Welcome to CS 3516: Adanced Computer Networks Prof. Yanhua Li Time: 9:00am 9:50am M, T, R, and F Location: Fuller 320 Fall 2017 A-term 1 Some slides are originally from the course materials of the textbook Computer Networking: A Top Down Approach, 7th edition, by Jim Kurose, Keith Ross, Addison-Wesley March 2016. Copyright 1996-2017 J.F Kurose and K.W. Ross, All Rights Resered.
Extra office hour on Monday 9/11 Mondays Tuesdays Wednesdays Thursdays Fridays 9-9:50am Lecture FL320 Lecture FL320 Lecture FL320 Lecture FL320 10-10:30am Prof. Li, AK130 Prof. Li, AK130 Prof. Li, AK130 Prof. Li, AK130 11am-12pm Prof. Li, AK130 1-3pm TA: S. Ahmed Sub-basement in Fuller TA: S. Ahmed Sub-basement in Fuller TA: J.B. Tsang Sub-basement in Fuller TA: J.B. Tsang Sub-basement in Fuller Project 1 Due Office hours for all questions, e.g., project/lab assignment related questions, like programming Office hours for lecture related questions, and general questions for labs and projects.
Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.2 Web and HTTP 2.5 DNS Serice Oeriew, Structure Resolution process Data Format Application Layer 2-3
DNS: domain name system people: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 bit) - used for addressing datagrams name, e.g., www.yahoo.com - used by humans Q: how to map between IP address and name, and ice ersa? Domain Name System: distributed database implemented in hierarchy of many name serers application-layer protocol: hosts, name serers communicate to resole names (address/name translation) note: core Internet function, implemented as applicationlayer protocol complexity at network s edge Application Layer 2-4
Resoling Name, Locating Serice/Object URL http://users.wpi.edu/~yli15/courses/cs3516fall17a/schedule.html WPI DNS Serer tcp port 80 121.121.121.121 web serer Network File System Serer Serice 121.121.121.121, tcp port 80 Object ~yli15/courses/cs4516fall15b/schedule.html 5
DNS: serices, structure DNS serices hostname to IP address translation host aliasing canonical, alias names mail serer aliasing load distribution replicated Web serers: many IP addresses correspond to one name why not centralize DNS? single point of failure traffic olume distant centralized database maintenance A: doesn t scale! Application Layer 2-6
DNS: a distributed, hierarchical database Root DNS Serers com DNS serers org DNS serers edu DNS serers yahoo.com DNS serers amazon.com DNS serers pbs.org DNS serers poly.edu umass.edu DNS serersdns serers client wants IP for www.amazon.com; 1 st approx: client queries root serer to find com DNS serer client queries.com DNS serer to get amazon.com DNS serer client queries amazon.com DNS serer to get IP address for www.amazon.com Analogy: Marshalls -> Physical Address Application Layer 2-7
DNS: root name serers contacted by local name serer that cannot resole name root name serer: contacts authoritatie DNS serer if name mapping not known gets mapping returns mapping to local name serer e. NASA Mt View, CA f. Internet Software C. Palo Alto, CA (and 48 other sites) c. Cogent, Herndon, VA (5 other sites) d. U Maryland College Park, MD h. ARL Aberdeen, MD j. Verisign, Dulles VA (69 other sites ) a. Verisign, Los Angeles CA (5 other sites) b. USC-ISI Marina del Rey, CA l. ICANN Los Angeles, CA (41 other sites) g. US DoD Columbus, OH (5 other sites) k. RIPE London (17 other sites) i. Netnod, Stockholm (37 other sites) m. WIDE Tokyo (5 other sites) 13 root name serers worldwide Application Layer 2-8
TLD, authoritatie serers top-leel domain (TLD) serers: responsible for com, org, net, edu, aero, jobs, museums, and all top-leel country domains, e.g.: uk, fr, ca, jp Network Solutions maintains serers for.com TLD Educause for.edu TLD authoritatie DNS serers: organization s own DNS serer(s), proiding authoritatie hostname to IP mappings for organization s named hosts can be maintained by organization or serice proider Application Layer 2-9
DNS: a distributed, hierarchical database Root DNS Serers com DNS serers org DNS serers edu DNS serers yahoo.com DNS serers amazon.com DNS serers pbs.org DNS serers poly.edu umass.edu DNS serersdns serers client wants IP for www.amazon.com; 1 st approx: client queries root serer to find com DNS serer client queries.com DNS serer to get amazon.com DNS serer client queries amazon.com DNS serer to get IP address for www.amazon.com Analogy: Marshalls -> Physical Address Application Layer 2-10
Local DNS name serer does not strictly belong to hierarchy each ISP (residential ISP, company, uniersity) has one also called default name serer when host makes DNS query, query is sent to its local DNS serer has local cache of recent name-to-address translation pairs (but may be out of date!) acts as proxy, forwards query into hierarchy Difference btw Local DNS and Authoritatie DNS serer? Gien an organization, e.g., WPI, one for its internal users, one for external users Application Layer 2-11
Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.2 Web and HTTP 2.5 DNS Serice Oeriew, Structure Resolution process Data Format Application Layer 2-12
DNS name resolution example root DNS serer host at cs.wpi.edu wants IP address for cs.umass.edu 2 3 4 5 TLD DNS serer iterated query: contacted serer replies with name of serer to contact I don t know this name, but ask this serer local DNS serer dns.cs.wpi.edu 1 8 requesting host cs.wpi.edu 7 6 authoritatie DNS serer dns.cs.umass.edu cs.umass.edu Application Layer 2-13
DNS name resolution example root DNS serer recursie query: 2 7 6 3 puts burden of name resolution on contacted name serer local DNS serer dns.cs.wpi.edu 5 4 TLD DNS serer Cons: heay load at upper leels of hierarchy? 1 8 requesting host cs.wpi.edu authoritatie DNS serer dns.cs.umass.edu cs.umass.edu Application Layer 2-14
DNS: iterated queries root name serer recursie query: puts burden of name resolution on contacted name serer heay load? iterated query: contacted serer replies with name of serer to contact I don t know this name, but ask this serer local name serer dns.cs.wpi.edu 1 2 8 requesting host cs.wpi.edu 3 4 7 iterated query intermediate name serer dns.umass.edu 5 6 authoritatie name serer dns.cs.umass.edu cs.umass.edu 15
DNS: caching, updating records once (any) name serer learns mapping, it caches mapping cache entries timeout (disappear) after some time (TTL) TLD serers typically cached in local name serers thus root name serers not often isited cached entries may be out-of-date (best effort name-to-address translation!) if name host changes IP address, it may not be known Internet-wide until all TTLs expire Application Layer 2-16
Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.2 Web and HTTP 2.5 DNS Serice Oeriew, Structure Resolution process Data Format Application Layer 2-17
DNS records DNS: distributed db storing resource records (RR) RR format: (name, alue, type, ttl) type=a name is hostname alue is IP address type=ns name is domain (e.g., foo.com) alue is hostname of authoritatie name serer for this domain type=cname name is alias name for some canonical (the real) name www.ibm.com is really serereast.backup2.ibm.com alue is canonical name type=mx alue is name of mailserer associated with name Application Layer 2-18
DNS protocol, messages query and reply messages, both with same message format 2 bytes 2 bytes msg header identification: 16 bit # for query, reply to query uses same # flags: query or reply recursion desired (query) recursion aailable (reply) reply is authoritatie (reply) (DNS is an authoritatie DNS to a queried name) identification flags # questions # answer RRs # authority RRs # additional RRs questions (ariable # of questions) answers (ariable # of RRs) authority (ariable # of RRs) additional info (ariable # of RRs) Application Layer 2-19
DNS protocol, messages 2 bytes 2 bytes identification # questions flags # answer RRs Query: name, type fields for a query Reply: RRs in response to query records for authoritatie serers Reply: additional helpful info that may be used # authority RRs # additional RRs questions (ariable # of questions) answers (ariable # of RRs) authority (ariable # of RRs) additional info (ariable # of RRs) Application Layer 2-20
Inserting records into DNS example: new startup Networkabc register name networkabc.com at DNS registrar (e.g., Network Solutions) (and pay a fee for it.) proide names, IP addresses of authoritatie name serer (primary and secondary) registrar inserts two RRs into.com TLD serer: (networkabc.com, dns1.networkabc.com, NS) (dns1.networkabc.com, 212.212.212.1, A) Authoritatie serer create type A record for www.networkabc.com; create type MX record for networkabc.com Application Layer 2-21
Attacking DNS DDoS attacks Bombard root serers with traffic Not successful to date Traffic Filtering Local DNS serers cache IPs of TLD serers, allowing root serer bypass Bombard TLD serers Potentially more dangerous Exploit DNS for DDoS Send queries with spoofed source address: target IP Requires amplification Application Layer 2-22
Questions? Application Layer 2-23