COMS/CSEE 4140 Networking Laboratory Lecture 09 Salman Abdul Baset Spring 2008 Announcements Prelab 8 and Lab report 7 due next week before your lab slot Weekly.
Download
Report
Transcript COMS/CSEE 4140 Networking Laboratory Lecture 09 Salman Abdul Baset Spring 2008 Announcements Prelab 8 and Lab report 7 due next week before your lab slot Weekly.
COMS/CSEE 4140
Networking Laboratory
Lecture 09
Salman Abdul Baset
Spring 2008
Announcements
Prelab 8 and Lab report 7 due next week before
your lab slot
Weekly project reports due before Friday 5pm
2
Agenda
DNS history
DNS concepts
Recursive and iterative queries
Caching
Resource records
mDNS
King tool
3
DNS History
hosts.txt file
Paul Mockapetris
(<1983) Download a single file (hosts.txt) from a central server
with FTP
Names in hosts.txt are not structured.
The hosts.txt file still works on most operating systems. It can be
used to define local names.
DNS RFC 882, 883 – updated by RFC 1032, 1033
DNS implementation
Written by four Berkeley students (client/server)
Renamed BIND in 1985 (Berkeley Internet Name Daemon)
4
Domain Names and IP addresses
People prefer to use easy-to-remember names instead of
IP addresses
Domain names are alphanumeric names for IP addresses
e.g., neon.ece.utoronto.ca, www.google.com, ietf.org
The domain name system (DNS) is an Internet-wide
distributed database that translates between domain
names and IP addresses
How important is DNS?
Imagine what happens when the local DNS server is
down.
5
Design Principles of DNS
Name space (domain namespace)
Distributed (Delegation)
Be maintained in a distributed manner
Size of DNS database and frequency of updates
Per organization – can additional layers of hierarchy
Names for hosts, email servers, and others
Name space and protocols
Hierarchical and logical tree
Notion of address in various protocols
Names of hosts can be assigned without regard of location on a
link layer network, IP network or autonomous system
In practice, allocation of the domain names generally
follows the allocation of IP address, e.g.,
All hosts with network prefix 128.143/16 have domain name
suffix virginia.edu
6
DNS Usage Assumptions
Size of the total database
Proportional to number of hosts in the Internet
~110 million gTLDs (as of April 7, 2008)
Slow (days) and fast (min/sec) changing data
Access is critical than update guarantees!
Each organization is responsible for providing
redundant DNS servers for its hosts.
7
Elements of DNS
Domain Name Space
Name Servers
Specification for tree structured name space
Resource Records (RR)
Hold information about part of domain’s tree
structure called Zone
Resolvers
Programs that extract information from name servers
in response to client requests
8
Resolver and Name Server
1.
HTTP
IP address (128.143.71.21)
Resolver
Hostname
(neon.tcpip-lab.edu)
3.
Hostname (neon.tcpip-lab.edu)
IP address (128.143.71.21)
2.
An application program
on a host accesses the
domain system through a
DNS client, called the
resolver
Resolver contacts DNS
server, called name
server
DNS server returns IP
address to resolver which
passes the IP address to
application
Name
server
9
DNS Name Hierarchy
DNS hierarchy can be
represented by a tree
Root and top-level
domains are
administered by an
Internet central name
registration authority
(ICANN)
Below top-level
domain, administration
of name space is
delegated to
organizations
Each organization can
delegate further
. (root)
org
gov
edu
Top-level
Domains
com
Siblings should have
different names
uci.edu
toronto.edu
Managed
by UofT
math.toronto.edu
ece.toronto.edu
Managed by
ECE Dept.
neon.ece.toronto.edu
10
Domain Name System
.
Each node in the DNS
tree represents a DNS
name
Each branch below a
node is a DNS domain.
DNS domain can contain
hosts or other domains
(subdomains)
edu
virginia.edu
www.virginia.edu
cs.virginia.edu
Example:
DNS domains are
., edu, virginia.edu,
cs.virginia.edu
neon.cs.virginia.edu
11
Domain Names
Hosts and DNS domains are named based on their position in
the domain tree
Every node in the DNS domain tree can be identified by a
unique Fully Qualified Domain Name (FQDN). The FQDN
gives the position in the DNS tree.
Note the dot
cs.virginia.edu
or
cs.virginia.edu.
A FQDN consists of labels (“cs”,“virginia”,”edu”) separated by
a period (“.”)
There can be a period (“.”) at the end.
Each label can be up to 63 characters long
FQDN contains characters, numerals, and dash character (“-”)
12
FQDNs are not case-sensitive
Top-level domains (TLDs)
IANA classifies TLD into three types
gTLD (generic): 3-character code indicates the function of the
organization
ccTLD (country code): 2-character country or region code
Examples: us, va, jp, de
iTLD (infrastructure): A special domain (in-addr.arpa) used for IP
address-to-name mapping
Pseudo domains
Used primarily within the US
.com, .net etc.– .mil and .gov reserved for use by US
.local for the Zeroconf protocol
Reserved TLD
.example, .invalid, .localhost, .test
13
Top-level domains (TLDs)
http://www.iana.org/domains/root/db/
iTLD
gTLD
.aero, .asia, .biz, .cat, .com, .coop, .edu, .gov, .info, .int, .jobs,
.mil, .mobi, .museum, .name, .net, .org, .pro, .tel, .travel
ccTLD
.arpa, .root
>200 countries
Non-conventional usage
del.icio.us, inter.net
14
TLD Distribution
80,000,000
70,000,000
60,000,000
50,000,000
40,000,000
30,000,000
20,000,000
10,000,000
0
.com
.net
.org
.info
.biz
.us
Total 110 million records
Source: http://icannwiki.org/Domain_Statistics
15
Hierarchy of Name Servers
The resolution of the
hierarchical name space
is done by a hierarchy of
name servers
Each server is responsible
(authoritative) for a
contiguous portion of the
DNS namespace, called a
zone.
Zone is a part of the
subtree
root server
org server
uci.edu
server
edu server
gov server
com server
.virginia.edu
server
cs.virginia.edu
server
16
Authority and Delegation
Authority for the root domain is with the
Internet Corporation for Assigned Numbers and
Names (ICANN)
ICANN delegates to accredited registrars (for
gTLDs) and countries for country code top level
domains (ccTLDs)
Authority can be delegated further
Chain of delegation can be obtained by reading
domain name from right to left.
Unit of delegation is a “zone”.
17
DNS Domain and Zones
Domain .edu conceptually
contains all data for
columbia.edu,
www.columbia.edu,
cs.columbia.edu,
yale.edu, etc.
Zone for .edu contains
nameserver reference for
yale.edu and
columbia.edu and all data
for harvard.edu
.
edu
yale.edu
.edu zone
columbia.edu
www.columbia.edu
harvard.edu
cs.columbia.edu
.edu domain
18
DNS Domain and Zones
Each zone is anchored at a
specific domain node, but zones
are not domains.
. (root)
Zone
.edu
A DNS domain is a branch of
the namespace
A zone is a portion of the DNS
namespace generally stored in a
file (It could consists of multiple
nodes)
A server can divide part of its
zone and delegate it to other
servers
.uci.edu
math.virginia.edu
Zone
and
domain
.virginia.edu
cs.virginia.edu
Domain
19
Primary & Secondary Name Servers
For each zone, there must be a primary name server
and a secondary name server
The primary server (master server) maintains a zone file which
has information about the zone. Updates are made to the
primary server
The secondary server copies data stored at the primary server.
Adding a host:
When a new host is added (“gold.cs.virginia.edu”) to a
zone, the administrator adds the IP information on the
host (IP address and name) to a configuration file on
the primary server
20
Root Name Servers
The root name
servers know how
to find the
authoritative name
servers for all toplevel zones.
There are only 13
root name servers
Root servers are
critical for the
proper functioning
of name resolution
A.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.
198.41.0.4
192.228.79.201
192.33.4.12
128.8.10.90
192.203.230.10
192.5.5.241
192.112.36.4
128.63.2.53
192.36.148.17
192.58.128.30
193.0.14.129
197.7.83.42
202.12.27.33
21
Agenda
DNS history
DNS concepts
Recursive and iterative queries
Caching
Resource records
mDNS
King tool
22
Domain Name Resolution
1.
2.
b)
4.
If yes, it responds.
Otherwise, it will query other
name servers, starting at the
root tree
When the name server has the
answer it sends it to the
resolver.
HTTP
IP address (128.143.71.21)
Resolver
Hostname
(neon.tcpip-lab.edu)
a)
Hostname (neon.tcpip-lab.edu)
IP address (128.143.71.21)
3.
User program issues a request
for the IP address of a
hostname
Local resolver formulates a
DNS query to the name server
of the host
Name server checks if it is
authorized to answer the
query.
Name
server
23
Recursive and Iterative Queries
There are two types of queries:
Recursive queries
Iterative (non-recursive) queries
The type of query is determined by a bit in the DNS
query
Recursive query: When the name server of a host cannot
resolve a query, the server issues a query to resolve the
query
Iterative queries: When the name server of a host cannot
resolve a query, it sends a referral to another server to
the resolver.
24
Recursive Queries
root server
1st query: neon.cs.virginia.edu
In a recursive query, the
resolver expects the response
from the name server
Referral to edu name server
2nd query: neon.cs.virginia.edu
The root sever sends a referral
to the “edu” server. Querying
this server yields a referral to
the server of “virginia.edu”
… and so on
Referral to virginia.edu name
server
Name
server
query
If the server cannot supply the
answer, it will send the query
to the “closest known”
authoritative name server
(here: In the worst case, the
closest known server is the
root server)
response
edu server
3rd query:
neon.cs.virginia.edu
Referral to
cs.virginia.edu
name server
virginia.edu
server
4th query:
neon.cs.virginia.edu
Resolver
IP address of
neon.cs.virginia.edu
cs.virginia.edu
25
server
Iterative Queries
root server
This involves more work
for the resolver
Name
server
st
1
query
In an iterative query, the
name server sends a
closest known
authoritative name server
a referral to the root
server.
referral to root server
Resolver
qu
y:
er
ne
. cs
n
o
l
rra
to
rg
.vi
u
ed
in
n
ed
ia .
am
e
u
s
.ed
a
i
in
ve
er
r
u
edu server
g
r
i
e
.v
m
.cs
na
n
u
o
ne
ed
ia .
ry:
n
i
e
u
g
u
nd q
.ed
vir rver
a
i
n
o
i
2
t se
g
.vir
ral
s
r
c
e
.
f
n
Re
neo
virginia.edu
:
y
r
du
e
.
rd q u e
ia
3
rgin server server
i
v
.
cs
e
am
l to
n
a
r
r
e
Ref
4th query:
neon.cs.virginia.edu
fe
Re
IP address of
neon.cs.virginia.edu
cs.virginia.edu
26
server
Recursive vs. Iterative Queries
Recursive
[Con] resource intensive – DNS server maintains state
[Pro] Cache namespace – helpful for other queries
Iterative
[Pro] DNS server never maintains state
[Con] Caching is local to a machine – others cannot
benefit from it
27
Caching
To reduce DNS traffic, name servers caches
information on domain name/IP address
mappings
When an entry for a query is in the cache, the
server does not contact other servers
Note: If an entry is sent from a cache, the reply
from the server is marked as “unauthoritative”
28
Resource Records
The database records of the
distributed data base are called
resource records (RR)
Resource records are stored in
configuration files (zone files)
at name servers.
db.mylab.com
$TTL 86400
mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. (
1 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
;
mylab.com. IN
;
localhost
PC4.mylab.com.
PC3.mylab.com.
PC2.mylab.com.
PC1.mylab.com.
NS
PC4.mylab.com.
A
A
A
A
A
127.0.0.1
10.0.1.41
10.0.1.31
10.0.1.21
10.0.1.11
29
Resource Record Types
(Name, Value, Type, TTL)
Type=A, name=hostname, value=IPv4 address
Type=AAAA, name=hostname, value=IPv6 address
Type=NS, name=domain value=hostname of authoritative DNS
server
Type=CNAME, name=hostname, value=canonical host name
nslookup –query=ns google.com
(columbia.edu, ns1.columbia.edu, CNAME)
Type=MX, name=mail server hostname, value=canonical name of
mail server
Type=PTR, name=address (IP), value=hostname
Type=SRV, name=service name, value=canonical hostname
30
Resource Records
db.mylab.com
$TTL 86400
mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. (
1 ; serial
Slave refresh time
28800 ; refresh
Slave retry time
7200 ; retry
Slave expiration time
604800 ; expire
86400 ; ttl
Cache time for RR
)
;
mylab.com. IN
;
localhost
PC4.mylab.com.
PC3.mylab.com.
PC2.mylab.com.
PC1.mylab.com.
NS
PC4.mylab.com.
A
A
A
A
A
127.0.0.1
10.0.1.41
10.0.1.31
10.0.1.21
10.0.1.11
Max. age of cached data
in seconds
* Start of authority (SOA) record.
Means: “This name server is
authoritative for the zone
Mylab.com”
* PC4.mylab.com is the
name server
* [email protected] is the
email address of the person
in charge
Name server (NS) record.
One entry for each authoritative
name server
Address (A) records.
31
One entry for each hostaddress
DNS Summary
Domain name space
Domain and zone
Zone and resource record
32
DNS Example
nslookup google.com
33
DNS Example
34
DNS Example
35
DNS Example
Query 1
>nslookup google.com ns.google.com
Server: ns1.google.com
Address: 216.239.32.10
Name:
google.com
Addresses: 64.233.167.99, 72.14.207.99, 64.233.187.99
Query 2
>nslookup google.com
Server: disco.cs.columbia.edu
Address: 128.59.16.7
Non-authoritative answer:
Name:
google.com
Addresses: 64.233.187.99, 64.233.167.99, 72.14.207.99
36
Agenda
DNS history
DNS concepts
Recursive and iterative queries
Caching
Resource records
mDNS
King tool
37
mDNS
Multicast DNS (mDNS)
name-to-address translation on a local network
Multicast address: 224.0.0.251
Self-assigned local name
It only has significance on the local network.
.local. Subdomain
Name conflict resolution
Default name: <host name>.local, SALMAN_PDA.local
SALMAN_PDA.local
MDNS:
Standard query ANY
response
SALMAN_PDA.local
A 169.254.18.87
PTR SALMAN_PDA.local
38
King Tool
How to estimate latency between two arbitrary
hosts accurately?
C
A
B
C can measure latency between A and B
39
Source: King tool slides by Krishna Gummadi
King: A Latency Measurement Tool
Estimate latency between arbitrary end hosts
Requires no additional infrastructure
leverages existing DNS infrastructure enabling a large fraction of
Internet hosts to be measured
Provides highly accurate latency estimates
Fast and light-weight
requires only a few DNS queries per estimate
We hope that King will be used in many unanticipated ways like
in the case of Ping and Traceroute
40
How King Works: The Basic Idea
Host A
Actual Latency Between End Hosts
Host B
Latency Estimated By King
Name Server
near Host A
Name Server
near Host B
Challenge 1: How to find name servers that are close to end
hosts
Challenge 2: How to estimate latency between two name
servers
41
Challenge 2: How do we estimate the latency
between name servers?
Name Server A
Name Server B
foo.bar
3. Reply Q: IP addr of xyz.foo.bar
2. Request Q (Forwarded)
Our Client C
(King)
42
Success of Recursive DNS
For King to work, name servers must support
recursive queries
in a large random sample, > 75% of name servers
supported recursion
translates to > 90% success rate given a pair
as we can measure from A->B, or B->A
43
Example
Estimating latency between MIT and google.com
salman@irtcluster05:~$ time nslookup mit.edu bitsy.mit.edu
Server:
bitsy.mit.edu
Address:
18.72.0.3#53
Name:
mit.edu
Address: 18.7.22.69
real
0m0.013s
user
0m0.000s
sys
0m0.008s
salman@irtcluster05:~$
salman@irtcluster05:~$ time nslookup x.google.com bitsy.mit.edu
Server:
bitsy.mit.edu
Address:
18.72.0.3#53
** server can't find x.google.com.columbia.edu: NXDOMAIN
real
user
sys
0m0.061s
0m0.000s
0m0.008s
44