CSC521 – Communication Protocols
網路通訊協定
Chapter 23
The Domain Name System (DNS)
吳俊興
國立高雄大學 資訊工程學系
Outline
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Introduction
Names For Machines
Flat Namespace
Hierarchical Names
Delegation Of Authority For
Names
Subset Authority
Internet Domain Names
Top-Level Domains
Name Syntax And Type
Mapping Domain Names To
Addresses
Domain Name Resolution
Efficient Translation
13. Caching: The Key To Efficiency
14. Domain Name System Message
Format
15. Compressed Name Format
16. Abbreviation Of Domain Names
17. Inverse Mappings
18. Pointer Queries
19. Object Types And Resource Record
Contents
20. Obtaining Authority For A Subdomain
21. Dynamic DNS Update And
Notification
22. DNS Security Extensions (DNSSEC)
23. Summary
2
Names For Computers
• Humans prefer pronounceable names rather than numeric
addresses
• Two possibilities of names
– Flat namespace
– Hierarchical namespace
• Two possibilities of naming hierarchy
– According to network topology
– By organizational structure (independent of physical networks)
Internet uses the latter
3
Internet Domain Names
• Internet Hierarchy
– In the Internet, hierarchical machine names are assigned according to the
structure of organizations that obtain authority for parts of the namespace,
not necessarily according to the structure of the physical network
interconnections
• Flexible hierarchy
– Universal naming scheme (same everywhere)
– Each organization determines internal naming structure
• Mechanism known as Domain Name System (DNS)
– Name assigned to a computer known as domain name
• Domain Name Syntax
– Set of labels separated by delimiter character (period)
– Example: cs . purdue . edu
• Three labels: cs, purdue, and edu
• String purdue . edu is also a domain
• Top-level domain is edu
4
Original Top-Level Domains
• Meaning assigned to each
– ccTLD: Country Code TLD
– gTLD: Generic TLD
• Three domains considered generic
– .com
– .net
– .org
5
New Top-Level Domains
• Proponents argued (incorrectly) that DNS would collapse
without additional TLDs
• New TLDs created legal nightmare
6
Authority For Names
• Authority delegated down the tree
• Example
– Purdue University registers under top level domain .edu and receives
authority for domain purdue.edu
– Computer Science Department at Purdue registers with the Purdue
authority, and becomes the authority for domain cs.purdue.edu
– Owner of a lab in the CS Department registers with the departmental
authority, and becomes the authority for domain xinu.cs.purdue.edu
7
Mapping Domain Names To Addresses
• DNS uses a set of on-line servers
• Servers arranged in tree
• Given server can handle entire subtree
– Example: ISP manages domain names for its clients
• DNS Database: Record has ( name, class )
– Class specifies type of object (e.g., computer, email exchanger)
• Consequence:
– A given name may map to more than one item in the domain system. The
client specifies the type of object desired when resolving a name, and
the server returns objects of that type
8
Illustration of DNS Server Topology
• DNS server known as name server
– Single server can handle multiple levels of the naming tree
– Example: root server handles all top-level domains
• DNS client software known as resolver
9
Domain Name Resolution
• Conceptually, must search from root of tree downward
• In practice
– Every name server knows location of a root server
– Only contacts root if no subdomain known
– Lookup always starts with local server first (host can learn address of DNS
server from DHCP)
• Efficient Translation
– Most lookups refer to local names
– Name-to-address bindings change infrequently
– User is likely to repeat same lookup
• To increase efficiency
– Initial contact begins with local name server
– Every server caches answers (owner specifies cache timeout)
10
Resolution Example
root DNS server
Host pc1.csie.nuk.edu.tw
wants IP address for
www.google.com
2
3
local DNS server
4
ccdns.nuk.edu.tw
(140.127.198.1)
5
Later:
• host pc1.csie.nuk.edu.tw wants
IP address for mail.google.com
• host pc2.csie.nuk.edu.tw wants
IP address for www.google.com
1
8
7
.com TLD
DNS server
6
authoritative DNS server
ns1.google.com
requesting host
pc1.csie.nuk.edu.tw
www.google.com
11
DNS Records
DNS: distributed database storing resource records (RR)
RR format: (name,
• Type=A
– name is hostname
– value is IP address
value, type, ttl)
• Type=CNAME
– name is alias name for some
“cannonical” (the real) name
www.ibm.com is really
servereast.backup2.ibm.com
• Type=NS
– name is domain (e.g. foo.com)
– value is IP address of
authoritative name server for
this domain
– value is cannonical name
• Type=MX
– value is name of
associated with name
mailserver
12
DNS Message Format
TYPE
A
NS
CNAME
SOA
PTR
MX
meaning
1 a host address
2 an authoritative name server
5 canonical name for an alias
6 start of a zone of authority
12 a domain name pointer
15 mail exchange
13
Specifying Domain Names with Labels
• Domain name
– a sequence of labels
– A maximum length of 255 characters is allowed
• Label
– Must start with a letter and can only consist of letters, digits and hyphens
– Can be up to 63 characters long and are case insensitive (00xx xxxx)
• Label encoding
– Begins with an octet that specifies its length; 0 marks the end
– i.e. www.google.com = 0x03 w w w 0x06 g o o g l e 0x03 c o m 0x00
• Label compression with pointer
– Begins with two ones (11xx xxxx xxxx xxxx)
– Followed with the offset field
• specifies an offset from the start of the message
• the first octet of the ID field in the domain header
14
DNS
Query
Example
Looking up www.google.com.tw
– Parameter=0x0100=0000 0001 0000 0000: Recursion desired
– Class=INternet: 0x01
– Type=A: 0x01
15
DNS
Reply
Example
•Flag:1000 0001 1000 0000
– 1000=response
– 0001=recursion desired
– 1000=recursion available
•Type=A: 0x01
•C00C=
1100 0000 0000 1100
16
Domain Name Abbreviation
• Abbreviation Of Domain Names
– DNS only recognizes full domain names
– Client software allows abbreviation
• Example of Abbreviation
– Client configured with suffix list
•
•
•
•
. cs . purdue . edu
. cc . purdue . edu
. purdue . edu
null
– User enters abbreviation xinu
– Client tries the following in order
•
•
•
•
xinu. cs . purdue . edu
xinu. cc . purdue . edu
xinu. purdue . edu
xinu
17
Pointer Query
• Inverse Query
–
–
–
–
Map in reverse direction
Excessive overhead
May not have unique answer
Not used in practice
• Pointer Query
– Special case of inverse mapping
– Convert IP address to domain name
– Trick: write IP address as a string and look up as a name
• Example
–
–
–
–
–
Start with dotted decimal address such as
aaa . bbb . ccc . ddd
Rearrange dotted decimal representation as a string:
ddd . ccc . bbb . aaa . in-addr . arpa
Look up using a pointer query type
18
Discussions
• Internationalized Domain Name
– Label extension?
• TTL Issues
– DNS Caching
– Dynamic Update
• DNS Security Issues
– Authentication
– Data integrity
• Performance Issues
– ARP: cache / ?
– IP: routing table /?
– DNS: cache table / TTL
19
Summary
• Domain Name System provides mapping from pronounceable
names to IP addresses
• Domain names are hierarchical; top-level domains are dictated
by a central authority
• Organizations can choose how to structure their domain names
• DNS uses on-line servers to answer queries
• Lookup begins with local server, which caches entries
20