CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim
Domain Name System Many RFCs describing the DNS We’ll look at RFC 1034 “Domain Concepts and Facilities”
DNS Design Goals “Consistent name space for referring to resources” Distributed database, with local caching Data source is responsible for maintaining fresh, accurate information Must be generally useful Associate names to sets of data, such as host addresses, mailbox data, host OS Independent of communications system that carries the queries and responses
Elements of the DNS Domain name space and resource records Specifications for a tree structured name space and data associated with the names. Name servers Server programs which hold information about the domain tree’s structure and associated data Resolvers Client programs that extract information by querying name servers
Domain name space A tree structure Each node corresponds to a resource set Each node has a label up to 63 octets in length (case-insensitive) Domain name of the node is the list of labels on the path from the node to the root of the tree.. (root) edu columbia cs www eecc
Resource records (RR) Resource information for a particular domain name is written as resource records. Elements of an RR are: Owner : domain name where RR is found Type : shows which resource to query Class : IN = Internet TTL : time-to-live in seconds for caches RDATA : the actual data
Resource records (RR) RR Types Ahost address CNAMEcanonical name HINFOOS / CPU info MXmail server info NSauthoritative name server PTR pointer to another node SOAstart of authority
DNS message format Queries and responses are sent using UDP port 53
Zones Domain database is partitioned into zones. Zones are formed by cutting the domain tree and then grouping the nodes that are still connected. A zone is : Authoritative for all nodes within the zone Usually managed by one organization
DNS Hierarchy Root and top-level domains are administered by Internet central name registration authority (ICANN) Below top-level domain, administration of name space is delegated to organizations Each organization can delegate further
Root servers Root zone is at the very top of the domain tree The root servers are statically entered into resolvers and name servers 13 logical root servers in the world Named with letters A ~ M 171 physical root servers
Root Servers Redundancy Redundant hardware that takes over failed one with or without human intervention At least 3 recommended, with one in a remote site [3] Backups of the zone file stored at off-site locations Connectivity to the internet Diversity Geographically located in 130 places in 53 countries Topological diversity matters more Hardware, software, operating system of servers Diverse organizations, personnel, operational processes Distribution of zone files within root server operator 1 Bush et al. Root Name Server Operational Requirements. RFC IETF Elz et al. Selection and Operation of Secondary DNS Servers. RFC IETF 1997.
The use of anycast Basic anycast Announce identical IP address Routing system takes client request to closest node Hierarchical anycast Global vs. local nodes If any node fails, stop announcement Global node takes over automatically 1 Abley, Hierarchical Anycast for Global Service Distribution. ISC Technical Note
Is anycast good for everyone? [1] Not really … Packets for long sessions may go to another node if the routing dynamics change Service time and stability of routing A lot of routing considerations Aggregated prefixes Multiple services from a prefix Consideration of route propagation radius 1 Abley and Lindqvist, Operation of Anycast Services. RFC IETF 2006.
Top Level Domain (TLD) Country code TLD (ccTLD) TLDs with two letters .cn,.in,.kr Each country manages their own TLD Generic TLD (gTLD) TLDs with three or more letters .com,.net,.org,.edu,.gov,.aero Management is delegated to organizations Sponsored gTLD is one where the domain is limited to ‘approved’ organizations. (.aero) .arpa TLD Used to convert IP addresses to domain names
Registry Listings from ICANN Registry Listing.com1985UnsponsoredUnrestricted (but intended for commercial registrants) VeriSign, Inc. Registry Customer Service Registry Customer Service VeriSign Naming Services Ridgetop Circle Dulles, Virginia United States Tel : Fax: grs.com grs.com.edu1985SponsoredUnited States educational institutions EDUCAUSE Becky Granger Becky Granger EDUCAUSE 4772 Walnut Street, Suite 206 Boulder, Colorado United States Tel: Fax: edudomain edudomain TLDIntroduced Sponsored/ Unsponsored Purpose Sponsor/ Operator Contact.net 1985UnsponsoredUnrestricted (but intended for network providers, etc.) VeriSign, Inc. Registry Customer Service Registry Customer Service VeriSign Naming Services Ridgetop Circle Dulles, Virginia United States Tel: Fax: grs.com grs.com
Recursive and Iterative Queries There are two types of queries: Recursive queries Iterative (non-recursive) queries The type of query is determined by a bit in the DNS query Recursive query: When the name server of a host cannot resolve a query, the server issues a query to resolve the query Iterative queries: When the name server of a host cannot resolve a query, it sends a referral to another server to the resolver.
Recursive Queries In a recursive query, the resolver expects the response from the name server If the server cannot supply the answer, it will send the query to the “closest known” authoritative name server (here: In the worst case, the closest known server is the root server) The root sever sends a referral to the “edu” server. Querying this server yields a referral to the server of “virginia.edu” … and so on
Iterative Queries In an iterative query, the name server sends a closest known authoritative name server a referral to the root server. This involves more work for the resolver
Caching To reduce DNS traffic, name servers caches information on domain name/IP address mappings When an entry for a query is in the cache, the server does not contact other servers Note: If an entry is sent from a cache, the reply from the server is marked as “unauthoritative” Authoritative servers can dictate how long the record is cached using the TTL value
Sample zone file Max. age of cached data in seconds * Start of authority (SOA) record. Means: “This name server is authoritative for the zone Mylab.com” * PC4.mylab.com is the name server * is the address of the person in charge Name server (NS) record. One entry for each authoritative name server Address (A) records. One entry for each hostaddress Slave refresh time Slave retry time Slave expiration time Cache time for RR
Main Points of Lab 8 DNS Configuring a server Queries and responses Caching Hierarchy of the domain name system Note: You need to download files from web and bring it to the lab
Homework Prelab 9 due this Friday Please write your own answers! Lab report 8 due next week before labs