Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Domain Name Systems In Practice 1. DOMAIN NAME PARTS 2.

Published byEstella Paul Modified over 8 years ago

Similar presentations

Presentation on theme: "DNS Domain Name Systems In Practice 1. DOMAIN NAME PARTS 2."— Presentation transcript:

1 DNS Domain Name Systems In Practice 1

2 DOMAIN NAME PARTS 2

3 3 Parts of a domain name Domain name consists of two or more parts (labels), separated by periods Example: wikipedia.org wikipedia.org has the top-level domain org Rightmost label conveys the top-level domain A.K.A. TLD en.wikipedia.org has the top-level domain org Each label to the left specifies a subdivision or subdomain of the domain above it Note: "subdomain" expresses relative dependence, not absolute dependence: wikipedia.org comprises a subdomain of the org domain en.wikipedia.org comprises a subdomain of the domain wikipedia.org Note: The root “.” is always there. At times it may be implied, others it must be explicitly listed e.g. wikipedia.org.

4 4 Parts of a domain name Domain name usually consists of two or more parts (labels), separated by dots In theory: Subdivisions can go 127 levels deep Each label can contain up to 63 characters Overall Limit: Entire domain name cannot exceed a total length of 253 characters Length of 255, including separators and length of name In practice: Some domain registries have shorter limits Typically restricted by host OS

5 5 Parts of a domain name Hostname may refer to a domain name that has one or more associated IP addresses For example, the en.wikipedia.org and wikipedia.org domains are both hostnames, but the org domain is not Domain Name System consists of a hierarchical set of DNS servers Each domain or subdomain has one or more authoritative DNS servers Publish information about that domain and the name servers of any domains "beneath" it Hierarchy of authoritative DNS servers matches the hierarchy of domains At the top of the hierarchy stand the root name servers: Servers to query when looking up (resolving) a top-level domain name (TLD)

6 6 Parts of a domain name Iterative and recursive queries: Iterative query: the DNS server may provide a partial answer to the query (or give an error) DNS servers must support non-recursive queries Recursive query: the DNS server will fully answer the query (or give an error) DNS servers are not required to support recursive queries Resolvers negotiate use of recursive service using bits in the query headers Or can be another DNS acting recursively on behalf of another resolver

7 ADDRESS RESOLUTION MECHANISM 7

8 8 Address resolution mechanism A full host name may have several name segments e.g. ahost.ofasubnet.ofabiggernet.inadomain.example In practice full host names typically consist of three segments ahost.inadomain.example www.inadomain.example Software interprets the name segment by segment, right to left Uses an iterative search procedure Each step along the way Program queries a corresponding DNS server Provides a pointer to the next server which it should consult (This description deliberately uses the fictional.example TLD in accordance with the DNS guidelines themselves.)

9 9 Address resolution mechanism Example: DNS recursor consults three name servers to resolve the address www.wikipedia.org www.wikipedia.org

10 10 Address resolution mechanism As originally envisaged, the process was as simple as: Local system is pre-configured with the known addresses of the root servers in a file of root hints root servers root hints Needs to be updated periodically by the local administrator from a reliable source to be kept up to date with the changes which occur over time Query one of the root servers to find the server authoritative for the next level down Query this second server for the address of a DNS server with detailed knowledge of the second-level domain Repeat the previous step to progress down the name, until the final step which would return the final address sought

11 11 Address resolution mechanism Search done in this simple form has a major problem: Huge operating burden on the root servers Each and every search for an address would be started by querying one of them Root name servers are critical to the overall function of the system Such a heavy use would create an insurmountable bottleneck for trillions of queries placed every day In practice preemptive measures are taken

12 12 Circular dependencies and glue records Name servers in delegations appear listed by name, rather than by IP address Means a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred Could introduce a circular dependency if the name server referred to is under the domain that it is authoritative of It is occasionally necessary for the name server providing the delegation to also provide the IP address of the next name server This record is called a glue record

13 13 Circular dependencies and glue records For example: Sub-domain en.wikipedia.org contains more sub-domains e.g. w3.en.wikipedia.org The authoritative name server for these are at ns1.en.wikipedia.org To resolve w3.en.wikipedia.org a computer will have to resolve ns1.en.wikipedia.org Since the host ns1 is also under the en.wikipedia.org subdomain Resolving ns1.en.wikipedia.org requires resolving ns1.en.wikipedia.org Which leads to the circular dependency mentioned above Dependency is broken by the glue record in the name server of wikipedia.org Provides the IP address of ns1.en.wikipedia.org directly to the requestor Enabling it to bootstrap the process by figuring out where ns1.en.wikipedia.org is locatedbootstrap

14 HOW DNS WORKS In Practice 14

15 15 How DNS Works In Practice When an application tries to find the IP address of a domain name: Doesn't necessarily follow all of the steps outlined in the Theory section Uses caching

16 16 How DNS works In practice: Caching and time to live Huge volume of requests generated by the DNS system Need a mechanism to reduce the load on individual DNS servers DNS resolution process allows for caching for a given period of time after a successful answer Caching: the local recording and subsequent consultation of the results of a DNS query How long a resolver caches a DNS response is determined by a value called the time to live (TTL) TTL is set by the administrator of the DNS server handing out the response The period of validity may vary from just seconds to days or even weeks or years

17 17 How DNS works In practice: Caching time As a consequence of the distributed and caching architecture, changes to DNS do not always take effect immediately and globally Example: An administrator has set a TTL of 6 hours for the host www.wikipedia.org (valid at 12:00) Then changes the IP address to which www.wikipedia.org resolves at 12:01pm Administrator must consider that a person who cached a response with the old IP address at 12:00pm will not consult the DNS server again until 6:00pm. The period between 12:01pm and 6:00pm in this example is called caching time The period of time that begins when you make a change to a DNS record and ends after the maximum amount of time specified by the TTL expires This essentially leads to an important logistical consideration when making changes to DNS: not everyone is necessarily seeing the same thing you're seeing. RFC 1537 helps to convey basic rules for how to set the TTL

18 18 How DNS works In practice: Caching time Note that the term "propagation” does not describe the effects of caching well Specifically, it implies that 1. When a DNS change is made, it somehow spreads to all other DNS servers Instead, other DNS servers check in with dns as needed 2. There is no control over the amount of time the record is cached There is control over the TTL values for all DNS records in your domain Except NS records and any authoritative DNS servers that use that domain name

19 19 How DNS works In practice: Caching time Some resolvers may override TTL values Protocol supports caching over vast periods up to 68 years no caching at all (0 seconds) Negative caching (the non-existence of records) is determined by name servers authoritative for a zone which MUST include the SOA record (Start Of Authority) when reporting no data of the requested type exists. The MINIMUM field of the SOA record and the TTL of the SOA itself is used to establish the TTL for the negative answer

20 20 How DNS works In practice: In the Real World DNS resolving from program to OS-resolver to ISP-resolver to greater system. Users generally do not communicate directly with a DNS resolver DNS-resolution takes place transparently in client- applications Web-browsers Mail-clients Other Internet applications When an application makes a request which necessitates a DNS lookup Such programs send a resolution request to the local DNS resolver in the local operating system Which in turn handles the communications required

21 21 Security issues DNS was not originally designed with security in mind Has a number of security issues DNS responses are traditionally not cryptographically signed, leading to many attack possibilities; DNSSEC modifies DNS to add support for cryptographically signed responses There are various extensions to support securing zone transfer information as well

22 22 Security issues Even with encryption it still doesn't prevent the possibility that a DNS server could become infected with a virus (or for that matter a disgruntled employee) that would cause IP addresses of that server to be redirected to a malicious address with a long TTL Could have far reaching impact to potentially millions of internet users if busy DNS servers cache the bad IP data Would require manual purging of all affected DNS caches as required by the long TTL (up to 68 years)

23 23 Security issues Some domain names can spoof other, similar-looking domain names For example, "paypal.com" and "paypa1.com" are different names Users may be unable to tell the difference when the user's typeface (font) does not clearly differentiate the letter l and the number 1.l1 Problem is much more serious in systems that support internationalized domain names Many characters that are different, from the point of view of ISO 10646, appear identical on typical computer screens

24 Resume 2/11 24

25 25 Legal users of domains Registrant Most of the NICs in the world receive an annual fee from a legal user in order for the legal user to utilize the domain name i.e. a sort of a leasing agreement exists, subject to the registry's terms and conditions Depending on the various naming convention of the registries, legal users become commonly known as "registrants" or as "domain holders" ICANN holds a complete list of domain registries in the world One can find the legal user of a domain name by looking in the WHOIS database held by most domain registries For most of the more than 140+ country code top-level domains (ccTLDs), the domain registries hold the authoritative WHOIS (Registrant, name servers, expiry dates, etc.). For instance, DENIC, Germany NIC, holds the authoritative WHOIS to a.DE domain name

26 26 Legal users of domains Registrant (cont.) However, some domain registries, such as for.COM,.ORG,.INFO, etc., use a registry-registrar model There are hundreds of Domain Name Registrars that actually perform the domain name registration with the end user (see lists at ICANN or VeriSign) By using this method of distribution, the registry only has to manage the relationship with the registrar, and the registrar maintains the relationship with the end users, or 'registrants' For.COM,.NET domain names, the domain registries, VeriSign holds a basic WHOIS (registrar and name servers, etc.) One can find the detailed WHOIS (registrant, name servers, expiry dates, etc.) at the registrars Since about 2001, most gTLD registries (generic:.ORG,.BIZ,.INFO) have adopted a so-called "thick" registry approach, i.e. keeping the authoritative WHOIS with the various registries instead of the registrars

27 27 Legal users of domains Administrative contact A registrant usually designates an administrative contact to manage the domain name The administrative contact usually has the most immediate power over a domain Management functions delegated to the administrative contacts may include: the obligation to conform to the requirements of the domain registry in order to retain the right to use a domain name authorization to update the physical address, e-mail address and telephone number etc. in WHOIS Technical contact A technical contact manages the name servers of a domain name The many functions of a technical contact include: making sure the configurations of the domain name conforms to the requirements of the domain registry updating the domain zone providing the 24×7 functionality of the name servers allows accessibility of the domain name Billing contact The party whom a NIC invoices Name servers Namely the authoritative name servers that host the domain name zone of a domain name

28 28 Politics Many investigators have voiced criticism of the methods currently used to control ownership of domains Critics commonly claim abuse by monopolies or near-monopolies Such as VeriSign, Inc Particularly noteworthy was the VeriSign Site Finder system which redirected all unregistered.com and.net domains to a VeriSign webpage Despite widespread criticism, VeriSign only reluctantly removed it after the Internet Corporation for Assigned Names and Numbers (ICANN) threatened to revoke its contract to administer the root name servers There is also significant disquiet regarding the United States' political influence over ICANN Was a significant issue in the attempt to create a.xxx top-level domain Sparked greater interest in alternative DNS roots that would be beyond the control of any single country

29 29 Politics Truth in Domain Names Act Main article: Anticybersquatting Consumer Protection Act In the United States, the "Truth in Domain Names Act" in combination with the PROTECT Act, forbids the use of a misleading domain name with the intention of attracting people into viewing a visual depiction of sexually explicit conduct on the Internet

30 Resolvers 1. Serve DNS names 2. Always returns an IP address 3. Request an IP address 4. Are recursive 30

31 31 Other Internet Resources See also Dynamic DNS Alternative DNS root Comparison of DNS server software

Download ppt "DNS Domain Name Systems In Practice 1. DOMAIN NAME PARTS 2."

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
SENG2220 Web Development II Mohammed A. Saleh 29 th October 2009 1.

SENG2220 Web Development II Mohammed A. Saleh 29 th October
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.

The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.
COS 420 DAY 23. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due.

COS 420 DAY 23. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Chapter 25 Domain Name System.

McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 25 Domain Name System.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Domain Name System: DNS

Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
DOMAIN NAME SYSTEM. Introduction  There are several applications that follow client server paradigm.  The client/server programs can be divided into.

DOMAIN NAME SYSTEM. Introduction  There are several applications that follow client server paradigm.  The client/server programs can be divided into.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS Domain Name Service References: Wikipedia 1.

DNS Domain Name Service References: Wikipedia 1.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.

Similar presentations

Ads by Google