Scribd
Upload
17 views12 pages

Understanding DNS and Name Resolution

Uploaded by

Nour Radwan
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views12 pages

Understanding DNS and Name Resolution

Uploaded by

Nour Radwan
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Naming and the DNS

Names and Addresses

39¢

name Arvind Krishnamurthy


544 Paul G. Allen Center
address University of Washington

 Names are identifiers for objects/services (high level)


 Addresses are locators for objects/services (low level)
 Binding is the process of associating a name with an address
 Resolution is the process of looking up an address given a name

1
Internet Hostnames
 Hostnames are human-readable identifiers for end-
systems based on an administrative hierarchy
 [Link] is my desktop
machine
 IP addresses are a fixed-length binary encoding for end-
systems based on their position in the network
 [Link] is uranium’s IP address

 Original name resolution: [Link]


 Current name resolution: Domain Name System
 Future name resolution: ?

Original Hostname System


 When the Internet was really young …

 Flat namespace
 Simple (host, address) pairs

 Centralized management
 Updates via a single master file called [Link]
 Manually coordinated by the Network Information Center

 Resolution process
 Look up hostname in the [Link] file

2
Scaling Problems
 Coordination
 Between all users to avoid conflicts

 Inconsistencies
 Between update and distribution of new version

 Reliability
 Single point of failure

 Performance
 Competition for centralized resources

Domain Name System (DNS)


 Designed by Mockapetris and Dunlap in the mid 80s

 Namespace is hierarchical
 Allows much better scaling of data structures
 e.g., [Link]

 Namespace is distributed
 Decentralized administration and access
 e.g., *.[Link] managed by CSE

 Resolution is by query/response
 With replicated servers for redundancy
 With heavy use of caching for performance

3
DNS Hierarchy

edu com mil org … au

mit • “dot” is the root of the hierarchy


• Top levels now controlled by ICANN
ai lcs • Lower level control is delegated

DNS Distribution

 Data managed by zones that contain resource records


 Zone is a complete description of a portion of the namespace
 e.g., all hosts and addresses for machines in [Link] with
pointers to subdomains like [Link]

 One or more nameservers manage each zone


 Zone transfers performed between nameservers for consistency
 Multiple nameservers provide redundancy

 Client resolvers query nameservers for specified records


 Multiple messages may be exchanged per DNS lookup to
navigate the name hierarchy

4
Example
root DNS server
Host at [Link]
wants IP address for
2
[Link] 3
TLD DNS server
4
local DNS server
[Link] 5

7 6
1 8

authoritative DNS server


[Link]
requesting host
[Link] [Link]

Recursive vs. Iterative Queries


 Recursive query root DNS server

 Ask server to
get answer for 2
you 3
TLD DNS server
 E.g., request 1 4
local DNS server
and response 8 [Link] 5
 Iterative query
 Ask server who
to ask next 1 8
7 6

 E.g., all other


request- authoritative DNS server
[Link]
response pairs requesting host
[Link]

10

5
Hierarchy of Nameservers

Root
name server

Princeton … Cisco
name server name server

CS … EE
name server name server

DNS Bootstrapping
 Need to know IP addresses of root servers before we
can make any queries
 Addresses for 13 root servers ([a-m].[Link])
handled via initial configuration ([Link] file)
A Verisign, Dulles, VA
C Cogent, Herndon, VA (also Los Angeles)
D U Maryland College Park, MD K RIPE London (also Amsterdam, Frankfurt)
G US DoD Vienna, VA
H ARL Aberdeen, MD I Autonomica, Stockholm
E NASA Mt View, CA J Verisign, ( 11 locations) (plus 3 other locations)
F Internet Software C. Palo
Alto, CA (and 17 other m WIDE Tokyo
locations)

B USC-ISI Marina del Rey, CA


L ICANN Los Angeles, CA
12

6
DNS Caching
 Performing all these queries take time
 And all this before the actual communication takes
place
 E.g., 1-second latency before starting Web download
 Caching can substantially reduce overhead
 The top-level servers very rarely change
 Popular sites (e.g., [Link]) visited often
 Local DNS server often has the information cached
 How DNS caching works
 DNS servers cache responses to queries
 Responses include a “time to live” (TTL) field
 Server deletes the cached entry after TTL expires 13

Negative Caching
 Remember things that don’t work
 Misspellings like [Link] and [Link]
 These can take a long time to fail the first time
 Good to remember that they don’t work
 … so the failure takes less time the next time around

14

7
DNS Resource Records

DNS: distributed db storing resource records (RR)


RR format: (name, value, type, ttl)

• Type=A • Type=CNAME
– name is hostname – name is alias name for some
– value is IP address “canonical” (the real) name
[Link] is really
 Type=NS [Link]
 name is domain (e.g. – value is canonical name
[Link])
 value is hostname of • Type=MX
authoritative name server for
this domain – value is name of mailserver
associated with name
15

DNS Protocol

DNS protocol : query and reply messages, both with


same message format

Message header
• Identification: 16 bit #
for query, reply to
query uses same #
• Flags:
– Query or reply
– Recursion desired
– Recursion available
– Reply is authoritative
16

8
Reliability
 DNS servers are replicated
 Name service available if at least one replica is up
 Queries can be load balanced between replicas
 UDP used for queries
 Need reliability: must implement this on top of UDP
 Try alternate servers on timeout
 Exponential backoff when retrying same server
 Same identifier for all queries
 Don’t care which server responds

17

Inserting Resource Records into DNS

 Example: just created startup “FooBar”


 Register [Link] at Network Solutions
 Provide registrar with names and IP addresses of your
authoritative name server (primary and secondary)
 Registrar inserts two RRs into the com TLD server:
• ([Link], [Link], NS)
• ([Link], [Link], A)
 Put in authoritative server [Link]
 Type A record for [Link]
 Type MX record for [Link]

18

9
Playing With Dig on UNIX
 Dig program
 Allows querying of DNS system
 Use flags to find name server (NS)
 Disable recursion so that operates one step at a time

19

Future Evolution of the DNS


 Design constrains us in two major ways that are
increasingly less appropriate

 Static host to IP mapping


 What about mobility (Mobile IP)

 Location-insensitive queries
 What if I don’t care what server a Web page comes
from, as long as it’s the right page?
 e.g., a yahoo page might be replicated

10
Akamai
 Use the DNS to effect selection of a nearby Web cache

client Server

Nearby DNS servers


Cache for [Link]

 Leverage separation of static/dynamic content

DNS DoS Attacks


October 22, 2002
 The attack lasted for approximately one hour. Of the
thirteen servers, nine were disabled
 The largest malfunction of the DNS servers before this
event were seven machines in July 1997, due to a
technical glitch

11
DNS DoS Attacks
February 6, 2007
 The attack lasted about five hours. none of the servers
crashed, two of the root servers "suffered badly", while others
saw "heavy traffic".
 The botnet responsible for the attack has reportedly been
traced to South Korea.

"If the United States found itself under a major cyberattack


aimed at undermining the nation’s critical information
infrastructure, the Department of Defense is prepared, based
on the authority of the president, to launch a cyber
counterattack or an actual bombing of an attack source."

12

You might also like