The Domain Name Service, Etc.The Domain Name Service, Etc.Jeff ChaseDuke University, Department of ComputerScienceCPS 212: Distributed Information SystemsTodayToday1. Domain Name Service (DNS) illustrates:• issues and structure for large-scale naming systemsnaming contexts• use of hierarchy for scalabilitydecentralized administration of the name spacehierarchical authority and trust2. Role of DNS in wide-area request routing• DNS round robin• Content Distribution Networks: Akamai, Digital IslandDNS 101DNS 101Domain names are the basis for the Web’s global URL space.provides a symbolic veneer over the IP address spacenames for autonomous naming domains, e.g., cs.duke.edunames for specific nodes, e.g., fran.cs.duke.edunames for service aliases (e.g., www, mail servers)• Almost every Internet application uses domain names whenit establishes a connection to another host.The Domain Name System (DNS) is a planetary name servicethat translates Internet domain names.maps <node name> to <IP address>(mostly) independent of location, routing etc.Domain Name HierarchyDomain Name Hierarchy.eduunccsdukecs envmcwww(prophet)whiteoutcswashingtoncomgovorgnetfirmshopartswebustop-leveldomains(TLDs)frgeneric TLDscountry-codeTLDsDNS name space is hierarchical:- fully qualified names are “little endian”- scalability- decentralized administration- domains are naming contextsreplaces primordial flat hosts.txt namespaceHow is this different from hierarchicaldirectories in distributed file systems? Do wealready know how to implement this?“lookup www.nhc.noaa.gov”DNS server fornhc.noaa.govlocalDNS server“www.nhc.noaa.gov is140.90.176.22”DNS Implementation 101DNS Implementation 101WWW server fornhc.noaa.gov(IP 140.90.176.22)DNS protocol/implementation:• UDP-based client/server• client-side resolverstypically in a librarygethostbyname, gethostbyaddr• cooperating serversquery-answer-referral modelforward queries among serversserver-to-server may use TCP(“zone transfers”)• common implementation: BINDDNS Name Server HierarchyDNS Name Server Hierarchy.eduuncdukecs envmc...comgovorgnetfirmshopartswebusfrRoot servers listservers for everyTLD.DNS servers are organized into a hierarchythat mirrors the name space.Specific servers are designated asauthoritative for portions of the name space.Subdomains correspond toorganizational (admininstrative)boundaries, which are notnecessarily geographical.Servers may delegatemanagement ofsubdomains to childname servers.Parents refersubdomain queries totheir children.Servers are bootstrapped with pointersto selected peer and parent servers.Resolvers are bootstrapped withpointers to one or more local servers;they issue recursive queries.DNS: The PoliticsDNS: The PoliticsHe who controls DNS controls the Internet.• TLD registry run by Network Solutions, Inc. until 9/98.US government (NSF) granted monopoly, regulated but notanswerable to any US or international authority.• Registration is transitioning to a more open managementstructure involving an alphabet soup of organizations.For companies, domain name == brand.• Squatters register/resell valuable domain name “real estate”.• Who has the right to register/use, e.g., coca-cola.com?DNS: The Big IssuesDNS: The Big Issues1. Naming contextsI want to use short, unqualified names like whiteout instead ofwhiteout.cs.duke.edu when I’m in the cs.duke.edu domain.2. What about trust? How can we know if a server isauthoritative, or just an impostor?What happens if a server lies or behaves erratically? Whatdenial-of-service attacks are possible? What about privacy?3. What if an “upstream” server fails?4. Is the hierarchical structure sufficient for scalability?more names vs. higher request ratesDNS CachingDNS CachingCaching of query responses allows subsequentqueries to bypass the roots of the server hierarchy.Each response is stamped with a time-to-live(TTL) to limit damage from stale cache entries..edudukecsTLD rootprophet.cs.duke.eduLocal server caches .edu,duke.edu, cs.duke.edu,and prophet.cs.duke.edu.responsequeryWhat about negative caching: is itworthwhile to cache negative responses?DNS ReplicationDNS ReplicationEvery DNS domain has or should have at leastone secondary name server replica.- configure peers to offload queries from primary- serve as authoritative backupSecondary replicas keep themselves up to date byperiodically fetching/refreshing the entire namingdatabase via zone transfer (TCP).The primary database is timestamped with a “serialnumber” to short-circuit if no updates have occurredsince last zone transfer.How to load-balance the secondaries?What if primary is overloaded with too manysecondaries requesting zone transfers?.edudukecsmcqueryzone transferprimarysecondaryquery (backup)domain adminupdates primaryReverse TranslationReverse Translation152...23140 ......5(prophet)152.3.140.5...4...The Server Selection ProblemThe Server Selection ProblemWhich network site?Which server?“Contact the weather service.”server array Aserver farm BDNS Round RobinDNS Round Robin“lookup www.nhc.noaa.gov”aDNS server fornhc.noaa.govbcdlocalDNS server“www.nhc.noaa.gov isIP address a”(or {b,c,d})Brisco (Rutgers), RFC 1794What about DNS caching?How to handle server failures?How effective is the load-balancing?Cisco DistributedDirector uses a moresophisticated DNS load balancing approach,based on its Director Response Protocol (DRP),and also incorporates HTTP redirection.Generalized Cache/CDNGeneralized Cache/CDN(External View)(External View){request, reply}Origin ServersClients{push, request, reply}Content Distribution NetworksWeb CachesGeneralized Cache/CDNGeneralized Cache/CDN(Internal View)(Internal View)Leaf Caches(e.g., ISP proxies)Interior Cachesroot cachesreverse proxiesCDN cachesRequestRoutingFunctionƒbound client populationsƒDNSDNS--based Request Routingbased Request RoutingHow to apply the request routing function ƒ?• Some intermediary intercepts the request, and directs it to aselected site.Smart proxies or switches? E.g., look at URL or server IP address.•Or, interpose on the binding procedure, before the client sendsthe request itself.Smart clients, Active Names, RPC binding, or DNS lookupThird-party CDNs are based on DNS servers that select thecache/replica site on DNS lookup for the request.Akamai, Digital Island, Web hosting providers (e.g., Exodus), etc.Like DNS-RR....but smarter...Using DNS for ThirdUsing DNS for Third--party CDNsparty CDNsIntelligent