210 likes | 349 Views
Domain Name System. Arthur Harris Gennadiy Kofman James Mendoza. To be discussed: Machines and names (history) - Flat namespace Hierarchical names - Delegation of authority - Subset Authority - Obtaining authority on a subdomain Internet Domain Names Top level domains
E N D
Domain Name System Arthur Harris Gennadiy Kofman James Mendoza
To be discussed: • Machines and names (history) • - Flat namespace • Hierarchical names • - Delegation of authority • - Subset Authority • - Obtaining authority on a subdomain • Internet Domain Names • Top level domains • Mapping names to addresses • Name resolution • Caching • Domain name abbreviation • Reverse DNS • Object types and resource record content (name server records) • Pointer queries
Machines and Names • Why use names? • - Difficult to remember a 32-bit number • - System of mapping names to addresses was created • - In the early days, there weren’t many computers • networked, so names were chosen with low chance • of conflict • - Flat namespace was used; database of single-word • names run by a single authority
Flat namespace Advantage - Easy to remember Disadvantages - Doesn’t accommodate large number of machines - Names centrally stored (excessive traffic to one spot) - High cost of maintenance
Hierarchical names • - Solution to flat namespace • - Names are now hierarchically delegated rather than run • by a central authority • - Authority over the different levels of the hierarchy are • delegated to different entities
Hierarchical names Advantages - Accommodates a much larger number of machines - More efficient Disadvantage - More complex than flat namespace
Internet Domain Names DNS (Domain Name System) DNS Provides name-to-address mapping for the internet The hierarchical naming scheme in DNS is called domain names
DNS syntax and rules Domain names consist of subnames separated by periods (i.e. www.csun.edu) Each subname is called a label (i.e. www, csun, edu) Any suffix in a domain name is called a domain Third-level domain www.csun.edu Second-level domain csun.edu Top-level domain edu
Top-level domains Organized by country us, ci, au, uk, jp, ru, nu (What’s nu?) Organized by organization arpa, com, edu, gov, museum, name, net, org
Delegation of authority for names Domain names are handled by multiple entities Different entities have authority over different parts of a domain name In the internet world, the top-level domains are run by the big shots ICANN (Internet Corporation for Assigned Names and Numbers).
ICANN ICANN delegates authority of second-level domains to various entities such as ISPs and registrars. ISPs and registrars can delegate second and/or third-level domains to other entities (usually us, the common masses). python.ecs.csun.edu edu – run by ICANN csun – run by CSUN ecs – run by CSUN python – run by CSUN
Mapping Domain Names to Addresses - Name servers are the heart of the domain name system. - Name servers resolve domains to IP addresses. - 13 root servers, which resolve the top-level domains, are spread out across the world. - For second-level domains, there are thousands of name servers across the world.
Typical root server entries for Name Server ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ;
Mapping Domain Names to Addresses - Servers for third, fourth, fifth, and higher levels can exist also, but not as common. You rarely see a domain name aaa.bbb.ccc.ddd.eee.com How does a client find a name server to start querying names? - Primary and secondary DNS IPs specified in your TCP/IP settings (Windows) - How does a name server find other name server that can resolve names that it can’t? - All name servers must know the address of at least one root server.
Resource records on a name server A Host address 32-bit IP address CNAME Canonical name Alias for a domain name MX Mail exchanger Name of mail exchanger host NS Name server Name of authoritative server SOA Start of authority Fields to specify parts of naming hierarchy a server implements
A look at a root servers zone file COM. NS A.GTLD-SERVERS.NET COM. NS G.GTLD-SERVERS.NET COM. NS H.GTLD-SERVERS.NET COM. NS C.GTLD-SERVERS.NET COM. NS I.GTLD-SERVERS.NET COM. NS B.GTLD-SERVERS.NET EDU. NS L3.NSTLD.COM EDU. NS D3.NSTLD.COM EDU. NS A3.NSTLD.COM EDU. NS E3.NSTLD.COM GOV. NS G.GOV.ZONEEDIT.COM GOV. NS F.GOV.ZONEEDIT.COM GOV. NS E.GOV.ZONEEDIT.COM
A Look at a Root Servers Zone file RU. NS NS.RIPN.NET RU. NS NS2.RIPN.NET UK. NS NS1.NIC.UK UK. NS NS2.NIC.UK UK. NS NS4.NIC.UK HK. NS ADNS1.BERKELEY.EDU HK. NS ADNS2.BERKELEY.EDU HK. NS NS1.HKIRC.NET.HK HK. NS NS2.HKIRC.NET.HK HK. NS TLD3.ULTRADNS.ORG HK. NS TLD5.ULTRADNS.INFO HK. NS TLD6.ULTRADNS.CO.UK. From edu top top-level server CSUN NS NS1.CSUN CSUN NS NS3.CSUN
Abbreviation of Domain Names - Within a particular network, a list of domain name suffixes are kept. In the CS department, for example: .ecs.csun.edu .csun.edu null - User within said network need only type in the subdomain prefix. In the CS department, for example, “python” leads to python.ecs.csun.edu - The suffixes will combine with the prefix and be tried until a unique match is made - If no subdomain combination is valid a 404 error is generated
Inverse Mappings - Opposite of domain abbreviation - The user need only type the domain suffix, for example csun.edu, or .edu - Resolution of the prefix will be attempted, using the list of subdomains resident on the network. - This may not always generate a unique path - csun.edu could lead to www.csun.edu, but could also lead to www.ecs.csun.edu, www.pas.csun.edu and so on - Although inverse queries have been a part of DNS since the beginning, they are generally not used because there is often more than one way to resolve the query.
Pointer Queries - The server maps the client’s IP address to a domain name Why do we need it? - Companies may only want to allow clients that are part of their company to connect - If non-company clients attempt to connect, their IP address will be checked by a pointer query - If their IP address is not part of the company domain, they will get receive a Denial of Service
Caching - Name servers and clients maintain their own cache for recently queried domain names - Cached entries have a limited lifetime, which is specified by the TTL (time to live) which it receives in a name server query