dns -- domain name system or domain name server domain name college of electrical an communication...
TRANSCRIPT
DNS -- Domain Name System
or Domain Name Server Domain nameCollege of Electrical an Communication Engineering *.en.yzu.edu.twDepartment of Electrical Engineering *.ee.yzu.edu.twDepartment of Electro-Optical Engineering *.eo.yzu.edu.twDepartment of Communications Engineering *.comm.yzu.edu.tw
References
• Computer Networking: A Top Down Approach ,Chapter 2, 4th edition. Jim Kurose, Keith Ross, Addison-Wesley, July 2007.
• http://en.wikipedia.org/wiki/Domain_Name_System
• YouTube: DNS "Domain Name System" Basics
• RFC 1034,1035, 2136 …
YZU DNS Setting
140.138.181.125
router
ADSLTANET
DNS server
140.138.138.250
140.138.2.104 140.138.2.109140.138.2.107
7 Building DNS Mech DNS
dns.eo.yzu.edu.twdns.eed.yzu.edu.tw
Outline
• Introduction to Domain Names
• Management of Domain Servers
• DNS Protocol
5
Part 1Introduction to Domain
Name
Address vs. Name
• Internet hosts, routers:– IP address (32 bit), e.g., 140.138.8.110 -
used for addressing datagrams– “name”, e.g., www.yzu.edu.tw - used by
humans
Q1: How to get a name for a specific IP address?
Q2: How to map between IP addresses and domain name on the network?
Way 1 -- Host Table
• Mapping between IP addresses and host names.
• Host table is the file /etc/hosts.• Static information• You had better have a host table which
contains the information about local host, gateways and other servers. If the DNS does not work, you only have your host table.
Way 2 -- DNS
• Domain Name System
• DNS translates domain names meaningful to humans into the IP addresses.– Address resolution : translation of a
domain name into an IP address 。– Reverse lookup : a query of the DNS for
domain names when the IP address is known.
Get Domain Name
• The right to use a domain suffix is delegated by domain name registrars which are accredited by ICANN. – Internet Corporation for Assigned Names and
Numbers– Network Information Centers (NIC)
• TWNIC ( http://www.twinc.net.tw )– Assign IP address & Maintain DNS servers
Hierarchy of Domain Name
root
yzu
commmech
Top Level Domain (TLD)
Root
Second Level Domain (SLD)
Root Name Servers
• Contact authoritative name server if name mapping not known
• Gets mapping
• Returns mapping to local name server
13 root name servers worldwide
b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA
e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 36 other locations)
i Autonomica, Stockholm (plus 28 other locations)
k RIPE London (also 16 other locations)
m WIDE Tokyo (also Seoul, Paris, SF)
a Verisign, Dulles, VAc Cogent, Herndon, VA (also LA)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 21 locations)
Domain Name Space
• The management organization for Internet domain name and IP address ( ICANN ) separates domain names into 3 sections :– Generic Domains (gTLD)– Country Domains (ccTLD)– Inverse Domains
Inverse domain
country domain
generic domain
root
Original Generic (gTLD)
Domain Name Assigned To
com Commercial organization
edu Educational institution
gov Government organization
mil Military group
net Major network support center
org Organization other than those above
arpa Temporary ARPA domain
int International organization
New Generic (gTLD)
• New root domain on Dec, 2000Domain Name Assigned To
info Commercial organization
biz Educational institution
name Government organization
pro Military group
museum Major network support center
coop Organization other than those above
aero Temporary ARPA domain
Country Code (ccTLD)
• country code: A country
• au Australia
• ca Canada
• cn Mainland China
• de Germany
• fr France
• jp Japan
• nz New Zealand
• tw Taiwan
• uk United Kingdom
Inverse Domains
Inverse domain
root
121.45.34.132.in-addr.arpa.
arpa
in-addr
132
34
45
121
Index to names
Search the domain name of 132.34.45.121
17
Part 2Management of Name
Servers
What Is Domain
• DNS : a tree structure
• Domain : a subtree
• The host magi.rd.hgiga.com belongs to domain rd.hgiga.com and domain hgiga.com.
domain
subdomainAuthorized by parent domain
Written Types of Domain Name
• Full Qualified Domain Name (FQDN)– Ex: pcs.comm.yzu.edu.tw.– Unique
• Partially Qualified Domain Name (PQDN)– Ex: pcs.comm– Without the ".", DNS Client will automatically
add the suffix yzu.edu.tw to form the FQDN.
Query Process
• Some OS’s resolver asks host table first.
• Resolver asks default DNS servers (local DNS)– DNS searches its database for domain names
in its domain (authoritative answer due to authoritative DNS server).
– Then search cache. – If no answer exists, it asks the root server.
• Discussed later…
Management Based on Domain
Q: Problem ?
Zone• magi.rd.hgiga.com belongs to the zone
rd.hgiga.com but not to hgiga.com.
Graphical representation• walnut.candy.foobar.com
Examples of Partitions
Distributed Architecture
• Many name servers are implemented in hierarchical architecture.
• Application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation)
How to Get magi.rd.hgiga.com IP
TLD and Authoritative Servers
• Top-level domain (TLD) servers– Responsible for com, org, net, edu, etc, and
all top-level country domains uk, fr, ca, jp.
• Authoritative DNS servers– Organization’s DNS servers, providing
authoritative hostname to IP mappings for organization’s servers (e.g., Web, mail).
– Can be maintained by organization or service provider
– Master and Slave DNS servers
Local Name Server
• Each ISP (residential ISP, company, university) has one.– Close to the hosts– Also called “default name server”
• When host makes DNS query, query is sent to its local DNS server– Acts as proxy, forwards query into hierarchy
• Does not belong to hierarchy
How to Get IP Addresses
• Resolver queries local name server
• Local name server that can not resolve name contacts to root server
• Example: Host at cis.poly.edu wants IP address for gaia.cs.umass.edu– Iterated query– Recursive query
requesting hostcis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS serverdns.poly.edu
1
23
4
5
6
authoritative DNS serverdns.cs.umass.edu
78
TLD DNS server
Iterated Query
• Contacted server replies with name of server to contact
• “I don’t know this domain name, but ask this server”
requesting hostcis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS serverdns.poly.edu
1
2
45
6
authoritative DNS serverdns.cs.umass.edu
7
8
TLD DNS server
3
Recursive Query
• Puts burden of name resolution on contacted name server
• Heavy load?
Caching and Updating Records
• Once name server learns mapping, it caches mapping– Cache entries timeout (disappear) after
some time– TLD servers typically cached in local name
servers• Thus root name servers not often visited
• Update/notify mechanisms– RFC 2136– http://www.ietf.org/html.charters/dnsind-charter.html
Why Not Centralization DNS?
• Distant centralized database
• Traffic volume
• Maintenance
• Doesn’t scale!
• A single point of failure
• More secure!
Services Provided by DNS
• Hostname to IP address translation
• Host aliasing– Canonical, alias names
• Mail server aliasing
• Load distribution– replicated Web servers: set of IP
addresses for one canonical name
Optimization of DNS performance
• Replicating– Each root server is replicated– Many copies of the server exist around the world– In practice, the geographically closest server usually
responds best
• Caching– Each server maintains a cache of names– Caching work well because name resolution shows a
strong tendency toward temporal locality of reference
36
Part 3DNS Protocol
DNS Records: Resource Record
RR format: (name, value, type, ttl)
• Register name networkuptopia.com at DNS registrar – registrar inserts two RRs into com TLD server
(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)
– Provide authoritative server (master and slave) for networkutopia.com
– Create IP addresses of authoritative server for www.networkuptopia.com
Domain / Question Type
Type Mnemonic Description
1 A Domain name →IPv4 Address.
2 NS Name Server. Find the authoritative
name server for the zone.
12 PTR Pointer. IP → domain name.
15 MX Mail Exchange. Find the mail
server of the zone.
255ANY A request for all records.
(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)
Resource Record Format
Domain name
Domain Type Domain Class
TTL (Time to Live)
Resource data length
Resource Data
DNS Messages
• DNS protocol : query and reply messages, both with same message format– Query : Client → Server
• Header+Question section
– Response : Server → Client
• Header+Question +Answer +Authoritative+Additional
Header
Question section
Answer section
Authoritative section
Additional section
Header
Question section
Header
Opcode
Identification (16 bits)
Number of question records
Flags (16 bits)
Number of authoritative records
Number of answer recodes
Number of additional records
QR
0 1 5 6 7 8 9 10 11 12 15
AA TC RD RA rCode
Flag
Z AD CD
QR=0: query, QR=1: response
Opcode=0: standard, Opcode=1: inverse, Opcode=2: server status request
12 bytes
Flags
• AA=1: authoritative answer (for response)
• TC=1: truncated to 512 bytes (for UDP)
• RD=1: recursive desired (set by query)
• RA=1: recursive available (for response)
• AD=1: authenticated data
• CD: checking disable
• rCode: status of error in response
Question Record Format
Query name
Query Type Query Class
Query name format
5 a d m i n 3 a t c 4 f h d a 3 e d u 0
Query Type: which Resource Data (ex: A, PTR, Mx, or NS)
Query Class=1: Internet (only one)
Other Sections
• Answer Section: a list of resource record
• Authoritative Section: the information of (1 or more) authoritative servers
• Additional Information Section: other response message, ex: IP of authoritative server
45
Part 4DNS Tools
nslookup
• A software for debugging# nslookup
Default Server: dorm-dns.yzu.edu.tw
Address: 140.138.2.107
>www.yzu.edu.tw
Server: dorm-dns.yzu.edu.tw
Address: 140.138.2.107
Name: www.yzu.edu.tw
Address: 140.138.8.10
nslookup -MX ( 1/2 )> set type=MX
> mail.yzu.edu.tw
Default Server: dorm-dns.yzu.edu.tw
Address: 140.138.2.107
Non-authoritative answer:
mail.yzu.edu.tw mail exchanger = 30 nopam-3.yzu.edu.tw.
mail.yzu.edu.tw mail exchanger = 1 yzu-mx2.yzu.edu.tw.
mail.yzu.edu.tw mail exchanger = 10 mx3.yzu.edu.tw.
mail.yzu.edu.tw mail exchanger = 20 mx2.yzu.edu.tw.
nslookup -MX ( 2/2 )Authoritative answers can be found from:
yzu.edu.tw nameserver = taurus.yzu.edu.tw.
yzu.edu.tw nameserver = dorm-dns.yzu.edu.tw.
yzu.edu.tw nameserver = dorm-dns2.yzu.edu.tw.
yzu-mx2.yzu.edu.tw internet address = 140.138.36.215
mx3.yzu.edu.tw internet address = 140.138.36.126
mx2.yzu.edu.tw internet address = 140.138.36.13
taurus.yzu.edu.tw internet address = 140.138.2.104
dorm-dns.yzu.edu.tw internet address = 140.138.2.107
dorm-dns2.yzu.edu.tw internet address = 140.138.2.109
>
nslookup-NS> set type=NS
> mail.yzu.edu.tw
Server: dorm-dns.yzu.edu.tw
Address: 140.138.2.107
Authoritative answers can be found from:
yzu.edu.tw
origin = taurus.yzu.edu.tw
mail addr = joejoe.saturn.yzu.edu.tw
serial = 2011032201
refresh = 3600
retry = 3600
expire = 3900
minimum = 3600
>
nslookup-any> server 140.138.2.109
Default server: 140.138.2.109
Address: 140.138.2.109#53
> set type=any
> mail.yzu.edu.tw
Default server: 140.138.2.109
Address: 140.138.2.109
mail.yzu.edu.tw mail exchanger = 10 mx3.yzu.edu.tw.
mail.yzu.edu.tw mail exchanger = 20 mx2.yzu.edu.tw.
mail.yzu.edu.tw mail exchanger = 30 nopam-3.yzu.edu.tw.
mail.yzu.edu.tw mail exchanger = 1 yzu-mx2.yzu.edu.tw.
Name: mail.yzu.edu.tw
Address: 140.138.36.14
>
Who is (1/3)
• http://www.twnic.net.tw/ (English version)• Whois: yzu + .tw( 泛英 / 泛中 )Domain Name: yzu.tw
Registrant: Ministry of Education Computer Center 12th Fl, 106, Hoping E. Road, Sec 2. Taiwan Republic of China, R.O.C
Contact: TANet, Administrator [email protected]
TEL: tanetadm.edu.tw
Record expires on 2012-10-27 (YYYY-MM-DD)
Record created on 2005-10-27 (YYYY-MM-DD)
Registrar: EDU
Whois (2/3)
• Whois 查詢 yzu.edu + .twMinistry of Education Computer Center 12th Fl, 106,
Hoping E. Road, Sec 2. Taiwan Republic of China, R.O.C TW
Domain Name: edu.tw
Contact: TANet, Administrator [email protected] 886-2-87329007
Whois (3/3)
• Whois 查詢 140.138.137.171 + IP
用戶單位 :140.138.0.0/16
Netname T-YZU.EDU.TW-NET
Registered Date 1992-05-24
Admin. Contact [email protected]
Tech. Contact [email protected]
IP代理發放單位網段 :140.138.0.0-140.138.255.255
Chinese Name 教育部 Netname TANET-NET
Organization Name Ministry of Education Computer Center
Street Address 12F, No 106, Sec.2,Hoping E. Rd.,
AdminHandle [email protected]
TechHandle [email protected]
SpamHandle [email protected]