CIS 505: Software SystemsDesign spaceDesign space 2What is in a name?Domain Name Service (DNS)DNS 101Domain Name HierarchyDNS Implementation 101DNS Name Server HierarchyDNS: The Big IssuesDNS CachingDNS ReplicationThe Server Selection ProblemDNS Round RobinGeneralized Cache/CDN (External View)Generalized Cache/CDN (Internal View)DNS-based Request RoutingUsing DNS for Third-party CDNsDomain Granularity and “Akamaizing”The Akamai et. al. DNS HookWide-Area Request RoutingDNS summary01/14/19 CIS 505CIS 505: Software SystemsLecture 13: Name Services ICDK 91.-9.201/14/19 CIS 505Design space What do you do when change your phone number?Email/call friend ASAP< 400 friends?White page updated once a yearChanges are infrequent01/14/19 CIS 505Design space 2Design considerationsSize of local directoryDelay and cost of update propagationChallengesScaleFrequency of change01/14/19 CIS 505What is in a name?Pure name Un interpreted bit patternsAlways have to be looked upMay refer to a service instead of a single objectAddress Identifies the location of an objectEfficient for accessing objectsBut inadequate as ID01/14/19 CIS 505Domain Name Service (DNS)A planetary name service that translates Internet domain namesmaps <node name> to <IP address>(mostly) independent of location, routing etc.Use of hierarchy for scalabilitydecentralized administration of the name spacehierarchical authority and trust01/14/19 CIS 505DNS 101Domain names are the basis for the Web’s global URL space.provides a symbolic veneer over the IP address spacenames for autonomous naming domains, e.g., cis.upenn.edunames for specific nodes, e.g., codex.cis.upenn.edunames for service aliases (e.g., www, mail servers)01/14/19 CIS 505Domain Name Hierarchy.edudrexelcsupenncis whartoneewww(C1K)centralcswashingtoncomgovorgnetfirmshopartswebustop-leveldomains(generic TLDs) frcountry-code TLDsDNS name space is hierarchical: - fully qualified names are “little endian” - scalability - decentralized administration - domains are naming contextsreplaces primordial flat hosts.txt namespaceHow is this different from hierarchical directories in distributed file systems? Do we already know how to implement this?01/14/19 CIS 505“lookup www.nhc.noaa.gov”DNS server fornhc.noaa.govlocalDNS server“www.nhc.noaa.gov is140.90.176.22”DNS Implementation 101WWW server fornhc.noaa.gov(IP 140.90.176.22) DNS protocol/implementation:UDP-based client/serverclient-side resolverstypically in a librarygethostbyname, gethostbyaddrcooperating serversquery-answer-referral modelforward queries among serverscommon implementation: BIND01/14/19 CIS 505DNS Name Server Hierarchy.edudrexelupennciswhartonee...comgovorgnetfirmshopartswebusfrRoot servers listservers for every TLD.DNS servers are organized into a hierarchy that mirrors the name space.Specific servers are designated as authoritative for portions of the name space.Subdomains correspond to organizational (admininstrative) boundaries, which are not necessarily geographical.Servers may delegate management of subdomains to child name servers.Parents refer subdomain queries to their children.Servers are bootstrapped with pointers to selected peer and parent servers.Resolvers are bootstrapped with pointers to one or more local servers; they issue recursive queries.01/14/19 CIS 505DNS: The Big Issues1. Naming contextsI want to use short, unqualified names like central instead of central.cis.upenn.edu when I’m in the cis.upennedu domain.2. What about trust? How can we know if a server is authoritative, or just an impostor?What happens if a server lies or behaves erratically? What denial-of-service attacks are possible? What about privacy?3. What if an “upstream” server fails?4. Is the hierarchical structure sufficient for scalability?more names vs. higher request rates01/14/19 CIS 505DNS CachingCaching of query responses allows subsequent queries to bypass the roots of the server hierarchy.Each response is stamped with a time-to-live (TTL) to limit damage from stale cache entries..eduupenncisTLD rootC1k.cis.upenn.eduLocal server caches .edu, upenn.edu, cis.upenn.edu, and c1k.cis.upenn.edu.responsequeryWhat about negative caching: is it worthwhile to cache negative responses?01/14/19 CIS 505DNS ReplicationEvery DNS domain has or should have at least one secondary name server replica.- configure peers to offload queries from primary- serve as authoritative backupSecondary replicas keep themselves up to date by periodically fetching/refreshing the entire naming database via zone transfer (TCP).The primary database is timestamped with a “serial number” to short-circuit if no updates have occurred since last zone transfer.How to load-balance the secondaries?.eduupennciseequeryzone transferprimarysecondaryquery (backup)domain adminupdates primary01/14/19 CIS 505The Server Selection ProblemWhich network site?Which server?“Contact the weather service.”server array Aserver farm B01/14/19 CIS 505DNS Round Robin“lookup www.nhc.noaa.gov”aDNS server fornhc.noaa.govb c dlocalDNS server“www.nhc.noaa.gov isIP address a”(or {b,c,d})Brisco (Rutgers), RFC 1794What about DNS caching?How to handle server failures?How effective is the load-balancing?01/14/19 CIS 505Generalized Cache/CDN (External View){request, reply}Origin ServersClients{push, request, reply}Content Distribution NetworksWeb Caches01/14/19 CIS 505Generalized Cache/CDN (Internal View)Leaf Caches(e.g., ISP proxies)Interior Cachesroot cachesreverse proxiesCDN cachesRequest Routing Function ƒbound client populationsƒ01/14/19 CIS 505DNS-based Request RoutingHow to apply the request routing function ƒ?Some intermediary intercepts the request, and directs it to a selected site.Smart proxies or switches? E.g., look at URL or server IP address.Or, interpose on the binding procedure, before the client sends the request itself. Smart clients, Active Names, RPC binding, or DNS lookupThird-party CDNs are based on DNS servers that select the cache/replica site on DNS lookup for the request.Akamai, Digital Island, Web hosting providers (e.g., Exodus), etc.Like DNS-RR....but smarter...01/14/19 CIS 505Using DNS for Third-party CDNsIntelligent DNS-based request routing has some tricky parts:Third-party CDNs contract with content
View Full Document
Unlocking...