The Domain Name System

Transcript The Domain Name System

The Domain Name System
Group 20
James Brown
Simon Gingold
Yue Lai
Jun Ma
Haobin Song
Thomas Stewart
David Weinberg
Presentation Structure
•
•
•
Introduction & History
How a resolver looks up a remote name.
Domain Name space
–
–
–
–
–
–
•
Practical DNS
The Domain Name Space
Root Name Server
uk. The United Kingdom’s TLD
WHOIS – Database Of Registrants
Registering a co.uk.domain
Inside a DNS Server
– Resolving
– Caching
– Updating
•
Two DNS Servers
– BIND
– Microsoft DNS Server
•
•
The DNS Packets
Conclusions
Introduction & History
People remember meaningful names far more easily than collections of
numbers.
• In the beginning…a file named hosts.txt was maintained and distributed.
- The internet moved to TCP/IP and grew
- Hosts.txt became:
· Large
· Slow to download
· Didn’t dictate ‘uniqueness of names’ property
· Quickly obsolete name records.
• DNS created in 1981 to overcome hosts.txt problems
- When a user accesses the internet, the nearest DNS server translates URL’s into IP’s.
-
DNS is a distributed database – reduces server load.
Indexed for fast searching. Search key = domain name.
DNS can force name uniqueness
Domain Names are like: “microsoft.com”
- The zones are separated by ‘.’
- Optionally contain hosts within the domain name.
- Allows same names on different hosts, but different domains
(e.g. woodstock.man.ac.uk and woodstock.umist.ac.uk)
.
uk
ac
man
woodstock
umist
woodstock
How a resolver looks up a
remote name
Suppose a client wants to resolve the name
cicade.cs.princeton.edu
Copied from Larry L. Peterson & Bruce S. Davie (2000)
“Computer Networks – A system approach”, Morgan Kaufmann Publishers, pp 633.
How a resolver looks up a
remote name
• Step 1: the client sends query containing the domain name to the
local name server
• Step 2: the local name server may not have the information about
the domain name, so it sends the query to one of the root server
• Step3: the root server cannot match the entire name, returns best
match – the NS (name resolution) record for princeton.edu and it
also returns all records which is related to this record
• Step 4: the client sends the same query to the name server at
Princeton University’s domain
• Step 5: This name server also cannot match the entire name, so
returns its best match and a NS record: ns1.cs.princeton.edu
• Step 6: the client sends the same query to the name server
authoritative for the CS Zone (ns1.cs.princeton.edu)
• Step 7: the server has a information about cicade.cs.princeton.edu
and returns the answer: IP address = 192.12.69.60
• Step 8: armed with the IP address, the client can establish a TCP
connection with the destination.
Practical DNS
• The domain name space is controlled to enforce a tree
structure to it.
• Tree is both distributable and efficient.
• All domains are children of the . (root) domain.
• Top level domains, TLDs are the direct children
• Two types:
– Generic. eg. com. org. edu.
– Country specific. uk. de. il.
• All other domains must be under a TLD.
• Domains are administered by different organisations.
The Domain Name Space
• Hierarchical, tree
structure makes domain
name space distributable
yet still navigable.
• Shows com., mynet.com.,
rivers.mynet.com.,
seas.mynet.com.,
lakes.mynet.com.,
acme.com.,
rumba.acme.com.,
samba.acme.com., and
tango.acme.com.
• rivers, seas and lakes are
separate zones
• rumba, samba and tango
are part or acme.com.
Copied from http://ou800doc.caldera.com/NET_tcpip/dnsN.how.html
The domain name space diagram
Root name servers
• There are 13 root name servers.
– a.root-servers.net - m.root-servers.net
– Authoritative for the TLDs.
– Queries start to the root servers when no cache is
available.
• Coordinated by IANA (Internet Assigned Numbers
Authority)
• Many of the root servers are in the USA and run by
American organisations.
• K.ROOT-SERVERS.NET. is in London and is jointly run
by LINX and RIPE NCC.
• Creation of TLDs is restricted.
uk. The United Kingdom’s TLD
• uk. is divided into secondlevel domains.
• Nominet UK is the the
registrar and
administrator of the first
seven.
• plc.uk. and ltd.uk. are
restricted
– Only registered companies
can be part of this domain
– Can only register your own
company name
Domain
Intended use
co.uk.
for commercial enterprises (the largest SLD
in the UK)
me.uk.
for personal domains
org.uk.
for non-commercial organisations
plc.uk.
for registered company names only
ltd.uk.
for registered company names only
net.uk.
for Internet Service Providers
sch.uk.
for schools
ac.uk.
for Academic Establishments
gov.uk.
for Government Bodies
nhs.uk.
for NHS Organisations
police.u
k.
for UK Police Forces
mod.uk.
for Ministry of Defence Establishments
WHOIS – Database Of Registrants
•
•
•
•
•
•
WHOIS queries the database of
ownership of the domain.
Gives name and contact details of the
owner of the domain.
Gives name and contact details of the
administrator of the domain.
Lists the name servers that are
authoritative for the domain.
Not part of DNS but is used to help
manage delegation and ownership sub
domains.
Available at www.whois.co.uk
Domain Name:
WEINBERG.CO.UK
Registered For: Leslie Bunder
Domain Registered By:
WEBFUSION
Registered on 18-Sep-1999.
Record last updated on 28Aug-2001 by [email protected].
Domain servers listed in order:
NS.HOSTEUROPE.COM
212.67.202.2
NS2.HOSTEUROPE.COM
(unable to validate IP)
WHOIS database last updated
at 19:12:00 17-Apr-2002
Registering a co.uk. domain
1.
Choose the name you want
- for example: weinberg.co.uk.
2.
Check using the WHOIS service that this domain
name does not already exist.
Inform your registrant of the owners name and address
as well as the administrators name and address.
Inform them of the name servers that they will be
authoritative for.
Pay for the domain. This ensures ownership and helps
Nominet recover its costs.
3.
4.
5.
•
•
•
•
Running name servers
Maintaining the name servers
Update DNS information
Resolve and try to avoid disputes over names
RESOLVING
•
•
When a user (resolver) needs to know an IP Address for a host name, the
query is made in one of two ways, recursively or iteratively.
Both methods check to see if the answer is already known, but if not…
– 1. Recursive Requests
• Look for the name server closest to the answer.
– For example, if the location of lion.umist.ac.uk is unknown, but if the location of
name servers for umist.ac.uk is known, these would be the closest name servers.
If these were unknown the .ac.uk name servers are tried, until the root servers
(“.”) are reached.
• Ask the closest name server for their best answer in a ‘polite,’ iterative fashion
• Continually ask name servers for the best answer they can give.
– Always ask the exact original Domain name in these queries.
– Train station analogy: ask staff “When is the 10:30 train to London?”, rather than
“Where is the person who can tell me about train timetables?”
– In the lion.umist.ac.uk example, always ask exactly that.
– All the work is done by the initial name server.
– This server is given the opportunity to cache the resource records it learns about.
– 2. Iterative Requests
• All work done by the resolver.
– Name servers just respond with their best answer which they know.
• This technique used for security reasons.
• Not favourable for network traffic.
Resolving - recursion
lion.umist.ac.uk
lion.umist.ac.uk
uk
lion.umist.ac.uk
ac
lion.umist.ac.uk
130.88.96.40
Question:
lion.umist.ac.uk
•
umist.ac.uk
Answer:
130.88.96.40
A Recursive Query
– The local name server does most of the work.
Resolving – iteration Vs recursion
The iterative and recursive queries are
shown. R=recursive, I=iterative
Caching
•
•
A critical process in the DNS
– For every query, a cache of the result and every intermediate step, is
maintained.
• For example, to find umist.ac.uk, the address of uk, ac.uk and
umist.ac.uk name servers could be cached.
When a query is received…
– The first step is to check whether this server is authoritative for
the zone being queried.
• If yes, then no caching is performed.
• Otherwise, the local cache is checked.
– If the zone is in the cache, then the answer will be returned immediately
– Otherwise, the ‘closest known’ (authoritative) name servers are
checked and the results cached as the query progresses.
•
But, DNS records are dynamic
– A ‘time to live’ is assigned to the name server.
– After this specified time, the cache information for associated record must be
flushed.
– Typical value is 3 days
Updating
• All name servers know the internet’s root servers at the
start.
• Most updating comes from the ‘experience’ of answering
queries and caching.
• Some manual updating does occur
– Only local Name Servers can have forced updates
– Use the ‘Update’ command and specify the resource records to
change
– In Perl, an update of IP Addresses for a domain’s webserver
(called a A Record) looks like this:
• $update->push("update", rr_add(“umist.ac.uk, 86400, A, 130.88.0.1"));
• When someone accesses “umist.ac.uk,” they are directed to “130.88.0.1”
• The local DHCP servers can also inform the DNS server
of any updates to IP addresses that have been allocated.
Resource Records
• Where the settings for the DNS server are
stored
• Can be divided into classes
– Internet, Chaosnet and Hesiod
• Common types:– TTL, SOA, NS, A, CNAME, PTR, MX, TXT
– Many more
Types of Records
•
•
•
•
•
TTL – The time to live
SOA record – The authority for this zone
NS record – The name server for this zone
A – A name to address mapping
CNAME – Canonical name, used for
aliases
• PTR – Address to name mapping
• MX – Used for email names
• TXT – Used for text entries
BIND
• BIND (Berkeley Internet Name Domain) is
the main DNS server used on the internet
• Cross platform program that was originally
coded for UNIX
– Linux, BSD and Windows
• See Linux DNS HOWTO for more info
Features of Microsoft DNS Server
•
Active Directory Storage and Replication Integration
Windows 2000 DNS has the option of using the Active Directory (AD)
service as the data storage and replication engine. In short, the AD service
integration simplifies the administration of DNS namespace. Ask the closest
name server for their best answer in a ‘polite,’ iterative fashion
•
Incremental Zone Transfer
The Windows 2000 DNS incorporates an algorithm that actively notifies name servers
of changes to a DNS database. The Incremental Zone Transfer also incorporates
something called the NOTIFY extension of DNS.
•
Dynamic Update
Automatic assignment of addressing with dynamic DNS updates.
•
Aging and Scavenging
Windows 200 DNS ‘scavenges’ outdated records and deletes them. Administrators
have the following controls over scavenging: which servers can scavenge zones,
which zones can be scavenged and which records must be scavenged if they
become outdated.
Features of Microsoft DNS Server
continued…
•
Uniced Character Support
The Windows 2000 implementation of DNS is designed to support UTF-8 character
encoding. Specifically, the UTF-8 character set allows the use of characters from
most of the worlds written language.
•
Caching Resolver
A service with the sole purpose of improving name lookup performance and to reduce
network traffic associated with name lookups by minimising the number of name
resolution round trips.
•
Administrative Tools
Windows 2000 DNS incorporated, as a new feature, A DNS Manager. The DNS
manager provides facilities to administer DNS server, its zones, security issues, etc.
•
Performance Statistics
Preliminary testing of the Windows 2000 DNS server shows the following
performance: 900 queries/second, 100 dynamic updates per second and 30%
processor utilization. Tests were done using an Intel P-II 400MHz processor, 256MB
RAM and 4GB HDD.
The DNS Packets
All communications inside of the domain protocol are carried in a single
format called a message. The top level format of message is divided into 5
sections (some of which are empty in certain cases):
Header
The DNS Packets
•
–
–
•
–
–
The header section includes fields that specify:
which of the remaining sections are present
whether the message is a query or a response
The question section contains:
Queries for which answers are desired
The client fills in only the question section
•
–
•
•
•
Each question has:
– Query Domain Name
– Query Type
– Query Class fields
the server returns the question and answers with its response.
The answer section contains:
–
RRs (resource records) that answer the question
The authority section contains:
–
RRs that point toward an authoritative name server
The additional information section contains:
–
RRs which relate to the query, but are not strictly answers for the
question
CONCLUSION
• Should understand:
- DNS history
- Zone hierarchy
- DNS clients (The resolver)
•
•
DNS used to resolve 14 322 950 hostnames (March 2000)
DNS is very reliable and scalable
–
Improvements are proposed
•
Name-service – acts as a ‘layer’ on top of DNS
–
–
•
Allows everyday naming schemes ( e.g. http://james )
Looks up official (corresponding) domain name first, then IP address.
Resource Locator Service (RLS)
–
–
–
–
•
- Name server configuration
- Name server operations
Incorporates ‘timestamping’ into URL’s
Eliminates link ‘rot’
Generates more name space
Runs side by side with DNS
DNS is still ‘de facto’, and likely to remain so for several years.