cse 124 networked services fall 2010 lecture 5: domain...

CSE 124 Networked Services

Fall 2010

Lecture 5: Domain Name System

B. S. Manoj, Ph.D

http://cseweb.ucsd.edu/classes/fa10/cse124

10/7/2010 CSE 124 Networked Services Fall 2010 1

General updates

• Writeup-1 Due: This Saturday

• Homework-1 Due: This Friday

• The programming project-1

– An HTTP Web Server

– %./your_server PortNo ./file_location/ options

– Deadline: November 1st, 2010


DNS


Application Layer Services: Domain Name System

• Provides many services including the name-to-address translation

• Why DNS– Names are easy for human reading, however, IP addresses are

required for Internet routers– Names can be used for routing, but with high in efficiency

• In original ARPANET,– hosts.txt file contained host-to-address translation– A central server maintained and managed the changes in hosts.txt file– Hosts downloaded the hosts.txt file periodically (e.g., midnight )

• With the growth of ARPANET, the above method proved unscalable

10/7/2010 4CSE 124 Networked Services Fall 2010

Domain Name System

• One of the most important application layer protocol

– Every other application layer protocol needs DNS

• Provides many services• Name to address resolution

– Host name to IP address translation

• Name aliasing– Host name aliasing

• Service aliasing– Mail services aliasing

• Information services• Performance optimization

– Traffic load distribution, Improving response time, and Improving scalability10/7/2010 5CSE 124 Networked Services Fall 2010

Name to Address resolution• Translation from human-readable name to router-readable address• Example: Name Server Lookup

# nslookup> cseweb.ucsd.eduServer: 132.239.0.252Address: 132.239.0.252#53

Name: cseweb.ucsd.eduAddress: 132.239.51.6> > serverDefault server: 132.239.0.252Address: 132.239.0.252#53Default server: 128.54.16.2Address: 128.54.16.2#53

• New alternatives to nslookup: Domain Information Groper (dig) or host10/7/2010 6CSE 124 Networked Services Fall 2010

Domain Name

IP address

Primary Local DNS server

Secondary Local DNS server


>dig any cseweb.ucsd.edu

; <<>> DiG 9.3.3rc2 <<>> any cseweb.ucsd.edu

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16514

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 8

;; QUESTION SECTION:

;cseweb.ucsd.edu. IN ANY

;; ANSWER SECTION:

cseweb.ucsd.edu. 43200 IN MX 50 cseweb.ucsd.edu.

cseweb.ucsd.edu. 43200 IN MX 75 inbound.ucsd.edu.

cseweb.ucsd.edu. 43200 IN A 132.239.51.6

;; AUTHORITY SECTION:

ucsd.edu. 43200 IN NS ns0.ucsd.edu.

ucsd.edu. 43200 IN NS ns1.ucsd.edu.

;; Query time: 0 msec

;; SERVER: 132.239.0.252#53(132.239.0.252)

;; WHEN: Thu Oct 7 07:16:18 2010

;; MSG SIZE rcvd: 309

Host Name aliasing • Translation from complex canonical names to simple mnemonic names• e.g., cluster0028.asia.microsoft.com • Relay8951.cluster392.utopia.com

# nslookup> docs.google.comServer: 132.239.0.252Address: 132.239.0.252#53

Non-authoritative answer:docs.google.com canonical name = writely.l.google.com.Name: writely.l.google.comAddress: 66.102.7.139>PING google.com (74.125.67.100) 56(84) bytes of data.64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=1 ttl=46 time=88.9 ms64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=2 ttl=46 time=88.8 ms


Mnemonic domain name

Canonical domain name

Service Aliasing

• DNS can also be used for service aliasing– e.g., mail services aliasing – IP address aliasing (reverse address lookup) – SRV extensions (which port a particular service is running)

• Mail services are typically not provided by the web server

• Web server is more popular than mail servers (www.microsoft.com) – It is better served when associated with the same server name for both– [email protected] is better than somebody@receive-

mailserver001.cse.ucsd.edu

• The DNS uses a special record to provide the domain name of the mail server associated with a domain name

• Helps multiple services such as web and mail using same domain name


http://www.microsoft.com/

mailto:[email protected]




Features of DNS

• A hierarchical naming system• e.g., cseweb.ucsd.edu

• A distributed, federated, hierarchically organized, server system

• An application layer protocol

– Simple, Query-Reply-based, On UDP


Features of DNS

• A hierarchical naming system• e.g., cseweb.ucsd.edu

CSEWEB

• Subdomain

• Under the control of the domain (e.g., images.google.com)

UCSD

• Domain name for the organization

.EDU

• Top level domain


Root DNS servers

.com

Google.com

Docs images

Microsoft.com

.gov .org

Gnu.org

.edu

ucsd

blink cse cseweb

ucla

.Uk .no

Hierarchical naming/server system13 root domain servers

(10 in US, 2 in Europe, 1 in Asia)Top Level Domains

(TLD) (> 258)

TLD for country domains

Sub domain


Examples of Generic Top Level Domains (gTLDs)

• .aero Aviation• .asia Asia• .biz Business Organizations• .cat Catalan language and

culture• .com Commercial• .coop Co-Operative

Organizations• .edu Education• .gov US Government• .info Open TLD• .int International

Organizations• .jobs Jobs• .mil US Department of

Defense

• .mobi Mobile devices• .museum Museums• .name Personal• .net Networks• .org Organizations• .pro Credentialed

professionals and related entities

• .tel Publishing of contact data

• .travel Travelling


http://www.nic.aero/

http://www.registry.asia/

http://www.nic.biz/

http://www.domini.cat/index.php

http://www.domini.cat/index.php

http://www.internic.net/

http://www.nic.coop/




http://www.educause.edu/

http://www.nic.gov/

http://www.afilias.info/

http://www.iana.org/int-dom/int.htm

http://www.iana.org/int-dom/int.htm

http://www.employmedia.com/

http://www.nic.mil/

http://www.nic.mil/

http://www.mtld.mobi/

http://www.nic.museum/

http://www.nic.name/


http://www.pir.org/

http://www.registrypro.pro/



http://www.iana.org/domains/root/db/tel.html

http://www.iana.org/domains/root/db/tel.html

http://www.travel.travel/

DNS Server Hierarchy• Root DNS (rDNS) servers

– 13 of them (10 in US, 2 in Europe, and 1 in Asia), each is a collection of servers– Do not maintain A records– Maintain records for locating Top level DNS servers

• Top level domain (TLD) DNS servers– Do not maintain A records– Responsible for the top level domains such as .com, .org, .edu etc – Also responsible for the country level domains such as .us, .uk, .no, .jp, .cn, etc. – More than 258 domains exist today, (likely to grow even further)

• Authoritative DNS server– Provided by the organization which hosts the web servers and hosts– Maintains A record for many hosts (in some cases there may be hierarchy of aDNS

servers)– Either hosted within the organization or through a DNS service provider

• Local DNS server– Plays the intermediary role between client and the hierarchy of DNS servers– Not part of the hierarchy of the DNS


How DNS works

• A client calls resolver function– A software library that implements the DNS client in an end-

user machine

– Resolver sends a DNS query message to its local DNS (LDNS) server

– LDNS replies immediately if it has a cached information available

– If LDNS does not have the IP address, then it tries• First the root DNS servers• Then the general TLD servers• Then one or more of the authoritative DNS servers


DNS APIs

• For unix-based systems, the client calls – struct hostent *gethostbyname(const char *name);

• returns a structure of type hostent for the given host name.• Name is a character array contains the host name

– struct hostent *gethostbyaddr(const char *addr, int len, inttype);

• Used for reverse lookup (IP address to hostname)

– struct hostent { char *h_name; /* official name of host */ char **h_aliases; /* alias list */ int h_addrtype; /* host address type */ int h_length; /* length of address */ char **h_addr_list; /* list of addresses */ }


A client side code example……int sfd;struct sockaddr_un addr; char host_name[256]; struct hostent *host_addr;sprintf(host_name,”www.google.com”); /* copies the name to the host_name array*/

host_addr = gethostbyname(host_name);If(!host_addr){

fprintf(stderr,”Unknown host: %s\n”,host_name);exit(1);

}

sfd = socket(AF_UNIX, SOCK_STREAM, 0); /* socket is opened*/

if (sfd == -1) {perror("socket");exit(EXIT_FAILURE);

}

memset(&addr, 0, sizeof(struct sockaddr_un)); /* Clear structure */addr.sun_family = AF_UNIX;strncpy(addr.sun_path, MY_SOCK_PATH,

sizeof(addr.sun_path) - 1);10/7/2010 17CSE 124 Networked Services Fall 2010

http://www.google.com/

How DNS works

Enterprise/Campus/ Local

Network

Local DNS (lDNS) server

The Internet

1

2

3

4

5

6

8

7

Root DNS

(rDNS) servers

General Top Level Domain

(gTLD) DNS servers

Authoritative DNS

(aDNS) servers10/7/2010 18CSE 124 Networked Services Fall 2010

docs.google.com

docs.google.com

NS: .com

docs.google.com

NS: dns.google.com

A: 66.102.7.113 and …..

66.102.7.113 and …..

DNS resource record types• A Resource Record (RR) is a basic data element in a DNS database• DNS server stores different types of RRs• Each RR corresponds to a set of information for a particular service

DNS provides• A record consists of multiple values that contain {Name, TTL, Class,

Type, Value}


Name of the primary source of information about name server’s zone (email), serial number, timeout

DNS record types

• Record: {Name, Value, Class, Type, TTL}

• Type A: Name=Hostname, Value= IP address, TTL=time to live– Type A record gives hostname-to-address resolution– E.g; {cseweb.ucsd.edu, 132.239.51.6, A, 19800}

• Type NS: Name=domain (e.g., google.com), Value = address of the authoritative DNS (aDNS) server – aDNS server can help with resolution of hostnames in the domain

• Type CNAME: Name=hostname, Value=canonical host name for hostname– Provides hostname aliasing service– e.g., {docs.google.com, writely.l.google.com, CNAME}

• Type MX: Name=hostname, Value=canonical name of the mail server associated with the hostname– e.g., {ucsd.edu, mail-jsoe.ucsd.edu, MX}


An estimate of DNS queries (2003)

• Organizations managing rDNS servers report 100s of millions of queries per day

• Traces from F-root server

– San Francisco and Palo Alto

– 4 root server machines

– 152 million queries/24 hours

10/7/2010 21CSE 124 Networked Services Fall 2010 Source: D. Wessels and M. Fomenkov,

“WoW, That’s a lot of packets,” ACM PAM 2003

CSE 124 Networked Services Fall 2010 22

DNS protocol, messagesDNS protocol : query and reply messages, both with same

message formatmsg header

identification: 16 bit # for

query, reply to query uses

same #

flags:

query or reply

recursion desired

recursion available

reply is authoritative

10/7/2010

DNS query flags



DNS protocol, messages

Name, type fields

for a query

RRs in response

to query

records for

authoritative servers

additional “helpful”

info that may be used

10/7/2010


Inserting records into DNS

• example: new startup “Network Utopia”• register name networkuptopia.com at DNS registrar (e.g.,

Network Solutions, godaddy.com, yahoo domains)– provide names, IP addresses of authoritative name server (primary

and secondary)– registrar inserts two RRs into com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS)

(dns1.networkutopia.com, 212.212.212.1, A)

• Similarly, create authoritative server Type A record for www.networkuptopia.com; Type MX record for networkutopia.com

10/7/2010

DNS-based Performance optimization services

• Not originally intended • However, today it is a very important service

• Main performance optimization– Load Distribution– Provisioning Reliability– Content Distribution network services

• Load distribution – DNS is used to provide load balancing among multiple servers that

serve the same domain– Many popular web servers use server replication– A set of IP addresses is associated with a canonical name– When a client queries, DNS server replies with the entire set of IP

addresses– Each client makes use of the first IP address in the set– The set of IP addresses is rotated in order when subsequent request– Therefore, the load is almost equally balanced among the set of

servers10/7/2010 26CSE 124 Networked Services Fall 2010

An example

>docs.google.comServer: 132.239.0.252Address:

132.239.0.252#53

Non-authoritative answer:docs.google.com canonical

name = writely.l.google.com.

Address: 66.102.7.113Address: 66.102.7.138Address: 66.102.7.139Address: 66.102.7.100Address: 66.102.7.101Address: 66.102.7.102

> docs.google.comServer: 132.239.0.252Address:

132.239.0.252#53




> docs.google.comServer: 132.239.0.252Address:

132.239.0.252#53




1 2 3


Content Distribution Network services

• DNS is effectively used to provide content distribution services

• When a client queries for an address of a host, the DNS server provide the name of a CDN

• The CDN’s DNS replies with the address of the web cache nearest to the client’s location

• The client receives content from a nearby Web cache than the main web server– Quick response– Better load balancing– High server scalability


CDN example

origin server (www.cnn.com)

• distributes HTML

• replaces:http://www.cnn.com/sports.ruth.gif

withhttp://www.cdn.com/www.cnn.com/sports/ruth.gif

HTTP request for

www.cnn.com/sports/sports.html

DNS query for www.cdn.com

HTTP request for

www.cdn.com/www.cnn.com/sports/ruth.gif

1

2

3

origin server

CDN’s authoritative

DNS server

CDN server near client

CDN company (cdn.com)

• distributes gif files

• uses its authoritative

DNS server to route

redirect requests

client


Additional sources• Domain names are sold by domain name registrars

– Very competitive business models exist for domain names– Domain names are one of the most sought after real-estates in the web

today– Some simple names are worth several millions

• Business.com: $8 million• Wine.com: $2.9 million• Drugs.com: $830,000

• Important– When you register valuable names, register for longer duration

• Internet Corporation of Assigned Names and Numbers (ICANN)– Responsible for accrediting various domain name registrars

• http://www.internic.net/– For the list of accredited registrars





Attacks on DNS

• Distributed Denial of Service– Bandwidth flooding or resource consumption– Flooding Ping messages

• Distributed DNS query attack

• Man-in-the middle attack– Capture DNS queries and generate bogus DNS replys

• DNS poisoning– Erroneously populate the DNS caches by originating bogus replys

• Reflection attacks against hosts by – Generate spoofed DNS queries and thus create large number of replys– Targetting a host with DSN replys– Querys can be ANY? So that replys will be bigger packets


Summary• DNS is an important service on Internet

• Every other service depends much on it

• DNS is scalable, distributed, hierarchical, and federated

• Many performance optimization strategies are used with the help of DNS

• References:

– Kurose and Rose (Chapter 1-3)

– Andrew Tannenbaum (Chapter 7)


cse 124 networked services fall 2010 lecture 5: domain...

Documents