Administrivia• Lab 2 due right now- Free extension to midnight for being here- Put /* Attended-Lecture */ at top of reliable.c• Midterm exam one week from today- Open Book, Open notes, no electronic devices allowed- Feel free to print out and bring lecture slides• SCPD students:- Email [email protected] with your exammonitor information- Please ensure the email subject is “exam monitor”• Any other students with special exam needs- Please email cs144-staff to make arrangementsOutline• DNS architecture• DNS protocol and resource records (RRs)• Record types: A, NS, glue, MX, SOA, CNAME• Reverse lookup• Load balancing• DNS securityParsing a URLhttp://cs144.s cs.stanford.edu/labs/sc .htmlFileHostProtocolMotivationNameserverMailprogramUserTCPIP2cs.princeton.edu192.12.69.53user @ cs.princeton.edu1192.12.69.54192.12.69.55• Users can’t remember IP addresses- Need to map symbolic names (www.stanford.edu) →IP addr• Implemented by library functions & servers- getaddrinfo () talks to server over UDP• Actually, more generally, need to map symbolicnames to valueshosts.txt system• Originally, hosts were listed in a file, hosts.txt- Email global network administrator when you add a host- Administrator mails out new hosts.txt file every few days• Would be completely impractical today- hosts.txt today would be huge (gigabytes)- What if two people wanted to add same name?- Who is authorized to change address of a name?- People need to change name mappings more often thanevery few days (e.g., Dynamic IP addresses)Goals of DNS• Scalability- Must handle huge number of records- Potentially exponential in name size—because customsoftware may synthesize names on-the-fly• Distributed control- Let people control their own names• Fault-tolerance- Old software assumed hosts.txt always there- Bad potential failure modes when name lookups fail- Minimize lookup failures in the face of other networkproblemsThe good news• Properties that make DNS goals easier to achieve:1. Read-only or read-mostly database- People typically look up hostnames much more oftenthan they are updated2. Loose consistency- When adding a machine, may be okay if info takesminutes or hours to propagate• These suggest approach w. aggressive caching- Once you have looked up hostname, remember result- Don’t need to look it up again in near futureDomain Name System (DNS)edu comprinceton … mitcs eeux01 ux04physicscisco … yahoo nasa … nsf arpa … navy acm … ieeegov mil org net uk fr• Break namespace into a bunch of zones- . (“root”), edu., stanford.edu., cs.stanford.edu., . . .- Zones separately administered =⇒ delegation- Parent zones tell you how to find servers for dubdomains.• Each zone served from several replicated serversRoot servers• Root (and TLD) servers must be widely replicated- For some, use various tricks like IP anycastDNS software architecture• Two types of query- Recursive- Non-Recursive• Apps make recursive queries tolocal DNS server (1)• Local server queries remoteservers non-recursively (2, 4, 6)- Aggressively caches result- E.g., only contact root on first queryending .umass.eduDNS protocol• TCP/UDP port 53• Most traffic uses UDP- Lightweight protocol has 512 byte UDP message limit- retry w. TCP if UDP fails (e.g., reply truncated)• TCP requires message boundaries- Prefix all messages w. 16-bit length• Bit in query determines if query is recursiveResource records• All DNS info represented as resource records (RR):name [TTL] [class] type rdata- name – domain name (e.g., www.stanford.edu.)- TTL – time to live in seconds- class – for extensibility, usually IN (1) “Internet”- type – type of the record- rdata – resource data dependent on the type• Two important DNS RR types:- A – Internet address (IPv4)- NS – name server• Example resource records (dig stanford.edu):stanford.edu. 3600 IN A 171.67.216.4stanford.edu. 3600 IN A 171.67.216.7stanford.edu. 6171 IN NS Argus.stanford.edu....Some implementation details• How does local name server know root servers?- Need to configure name server with root cache file- Contains root name servers and their addresses. 3600000 NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107...• How do you get addresses of other name servers- To lookup names ending .stanford.edu., askArgus.stanford.edu.- Chicken and egg problem:How to get Argus.stanford.edu.’s address?- Solution: glue records – A records in parent zone- Name servers for edu. have A record of Argus.stanford.edu.Glue Record Example• Look up www.scs.stanford.edu assuming no cachedig +norec www.scs.stanford.edu @a.root-servers.netdig +norec www.scs.stanford.edu @a.gtld-servers.netdig +norec www.scs.stanford.edu @argus.stanford.edudig +norec www.scs.stanford.edu @mission.scs.stanford.edu• Get intermediary results for .edu, stanford.edu,scs.stanford.edu, and www.scs.stanford.edu• Where are the glue records?Structure of a DNS message [RFC 1035]+---------------------+| Header |+---------------------+| Question | the question for the name server+---------------------+| Answer | RRs answering the question+---------------------+| Authority | RRs pointing toward an authority+---------------------+| Additional | RRs holding additional information+---------------------+• Same message format for queries and replies- Query has zero RRs in Answer/Authority/Additional sections- Reply includes question, plus has RRs• Authority allows for delegation• Additional for glue + other RRs client might needHeader format1 1 1 1 1 10 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| ID |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+|QR| Opcode |AA|TC|RD|RA| Z | RCODE |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| QDCOUNT |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| ANCOUNT |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| NSCOUNT |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| ARCOUNT |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+• QR – 0=query, 1=response• RCODE – error code• AA=authoritative answer, TC=truncated,RD=recursion desired, RA=recursion availableEncoding of RRs1 1 1 1 1 10 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| |/ // NAME /| |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+| TYPE |+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+|
View Full Document
Unlocking...