CSEE W4140 Networking Laboratory Lecture 10: DNS Jong Yul Kim

advertisement

CSEE W4140

Networking Laboratory

Lecture 10: DNS

Jong Yul Kim

04.08.2009

Annoucements

Visit to TelioSonera’s NY POP (mandatory)

April 29th (Wednesday) 1~3

May 1st(Friday) 10~12

Around 20 students per trip

Please send me an email on which date you’d prefer. If one of the dates is impossible for you, let me know in the email.

Quiz next class on topics in lab 6, 7, and 8

LAN switching (including STP), NAT, DHCP, DNS

Domain Name System

Many RFCs describing the DNS

We’ll look at RFC 1034

“Domain Concepts and Facilities”

DNS Design Goals

“Consistent name space for referring to resources”

Distributed database, with local caching

Data source is responsible for maintaining fresh, accurate information

Must be generally useful

Associate names to sets of data, such as host addresses, mailbox data, host OS

Independent of communications system that carries the queries and responses

Elements of the DNS

Domain name space and resource records

Specifications for a tree structured name space and data associated with the names.

Name servers

Server programs which hold information about the domain tree’s structure and associated data

Resolvers

Client programs that extract information by querying name servers

Domain name space

A tree structure

Each node corresponds to a resource set

Each node has a label up to 63 octets in length

(case-insensitive)

Domain name of the node is the list of labels on the path from the node to the root of the tree.

ee

.

(root) edu columbia cs www cc

Resource records (RR)

Resource information for a particular domain name is written as resource records.

Elements of an RR are:

Owner : domain name where RR is found

Type : shows which resource to query

Class : IN = Internet

TTL : time-to-live in seconds for caches

RDATA : the actual data

Resource records (RR)

RR Types

A

CNAME

HINFO

MX

NS

PTR

SOA host address canonical name

OS / CPU info mail server info authoritative name server

pointer to another node

start of authority

DNS message format

Queries and responses are sent using UDP port 53

Zones

Domain database is partitioned into zones.

. (root)

Zones are formed by cutting the domain tree and then grouping the nodes that are still connected.

Zone

.uci.edu

.edu

.virginia.edu

math.virginia.edu

cs.virginia.edu

A zone is :

Authoritative for all nodes within the zone

Usually managed by one organization

Zone and domain

Domain

DNS Hierarchy

Root and top-level domains are administered by

Internet central name registration authority (ICANN)

org

Below top-level domain, administration of name space is delegated to organizations

Each organization can delegate further

uci.edu

. (root) edu gov toronto.edu

math.toronto.edu

com ece.toronto.edu

neon.ece.toronto.edu

Top-level

Domains

Root servers

Root zone is at the very top of the domain tree

The root servers are statically entered into resolvers and name servers

13 logical root servers in the world

Named with letters A ~ M

171 physical root servers

 http://www.root-servers.org/

Top Level Domain (TLD)

Country code TLD (ccTLD)

TLDs with two letters

.cn, .in, .kr

Each country manages their own TLD

Generic TLD (gTLD)

TLDs with three or more letters

.com, .net, .org, .edu, .gov, .aero

Management is delegated to organizations

Sponsored gTLD is one where the domain is limited to ‘approved’ organizations. (.aero)

.arpa TLD

Used to convert IP addresses to domain names

Registry Listings from ICANN

TLD

.com

.net

.edu

Introduced

1985

1985

1985

Sponsored/

Unsponsored

Unsponsored

Purpose

Unrestricted (but intended for commercial registrants)

Sponsor/

Operator

VeriSign, Inc.

Unsponsored Unrestricted (but intended for network providers, etc.)

VeriSign, Inc.

Sponsored United States educational institutions

EDUCAUSE

Contact

Registry Customer

Service

VeriSign Naming

Services

21345 Ridgetop Circle

Dulles, Virginia 20166

United States

Tel : +1 703 925-6999

Fax: +1 703 421-5828 http://www.verisigngrs.com

Registry Customer

Service

VeriSign Naming Services

21345 Ridgetop Circle

Dulles, Virginia 20166

United States

Tel: +1 703 925-6999

Fax: +1 703 421-5828 http://www.verisigngrs.com

Becky Granger

EDUCAUSE

4772 Walnut Street, Suite

206

Boulder, Colorado 80301

United States

Tel: +1-303-939-0334

Fax: +1-303-440-0461 http://www.educause.edu/ edudomain

Recursive and Iterative Queries

There are two types of queries:

Recursive queries

Iterative (non-recursive) queries

The type of query is determined by a bit in the DNS query

Recursive query: When the name server of a host cannot resolve a query, the server issues a query to resolve the query

Iterative queries: When the name server of a host cannot resolve a query, it sends a referral to another server to the resolver.

Recursive Queries

In a recursive query, the resolver expects the response from the name server

1 st

query: neon.cs.virginia.edu

Referral to edu name server

If the server cannot supply the answer, it will send the query to the “closest known” authoritative name server

(here: In the worst case, the closest known server is the root server)

The root sever sends a referral to the “edu” server.

Querying this server yields a referral to the server of

“virginia.edu”

… and so on

root server

Name server

2 nd

query: neon.cs.virginia.edu

Referral to virginia.edu name server

3 rd

query: neon.cs.virginia.edu

edu server

Referral to cs.virginia.edu

name server

virginia.edu

server

Resolver

4 th

query: neon.cs.virginia.edu

IP address of neon.cs.virginia.edu

cs.virginia.edu

server

Iterative Queries

In an iterative query, the name server sends a closest known authoritative name server a referral to the root server.

Name server

This involves more work for the resolver

Resolver root server

2 nd

1 st

Re fe

: n eo n.c

s.v

qu ery fer ral

to

vi

Re

3 rd

q ue ry

: n eo n.

cs

.v

irg in ia

.e

du se rv rra l t o ed u na m e irg ini a.e

du am e er

edu server

rgi nia se rve

qu ery

: ne on.

r

.ed

u n cs.

virg inia

.ed

u nam e s erv er

virginia.edu

server

Ref erra l to

cs.

virg inia

.ed

u

4 th

query: neon.cs.virginia.edu

IP address of neon.cs.virginia.edu

cs.virginia.edu

server

Caching

To reduce DNS traffic, name servers caches information on domain name/IP address mappings

When an entry for a query is in the cache, the server does not contact other servers

Note: If an entry is sent from a cache, the reply from the server is marked as “unauthoritative”

Authoritative servers can dictate how long the record is cached using the TTL value

Sample zone file

db.mylab.com

;

$TTL 86400 mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. (

1 ; serial

28800 ; refresh

7200 ; retry

Slave refresh time

Slave retry time

604800 ; expire

86400 ; ttl

)

Slave expiration time

Cache time for RR mylab.com. IN

; localhost

PC4.mylab.com.

PC3.mylab.com.

PC2.mylab.com.

PC1.mylab.com.

NS

A

A

A

A

A

PC4.mylab.com.

127.0.0.1

10.0.1.41

10.0.1.31

10.0.1.21

10.0.1.11

Max. age of cached data in seconds

* Start of authority (SOA) record.

Means: “This name server is authoritative for the zone

Mylab.com”

* PC4.mylab.com is the name server

* [email protected] is the email address of the person in charge

Name server (NS) record.

One entry for each authoritative name server

Address (A) records.

One entry for each hostaddress

Homework

Prelab 8 due this Friday

Please write your own answers!

Lab report 7 due next week before labs

Main Points of Lab 8

DNS

Configuring a server

Queries and responses

Caching

Hierarchy of the domain name system

Note: You need to download files from web and bring it to the lab

http://www.tcpip-lab.net/links/conf/lab8

Download