Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

An Introduction to the Domain Name System

advertisement 
An Introduction to the
Domain Name System
Olaf Kolkman
Olaf@nlnetlabs.nl
http://www.nlnetlabs.nl/
© October 28, 2005 Stichting NLnet Labs
PCH / PfP 1, Los Angeles
This Presentation
• An introduction to the DNS
–
–
–
–
Laymen level
For non-technologists
About protocol features
Not a tutorial on how to set up DNS
• Ask Questions!
– Jargon, terminology or Dutch pronunciation.
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Your’s Truly
• NLnet Labs
• Open Source Software Lab
• DNSSEC Deployment engineering
• NSD, Fonkey, ldns
• IETF DNSEXT co-chair
• Systems Architect, responsible for
DNSSEC deployment at RIPE NCC
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Presentation Road Map
•
•
•
•
Why a naming system
DNS Features
DNS Components
Final Musing
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
IP: Identifiers on the Internet
• The fundamental identifier on the internet
is an IP address.
• Each host connected to the Internet has a
unique IP address
– IPv4 or IPv6
– Uniqueness guaranteed through allocation
from one single pool (IANA-RIR system)
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
How Devices use Identifiers
• The operating systems use the identifiers as
the ‘binding’ points during networking
– End points of ‘sockets’ in the TCP/IP protocol
• TCP/IP is the transport protocol used on the
Internet
• These Identifiers are numbers:
– 213.154.224.54
– 2001:7b8:206:1:211:24ff:fea0:7f4
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
What is easier to remember?
• Humans tend to remember names better,
easier to associate
• NL 1098VA 419 or Kruislaan 419,
Amsterdam, NL
• 89 GH 23 or Olaf’s Ford Focus
• www.nlnetlabs.nl or 213.154.224.1
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
host.txt
• In the1970’s ARPA net, tables where
maintained mapping host-names to IP
addresses
– SRI-NIC
– Tables were pulled from the single machine
– Problems
• traffic and load
• Name collisions
• Consistency
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS
• Domain Name System provides a scalable,
distributed lookup mechanism.
• DNS created in 1983 by Paul Mockapetris
– RFCs 822 and 823
• IETF Full Standard: RFCs 1034 and 1035 (1987)
– modified, updated, and enhanced
– DNS Security extensions being the most recent
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Presentation Road Map
•
•
•
•
Why a naming system
DNS Features
DNS Components
Final Musing
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS Features
• A lookup mechanism for translating objects into
other objects
• A globally distributed, loosely coherent, scalable,
reliable, dynamic database
• Comprised of three components



A “name space”
Servers making that name space available
Resolvers (clients) which query the servers about
the name space
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS Features: Global
Distribution
• Data is maintained locally, but retrievable globally
– No single computer has all DNS data
– Total number of servers: in the 106 to 107 range
• DNS lookups can be performed by any device
• Remote DNS data is locally cachable to improve
performance
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS Features: Loose Coherency
• The database is always internally consistent
– Each version of a subset of the database (a zone) has a
serial number
• The serial number is incremented on each database change
• Changes to the master copy of the database are
replicated according to timing set by the zone
administrator
• Cached data expires according to timeout set by
zone administrator
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS Features: Scalability
• No limit to the size of the database
– One server has over 40,000,000 names
• No limit to the number of queries
– 24,000 queries per second handled easily
• Queries distributed among masters, slaves,
and caches
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS Features: Reliability
• Data is replicated
– Data from master is copied to multiple slaves
– The system can deal with outage of servers
• Clients can query
– Master server
– Any of the copies at slave servers
• Clients will typically query local caches
• DNS protocols can use either UDP or TCP
– If UDP, DNS protocol handles retransmission,
sequencing, etc.
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
DNS Features: Dynamicity
• Database can be updated dynamically
– Add/delete/modify of any record
• Modification of the master database
triggers replication
– Only master can be dynamically updated
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Presentation Road Map
•
•
•
•
Why a naming system
DNS Features
DNS Components
Final Musing
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
The three components
• A “name space”
• Servers making that name space
available
• Resolvers (clients) which query the
servers about the name space
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
The Namespace
Design
• The namespace needs to be made
hierarchical to be able to scale
– Control of parts of the namespace follows the
hierarchy
– Hierarchy represented in labels
player.testlab.nlnetlabs.nl
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
The namespace: Domains
• Domains are “namespace subsets”
• Everything below .com is in the com domain.
• Everything below ripe.net is in the ripe.net domain and in
the net domain.
•
edu com
•
disi
ftp
ws2
http://www.nlnetlabs.nl/
pch
www
•
net domain
moon
google
•
•
•
isi sun
ripe
www
•
net
ripe.net domain
com domain
ws1
PCH / PfP 1, Los Angeles
The namespace:
Zones and Delegations
• Zones are “administrative spaces”
• Zone administrators are responsible for portion of a
domain’s name space
• Authority is delegated from a parent and to a child
•
•
net domain
•
isi sun
ripe
ripe.net zone
•
http://www.nlnetlabs.nl/
moon
disi
ftp
ws2
PCH / PfP 1, Los Angeles
google
tislabs
www
•
disi.ripe.net zone
www
com
edu
•
net
•
net zone
ws1
Name Servers
• Name servers answer ‘DNS’ questions.
• Several types of name servers
– Authoritative servers
• Server data for ‘Zones’
– (Caching) recursive servers
• Also called caching forwarders
– Mixture of functionality
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Zones are served by
authoritative name servers
Each zone served by at least two servers (over 106) in total
•
•
•
disi
ftp
www
•
http://www.nlnetlabs.nl/
moon
ws2
PCH / PfP 1, Los Angeles
google
tislabs
•
•
isi sun
ripe
www
com
edu
•
net
ws1
Concept: Resolving process &
Cache
Question:
www.NLnetLabs.net A
Ask nlserver @ns.domain-registry.nl (+ glue)
www.nlnetlabs.nl A ?
Resolver
192.168.5.10
root-server
www.nlnetlabs.nl A ?
Recursive
name server
www.nlnetlabs.nlt A ?
.nl server
Ask ripe server @ ns.nlnetlabs.nl (+ glue)
Client side
Add to cache
www.nlnetlabsl.nl A ?
192.168.5.10
NlnetLabs server
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Hooking this together
Changes in DNS do not propagate instantly!
Might take up to refresh
to get data from master
Slave
Not going to net if TTL>0
Cache server
Upload of zone
data is local policy
Master
Registry DB
Slave server
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Presentation Road Map
•
•
•
•
Why a naming system
DNS Features
DNS Components
Final Musing
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Back to the namespace
The ‘root’
• The root-zone contains the entry point into the
namespace
• Served by ‘root-servers’
– IANA registered namespace served by the [a-m].rootservers.net
– In reality more than 80 machines in 34 countries
(December 2004)
• If different content is served from different
servers one deals with a different namespace
– Ambiguity is the result
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Why is ambiguity a problem?
• The namespace is used in several protocols and it
is assumed to be unambiguous
– http://www.paypal.com
– SIP:olaf@kolkman.org
– <xsl:stylesheet xmlns:xsl=
“http://www.w3.org/1999/XSL/Transform”
version="1.0">
• All the above are relevant to business applications
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Servers serving different content
cause ambiguity
kids
com
nl
net
http://www.nlnetlabs.nl/
kids
PCH / PfP 1, Los Angeles
Who chooses the namespace
which root-servers to configure
Question:
www.NLnetLabs.net A
root-server
www.nlnetlabs.nl A ?
www.nlnetlabs.nl A ?
Resolver
192.168.5.10
Ask nlserver @ns.domain-registry.nl (+ glue)
Recursive
name server
www.nlnetlabs.nlt A ?
.nl server
Ask ripe server @ ns.nlnetlabs.nl (+ glue)
Client side
Add to cache
www.nlnetlabsl.nl A ?
192.168.5.10
• Client side.
• Often corporate/ISP
level
• DNSSEC: also the
trust-anchor
configuration
NlnetLabs server
Hints File
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
You mentioned DNSSEC
• Specification published
• In early deployment
– .SE and some in-addr.arpa zones
• Ideally one trust-anchor “.”
• Designed with single namespace in mind
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
QUESTIONS?
(Acknowledgements)
•
A number of these slides are based on earlier work at RIPE NCC and course
material developed for ISOC and APRICOT DNS courses.
– Bill Manning and Ed Lewis co-authored the APRICOT DNS course.
http://www.nlnetlabs.nl/
PCH / PfP 1, Los Angeles
Related documents
CANP Case 11
CANP Case 11
Job Title : Cardiovascular Regional Medical Liaison, Los Angeles
Job Title : Cardiovascular Regional Medical Liaison, Los Angeles
cross disci. speed-Problems-11 - Environmental-Chemistry
cross disci. speed-Problems-11 - Environmental-Chemistry
Rainfall in Downtown Los Angeles Throughout the Months The Los
Rainfall in Downtown Los Angeles Throughout the Months The Los
AFSCME American Federation of State County and Municipal
AFSCME American Federation of State County and Municipal
The Local Region
The Local Region
CSULA Emeriti Association Faculty Biography Form
CSULA Emeriti Association Faculty Biography Form
Word - Economic & Workforce Development Department, City of Los
Word - Economic & Workforce Development Department, City of Los
Wendi`s Corporate Resume
Wendi`s Corporate Resume
Download
advertisement