CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.08.2009 Annoucements  Visit to TelioSonera’s NY POP (mandatory)  April 29th (Wednesday) 1~3  May 1st(Friday)

Download Report

Transcript CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim 04.08.2009 Annoucements  Visit to TelioSonera’s NY POP (mandatory)  April 29th (Wednesday) 1~3  May 1st(Friday) 

CSEE W4140
Networking Laboratory
Lecture 10: DNS
Jong Yul Kim
04.08.2009
Annoucements
 Visit to TelioSonera’s NY POP (mandatory)
 April 29th (Wednesday) 1~3
 May 1st(Friday) 10~12
 Around 20 students per trip
 Please send me an email on which date you’d
prefer. If one of the dates is impossible for you,
let me know in the email.
 Quiz next class on topics in lab 6, 7, and 8
 LAN switching (including STP), NAT, DHCP, DNS
Domain Name System
 Many RFCs describing the DNS
 We’ll look at RFC 1034
“Domain Concepts and Facilities”
DNS Design Goals
 “Consistent name space for referring to resources”
 Distributed database, with local caching
 Data source is responsible for maintaining fresh,
accurate information
 Must be generally useful
 Associate names to sets of data, such as
host addresses, mailbox data, host OS
 Independent of communications system that carries
the queries and responses
Elements of the DNS
 Domain name space and resource records
 Specifications for a tree structured name space
and data associated with the names.
 Name servers
 Server programs which hold information about
the domain tree’s structure and associated data
 Resolvers
 Client programs that extract information by
querying name servers
Domain name space
 A tree structure

. (root)
Each node corresponds
to a resource set
edu
 Each node has a label up
to 63 octets in length
(case-insensitive)
columbia
 Domain name of the
node is the list of labels
on the path from the
node to the root of the
tree.
ee
cs
www
cc
Resource records (RR)
 Resource information for a particular
domain name is written as resource records.
 Elements of an RR are:





Owner : domain name where RR is found
Type : shows which resource to query
Class : IN = Internet
TTL : time-to-live in seconds for caches
RDATA : the actual data
Resource records (RR)
 RR Types





A
CNAME
HINFO
MX
NS
 PTR
 SOA
host address
canonical name
OS / CPU info
mail server info
authoritative name server
pointer to another node
start of authority
DNS message format
Queries and responses are sent using UDP port 53
Zones
 Domain database is
partitioned into zones.
. (root)
Zone
 Zones are formed by
cutting the domain
tree and then grouping
the nodes that are still
connected.
.edu
.uci.edu
math.virginia.edu
.virginia.edu
cs.virginia.edu
 A zone is :
 Authoritative for all
nodes within the zone
 Usually managed by
one organization
Zone
and
domain
Domain
DNS Hierarchy
 Root and top-level
domains are
administered by
Internet central
name registration
authority (ICANN)
 Below top-level
domain,
administration of
name space is
delegated to
organizations
 Each organization
can delegate
further
. (root)
org
gov
edu
uci.edu
com
toronto.edu
math.toronto.edu
ece.toronto.edu
neon.ece.toronto.edu
Top-level
Domains
Root servers
 Root zone is at the very top of the domain
tree
 The root servers are statically entered into
resolvers and name servers
 13 logical root servers in the world
 Named with letters A ~ M
 171 physical root servers
 http://www.root-servers.org/
Top Level Domain (TLD)
 Country code TLD (ccTLD)
 TLDs with two letters
 .cn, .in, .kr
 Each country manages their own TLD
 Generic TLD (gTLD)
 TLDs with three or more letters
 .com, .net, .org, .edu, .gov, .aero
 Management is delegated to organizations
 Sponsored gTLD is one where the domain is limited
to ‘approved’ organizations. (.aero)
 .arpa TLD
 Used to convert IP addresses to domain names
Registry Listings from ICANN
TLD
Introduced
Sponsored/
Unsponsored
.com
1985
Unsponsored
Unrestricted (but
intended for
commercial
registrants)
VeriSign, Inc.
Registry Customer
Service
VeriSign Naming
Services
21345 Ridgetop Circle
Dulles, Virginia 20166
United States
Tel : +1 703 925-6999
Fax: +1 703 421-5828
http://www.verisigngrs.com
.net
1985
Unsponsored
Unrestricted (but
intended for
network
providers, etc.)
VeriSign, Inc.
Registry Customer
Service
VeriSign Naming Services
21345 Ridgetop Circle
Dulles, Virginia 20166
United States
Tel: +1 703 925-6999
Fax: +1 703 421-5828
http://www.verisigngrs.com
.edu
1985
Sponsored
United States
educational
institutions
EDUCAUSE
Becky Granger
EDUCAUSE
4772 Walnut Street, Suite
206
Boulder, Colorado 80301
United States
Tel: +1-303-939-0334
Fax: +1-303-440-0461
http://www.educause.edu/
edudomain
Purpose
Sponsor/
Operator
Contact
Recursive and Iterative Queries
 There are two types of queries:
 Recursive queries
 Iterative (non-recursive) queries
 The type of query is determined by a bit in the DNS
query
 Recursive query: When the name server of a host
cannot resolve a query, the server issues a query to
resolve the query
 Iterative queries: When the name server of a host
cannot resolve a query, it sends a referral to another
server to the resolver.
Recursive Queries


Referral to edu name server
If the server cannot supply
the answer, it will send the
query to the “closest known”
authoritative name server
(here: In the worst case, the
closest known server is the
root server)
The root sever sends a
referral to the “edu” server.
Querying this server yields a
referral to the server of
“virginia.edu”
… and so on
2nd query: neon.cs.virginia.edu
Referral to virginia.edu name
server
Name
server
query

In a recursive query, the
resolver expects the response
from the name server
response

root server
1st query: neon.cs.virginia.edu
edu server
rd
3 query:
neon.cs.virginia.edu
Referral to
cs.virginia.edu
name server
virginia.edu
server
4th query:
neon.cs.virginia.edu
Resolver
IP address of
neon.cs.virginia.edu
cs.virginia.edu
server
Iterative Queries
 This involves more
work for the
resolver
Name
server
st
1
query
referral to root server
 In an iterative
query, the name
server sends a
closest known
authoritative name
server a referral to
the root server.
root server
Resolver
qu
y:
er
ne
. cs
n
o
l
rra
to
rg
.vi
u
ed
in
n
ed
ia .
am
e
u
s
.ed
a
i
in
ve
er
r
u
edu server
g
r
i
e
.v
m
.cs
na
n
u
o
ne
ed
ia .
ry:
n
i
e
u
g
u
nd q
.ed
vir rver
a
i
n
o
i
2
t se
g
.vir
ral
s
r
c
e
.
f
n
Re
neo
virginia.edu
:
y
r
du
e
.
rd q u e
ia
3
rgin server server
i
v
.
cs
e
am
l to
n
a
r
r
e
Ref
4th query:
neon.cs.virginia.edu
fe
Re
IP address of
neon.cs.virginia.edu
cs.virginia.edu
server
Caching
 To reduce DNS traffic, name servers caches
information on domain name/IP address mappings
 When an entry for a query is in the cache, the server
does not contact other servers
 Note: If an entry is sent from a cache, the reply from
the server is marked as “unauthoritative”
 Authoritative servers can dictate how long the record
is cached using the TTL value
Sample zone file
db.mylab.com
$TTL 86400
mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. (
1 ; serial
Slave refresh time
28800 ; refresh
Slave retry time
7200 ; retry
Slave expiration time
604800 ; expire
86400 ; ttl
Cache time for RR
)
;
mylab.com. IN
;
localhost
PC4.mylab.com.
PC3.mylab.com.
PC2.mylab.com.
PC1.mylab.com.
NS
PC4.mylab.com.
A
A
A
A
A
127.0.0.1
10.0.1.41
10.0.1.31
10.0.1.21
10.0.1.11
Max. age of cached data
in seconds
* Start of authority (SOA) record.
Means: “This name server is
authoritative for the zone
Mylab.com”
* PC4.mylab.com is the
name server
* [email protected] is the
email address of the person
in charge
Name server (NS) record.
One entry for each authoritative
name server
Address (A) records.
One entry for each hostaddress
Homework
 Prelab 8 due this Friday
 Please write your own answers!
 Lab report 7 due next week before
labs
Main Points of Lab 8
 DNS




Configuring a server
Queries and responses
Caching
Hierarchy of the domain name system
 Note: You need to download files
from web and bring it to the lab
http://www.tcpip-lab.net/links/conf/lab8