Internetworking II Organizational Communications and Technologies Prithvi Rao H. John Heinz III School of Public Policy and Management Carnegie Mellon University Objectives Understand how DNS works Present a DNS scenario Naming Hosts Nameserver is vehicle for mapping a name to a network telnet akasha.tic.com vs telnet 192.135.128.129 Network object is passed to transport protocol interface Naming evolved with other protocols History of Naming Predecessor of Internet was ARPANET Most important resource was IP address Used naming authority to assign IP addresses Most hosts had single network interfaces; hostname were synonymous to interface Central registry to maintained names and corresponding IP addresses Administrator received a host and IP address for each new machine to be added to network IP address known when network was established Name collision avoided by searching a host file History of Naming Host files were copied to each machine Unix systems consisted of /etc/hosts file Operating systems supported lookup using library functions gethostbyname() and gethostbyaddr() Worked well for small number of hosts (100s) Other operating systems used similar mechanisms but basically the same Worked well because relatively few requests and table size relatively small History of Naming Exponential growth of the internet made static host table impractical Load on servers hosting registry introduced delays in access Names had to be unique to avoid name clashes Solution to support growing internet was Domain Name System (DNS) Domain Name System Internet’s official naming system Distributed naming system Database is scattered across many hosts Maintained by many organizations (each has a small part) Defines resource named and protocols used to communicate between nameservers that maintain the database Domain Name System Delegation Dynamic Distribution Naming is delegated leaving central registry to register only naming authorities Every host is not named by central authority Name lookup is dynamically distributed Site administrators did not have to copy host files Redundancy Lookup algorithms were redundant; no single server Reliability was improved Domain Name System Extensibility Not necessarily restricted to IP addresses Delegation Defines a name space that is a tree structure Each node owned by single authority Child nodes can be created Each child node must have a unique name Domain is any node and its descendant nodes Domain name uniquely indentifies single node within domain Node names are written with separated period Delegation root com edu cmu tic andrew unix5 akasha org kiwilabs nz ……. co ac Delegation Children of root are “top-level domains” Domain name that traverses from node to root is called a Fully Qualified Domain Name (FQDN) Always ends with a period cs.edu(.) Practically the period is dropped cs.edu Some applications (mail) do not permit the appending of a period Domain name traversing part of node is called a Relative Domain Name Dynamic Distribution Descendants of a domain called subdomains Naming authority can assign subdomain names arbitrarily kiwilabs.com has authority for all names under kiwilabs.com Grant of authority is given when new subdomain is registered Child node must be unique ux4.sp.cs.cmu.edu? Hierarchy is broader than deeper Extensibility Name gives resource a convenient reference; name is mapped to resource Can map DNS name to other resources DNS uses a typed resource record to identify resource being named <domain-name ttl IN resource_type resource_value) domain_name is the FQDN for the resource that is key to identifying resource Extensibility ttl is the time to live value Time that the resource record can be cached before being discarded Field is decremented every second and resource is discarded when ttl reaches zero IN identifies resource as belonging to TCP/IP or INternet protocol Extensibility resource_type is a unique identifier for type of resource named During lookup resource_type is used to distinguish between resource records mqpped to the domain name resource_value is value of resource. Can be single value (IP address) or record with multiple values DNS has standard set of resource record types Resource Types IP addresses domain_name A ip_addresses Example ticmac.tic.com A 192.135.128.131 and A is the record type corresponding to IP addresses maps domain name ticmac.tic.com to 192.135.128.131 IP Address Multi-homed host or router has an A record for each network interface router.tic.com A 192.135.128.1 router.tic.com A 193.1.1.1 This illustrates mapping of name router.tic.com to two IP addresses. Machine has two interface cards Host Information HINFO record indentifies and operating system of host with given domain name domain_name HINFO hardware os Example akasha.tic.com HINFO Sun SunOs Alias Alias is CNAME record associating domain name with another domain name domain_name CNAME canonical_name Example mac.tic.com CNAME ticmac.tic.com says that name mac.tic.com is alias for ticmac.tic.com DNS Operational Architecture Query or reply Server To/from another server Query or reply reply query Resolver library function return function call Application DNS Query Format header question answer authority additional DNS Operational Architecture question contains the target domain name and the type and class of query Can match resource record type or be wildcarded to ask for any resource answer is completed by nameserver that replies to query authority can name other authority that can answer query DNS Operational Architecture additional completed by nameserver and assists client with needed information DNS Operational Steps Application sends DNS query to nameserver and waits for response from resolver Resolver generates query and and transmits it to nameserver and handles response and retransmits a query request Examples of API for DNS gethostbyname() and gethostbyservice() DNS Zones root com edu cmu tic andrew unix5 akasha org kiwilabs nz ……. co ac DNS Zones Each DNS zone has its own zone database Primary name-server exists for each zone and maintains an up-todate copy of zone database Copies maintained in secondary nameservers (reliability) DNS Scenario 1) Query from machine able.widget.com is sent to nameserver on ns.widget.com for the IP address for the domain name baker.austin.tic.com: step 1 2) ns.widget.com has no cached resource records for baker.austin.tic.com so the nameserver tries to find an NS record for the parent domain austin.tic.com 3) Finding no cached records for that domain it attempts to find an NS record for the tic.com domain. It looks for the com domain without success. It forwards original query to a root nameserver: step 2 DNS Scenario 4) Root nameserver repeats step 3 and finds an NS record for the com server and passes the query to that server 5) Nameserver for com domain once again repeats above algorithm and finds NS record and associated A record for the domain tic.com and returns information to nameserver on ns.widget.com: step 4 6) Information is cached on ns.widget.com (NS and A records) and sends original query to server for tic.com. Second server for that domain is contacted if timeout occurs: step 5 DNS Scenario 7) Server for tic.com receiving query forwards it to server for austin.tic.com domain: step 6 8) Destination server has answer desired by original node (baker.austin.tic.com) and returns answer to tic.com (7) which then sends answer to ns.widget.com (8) which in turn returns answer to able.widget.com (9) and this machine caches answer for later use Query Example 1 able.widget.com 2 ns.widget.com rootserver 9 8 5 4 3 6 ns.austin.tic.com akasha.tic.com 7 comserver Summary Presented a brief history of domains and host naming Examined the use of resource records Presented DNS query example