queries at any step in the chain between requesting host and authoritative name server When a name server A makes an iterative query to name server B, if name server B does not have the requested mapping, it immediately sends a DNS reply to A that contains the IP address of the next name server in the chain, say, name server C Name server A then sends a query directly to name server C. Possible to have a combination of iterative and recursive queries in a name resolution. Recursive queries are more common Networks and Data Communications 22

32 Networks and Data Communications 23

33 DNS Caching Information found from other servers is often stored locally (or cached ) during the resolution process When a name server receives a DNS mapping for some host name, it caches the mapping in local memory (disk or RAM) while passing the message along the name server chain. Given a cached host name/ip address translation pair, if another query arrives to the name server for the same host name, the name server can provide the desired IP address, even if it is not authoritative for the host name ALL name server cache data and in responding to a query always check the cache first. DNS extensively exploits caching in order to improve the delay performance and to reduce the number of DNS messages in the network A cached record is discarded after a period of time (often set to two days) Primary and Secondary servers, on the other hand, are the original sources for a domain and therefore always return authoritative data Networks and Data Communications 24

34 DNS Caching... 2 Suppose that surf.eurecom.fr queries the DNS for the IP address for the host name cnn.com. Furthermore suppose that a few hours later, another Eurecom host, say baie.eurecom.fr, also queries DNS with the same host name. Because of caching, the local name server at Eurecom will be able to immediately return the IP address to the requesting host without having to query name servers on another continent Designers of DNS consider the access of information to be more critical than instantaneous updates or guarantees of consistency. Another assumption is that data in the system does not change very rapidly Networks and Data Communications 25

35 DNS Records All information stored or transmitted within the DNS is in a standard form called a Resource Record containing (primarily) four parts: 1. Domain (Name): The name of a domain to which the record refers 2. Class (Value): The class of the record this is usually IN for the Internet 3. Type: The type of record, i.e. what the information is for 4. Information: The data associated with the record such as Time To Live (TTL) record Hence, a query to the DNS database names the domain of interest and a resource type and a nameserver responds with the corresponding entry Networks and Data Communications 26

36 DNS Records... 2 Name and Value are dependent on the value of Type. If Type=A, then Name is a hostname and Value is the IP address for the host name. Thus, a Type A record provides the standard host name to IP address mapping. As an example, (relay1.bar.foo.com, , A) is a Type A record. If Type=NS, then Name is a domain (such as foo.com) and Value is the host name of a server that knows how to obtain the IP addresses for hosts in the domain. This record is used to route DNS queries further along in the query chain. As an example, (foo.com, dns.foo.com, NS) is a Type NS record. If Type=CNAME, then Value is a canonical host name for the alias host name Name. This record can provide querying hosts the canonical name for a host name. As an example, (foo.com, relay1.bar.foo.com, CNAME) is a CNAME record. Networks and Data Communications 27

37 * If Type=MX, then Value is a host name of a mail server that has an alias host name Name. As an example, (foo.com. mail.bar.foo.com, MX) is an MX record. MX records allow the host names of mail servers to have simple aliases.

38 DNS Records... 3 If a name server is authoritative for a particular host name, then the name server will contain a Type A record for the host name If a server is not authoritative for a host name, then the server will contain a Type NS record for the domain that includes the host name; it will also contain a Type A record that provides the IP address of the name server in the Value field of the NS record As an example, suppose a root server is not authoritative for the host Gail.cs.umass.edu. Then the root server will contain a record for a domain that includes the host cs.umass.edu, e.g., (umass.edu, dns.umass.edu, NS). Networks and Data Communications 28

39 DNS Message Two kinds of DNS messages: Request and Reply both are of the same type The first 12 bytes is the header section, which has a number of fields. The first field is a 16-bit number that identifies the query. This identifier is copied into the reply message to a query, allowing the client to match received replies with sent queries. There are a number of flags in the flag field. A one-bit query/reply flag indicates whether the message is a query (0) or a reply (1). A one bit authoritative flag is set in a reply message when a name server is an authoritative server for a queried name. A one bit recursion-desired flag is set when a client (host or name server) desires that the name server to perform recursion when it doesn t have the record. A one-bit recursion available field is set in a reply if the name server supports recursion. Networks and Data Communications 29

40 In the header, there are also four number of fields. These fields indicate the number of occurrences of the four types of data sections that follow the header. The question section contains information about the query that is being made. This section includes 1. A name field that contains the name that is being queried, and 2. A type field that indicates the type of question being asked about the name (e.g., a host address associated with a name - type A, or the mail server for a name - type MX ). In a reply from a name server, the answer section contains the resource records for the name that was originally queried. Recall that in each resource record there is the Type (e.g., A, NS, CSNAME and MX), the Value and the TTL.

41 A reply can return multiple RRs in the answer, since a host name can have multiple IP addresses (e.g., for replicated Web servers, as discussed earlier in this section). The authority section contains records of other authoritative servers. The additional section contains other helpful records. For example, the answer field in a reply to an MX query will contain the host name of a mail server associated with the alias name Name. The additional section will contain a Type A record providing the IP address for the canonical host name of the mail server.

42 Networks and Data Communications 30

43 Configuring and Running DNS A DNS service must be run if an organisation is connected to an Internet. If you are going to be connected to the Internet, it is also wise to run a DNS, and register your network address If the company is not on the Internet, a DNS may still be good if the network is large, and split over a number of geographic sites or separate networks (administered by different groups) For networks which are not connected to the Internet simply set up root name servers Name servers can be put on existing file servers, on routers or gateways Name servers can be located any where on the local network Networks and Data Communications 31

44 BIND BIND is the protocol that a client DNS application uses to connect to a server the configuration is based on the type of service the software is aimed at providing 1. As a primary nameserver the authoritative source for all information 2. As a secondary nameserver which copies the complete set of info from the primary nameserver Networks and Data Communications 32

45 3. As a caching-only server which runs the nameserver software, but keeps no database files 4. As a resolver-only server which provides the code that asks nameservers for domain information (the client code). On Unix this is implemented as a library, rather than a separate program The easiest to set up in the resolver-only system need to set up a /etc/resolv.conf file from thrall, this is: # try this first

46 domain cs.cf.ac.uk # then try this nameserver # then this nameserver # then this nameserver # then this nameserver # then this nameserver # then this nameserver this is very much the type of configuration needed by a client, when you install your network card in a PC, or use the TCP/IP set up program

47 BIND...2 For the other options, we must define a named.conf file, which outlines the zones and associated servers again from thrall (a small portion of the file) zone " in-addr.arpa" { type master; file "named.local"; }; // zone "cf.ac.uk" { type slave; file "cf.ac.uk"; masters { ; }; }; Networks and Data Communications 33

48 zone "cardiff.ac.uk" { type slave; file "cardiff.ac.uk"; masters { ; }; }; zone " in-addr.arpa" { type slave; file " inarpa"; masters { ; }; }; zone "cs.cf.ac.uk" { type slave; file "cs.cf.ac.uk"; masters {

49 ; }; }; zone "computer-science.cardiff.ac.uk" { type slave; file "computer-science.cardiff.ac.uk"; masters { ; }; }; This is generated by a PERL script set up by our systems administrator. See the /var/nameserver directory on thrall

50 Running DNS on Linux Run using named with an information file named.boot the format is: /usr/bin/named -b /usr/local/adm/named/named.boot The file named.boot specifies a way to look up information about different machine on the local network You can test the DNS program with the nslookup command on Unix (for instance) parian >nslookup > maxwell2.cs.cf.ac.uk Server: Address: #53 Name: maxwell2.cs.cf.ac.uk Networks and Data Communications 34

51 Address: > Server: Address: #53 Non-authoritative answer: Name: Address: > src.doc.ic.ac.uk Server: Address: #53 Non-authoritative answer: src.doc.ic.ac.uk canonical name = sunsite.org.uk. Name: sunsite.org.uk

52 Address:

53 >nslookup > set type=mx > cs.cf.ac.uk Server: Address: #53 cs.cf.ac.uk cs.cf.ac.uk mail exchanger = 1 belvedere.cs.cf.ac.uk. mail exchanger = 2 sentinel.cs.cf.ac.uk. > astro.cf.ac.uk Server: Address: #53 astro.cf.ac.uk mail exchanger = 1 hedwig2.cf.ac.uk. astro.cf.ac.uk mail exchanger = 10 mailhost.astro.cf.ac.uk. astro.cf.ac.uk mail exchanger = 1 hedwig1.cf.ac.uk. Networks and Data Communications 35

54 > set type=ns > Server: Address: #53 Non-authoritative answer: *** Can t find No answer Authoritative answers can be found from: doc.ic.ac.uk origin = ns0.doc.ic.ac.uk mail addr = hostmaster.doc.ic.ac.uk serial = refresh = 3600 retry = 600 expire = minimum = > google.com Server: Address: #53

55 Non-authoritative answer: google.com nameserver = ns1.google.com. google.com nameserver = ns2.google.com. google.com nameserver = ns3.google.com. google.com nameserver = ns4.google.com. Authoritative answers can be found from: ns1.google.com internet address = ns2.google.com internet address = ns3.google.com internet address = ns4.google.com internet address = Alternative DNS client is dig. See the manual page for this on Unix.

56 LDAP LDAP: Light Weight Directory Access Protocol the current protocol for defining name space access, authentication and information storage for particular nodes on a network Runs over TCP/IP, and provides an interface to the OSI X.500 Specification (a standard which extends beyond providing simply name lookup services. This protocol is a comprehensive directory service for recording service information, security access control and name space access to resources on the Internet) Can be integrated with a number of other systems such as Novell s NDS, and can run natively on a host backed by its own database Networks and Data Communications 36

57 Processing Internet Addresses When writing programs in a language such as Java you generally make use of machine names in alpha-numeric format, rather than their IP addresses Then let DNS handle the translation to IP addresses there is support in the java.net class for achieving this see: java.net.inetaddress class can be used to represent an Internet address it contains a hostname (a String), and an address (an int) the address field contains the 32-bit IP address This class contains a number of methods: byte[] getaddress() Returns the raw IP address of this InetAddress object. Networks and Data Communications 37

58 static InetAddress[] getallbyname(string host) Determines all the IP addresses of a host, given the host s name. static InetAddress getbyname(string host) Determines the IP address of a host, given the host s name. String gethostaddress() Returns the IP address string "%d.%d.%d.%d". String gethostname() Gets the host name for this IP address. static InetAddress getlocalhost() Returns the local host.

59 int hashcode() Returns a hashcode for this IP address. boolean ismulticastaddress() Utility routine to check if the InetAddress is an IP multicast address. String tostring() Converts this IP address to a String.

60 import java.net.*; class cardiffcheck { public static void main (String args[]) { try { InetAddress address = InetAddress.getByName(" System.out.println(address); } catch (UnknownHostException e) { System.out.println("Could not find } } } Running the program omer@parian >javac cardiffcheck.java omer@parian >java cardiffcheck Networks and Data Communications 38

61 Alternately Reverse Lookup (only for JDK 1.1 and higher) import java.net.*; class cardiffcheck2 { public static void main (String args[]) { try { InetAddress address = InetAddress.getByName(" "); System.out.println(address); } catch (UnknownHostException e) { System.out.println("Could not find "); } } } Running the program Networks and Data Communications 39

62 >javac cardiffcheck2.java >java cardiffcheck2 sentinel.cs.cf.ac.uk/

63 As identified before certain servers can have more than one name associated with them although they may have one IP address Java gives us the InetAddress.getAllByName(String hostname) to handle this situation import java.net.*; class altavista { public static void main (String args[]) { try { InetAddress[] addresses = InetAddress.getAllByName(" for (int i = 0; i < addresses.length; i++) { System.out.println(addresses[i]); } } catch (UnknownHostException e) { Networks and Data Communications 40

64 System.out.println("Could not find } } } Running the program

65 Getting your own address import java.net.*; class myaddress { public static void main (String args[]) { try { InetAddress address = InetAddress.getLocalHost(); System.out.println(address); } catch (UnknownHostException e) { System.out.println("Could not find this computer s address."); } } } Running the program: omer@parian >javac myaddress.java omer@parian >java myaddress parian.cs.cf.ac.uk/ Networks and Data Communications 41

66 import java.net.*; import java.io.*; class weblogalt { public static void main(string args[]) { String thisline; String thisip; String therest; int index; InetAddress thisaddress; byte[] address; try { FileInputStream fin =new FileInputStream(args[0]); BufferedReader myinput =new BufferedReader(new InputStreamReader(fin)); Networks and Data Communications 42

67 while ((thisline = myinput.readline())!= null) { index = thisline.indexof(" ", 0); thisip = thisline.substring(0, index); therest = thisline.substring(index, thisline.length()); try { thisaddress = java.net.inetaddress.getbyname(thisip); address = thisaddress.getaddress(); System.out.println( InetAddressFactory.newInetAddress(address).getHostName() + therest); } catch (UnknownHostException e) { System.out.println(thisLine); } } // while loop ends here } catch (IOException e) {

68 } System.out.println("Exception: " + e); } } // end main