EE 122: Lecture 20(Domain Name Server - DNS)Ion StoicaNov 15, 2001(* based on the some on-line slides of J. Kurose & K. Rose and of Raj Jain)

Names & AddressesWhat is a name?What is an address?What is an identifier?What is the difference between name, addresses, and identifiers?

Internet Centric ViewAddresse: Says how to reach an object it has location semantics associated to itIts in a format easy to process by computers Name: Does not have any location semantics associated to itIts in a format easier to understand/read/remember by peopleExamples:IP address: 128.32.27.22Name: amber.berkeley.edu

General ViewDifferentiating between names and addresses introduces several consistency problems:What is a multicast IP address?What is the IP address of a mobile host?What is cnri.reston.va.us?Solution: interpret an address as just another name (that may happen to have location semantics)

Name ServiceName space: define the set of possible namesHierarchical (e.g., Unix and Windows file names)Flat Bindings: the mapping between names and values (e.g., bindings can be implemented by using tables)Resolution: procedure that, when invoked with a name, returns the corresponding valueName server: specific implementation of a resolution mechanism that is available on the network and that can be queried by sending messages

General ViewIn general there are multiple mappingsHost name: amber.berkeley.edu IP address: 128.32.27.22 Ethernet MAC address: 12.34.56.78.90.12 DNS resolutionARP (Address Resolution Protocol)

MappingMultiple names can map onto the same name at the underlying levelExample: www.berkeley.edu and amber.berkeley.edu can map to the same machine (I.e., the same IP address)One name can map onto multiple names at the underlying levelExample: www.yahoo.com can be mapped to multiple machines

Name Hierarchyrooteducomgovmilorgnetukfrberkeleycmueecssimsdivine

Name HierarchyUnique domain suffix is assigned by the Internet AuthorityThe domain administrators have complete control over the domainNo limit on the number of subdomains or number of levelsName space is not related with the physical interconnection Geographical hierarchy is allowed (e.g., cnri.reston.va.us)A name could be a domain or an individual objects

Top Level Domains

Domain Name AssignmentcomCommercialeduEducational govGovernment milMilitary netNetwork OrgOther organizationsArpaAdvances research project agencycountry codeau, uk, ca

DNS Name ServersWhy not centralize DNS? Single point of failureTraffic volumeDistant centralized databaseMaintenanceDoesnt scale!

Server Hierarchy: ZonesA zone corresponds to an administrative authority that is responsible for that portion of the hierarchyrooteducomgovmilorgnetukfrberkeleycmueecssimsdivine

Server HierarchyServer are organized in hierarchiesEach server has authority over a portion of the hierarchyA single node in the name hierarchy cannot be splitA server maintains only a subset of all namesIt needs to know other servers that are responsible for the other portions of the hierarchy

Server HierarchyAuthority: each server has the name to address translation table for all names in the name space it controlsEvery server knows the rootRoot server knows about all top-level domains

DNS Name ServersNo server has all name-to-IP address mappingsLocal name servers:Each ISP (company) has local (default) name serverHost DNS query first go to local name serverAuthoritative name servers:For a host: stores that hosts IP address, nameCan perform name/address translation for that hosts name

DNS: Root Name ServersContacted by local name server that can not resolve nameRoot name server:Contacts authoritative name server if name mapping not knownGets mappingReturns mapping to local name server~ Dozen root name servers worldwide

Simple DNS ExampleHost whsitler.cs.cmu.edu wants IP address of www.berkeley.edu1. Contacts its local DNS server, mango.srv.cs.cmu.edu2. mango.srv.cs.cmu.edu contacts root name server, if necessary3. Root name server contacts authoritative name server, ns1.berkeley.edu, if necessary

requesting hostwhistler.cs.cmu.eduwww.berkeley.eduroot name serverauthorititive name serverns1.berkeley.edu123456

DNS ExampleRoot name server:May not know authoritative name serverMay know intermediate name server: who to contact to find authoritative name server?requesting hostwhistler.cs.cmu.eduwww.berkeley.eduroot name server123456authoritative name serverns1.berkeley.edu78

DNS: Iterated QueriesRecursive query:Puts burden of name resolution on contacted name serverHeavy load?Iterated query:Contacted server replies with name of server to contactI dont know this name, but ask this serverrequesting hostwhistler.cs.cmu.eduwww.berkeley.eduroot name server123467authoritative name serverns1.berkeley.edu58iterated query

DNS RecordsDNS: distributed database storing resource records (RR)Type=NSname is domain (e.g. foo.com)value is IP address of authoritative name server for this domain

Type=Aname is hostnamevalue is IP address

Type=CNAMEname is an alias name for some cannonical (the real) namevalue is cannonical name

Type=MXvalue is hostname of mailserver associated with name

DNS protocol, messagesDNS protocol : query and reply messages, both with same message formatmsg headeridentification: 16 bit # for query, reply to query uses same #flags:query or replyrecursion desired recursion availablereply is authoritative

DNS protocol, messagesName, type fields for a queryRRs in reponseto queryRecords forauthoritative serversAdditional helpfulinfo that may be used

DiscussionRobustnessUse multiple replicas, butwhat if someone mounts a denial of service attack to all root servers?Performance:Use caching to speed-up subsequent queries to the same nameWhat about update/notify?Mechanisms under design by IETF (RFC 2136; http://www.ietf.org/html.charters/dnsind-charter.html)

SummaryAddress: just another form of name that may have location semanticsDNS: maps names onto IP addressName space and the administration are both hierarchicalReplication: used to increase robustnessCaching: used to increase the performance