Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems."— Presentation transcript:

1 1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems

2 2 Domain Name System Motivation Directory services are essential in any network system, provide a name-to-address mapping service –Name of resource: what we seek –Address: where it is –Route: how to get there –Delayed binding: look-up address when you need it History: –Hosts.txt: Explicit file containing the mappings suitable for the early days of the ArpaNet (up to several hundred nodes) –Names: unstructured strings up to 30 characters –Maintained by the Network Information Center (NIC), but difficult to keep up-to-date as the Internet grew –Xerox Clearinghouse predates DNS

3 3 Domain Name System History Early 1980s: RFC 1034, 1123: –Consistent and variable depth hierarchy for names –Distributed maintenance, controlled by the database itself –Connectionless service using UDP (though TCP also supported) –Cached entries, cache aging, cache removal –Spartan features for database update and data structuring –Organized as an overlay “database” on top of the Internet Post 1995 Commercialization –IANA: Internet Assigned Number Authority »http://www.iana.org/domain-names.htmhttp://www.iana.org/domain-names.htm –Multiple Name Top Level Name Registries: e.g., VeriSign authoritative directory provider for.com,.cc,.net,.tv (10 billion interactions per day!) –65 million registered domains in late 2004

4 4 Domain Name System Structure 13 Roots –48 hour TTL –DOS attack October 2002: Pinging roots Top-level domains –CC: US, CA, CH, … –G: COM, EDU, NET, MIL, GOV, ORG, … Domain Name Tree –Name is ordered list, from node to root –Sahara.cs.Berkeley.edu DNS Abstract Database –Resource Records (RRs) associated with names »Type: Network Address (A), Name Server (NS), MX (Mail Exchange), … »Class: Internet (IN) »TTL: data validity, 32-bits, seconds –Delegated NS authority »NS RR + “Glue” A RR to defer name resolution for a subzone to another NS »Glue chasing resolution process if no glue record is found. Edu Berkeley CS Sahara.cs.Berkeley.edu Top-level domain Zone Root Subzone Single point of failure! Actually 13 roots (A – M) but one root file! London, Japan, Sweden, 10 US 7 HW platforms, 8 OSs, 5 vendors g, ccTLD

5 5 Domain Name System Query & Response Query –Query (Name, Type, Class) –Specific, Partial, Any Match Response –Set of resource records (0 or more) –Order may be important –Errors »Name does not exist »Temporary error: “try again later” caused by network disconnection or other temporary condition »Essential to rate limit the “try again”

6 6 Domain Name System Client-Server Resolvers (clients) contact Name Servers (servers) to translate names –Local Configuration Information »Identify location of other name servers »No requirement that local information is correct –Full Resolvers »Root name servers, local name servers, ability to recover from errors »Manage caches Small TTLs if volatile, large TTLs if stable Failures cached as well –Stub Resolvers »Sufficient functionality only to talk to nearby recursive NS

7 7 Domain Name System Name Servers Name Server: Internet host capable of processing DNS requests, e.g., BIND Primary vs. Secondary NSs –Zone transfer: complete copy of primary’s RR DB to secondary Query Response –Name server can return referral to better NS –Recursive: follow down naming tree, caching entries on the way –Authoritative Answer: came from NS’s actual DB, not from its cache

8 8 Domain Name System RFC 1123 DNS Health Considerations –Resolver must implement rexmit controls to avoid b/w waste; impose finite bounds on resources consumed in response to any request –After a query has been rexmit several times w/o response, give up and return error to application –DNS name servers and resolvers should cache temp failures with a timeout O(minutes)—prevents apps from immediately retrying, thus generating excessive DNS traffic –Cache negative responses indicating that specified name does not exist –UDP-based retry attempts constrained by exponential back-off algorithms with upper/lower bounds –Source Quench for resolver/server issuing query: take steps to reduce querying rate, e.g., by sending next query to alternative server

9 9 Domain Name System Health Survey Domain Health Survey (Feb 2003): http://www.menandmice.com/6000/61_recent_survey.html http://www.menandmice.com/6000/61_recent_survey.html –68.4% of.COM Zones Misconfigured –27.4% of.com zones have all name servers on the same subnet; 6.7% of.com zones have only one authoritative name server –DNS administrators most commonly make delegation configuration errors in their zone setup, resulting in lame delegations: 18.4% had lame delegations –16.4% had non-responding authoritative name servers resulting in web site lookup failures –43.3% of zones block zone transfer from all name servers; has no effect on the security of the zone data itself, provides "security by obscurity".

10 10 Domain Name System DNS Spoofing “Malicious cache poisoning” –Send recursive query to target for zone owned by attacker –Target references attacker’s server, which responds with an authoritative record for a third party’s domain name –Target caches a bogus record –Recent investigations indicate that 25-30% of DNS servers on the Internet are spoofable Solution: TSIGs— transaction signatures

11 11 netcomukcajp foo buzbar bar1bar2bar3 Zone: Occupies a continues subspace Served by the same nameservers bar.foo.com. NS ns1.bar.foo.com. bar.foo.com. NS ns3.bar.foo.com. bar.foo.com. NS ns2.bar.foo.com. bar.foo.com. MX mail.bar.foo.com. www.bar.foo.com. A 10.10.10.10 bar name servers resource records DNS Operation

12 12 caching server client bar zone foo zone com zone root zone asking for www.bar.foo.com answer: www.bar.foo.com A 10.10.10.10 referral: com NS RRs com A RRs referral: foo NS RRs foo A RRs referral: bar NS RRs bar A RRs

13 13 Infrastructure RRs foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. foo.com com ns1.foo.com. A 1.1.1.1 ns2.foo.com. A 2.2.2.2 ns3.foo.com. A 3.3.3.3 ns1.foo.com. A 1.1.1.1 ns2.foo.com. A 2.2.2.2 ns3.foo.com. A 3.3.3.3 NS Resource Record : –Provides the names of a zone’s authoritative servers –Stored both at the parent and at the child zone A Resource Record –Associated with a NS resource record –Stored at the parent zone (glue A record)

Download ppt "1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems."

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.

1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.

DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.

Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005.

Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.

Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
Application Layer12-1 2010 session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.

Application Layer session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT 745 Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.

1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Chapter 25 Domain Name System

Chapter 25 Domain Name System

Similar presentations

Ads by Google