the domain name system james brown simon gingold yue lai jun ma haobin song thomas stewart david...

The Domain Name System

James BrownSimon Gingold

Yue LaiJun Ma

Haobin SongThomas StewartDavid Weinberg

Group 20

Presentation Structure

bull Introduction amp Historybull How a resolver looks up a remote namebull Domain Name space

ndash Practical DNSndash The Domain Name Spacendash Root Name Serverndash uk The United Kingdomrsquos TLDndash WHOIS ndash Database Of Registrantsndash Registering a coukdomain

bull Inside a DNS Serverndash Resolvingndash Cachingndash Updating

bull Two DNS Serversndash BINDndash Microsoft DNS Server

bull The DNS Packetsbull Conclusions

Introduction amp HistoryPeople remember meaningful names far more easily than collections of numbers

bull In the beginninghellipa file named hoststxt was maintained and distributed

bull DNS created in 1981 to overcome hoststxt problems- When a user accesses the internet the nearest DNS server translates URLrsquos into IPrsquos

- DNS is a distributed database ndash reduces server load

- Indexed for fast searching Search key = domain name

- DNS can force name uniqueness

- Domain Names are like ldquomicrosoftcomrdquo

- The zones are separated by lsquorsquo

- Optionally contain hosts within the domain name

- Allows same names on different hosts but different domains

(eg woodstockmanacuk and woodstockumistacuk)

- The internet moved to TCPIP and grew

- Hoststxt became

Large

Slow to download

Didnrsquot dictate lsquouniqueness of namesrsquo property

Quickly obsolete name records

woodstock

man

ac

uk

woodstock

umist

How a resolver looks up a remote name

Suppose a client wants to resolve the name cicadecsprincetonedu

Copied from Larry L Peterson amp Bruce S Davie (2000) ldquoComputer Networks ndash A system approachrdquo Morgan Kaufmann Publishers pp 633


bull Step 1 the client sends query containing the domain name to the local name server

bull Step 2 the local name server may not have the information about the domain name so it sends the query to one of the root server

bull Step3 the root server cannot match the entire name returns best match ndash the NS (name resolution) record for princetonedu and it also returns all records which is related to this record

bull Step 4 the client sends the same query to the name server at Princeton Universityrsquos domain

bull Step 5 This name server also cannot match the entire name so returns its best match and a NS record ns1csprincetonedu

bull Step 6 the client sends the same query to the name server authoritative for the CS Zone (ns1csprincetonedu)

bull Step 7 the server has a information about cicadecsprincetonedu and returns the answer IP address = 192126960

bull Step 8 armed with the IP address the client can establish a TCP connection with the destination

Practical DNS

bull The domain name space is controlled to enforce a tree structure to it

bull Tree is both distributable and efficientbull All domains are children of the (root) domainbull Top level domains TLDs are the direct childrenbull Two types

ndash Generic eg com org edundash Country specific uk de il

bull All other domains must be under a TLDbull Domains are administered by different organisations

The Domain Name Space

bull Hierarchical tree structure makes domain name space distributable yet still navigable

bull Shows com mynetcom riversmynetcom seasmynetcom lakesmynetcom acmecom rumbaacmecom sambaacmecom and tangoacmecom

bull rivers seas and lakes are separate zones

bull rumba samba and tango are part or acmecom

Copied from httpou800doccalderacomNET_tcpipdnsNhowhtml The domain name space diagram

Root name servers

bull There are 13 root name serversndash aroot-serversnet - mroot-serversnetndash Authoritative for the TLDsndash Queries start to the root servers when no cache is

availablebull Coordinated by IANA (Internet Assigned Numbers

Authority) bull Many of the root servers are in the USA and run by

American organisationsbull KROOT-SERVERSNET is in London and is jointly run

by LINX and RIPE NCCbull Creation of TLDs is restricted

uk The United Kingdomrsquos TLD

bull uk is divided into second-level domains

bull Nominet UK is the the registrar and administrator of the first seven

bull plcuk and ltduk are restrictedndash Only registered companies

can be part of this domainndash Can only register your own

company name

Domain Intended use

couk for commercial enterprises (the largest SLD in the UK)

meuk for personal domains

orguk for non-commercial organisations

plcuk for registered company names only

ltduk for registered company names only

netuk for Internet Service Providers

schuk for schools

acuk for Academic Establishments

govuk for Government Bodies

nhsuk for NHS Organisations

policeuk

for UK Police Forces

moduk for Ministry of Defence Establishments

WHOIS ndash Database Of Registrants

bull WHOIS queries the database of ownership of the domain

bull Gives name and contact details of the owner of the domain

bull Gives name and contact details of the administrator of the domain

bull Lists the name servers that are authoritative for the domain

bull Not part of DNS but is used to help manage delegation and ownership sub domains

bull Available at wwwwhoiscouk

Domain Name WEINBERGCOUK

Registered For Leslie BunderDomain Registered By

WEBFUSIONRegistered on 18-Sep-1999Record last updated on 28-

Aug-2001 by domreg123-regcouk

Domain servers listed in orderNSHOSTEUROPECOM

212672022NS2HOSTEUROPECOM

(unable to validate IP)WHOIS database last updated

at 191200 17-Apr-2002

Registering a couk domain

1 Choose the name you want- for example weinbergcouk

2 Check using the WHOIS service that this domain name does not already exist

3 Inform your registrant of the owners name and address as well as the administrators name and address

4 Inform them of the name servers that they will be authoritative for

5 Pay for the domain This ensures ownership and helps Nominet recover its costs

bull Running name serversbull Maintaining the name serversbull Update DNS informationbull Resolve and try to avoid disputes over names

RESOLVING

bull When a user (resolver) needs to know an IP Address for a host name the query is made in one of two ways recursively or iteratively

bull Both methods check to see if the answer is already known but if nothellipndash 1 Recursive Requests

bull Look for the name server closest to the answerndash For example if the location of lionumistacuk is unknown but if the location of

name servers for umistacuk is known these would be the closest name servers If these were unknown the acuk name servers are tried until the root servers (ldquordquo) are reached

bull Ask the closest name server for their best answer in a lsquopolitersquo iterative fashionbull Continually ask name servers for the best answer they can give

ndash Always ask the exact original Domain name in these queriesndash Train station analogy ask staff ldquoWhen is the 1030 train to Londonrdquo rather than

ldquoWhere is the person who can tell me about train timetablesrdquondash In the lionumistacuk example always ask exactly thatndash All the work is done by the initial name serverndash This server is given the opportunity to cache the resource records it learns about

ndash 2 Iterative Requestsbull All work done by the resolver

ndash Name servers just respond with their best answer which they know

bull This technique used for security reasonsbull Not favourable for network traffic

Resolving - recursion

bull A Recursive Queryndash The local name server does most of the work

uk

ac

umistacuk

lionumistacuk

130889640

Question lionumistacuk

Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk

Resolving ndash iteration Vs recursion

The iterative and recursive queries are shown R=recursive I=iterative

bull A critical process in the DNS

ndash For every query a cache of the result and every intermediate step is maintained

bull For example to find umistacuk the address of uk acuk and umistacuk name servers could be cached

bull When a query is receivedhellip

ndash The first step is to check whether this server is authoritative for the zone being queried

bull If yes then no caching is performed

bull Otherwise the local cache is checkedndash If the zone is in the cache then the answer will be returned immediatelyndash Otherwise the lsquoclosest knownrsquo (authoritative) name servers are

checked and the results cached as the query progresses

bull But DNS records are dynamicndash A lsquotime to liversquo is assigned to the name serverndash After this specified time the cache information for associated record must be

flushedndash Typical value is 3 days

Caching

Updating

bull All name servers know the internetrsquos root servers at the start

bull Most updating comes from the lsquoexperiencersquo of answering queries and caching

bull Some manual updating does occurndash Only local Name Servers can have forced updatesndash Use the lsquoUpdatersquo command and specify the resource records to

changendash In Perl an update of IP Addresses for a domainrsquos webserver

(called a A Record) looks like thisbull $update-gtpush(update rr_add(ldquoumistacuk 86400 A 1308801))bull When someone accesses ldquoumistacukrdquo they are directed to ldquo1308801rdquo

bull The local DHCP servers can also inform the DNS server of any updates to IP addresses that have been allocated

Resource Records

bull Where the settings for the DNS server are stored

bull Can be divided into classesndash Internet Chaosnet and Hesiod

bull Common types-ndash TTL SOA NS A CNAME PTR MX TXTndash Many more

Types of Records

bull TTL ndash The time to livebull SOA record ndash The authority for this zonebull NS record ndash The name server for this zonebull A ndash A name to address mappingbull CNAME ndash Canonical name used for

aliasesbull PTR ndash Address to name mappingbull MX ndash Used for email namesbull TXT ndash Used for text entries

BIND

bull BIND (Berkeley Internet Name Domain) is the main DNS server used on the internet

bull Cross platform program that was originally coded for UNIXndash Linux BSD and Windows

bull See Linux DNS HOWTO for more info

Features of Microsoft DNS Serverbull Active Directory Storage and Replication Integration

Windows 2000 DNS has the option of using the Active Directory (AD) service as the data storage and replication engine In short the AD service integration simplifies the administration of DNS namespace Ask the closest name server for their best answer in a lsquopolitersquo iterative fashion

bull Incremental Zone Transfer The Windows 2000 DNS incorporates an algorithm that actively notifies name servers

of changes to a DNS database The Incremental Zone Transfer also incorporates something called the NOTIFY extension of DNS

bull Dynamic Update Automatic assignment of addressing with dynamic DNS updates

bull Aging and Scavenging

Windows 200 DNS lsquoscavengesrsquo outdated records and deletes them Administrators have the following controls over scavenging which servers can scavenge zones which zones can be scavenged and which records must be scavenged if they become outdated

Features of Microsoft DNS Server continuedhellip

bull Uniced Character Support The Windows 2000 implementation of DNS is designed to support UTF-8 character encoding Specifically the UTF-8 character set allows the use of characters from most of the worlds written language

bull Caching ResolverA service with the sole purpose of improving name lookup performance and to reduce network traffic associated with name lookups by minimising the number of name resolution round trips

bull Administrative Tools Windows 2000 DNS incorporated as a new feature A DNS Manager The DNS manager provides facilities to administer DNS server its zones security issues etc

bull Performance StatisticsPreliminary testing of the Windows 2000 DNS server shows the following performance 900 queriessecond 100 dynamic updates per second and 30 processor utilization Tests were done using an Intel P-II 400MHz processor 256MB RAM and 4GB HDD

The DNS PacketsAll communications inside of the domain protocol are carried in a single format called a message The top level format of message is divided into 5 sections (some of which are empty in certain cases)

Header

The DNS Packetsbull The header section includes fields that specify

ndash which of the remaining sections are present

ndash whether the message is a query or a response

bull The question section contains

ndash Queries for which answers are desired

ndash The client fills in only the question sectionbull Each question has

ndash Query Domain Namendash Query Typendash Query Class fields

ndash the server returns the question and answers with its response

bull The answer section contains

ndash RRs (resource records) that answer the question

bull The authority section contains

ndash RRs that point toward an authoritative name server

bull The additional information section contains

ndash RRs which relate to the query but are not strictly answers for the question

CONCLUSIONbull Should understand

- DNS history - Name server configuration- Zone hierarchy - Name server operations- DNS clients (The resolver)

bull DNS used to resolve 14 322 950 hostnames (March 2000)bull DNS is very reliable and scalable

ndash Improvements are proposedbull Name-service ndash acts as a lsquolayerrsquo on top of DNS

ndash Allows everyday naming schemes ( eg httpjames )ndash Looks up official (corresponding) domain name first then IP address

bull Resource Locator Service (RLS)ndash Incorporates lsquotimestampingrsquo into URLrsquosndash Eliminates link lsquorotrsquondash Generates more name spacendash Runs side by side with DNS

bull DNS is still lsquode factorsquo and likely to remain so for several years



Introduction amp History


Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION


bull Introduction amp Historybull How a resolver looks up a remote namebull Domain Name space

ndash Practical DNSndash The Domain Name Spacendash Root Name Serverndash uk The United Kingdomrsquos TLDndash WHOIS ndash Database Of Registrantsndash Registering a coukdomain

bull Inside a DNS Serverndash Resolvingndash Cachingndash Updating

bull Two DNS Serversndash BINDndash Microsoft DNS Server

bull The DNS Packetsbull Conclusions













- Hoststxt became

Large

Slow to download



woodstock

man

ac

uk

woodstock

umist













Practical DNS











Root name servers











company name

Domain Intended use







schuk for schools




policeuk

















at 191200 17-Apr-2002








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION













- Hoststxt became

Large

Slow to download



woodstock

man

ac

uk

woodstock

umist













Practical DNS











Root name servers











company name

Domain Intended use







schuk for schools




policeuk

















at 191200 17-Apr-2002








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION













Practical DNS











Root name servers











company name

Domain Intended use







schuk for schools




policeuk

















at 191200 17-Apr-2002








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION







Root name servers











company name

Domain Intended use







schuk for schools




policeuk

















at 191200 17-Apr-2002








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION






company name

Domain Intended use







schuk for schools




policeuk

















at 191200 17-Apr-2002








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION















at 191200 17-Apr-2002








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION








RESOLVING













uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION



uk

ac

umistacuk

lionumistacuk

130889640


Answer 130889640

lionumistacuk

lionumistacuk

lionumistacuk













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION













Caching

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION

Updating







Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION

Resource Records




Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION

Types of Records



BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION

BIND

















Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION














Header


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION


























Slide 5

Practical DNS


Root name servers




RESOLVING



Caching

Updating

Resource Records

Types of Records

BIND

Slide 20

Slide 21

The DNS Packets

Slide 23

CONCLUSION

the domain name system james brown simon gingold yue lai jun ma haobin song thomas stewart david...

Documents

root domain

nearest dns server

server uk

server authoritative

server load

uniqueness domain names

root server step3

space practical dns