CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.08.2009 Annoucements Visit to TelioSonera’s NY POP (mandatory) April 29th (Wednesday) 1~3 May 1st(Friday)
Download
Report
Transcript CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.08.2009 Annoucements Visit to TelioSonera’s NY POP (mandatory) April 29th (Wednesday) 1~3 May 1st(Friday)
CSEE W4140
Networking Laboratory
Lecture 10: DNS
Jong Yul Kim
04.08.2009
Annoucements
Visit to TelioSonera’s NY POP (mandatory)
April 29th (Wednesday) 1~3
May 1st(Friday) 10~12
Around 20 students per trip
Please send me an email on which date you’d
prefer. If one of the dates is impossible for you,
let me know in the email.
Quiz next class on topics in lab 6, 7, and 8
LAN switching (including STP), NAT, DHCP, DNS
Domain Name System
Many RFCs describing the DNS
We’ll look at RFC 1034
“Domain Concepts and Facilities”
DNS Design Goals
“Consistent name space for referring to resources”
Distributed database, with local caching
Data source is responsible for maintaining fresh,
accurate information
Must be generally useful
Associate names to sets of data, such as
host addresses, mailbox data, host OS
Independent of communications system that carries
the queries and responses
Elements of the DNS
Domain name space and resource records
Specifications for a tree structured name space
and data associated with the names.
Name servers
Server programs which hold information about
the domain tree’s structure and associated data
Resolvers
Client programs that extract information by
querying name servers
Domain name space
A tree structure
. (root)
Each node corresponds
to a resource set
edu
Each node has a label up
to 63 octets in length
(case-insensitive)
columbia
Domain name of the
node is the list of labels
on the path from the
node to the root of the
tree.
ee
cs
www
cc
Resource records (RR)
Resource information for a particular
domain name is written as resource records.
Elements of an RR are:
Owner : domain name where RR is found
Type : shows which resource to query
Class : IN = Internet
TTL : time-to-live in seconds for caches
RDATA : the actual data
Resource records (RR)
RR Types
A
CNAME
HINFO
MX
NS
PTR
SOA
host address
canonical name
OS / CPU info
mail server info
authoritative name server
pointer to another node
start of authority
DNS message format
Queries and responses are sent using UDP port 53
Zones
Domain database is
partitioned into zones.
. (root)
Zone
Zones are formed by
cutting the domain
tree and then grouping
the nodes that are still
connected.
.edu
.uci.edu
math.virginia.edu
.virginia.edu
cs.virginia.edu
A zone is :
Authoritative for all
nodes within the zone
Usually managed by
one organization
Zone
and
domain
Domain
DNS Hierarchy
Root and top-level
domains are
administered by
Internet central
name registration
authority (ICANN)
Below top-level
domain,
administration of
name space is
delegated to
organizations
Each organization
can delegate
further
. (root)
org
gov
edu
uci.edu
com
toronto.edu
math.toronto.edu
ece.toronto.edu
neon.ece.toronto.edu
Top-level
Domains
Root servers
Root zone is at the very top of the domain
tree
The root servers are statically entered into
resolvers and name servers
13 logical root servers in the world
Named with letters A ~ M
171 physical root servers
http://www.root-servers.org/
Top Level Domain (TLD)
Country code TLD (ccTLD)
TLDs with two letters
.cn, .in, .kr
Each country manages their own TLD
Generic TLD (gTLD)
TLDs with three or more letters
.com, .net, .org, .edu, .gov, .aero
Management is delegated to organizations
Sponsored gTLD is one where the domain is limited
to ‘approved’ organizations. (.aero)
.arpa TLD
Used to convert IP addresses to domain names
Registry Listings from ICANN
TLD
Introduced
Sponsored/
Unsponsored
.com
1985
Unsponsored
Unrestricted (but
intended for
commercial
registrants)
VeriSign, Inc.
Registry Customer
Service
VeriSign Naming
Services
21345 Ridgetop Circle
Dulles, Virginia 20166
United States
Tel : +1 703 925-6999
Fax: +1 703 421-5828
http://www.verisigngrs.com
.net
1985
Unsponsored
Unrestricted (but
intended for
network
providers, etc.)
VeriSign, Inc.
Registry Customer
Service
VeriSign Naming Services
21345 Ridgetop Circle
Dulles, Virginia 20166
United States
Tel: +1 703 925-6999
Fax: +1 703 421-5828
http://www.verisigngrs.com
.edu
1985
Sponsored
United States
educational
institutions
EDUCAUSE
Becky Granger
EDUCAUSE
4772 Walnut Street, Suite
206
Boulder, Colorado 80301
United States
Tel: +1-303-939-0334
Fax: +1-303-440-0461
http://www.educause.edu/
edudomain
Purpose
Sponsor/
Operator
Contact
Recursive and Iterative Queries
There are two types of queries:
Recursive queries
Iterative (non-recursive) queries
The type of query is determined by a bit in the DNS
query
Recursive query: When the name server of a host
cannot resolve a query, the server issues a query to
resolve the query
Iterative queries: When the name server of a host
cannot resolve a query, it sends a referral to another
server to the resolver.
Recursive Queries
Referral to edu name server
If the server cannot supply
the answer, it will send the
query to the “closest known”
authoritative name server
(here: In the worst case, the
closest known server is the
root server)
The root sever sends a
referral to the “edu” server.
Querying this server yields a
referral to the server of
“virginia.edu”
… and so on
2nd query: neon.cs.virginia.edu
Referral to virginia.edu name
server
Name
server
query
In a recursive query, the
resolver expects the response
from the name server
response
root server
1st query: neon.cs.virginia.edu
edu server
rd
3 query:
neon.cs.virginia.edu
Referral to
cs.virginia.edu
name server
virginia.edu
server
4th query:
neon.cs.virginia.edu
Resolver
IP address of
neon.cs.virginia.edu
cs.virginia.edu
server
Iterative Queries
This involves more
work for the
resolver
Name
server
st
1
query
referral to root server
In an iterative
query, the name
server sends a
closest known
authoritative name
server a referral to
the root server.
root server
Resolver
qu
y:
er
ne
. cs
n
o
l
rra
to
rg
.vi
u
ed
in
n
ed
ia .
am
e
u
s
.ed
a
i
in
ve
er
r
u
edu server
g
r
i
e
.v
m
.cs
na
n
u
o
ne
ed
ia .
ry:
n
i
e
u
g
u
nd q
.ed
vir rver
a
i
n
o
i
2
t se
g
.vir
ral
s
r
c
e
.
f
n
Re
neo
virginia.edu
:
y
r
du
e
.
rd q u e
ia
3
rgin server server
i
v
.
cs
e
am
l to
n
a
r
r
e
Ref
4th query:
neon.cs.virginia.edu
fe
Re
IP address of
neon.cs.virginia.edu
cs.virginia.edu
server
Caching
To reduce DNS traffic, name servers caches
information on domain name/IP address mappings
When an entry for a query is in the cache, the server
does not contact other servers
Note: If an entry is sent from a cache, the reply from
the server is marked as “unauthoritative”
Authoritative servers can dictate how long the record
is cached using the TTL value
Sample zone file
db.mylab.com
$TTL 86400
mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. (
1 ; serial
Slave refresh time
28800 ; refresh
Slave retry time
7200 ; retry
Slave expiration time
604800 ; expire
86400 ; ttl
Cache time for RR
)
;
mylab.com. IN
;
localhost
PC4.mylab.com.
PC3.mylab.com.
PC2.mylab.com.
PC1.mylab.com.
NS
PC4.mylab.com.
A
A
A
A
A
127.0.0.1
10.0.1.41
10.0.1.31
10.0.1.21
10.0.1.11
Max. age of cached data
in seconds
* Start of authority (SOA) record.
Means: “This name server is
authoritative for the zone
Mylab.com”
* PC4.mylab.com is the
name server
* [email protected] is the
email address of the person
in charge
Name server (NS) record.
One entry for each authoritative
name server
Address (A) records.
One entry for each hostaddress
Homework
Prelab 8 due this Friday
Please write your own answers!
Lab report 7 due next week before
labs
Main Points of Lab 8
DNS
Configuring a server
Queries and responses
Caching
Hierarchy of the domain name system
Note: You need to download files
from web and bring it to the lab
http://www.tcpip-lab.net/links/conf/lab8