DNS and CDNs 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross
Administrivia HW #1 is posted Mission: Learn to use network tools to gather information and for debugging Due in 2 weeks (3 Oct) Close to Quiz and Lab #1, so don t procrastinate Report due to Canvas 2
Last lecture Application level protocols Ignore details of transport and below Included example of how abstraction sometimes is incomplete HTTP Request / Response messages Parallel, Persistent, Pipelining Caching 3
traceroute Overview DNS: Domain Name System The Protocol Organization of domains, zones, nameservers Content Distribution Networks 4
Address Conversion Protocols often have their own address mechanism URL, Domain Names, Ports, IP, MAC,... Designed w/requirements of that protocol Conversion needed when communication traverses protocols (layer boundaries) 5
A Need for Domain Names? The venerable Dr Amend (Foxtrot) saith... 6
Characteristics of a Name Human readable String, often variable length Format is important: [Title][f_initial][l_name] Generally not unique Perhaps unique in a particular area Siblings don t have same first name Computers have trouble with names Hard to process and store 7
Translating a Domain Name Application sends a request to a DNS server Who answers with an IP address Complications: Navigation Caching 8
Where is www.cmuj.jp? 60.43.157.130
traceroute Overview DNS: Domain Name System The Protocol Organization of domains, zones, nameservers Content Distribution Networks 10
What is DNS? A directory 1 service for the Internet Translates ( maps ) names to IP addresses plus some other services A distributed database Implemented in a hierarchy of name servers Name servers are distributed globally Maintained / administered by different organizations An application-layer protocol Allows host to query the database and handle replies 1 Pedantic Warning: I use the term directory very loosely in this context. True directory services are related, but different. 11
DNS History DNS created in early 1980s IETF process RFC 1034, 1035 Documented in Mockapetris88 DNS has grown since then How many pages is original RFC? How many subsequent RFCs are there? 12
DNS Services Host name to IP address translation Mapping www.ini.cmu.edu 128.2.131.60 Host aliasing Mapping between alias and canonical hostnames Canonical: real, difficult to remember www-cmu-prod-vip.andrew.cmu.edu (try it!) Alias: shorter, easier to remember www.cmu.edu 13
DNS Services (2) Mail server aliasing Similar to host aliasing, but for mail servers you@andrew.cmu.edu alias of andrew-mx-0[1-6].andrew.cmu.edu you@cmu.edu alias of cmu-mx-0[1-4].andrew.cmu.edu Try it! 14
DNS Services (3) Load distribution across replicated servers A name can map to multiple hosts thus multiple addresses DNS server returns all addresses but rotates ordering ex: for mx3.aplace.edu, one of a group of 4 servers 1st request returns address for: mx3, mx4, mx1, mx2 2nd request returns: mx4, mx1, mx2, mx3 Why a list? Why not just return first address? 15
traceroute Overview DNS: Domain Name System The Protocol Organization of domains, zones, nameservers Content Distribution Networks 16
DNS Protocol Simple query and reply mechanism Runs over UDP on port 53 as recommended by RFC 1035 Exception: zone transfer (records of entire zone) TCP for reliable delivery Exception: Answers longer than 512 bytes TCP for bulk data transfer 17
UDP? Why UDP? Shouldn t this be a reliable protocol? DNS is not real-time audio or video! 18
Protocol Query and reply messages Both use the same message format Data being queried is in a form known as Resource Record (RR) 19
Resource Records Each server stores some resource records (RRs) Each RR is a 5-tuple: (Name, Value, Type, Class, TTL) Name: Owner name, depends on type Value: Value associated with name Type: Denotes type of RR Class: Almost always IN (Internet) TTL: Cache timeout value, 32-bits, in seconds a zero value means do not cache Size limits 63 bytes for labels (parts of domain name separated by dots) 255 bytes for names 20
Types A = Address (AAAA for IPv6 address) Name = hostname, e.g. pi.ece.cmu.edu Value = IP address, e.g. 31.41.59.26 NS = Nameserver Name = domain, e.g. cmu.edu Value = hostname of an authoritative name server, e.g. dns.cmu.edu 21
Types (2) CNAME = Canonical Name Name = alias hostname, e.g. www.cmu.edu Value = canonical (real) hostname, e.g. www-cmu-prod-vip.andrew.cmu.edu MX = Mail Exchange Name = alias hostname, e.g. cmu.edu Value = hostname of a mail server, e.g. cmu-mx-03.andrew.cmu.edu 22
Types (3) There are 32 other types defined for a variety of uses Research project: Look up the SINK type 23
Message Format Message Header (12 bytes) Identification: 16 bit number Flags (1 bit each) query or reply recursion desired recursion available reply is authoritative... and others Reply uses same id as query 4 Bytes identification number of questions number of authority RRs flags number of answer RRs number of additional RRs questions (variable number of questions) answers (variable number of RRs) authority (variable number of RRs) additional information (variable number of RRs)
Message Format Message Payload (no more than 500 bytes) Sequence of name, type fields for a query RRs in response to a query RRs for authoritative servers Additional helpful information 4 Bytes identification number of questions number of authority RRs flags number of answer RRs number of additional RRs questions (variable number of questions) answers (variable number of RRs) authority (variable number of RRs) additional information (variable number of RRs)
What if your DNS server doesn t know the answer? Where is www.cmuj.jp? I don t know. Ask.jp nameserver
Navigation How a client traverses nameservers in search of an answer is called navigation Iterative Navigation Client asks a series of NS Each NS responds with a pointer to another NS with more info? NS0 Client Local NS? NS1? NS0 Answer NS2? NS1 NS2 Client eventually asks the authoritative server
Server controlled navigation Server may take over navigation job from client? Client Answer NS2? Answer NS2 Reduces response bandwidth Results can be cached in a manner useful to other clients Local NS? NS1? NS0 NS1 Some domains limit access to DNS for security reasons Two forms? Client Answer Answer NS2 Non-recursive: server iterates Recursive: Each NS takes over the job, sends results Local NS? Answer NS0 Answer? NS1?
Caching Once (any) name server learns mapping, it caches mapping Cache entries timeout (disappear) after some time Controlled by the TTL of that RR Default TTL is 2 days TLD servers typically cached in local name servers Thus root name servers not often visited 29
traceroute Overview DNS: Domain Name System The Protocol Organization of domains, zones, nameservers Content Distribution Networks 30
Distributed, Hierarchical Design Why not a central server? (RFC-811) Single point of failure If the only DNS server crashes, the entire Internet dies Immense traffic volume Needs to handle all query requests for entire world Location? Close to some, far from others Maintenance Nightmare to get records updated Doesn t scale! 31
Domain Name Types Top-Level Domain (TLD) ICANN registers TLDs, manages IANA generic TLD (gtld) sponsored TLD (stld) country code TLD (cctld) infrastructure TLD.com.org.edu.gov.cat.aero.au.ca.fr.jp.arpa Registrars assign within TLD Verisign:.com Educause:.edu Japan Registry Services:.jp cmu.edu cmuj.jp ISO 3166-1 lists country codes Not the same as name server hierarchy!
Domain Namespace Root (/) Hierarchical structure com edu org jp Written in a dot-separated form, from specific to general ignoring the root cmu cs ece drama msi ne biglobe cmuj
Name Server Hierarchy Types of DNS name servers Root Name Servers (A-M) Root Top-level domain (TLD) Authoritative Local com name servers edu name servers CMU name servers org name servers jp name servers
Mapping name to server Administrative authority doesn t always match namespace hierarchy Some organizations want to maintain their own name server Others don t ex: CMU s CS dept wants to run their own name server. Drama doesn t, but still wants drama.cmu.edu name 35
Zones Namespace hierarchy is partitioned into subtrees called zones Each zone corresponds to authority over that portion of the namespace Also represents the unit of implementation -- the nameserver Authority is delegated from parent to child Parent: CMU child: CS 36
Zones Root (/) com edu org jp cmu ne cmuj cs ece drama biglobe msi
Zones An organization should be able to have its own domain, even though it lacks resources to support DNS One nameserver can also support many zones (think hosting company) Zone owner must: Maintain zone data Run redundant nameservers 38
Zones Nameservers Root nameservers Root (/) (A-M).com com nameserver.edu edu nameserver.org org nameserver.jp jp nameserver cmu cmu NS ne nens cmuj cmuj NS ece cs cs NS ece drama NS biglobe biglobe NS msi msi NS
Root Nameservers 13 root servers (labeled A through M) Each server is actually a cluster of replicated servers (i.e. C server has 8 sites) a Verisign, Dulles, VA c Cogent, Herndon, VA (also Los Angeles) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, ( 11 locations) k RIPE London (also Amsterdam, Frankfurt) i Autonomica, Stockholm (plus 3 other locations) e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 17 other locations) m WIDE Tokyo b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA
Globally Distributed Map courtesy of www.root-servers.org. Data as of 7 Sep 13
Root Server s Job Root nameserver knows TLD nameservers and their IP addresses Q: How do I get to www.library.cmu.edu? A: I don t exactly know, but you should ask the.edu TLD server at: l3.nstld.com, 192.41.162.32 d2.nstld.com, 192.31.80.32 and others 42
Root servers don t know much One small zonefile Contains names and IP addresses of authoritative DNS servers for each TLD Small (2.2MB as of 6 Feb 2017) Changes infrequently (every couple of days) 43
K Root Name Server Operated by RIPE NW Coordination Center k.root-servers.org London, Amsterdam, Athens, Brisbane, Tokyo, Delhi etc How many queries per second do you think a root server receives? 44
TLD Name Servers Top-level domain (TLD) servers Responsible for gtlds com, org, net, edu,... and cctlds uk, fr, ca, jp... Versign maintains servers for com TLD EDUCAUSE for edu TLD 45
TLD NS s Job Knows the authoritative (or intermediate) name servers of its domain and their IP addresses Q: How do I get to www.library.cmu.edu? A: I don t exactly know, but you can ask the name server for cmu.edu, at one of these places: t-ns1.net.cmu.edu, 128.2.4.14 cabbage.srv.cs.cmu.edu, 128.2.194.121 And others Note this is not the authoritative NS for the library 46
Authoritative NS Organization s DNS servers Provides authoritative hostname to IP mappings for organization s servers (e.g., Web and mail) Authoritative: Actually knows the answer Can be maintained by organization or service provider 47
Authoritative NS s Job Q: How do I get to www.library.cmu.edu? A: I know! libsearch-vip.andrew.cmu.edu 128.2.42.76 Authoritative!
Local Name Server Does not strictly belong to hierarchy Each ISP (residential ISP, company, university, etc) has one Also called default name server or resolver When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into hierarchy 49
traceroute Overview DNS: Domain Name System The Protocol Organization of domains, zones, nameservers Content Distribution Networks 50
Content Distribution Network Goal: Offload some of the work done by an origin server to geographically distributed edge caches Edge caches Closer to end-hosts than origin server Work with ISPs over the world to be colocated Examples: Akamai, Limelight, CDNetworks 51
Content Distribution Network Selective mirroring A subset of content, e.g. multimedia files, is mirrored at the edge caches Website owner (www.cnn.com) works with CDN to replicate its content Redirection (Secret Sauce) Client requests are forwarded to the most appropriate edge cache Improves response time, system throughput Done with DNS redirection plus URL rewriting 52
How does it work? 1. Web user wants to see content. Requests standard URL. 2. HTTP request with standard URL Origin Server (Customer of CDN Co.) 3. HTML page contains CDN Co's URLs 4. CDN URLs directed to local CDN servers 5. Content served locally Edge Cache Image from: http://www.flickr.com/photos/ntr23/
CDN Technologies URL Rewriting HTML code on Content Server must have URLs changed to CDN URLs Prepend a specific prefix www.cnn.com/logo.gif a13g.akamai.net/cnn.com/logo.gif 54
CDN Technologies (2) DNS Redirection CDN URLs must be resolved to find local edge-cache Where is a13g.akamai.net? CDN s DNS name server looks at IP of requestor Answers with edge cache nearby 55
Thinking Time What is the difference between a CDN and a web proxy? Proxy Caching Content Distribution Network 56
CDN Secret Sauce Remarkably, CDNs use non-proprietary, standard mechanisms DNS to direct user to closest edge cache DNS TTL to time-out resource records Only the algorithms to pick the best edge cache is secret Purists hate this: See Vixie2009 57
Lesson Objectives Now, you should be able to: describe the DNS service, including mission, interaction model, nameservers, domains, zones, load distribution, and domain name types explain the DNS protocol, including message format, reliability, resource records, types, and caching mechanisms describe the navigation mechanisms of DNS nameservers 58
Now, you should be able to: describe the roles of the different nameservers in the DNS describe how a CDN operates, including goals, host-roles, URL rewriting and DNS redirection contrast the advantages of CDNs and web proxies 59