WWW and Security CS587x Lecture Department of Computer Science Iowa State University.
Internet Address and Domain Name Service (DNS) CS587x Lecture 5 Department of Computer Science Iowa...
-
Upload
byron-gaines -
Category
Documents
-
view
215 -
download
1
Transcript of Internet Address and Domain Name Service (DNS) CS587x Lecture 5 Department of Computer Science Iowa...
Internet Address and Domain Name Service (DNS)
CS587x Lecture 5Department of Computer Science
Iowa State University
What to cover today
Internet Address IPv4 CIDR
Domain Name Service Name Resolution Load Balancing
Internet Addressing
IPv4 Each address is represented by 4 bytes Four numbers, 0-255, separated by dots
Classified IP address Class+Network ID+Host ID
0
byte 0 byte 1 byte 2 byte 3
A
1 0B
1 1 0C
1 1 1 0D
1 1 1 1 0E
Network ID Host ID
Network ID Host ID
Network ID Host ID
Multicast
Reserved
Special IP Addresses
Some special addresses 0.0.0.0 - “this host” 255.255.255.255 - “all hosts” 127.0.0.1 - “localhost”
Reserved addresses Can be used locally (behind Network Address
Translator, for example) 192.168.0.0-192.168.255.255 172.16.0.0-172.31.255.255 10.0.0.0-10.255.255.255
Not routed through the Internet
IP Address Space Exhaustion
Restricting IP addresses to 32 bits imposes a major limitation in the number of hosts on the Internet
IPv6 calls for 128 bits address, but requires significant changes throughout much of the Internet
Some solutions Assign IP to machines dynamically
For an ISP, at any given time, only a small percentage of its customers are connected to the network
Computers not visible to the Internet can share the same block of IP address
Classless Interdomain Routing (CIDR)
CIDR uses flexible block sizes for address allocation CIDR allows the division between the network
and host portions of the IP addresses to occur at any point in the 32-bit number
The size of a block of IP addresses could be any power of 2
A CIDR network is identified by a network address and a mask length that indicates how many bits are devoted to the network part of the address 204.70.2.0/23: the 23-bit network address leaves 9 of
the 32 bits for representing 512 hosts on that network 129.186.0.0/16 (ISU), 192.188.162.0/24 (ISU Research
Park), 63.224.0.0/13 (USWest)
Compatibility with Existing Addresses
The addresses allocated with class can be extended with mask Class A address, a#.b#.c#.d# can be
recognized as a#.b#.c#.d#/8 Class B address, a#.b#.c#.d# can be
recognized as a#.b#.c#.d#/16 Class C address, a#.b#.c#.d# can be
recognized as a#.b#.c#.d#/24
Advantages of CIDR
Flexible allocation of IP address blocks allows more efficient use of 32-bit address space
An organization needing 512 addresses could be assigned with a 23-bit mask, rather than an entire class B network (65536 addresses)
ISPs can now aggregate their networks into larger blocks for the purpose of routing
Suppose an ISP is assigned the 12.0.0.0/8 network. This block of addresses could be divided into smaller blocks and allocated to specific customers of this ISP
E.g., one customer can have 12.45.0.0/16 and another might have 12.194.34.0/23 network
The allocation of address blocks may depend on the size of the customer
Routing with CIDR
Routers normally do not remember each individual IP Given an IP packet, routers determine the
block it belongs to and send the packet to the ISP who are responsible for this block
The ISP needs to know how to reach each of its own separate networks
Advantage: Internet routers need only to know how to reach ISPs Hierarchical addressing Similar to postal office
Domain Name Service
Routers need an address to route while people need a host name to remember Host Names yield information to people IP addresses yield information to routers
Solution: give each IP address a name popeye.cs.iastate.edu 129.186.3.1 www.myown.com 111.222.333.444
Questions: Given an IP, how to find out its hostname? Given a hostname, how to find out its IP?
DNS: History
1970’s ARPANET All host-address mappings were in hosts.txt (in
/etc/hosts) Changes were submitted to SRI-NIC by email New versions of hosts.txt were updated periodically from
SRI Administrators could pick names at their discretion
As the internet grew this system broke down because of
Traffic and load: SRI couldn’t handled the load Reliability: The system was unreliable since there was a
single point of contact Consistency and confliction: Names were not unique and
many hosts had inaccurate copies of hosts.txtInternet growth was threatened
DNS was created in 1983 (RFCs 1034 and 1035), modified, updated, and enhanced by subsequent RFCs
DNS Concepts
Provide a lookup mechanism for object translation (IP address hostname)DNS is implemented as a globally distributed, loosely coherent, scalable, reliable, dynamic databaseDNS consists of three components Namespace Domain Name Servers DNS queries (issued by clients)
gethostbyname() gethostbyaddr()
DNS Namespace
The namespace must be able to scaleSolution: make namespace hierarchical by naming objects based on location (within country, set of
organizations, set of companies, etc) unit within that location (company within
set of company, etc) object within unit (name of person in
company)
Hierarchical Organization of Host names
The first level names are called “Top Level Domains”Depth of tree is arbitrary (limit 128)No restriction on the amount of branchDomains are subtrees
e.g. iastate.edu and cs.iastate.edu
Name collision avoided e.g. iastate.edu and iastate.com
root
edu com gov mil org net fr cn
iastate mit
cs eece
popeye
Hierarchical Administration of Host Names
root
edu com gov mil org net fr cn
mit
cs
popeye
root
edu com gov mil org net
iastate
eece
Each zone corresponds to an administrative authority that is responsible for that portion of the hierarchy
• Zones are “administrative spaces”• Zone administrators are responsible for portion
of a domain’s name space• Authority is delegated from a parent and to a
child
Domain Name Servers
Name servers, who answer “DNS” questions, are organized in hierarchiesEach server has authority over a portion of the hierarchy
A server maintains only a subset of all names
Each server contains all the records for the hosts in its zoneEach server may know other servers who are responsible for the other portions of the hierarchy
Every server knows the root Root server knows about all top-level domains
DNS Protocol
Govern the communication between a DNS client and a DNS server
A DNS client sends a query to a DNS server, which returns a response with the requested information
DNS primarily uses UDP for sending queries and responses, although TCP may also be usedDNS queries can be Recursive : such queries request the receiving
DNS server resolve the entire request itself Iterative : such queries request the receiving DNS
server respond directly to the DNS client with the IP address of the next DNS server in the hierarchy Root server handles only iterative queries
Example of Recursive Query
popeye.cs.iastate.edu wants IP address of www.berkeley.edu
1. Contacts its local DNS server, 129.186.3.1
2. 129.186.3.1 contacts root name server, if necessary
3. Root name server contacts authoritative
name server, ns1.berkeley.edu, if
necessary requesting hostpopeye.cs.iastate.edu
www.berkeley.edu
root name server
authorititive name serverns1.berkeley.edu
local name server129.186.3.1
1
23
4
5
6
Example of Iterated Queries
Contacted server replies with name of server to contact“I don’t know this name, but you can ask this server”
requesting hostpopeye.cs.iastate.edu
www.sales.myown.com
root name server
local name server129.186.3.1
1
2
34
67
authoritative name serverwww.myown.com
intermediate name server(com server)
5
8
iterated queries
DNS query is expensive
Resolving an IP hostname may invoke several messagesSolution: caching previous query results The cached mapping can be used The cached results can be associated
with TTL to reduce the risk of using expired information
DNS-based Web Server Load Balancing
A popular web site can be replicated in different geographical locations in order to provide better service to a diverse set of clients One web site can be associated with
more than one IP addresses For example, all hosts in the acme.com may have
the same IP address The return of an IP address may depend on where a
query is sent from
Load Balancing (1)
DNS can return an IP address based on where queries come from Direct HTTP requests to a collection of
web servers that provide access to the same content
Example: www.akamai.com
From AmesC:\>ping www.akamai.comPinging a1440.g.akamai.net [209.152.119.232] with 32 bytes of data:
Request timed out.Request timed out.Request timed out.Request timed out.
Ping statistics for 209.152.119.232: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
From the NY area 63.240.15.146
From the UK 194.82.174.224
Load Balancing (2)A query to a host name may return several IP address e.g., www.big.com may correspond to four
machines with IP addresses 1.2.3.1, 1.2.3.2, 1.2.3.3, 1.2.3.4
By default, the requesting client uses the first IP address Heavy load on the server 1.2.3.1
DNS can vary the order of the IP addresses for each query The response to the second query could be
1.2.3.2, 1.2.3.3, 1.2.3,4, 1.2.3.1.
DNS Summary
Internet address and CIDRDNS is a crucial part of the internetNamespace is hierarchical Globally distributed and locally managedDNS performance is enhanced by cachingDNS can help balance web server workload