3. The Domain Name Service

Similar documents
Domain Name System Richard T. B. Ma

The Application Layer: DNS

Domain Name System (DNS)

Domain Name System (or Service) (DNS) Computer Networks Term B10

Lecture 2 CS An example of a middleware service: DNS Domain Name System

DNS: Domain Name System

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

How To Map Between Ip Address And Name On A Domain Name System (Dns)

NET0183 Networks and Communications

CS 43: Computer Networks Naming and DNS. Kevin Webb Swarthmore College September 17, 2015

Chapter 2 Application Layer

DATA COMMUNICATOIN NETWORKING

Domain Name System DNS

Domain Name System (DNS) RFC 1034 RFC

CS 348: Computer Networks. - DNS; 22 nd Oct Instructor: Sridhar Iyer IIT Bombay

DNS. Spring 2016 CS 438 Staff 1

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

The Domain Name System

DNS: Domain Name System

Names vs. Addresses. Flat vs. Hierarchical Space. Domain Name System (DNS) Computer Networks. Lecture 5: Domain Name System

CMPE 80N: Introduction to Networking and the Internet

Domain Name System (DNS)

DNS and P2P File Sharing

Domain Name System (DNS) Fundamentals

Naming and the DNS. Focus. How do we name hosts etc.? Application Presentation Topics. Session Domain Name System (DNS) /URLs

Computer Networks: Domain Name System

2.5 DNS The Internet s Directory Service

Distributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Internet-Praktikum I Lab 3: DNS

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

internet technologies and standards

Teldat Router. DNS Client

Chapter 23 The Domain Name System (DNS)

THE DOMAIN NAME SYSTEM DNS

DNS. Computer Networks. Seminar 12

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Domain Name System (DNS) Omer F. Rana. Networks and Data Communications 1

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

The Domain Name System

Understanding DNS (the Domain Name System)

Wireshark Lab: DNS. 1. nslookup

DNS Resolving using nslookup

CS3600 SYSTEMS AND NETWORKS

CS244A Review Session Routing and DNS

Workshop on Scientific Applications for the Internet of Things (IoT) March

Ch 6: Networking Services: NAT, DHCP, DNS, Multicasting

Domain Name System (DNS) Reading: Section in Chapter 9

Forouzan: Chapter 17. Domain Name System (DNS)

Domain Name System. DNS is an example of a large scale client-server application. Copyright 2014 Jim Martin

Ch 6: Networking Services: NAT, DHCP, DNS, Multicasting, NTP

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Hostnames. HOSTS.TXT was a bottleneck. Once there was HOSTS.TXT. CSCE515 Computer Network Programming. Hierarchical Organization of DNS

DNS : Domain Name System

DNS Domain Name System

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

CS640: Computer Networks. Naming /ETC/HOSTS

The Domain Name System

DNS Basics. DNS Basics

Introduction to Network Operating Systems

Internetworking with TCP/IP Unit 10. Domain Name System

Wireshark DNS. Introduction. nslookup

KB Windows 2000 DNS Event Messages 1 Through 1614

Wireshark Lab: DNS v6.01

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

The Use of DNS Resource Records

How to Add Domains and DNS Records

Domain Name Service (DNS) Training Division, NIC New Delhi

Application-layer protocols

Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer

How do I get to

Lecture 5: Network Attacks I. Course Admin

DNS records. RR format: (name, value, type, TTL) Type=NS

The Domain Name System (DNS)

BASIC TCP/IP NETWORKING

Networking Domain Name System

Glossary of Technical Terms Related to IPv6

Non-authoritative answer: home.web.cern.ch canonical name = drupalprod.cern.ch. Name: drupalprod.cern.ch Address:

CS3250 Distributed Systems

Domain Name Server. Training Division National Informatics Centre New Delhi

Ethereal Lab: DNS. 1. nslookup

Application Protocols in the TCP/IP Reference Model

Use Domain Name System and IP Version 6

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

Module 2. Configuring and Troubleshooting DNS. Contents:

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

How to set up the Integrated DNS Server for Inbound Load Balancing

Computer Networks & Security 2014/2015

Transcription:

3. The Domain Name Service n Overview and high level design n Typical operation and the role of caching n Contents of DNS Resource Records n Basic message formats n Configuring/updating Resource Records John DeHart From Jon Turner and Roche Guerin based partly on material from Kurose and Ross

Domain Name Service n Motivation» The IP protocol requires numeric addresses, BUT names are more convenient and intuitive for people» So, we need a way to convert names to addresses» DNS provides this service Access tools: nslookup, host, dig, etc. n Key features» distributed database of name servers» organized in a hierarchical fashion top levels owned/operated by trusted service providers lower levels owned/operated by individuals and organizations» name servers save the results of lookup operations to improve performance, reduce query traffic hosts also cache results to avoid unnecessary queries» name servers are accessed using application level protocol 2

Domain Name Service n Examples jdd> nslookup onl.wustl.edu Server: 128.252.0.100 Address: 128.252.0.100#53 onl.wustl.edu canonical name = onl100.arl.wustl.edu. Name: onl100.arl.wustl.edu Address: 128.252.153.111 jdd> nslookup nytimes.com Server: 128.252.0.100 Address: 128.252.0.100#53 Non-authoritative answer: Name: nytimes.com Address: 170.149.161.130 Name: nytimes.com Address: 170.149.159.130 n Things to note:» Canonical name: Its an alias. We ll see CNAME records later» Non-authoritative answer Does not come from DNS server with authority for nytimes.com» Multiple addresses for nytimes.com And which one is listed first changes each time Try looking up google.com repeatedly and see what you get 3

Components of DNS n Name servers» the systems that respond to queries n Resource records (RRs)» form the database used to respond to queries n Hosts (clients)» Run software to interact with DNS servers and possibly store lookup results» Library software (resolvers) help client programs generate queries to DNS servers n DNS protocol» defines application-level messages used to request services and receive responses» Operates on well-known port 53 and relies primarily on UDP (TCP used for large responses and tasks such as zone transfers) n Registrars (e.g. GoDaddy.com)» control allocation of top-level domain names (e.g. wustl.edu) inserting resource records in upper level name servers» List of registrars can be found here: http://www.internic.net/ n ICANN Internet Corporation for Assigned Numbers and Names is responsible for managing the Internet Assigned Numbers Authority (IANA) functions, which include the administration of domain names, i.e., managing DNS 4

Hierarchical Organization top level domain servers Root DNS Servers organizational servers.com DNS servers.org DNS servers.edu DNS servers yahoo.com DNS servers amazon.com DNS servers n DNS servers organized in hierarchy of zones» each zone has one or more authoritative servers pbs.org DNS servers wustl.edu DNS servers seas hosts artsci umass.edu DNS servers local servers n Root zone servers and top level domain servers are authorized by ICANN n Organizational servers owned/operated by organizations 5

Why Distribute DNS Like This? n Technical reasons» to distribute query processing load among many servers» allows DNS to scale as the number of internet users and internet-connected organizations grows n Management reasons» distributes ownership and cost» ICANN oversees DNS, but owns no DNS servers» individual organizations control and pay for their own servers so, as organizations receive more web traffic, they add more DNS servers to handle the associated DNS query load n Why distribute hierarchically?» natural match for domain names and distributed ownership n Drawbacks of distribution?» operational inconsistencies, security vulnerabilities 6

Query Types n Two types of queries 1. Recursive query: The querying client requires that the DNS server responds with either the requested resource record or an error» The server will typically recurse until it can provide the answer or fails trying 2. Iterative query: The querying client allows the DNS server to respond with its best answer. Usually in the form of a referral to another server that can either provide the answer or a more accurate referral n» A server handling a recursive query from a client will typically proceed with iterative queries to other servers We ll label queries r-query and i-query sometimes to distinguish between recursive and iterative. 7

Typical Name Resolution Process host local DNS server root DNS server.com DNS server target DNS server target content server r-query(shop.target.com) i-query(..) reply (.com=1.2.3.4) i-query(..) reply (target.com=2.3.4.5) i-query(..) reply (2.3.4.13) reply (shop.target.com =2.3.4.13) http get content 8

Caching of DNS Responses n DNS servers can be configured to cache responses, to reduce time for future queries n In previous example, local DNS server ends up with several mappings in its cache».com => 1.2.3.4» target.com => 2.3.4.5» shop.target.com => 2.3.4.13 n So, no query needed to find that web page again» and only one query to find a different page at target.com» only two queries to find another.com location n Speeds up subsequent searches (so, happier users) and reduces load on upper level DNS servers n Hosts also often cache DNS responses (Window & MAC)» Linux: can be provided by a separate daemon/utility. 9

Pure Recursive Resolution Process host local DNS server root DNS server.com DNS server target DNS server target content server r-query r-query r-query r-query reply (2.3.4.13) reply (2.3.4.13) reply (2.3.4.13) reply (2.3.4.13) http get content 10

Iterative vs. Recursive Queries n Typical query processing combines iterative and recursive processing methods» source DNS client (or DNS forwarder) usually makes a recursive query» Home DNS server typically issues iterative queries» why not use same method for both? n By sending out iterative queries, a server gets to see and cache all intermediate DNS responses» future requests can be resolved more efficiently» works well for local DNS servers homogeneous user base means high cache efficiency typically lightly loaded so they can search through cache first and handle multiple iterative queries performance benefit for local users (and other DNS servers)» backbone servers are busier and prefer to delegate completion of individual queries to local servers 11

DNS Records n Servers store name resolution information in the form of resource records (RR)» (Name, Value, Type, TTL) if Type=A, then Name is a hostname and Value is the IP address for that host if Type=NS, then Name is a domain name (like foo.com) and Value is the host name of an authoritative DNS server for that domain if Type=CNAME, then Name is an alias for a host (that is, an alternate name) and Value is its canonical name if Type=MX, the Name is a domain name and the Value is of the name of the mail server for that domain. TTL: how long the record can be cached n Resource records are also returned in query results» often includes multiple RRs» public names are often aliases may have several web servers reached through common alias 12

DNS Message Format 16 bits 16 bits identification flags n Most DNS messages use UDP n Request/response protocol n Id field is echoed in response» so source can match reply to request n Flags include:» query/reply flag, authoritative flag, recursive desired, recursive available n Queries messages contains zero or more queries (Name, Type) #of queries # of authority RRs n Answers field contains responses to queries queries answer RRs authority RRs additional RRs # of answer RRs # of additional RRs n Authority field has records of other authoritative servers n Additional field has information such as the A record that goes with an MX record in the Answer field 13

14

Inserting Records into DNS n First step is to register (for a fee) a domain name with a DNS registrar» If desired name is not already in use, it will be assigned to you» You setup DNS servers for your domain: they must run DNS server software, such as bind they must be configured with RRs for hosts within the domain» You give names and IP address of DNS servers to Registrar» NS and A records are inserted into TLD (e.g.,.com) servers by registrar n Classic way to configure DNS records» system administrator logs into DNS server machine and adds records directly n Dynamic DNS allows records to be updated remotely via control messages facilitates automated updates 15

Content Distribution Networks and DNS n CDNs are distributed systems used to distribute popular web content» used by major web sites to reduce load on origin servers» essentially, a set of web caches operated by CDN provider n CDNs use DNS re-direction to respond to web queries using servers close to user» links on origin web-site contain domain name of CDN provider plus information about requested content formatted to look like a domain name to the DNS system, so gets included in DNS query to one of the CDN s DNS server» CDN s DNS servers use information in query together with user s IP address to identify content server close to user may also choose server based on requested content may also do load balancing across multiple candidate servers 16

Exercises 1. Slide 10 shows a query being resolved using recursive processing at all servers. Assuming that each server caches the response it gets, what mappings are present in the.com server s DNS cache after the query is processed? What mappings are present in the root server s cache? What mappings are present in the local DNS server s cache? 2. How did internet users lookup IP addresses before DNS was available? 17

Exercises 1. Slide 10 shows a query being resolved using recursive processing at all servers. Assuming that each server caches the response it gets, what mappings are present in the.com server s DNS cache after the query is processed? What mappings are present in the root server s cache? What mappings are present in the local DNS server s cache? The cache of all servers contains the same information, namely, the address of the target server 2.3.4.13 2. How did internet users lookup IP addresses before DNS was available? They would look in the HOSTS.TXT which was maintained and distributed by NIC (Network Information Center). [RFC 1034 section 2.1] 18

Exercises 3. Use the ifconfig command (or on windows ipconfig) to determine the IP address of your laptop. Use the hostname command to determine the domain name of your laptop. Use nslookup to get the IP address associated with your domain name. 19

Exercises 3. Use the ifconfig command (or on windows ipconfig) to determine the IP address of your laptop. Use the hostname command to determine the domain name of your laptop. Use nslookup to get the IP address associated with your domain name. [guerin@imbrium CSE473]$ ifconfig eth0 Link encap:ethernet HWaddr 00:50:56:B6:00:17 inet addr:128.252.202.128 Bcast:128.252.202.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:feb6:17/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:688176811 errors:0 dropped:0 overruns:0 frame:0 TX packets:529823542 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1198233486451 (1.0 TiB) TX bytes:706035643716 (657.5 GiB) [guerin@imbrium CSE473]$ hostname imbrium.seas.wustl.edu [guerin@imbrium CSE473]$ nslookup imbrium.seas.wustl.edu Server: 128.252.0.100 Address: 128.252.0.100#53 Name: imbrium.seas.wustl.edu Address: 128.252.202.128 20

Exercises 4. Suppose a host sends a DNS query to a remote server with an id number of 73 and receives no reply. When it sends the packet a second time, what id number should it use? 5. RFC 1034 defines the domain space in terms of a tree consisting of labeled nodes. Can two nodes in the tree have the same label? Can any two nodes have the same label? Is there any limit on the length of a label? If so, what is it? How are labels represented within the DNS protocol? 21

Exercises 4. Suppose a host sends a DNS query to a remote server with an id number of 73 and receives no reply. When it sends the packet a second time, what id number should it use? RFC 1035 states that a resolver should be able to use a response from any of its transmissions in case it retransmits a particular query. So in most cases, this would call for reusing ID number 73, though other alternatives may be possible. 5. RFC 1034 defines the domain space in terms of a tree consisting of labeled nodes. Can two nodes in the tree have the same label? Can any two nodes have the same label? Is there any limit on the length of a label? If so, what is it? How are labels represented within the DNS protocol? As long as two nodes are not brothers (share the same parent), they can have the same label. Labels are limited in length to 63 bytes. Labels are represented using a one byte length field followed by at most 63 bytes (the first bit of the length field must be 0). They must start and end with letters and contain only letters, digits, and hyphen. They are delimited by. signs. [RFC 1034 Section 3.1] 22

Exercises 6. Identify scenarios when name resolution does not require using DNS 23

Exercises 6. Identify scenarios when name resolution does not require using DNS One possible scenario is if the OS caches DNS replies and happens to already know the address of the target hostname Another scenario is if the hostname is listed in the hosts.txt or /etc hosts local file 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information