CSC521 Communication Protocols 網 路 通 訊 協 定 Chapter 23 The Domain Name System (DNS) 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系
Outline 1. Introduction 2. Names For Machines 3. Flat Namespace 4. Hierarchical Names 5. Delegation Of Authority For Names 6. Subset Authority 7. Internet Domain Names 8. Top-Level Domains 9. Name Syntax And Type 10. Mapping Domain Names To Addresses 11. Domain Name Resolution 12. Efficient Translation 13. Caching: The Key To Efficiency 14.Domain Name System Message Format 15. Compressed Name Format 16. Abbreviation Of Domain Names 17. Inverse Mappings 18. Pointer Queries 19.Object Types And Resource Record Contents 20. Obtaining Authority For A Subdomain 21.Dynamic DNS Update And Notification 22.DNS Security Extensions (DNSSEC) 23. Summary 2
Names For Computers Humans prefer pronounceable names rather than numeric addresses Two possibilities of names Flat namespace Hierarchical namespace Two possibilities of naming hierarchy According to network topology By organizational structure (independent of physical networks) Internet uses the latter 3
Internet Domain Names Internet Hierarchy In the Internet, hierarchical machine names are assigned according to the structure of organizations that obtain authority for parts of the namespace, not necessarily according to the structure of the physical network interconnections Flexible hierarchy Universal naming scheme (same everywhere) Each organization determines internal naming structure Mechanism known as Domain Name System (DNS) Name assigned to a computer known as domain name Domain Name Syntax Set of labels separated by delimiter character (period) Example: cs. purdue. edu Three labels: cs, purdue, and edu String purdue. edu is also a domain Top-level domain is edu 4
Original Top-Level Domains Meaning assigned to each cctld: Country Code TLD gtld: Generic TLD Three domains considered generic.com.net.org 5
New Top-Level Domains Proponents argued (incorrectly) that DNS would collapse without additional TLDs New TLDs created legal nightmare 6
Authority For Names Authority delegated down the tree Example Purdue University registers under top level domain.edu and receives authority for domain purdue.edu Computer Science Department at Purdue registers with the Purdue authority, and becomes the authority for domain cs.purdue.edu Owner of a lab in the CS Department registers with the departmental authority, and becomes the authority for domain xinu.cs.purdue.edu 7
Mapping Domain Names To Addresses DNS uses a set of on-line servers Servers arranged in tree Given server can handle entire subtree Example: ISP manages domain names for its clients DNS Database: Record has ( name, class ) Class specifies type of object (e.g., computer, email exchanger) Consequence: A given name may map to more than one item in the domain system. The client specifies the type of object desired when resolving a name, and the server returns objects of that type 8
Illustration of DNS Server Topology DNS server known as name server Single server can handle multiple levels of the naming tree Example: root server handles all top-level domains DNS client software known as resolver 9
Conceptually, must search from root of tree downward In practice Every name server knows location of a root server Only contacts root if no subdomain known Lookup always starts with local server first (host can learn address of DNS server from DHCP) Efficient Translation Most lookups refer to local names Name-to-address bindings change infrequently User is likely to repeat same lookup To increase efficiency Domain Name Resolution Initial contact begins with local name server Every server caches answers (owner specifies cache timeout) 10
Resolution Example root DNS server Host pc1.csie.nuk.edu.tw wants IP address for www.google.com local DNS server ccdns.nuk.edu.tw (140.127.198.1) 2 3 4 5.com TLD DNS server Later: host pc1.csie.nuk.edu.tw wants IP address for mail.google.com host pc2.csie.nuk.edu.tw wants IP address for www.google.com 1 8 7 6 authoritative DNS server ns1.google.com requesting host pc1.csie.nuk.edu.tw www.google.com 11
DNS Records DNS: distributed database storing resource records (RR) RR format: (name, value, type, ttl) Type=A name is hostname value is IP address Type=NS name is domain (e.g. foo.com) value is IP address of authoritative name server for this domain Type=CNAME name is alias name for some cannonical (the real) name www.ibm.com is really servereast.backup2.ibm.com value is cannonical name Type=MX value is name of mailserver associated with name 12
DNS Message Format TYPE meaning A 1 a host address NS 2 an authoritative name server CNAME 5 canonical name for an alias SOA 6 start of a zone of authority PTR 12 a domain name pointer MX 15 mail exchange 13
Specifying Domain Names with Labels Domain name a sequence of labels A maximum length of 255 characters is allowed Label Must start with a letter and can only consist of letters, digits and hyphens Can be up to 63 characters long and are case insensitive (00xx xxxx) Label encoding Begins with an octet that specifies its length; 0 marks the end i.e. www.google.com = 0x03 w w w 0x06 google0x03com0x00 Label compression with pointer Begins with two ones (11xx xxxx xxxx xxxx) Followed with the offset field specifies an offset from the start of the message the first octet of the ID field in the domain header 14
DNS Query Example Looking up www.google.com.tw Parameter=0x0100=0000 0001 0000 0000: Recursion desired Class=INternet: 0x01 Type=A: 0x01 15
DNS Reply Example Flag:1000 0001 1000 0000 1000=response 0001=recursion desired 1000=recursion available Type=A: 0x01 C00C= 1100 0000 0000 1100 16
Domain Name Abbreviation Abbreviation Of Domain Names DNS only recognizes full domain names Client software allows abbreviation Example of Abbreviation Client configured with suffix list. cs. purdue. edu. cc. purdue. edu. purdue. edu null User enters abbreviation xinu Client tries the following in order xinu. cs. purdue. edu xinu. cc. purdue. edu xinu. purdue. edu xinu 17
Pointer Query Inverse Query Map in reverse direction Excessive overhead May not have unique answer Not used in practice Pointer Query Special case of inverse mapping Convert IP address to domain name Trick: write IP address as a string and look up as a name Example Start with dotted decimal address such as aaa. bbb. ccc. ddd Rearrange dotted decimal representation as a string: ddd. ccc. bbb. aaa. in-addr. arpa Look up using a pointer query type 18
Discussions Internationalized Domain Name Label extension? TTL Issues DNS Caching Dynamic Update DNS Security Issues Authentication Data integrity Performance Issues ARP: cache /? IP: routing table /? DNS: cache table / TTL 19
Summary Domain Name System provides mapping from pronounceable names to IP addresses Domain names are hierarchical; top-level domains are dictated by a central authority Organizations can choose how to structure their domain names DNS uses on-line servers to answer queries Lookup begins with local server, which caches entries 20