11DNS: Domain Name SystemEE 122: Intro to Communication NetworksFall 2007 (WF 4-5:30 in Cory 277)Vern PaxsonTAs: Lisa Fowler, Daniel Killebrew & Jorge Ortizhttp://inst.eecs.berkeley.edu/~ee122/Materials with thanks to Jennifer Rexford, Ion Stoica,and colleagues at Princeton and UC Berkeley2Announcements• Enough folks would be inconvenienced that wewon’t be closing either of the Monday or Tuesdaysections• Reminder, Homework #1 due this Friday beforeclass23Goals of Today’s Lecture• Concepts & principles underlying the DomainName System (DNS)– Indirection: names in place of addresses– Hierarchy: in names, addresses, and servers– Caching: of mappings from names to/from addresses• Inner workings of DNS– DNS resolvers and servers– Iterative and recursive queries– TTL-based caching– Use of the dig utility• Security analysis4Host Names vs. IP addresses• Host names–Mnemonic name appreciated by humans–Variable length, full alphabet of characters–Provide little (if any) information about location–Examples: www.cnn.com and bbc.co.uk• IP addresses–Numerical address appreciated by routers–Fixed length, binary number–Hierarchical, related to host location–Examples: 64.236.16.20 and 212.58.224.13135Separating Naming and Addressing• Names are easier to remember– www.cnn.com vs. 64.236.16.20• Addresses can change underneath– Move www.cnn.com to 4.125.91.21– E.g., renumbering when changing providers• Name could map to multiple IP addresses– www.cnn.com to multiple (8) replicas of the Web site– Enableso Load-balancingo Reducing latency by picking nearby serverso Tailoring content based on requester’s location/identity• Multiple names for the same address– E.g., aliases like www.cnn.com and cnn.com6Scalable (Name ↔ Address) Mappings• Originally: per-host file–Flat namespace–/etc/hosts (what is this on your computer today?)–SRI (Menlo Park) kept master copy–Downloaded regularly• Single server doesn’t scale–Traffic implosion (lookups & updates)–Single point of failure–Amazing politicsNeed a distributed, hierarchical collection of servers47Domain Name System (DNS)• Properties of DNS–Hierarchical name space divided into zones–Zones distributed over collection of DNS servers• Hierarchy of DNS servers–Root (hardwired into other servers)–Top-level domain (TLD) servers–Authoritative DNS servers• Performing the translations–Local DNS servers–Resolver software8Distributed Hierarchical Databasecom edu org ac ukzw arpaunnamed rootbarwest eastfoo myaccamusrin-addrgeneric domains country domainsmy.east.bar.eduusr.cam.ac.ukTop-Level Domains (TLDs)59DNS Root• Located in Virginia, USA• How do we make the root scale? Verisign, Dulles, VA10DNS Root Servers• 13 root servers (see http://www.root-servers.org/)– Labeled A through M• Does this scale?B USC-ISI Marina del Rey, CAL ICANN Los Angeles, CAE NASA Mt View, CAF Internet Software Consortium Palo Alto, CAI Autonomica, StockholmK RIPE LondonM WIDE TokyoA Verisign, Dulles, VAC Cogent, Herndon, VAD U Maryland College Park, MDG US DoD Vienna, VAH ARL Aberdeen, MDJ Verisign611DNS Root Servers• 13 root servers (see http://www.root-servers.org/)– Labeled A through M• Replication via any-casting (localized routing for addresses)B USC-ISI Marina del Rey, CAL ICANN Los Angeles, CAE NASA Mt View, CAF Internet Software Consortium, Palo Alto, CA (and 37 other locations)I Autonomica, Stockholm(plus 29 other locations)K RIPE London (plus 16 other locations)M WIDE Tokyo plus Seoul, Paris, San FranciscoA Verisign, Dulles, VAC Cogent, Herndon, VA (also Los Angeles, NY, Chicago)D U Maryland College Park, MDG US DoD Vienna, VAH ARL Aberdeen, MDJ Verisign (21 locations)12TLD and Authoritative DNS Servers• Top-level domain (TLD) servers– Generic domains (e.g., com, org, edu)– Country domains (e.g., uk, fr, cn, jp)– Special domains (e.g., arpa)– Typically managed professionallyo Network Solutions maintains servers for “com”o Educause maintains servers for “edu”• Authoritative DNS servers– Provide public records for hosts at an organizationo Private records may differ, though not part of original design’sintent– For the organization’s servers (e.g., Web and mail)– Can be maintained locally or by a service provider713Using DNS• Local DNS server (“default name server”)–Usually near the endhosts that use it–Local hosts configured with local server (e.g.,/etc/resolv.conf) or learn server via DHCP• Client application–Extract server name (e.g., from the URL)–Do gethostbyname() to trigger resolver code• Server application–Extract client IP address from socket–Optional gethostbyaddr() to translate into name14requesting hostcis.poly.edugaia.cs.umass.eduroot DNS serverlocal DNS serverdns.poly.edu123456authoritative DNS serverdns.cs.umass.edu78TLD DNS serverExampleHost at cis.poly.eduwants IP address forgaia.cs.umass.edu815Recursive vs. Iterative Queries• Recursive query– Ask server to getanswer for you– E.g., request 1and response 8• Iterative query– Ask server whoto ask next– E.g., all otherrequest-responsepairsrequesting hostcis.poly.eduroot DNS serverlocal DNS serverdns.poly.edu123456authoritative DNS serverdns.cs.umass.edu78TLD DNS server16Reverse Mapping (Address → Host)• How do we go the other direction, from an IPaddress to the corresponding hostname?• Addresses already have natural “quad” hierarchy:– 12.34.56.78• But: quad notation has most-sig. hierarchy elementon left, while www.cnn.com has it on the right• Idea: reverse the quads = 78.56.34.12 …– … and look that up in the DNS• Under what TLD?– Convention: in-addr.arpa– So lookup is for 78.56.34.12.in-addr.arpa917Distributed Hierarchical Databasecom edu org ac ukzw arpaunnamed rootbarwest eastfoo myaccamusrin-addrgeneric domains country domainsmy.east.bar.eduusr.cam.ac.uk12345612.34.56.0/2418DNS Caching• Performing all these queries takes time– And all this before actual communication takes place– E.g., 1-second latency before starting Web download• Caching can greatly reduce overhead– The top-level servers very rarely change– Popular sites (e.g., www.cnn.com) visited often– Local DNS server often has the information cached• How DNS caching works– DNS servers cache responses to queries– Responses include a “time to live” (TTL) field– Server deletes cached entry after TTL
View Full Document
Unlocking...