DNS$Root$NameServers$An$Overview$Dr.$Farid$Farahmand$Updated:$9/24/12$Who@is@ Who!$• Over half million networks are connected to the Internet – 5 billion users by 2015! • Network numbers are managed by ICANN (Internet Corporation for Assigned Names and Numbers) - http://www.icann.org/ – Delegates part of address assignments to regional authorities called registrars • Registrars are authorized by ICANN to assign blocks of addresses • IP address blocks are given to ISPs and companies • ISPs distribute individual addresses to users and organizationsICANN$OrganizaFon$• The$Internet$CorporaFon$for$Assigned$Names$and$Numbers$(ICANN)$– ICANN$is$a$non@profit$organizaFon$$– It$is$under$a$$contract$with$DoC$(U.S.$department$of$commerce)$• The$United$States$Department$of$Commerce$who$must$approve$all$changes$requested$to$addressing$(Zone$files)$by$ICANN.$– Responsible$for$coordinaFng$the$Internet's$systems$of$unique$idenFfiers,$including$the$systems$of$domain$names$and$numeric$addresses$that$are$used$to$reach$computers$on$the$Internet$• ICANN$assigns$address$blocks$to$regional$Internet$registries$(RIR)$– There$are$five$RIR$(e.g.,$Africa$or$US@Canada)$– In$U.S.$RIR$is$called$The$American$Registry$for$Internet$Numbers$(ARIN)$IANA$FuncFon$• The$ICANN$is$under$contract$(since$1998)$with$the$United$States$Department$of$Commerce$to$perform$the$IANA$funcFon$– Internet$Assigned$Numbers$Authority$–$IANA$• The$IANA$funcFons$includes$$– Internet$Protocol$(IP)$address$space$allocaFon,$$– protocol$idenFfier$assignment$$– generic$(gTLD)$and$country$code$(ccTLD)$Top@Level$Domain$name$system$management$– root$server$system$management$funcFons$ARIN$&$AS$• In$U.S.$Regional$Internet$Registries$$is$called$The$American$Registry$for$Internet$Numbers$(ARIN)$• ARIN$manages$the$distribuFon$of$Internet$number$resources,$including$IPv4$and$IPv6$address$space$and$AS$numbers$– Autonomous$System$(AS)$is$a$collecFon$of$connected$Internet$Protocol$(IP)$rouFng$prefixes$under$the$control$of$one$or$more$network$operators$– Example:$$AT&T$has$AS#$7018$– Border$Gateway$Protocol$(BGP)$uses$the$AS#$for$rouFng$purposes$Nameserver$• The$enFre$Internet$is$managed$through$special$hierarchical(addressing(system$• In$order$to$reach$a$desFnaFon,$each$request$must$find$out$about$the$IP$address$of$the$domain$(desFnaFon’s$physical$locaFon)$it$is$trying$to$reach$• Thus,$before$sending$a$request,$the$source$must$perform$a$query$to$learn$about$the$IP$address$of$the$desFnaFon$node$– The$queries$(quesFons)$are$sent$to$authoritaFve$nameservers(• An$authorita2ve(nameserver(is$a$name$server$that$gives$answers$in$response$to$quesFons$asked$about$names$in$a$zones$– AuthoritaFve$only$$• Only$answer$to$queries$about$a$zone$$– Cashing$name$server$• They$are$configured$to$give$authoritaFve$answers$to$queries$for$some$zones$and$act$as$a$caching$name$server$for$all$other$zones.$$• DNS(zones(may$consist$of$only$one$domain,$or$may$comprise$many$domains$and$sub@domains$– Each$Zone$is$defined$by$a$Zone$File$• A$Zone(File(contains$specificaFon$for$host$addressing,$name$aliasing,$electronic$mail$rouFng,$backup$server$systems,$geographic$locaFon,$administraFve$contacts,$and$many$other$pieces$of$informaFon$$– Each$entry$has$a$DNS$record$types$(e.g.,$A=address$record;$MX=Mail$exchange$record)$• The$Root(Zone(is$controlled$by$the$United$States$Department$of$Commerce$who$must$approve$all$changes$to$the$root$zone$file$requested$by$ICANN.$A$fully$qualified$domain$name$(FQDN)$• A$fully$qualified$domain$name$(FQDN)$is$a$domain$name$that$specifies$its$exact$locaFon$in$the$tree$hierarchy$of$the$Domain$Name$System$(DNS)$– It$is$an$authorita2ve(name(server($– It$specifies$all$domain$levels$– For$example,$given$a$device$with$a$local$hostname$myhost$and$a$parent$domain$name$example.com,$the$fully$qualified$domain$name$is$myhost.example.com$– The$FQDN$therefore$uniquely$idenFfies$the$device$—while$there$may$be$many$hosts$in$the$world$called$myhost,$there$can$only$be$one$myhost.example.com.$$– In$DNS$zone$files,$a$fully$qualified$domain$name$is$specified$with$a$trailing$dot.$For$example,$myhost.example.com.$BIND$Sojware$• The$obvious$quesFon$is$how$does$DNS$operaFon$actually$take$place?$$– Using$DNS$sojware$$• Berkeley$Internet$Name$Domain(BIND)$is$the$de$facto$standard$for$running$DNS$on$Unix@like$OS$– Developed$by$four$graduate$students$at$the$Computer$Systems$Research$Group$at$Berkeley$• A$new$version$of$BIND$(BIND$9)$was$wrilen$by$the$ISC$(Internet$Systems$ConsorFum,$Inc.,$)$from$scratch$– Included$new$features:$$IPv6,$remote$name$daemon$control,$etc.$• All$Zone@files,$thus$follow$BIND@style$NSD$Sojware$• Another$notable$sojware$is$NSD$for$name$server$daemon$– Daemon$is$a$background$process$that$handles$requests$for$service$• NSD$is$an$open@source$server$program$for$the$Domain$Name$System$– Developed$by$NLnet$Labs$of$Amsterdam$– Uses$the$standard$TCP/UDP$port$53$– Latest$version$is$3$– Main$advantage$is$more$efficient$memory$usage:$e.g.,$for$serving$domains,$NSD$can$save$significant$RAM$space$(PROJECT$IDEA)$– Remember:$It$is$all$about$cache!$$• Three$root$nameservers$have$switched$from$BIND$to$NSD$– [email protected]$$– [email protected]$(there$are$three$H1,$H2,$H3)$–