CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

Similar documents
CS514: Intermediate Course in Computer Systems

Chapter 5 Naming (2)

Distributed Naming. EECS 591 Farnam Jahanian University of Michigan. Reading List

Domain Name Service. DNS Overview. October 2009 Computer Networking 1

Protocol Classification

CSCE 463/612 Networks and Distributed Processing Spring 2018

The Application Layer: Sockets, DNS

Domain Name System.

DNS. Introduction To. everything you never wanted to know about IP directory services

Networking Applications

DNS & Iodine. Christian Grothoff.

Lesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012

IP ADDRESSES, NAMING, AND DNS

Chapter 5 Naming (2)

New Topic: Naming. Differences in naming in distributed and non-distributed systems. How to name mobile entities?

Advanced Networking. Domain Name System

Advanced Networking. Domain Name System. Purpose of DNS servers. Purpose of DNS servers. Purpose of DNS servers

Chapter 2 Application Layer. Lecture 5 DNS. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

DNS Basics BUPT/QMUL

Domain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi

CS 3640: Introduction to Networks and Their Applications

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008

Computing Parable. New Topic: Naming

The Domain Name System

Today: Naming. Example: File Names

page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, October 2016

The Domain Name System

CS4/MSc Computer Networking. Lecture 3: The Application Layer

Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly

ECE 650 Systems Programming & Engineering. Spring 2018

Application Layer Protocols

DNS and CDNs : Fundamentals of Computer Networks Bill Nace

A DNS Tutorial

EECS 122: Introduction to Computer Networks DNS and WWW. Internet Names & Addresses

CSC 574 Computer and Network Security. DNS Security

Introduction to Network. Topics

Lecture 4: Basic Internet Operations

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Naming WHAT IS NAMING? Name: Entity: Slide 3. Slide 1. Address: Identifier:

The Domain Name System

Lecture 05: Application Layer (Part 02) Domain Name System. Dr. Anis Koubaa

How to Configure the DNS Server

The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla

CSc 450/550 Computer Networks Domain Name System

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

Domain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale

Lecture 7: Application Layer Domain Name System

S Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

Domain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.

Communications Software. CSE 123b. CSE 123b. Spring Lecture 11: Domain Name System (DNS) Stefan Savage. Some pictures courtesy David Wetherall

Domain Name System - Advanced Computer Networks

CSE 123b Communications Software. Overview for today. Names and Addresses. Goals for a naming system. Internet Hostnames

CS 43: Computer Networks. 10: Naming and DNS September 24, 2018

Distributed Systems. Distributed Systems Within the Internet Nov. 9, 2011

Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer

New Topic: Naming. Approaches

June Gerd Liefländer System Architecture Group Universität Karlsruhe (TH), System Architecture Group

Managing Caching DNS Server

Chapter 19. Domain Name System (DNS)

ECE 435 Network Engineering Lecture 7

CSE561 Naming and DNS. David Wetherall

Naming Computer Networking. Overview. DNS: Domain Name System. Obvious Solutions (1) Obvious Solutions (2)

Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS

Agha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#

Domain Name System (DNS)

Naming. Naming. Naming versus Locating Entities. Flat Name-to-Address in a LAN

Lecture 08: Networking services: there s no place like

Objectives. Upon completion you will be able to:

CptS 464/564 Lecture 18

THE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY

DNS and HTTP. A High-Level Overview of how the Internet works

CSE 565 Computer Security Fall 2018

Computer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1

How to Add Domains and DNS Records

Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016

CSCE 463/612 Networks and Distributed Processing Spring 2018

Distributed Operating Systems

CS454/654 Midterm Exam Fall 2004

DNS. DNS is an example of a large scale client-server application.

Domain Name System (DNS)

Page 1. CS162 Operating Systems and Systems Programming Lecture 22. Networking III. Automatic Repeat Request

Higher layer protocols

Configuring DNS. Finding Feature Information

DNS Security. * pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi

Linux Network Administration

APNIC elearning: DNS Concepts

Computer Science 425 Distributed Systems CS 425 / ECE 428. Fall 2013

Goal of this session

DNS Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.

Cisco Network Address Translation (NAT)

Internet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016

Computer Network laboratory (2015) Pattern TE Computer 1 (5)

Top-Down Network Design

DNS. A Massively Distributed Database. Justin Scott December 12, 2018

More Internet Support Protocols

The LDAP Protocol. Agenda. Background and Motivation Understanding LDAP

CS 356 Using Cryptographic Tools to Secure the Domain Name System (DNS) Spring 2017

Internet Technology 3/2/2016

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16

Naming in Distributed Systems

Transcription:

: Computer Networks Lecture 6: Apr 5, 2004 Naming and DNS

Any problem in computer science can be solved with another layer of indirection David Wheeler

Naming is a layer of indirection What problems does it solve? Makes objects human readable Hides complexity and dynamics Multiple lower-layer objects can have one name Changes in lower-layer objects hidden Allows an object to be found in different ways One object can have multiple names

Names map to objects through a resolution service Distributed Name Resolution Service

Identifiers and Locators A name is always an identifier to a greater or lesser extent Can be persistent or non-persistent Can be globally unique, locally unique, or even non-unique If a name has structure that helps the resolution service, then the name is also a locator

Naming in networks

DNS names map into addresses Domain Name System (DNS) Many-to-many Domain Name (www.cnn.com) Hierarchical User-friendly Location independent But not org independent

Addresses map into routes IP address (128.94.2.17) Routing algorithm (BGP, OSPF, RIP) One-to-many Hierarchical Location Dependent Non-unique Can change often Refers to an interface, not a host

Routes get packets to interfaces A path Source dependent Can change often

DNS names and IP addresses are identifiers and locators Both are typically non-persistent Private IP addresses identify only in the context of an IP realm Domain names are good identifiers woodstock.cs.cornell.edu identifies a host www.cnn.com identifies a service URLs are good identifiers

IP address as locator A bizarre way to think of an internet route is as a series of route segments A route from the source host to the first hop router A route from the first hop router to the access ISP A route from the access ISP to the dest ISP A route from the dest ISP to the dest site A route from the dest site to the dest subnet A route from the dest subnet to the dest host

IP address as locator If we can think of a route as a series of route segments... Then we can think of the IP address as a series of flat (sub-)addresses Where each (sub-)address maps into a route segment ISP-site-subnet-host

So what? There is a fundamental thing happening here (Hierarchical) route segments prevents all nodes from having to know about the whole network Hierarchy always requires a global reference point The top of the hierarchy In IP, this is the ISP

To summarize Internet uses Names, Addresses, and Routes Routes are special, because they depend on point of view Also Identifiers and Locators An locator is, in a way, a series of identifiers Where everyone knows how to get to the top, and the top knows how to get to the bottom

Names in the Internet The Internet has always had names Because IP addresses are hard to remember But, the Internet hasn t always had domain names Used to be, this was a valid email address: george@isi How did any given host know the IP address of isi???

The host table and DNS Before DNS, there was the host table This was a complete list of all the hosts in the Internet! It was copied every night to every machine on the Internet! At some point, this was perceived as a potential scaling bottleneck So a distributed directory called the Domain Name System was invented (DNS)

The host table (historic) Host Name mit-dlab isi-mail mit-lcs IP Address 133.65.14.77 24.72.188.13 133.65.29.1

Distributed Directory A primary goal of DNS was to have a distributed host table, so that each site could manage its own name-toaddress mapping But also, it should scale well!

DNS is simple but powerful Only one type of query Query(domain name, RR type) Resource Record (RR) type is like an attribute type Answer(values, additional RRs) Example: Query(woodstock.cs.cornell.edu, A) Answer(128.84.97.3)

DNS is simple but powerful Limited number of RR types Hard to make new RR types Not for technical reasons Rather because each requires global agreement

DNS is the core of the Internet Global name space Can be the core of a naming or identifying scheme Global directory service Can resolve a name to nearly every computer on the planet

Important DNS RR types NS: Points to IP addr of next Name Server down the tree A: Contains the IP address AAAA for IPv6 MX: Contains the name of the mail server CNAME: Canonical name, for aliasing PTR: Returns name given an IP address reverse DNS lookup

DNS tree structure. NS RR pointers edu. com. jp. us. cornell.edu. cmu.edu. mit.edu. cs.cornell.edu. eng.cornell.edu. foo.cs.cornell.edu A 10.1.1.1 bar.cs.cornell.edu A 10.1.1.1

Primary and secondary servers cornell.edu. NS RRs point to both primary and secondary servers cs.cornell.edu. RRs are initially configured into primary server Primary server replicates RRs onto secondary servers periodically (updates are incremental)

Resolver structure and configuration edu. com.. jp. Static configuration of root servers Stub resolver resides on client host, points to configured recursive server cornell.edu. cs.cornell.edu. cmu.edu. eng.cornell.edu. Resolver manages DNS queries on behalf of stub resolvers

Resolver structure and configuration edu. com.. jp. 2,3,4 Resolver makes iterative queries to servers 1. Stub resolver sends recursive query cornell.edu. cs.cornell.edu. cmu.edu. eng.cornell.edu. Resolver caches results for efficiency N. Resolver returns final answer to stub resolver (which also caches result)

DNS query and reply have same format msg header identification: 16 bit # for query, repy to query uses same # flags: query or reply recursion desired recursion available reply is authoritative reply was truncated

DNS protocol, messages Name, type fields for a query RRs in reponse to query records for authoritative servers additional helpful info that may be used

UDP or TCP DNS usually uses UDP Like RPC: query and reply fit into a single unfragmented UDP packet Client resends query after timeout About 3 seconds Client will use TCP if reply is truncated Truncated bit is set TCP also used for zone transfers

DNS cache management All RRs have Time-to-live (TTL) values When TTL expires, cache entries are removed NS RRs tend to have long TTLs Cached for a long time Reduces load on higher level servers A RRs may have very short TTLs Order one minute for some web services Order one day for typical hosts

Caching is the key to performance Without caching, the small number of machines at the top of the hierarchy would be overwhelmed But what if you want to change the IP address of a host? How do you change all those cached entries around the world? You can t you wait until they timeout on their own, then make your change

Changing a DNS name Say your TTL was set to one day This means that even if you change DNS now, some hosts will continue to use the old address for a day So, give the host two IP addresses for a while (the old one and the new one) But DNS only answers with the new one After a day, the old one is cleaned out of caches, and you can remove it from the host

Reverse DNS lookup Obtain name from address PTR resource record To lookup name of 128.5.6.7, do DNS lookup on 7.6.5.128.in-addr.arpa This is how traceroute figures out the names of the hosts in a path

dig examples (dig is a DNS lookup command line tool available on linux) NS for the root NS for com MX for cornell.edu A for cnn.com

Service-oriented DNS RR types SRV: Contains addresses and ports of services on servers One way to learn what port number to use NAPTR: Essentially a generalized mapping from one name space (i.e. phone numbers) to another (i.e. SIP URL)

Hierarchy revisited The DNS name is like a series of name to address lookups a.b.com: lookup NS for com, then for b, then A record for a... In this sense, DNS name is a locator Prevents any one machine from knowing everything As with all hierarchy, everything must know how to get to the top

DNS versus IP addresses Both have a top, but DNS s top is small (13 machines), whereas IP s top is big (150K ASs each with many routers) DNS relies on caching to prevent overload at the top, IP addresses don t have to Is there a way other than hierarchy to prevent all nodes from knowing everything???

DNS Issues Working with NAT DoS attacks on (13) root servers DoS = Denial of Service Mis-configuration issues This is probably the worst problem today Hacking issues Hijack a web site by hacking into DNS and configuring wrong IP address

DNS and NAT Original DNS model was that all answers are valid for all queries NAT breaks that model because a private address has no meaning to a host outside the private network And furthermore might be private information This leads to two-faced DNS

Two-faced DNS Deploy two DNS databases, one for inside and one for outside Queries from inside must first go to the inside DNS, then go outside if inside gives no answer Rather than the normal path to the root and down BIND can be configured to do this... BIND is the public domain reference implementation of DNS

Protecting DNS against DoS attacks Only 13 root servers Max answers in DNS limited to 13 (or so) To protect against DoS, you may want way more than 13 name servers Use IP anycast Essentially, give all name servers the same IP address IP routing will route packets to the closest one

DNS as a load balancer What if you want to balance traffic across many web servers? (geographically spread out) DNS server rotates answers among web servers May even monitor server load May even try to pick server close to the client Answer have very small TTLs, so that clients avoid crashed web servers

LDAP is another popular distributed directory service Richer and more general than DNS Has generalized attribute/value scheme Can search on attribute, not just name Though this doesn t scale well Simpler and more efficient than a full relational database Commonly used within enterprises for: personnel databases, subscriber databases, authentication info, etc.

LDAP: Lightweight Directory Access Protocol Not a global directory service, though namespace is global Its predecessor, X.500, was meant to be But local LDAP services can point to each other X.500 was too heavyweight LDAP is a lighter version with same semantics Text strings instead of ASN.1

Some common LDAP attribute types Attribute Type String CommonName LocalityName StateorProvinceName OrganizationName OrganizationalUnitName CountryName StreetAddress domaincomponent Userid CN L ST O OU C STREET DC UID

Example global X.500 tree (LDAP is fraction of this)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback