DNS DOMAIN NAME SYSTEM O DNS (Domain Name System) é um serviço de resolução de nomes. Embora cada programa pudesse referir os utilizadors por números é difícil para os humanos terem presente em memória todos os endereços que pretendem utilizar. No caso dos endereços IP o facto de estaem organizados em grupos de números xxx.yyy.zzz.hhh mesmo assim torna-se inconveniente utilizar um endereço de mail eu@85.123.34.42. Se por acaso o endereço do servidor de mail é alterado o mail também o é. Torna-se assim necessário a existência de uma tabela de conversão de nomes em endereços de modo a poder desarticular as duas referências. No início da ARPANET havia um ficheiro hosts.txt com o nome de todos os utilizadores e seus endereços IP. Ao fim do dia todos os equipamentos utilizadores iriam buscar este ficheiro para actualizar os seus. Este método funciona relativamente bem para redes com o máximo de uma centena de máquinas. Com o aumento do número de máquinas ligadas procurou-se adoptar outro método, não só devido à dimensão dos ficheiros mas também porque diversas subredes poderiam atribuir endereços cujos nomes entrariam em conflito, o que obrigaria a uma gestão centralizada de nomes. Surge assim o DNS. O DNS, Domain Name System, é um esquema hierárquico de mapeamento de nomes numa base de dados distribuída. Embora a utilidade principal do DNS seja a da atribuição de nomes das máquinas e dos endereços de e-mail também pode ser utilizado para outro tipo de informação. Está definido nos RFCs 1034 e 1035. De um modo simples pode-se dizer que o DNS funciona da seguinte forma: Para mapear um nome ao seu endereço IP correspondente a aplicação evoca um procedimento da biblioteca (library) chamado resolver tendo o dito Vítor Vaz da Silva H-1 nome como parâmetro. O resolver ( gethostbyname() ) envia um pacote UDP para o servidor DNS local que procura na tabela e devolve um endereço IP ao resolver, e este por sua vez entrega-o ao processo cliente que estabelece contacto com o destinatário usando pacotes TCP ou UDP. Domain Name Space Encontramos como um bom exemplo de atribuição de nomes a experiência que os correios têm na entrega de cartas. Pessoas distintas com o mesmo nome, em ruas com o mesmo nome, em localidades diferentes têm a sua correspondência bem encaminhada. Este método de endereçamento hierárquico funciona muito bem e em poucas linhas nome, rua, localidade, país determina qualquer pessoa que vive numa habitação numa zona urbanizada. O equivalente ao país é na Internet o top-level domain com mais de 200. Cada domínio destes está subdividido em vários subdomínios e estes noutros e assim sucessivamente. Podemos representar esta distribuição, como também a dos correios, numa árvore. As folhas das árvores representam domínios sem subdomínios e podem conter um ou mais hosts. pt Vítor Vaz da Silva H-2 O top-level domain pode conter dois tipos de domínios, os genéricos e os de países. Os genéricos (gTLD - generic Top Level Domain) são os seguintes: arpa — (advance research projects agency) – Address and Routing Parameter Area com — comercial edu — estabelecimentos comerciais (primarily US) gov — governo dos EUA net —infrastructura de rede org — outras organizações que não se enquadram nas restantes gTLDs mil — serviços militares dos EUA Para os países existe uma notação de duas letras (ex: Portugal Pt, Brasil Br) e estão definidos no ISSO 3166. Foram introduzidos depois do ano 2000 mais outros domínios na raiz aero — industria aeronáutica biz — businesses, negócios coop — coperativas info — informação sem restrições (unrestricted use) museum — museus name — individuais pro — profissionais Há uma série de LLDs reservados pela RFC 2606 para que não seja possível encontrar esses domínios a partir da raiz. reserves the following four top-level domain names for various purposes, with the intention that these should never become actual TLDs in the global DNS: example — reservado para uso em exemplos invalid — reservado para uso em domínios não válidos localhost — reservado para evitar confusão com o termo localhost Vítor Vaz da Silva H-3 test — reservado para uso em testes Os nomes de domínio podem ser relativos ou absolutos. Os nomes absolutos terminam sempre com um ponto (. dot), (ex: sapo.pt. ). Os nomes relativos têm de ser vistos dentro de um determinado contexto (ex: meu.blog = meu.blog.sapo.pt. ) É indiferente a utilização de letras maiúsculas ou minúsculas na atribuição dos nomes. Há domínios que podem estar duplicados por exemplo cc.yale.edu é idêntico a cc.yale.ct.us, o que acontece frequentemente por estarem nos EUA. á também organizações multinacionais que têm diversos domínios registados, como é o caso da sony.com, sony.nl. Cada país faz a sua organização, por exemplo a Holanda coloca tudo sob o nl, como o caso de Portugal pt, porém o Brasil utiliza uma distribuição que imita o top-level domain (sombrasil.ig.com.br). Para se registar um nome tal tem de ser pedido ao registar do domínio, por exemplo (edu, com, pt, br, com.br). Depois os subdomínios são atribuídos responsavelmente pelo detentor do domínio sem ter de ir ao registar da raiz. Deste modo os ISP portugueses como o caso do clix, sapo, netcabo, e outros podem aceitar os nomes que bem entenderem escolhidos pelos seus clientes sem que seja necessária qualquer aprovação por uma instância superior. Pode também haver repetições de nomes sem qualquer confusão, por exemplo zecabra.no.sapo.pt e zecabra.netcabo.pt. A organização em domínios nada tem a ver com a distribuição espacial física, podendo assim coexistirem no mesmo local máquinas com domínios diferentes e pertencendo ao mesmo domínio de outras noutros lugares do mundo. Resource Records Todos os domínios, quer sejam de uma única máquina ou um dos da raiz podem ter um conjunto de resource records associado. Para o caso de uma única máquina, o registo resource records apenas tem o endereço IP da Vítor Vaz da Silva H-4 máquina. Quando um resolver dá um nome a um servidor DNS obtém os resource records associados com esse nome. Assim, a função primária do DNS é a de mapear nomes de domínio a um registo de recursos. Um registo de recursos é uma tabela com 5 colunas. Estão codificadas em binário por uma questão de eficiência, e são representadas em ASCII para se poder compreender. Domain_Name Time_to_Live Class Type Value Domain_Name – indica o domínio a que se refere o registo. Podem haver diversas entradas com o mesmo nome de domínio. A ordem pela qual está escrita a tabela não tem qualquer importância. É este o nome que o DNS vem procurar. Time_to_Live – Dá uma indicação da estabilidade do valor da entrada correspondente. No caso do domínio correspondente ser muito estável, o valor pode ser grande, 86400 (o número de segundos num dia). Informação volátil pode ter valores como 60 segundos. Este campo é utilizado pela cach que será explicada mais à frente. Class – No caso da Internet este valor é sempre IN, e toma outros valores para informação que não pertence à Internet. Type – Indica o tipo de registo. Ao tipo está associado o campo seguinte de Value que contém valores necessários para o tipo re registo assinalado. Existem os seguintes tipos: TYPE Significado VALUE SOA Start of Authority Parâmetros A IP address of a host Inteiro a 32 bits MX Mail Exchange Prioridade, domínio_e_mail NS Name Server Nome do servidor para este domínio CNAME Canonical name Nome do Domínio PTR Pointer Alias para um endereço IP HINFO Host description CPU e Sistema Operativo, em ASCII TXT Text Comentário Vítor Vaz da Silva H-5 SOA – Contém o nome da fonte primária de informação do servidor de zona (explicado mais à frente), o endereço de mail do administrador, um número de série único, algumas flags e timeouts. A – Este é o valor pretendido quando se quer saber o endereço IP de uma determinada máquina neste domínio. Uma máquina pode ter mais do que um endereço IP o que se reflecte aqui com tantas entradas quantos os endereços IP que tiver. Nesta situação, oDNS pode ser configurado para responder com um endereço diferente de cada vez que se recebe um pedido do resolver com o mesmo nome. Este é o tipo de registo mais importante da tabela. MX – É o segundo tipo de registo mais importante. Especifica o nome do host preparado para receber mail para o domínio especificado. Isto é necessário porque nem todas as máquinas estão preparadas para receber email. NS – Especifica o name server que está acima hierarquicamente caso este não tenha a informação pretendida. CNAME – É um modo de criar aliases. Por exemplo para enviar mail para o marius no ISR pode enviar-se assim marius@isr.ist.pt, contudo o endereço correcto é marius@dsor.isr.ist.utl.pt. Facilita assim o envio de mail sem que o remetente saiba exactamente o endereço correcto do destinatário e apenas a empresa em que trabalha. PTR – É idêntico ao CNAME mas neste caso associado a um endereço IP físico. Pode ser utilizado de um modo indirecto para obter o endereço IP de uma máquina e depois devolver o nome correcto dessa máquina que entretanto está com uma entrada A. Esta procura inversa tem o nome de reverse lookups. HINFO – Permite saber informação acerca da máquina a que corresponde o domínio. TXT – É utilizado como uma identificação própria, serve de comentário e este valor não é essencial, tal como o HINFO, nem todos os programas os Vítor Vaz da Silva H-6 procuram nem tem de haver uma resposta a um pedido para este tipo de informação. Apresenta-se um exemplo hipotético para o domínio cs.vu.nl As primeiras entradas nesta tabela são a identificação do domínio e seu administrador. Seguem-se duas entradas que indicam os servidores de mail que devem ser tentados pela prioridade apresentada. Se for recebido um mail para pessoa@cs.vu.nl, o mail será encaminhado para a máquina zephyr.cs.vu.nl e caso esta não esteja disponível encaminha-se para a top.cs.vu.nl Segue-se a máquina flits com dois endereços IP e três possíveis servidores de mail. A linha seguinte é um alias para a página www.cs.vu.nl de modo que o servidor pode alterar sem que essa mudança se reflita em todos os que já Vítor Vaz da Silva H-7 conhecem o endereço. Tanto o servidor de web como o de ftp estão nas máquinas indicadas pelo alias. Segue-se a entrada para uma workstation rowboat, e a de uma máquina que não pode receber e-mail directamente, a little-sister, e por fim uma impressora de rede. A informação que não está neste ficheiro e que se encontra noutro é a dos endereços IP dos servidores de nomes para este domínio, hierarquicamente acima, e como não pertencem ao domínio cs.vu.nl, não se encontram aí. Essa informação está nos root servers cujos endreços IP estão presentes num ficheiro de configuração e que é introduzido na cache do DNS quando o servidor é iniciado a partir do boot. Há cerca de 13 root-servers e basta saber o endereço de um que esse sabe o endereço dos outros e a partir daí qualquer endereço IP na Internet pode ser conhecido. Name Servers Teoricamente bastaria um único root-server para dar os endereços IP, mas como há a possibilidade das máquinas e ligações falharem bem como todo o peso do tráfego dirigido a uma única máquina o espaço de nomes é dividido em zonas que não se intersectam. As zonas podem ser divididas de modo a conter parte da árvore e alguns name-servers que contêm informação dessa zona. Um exemplo encontra-se na figura seguinte. Vítor Vaz da Silva H-8 Cada zona contém normalmente um primary name server que tem a informação em disco, e um secondary name server que obtem a informação do primary name-server. O name-server secundário ou outros podem situar-se fora da zona por uma questão de fiabilidade. Os limites de zona ficam sob a responsabilidade do administrador. Na figura apresentada, na universidade de Yale o name-server yale.edu serve yale.edu e eng.yale.edu e o departamente de ciências da computação cs.yale.edu tem o seu próprio servidor de nomes e enquadra-se assim numa outra zona. Quando um resolver interroga acerca de um nome de domínio um dos servidores locias responde. Se o domínio procurado enquadra-se dentro do domínio do name-server, é devolvido o authoritative resource record. Por exemplo a procura do domínio de ai.cs.yale.edu pertence a cs.yale.edu e é devolvido o registo correspondente. O registo authoritative é aquele que é gerido directamente pela administração e por isso está sempre correcto. Os outros que não são authoritative pertencem à cache e podem por isso estar desactualizados. No caso do domínio pretendido ser remoto e não haver informação acerca dele localmente, o o name server envia um pedido para o top-level name server do domínio pretendido. Por exemplo o flits.cs.vu.nl quer saber o endereço IP de linda.cs.yale.edu. Então o pedido segue o trajecto da figura até chegar a cs.yale.edu que responde com o authoritative resource record. À medida que a resposta segue o caminho de volta, ela é colocada em cache de tal modo que se houver mais algum pedido para o mesmo endereço IP, é devolvido o da cache. Contudo, esse valor pode mudar, por isso é que é atribuído a cada valor de cache um tempo de vida time_to_live, para assegura que alterações efectuadas pelo adiministrador nas entradas authoritative, acabam por serem sentidas mais tarde por aqueles que pretendem aceder às máquinas desse domínio. o ver http://www.juliobattisti.com.br/artigos/windows/tcpip_p8.asp Vítor Vaz da Silva H-9 There are currently 13 root name servers, with names in the form ?.ROOT-SERVERS.NET where ? runs from A to M, namely: old name operator location A ns.internic.net VeriSign Dulles, VA B ns1.isi.edu ISI Marina Del Rey, CA C c.psi.net Cogent Herndon, VA D terp.umd.edu University of Maryland College Park, MD E ns.nasa.gov NASA Mountain View, CA F ns.isc.org ISC Palo Alto, CA G ns.nic.ddn.mil U.S. DoD NIC Vienna, VA H aos.arl.army.mil U.S. Army Research Lab Aberdeen, MD I nic.nordu.net Autonomica Stockholm J VeriSign Dulles, VA K RIPE London L ICANN Los Angeles M WIDE Project Tokyo Sistema de nomes de domínios () 1. Estrutura de nomes 2. Nomes no domínio Internet Vítor Vaz da Silva H-10 3. Nomes de domínios versus endereços 4. Resolução de nomes de domínios 5. Translação eficiente 6. Caching: chave para a eficiência 7. Formato das mensagens do DNS 8. Formato dos nomes comprimidos 53/tcp DNS Domain Name Server e 53/udp Distributed database A 'distributed database' is a database that is under the control of a central database management system in which storage devices are not all attached to a common CPU. It may be stored in multiple computers located in the same physical location, or may be dispersed over a network of interconnected computers. Uniform Resource Locator A 'Uniform Resource Locator', 'URL' (pronounced as "earl" ( SAMPA: @rl?) or spelled out), or 'web address', is a standardized address for some resource (such as a document or image) on the Internet. First created by Tim Berners-Lee for use on the World Wide Web, the currently used forms are detailed by IETF standard RFC 2396 (1998). The URL was a fundamental innovation in the history of the Internet. It combines into one simple address the four basic items of information necessary to find a document anywhere on the Internet: The protocol to use to communicate with that machine The machine or domain name to go to An open network port on the target machine connected to some service The path or file name on that machine A typical simple URL can look like: http://www.wikipedia.org:80/wiki where Vítor Vaz da Silva H-11 http specifies which protocol to use. //www.wikipedia.org specifies the domain name to contact. 80 specifies the network port number of the remote machine. Under most circumstances, this portion may be omitted entirely. In the case of the http protocol the default value is 80. /wiki is the request path on the specified system. Most web browsers do not require the user to enter "http://" to go to a web page. One usually just enters the page name (without the slashes) such as www.wikipedia.org/wiki/Train. To go to the homepage one usually just enters the domain name such as www.wikipedia.org. Sometimes, and also in this case, "www." can be omitted: wikipedia.org. Note that in www.wikipedia.org/wiki/Train the hierarchical order of the five elements is org - wikipedia www - wiki - Train, i.e. before the first slash from right to left, then the rest from left to right. GET: Query Strings HTTP URLs can also contain additional elements, like a query string (placed after the path and separated from it by a question mark (?)) containing information from a HTML form with method=get, or a name tag (placed after the path and separated from it by a sharp mark (#)) giving the location within a hypertext page to display. FTP URLs often contain a port number. examples: http://www.wikipedia.org/w/wiki.phtml?title=Train&action=history http://www.wikipedia.org/wiki/Train#Model_railways The Big Picture URLs are one type of URI. The term URL is also used outside the context of the World Wide Web. Database servers specify URLs as a parameter to make connections to it. Similarly any Client-Server application following a particular protocol may specify a URL format as part of its communication process. Example of a database URL : jdbc:datadirect:oracle://myserver:1521;sid=testdb If a webpage is uniquely defined by a URL it can be linked to (see also deep linking). This is not always the case, e.g. a menu option may change the contents of a frame within the page, without this new combination having its own URL. A webpage may also depend on temporarily stored information. If the webpage or frame has its own URL, this is not always obvious for someone who wants to link to it: the URL of a frame is not shown in the address bar of the browser, and a page without address bar may have been produced. The URL may be derivable from the source code and/or "properties" of various components of the page. See also Webpage#URL. Apart from the purpose of linking to a page or page component, one may want to know the URL to show the component alone, and/or to lift restrictions such as a browser window without toolbars, and/or of a small non-adjustable size. Vítor Vaz da Silva H-12 Case-sensitivity URLs in general are case-sensitive. For some URLs and parts of URLs this is not the case. IP address The Internet protocol (IP) knows each logical host interface by a number, the so-called 'IP address'. On any given network, this number must be unique among all the host interfaces that communicate through this network. Users of the Internet usually use a domain name instead of a numerical IP address. The IP address of someone browsing the world wide web is known to the server of the web site. Also it is usually in the header of email messages one sends. Depending on one's Internet connection the IP address can be the same every time, a 'static IP address', or different per session (but the first part being the same each time): a 'dynamic IP address'. Internet addresses are needed not only for unique enumeration of host interfaces, but also for routing purposes, therefore a high fraction of them is always unused. As there are only a limited number of 32-bit IP addresses currently available to be allocated, with rising demand for new devices, including personal communicators for up to 6 billion people world-wide, there is a real prospect of the world running out of IP addresses. A number of measures have been taken to conserve the existing IPv4 address space (such as CIDR and the use of NAT and DHCP), but there is a general consensus that the Internet is going to have to upgrade its addressing scheme to the longer 128-bit IPv6 addressing scheme sometime in the next 5 to 15 years. IP version 4 In ' IPv4', the current standard protocol for the Internet, IP addresses consist of 32 bits, which makes for 4,294,967,296 (over 4 US billion) unique host interface addresses in theory. In practice the address space is sparsely populated due to routing issues, so that there is some pressure to extend the address range via IP version 6 (see below). IPv4 addresses are commonly expressed as a dotted quad, four octets (8 bits) separated by periods. The host known as www.wikipedia.org currently has the number 3482223596, written as 207.142.131.236. (Resolving the name "www.wikipedia.org" to its associated number is handled by DNS.) A range of consecutive IP addresses (also called a netblock or subnet) can be specified in various ways. An older method uses a network number (a dotted quad, e.g. 130.94.122.199) together with a netmask (another dotted quad, for example 255.255.255.240) which in binary notation consists of a series of 1's followed by a series of 0's. Here the netblock is comprised of all the addresses, that, when binary ANDed with the netmask, result in the network number; 64.78.205.192 through 64.78.205.207 in our example. A shorter form, known as CIDR notation, gives the network number followed by a slash and the number of 'one' bits in the binary notation of the netmask (i.e. the number of relevant bits in the network number). Vítor Vaz da Silva H-13 Using this notation, the netblock above could be referred to as 130.94.122.199/28 or as the 130.94.122.192/28 prefix. The actual assignment of an address is not arbitrary. An organization, typically an Internet service provider, requests an assignment of a netblock from a registry such as ARIN (American Registry for Internet Numbers). The network number comprises a range of addresses which the organization is free to allocate as they wish. An organization that has exhausted a significant part of its allocated address space, can request another netblock. For example, ARIN has allocated the addresses 64.78.200.0 through 64.78.207.255 to Verado, Inc. In turn, Verado has allocated the addresses 64.78.205.0 through 64.78.205.15 to Bomis. Bomis, in turn, has assigned the specific address 64.78.205.6 to the host interface that is named www.wikipedia.com. Some private IP address space has been allocated via RFC 1918. This means the addresses are available for any use by anyone and therefore the same RFC 1918 IP addresses can be reused. However they are not routeable on the internet. They are used extensively due to the shortage of registerable addresses and therefore Network address translation is required to connect those networks to the internet. IP version 5 What would be considered as IPv5 existed only as an experimental non-IP real time streaming protocol called ST2 described in RFC 1819. This protocol was abandoned in favour for RSVP. IP version 6 In ' IPv6', the new (but not yet widely deployed) standard protocol for the Internet, addresses are 128 bits wide, which, even with generous assignment of netblocks, should suffice for the foreseeable future. This big address space will be sparsely populated, which makes it possible to again encode more routing information into the addresses themselves. A version 6 address is written as eight 4-digit hexadecimal (16-bit) numbers separated by colons. One string of zeros per address may be left out, so that 1080::800:0:417A is the same as 1080:0:0:0:0:800:0:417A Global unicast IPv6 addresses are constructed as two parts: a 64-bit routing part followed by a 64-bit host identifier. Netblocks are specified as in the modern alternative for IPv4: network number, followed by a slash, and the number of relevant bits of the network number (in decimal). Example: 12AB::CD30:0:0:0:0/60 includes all addresses starting with 12AB00000000CD3. IPv6 has many other improvements over IPv4 than just bigger address space, including autorenumbering and mandatory use of IPSec. Vítor Vaz da Silva H-14 Further reading: Internet RFCs including RFC 791 , RFC 1519 (IPv4 addresses), and RFC 2373 (IPv6 addresses). See also: MAC address Subnet address IPSec 'IPSec' (abbreviation of 'IP security') is a standard for securing internet protocol communications by encrypting and authenticating all IP packets. IPSec is a protocol suite (ie, a set of protocols) consisting of (1) protocols for securing packet flows, and (2) of key exchange protocols used for setting up those secure flows. Of the former there are two: Encapsulating Security Payload (ESP) for encrypting packet flows, and the rarely used Authentication Header (AH) which provides authentication and message integrity guarantees for such flows, but does not offer confidentiality. See Information security for definitions of these terms. Currently only one key exchange protocol is defined, the IKE protocol. IPSec is required as a part of IPv6, the new IETF Internet standard for Internet Protocol (IP) packet traffic, and is optional for use with IPv4. As a result, IPSec is expected to become more widely deployed as IPv6 becomes more popular. IPSec protocols operate at layer 3 of the OSI model, which makes them suitable for protecting UDP-based protocols when used alone. The down side is that compared with transport-layer protocols, such as SSL, the IPSec protocols need to deal with reliability and fragmentation issues, which is usually done at the (higher level) TCP layer. IPSec was intended to provide either (1) portal-to-portal communications security in which security of packet traffic is provided to several machines (even whole LANs) by a single node, or (2) end-to-end security of packet traffic in which the endpoint computers do the security processing. It can be used to construct Virtual Private Networks in either mode, and this is the dominant use. Note, however, that security implications are quite different between the two operational modes. End-to-end communication security on an Internet-wide scale has been slower to develop than many had expected. Part of the reason is that no universal, or universally trusted, public key infrastructure has emerged ( DNSSEC was originally envisioned for this), part is that many users understand neither their needs nor the available options well enough to force inclusion in vendor product (and so widespread adoption), and part is probably due to degradation (or anticipated degradation) of Net responsivity due to bandwidth loss from such things as spam. The Free S/WAN project has developed an open source implementation of IPSec for GNU/Linux. IPSec is included in the 2.6 Linux kernel and so will be widely available as GNU/Linux distributions change over to 2.6. Development of the Free S/WAN project was discontinued in March 2004. Vítor Vaz da Silva H-15 IPSec is also bundled with newer versions of Microsoft Windows, as well as several commercial flavors of Unix, e.g. Solaris. IPSec protocols are defined by RFCs 2401-2409; currently ( 2003) these documents are slowly being replaced by newer versions. Top-level domain Internet domain names consist of parts separated by periods; the last part is the 'top-level domain' or 'TLD'. For example, in the domain name wikipedia.org the top-level domain is org (or ORG, as domain names are not case-sensitive). Two kinds of top-level domains exist. A 'country code top-level domain' (ccTLD) is used by a country or a dependent territory and is two letters long, for example jp for Japan). A 'generic top-level domain' (gTLD) is three or more letters long and is used (at least in theory) by a particular class of organizations (for example, com for commercial organizations). Most gTLDs are available for use worldwide, but for historical reasons gov and mil are restricted to the government and military of the USA respectively. See also: List of Internet TLDs. Country code top-level domains There are over 240 ccTLDs: see List of Internet TLDs and http://www.iana.org/cctld/cctld-whois.htm . Most ccTLDs correspond to the two-letter ISO 3166-1 country codes, but there are several differences, explained below. Each country appoints managers for its ccTLD and sets the rules for allocating domains. Some countries allow anyone in the world to acquire a domain in their ccTLD, for example Armenia ( am), Austria ( at) Cocos Islands ( cc), Germany ( de), Niue ( nu), Samoa ( ws), Tonga ( to), Turkmenistan ( tm) and Tuvalu ( tv). This has resulted in the domain names I.am, start.at and go.to. Other countries or dependent territories allow only residents to acquire a domain in their ccTLD, for example Canada ( ca) and Mongolia ( mn). ISO 3166-1 codes not used as ccTLDs The codes eh and kp, although theoretically available as ccTLDs for Western Sahara and North Korea, have never been assigned and do not exist in DNS. The new codes tl ( East Timor), cs ( Serbia and Montenegro) and ax ( Ŭand Islands) are not yet used as ccTLDs. Vítor Vaz da Silva H-16 The ccTLDs for the Norwegian territories Bouvet Island ( bv) and Svalbard ( sj) do exist in DNS, but no subdomains have been assigned. Very few (if any) sites use gb ( United Kingdom) and no new registrations are being accepted for it. Sites in the UK use uk. ccTLDs not in ISO 3166-1 Eight ccTLDs currently remain in use despite not being ISO 3166-1 two-letter codes: ac ( Ascension Island), gg ( Guernsey), im ( Isle of Man) and je ( Jersey): these codes came from IANA's decision in 1996 to allow the use of codes reserved in the ISO 3166-1 alpha-2 reserve list for use by the Universal Postal Union. The decision was later reversed, and only these four ccTLDs were assigned under this rule. su (the obsolete ISO 3166-1 code for Soviet Union; the su managers stated in 2001 they will commence accepting new su registrations, but it is unclear whether this action is compatible with ICANN policy) tp (the previous ISO 3166-1 code for East Timor) uk ( United Kingdom; this dates back to the early days of the Internet before the policy of using ISO 3166-1 codes had been settled) yu ( Serbia and Montenegro; the previous ISO 3166-1 code for Yugoslavia) Other ccTLDs On September 25, 2000, ICANN decided to allow the use of any two-letter code in the ISO 3166-1 reserve list that is reserved for all purposes. Only eu (for the European Union) currently meets this criterion. Following a decision by the EU's Council of Telecommunications Ministers in March 2002, progress has been slow, but a registry (named EURid) has been appointed, and criteria for allocation set: the current estimate is that the eu ccTLD will be open for registrations in late 2004/early 2005. Generic top-level domains When top-level domains were first implemented, in January 1985, there were seven: arpa — (see below) net — network infrastructure com — commercial org — other organizations not clearly edu — educational establishments (primarily US) falling within the other gTLDs mil — US military gov — US government The com, net and org gTLDs, despite their original different purposes, are now in practice open for use by anybody. Vítor Vaz da Silva H-17 The arpa TLD was intended to be a temporary measure to facilitate the transition to the Domain Name System. However, removing it completely proved to be impractical, because in-addr.arpa is used for reverse DNS lookup for IPv4 addresses, so it has been retained for Internet-infrastructure purposes. The arpa TLD no longer has any connection with the ARPANET, and now officially stands for "Address and Routing Parameter Area". Originally, it was intended that new infrastructure databases be created in int (see below), with a view to eventually deleting arpa. However, in May 2000 that policy was reversed, and it was decided that arpa should be retained for this purpose, and int should be retained solely for the use of international organizations. IANA considers arpa to be an infrastructure domain rather than a generic domain. In November 1988, another gTLD was introduced: int — international organizations established by treaty (although it is also used for some Internet infrastructure databases, such as ip6.int, the IPv6 equivalent of in-addr.arpa). This TLD was introduced in response to NATO's request for a domain name which adequately reflected its character as an international organization -- see discussion of nato below. In May 2000, the Internet Architecture Board proposed to close the int domain to new infrastructure databases. All future such databases would be created in arpa, and existing ones would move to arpa wherever feasible. By the mid- 1990s there was pressure for more gTLDs to be introduced. Jon Postel, as head of IANA, invited applications from interested parties http://www.gtld-mou.org/gtld-discuss/mail-archive/00990.html . In early 1995, Postel created "Draft Postel", an Internet draft containing the procedures to create new domain name registries and new TLDs. Draft Postel created a number of small committees to approve the new TLDs. Because of the increasing interest, an number of large organizations took over the process under the Internet Society's umbrella. This second attempt involved the setting up of a temporary organization called the International Ad Hoc Committee (IAHC). On 4 February 1997, the IAHC issued a report ignoring the Draft Postel recommendations and instead recommended the introduction of seven new gTLDs (arts, firm, info, nom, rec, store and web). However, progress on this stalled after the US Government intervened and nothing ever came of it. In October 1998, the Internet Corporation for Assigned Names and Numbers (ICANN) formed to take over the task of managing domain names. After a call for proposals ( August 15, 2000) and a brief period of public consultation, ICANN announced on November 16, 2000 its selection of the following seven new gTLDs: aero — air transport industry museum — museums biz — businesses name — individuals coop — cooperatives pro — professionals info — information (unrestricted use) Vítor Vaz da Silva H-18 These new gTLDs started to come into use in June 2001, and by the end of that year all except pro existed, with biz, info and museum already in full operation. name and coop became fully operational in January 2002, and aero followed later in the year. pro became a gTLD in May 2002. ICANN now intends to add further gTLDs, starting with a set of sponsored top-level domains (like the current aero, coop and museum). The application period for these lasted from 15 December 2003 until 16 March 2004, and resulted in ten applications. The most high-profile of these applications came from a consortium of companies including Microsoft, Vodafone, Samsung, Sun Microsystems and Nokia. It aims to develop a gTLD for mobile devices, potentially offering stripped-down versions of existing sites. The full list of proposed new TLDs consists of: asia, cat (or ctl or catala), jobs, mail (or tmail or mta), mobi (or mbl), post, tel, travel and xxx. Two separate, unrelated entities applied for tel. Historical TLDs The ARPANET was a predecessor to the Internet established by the U.S. Defense Advanced Research Projects Agency (DARPA). When the Domain Name System was introduced, ARPANET host names were initially converted to domain names by adding .arpa to the end. Domain names of this form were rapidly phased out by replacing them with domain names using the other, more informative, TLDs. However, as has been explained above, the arpa TLD remains in use for other purposes including reverse DNS lookup where for example the IP address 212.30.222.56 is mapped to a host name by issuing a DNS query for the PTR record for the special host name 56.222.30.212.in-addr.arpa. There are a few ccTLDs which have been deleted after the corresponding 2-letter code was withdrawn from ISO_3166-1. Examples include cs (for Czechoslovakia) and zr (for Zaire). There is usually a significant delay between withdrawal from ISO 3166-1 and deletion from the DNS. For example, zr ceased to be an ISO 3166-1 code in 1997, but the zr ccTLD was not deleted until 2001, and the su (Soviet Union) ccTLD remains in use more than a decade after su was removed from ISO 3166-1. A nato TLD was added in the late 1980s by the NIC for the use of NATO, who felt that none of the then existing TLDs adequately reflected their status as an international organization. Soon after this addition, however, the NIC created the int TLD for the use of international organizations, and convinced NATO to use nato.int instead. However, the nato TLD, although no longer used, was not deleted until July 1996. In the past the Internet was just one of many wide area computer networks. Computers not connected to the Internet, but connected to another network such as Bitnet or UUCP could generally exchange e-mail with the Internet via e-mail gateways. When used on the Internet, addresses on these networks were often placed under pseudo-domains such as bitnet and uucp; however these pseudo-domains were not real top-level domains and did not exist in DNS. Most of these networks have long since ceased to exist, and although UUCP still gets significant use in parts of the world where Internet infrastructure has not yet become well-established, it subsequently transitioned to using Internet domain names, so pseudo-domains now largely survive as historical relics. Vítor Vaz da Silva H-19 Reserved TLDs RFC 2606 reserves the following four top-level domain names for various purposes, with the intention that these should never become actual TLDs in the global DNS: example — reserved for use in examples invalid — reserved for use in obviously invalid domain names localhost — reserved to avoid conflict with the traditional use of localhost test — reserved for use in tests TLDs in alternate roots Alternate DNS roots have their own sets of TLDs. See that article for details. Alternate DNS root In addition to the Internet's main DNS root (currently consisting of 13 root nameservers working in agreement with ICANN), several organizations operate 'alternate DNS roots' (often referred to as 'alt roots'). Each alternate root has its own root nameservers and its own set of top-level domains. The BIZ TLD created by Pacific Root was in operation before ICANN proposed running BIZ, and at least one of the alternate root servers resolves BIZ to Pacific Root's. There are BIZ domain names that exist in different roots and point to different IP addresses. The possibility of such conflicts, and their potential for destabilizing the Internet, is the main source of controversy surrounding alt roots. Only a small proportion of ISPs actually use any of the zones served by alt-root operators, generally sticking to the ICANN-specified root servers. Among the most well-known alt-root zones are: Open Root Server Confederation (ORSC) o The ORSC root zone is too large to be fully quoted here. The ORSC root zone can be downloaded from http://dns.vrx.net/tech/rootzone/db.root OpenNIC GLUE -- root server administration OSS -- Open Source Software INDY -- independent news PARODY -- parodies GEEK -- anything geeky NULL -- miscellaneous noncommercial individual sites Vítor Vaz da Silva H-20 AlterNIC o EXP -- o NIC -- o LLC -- o NOC -- o LNX -- o PORN -- o LTD -- o XXX -- o MED -- Pacific Root (many TLDs, not all listed here) o AIS -- o SAT -- o BIO -- o WWW -- o CAL -- o BIZ -- o IND -- o ETC -- o JOB -- o MEN -- o LIB -- o NGO -- o NPO -- o NOT -- o PPP -- Root nameserver A 'root nameserver' is a DNS server that answers requests for the root namespace domain, and redirects requests for a particular top-level domain to that TLD's nameservers. All domain names on the Internet actually end in a '.' (period) character -- that is, technically, Wikipedia is actually hosted on the domain "'www.wikipedia.org.'" (try it.) This final dot is implied, and all modern DNS software does not actually require that the final dot be included when attempting to translate a domain name to an IP address. The final dot is called the 'root domain', and all other domains (i.e. .com, .org, .net, .uk, etc.) are contained within the root domain. When a computer on the Internet wants to resolve a domain name, it works from right to left, asking each nameserver in turn about the element to its left. The root nameservers (which have responsibility for the . domain) know about which servers are responsible for the top-level domains. Each top-level domain (such as .org) has its own set of servers, which in turn delegate to the nameservers responsible for individual domain names (such as wikipedia), which in turn answer queries for IP addresses of subdomains (such as www). In practice, most of this information doesn't change very often and gets cached, and DNS lookups to the root nameservers are relatively rare. Vítor Vaz da Silva H-21 There are currently 13 root name servers, with names in the form ?.ROOT-SERVERS.NET where ? runs from A to M, namely: old name operator location A ns.internic.net VeriSign Dulles, VA B ns1.isi.edu ISI Marina Del Rey, CA C c.psi.net Cogent Herndon, VA D terp.umd.edu University of Maryland College Park, MD E ns.nasa.gov NASA Mountain View, CA F ns.isc.org ISC Palo Alto, CA G ns.nic.ddn.mil U.S. DoD NIC Vienna, VA H aos.arl.army.mil U.S. Army Research Lab Aberdeen, MD I nic.nordu.net Autonomica Stockholm J VeriSign Dulles, VA K RIPE London L ICANN Los Angeles M WIDE Project Tokyo Older servers had their own name before the policy of using similar names was established. No more names can be used because of protocol limitations, but the C, F, I, J and K servers exist in multiple locations on different continents, using anycast announcements to provide a decentralized service. As a result most of the physical, rather than nominal, root servers are now outside the United States. There are quite a few alternate namespace systems with their own set of root nameservers that exist in opposition to the mainstream nameservers. The first, AlterNIC, generated a substantial amount of press. See Alternate DNS root for more information. Dynamic DNS 'Dynamic DNS' is a system for allowing an Internet domain name to be assigned to a varying IP address. This makes it possible for other sites on the Internet to establish connections to the machine without needing to track the IP address themselves. A common use is for running server software on a computer that has a dynamic IP address (e.g., a dialup connection where a new address is assigned at each connection, or a DSL service where the address is changed by the ISP occasionally). To implement dynamic DNS it is necessary to set the maximum caching time of the domain to an unusually short period (typically a few minutes). This prevents other sites on the Internet from retaining the old address in their cache, so that they will typically contact the name server of the domain for each new connection. Vítor Vaz da Silva H-22 Dynamic DNS service is provided on a large scale by various organizations, which retain the current addresses in a database and provide a means for the user to update it as required. Some "client" programs will, when installed, operate in the background and check the IP address of the computer every few minutes. If it has changed, then it will send an update request to the service. Many routers and other networking components contain a feature such as this in their firmware. External links Dynamic DNS providers ChangeIP.com Dynip.com Dynamic Network Services Hammernode No-IP ThatIP DYNSERV Internet service provider An 'Internet Service Provider' (an 'ISP') is a provider of Internet services. Most telecommunications operators are ISPs. They provide services like internet transit, domain name registration and hosting, dial-up access, leased line access and colocation. In early 2000s, ISPs in the United States faced serious challenges. Telecommunications and IT-related stocks fell sharply, and many ISPs were forced to close, restructure, sell, or merge. The slower-than-expected growth of broadband services and key decisions on broadband open access matters have all added to the industry's problems. ISPs Dialups United Online o NetZero o Juno AOL o CompuServe AT&T Boingo Demon Internet Earthlink o MindSpring XS4ALL Free dialups Wanadoo Freeola Vítor Vaz da Silva H-23 Juno Online Services NetZero Free 24/7 DSL / Cable Blueyonder Covad NorthPoint Communications Rhythms NetConnections Excite at Home Rogers Cable Sympatico Others community networks PIPEX Prodigy UUNET IIJ Etisalat Other relevant acronyms IAP ( Internet Access Provider) NSP ( Network Service Provider) Related services Broadband access o DSL -- Digital Subscriber Line o Fixed wireless access o Cable Web hosting services Usenet servers Email sevices DNS o Dynamic DNS Vítor Vaz da Silva H-24 Assimilação de Conceitos o DNS o ISP o Domain Name Space o http://www.juliobattisti.com.br/artigos/windows/tcpip_p8.asp o Para Aprofundar o RFC 1034 o RFC 1035 Vítor Vaz da Silva H-25 Two-Level Domain Name Query Non-Recursive Domain Name Query Single-Level Domain Name Query Vítor Vaz da Silva H 26