11-dns
Post on 16-Jan-2016
220 Views
Preview:
DESCRIPTION
TRANSCRIPT
Domain Name System (DNS)
Need of DNS
Tree structure of Domain Name
Distributed hierarchy of DNS
DNS Header
Features of DNS
1 OPM
Purpose of naming (domain naming)
• Addresses are used to locate objects like websites, Mail servers etc.
• Names are easier to remember than numbers/ IP addresses.
• It is user friendly to get IP address of Websites, Mail server etc. using
a name.
• DNS provides a mapping from names to IP addresses and vice
versa.
2 OPM
Names and addresses in general
• An address is how you get to an endpoint
Typically, hierarchical (for scaling):
MANIT Bhopal, M.P., India, 462051
+91-755-405-1500
204.152.187.11
www.manit.ac.in, www.upsc.gov.in, www.google.com
Subdomain for emails:- hod@ece.manit.ac.in
DNS was developed in 1983 by Paul Mockapetris (RFCs 1034 and
1035), modified, updated, and enhanced by subsequent RFCs.
3 OPM
4
DNS Terms
• Domain name: any name represented in the DNS format – mail.yahoo.com
– www.manit.ac.in
– opm@manit.ac.in (to target mail server @ symbol is used)
• DNS label: each string between two “.” – ac.in – 2 labels
• DNS zone: a set of names that are under the same authority – cs.manit.ac.in, ee.manit.ac.in and www.manit.ac.in
• Delegation: transfer of authority for a domain – gmail.com is a delegation from com.
OPM
DNS name server
• DNS name server is also called as DNS server.
• DNS server stores the DNS records for a domain name.
• DNS server maintains database of domain names and
corresponding IP addresses.
• DNS name server responds with answers to queries against its
database.
5 OPM
DNS name Servers (cont.)
• Name servers answer ‘DNS’ questions.
• Several types of name servers
– Authoritative servers
• master (primary)
• slave (secondary)
– (Caching) recursive servers
• also caching forwarders
– Mixture of functionality
• NMS, DHCP and DNS server
6 OPM
7
Domain Name System - DNS
• Provides mapping from ASCII domain names to IP addresses
– Hierarchical naming system.
– The set of names are divided into mutually exclusive parts.
• Supplies mechanism for global data storage and information
retrieval.
• Most important principles:
– Distributed system – set of servers sharing information.
– Efficiency - most of the requests resolved by local servers.
• Use of Caching.
– Reliability – works even if some of the servers fail.
OPM
DNS Servers
authoritative name server
• Give authoritative answers for one or more zones based on domains
and country.
• The master server normally loads the data from a zone file
• A slave server normally replicates the data from the master via a
zone transfer
master
slave
slave 8 OPM
Domain name syntax
• consists of one or more parts (label ) concatenated, and delimited by dots, such as www.gmail.com
• The right-most label conveys the top-level domain; for example, the domain name www.gmail.com belongs to the top-level domain com.
• The hierarchy of domains descends from right to left; each label to the left specifies a subdivision, or subdomain of the domain to the right. For example: the label gmail specifies a subdomain of the com domain, and www is a sub domain of gmail.com. This tree of subdomain may have up to 127 levels.
• Each label may contain up to 63 characters. The full domain name may not exceed a total length of 253 characters in its external dotted-label specification.
• The characters allowed in a label are a subset of the ASCII character set, and includes the characters a through z, A through Z, digits 0 through 9, and the hyphen (-). This rule is known as the LDH rule(Letters, Digits, Hyphen). There are demands for domain name in regional languages.
• Domain names are interpreted in case-independent manner. Labels may not start or end with a hyphen. 9 OPM
10
DNS tree
root
org com gov net in
cnn ibm gov co ac
iitk manit
OPM
11
Reliability over UDP
• DNS is an application which runs over UDP
– Advantage: not as complex as TCP.
– Disadvantage: requires reliability implementation at application level .
• Reliability scheme:
– Time out.
– Retransmissions - resends timed out query to a different server.
OPM
12
DNS Elements
• Resolver:
– only asks questions;
– recursive: takes simple query and makes all necessary steps to get the full answer.
• Server (some perform both roles of resolver & server at the same time):
– authoritative: the servers that contain the zone file for a zone, one Primary, one or more Secondary;
– caching: a recursive resolver that stores prior results and reuses them (local network servers and web browsers like google Crome etc.).
OPM
Registries, Registrars, and Registrants
• The Domain Wars resulted in a codification of roles in the operation of a domain name space
• Registry – the name space’s database
– the organization which has edit control of that database
• Including dispute resolution, policy control, etc.
– The organization which runs the authoritative name servers for that name space
• Registrar – the agent which submits change requests to the registry on behalf of the
registrant
• Registrant – The entity (person or organization) which makes use of the domain name
13 OPM
Obtaining Authority for a subname
• Before an Institution is granted authority for an official second-
level domain, it must agree to operate a domain name server that
meets internet standards.
• In case of main Name server and backup name server, there should
not be a common point of failure like common power backup.
• Examples of Donain and Subdomains
– www.manit.ac.in
– www.ece.manit.ac.in, www.cse.manit.ac.in, etc.
14 OPM
Registries, Registrars, and Registrants
Registry Zone DB
Registrants
End user requests add/modify/delete
Registrar submits add/modify/delete to registry
Registrar Registrar Registrar
Master server updated Registry updates
zone
Slaves server updated
NIR: National Internet Registry to
maintain records of IP allocation and
domain names in India, has been set
up in March 2013 under ministry of
Information and Communication,
govt. of India. 15 OPM
16
How Does DNS Work?
• The resolver sends a DNS request message over UDP to a local
domain name server.
• DNS caches stored data for a short time defined by TTL on the
Record.
• When a name server does not have the requested information,
it starts at longest match on query name it has when looking for data.
• The root server knows the IP address of each second-level domain
name server.
• Every server knows how to reach servers that are authorities for
names further down the hierarchy.
• The resolver follows delegations until it receives an answer.
OPM
Name Server Architecture
Master
server Zone transfer
Zone
data
file
From
disk Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
17 OPM
Authoritative Data
Resolver Query
Response
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
18 OPM
Using Other Name Servers
Arbitrary
name
server
Response
Resolver Query
Query
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Response
19 OPM
Cached Data
Query
Response
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Resolver
20 OPM
21
DNS query example (from IETF slides)
Root Server
ietf.org Server
Org Server
Ask org NS
Ask ietf.org NS
www.ietf.org A 65.256.255.51
www.ietf.org A 65.256.255.51
Recursive Resolver
www.ietf.org
Stub resolver
OPM
DNS recursive server
• Recursive servers do the actual lookups; they ask questions to the
DNS on behalf of the clients.
• Answers are obtained from authoritative servers but the answers
forwarded to the clients are marked as not authoritative
• Answers are stored for future reference in the cache
22 OPM
slideset 1 -23
Places where DNS data lives
Registry DB
Master
Slave server
Slave
Cache server
Changes in DNS do not propagate instantly!
Not going to net if TTL>0
Might take up to refresh to get data from master
Upload of zone data is local policy
OPM
Host device
DNS message
OPM 24
25 OPM
DNS Header (cont.)
• Identification:- A 16 bit identifier assigned by the program that generates any kind of query. This identifier is copied into the corresponding reply and can be used by the requester to match up replies to outstanding queries.
• Parameter:- 16 bit flag field classified as below
– QR:-A one bit field that specifies whether this message is a query (0), or a
response (1).
– Opcode:- A four bit field that specifies type of query in this message. Standard (0), Inverse (1), completion (2 & 3 now obsolete).
– AA(Authoritative Answer) :- this bit is only meaningful in responses, and specifies that the responding name server is an authority for the domain name in question section.
– TC (TrunCation):- specifies that this message was truncated.
26 OPM
DNS Header (cont.)
• RD (Recursion Desired) :- this bit directs the name server to pursue the query recursively.
• RA (Recursion Available) - this be is set or cleared in a response, and denotes whether recursive query support is available in the name server. Recursive query support is optional.
• Z Reserved for future use.
• AD (Authentic Data)- to show data authenticity and integrity of record and errors.
• CD (Checking Disabled)- to disable signature validation in a security-aware name server's processing of a particular query.
• RCODE (Response code) - this 4 bit field is set as part of responses. The values have the following interpretation: – 0 No error condition
– 1 Format error - The name server was unable to interpret the query.
– 2 Server failure - The name server was unable to process this query due to a problem with3 the name server.
– 3 Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist.
– 4 Not Implemented - The name server does not support the requested kind of query.
– 5 Refused - The name server refuses to perform the specified operation for policy reasons.
27 OPM
DNS Header (cont.)
• Number of Questions:- an unsigned 16 bit integer specifying the number of
entries in the question section.
• Number of Answers:- an unsigned 16 bit integer specifying the number of
resource records in the answer section.
• Number of Authority:- an unsigned 16 bit integer specifying the number of
name server resource records in the authority records section.
• Number of Additional :- ARCOUNT an unsigned 16 bit integer specifying
the number of resource records in the additional records section.
28 OPM
Question section
29
• QNAME (Query Domain Name) :-A domain name represented as a sequence of
labels, where each label consists of a length octet followed by that number of octets.
The domain name terminates with the zero length octet for the null label of the root.
•QTYPE (Query Type):- A two octet code which specifies the type of the query.
0x0001 for representing A records (host addresses/web), 0x000f for mail server
(MX) records and 0x0002 for name servers (NS) records.
•QCLASS (Query Class):- A two octet code that specifies the class of the query.
0x0001 for representing Internet addresses.
OPM
Answer Section
30
NAME (Resource Domain Name) The domain name that was queried, in the same
format as the QNAME in the questions.
TYPE Two octets containing one of the type codes. This field specifies the meaning
of the data in the RDATA field. type 0x0001 (A record), type 0x0002 (name servers)
, type 0x0005 (CNAME/ Alias) and 0x000f (mail servers).
CLASS Two octets which specify the class of the data in the RDATA field.
0x0001 for Internet addresses etc.
OPM
Answer Section (cont.)
• TTL (Time To Live)The number of seconds the results can be
cached.
• RDLENGTH (Resource data length) The length of the RDATA
field.
• RDATA (Resource data) The data of the response. The format is
dependent on the TYPE field:
– if the TYPE is 0x0001 for A records, then this is the IP address (4 octets).
– If the type is 0x0005 for CNAMEs, then this is the name of the alias.
– If the type is 0x0002 for name servers, then this is the name of the server.
– Finally if the type is 0x000f for mail servers,
31 OPM
Authority & Additional sections
• Authority Section
– Resource Records (RRs) pointing toward an authority
• Additional Section
– Resource Records (RRs) holding additional information
OPM 32
DNS Features: Dynamicity
• Database can be updated dynamically
– Add/delete/modify of any record
• Modification of the master database triggers replication
– Only master can be dynamically updated
• Creates a single point of failure
33 OPM
DNS Features: Global Distribution
• Data is maintained locally, but retrievable globally
– No single computer has all DNS data
• DNS lookups can be performed by any device
• Remote DNS data is locally cachable to improve performance
34 OPM
DNS Features: Loose Coherency
• The database is always internally consistent
– Each version of a subset of the database (a zone) has a serial number
• The serial number is incremented on each database change
• Changes to the master copy of the database are replicated according to timing set by the zone administrator
• Cached data expires according to timeout set by zone administrator
35 OPM
DNS Features: Scalability
• No limit to the size of the database
– One server has over 20,000,000 names
• No limit to the number of queries
– 24,000 queries per second handled easily
• Queries distributed among masters, slaves, and caches
36 OPM
DNS Features: Reliability
• Data is replicated
– Data from master is copied to multiple slaves
• Clients can query
– Master server
– Any of the copies at slave servers
• Clients typically query local caches
• DNS protocols can use either UDP or TCP
– If UDP, DNS protocol handles retransmission, sequencing, etc.
37 OPM
top related