CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.12.2010.
-
date post
20-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.12.2010.
CSEE W4140Networking Laboratory
Lecture 10: DNS
Jong Yul Kim04.12.2010
Domain Name System
Many RFCs describing the DNS
We’ll look at RFC 1034“Domain Concepts and Facilities”
DNS Design Goals “Consistent name space for referring to resources”
Distributed database, with local caching Data source is responsible for maintaining fresh,
accurate information
Must be generally useful Associate names to sets of data, such as
host addresses, mailbox data, host OS
Independent of communications system that carries the queries and responses
Elements of the DNS Domain name space and resource records
Specifications for a tree structured name space and data associated with the names.
Name servers Server programs which hold information about
the domain tree’s structure and associated data
Resolvers Client programs that extract information by
querying name servers
Domain name space A tree structure
Each node corresponds to a resource set
Each node has a label up to 63 octets in length (case-insensitive)
Domain name of the node is the list of labels on the path from the node to the root of the tree.
. (root)
edu
columbia
cs
www
ee cc
Resource records (RR) Resource information for a particular
domain name is written as resource records.
Elements of an RR are: Owner : domain name where RR is found Type : shows which resource to query Class : IN = Internet TTL : time-to-live in seconds for caches RDATA : the actual data
Resource records (RR)
RR Types A host address CNAME canonical name HINFO OS / CPU info MX mail server info NS authoritative name server PTR pointer to another node SOA start of authority
DNS message format
Queries and responses are sent using UDP port 53
Zones Domain database is
partitioned into zones.
Zones are formed by cutting the domain tree and then grouping the nodes that are still connected.
A zone is : Authoritative for all
nodes within the zone Usually managed by
one organization
. (root)
.virginia.edu
.edu
.uci.edu
cs.virginia.edumath.virginia.edu
DomainZone
anddomain
Zone
DNS Hierarchy Root and top-level
domains are administered by Internet central name registration authority (ICANN)
Below top-level domain, administration of name space is delegated to organizations
Each organization can delegate further
. (root)
com
toronto.edu
goveduorg
uci.edu
ece.toronto.edumath.toronto.edu
neon.ece.toronto.edu
Top-level Domains
Root servers Root zone is at the very top of the domain
tree The root servers are statically entered into
resolvers and name servers
13 logical root servers in the world Named with letters A ~ M
171 physical root servers
http://www.root-servers.org/
Root Servers Redundancy
Redundant hardware that takes over failed one with or without human intervention At least 3 recommended, with one in a remote site[3]
Backups of the zone file stored at off-site locations Connectivity to the internet
Diversity Geographically located in 130 places in 53 countries
Topological diversity matters more Hardware, software, operating system of servers Diverse organizations, personnel, operational
processes Distribution of zone files within root server operator
1 Bush et al. Root Name Server Operational Requirements. RFC 2870. IETF 2000.2 http://www.icann.org/en/committees/security/dns-security-update-1.htm3 Elz et al. Selection and Operation of Secondary DNS Servers. RFC 2182. IETF 1997.
The use of anycast Basic anycast
Announce identical IP address
Routing system takes client request to closest node
Hierarchical anycast Global vs. local nodes If any node fails, stop
announcement Global node takes
over automatically
1 Abley, Hierarchical Anycast for Global Service Distribution. ISC Technical Note 2003-1. 2003.
Is anycast good for everyone?[1]
Not really…
Packets for long sessions may go to another node if the routing dynamics change Service time and stability of routing
A lot of routing considerations Aggregated prefixes Multiple services from a prefix Consideration of route propagation radius
1 Abley and Lindqvist, Operation of Anycast Services. RFC 4786. IETF 2006.
Top Level Domain (TLD) Country code TLD (ccTLD)
TLDs with two letters .cn, .in, .kr
Each country manages their own TLD
Generic TLD (gTLD) TLDs with three or more letters
.com, .net, .org, .edu, .gov, .aero Management is delegated to organizations Sponsored gTLD is one where the domain is limited to
‘approved’ organizations. (.aero)
.arpa TLD Used to convert IP addresses to domain names
Registry Listings from ICANN
.com 1985 Unsponsored Unrestricted (but intended for commercial registrants)
VeriSign, Inc. Registry Customer ServiceVeriSign Naming Services 21345 Ridgetop CircleDulles, Virginia 20166United StatesTel : +1 703 925-6999Fax: +1 703 421-5828http://www.verisign-grs.com
.edu 1985 Sponsored United States educational institutions
EDUCAUSE Becky GrangerEDUCAUSE4772 Walnut Street, Suite 206Boulder, Colorado 80301United StatesTel: +1-303-939-0334Fax: +1-303-440-0461http://www.educause.edu/edudomain
TLD IntroducedSponsored/
UnsponsoredPurpose
Sponsor/Operator
Contact
.net 1985 Unsponsored Unrestricted (but intended for network providers, etc.)
VeriSign, Inc. Registry Customer ServiceVeriSign Naming Services21345 Ridgetop CircleDulles, Virginia 20166United StatesTel: +1 703 925-6999 Fax: +1 703 421-5828 http://www.verisign-grs.com
Recursive and Iterative Queries There are two types of queries:
Recursive queries Iterative (non-recursive) queries
The type of query is determined by a bit in the DNS query
Recursive query: When the name server of a host cannot resolve a query, the server issues a query to resolve the query
Iterative queries: When the name server of a host cannot resolve a query, it sends a referral to another server to the resolver.
Recursive Queries In a recursive query, the
resolver expects the response from the name server
If the server cannot supply the answer, it will send the query to the “closest known” authoritative name server (here: In the worst case, the closest known server is the root server)
The root sever sends a referral to the “edu” server. Querying this server yields a referral to the server of “virginia.edu”
… and so on
root server
edu server
virginia.edu server
cs.virginia.edu server
Resolver
Nameserver
quer
y
resp
onse
Referral to edu name server
1st query: neon.cs.virginia.edu
2nd query: neon.cs.virginia.edu
Referral to virginia.edu nameserver
3rd query:neon.cs.virginia.edu
Referral tocs.virginia.eduname server
4th query:neon.cs.virginia.edu
IP address ofneon.cs.virginia.edu
Iterative Queries In an iterative
query, the name server sends a closest known authoritative name server a referral to the root server.
This involves more work for the resolver
root server
edu server
virginia.edu server
cs.virginia.edu server
Resolver
Name server
quer
y
refe
rral
to r
oot s
erve
r
Referral to
edu name serve
r
1st query:
neon.cs.vi
rginia.edu
2nd query: neon.cs.virginia.edu
Referral to
virginia.edu name
server
3rd query: neon.cs.virginia.edu
Referral to cs.virginia.edu
name server
4th query: neon.cs.virginia.edu
IP address of neon.cs.virginia.edu
Caching To reduce DNS traffic, name servers caches
information on domain name/IP address mappings
When an entry for a query is in the cache, the server does not contact other servers
Note: If an entry is sent from a cache, the reply from the server is marked as “unauthoritative”
Authoritative servers can dictate how long the record is cached using the TTL value
Sample zone file
db.mylab.com $TTL 86400 mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. ( 1 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) ; mylab.com. IN NS PC4.mylab.com. ; localhost A 127.0.0.1 PC4.mylab.com. A 10.0.1.41 PC3.mylab.com. A 10.0.1.31 PC2.mylab.com. A 10.0.1.21 PC1.mylab.com. A 10.0.1.11
Max. age of cached data in seconds
* Start of authority (SOA) record. Means: “This name server is authoritative for the zoneMylab.com” * PC4.mylab.com is the name server* [email protected] is the email address of the person in charge
Name server (NS) record. One entry for each authoritative name server
Address (A) records. One entry for each hostaddress
Slave refresh timeSlave retry time
Slave expiration time
Cache time for RR
Main Points of Lab 8 DNS
Configuring a server Queries and responses Caching Hierarchy of the domain name system
Note: You need to download files from web and bring it to the labhttp://www.tcpip-lab.net/links/conf/lab8
Homework
Prelab 9 due this Friday Please write your own answers!
Lab report 8 due next week before labs