DNS (DOMAIN NAME SYSTEM

 Domain Name System was designed in 1984.

 DNS is used for name-to-address mapping.

 The DNS provides the protocol which allows clients and servers to communicate with

each other.
 Eg: Host name like [Link] is translated into numerical IP addresses

like [Link]
 Domain Name System (DNS) is a distributed database used by TCP/IP applications to

map between hostnames and IP addresses and to provide electronic mail routing
information.
 Each site maintains its own database of information and runs a server

program that other systems across the Internet can query.

WORKING OF DNS

The following six steps shows the working of a DNS. It maps the host name to an IP
address:
1. The user passes the host name to the file transfer client.

2. The file transfer client passes the host name to the DNS client.

3. Each computer, after being booted, knows the address of one DNS server.

The DNS client sends a message to a DNS server with a query that gives the
file transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.

5. The DNS server passes the IP address to the file transfer client.
 6. The file transfer client now uses the received IP address to access the

file transfer server.

NAME SPACE
 To be unambiguous, the names assigned to machines must be carefully

selected from a name space with complete control over the binding between
the names and IP address.

 The names must be unique because the addresses are unique.

 A name space that maps each address to a unique name can be organized

in two ways: flat (or) hierarchical.

FLAT NAME SPACE

 In a flat name space, a name is assigned to an address.

 A name in this space is a sequence of characters without structure.

 The main disadvantage of a flat name space is that it cannot be used in a

large system such as Internet because it must be centrally controlled to

avoid ambiguity and duplication.

HIERARCHIAL NAME SPACE

 In a hierarchical name space, each name is made of several parts.

 The first part can define the organization, the second part can define the

name, the third part can define departments, and so on.

 In this case, the authority to assign and control the name spaces can

be decentralized.
 A central authority can assign the part of the name that defines the nature of the

organization and the name.

 The responsibility for the rest of the name can be given to the

organization itself. Suffixes can be added to the name to define host or

resources.
 The management of the organization need not worry that the prefix chosen for

a host is taken by another organization because even if part of an address is the

 same, the whole address is different.
 The names are unique without the need to be assigned by a central authority.

 The central authority controls only part of the name, not the whole name.

DOMAIN NAME SPACE

 To have a hierarchical name space, a domain name space was designed. In this

design, the names are defined in an inverted-tree structure with the root at the
top.
 Each node in the tree has a label, which is a string with a maximum of 63

characters.
 The root label is a null string.

 DNS requires that children of a node have different labels, which

guarantees the uniqueness of the domain names.

 Each node in the tree has a label, which is a string with a maximum of 63

characters.
 The root label is a null string (empty string). DNS requires that children of a

node (nodes that branch from the same node) have different labels, which
guarantees the uniqueness of the domain names.
DOMAIN NAME
 Each node in the tree has a label called as domain name.

 A full domain name is a sequence of labels separated by dots (.)

 The domain names are always read from the node up to the root.

 The last label is the label of the root (null).

 This means that a full domain name always ends in a null label, which
 means the last character is a dot because the null string is nothing.
 If a label is terminated by a null string, it is called a fully qualified

domain name (FQDN).

 If a label is not terminated by a null string, it is called a partially

qualified domain name (PQDN).

DOMAIN
 A domain is a subtree of the domain name space.

 The name of the domain is the domain name of the node at the top of the sub-

tree.
 A domain may itself be divided into domains.

DISTRIBUTION OF NAME SPACE

 The information contained in the domain name space must be stored.

 But it is very inefficient and also not reliable to have just one computer
 store such a huge amount of information.
 It is inefficient because responding to requests from all over the world, places

a heavy load on the system.

 It is not reliable because any failure makes the data inaccessible.

 The solution to these problems is to distribute the information among many

computers called DNS servers.

HIERARCHY OF NAME SERVERS

 The way to distribute information among DNS servers is to divide the

whole space into many domains based on the first level.

 Let the root stand-alone and create as many domains as there are first level

nodes.
 Because a domain created this way could be very large,

 DNS allows domains to be divided further into smaller domains.

 Thus we have a hierarchy of servers in the same way that we have a

hierarchy of names.

ZONE
 What a server is responsible for, or has authority over, is called a zone.

 The server makes a database called a zone file and keeps all the information for

every node under that domain.

 If a server accepts responsibility for a domain and does not divide the

domains into smaller domains, the domain and zone refer to the same thing.
 But if a server divides its domain into sub domains and delegates parts of

its authority to other servers, domain and zone refer to different things.
 The information about the nodes in the sub domains is stored in the servers
 at the lower levels, with the original server keeping some sort of references
to these lower level servers.
 But still, the original server does not free itself from responsibility totally.

 It still has a zone, but the detailed information is kept by the lower

level servers.

ROOT SERVER
 A root sever is a server whose zone consists of the whole tree.

 A root server usually does not store any information about domains but

delegates its authority to other servers, keeping references to those

servers.
 Currently there are more than 13 root servers, each covering the whole

domain name space.

 The servers are distributed all around the world.

PRIMARY AND SECONDARY SERVERS

 DNS defines two types of servers: primary and secondary.

 A Primary Server is a server that stores a file about the zone for which it is an

authority.
 Primary Servers are responsible for creating, maintaining, and

updating the zone file.

 Primary Server stores the zone file on a local disc.

 A secondary server is a server that transfers the complete information about a

zone from another server (Primary or Secondary) and stores the file on its local
disc.
 If updating is required, it must be done by the primary server, which sends the
updated version to the secondary.
  A primary server loads all information from the disk file; the secondary
server loads all information from the primary server.

DNS IN THE INTERNET

 DNS is a protocol that can be used in different platforms.

 In the Internet, the domain name space (tree) is divided into three

different sections - Generic domains, Country domains, and Inverse

domain.

GENERIC DOMAINS
 The generic domains define registered hosts according to their

generic behavior.
 Each node in the tree defines a domain, which is an index to the domain

name space database.

 The first level in the generic domains section allows seven possible

three character levels.

 These levels describe the organization types as listed in following table.

COUNTRY DOMAINS
 The country domains section follows the same format as the generic

domains but uses two characters for country abbreviations

 E.g.; in for India, us for United States etc) in place of the three character
 organizational abbreviation at the first level.

 Second level labels can be organizational, or they can be more

specific, national designation.

 India for example, uses state abbreviations as a subdivision of the

country domain us. (e.g., [Link].)

INVERSE DOMAINS
 Mapping an address to a name is called Inverse domain.

 The client can send an IP address to a server to be mapped to a domain

name and it is called PTR(Pointer) query.
 To answer queries of this kind, DNS uses the inverse domain

DNS RESOLUTION
 Mapping a name to an address or an address to a name is called name

address resolution.
 DNS is designed as a client server application.

 A host that needs to map an address to a name or a name to an address calls a

DNS client named a Resolver.

 The Resolver accesses the closest DNS server with a mapping request.

 If the server has the information, it satisfies the resolver; otherwise, it

either refers the resolver to other servers or asks other servers to provide
the information.
 After the resolver receives the mapping, it interprets the response to see if it is a

real resolution or an error and finally delivers the result to the process that
requested it.
 A resolution can be either recursive or iterative.

Recursive Resolution
  The application program on the source host calls the DNS resolver (client) to

find the IP address of the destination host. The resolver, which does not
know this address, sends the query to the local DNS server of the source
(Event 1)
 The local server sends the query to a root DNS server (Event 2)

 The Root server sends the query to the top-level-DNS server(Event 3)

 The top-level DNS server knows only the IP address of the local DNS server at

the destination. So it forwards the query to the local server, which knows the
IP address of the destination host (Event 4)
 The IP address of the destination host is now sent back to the top-level DNS

server(Event 5) then back to the root server (Event 6), then back to the
source DNS server, which may cache it for the future queries (Event 7), and
finally back to the source host (Event 8).

Iterative Resolution

 In iterative resolution, each server that does not know the mapping, sends
 the IP address of the next server back to the one that requested it.
 The iterative resolution takes place between two local servers.

 The original resolver gets the final answer from the destination local server.

 The messages shown by Events 2, 4, and 6 contain the same query.

 However, the message shown by Event 3 contains the IP address of the top-

level domain server.

 The message shown by Event 5 contains the IP address of the destination local

DNS server
 The message shown by Event 7 contains the IP address of the destination.

 When the Source local DNS server receives the IP address of the destination,

it sends it to the resolver (Event 8).

DNS CACHING
 Each time a server receives a query for a name that is not in its domain, it needs

to search its database for a server IP address.

 DNS handles this with a mechanism called caching.

 When a server asks for a mapping from another server and receives the

response, it stores this information in its cache memory before sending it to

the client.
 If the same or another client asks for the same mapping, it can check its

cache memory and resolve the problem.

 However, to inform the client that the response is coming from the cache

memory and not from an authoritative source, the server marks the response
as unauthoritative.
 Caching speeds up resolution. Reduction of this search time would

increase efficiency, but it can also be problematic.

 If a server caches a mapping for a long time, it may send an outdated mapping

to the client.
 To counter this, two techniques are used.

 First, the authoritative server always adds information to the mapping

called time to live (TTL). It defines the time in seconds that the
receiving server can cache the information. After that time, the
 mapping is invalid and any query must be sent again to the authoritative
server.

 Second, DNS requires that each server keep a TTL counter for each

mapping it caches. The cache memory must be searched

periodically and those mappings with an expired TTL must be
purged.

DNS RESOURCE RECORDS (RR)

 The zone information associated with a server is implemented as a set of

resource records.
 In other words, a name server stores a database of resource records.

 A resource record is a 5-tuple structure :

(Domain Name, Type, Class, TTL, Value)

 The domain name identifies the resource record.

 The type defines how the value should be interpreted.

 The value defines the information kept about the domain name.

 The TTL defines the number of seconds for which the information is valid.

 The class defines the type of network

Types of Resource Records

DNS MESSAGES
 DNS has two types of messages: query and response.

 Both types have the same format.

 The query message consists of a header and question section.

  The response message consists of a header, question section, answer section,

authoritative section, and additional section .

 Header

 Both query and response messages have the same header format
with some fields set to zero for the query messages.
 The header fields are as follows:

 The identification field is used by the client to match the response

with the query.
 The flag field defines whether the message is a query or response. It also
includes status of error.
 The next four fields in the header define the number of each record
type in the message.
 Question Section
 The question section consists of one or more question records. It
is present in both query and response messages.
 Answer Section
 The answer section consists of one or more resource records. It is
present only in response messages.
 Authoritative Section
 The authoritative section gives information (domain name) about one
or more authoritative servers for the query.
 Additional Information Section
 The additional information section provides additional information
that may help the resolver.

DNS CONNECTIONS
 DNS can use either UDP or TCP.
  In both cases the well-known port used by the server is port 53.

 UDP is used when the size of the response message is less than 512

bytes because most UDP packages have a 512-byte packet size limit.
 If the size of the response message is more than 512 bytes, a TCP connection

is used.

DNS REGISTRARS
 New domains are added to DNS through a registrar. A fee is charged.

 A registrar first verifies that the requested domain name is unique and

then enters it into the DNS database.

 Today, there are many registrars; their names and addresses can be found at

 To register, the organization needs to give the name of its server and the

IP address of the server.

 For example, a new commercial organization named wonderful with a server

named ws and IP address [Link], needs to give the following

information to one of the registrars:
Domain name: [Link] IP address: [Link]

DDNS (DYNAMIC DOMAIN NAME SYSTEM)

 In DNS, when there is a change, such as adding a new host, removing a host,

or changing an IP address, the change must be made to the DNS master file.
 The DNS master file must be updated dynamically.

 The Dynamic Domain Name System (DDNS) is used for this purpose.

 In DDNS, when a binding between a name and an address is determined,

the information is sent to a primary DNS server.

 The primary server updates the zone.

 The secondary servers are notified either actively or passively.

 In active notification, the primary server sends a message to the

secondary servers about the change in the zone, whereas in passive

notification, the secondary servers periodically check for any changes.
 In either case, after being notified about the change, the secondary

server requests information about the entire zone (called the zone
 transfer).
 To provide security and prevent unauthorized changes in the DNS

records, DDNS can use an authentication mechanism.

DNS SECURITY
 DNS is one of the most important systems in the Internet infrastructure;

it provides crucial services to Internet users.

 Applications such as Web access or e-mail are heavily dependent on the proper

operation of DNS.
 DNS can be attacked in several ways including:

 Attack on Confidentiality - The attacker may read the response of a DNS

server to find the nature or names of sites the user mostly accesses. This
type of information can be used to find the user’s profile. To prevent
this attack, DNS messages need to be confidential.
 Attack on authentication and integrity - The attacker may intercept the
response of a DNS server and change it or create a totally new bogus
response to direct the user to the site or domain the attacker wishes the user
to access. This type of attack can be prevented using message origin
authentication and message integrity.
 Attack on denial-of-service - The attacker may flood the DNS server to

overwhelm it or eventually crash it. This type of attack can be

prevented using the provision against denial-of-service attack.

 To protect DNS, IETF has devised a technology named DNS Security

(DNSSEC) that provides message origin authentication and message

integrity using a security service called digital signature.
 DNSSEC, however, does not provide confidentiality for the DNS messages.

 There is no specific protection against the denial-of-service attack in the

specification of DNSSEC. However, the caching system protects the

upper- level servers against this attack to some extent.