1 Lecture #1 DNS: Domain Name System HAIT Summer 2005 Shimrit Tzur-David
2 Motivation Internet hosts, mailboxes, and other resources have a network address (IP). Imagine that in order to visit ‘ynet’ you would need to remember the ‘ynet’ server IP address. For that reason, any internet host, mailbox, and other resource has also a name. In the ‘ynet’ example –ynet.co.il.ynet.co.il IP address (32 bit) - used for addressing datagrams “name” - used by humans.
3 Motivation – Cont. Sending to means that if Yossi's ISP or organization moves the mail server to a different machine with a different IP address, his e- mail address has to change. ASCII names were introduced to decouple machine names from machine addresses. In this way, Yossi's address might be something like The network itself understands only numerical addresses, so some mechanism is required to convert the ASCII strings to network addresses. This is the role of the DNS.
4 History At the first solution, there was simply a file, hosts.txt, that listed all the hosts and their IP addresses. Every night, all the hosts would fetch it from the site at which it was maintained. For a network of a few hundred machines, this approach worked reasonably well. Few years later, thousands of minicomputers and PCs were connected to the net and this solution was no longer applicable for two reasons: –The size of hosts.txt –Host names conflicts
5 DNS Definition Invention of a hierarchical, domain-based naming scheme and a distributed database system for implementing naming scheme. It is primarily used for mapping host names and destinations to IP addresses but can also be used for other purposes.
6 Mapping Name to IP Address An application program calls a library procedure called the resolver, passing it the name as a parameter. An example of a resolver is gethostbyname. The resolver sends a UDP packet to a local DNS server, which then looks up the name and returns the IP address to the resolver, which then returns it to the caller. The program can now establish a TCP/UDP connection with the destination.
7 Analogy In the postal system, name management is done by requiring letters to specify the country, state or province, city, and street address of the addressee. By using this kind of hierarchical addressing, there is no confusion between the Marvin Anderson on Main St. in White Plains, N.Y. and the Marvin Anderson on Main St. in Austin, Texas. DNS works the same way.
8 Main Idea The Internet is divided into over 200 top-level domains. Each domain covers many hosts. Each domain is partitioned into sub-domains, and these are further partitioned, and so on. The domains can be represented by a tree.
9 The Domains Tree The leaves of the tree represent domains that have no sub- domains. A leaf domain may contain a single host, or it may represent a company and contain thousands of hosts.
10 Architecture The top-level domains come in two flavors: –generic –countries The original generic domains were com (commercial), edu (educational institutions), gov (the U.S. Federal Government), int (certain international organizations), mil (the U.S. armed forces), net (network providers), and org (nonprofit organizations). The country domains include one entry for every country.
11 Domains Names Each domain is named by the path upward from it to the root. The components are separated by periods. This hierarchical naming means that eng.sun.com (the engineering department at Sun Microsystems) does not conflict with a potential use of eng in eng.yale.edu., which might be used by the Yale English department. Domain names can be either absolute or relative. In both cases, a named domain refers to a specific node in the tree and all the nodes under it. Domain names are case insensitive.
12 Name Servers Why can’t we have a single name server that contains the entire DNS database and respond to all queries about it? –single point of failure. –traffic volume. –distant centralized database. –maintenance If it ever went down, the entire Internet would be crippled. No server has all name-to-IP address mappings.
13 Name Servers – Cont. The DNS name space is divided into non-overlapping zones. Each zone has a local name server. local name servers: –each ISP has local (default) name server –host DNS query first goes to local name server authoritative name server: –for a host: stores that host’s IP address and name –can perform name/address translation for that host’s name
14 The Client Access to the DNS is through a resolver. On Unix hosts the resolver is accessed primarily through two library functions: –Gethostbyname : takes a hostname and returns an IP address. – Gethostbyaddr: takes an IP address and looks up a hostname. When a resolver has a query about a domain name, it passes the query to one of the local name servers to do the mapping.
15 Serving a Request If the domain being sought falls under the jurisdiction of the name server, such as ai.cs.yale.edu falling under cs.yale.edu, it returns the authoritative resource records. Authoritative record - a record that comes from the authority that manages the record and is thus always correct. If the domain is remote and no information about the requested domain is available locally, the name server sends a query message to the top-level name server for the domain requested (root domain).
16 Root Name Servers Contacted by local name server that can not resolve name. root name server: –Contacts authoritative name server if name mapping not known –Gets mapping –Returns mapping to local name server b USC-ISI Marina del Rey, CA l ICANN Marina del Rey, CA e NASA Mt View, CA f Internet Software C. Palo Alto, CA i NORDUnet Stockholm k RIPE London m WIDE Tokyo a NSI Herndon, VA c PSInet Herndon, VA d U Maryland College Park, MD g DISA Vienna, VA h ARL Aberdeen, MD j NSI (TBD) Herndon, VA 13 root name servers worldwide
17 Recursive Query Each server that does not have the requested information goes and finds it somewhere, then reports back. The path of the response is the same as the path of the request. When a DNS client fails to get a response before its timer goes off, it normally will try another server next time. heavy load? Puts burden of name resolution on contacted name server.
18 Example 1 host s urf.eurecom.fr wants IP address of gaia.cs.umass.edu 1. contacts its local DNS server, dns.eurecom.fr 2. dns.eurecom.fr contacts root name server, if necessary 3. root name server contacts authoritative name server, dns.umass.edu, if necessary authorititive name server dns.umass.edu requesting host surf.eurecom.fr gaia.cs.umass.edu root name server local name server dns.eurecom.fr
19 Example 2 Root name server: may not know authoritative name server may know intermediate name server: who to contact to find authoritative name server requesting host surf.eurecom.fr gaia.cs.umass.edu root name server local name server dns.eurecom.fr authoritative name server dns.cs.umass.edu intermediate name server dns.umass.edu 7 8
20 Iterated Queries When a query cannot be satisfied locally, the query fails, but the name of the next server along the line to try is returned. Contacted server replies with name of server to contact. “I don’t know this name, but ask this server” This is the default use of DNS. Why?
21 Example requesting host surf.eurecom.fr gaia.cs.umass.edu root name server local name server dns.eurecom.fr authoritative name server dns.cs.umass.edu intermediate name server dns.umass.edu 7 8 iterated query
22 DNS Services Name and IP addresses mapping Host aliasing - relay1.west-coast.enterprise.com (canonical) enterprise.com mail server aliasing - load distribution - directing traffic to different sites
23 Caching and Updating Records Once (any) name server learns mapping, it caches the mapping in case it will be needed later. This information is not authoritative (changes are not propagated to all the caches). Cache entries should not live too long. At each entry in the cache the is a Time_to_live field that tells remote name servers how long to cache records.
24 Resource Records Every domain can have a set of resource records associated with it. For a single host, the most common resource record is just its IP address, but many other kinds of resource records also exist. When a resolver gives a domain name to DNS, it gets back the resource records associated with that name. The primary function of DNS is to map domain names onto resource records.
25 Resource Records Format A resource record is a five-tuple: Domain_name Time_to_live Type Class Value Domain_name - the domain to which this record applies. Time_to_live - gives an indication of how stable the record is. Class – Always IN (for Internet) Value – the value of the record.
26 Resource Records Type Type – the type of the record.
27 Resource Records Type – Cont. Soa - the primary source of information. A – name is hostname, value is IP address. MX - value is name of mail-server associated with name NS - name is domain (e.g. foo.com), value is IP address of authoritative name server for this domain. CNAME - name is alias name for some “canonical” (the real) name, is really servereast.backup2.ibm.com, value is the canonical name. HINFO - what kind of machine and operating system a domain corresponds to. TXT - allow domains to identify themselves in arbitrary ways.
28 Resource Records - Example where the domain is located (2 lines) Basic information places to try to deliver Sun workstation running UNIX IP addresses places to try to deliver
29 Protocol & Messages DNS protocol : query and reply messages, both with same message format. msg header identification: 16 bit # reply to query uses same # as the query id. flags: –query or reply –recursion desired –recursion available –reply is authoritative
30 Protocol & Messages - Cont Name, Type & Class fields for a query RRs in reponse to query records for authoritative servers additional “helpful” info that may be used. For example, A RRs referred by new NS should be presented here.
31 DNS query example A query for the IP-address of pc2.cs.ucdavis.edu: Name Type: A = 1 Class: IN = 1
32 LDAP DNS is extremely important to the correct functioning of the Internet. DNS does not help locate people, resources, services, or objects in general. LDAP (Lightweight Directory Access Protocol) - locating these things. It organizes information as a tree and allows searches on different components. It can be regarded as a ''white pages'' telephone book.
33 LDAP-Aware A client programs that can ask LDAP servers to look up entries in a wide variety of ways. LDAP servers index all the data in their entries, and "filters" may be used to select just the person or group the client want For example, here's an LDAP search translated into plain English: "Search for all people located in Chicago whose name contains "Fred" that have an address. Please return their full name, , title, and description."
34 LDAP Permissions "Permissions" are set by the administrator to allow only certain people to access the LDAP database. There is an option to keep certain data private. LDAP servers also provide "authentication" service, so that web, , and file-sharing servers can use a single list of authorized users and passwords.