1 1 EE 122: Domain Name System Ion Stoica TAs: Junda Liu, DK Moon, David Zats http://inst.eecs.berkeley.edu/~ee122/ (Materials with thanks to Vern Paxson, Jennifer Rexford, and colleagues at UC Berkeley) 2 Goals of Today’s Lecture Concepts & principles underlying the Domain Name System (DNS) Indirection: names in place of addresses Hierarchy: in names, addresses, and servers Caching: of mappings from names to/from addresses Inner workings of DNS DNS resolvers and servers Iterative and recursive queries TTL-based caching Use of the dig utility Security analysis 3 Host Names vs. IP addresses Host names Mnemonic name appreciated by humans Variable length, full alphabet of characters Provide little (if any) information about location Examples: www.cnn.com and bbc.co.uk IP addresses Numerical address appreciated by routers Fixed length, binary number Hierarchical, related to host location Examples: 64.236.16.20 and 212.58.224.131 4 Separating Naming and Addressing Names are easier to remember www.cnn.com vs. 64.236.16.20 Addresses can change underneath Move www.cnn.com to 4.125.91.21 E.g., renumbering when changing providers Name could map to multiple IP addresses www.cnn.com to multiple (8) replicas of the Web site Enables Load-balancing Reducing latency by picking nearby servers Tailoring content based on requester’s location/identity Multiple names for the same address E.g., aliases like www.cnn.com and cnn.com 5 Scalable (Name ↔ Address) Mappings Originally: per-host file Flat namespace /etc/hosts (what is this on your computer today?) SRI (Menlo Park) kept master copy Downloaded regularly Single server doesn’t scale Traffic implosion (lookups & updates) Single point of failure Amazing politics Need a distributed, hierarchical collection of servers!6 Domain Name System (DNS) Properties of DNS Hierarchical name space divided into zones Zones distributed over collection of DNS servers Hierarchy of DNS servers Root (hardwired into other servers) Top-level domain (TLD) servers Authoritative DNS servers Performing the translations Local DNS servers2 7 Distributed Hierarchical Database com edu org ac uk zw arpa unnamed root bar west east foo my ac cam usr in- addr generic domains country domains my.east.bar.edu usr.cam.ac.uk Top-Level Domains (TLDs) 8 DNS Root Located in Virginia, USA How do we make the root scale? Verisign, Dulles, VA 9 DNS Root Servers 13 root servers (see http://www.root-servers.org/) Labeled A through M Does this scale? B USC-ISI Marina del Rey, CA L ICANN Los Angeles, CA E NASA Mt View, CA F Internet Software Consortium Palo Alto, CA I Autonomica, Stockholm K RIPE London M WIDE Tokyo A Verisign, Dulles, VA C Cogent, Herndon, VA D U Maryland College Park, MD G US DoD Vienna, VA H ARL Aberdeen, MD J Verisign 10 DNS Root Servers 13 root servers (see http://www.root-servers.org/) Labeled A through M Replication via any-casting (localized routing for addresses) B USC-ISI Marina del Rey, CA L ICANN Los Angeles, CA E NASA Mt View, CA F Internet Software Consortium, Palo Alto, CA (and 37 other locations) I Autonomica, Stockholm (plus 29 other locations) K RIPE London (plus 16 other locations) M WIDE Tokyo plus Seoul, Paris, San Francisco A Verisign, Dulles, VA C Cogent, Herndon, VA (also Los Angeles, NY, Chicago) D U Maryland College Park, MD G US DoD Vienna, VA H ARL Aberdeen, MD J Verisign (21 locations) 11 TLD and Authoritative DNS Servers Top-level domain (TLD) servers Generic domains (e.g., com, org, edu) Country domains (e.g., uk, fr, cn, jp) Special domains (e.g., arpa) Typically managed professionally Network Solutions maintains servers for “com” Educause maintains servers for “edu” Authoritative DNS servers Provide public records for hosts at an organization Private records may differ, though not part of original design’s intent For the organization’s servers (e.g., Web and mail) Can be maintained locally or by a service provider 12 Using DNS Local DNS server (“default name server”) Usually near the endhosts that use it Local hosts configured with local server (e.g., /etc/resolv.conf) or learn server via DHCP Client application Extract server name (e.g., from the URL) Do gethostbyname() to trigger resolver code Server application Extract client IP address from socket Optional gethostbyaddr() to translate into3 13 requesting host cis.poly.edu gaia.cs.umass.edu root DNS server local DNS server dns.poly.edu 1 2 3 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server Example Host at cis.poly.edu wants IP address for gaia.cs.umass.edu 14 How did it know the root server IP? Hard-coded What if it changes? 15 Recursive vs. Iterative Queries Recursive query Ask server to get answer for you E.g., request 1 and response 8 Iterative query Ask server who to ask next E.g., all other request-response pairs requesting host cis.poly.edu root DNS server local DNS server dns.poly.edu 1 2 3 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server 16 Reverse Mapping (Address → Host) How do we go the other direction, from an IP address to the corresponding hostname? Addresses already have natural “quad” hierarchy: 12.34.56.78 But: quad notation has most-sig. hierarchy element on left, while www.cnn.com has it on the right Idea: reverse the quads = 78.56.34.12 … … and look that up in the DNS Under what TLD? Convention: in-addr.arpa So lookup is for 78.56.34.12.in-addr.arpa 17 Distributed Hierarchical Database com edu org ac uk zw arpa unnamed root bar west east foo my ac cam usr in- addr generic domains country domains my.east.bar.edu usr.cam.ac.uk 12 34 56 12.34.56.0/24 18 DNS Caching Performing all these queries takes time And all this before actual communication takes place E.g., 1-second latency
View Full Document
Unlocking...