Slide 1Goals of Today’s LectureHost Names vs. IP addressesSeparating Naming and AddressingScalable (Name Address) MappingsDomain Name System (DNS)Distributed Hierarchical DatabaseDNS RootDNS Root ServersDNS Root ServersTLD and Authoritative DNS ServersUsing DNSExampleHow did it know the root server IP?Recursive vs. Iterative QueriesReverse Mapping (Address Host)Distributed Hierarchical DatabaseDNS CachingNegative CachingDNS Resource RecordsDNS ProtocolInteractive DNS lookups using digSlide 23Slide 24Slide 25Slide 26ReliabilityInserting Resource Records into DNSSetting up foobar.com, con’tSecurity Analysis of DNSSecurity Problem #1: StarbucksSecurity Problem #2: Cache PoisoningCache Poisoning, con’tCache Poisoning, con’tSummaryNext Lecture1EE 122: Domain Name SystemIon StoicaTAs: Junda Liu, DK Moon, David Zatshttp://inst.eecs.berkeley.edu/~ee122/(Materials with thanks to Vern Paxson, Jennifer Rexford,and colleagues at UC Berkeley)2Goals of Today’s LectureConcepts & principles underlying the Domain Name System (DNS)Indirection: names in place of addressesHierarchy: in names, addresses, and serversCaching: of mappings from names to/from addressesInner workings of DNSDNS resolvers and serversIterative and recursive queriesTTL-based cachingUse of the dig utilitySecurity analysis3Host Names vs. IP addressesHost namesMnemonic name appreciated by humansVariable length, full alphabet of charactersProvide little (if any) information about locationExamples: www.cnn.com and bbc.co.ukIP addressesNumerical address appreciated by routersFixed length, binary numberHierarchical, related to host locationExamples: 64.236.16.20 and 212.58.224.1314Separating Naming and AddressingNames are easier to rememberwww.cnn.com vs. 64.236.16.20Addresses can change underneathMove www.cnn.com to 4.125.91.21E.g., renumbering when changing providersName could map to multiple IP addresseswww.cnn.com to multiple (8) replicas of the Web siteEnablesLoad-balancingReducing latency by picking nearby serversTailoring content based on requester’s location/identityMultiple names for the same addressE.g., aliases like www.cnn.com and cnn.com5Scalable (Name Address) MappingsOriginally: per-host fileFlat namespace/etc/hosts (what is this on your computer today?)SRI (Menlo Park) kept master copyDownloaded regularlySingle server doesn’t scaleTraffic implosion (lookups & updates)Single point of failureAmazing politicsNeed a distributed, hierarchical collection of servers6Domain Name System (DNS)Properties of DNSHierarchical name space divided into zonesZones distributed over collection of DNS serversHierarchy of DNS serversRoot (hardwired into other servers)Top-level domain (TLD) serversAuthoritative DNS serversPerforming the translationsLocal DNS serversResolver software7Distributed Hierarchical Databasecom edu org acukzwarpaunnamed rootbarwest eastfoo myaccamusrin-addrgeneric domains country domainsmy.east.bar.eduusr.cam.ac.ukTop-Level Domains (TLDs)8DNS RootLocated in Virginia, USAHow do we make the root scale? Verisign, Dulles, VA9DNS Root Servers13 root servers (see http://www.root-servers.org/)Labeled A through MDoes this scale?B USC-ISI Marina del Rey, CAL ICANN Los Angeles, CAE NASA Mt View, CAF Internet Software Consortium Palo Alto, CAI Autonomica, StockholmK RIPE LondonM WIDE TokyoA Verisign, Dulles, VAC Cogent, Herndon, VAD U Maryland College Park, MDG US DoD Vienna, VAH ARL Aberdeen, MDJ Verisign10DNS Root Servers13 root servers (see http://www.root-servers.org/)Labeled A through MReplication via any-casting (localized routing for addresses)B USC-ISI Marina del Rey, CAL ICANN Los Angeles, CAE NASA Mt View, CAF Internet Software Consortium, Palo Alto, CA (and 37 other locations)I Autonomica, Stockholm (plus 29 other locations)K RIPE London (plus 16 other locations)M WIDE Tokyo plus Seoul, Paris, San FranciscoA Verisign, Dulles, VAC Cogent, Herndon, VA (also Los Angeles, NY, Chicago)D U Maryland College Park, MDG US DoD Vienna, VAH ARL Aberdeen, MDJ Verisign (21 locations)11TLD and Authoritative DNS ServersTop-level domain (TLD) serversGeneric domains (e.g., com, org, edu)Country domains (e.g., uk, fr, cn, jp)Special domains (e.g., arpa)Typically managed professionallyNetwork Solutions maintains servers for “com”Educause maintains servers for “edu”Authoritative DNS serversProvide public records for hosts at an organizationPrivate records may differ, though not part of original design’s intentFor the organization’s servers (e.g., Web and mail)Can be maintained locally or by a service provider12Using DNSLocal DNS server (“default name server”)Usually near the endhosts that use itLocal hosts configured with local server (e.g., /etc/resolv.conf) or learn server via DHCPClient applicationExtract server name (e.g., from the URL)Do gethostbyname() to trigger resolver codeServer applicationExtract client IP address from socketOptional gethostbyaddr() to translate into name13requesting hostcis.poly.edugaia.cs.umass.eduroot DNS serverlocal DNS serverdns.poly.edu123456authoritative DNS serverdns.cs.umass.edu78TLD DNS serverExampleHost at cis.poly.edu wants IP address for gaia.cs.umass.edu14How did it know the root server IP?Hard-codedWhat if it changes?15Recursive vs. Iterative QueriesRecursive queryAsk server to get answer for youE.g., request 1 and response 8Iterative queryAsk server who to ask nextE.g., all other request-response pairsrequesting hostcis.poly.eduroot DNS serverlocal DNS serverdns.poly.edu123456authoritative DNS serverdns.cs.umass.edu78TLD DNS server16Reverse Mapping (Address Host)How do we go the other direction, from an IP address to the corresponding hostname?Addresses already have natural “quad” hierarchy:12.34.56.78But: quad notation has most-sig. hierarchy element on left, while www.cnn.com has it on the rightIdea: reverse the quads = 78.56.34.12 …… and look that up in the DNSUnder what TLD?Convention: in-addr.arpaSo lookup is for 78.56.34.12.in-addr.arpa17Distributed Hierarchical Databasecom edu org acukzwarpaunnamed rootbarwest eastfoo myaccamusrin-addrgeneric domains country domainsmy.east.bar.eduusr.cam.ac.uk12345612.34.56.0/2418DNS CachingPerforming
View Full Document
Unlocking...