arthur harris gennadiy kofman james mendoza domain name system
TRANSCRIPT
Arthur HarrisGennadiy KofmanJames Mendoza
Domain Name System
To be discussed:
• Machines and names (history)- Flat namespace
• Hierarchical names- Delegation of authority- Subset Authority- Obtaining authority on a subdomain
• Internet Domain Names• Top level domains• Mapping names to addresses• Name resolution• Caching• Domain name abbreviation• Reverse DNS• Object types and resource record content (name server records)• Pointer queries
Machines and Names
Why use names?
- Difficult to remember a 32-bit number
- System of mapping names to addresses was created
- In the early days, there weren’t many computers networked, so names were chosen with low chance of conflict
- Flat namespace was used; database of single-word names run by a single authority
Flat namespace
Advantage
- Easy to remember
Disadvantages
- Doesn’t accommodate large number of machines
- Names centrally stored (excessive traffic to one spot)
- High cost of maintenance
Hierarchical names
- Solution to flat namespace
- Names are now hierarchically delegated rather than run by a central authority
- Authority over the different levels of the hierarchy are delegated to different entities
Hierarchical names
Advantages
- Accommodates a much larger number of machines
- More efficient
Disadvantage
- More complex than flat namespace
Internet Domain Names
DNS (Domain Name System)
DNS Provides name-to-address mapping for the internet
The hierarchical naming scheme in DNS is called domain names
DNS syntax and rules
Domain names consist of subnames separated by periods (i.e. www.csun.edu)
Each subname is called a label (i.e. www, csun, edu)
Any suffix in a domain name is called a domain
Third-level domain www.csun.eduSecond-level domain csun.eduTop-level domain edu
Top-level domains
Organized by countryus, ci, au, uk, jp, ru, nu (What’s nu?)
Organized by organization
arpa, com, edu, gov, museum, name, net, org
Delegation of authority for names
Domain names are handled by multiple entities
Different entities have authority over different parts of a domain name
In the internet world, the top-level domains are run by the big shots
ICANN (Internet Corporation for Assigned Names and Numbers).
ICANN
ICANN delegates authority of second-level domains to various entities such as ISPs and registrars. ISPs and registrars can delegate second and/or third-level domains to other entities (usually us, the common masses).
python.ecs.csun.edu
edu – run by ICANNcsun – run by CSUNecs – run by CSUNpython – run by CSUN
Mapping Domain Names to Addresses
- Name servers are the heart of the domain name system.
- Name servers resolve domains to IP addresses.
- 13 root servers, which resolve the top-level domains, are spread out across the world.
- For second-level domains, there are thousands of name servers across the world.
Typical root server entries for Name Server
; formerly NS.INTERNIC.NET;. 3600000 IN NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4;; formerly NS1.ISI.EDU;. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107;; formerly C.PSI.NET;. 3600000 NS C.ROOT-SERVERS.NET.C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12;
Mapping Domain Names to Addresses
- Servers for third, fourth, fifth, and higher levels can exist also, but not as common. You rarely see a domain name aaa.bbb.ccc.ddd.eee.com
How does a client find a name server to start querying names?
- Primary and secondary DNS IPs specified in your TCP/IP settings (Windows)
- How does a name server find other name server that can resolve names that it can’t?
- All name servers must know the address of at least one root server.
Resource records on a name server
A Host address 32-bit IP addressCNAME Canonical name Alias for a domain nameMX Mail exchanger Name of mail exchanger host NS Name server Name of authoritative server SOA Start of authority Fields to specify parts of naming
hierarchy a server implements
A look at a root servers zone file
COM. NS A.GTLD-SERVERS.NETCOM. NS G.GTLD-SERVERS.NETCOM. NS H.GTLD-SERVERS.NETCOM. NS C.GTLD-SERVERS.NETCOM. NS I.GTLD-SERVERS.NETCOM. NS B.GTLD-SERVERS.NETEDU. NS L3.NSTLD.COMEDU. NS D3.NSTLD.COMEDU. NS A3.NSTLD.COMEDU. NS E3.NSTLD.COMGOV. NS G.GOV.ZONEEDIT.COMGOV. NS F.GOV.ZONEEDIT.COMGOV. NS E.GOV.ZONEEDIT.COM
A Look at a Root Servers Zone file
RU. NS NS.RIPN.NETRU. NS NS2.RIPN.NETUK. NS NS1.NIC.UKUK. NS NS2.NIC.UKUK. NS NS4.NIC.UKHK. NS ADNS1.BERKELEY.EDUHK. NS ADNS2.BERKELEY.EDUHK. NS NS1.HKIRC.NET.HKHK. NS NS2.HKIRC.NET.HKHK. NS TLD3.ULTRADNS.ORGHK. NS TLD5.ULTRADNS.INFOHK. NS TLD6.ULTRADNS.CO.UK.
From edu top top-level server
CSUN NS NS1.CSUNCSUN NS NS3.CSUN
Abbreviation of Domain Names
- Within a particular network, a list of domain name suffixes are kept. In the CS department, for example:
.ecs.csun.edu
.csun.edunull
- User within said network need only type in the subdomain prefix. In the CS department, for example, “python” leads to python.ecs.csun.edu
- The suffixes will combine with the prefix and be tried until a unique match is made
- If no subdomain combination is valid a 404 error is generated
Inverse Mappings
- Opposite of domain abbreviation
- The user need only type the domain suffix, for example csun.edu,or .edu
- Resolution of the prefix will be attempted, using the list of subdomains resident on the network.
- This may not always generate a unique path
- csun.edu could lead to www.csun.edu, but could also lead to www.ecs.csun.edu, www.pas.csun.edu and so on
- Although inverse queries have been a part of DNS since the beginning, they are generally not used because there is often more than one way to resolve the query.
Pointer Queries
- The server maps the client’s IP address to a domain name
Why do we need it?
- Companies may only want to allow clients that are part of their company to connect
- If non-company clients attempt to connect, their IP address will be checked by a pointer query
- If their IP address is not part of the company domain, they will get receive a Denial of Service
Caching
- Name servers and clients maintain their own cache for recently queried domain names
- Cached entries have a limited lifetime, which is specified by the TTL (time to live) which it receives in a name server query