Eda387 Lecture DNS (1)

7/27/2019 Eda387 Lecture DNS (1)

1/27

1

Computer Networks

2012 Ali Salehson, Chalmers, CSE Networks and Systems

Internet InterconnectionsThe Domain Name System

D N S

Ali Salehson

Computer Networks


2/27

2

Internetworking with TCP/IPCh 2: Ethernet & MAC frame (review)

Ch 3: Internetworking Concept (review)Ch 4: IPv4 Addressing

Ch 5: ARP protocol & operationCh 6: IPv4 Protocol (self-study)

Ch 7: Forwarding IP DatagramsCh 8: ICMP and TCP/IP Utilities (self-study)

Ch 9: IPv4 CIDR

Computer Networks



3/27

3

Internetworking with TCP/IP

Ch 23: Domain Name System (DNS)

Ch 31: IPv6 & ICMPv6

Computer Networks



4/27

4

Computer Networks


Internet NamesIP 32-bit addresses used for specifying the

source and destination in datagrams.Humans prefer pronounceable, easilyremembered names rather than numericaddresses.Two possibilities for a name system:

Flat namespace (does not scale for Internet)Hierarchical namespace withorganizational structure


5/27

5

Computer Networks


Internet Naming HierarchyDecentralizing the naming mechanism

Delegating authority for parts of thenamespace such that it:

supports efficient name mappingguarantees autonomous control of name assignment

Distributing the responsibility for themapping between names and addressesamong all the involved organizations.


6/27

6

Computer Networks


Internet Naming HierarchyFlexible hierarchy

Universal naming schemeEach organization determines internal namingstructure

Each organization obtains authority for parts of the namespace

Names are assigned according to the structureof organization, not necessarily according tothe physical structure of its networks


7/27

7

Computer Networks


Internet Domain Name SystemDomain Name System (DNS)

Provides mainly name to address mapping for hosts

It specifies:The name syntax

Rules for delegating authority over namesIt specifies:

The implementation of a distributed database system

in a hierarchy of many name servers (NS) .A core and necessary Internet service implemented asapplication-layer protocol used by hosts, routers, nameservers to resolve names (name-address translation).Keeping complexity at networks edge.


8/27

8

Computer Networks


Domain Name SystemSet of labels separated by delimiter character (dot)

Example:cse.chalmers.se

Three labels: cse , chalmers and se

se is Top-level domainchalmers.se is domain of the Universitycse.chalmers.se is a subdomain for the CSEdepartment belonging to the UniversityOne computers host name and IP address:

www.cse.chalmers.se 129.16.221.33


9/27

9

Computer Networks


DNS Servers and ClientsDNS client software known as resolver

DNS server known as Name Server (NS)DNS relies on a large set of on-line NS s

Servers are arranged in treeGiven server can handle entire subtree

DNS servers are mainly Root , TLD or domain Authoritative serversRoot server handles all top-level domains


10/27

10

Computer Networks


13 global root name servers worldwide + replicas

( http://www.root-servers.org )

b USC-ISI Marina del Rey, CA

l ICANN Los Angeles, CA

e NASA Mt View, CAf Internet Sys. Consortium,

Palo Alto, CA

i Autonomica/NORDUNet, Stockholm

k RIPE London

m WIDE Tokyo

a Verisign, Dulles, VAc Cogent, Herndon, VA (also LA)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MD

j Verisign,

Global Root Name Servers


11/27

11

Computer Networks


;; QUESTION SECTION:;. IN NS ;; ANSWER SECTION:. 139826 IN NS e.root-servers.net.. 139826 IN NS k.root-servers.net.. 139826 IN NS j.root-servers.net.. 139826 IN NS a.root-servers.net.. 139826 IN NS h.root-servers.net.. 139826 IN NS i.root-servers.net.. 139826 IN NS g.root-servers.net.. 139826 IN NS m.root-servers.net.. 139826 IN NS b.root-servers.net.. 139826 IN NS l.root-servers.net.. 139826 IN NS f.root-servers.net.. 139826 IN NS c.root-servers.net.. 139826 IN NS d.root-servers.net.;; ADDITIONAL SECTION:a.root-servers.net. 337865 IN A 198.41.0.4a.root-servers.net. 3717 IN AAAA 2001:503:ba3e::2:30b.root-servers.net. 350299 IN A 192.228.79.201c.root-servers.net. 350299 IN A 192.33.4.12d.root-servers.net. 350299 IN A 128.8.10.90

d.root-servers.net. 3717 IN AAAA 2001:500:2d::d e.root-servers.net. 350299 IN A 192.203.230.10 f.root-servers.net. 350299 IN A 192.5.5.241 f.root-servers.net. 3717 IN AAAA 2001:500:2f::f g.root-servers.net. 350299 IN A 192.112.36.4h.root-servers.net. 350299 IN A 128.63.2.53h.root-servers.net. 3717 IN AAAA 2001:500:1::803f:235

i.root-servers.net. 350299 IN A 192.36.148.17 i.root-servers.net. 3717 IN AAAA 2001:7fe::53


12/27

12

Computer Networks


TLD and Authoritative ServersTop-Level Domain (TLD) servers:

Each of TLD-servers is responsible for domains;com, org, net, edu, , or each of the country codetop-level domains uk, fr, ca, jp, se, ...

Authoritative DNS servers:organizations DNS servers, mainly providingauthoritative hostname to IP mappings for the

organizations servers (e.g., web, mail) and other hosts.can be maintained by the organization or a service

provider (ISP).


13/27

13

Computer Networks


Top-Level Domains (TLD)Domain Name Assigned To

arpa* (generic) Infrastructure domaincom Commercial organizations ( gTLD )net Major network support centers ( gTLD )org Organizations other than above ( gTLD )aero Air Transport Industry (sTLD)biz Businessedu Educational institutions (4-year)gov Government institutions (U.S.)

mil Military groups (U.S.)int International organizations. .

country code Each country (geographic ccTLD )

* Address and R outing Parameter Area


14/27

14

Computer Networks


;; QUESTION SECTION:

;com. IN NS ;; ANSWER SECTION:com. 3898 IN NS f.gtld-servers.net.com. 3898 IN NS c.gtld-servers.net.com. 3898 IN NS g.gtld-servers.net.com. 3898 IN NS m.gtld-servers.net.com. 3898 IN NS e.gtld-servers.net.

com. 3898 IN NS k.gtld-servers.net.com. 3898 IN NS j.gtld-servers.net.com. 3898 IN NS b.gtld-servers.net.com. 3898 IN NS i.gtld-servers.net.com. 3898 IN NS l.gtld-servers.net.com. 3898 IN NS d.gtld-servers.net.com. 3898 IN NS h.gtld-servers.net.com. 3898 IN NS a.gtld-servers.net.;; ADDITIONAL SECTION:a.gtld-servers.net. 83813 IN A 192.5.6.30a.gtld-servers.net. 26196 IN AAAA 2001:503:a83e::2:30b.gtld-servers.net. 83813 IN A 192.33.14.30b.gtld-servers.net. 26196 IN AAAA 2001:503:231d::2:30c.gtld-servers.net. 26196 IN A 192.26.92.30d.gtld-servers.net. 26196 IN A 192.31.80.30e.gtld-servers.net. 26196 IN A 192.12.94.30

f.gtld-servers.net. 83813 IN A 192.35.51.30g.gtld-servers.net. 26196 IN A 192.42.93.30h.gtld-servers.net. 64222 IN A 192.54.112.30i.gtld-servers.net. 26196 IN A 192.43.172.30

j.gtld-servers.net. 26196 IN A 192.48.79.30k.gtld-servers.net. 83813 IN A 192.52.178.30

l.gtld-servers.net. 37901 IN A 192.41.162.30m.gtld-servers.net. 26196 IN A 192.55.83.30


15/27

15

Computer Networks


Domain Name ResolutionFor non-local lookups, resolver must search

from root of tree downward Every name server knows location (IP address) of a root server

Query root server for the name server of TLD and obtain answer containing also IP address.Query TLD server for the authoritative nameserver of the domain and obtain answer.Query the authoritative name server of the domainto obtain final answer about the mapping.


16/27

16

Computer Networks


Root DNS Servers

com DNS servers org DNS servers edu DNS servers

poly.eduDNS servers

purdue.eduDNS serversyahoo.comDNS servers google.comDNS servers

pbs.orgDNS servers

Independent DNS client wants IP address for www.google.com:

client queries a root-server to find com TLD servers client queries com TLD-server to get google.com DNS servers client queries one authoritative DNS-server ns1.google.com to

get IP address for www.google.com

Top-LevelDomain (TLD)

Servers

Distributed Hierarchical DB


17/27

17

Computer Networks


DNS DatabaseResource Record (name, type)

Type specifies type of object Name is mapped to object

Object may be host, email exchanger,

A given name may map to more than one item inthe domain system. The client specifies the type of

object desired when resolving a name, and the

server returns objects of that type.


18/27

18

Computer Networks


DNS Resource RecordsDNS: distributed database storing resource records (RR)

Type = NS ( Name Server) name is domain name (e.g.

cisco.com) value is hostname of

authoritative name server responsible for this domain

RR format: (name, type, TTL, value)

Type = A (IP Address)name is hostname

value is IP Address

Type = CNAME ( C anonical)name is alias name for some

canonical (the real) namewww.ibm.com is really named aswww.ibm.com.cs186.net

value is canonical name

Type = MX ( M ail eXchanger)name is domain namevalue is name of mail server

associated with domain name


19/27

19

Computer Networks


Efficient ResolutionMost lookups refer to local domain names

Name-to-Address bindings (A-type) do notchange frequentlyUser is likely to repeat same lookupMany local users may query same lookupsTo increase efficiency:

Initial contact begins with local name server (host can learn address of DNS server from DHCP)Local server caches answers (owner specifiescache timeout by including TTL in answer)


20/27

20

Computer Networks


DNS Queries and Answers

requesting hostJu-020-11.studat.chalmers.se

www.google.com

Root NSserver

Local DNS server res1.chalmers.se

Authoritative DNS server ns1.google.com

Top-Level Domain (TLD)NS server ( com )

Host in chalmers.se

wants IP address for www.google.com

A local name server acts as proxy for clients often cache-only server

normally owned by ISPor organization

sends questions to other NSs in hierarchy

1

23

4

5

678


21/27

21

Computer Networks


DNS Queries and Answers

recursive answer:Puts burden of nameresolution on contacted

local name server

iterative answer:Contacted server replieswith name of server tofurther contactOfficial DNS servers

iterative answers

recursive answer

requesting hostJu-020-11.studat.chalmers.se

www.google.com

Root NSserver

Local DNS server res1.chalmers.se

1

23

4

5

6

Authoritative DNS server ns1.google.com

78

Top-Level Domain (TLD)NS server ( com )

Queries

Normal operation is asshown in figure

(queries , iterative + recursive )


22/27

22

DNS Message Format

Computer Networks


DNS protocol: query and reply messages, same message format

Message Header includes

identification:16-bit # for query,reply uses same #

Parameter: 16 bits1 bit: query or response4 bits: Opcode standard

7 bits: flags e.g.answer authoritativerecursion desired recursion available

4 bits: reply code (errors)


23/27

23

Computer Networks


DNS Message Sections

Name, type, classfields for a query

RRs in response

to query

records for authoritative servers

additional helpfulinfo that may be used


24/27

24

Computer Networks


Inserting Records into DNSexample: new startup company Network Engineeringregister name neteng.se at DNS registrar

Need to provide registrar with names and IP addresses of your authoritative name servers (primary and secondary)Registrars can be found, for example at iis.se web siteiis.se lists more than 50 registrars for .se and other domainsCost depends on domain and registrar, typically $20-100

Registrar inserts two RRs into the .se TLD server:(neteng.se, NS , dns1.neteng.se)(dns1.neteng.se, A, 212.212.212.1)

How do people get IP address of the companys Web site?The administrator places in the companys authoritative server:

Type A record for www.neteng.se

and may be also good to have type MX record for neteng.se, and so on .


25/27

25

Computer Networks


More about DNSInverse mappings e.g. PTR records (in lab)

Dynamic DNS updates and notificationsInteraction with DHCP serversConsistency with replicas (backup)

DNS security and load distributionCompressed name format in messagesLookup with name abbreviationIPv6 Resource Records type AAAA


26/27

26

SummaryDomain Name System provides mapping from

pronounceable names to IP addressesDomain names are hierarchical:

Top-Level Domains are controlled by acentral authority

Organizations can choose how to structure

their domain namesDNS uses on-line servers to answer queriesLookup begins with local caching server

Computer Networks



27/27

27

Computer Networks


Questions?

Thank You!

Eda387 Lecture DNS (1)

Documents

Transcript of Eda387 Lecture DNS (1)