230 likes | 367 Views
CSEE W4140 Networking Laboratory. Lecture 10: DNS Jong Yul Kim 04.12.2010. Domain Name System. Many RFCs describing the DNS We’ll look at RFC 1034 “Domain Concepts and Facilities”. DNS Design Goals. “Consistent name space for referring to resources”
E N D
CSEE W4140Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.12.2010
Domain Name System • Many RFCs describing the DNS • We’ll look at RFC 1034“Domain Concepts and Facilities”
DNS Design Goals • “Consistent name space for referring to resources” • Distributed database, with local caching • Data source is responsible for maintaining fresh, accurate information • Must be generally useful • Associate names to sets of data, such as host addresses, mailbox data, host OS • Independent of communications system that carries the queries and responses
Elements of the DNS • Domain name space and resource records • Specifications for a tree structured name space and data associated with the names. • Name servers • Server programs which hold information about the domain tree’s structure and associated data • Resolvers • Client programs that extract information by querying name servers
Domain name space • A tree structure • Each node corresponds to a resource set • Each node has a label up to 63 octets in length (case-insensitive) • Domain name of the node is the list of labels on the path from the node to the root of the tree. . (root) edu columbia cs ee cc www
Resource records (RR) • Resource information for a particular domain name is written as resource records. • Elements of an RR are: • Owner : domain name where RR is found • Type : shows which resource to query • Class : IN = Internet • TTL : time-to-live in seconds for caches • RDATA : the actual data
Resource records (RR) • RR Types • A host address • CNAME canonical name • HINFO OS / CPU info • MX mail server info • NS authoritative name server • PTR pointer to another node • SOA start of authority
DNS message format Queries and responses are sent using UDP port 53
Zones • Domain database is partitioned into zones. • Zones are formed by cutting the domain tree and then grouping the nodes that are still connected. • A zone is : • Authoritative for all nodes within the zone • Usually managed by one organization
Root and top-level domains are administered by Internet central name registration authority (ICANN) Below top-level domain, administration of name space is delegated to organizations Each organization can delegate further DNS Hierarchy
Root servers • Root zone is at the very top of the domain tree • The root servers are statically entered into resolvers and name servers • 13 logical root servers in the world • Named with letters A ~ M • 171 physical root servers • http://www.root-servers.org/
Root Servers • Redundancy • Redundant hardware that takes over failed one with or without human intervention • At least 3 recommended, with one in a remote site[3] • Backups of the zone file stored at off-site locations • Connectivity to the internet • Diversity • Geographically located in 130 places in 53 countries • Topological diversity matters more • Hardware, software, operating system of servers • Diverse organizations, personnel, operational processes • Distribution of zone files within root server operator 1 Bush et al. Root Name Server Operational Requirements. RFC 2870. IETF 2000. 2http://www.icann.org/en/committees/security/dns-security-update-1.htm 3 Elz et al. Selection and Operation of Secondary DNS Servers. RFC 2182. IETF 1997.
The use of anycast • Basic anycast • Announce identical IP address • Routing system takes client request to closest node • Hierarchical anycast • Global vs. local nodes • If any node fails, stop announcement • Global node takes over automatically 1 Abley, Hierarchical Anycast for Global Service Distribution. ISC Technical Note 2003-1. 2003.
Is anycast good for everyone?[1] • Not really… • Packets for long sessions may go to another node if the routing dynamics change • Service time and stability of routing • A lot of routing considerations • Aggregated prefixes • Multiple services from a prefix • Consideration of route propagation radius 1 Abley and Lindqvist, Operation of Anycast Services. RFC 4786. IETF 2006.
Top Level Domain (TLD) • Country code TLD (ccTLD) • TLDs with two letters • .cn, .in, .kr • Each country manages their own TLD • Generic TLD (gTLD) • TLDs with three or more letters • .com, .net, .org, .edu, .gov, .aero • Management is delegated to organizations • Sponsored gTLD is one where the domain is limited to ‘approved’ organizations. (.aero) • .arpa TLD • Used to convert IP addresses to domain names
Registry Listing Registry Listings from ICANN
Recursive and Iterative Queries • There are two types of queries: • Recursive queries • Iterative (non-recursive) queries • The type of query is determined by a bit in the DNS query • Recursive query: When the name server of a host cannot resolve a query, the server issues a query to resolve the query • Iterative queries: When the name server of a host cannot resolve a query, it sends a referral to another server to the resolver.
Recursive Queries • In a recursive query, the resolver expects the response from the name server • If the server cannot supply the answer, it will send the query to the “closest known” authoritative name server (here: In the worst case, the closest known server is the root server) • The root sever sends a referral to the “edu” server. Querying this server yields a referral to the server of “virginia.edu” • … and so on
Iterative Queries • In an iterative query, the name server sends a closest known authoritative name server a referral to the root server. • This involves more work for the resolver
Caching • To reduce DNS traffic, name servers caches information on domain name/IP address mappings • When an entry for a query is in the cache, the server does not contact other servers • Note: If an entry is sent from a cache, the reply from the server is marked as “unauthoritative” • Authoritative servers can dictate how long the record is cached using the TTL value
Sample zone file Max. age of cached data in seconds * Start of authority (SOA) record. Means: “This name server is authoritative for the zone Mylab.com” * PC4.mylab.com is the name server * hostmaster@mylab.com is the email address of the person in charge Slave refresh time Slave retry time Slave expiration time Cache time for RR Name server (NS) record. One entry for each authoritative name server Address (A) records. One entry for each hostaddress
Main Points of Lab 8 • DNS • Configuring a server • Queries and responses • Caching • Hierarchy of the domain name system • Note: You need to download files from web and bring it to the lab http://www.tcpip-lab.net/links/conf/lab8
Homework • Prelab 9 due this Friday • Please write your own answers! • Lab report 8 due next week before labs