Duke CPS 212 - The Domain Name Service, Etc.

Unformatted text preview:

The Domain Name Service, Etc.TodayDNS 101Domain Name HierarchyDNS Implementation 101DNS Name Server HierarchyDNS: The PoliticsDNS: The Big IssuesDNS CachingDNS ReplicationReverse TranslationThe Server Selection ProblemDNS Round RobinGeneralized Cache/CDN (External View)Generalized Cache/CDN (Internal View)DNS-based Request RoutingUsing DNS for Third-party CDNsDomain Granularity and “Akamaizing”The Akamai et. al. DNS HookWide-Area Request RoutingDirectory Services (e.g., LDAP)Attributes and SearchingThe Domain Name Service, Etc.The Domain Name Service, Etc.Jeff ChaseDuke University, Department of Computer ScienceCPS 212: Distributed Information SystemsTodayToday1. Domain Name Service (DNS) illustrates:•issues and structure for large-scale naming systemsnaming contexts•use of hierarchy for scalabilitydecentralized administration of the name spacehierarchical authority and trust2. Role of DNS in wide-area request routing•DNS round robin•Content Distribution Networks: Akamai, Digital IslandDNS 101DNS 101Domain names are the basis for the Web’s global URL space.provides a symbolic veneer over the IP address spacenames for autonomous naming domains, e.g., cs.duke.edunames for specific nodes, e.g., fran.cs.duke.edunames for service aliases (e.g., www, mail servers)•Almost every Internet application uses domain names when it establishes a connection to another host.The Domain Name System (DNS) is a planetary name service that translates Internet domain names.maps <node name> to <IP address>(mostly) independent of location, routing etc.Domain Name HierarchyDomain Name Hierarchy.eduunccsdukecs envmcwww(prophet)whiteoutcswashingtoncomgovorgnetfirmshopartswebustop-leveldomains(TLDs) frgeneric TLDscountry-code TLDsDNS name space is hierarchical: - fully qualified names are “little endian” - scalability - decentralized administration - domains are naming contextsreplaces primordial flat hosts.txt namespaceHow is this different from hierarchical directories in distributed file systems? Do we already know how to implement this?“lookup www.nhc.noaa.gov”DNS server fornhc.noaa.govlocalDNS server“www.nhc.noaa.gov is140.90.176.22”DNS Implementation 101DNS Implementation 101WWW server fornhc.noaa.gov(IP 140.90.176.22) DNS protocol/implementation:•UDP-based client/server•client-side resolverstypically in a librarygethostbyname, gethostbyaddr•cooperating serversquery-answer-referral modelforward queries among serversserver-to-server may use TCP (“zone transfers”)•common implementation: BINDDNS Name Server HierarchyDNS Name Server Hierarchy.eduuncdukecs envmc...comgovorgnetfirmshopartswebusfrRoot servers listservers for every TLD.DNS servers are organized into a hierarchy that mirrors the name space.Specific servers are designated as authoritative for portions of the name space.Subdomains correspond to organizational (admininstrative) boundaries, which are not necessarily geographical.Servers may delegate management of subdomains to child name servers.Parents refer subdomain queries to their children.Servers are bootstrapped with pointers to selected peer and parent servers.Resolvers are bootstrapped with pointers to one or more local servers; they issue recursive queries.DNS: The PoliticsDNS: The PoliticsHe who controls DNS controls the Internet.•TLD registry run by Network Solutions, Inc. until 9/98.US government (NSF) granted monopoly, regulated but not answerable to any US or international authority.•Registration is transitioning to a more open management structure involving an alphabet soup of organizations.For companies, domain name == brand.•Squatters register/resell valuable domain name “real estate”.•Who has the right to register/use, e.g., coca-cola.com?DNS: The Big IssuesDNS: The Big Issues1. Naming contextsI want to use short, unqualified names like whiteout instead of whiteout.cs.duke.edu when I’m in the cs.duke.edu domain.2. What about trust? How can we know if a server is authoritative, or just an impostor?What happens if a server lies or behaves erratically? What denial-of-service attacks are possible? What about privacy?3. What if an “upstream” server fails?4. Is the hierarchical structure sufficient for scalability?more names vs. higher request ratesDNS CachingDNS CachingCaching of query responses allows subsequent queries to bypass the roots of the server hierarchy.Each response is stamped with a time-to-live (TTL) to limit damage from stale cache entries..edudukecsTLD rootprophet.cs.duke.eduLocal server caches .edu, duke.edu, cs.duke.edu, and prophet.cs.duke.edu.responsequeryWhat about negative caching: is it worthwhile to cache negative responses?DNS ReplicationDNS ReplicationEvery DNS domain has or should have at least one secondary name server replica.- configure peers to offload queries from primary- serve as authoritative backupSecondary replicas keep themselves up to date by periodically fetching/refreshing the entire naming database via zone transfer (TCP).The primary database is timestamped with a “serial number” to short-circuit if no updates have occurred since last zone transfer.How to load-balance the secondaries?What if primary is overloaded with too many secondaries requesting zone transfers?.edudukecsmcqueryzone transferprimarysecondaryquery (backup)domain adminupdates primaryReverse TranslationReverse Translation152...23140 ......5(prophet)152.3.140.5...4...The Server Selection ProblemThe Server Selection ProblemWhich network site?Which server?“Contact the weather service.”server array Aserver farm BDNS Round RobinDNS Round Robin“lookup www.nhc.noaa.gov”aDNS server fornhc.noaa.govb c dlocalDNS server“www.nhc.noaa.gov isIP address a”(or {b,c,d})Brisco (Rutgers), RFC 1794What about DNS caching?How to handle server failures?How effective is the load-balancing?Cisco DistributedDirector uses a moresophisticated DNS load balancing approach,based on its Director Response Protocol (DRP),and also incorporates HTTP redirection.Generalized Cache/CDNGeneralized Cache/CDN (External View) (External View){request, reply}Origin ServersClients{push, request, reply}Content Distribution NetworksWeb CachesGeneralized Cache/CDNGeneralized Cache/CDN (Internal View)(Internal View)Leaf Caches(e.g., ISP proxies)Interior Cachesroot cachesreverse proxiesCDN cachesRequest Routing Function ƒbound client populationsƒDNS-based Request RoutingDNS-based Request RoutingHow to apply the request routing function


View Full Document

Duke CPS 212 - The Domain Name Service, Etc.

Download The Domain Name Service, Etc.
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view The Domain Name Service, Etc. and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view The Domain Name Service, Etc. 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?