6-DNS - IT 424

advertisement
Ch25
Ameera Almasoud
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
1
Introduction
 There are several applications in the application layer
of the Internet model that follow the client/server
paradigm.
 The client/server programs can be divided into two
categories:


Application that directly used by the user, such as email,
Application that support other application programs.
 The Domain Name System (DNS) is a supporting
program that is used by other programs such as e-mail.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
2
Example of using the DNS service
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
3
Host File
 When the Internet was small, mapping was done by using a




host file.
The host file had only two columns: name and address.
Every host could store the host file on its disk and update it
periodically from a master host file.
When a program or a user wanted to map a name to an
address, the host consulted the host file and found the
mapping.
it is impossible to have one single host file to relate every
address with a name.
 The host file would be too large to store in every host.
 it would be impossible to update all the host files every time
there was a change.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
4
Host File
 One solution would be to store the entire host file in a
single computer and allow access to this centralized
information to every computer that needs mapping.
 But this would create a huge amount of traffic on the Internet.
 The solution is to divide this huge amount of
information into smaller parts and store each part on a
different computer.
 the host that needs mapping can contact the closest computer
holding the needed information.
 This method is used by the Domain Name System
(DNS).
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
5
NAME SPACE
 To be unambiguous, the names assigned to machines must be
carefully selected from a name space with complete control
over the binding between the names and IP addresses.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
6
NAME SPACE
Flat Narne Space
 The name is an unstructured sequence of characters.
 Disadvantage: it must be centrally controlled to avoid
duplication.
 Therefore, it can not be used in large systems such as
the Internet.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
7
NAME SPACE
Hierarchical Narne Space
 The name is structured and consists of many parts.
 The first part can define the nature of the organization,
 the second part can define the name of an organization,
 the third part can define departments in the organization,
and so on.
 The authority to assign and control the name spaces can be
decentralized.
 A central authority can assign the part of the name that
defines the nature of the organization and the name of the
organization.
 The responsibility of the rest of the name can be given to
the organization itself. Ex: suffixes /prefixes
 it is efficiently used in large systems such as the Internet.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
8
DOMAIN NAME SPACE
 To have a hierarchical name space, a domain name space was
designed.
 In this design the names are defined in an inverted-tree
structure with the root at the top.
 The tree can have only 128 levels: level 0 (root) to level 127.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
9
Domain name space
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
10
DOMAIN NAME SPACE
Label
 Each node in the tree has a label
 The label is a string of maximum length of 63 characters
 Children of a node should have different labels
 The label of the root is a null string
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
11
DOMAIN NAME SPACE
Domain Name
 Each node in the tree has a domain name.
 A full domain name is a sequence of labels separated
by dots (.).
 The domain names are always read from the node up
to the root.
 The last label is the label of the root (null).
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
12
Domain names and labels
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
13
DOMAIN NAME SPACE
Domain Name
Fully Qualified Domain Name(FQDN). :
 If a label is terminated by a null string.
 It contains all labels, from the most specific to the most
general, that uniquely define the name of the host.
Ex: challenger.ate.tbda.edu.
Partially Qualified Domain Name(PQDN) :
 If a label is not terminated by a null string.
 name A PQDN starts from a node, but it does not reach the
root.
 It is used when the name to be resolved belongs to the
same site as the client.
Ex: challenger
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
14
FQDN and PQDN
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
15
DOMAIN NAME SPACE
Domain
 A domain is a subtree of the domain name space.
 The name of the domain is the domain name of the
node at the top of the subtree.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
16
DOMAIN NAME SPACE
Domain
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
17
DISTRIBUTION OF NAME SPACE
 The information contained in the domain name space must be
stored.
 However, it is very inefficient and also unreliable to have just
one computer store such a huge amount of information.
 In this section, we discuss the distribution of the domain name
space.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
18
DISTRIBUTION OF NAME SPACE
Hierarchy of Name Servers
 The solution to these problems is to distribute the
information among many computers called DNS
servers.
 we let the root stand alone and create as many
domains (subtrees) as there are first-level nodes. #
 DNS allows domains to be divided further into smaller
domains(subdomains).
 It is inefficient and unreliable to store the information of the
domain name space on a single computer:
 It is inefficient because responding to all requests from one
computer imposes a heavy load on the system
 It is unreliable because a failure in the computer makes all
data inaccessible
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
19
Hierarchy of name servers
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
20
DISTRIBUTION OF NAME SPACE
Zone
 Since the complete domain name hierarchy cannot be




stored on a single server, it is divided among many servers.
What a server is responsible for or has authority over is
called a zone.
We can define a zone as a contiguous part of the entire tree.
If a server accepts responsibility for a domain and does not
divide the domain into smaller domains, the domain and
the zone refer to the same thing.
The server makes a database called a zone file and keeps all
the information for every node under that domain.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
21
Zones and domains
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
22
DISTRIBUTION OF NAME SPACE
Root Server
 A root server is a server whose zone consists of the
whole tree.
 A root server usually does not store any information
about domains but delegates its authority to other
servers.
 There are several root servers, each covering the whole
domain name space.
 The servers are distributed all around the world.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
23
DISTRIBUTION OF NAME SPACE
Primary and Secondary Servers
 A primary server stores a file about the zone for
which it is an authority on its local disk
 A primary server is responsible for creating,
maintaining, and updating the zone file
 A secondary server downloads information from
another server (primary or secondary) on its local
disk: this is called zone transfer
 A secondary server is NOT responsible for
creating, maintaining or updating the zone file
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
24
DISTRIBUTION OF NAME SPACE
Primary and Secondary Servers
 If updating is required, it is performed by the
primary server, then sent to the secondary server
 The aim of assigning a secondary server is to create
data redundancy so that it can serve clients in case
of failure of the primary server
 A server can be primary for a zone and secondary
for another server; therefore, it is important to
state the zone to which a primary/secondary server
refers
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
25
DNS IN THE INTERNET
 DNS is a protocol that can be used in different platforms.
 In the Internet, the domain name space (tree) is divided into
three different sections:
 generic domains
 country domains
 the inverse domain
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
26
DNS IN THE INTERNET
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
27
DNS IN THE INTERNET
Generic domains
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
28
Generic domain labels
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
29
DNS IN THE INTERNET
Country Domains
 These use two-character country abbreviations
 Examples are:





Ameera Almasoud
sa (Saudi Arabia)
eg (Egypt)
uk (UnitedKingdom)
fr (France)
us (United States), etc…
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
30
DNS IN THE INTERNET
Country Domains
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
31
DNS IN THE INTERNET
Inverse Domains
 These are used to map an IP address to a name
 When a server receives a request, the first thing it
performs is to check if the sending client is an
authorized one:
 The resolver sends a query to the DNS server with the
client name
 The DNS server finds the corresponding IP address
 The extracted IP address is resent back to the resolver,
then to the server
 The server checks if the received IP is on the list of its
authorized clients
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
32
DNS IN THE INTERNET
Inverse Domains
 This type of query is called inverse query or pointer
query
 The first and second node in a pointer query are always
arpa and in-addr
 The DNS servers that handle the pointer query are
hierarchical:
 The highest level is the network id (netid) part
 The lower level is the subnet id part
 The lowest level is the host id part
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
33
DNS IN THE INTERNET
Inverse Domains
 IP= netid.hostid  132.34.45.121  Class B
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
34
RESOLUTION
 Mapping a name to an address or an address to a
name is called name-address resolution.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
35
RESOLUTION
Resolver
 Client/server application that resides on DNS clients
 Any host that requires to map an IP address to a URL
name or vice versa calls a resolver
 The resolver accesses the closest DNS server with the
mapping request
 If the server has the required information, it provides
them to the resolver
 If the server does not have the required information, it
acts in one of the following ways:
 The server refers the resolver to another DNS server.
 The server asks another server for the required
information, and provides it to the resolver.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
36
RESOLUTION
Mapping Names to Addresses
 Most of the time, the resolver gives a domain name to
the server and asks for the corresponding address.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
37
RESOLUTION
Mapping Addresses to Names
 A client can send an IP address to a server to be
mapped to a domain name.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
38
RESOLUTION
Recursive Resolution
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
39
RESOLUTION
Recursive Resolution
 When a resolver sends a mapping request to a name




server, it expects the answer from the same server
If the server is the authority for the domain name, it
responds immediately to the resolver
Otherwise, the server sends the mapping request to
the parent server
This procedure is repeated recursively until an answer
is found
The answer follows the same way back through the
servers until it reaches the resolver
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
40
RESOLUTION
Iterative Resolution
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
41
RESOLUTION
Iterative Resolution
 If the client does not ask for a recursive answer, the
mapping can be done iteratively.
 If the server is an authority for the name, it sends the
answer.
 If it is not, it returns (to the client) the IP address of the
server that it thinks can resolve the query.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
42
RESOLUTION
Caching
 This is a mechanism that aims to reduce the search time
 a DNS server needs to look for a name (or address) in its






database.
Therefore, when a new request arrives to the server, it
checks its cache first.
If the required information are stored in the cache, the
server responds to the request immediately
If not, it sends the request to another server as explained
before
When a server asks another server for the information, it
stores it in its cache memory before sending it to the client
In case the required information is found in the cache, the
server marks the response as “unauthoritative”.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
43
RESOLUTION
Caching
 Time-to-Live (TTL) counter, in seconds, is used to overcome





this problem
The server keeps a TTL with each entry in its cache
When TTL reaches zero, the corresponding entry is
marked Invalid
When a request is made to an invalid entry, the server
considers it “missing”, and a request is sent to the
authoritative server.
If a server caches a mapping for a long time, it may send an
outdated mapping to the client
Another technique is to search the cache periodically and
purge (kill) all entries with expired TTL.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
44
DNS MESSAGES
 DNS has two types of messages: query and response.
 Both types have the same format.
 The query message consists of a header and question records;
 the response message consists of a header, question records,
answer records, authoritative records, and additional records.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
45
Query and response messages
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
46
Header format
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
47
TYPES OF RECORDS
 There are two types of records are used in DNS.
 The question records are used in the question section of the
query and response messages.
 The resource records are used in the answer, authoritative, and
additional information sections of the response message.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
48
REGISTRARS
 How are new domains added to DNS?
 New domains are added to the Internet through registrars
 A registrar verifies that the requested domain name is unique,
then enters it into the DNS database for a fee.
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
49
DYNAMIC DOMAIN NAME
SYSTEM (DDNS)
 Changes made in the domain include adding a new





host,removing a host, or changing the IP address of a host
In DNS, any made change should be reflected in the DNS
master file
In a huge environment such as the Internet, such updates
in the DNS master file should be automatically reflected
When a change is made, the information is sent to the
primary DNS server which, in turn, updates the zone
Primary servers may update secondary servers actively.
Another mechanism, the secondary servers check
periodically for any updates in the primary server: this is
called passive update
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
50
ENCAPSULATION
 DNS may use either UDP or TCP
 UDP is used when the size of the response message is less
than 512 bytes because most UDP packages have a 512byte packet size limit.
 If the size of the response message is more than 512 bytes, a
TCP connection is used.
 In both cases, the well-know port number of the server
is 53
Ameera Almasoud
Based on Data Communications and Networking, 4th Edition.
by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007
51
Download