Computer Networks
Domain Name System Jianping Pan Spring 2017
1/25/17
CSC361
1
Review: Web/HTTP • Web – URI/URL, HTML tags – embedded/linked objects
• HTTP – request and response – persistence, statefulness – web caching, content delivery; HTTP/2
• Where is www.google.com? 1/25/17
CSC361
2
Today's topics • Domain Name System (DNS) – DNS basics • host and domain names • DNS hierarchies
– how to register your name-address mapping • DNS resource records
– how to get your name-address mapping resolved • DNS resolution queries
1/25/17
CSC361
3
Domain names • You say “www.google.com” – host name: www – domain name: google.com
• I say “66.102.7.104” – IPv4 address (4 bytes)
• Name-address mapping – initially, centralized hosts.txt – doesn’t scale! 1/25/17
CSC361
4
DNS name space • Hierarchical, distributed – gTLD: generic top-level domain – ccTLD: country-code top-level domain
ca uvic cs www 1/25/17 CSC361 * internationalized domain names
5 Q: www.cs.uvic.ca
Name hierarchy • www.cs.uvic.ca. – root: . – ccTLD: ca. – UVic: uvic.ca. – CS@UVic: cs.uvic.ca.
• address hierarchy: 142.104.70.161 – UVicNet: 142.104 (*) – EngrNet: 142.104.64~95 • moved from 142.104.96~127 1/25/17
CSC361
6 * additional addresses for wireless
DNS: client's view • Local DNS resolver: gethostbyname() – /etc/host.conf • order hosts,bind – /etc/hosts • 1.2.3.4 nameserver – /etc/resolv.conf • nameserver 1.2.3.4
• Local DNS server: does the real job! – DNS “proxy”; more at DNS queries part
1/25/17 CSC361 * a host name vs the keyword
7
DNS: servers • Local DNS server – where’s www.cs.uvic.ca.
• Root DNS server (.): {a..m}.root-servers.net – ask ca0{1..6}.cira.ca., ns-ext.isc.org
• TLD DNS server (.ca.): ca0{1..6}.cira.ca – ask dns{1|2}.uvic.ca., ns3.uvic.ca., ns.pinc.com
• Authoritative DNS server – primary, secondary
1/25/17
CSC361
8 Q: why so many NS servers?
Root DNS servers • {a..m}.root-servers.net.
k.root
a c d g h
Verisign, Dulles, VA Cogent, Herndon, VA (also Los Angeles) U Maryland College Park, MD k RIPE London (also Amsterdam, Frankfurt) US DoD Vienna, VA i Autonomica, Stockholm (plus 3 ARL Aberdeen, MD j Verisign, ( 11 locations) other locations)
e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 17 other locations)
b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA
m WIDE Tokyo
13 root name servers worldwide
1/25/17 CSC361 9 * d-root changed IPv4 addr in 2013 Q: one server, multiple locations?
root-servers with mirror/anycast
1/25/17
CSC361
10 http://root-servers.org
DNS resource records
1/25/17
CSC361
11
SOA, NS • dig soa cs.uvic.ca – cs.uvic.ca. 43200 IN SOA active.uvic.ca. gduncan.dns.engr.uvic.ca. 705181509 3600 300 604800 1800 • origin = active.uvic.ca; mail addr = gduncan.dns.engr.uvic.ca; serial = 705181509; refresh = 3600 (60 minutes); retry = 300 (5 minutes); expire = 604800 (7 days); minimum = 1800 (0.5 hour) • replication consistency control
• dig ns cs.uvic.ca – cs.uvic.ca. – cs.uvic.ca. 1/25/17
40800 IN 40800 IN
CSC361
NS NS
dns1.uvic.ca. active.uvic.ca.
12 Q: TTL?
• dig mx cs.uvic.ca – cs.uvic.ca. 43200 IN MX 0 mta.cs.uvic.ca. • priority = 0 (highest) • dig a cs.uvic.ca – cs.uvic.ca. 43200 IN A 142.104.100.110 • dig cname www.cs.uvic.ca – www.cs.uvic.ca. 42383 IN CNAME thing2.cs.uvic.ca. • dig a thing2.cs.uvic.ca – thing2.cs.uvic.ca. 43200 IN A 142.104.100.111 • dig ptr 111.100.104.142.in-addr.arpa – 111.100.104.142.in-addr.arpa. 43200 IN PTR thing2.cs.UVic.CA. 1/25/17
CSC361
13 Q: why CNAME?
DNS queries • Local DNS resolver-server #nslookup >set debug >www.cs.uvic.ca QUESTIONS
AUTHORITY RECORDS
www.cs.uvic.ca, type = A, class = IN
ADDITIONAL RECORDS
ANSWERS -> www.cs.uvic.ca canonical name = thing2.cs.uvic.ca. -> thing2.cs.uvic.ca internet address = 142.104.100.111
1/25/17
-> cs.uvic.ca nameserver = active.uvic.ca. -> cs.uvic.ca nameserver = dns1.uvic.ca.
CSC361
-> dns1.uvic.ca internet address = 142.104.6.1 -> active.uvic.ca internet address = 142.104.96.2
14
Recursive vs iterative root DNS server
root DNS server
. Q: recursive or not recursive 2
2
3 7
6
.ca.
3
. ccTLD DNS server 4
.ca.
5 local DNS server dns.poly.edu
1
8
requesting host cis.poly.edu
1/25/17
5
4
local DNS server dns.poly.edu
uvic.ca.
1
8
7
6
uvic.ca.
authoritative DNS server dns1.uvic.ca
requesting host
CSC361 www.cs.uvic.ca
cis.poly.edu
15 www.cs.uvic.ca
DNS queries: more • Local DNS server and higher hierarchy – recursive vs iterative
• Reply cache – time-to-live (TTL)
• Services required – commonly by UDP
• Attacks on DNS – cache poisoning
1/25/17 CSC361 16 * DNSSEC, DNSCurve, HTTPS, etc (CSC490 Summer 2014; JCURA'14)
DNS: reality check • Design goals – distributed, hierarchical, low overhead, robust
• Protocol mechanisms – cache, weak consistency, redundancy • e.g., at least two NS servers per domain in different subnets for redundancy; reality: many are on the same subnet due to poor provisioning • e.g., stable name-address mapping for caching efficiency; reality: very short TTL in CDN
• Secure DNS 1/25/17
CSC361
17
What's the other DNS: De facto Network Search engine? SIGCOMM'04 OOS
for update: http://www.akamai.com/stateoftheinternet/
Akamai content delivery • Akamai EdgePlatform – 15,000+ servers – 1,100+ networks – 69 countries – up to 15% web traffic!
• Server selection – DNS-based – for site or object delivery
1/25/17
CSC361
18
J. Pan, Y. Hou, and B. Li, ``An overview of DNS-based server selections in content distribution networks,'' Elsevier Journal of Computer Networks, 43(6):695-711, 2003.
Site delivery
1/25/17
CSC361
19
AkaDNS.net
1/25/17
CSC361
20
DNS-based server selection • Transparent to end-users • Issues – effectiveness (who’s making the decision) – overhead (low TTL) – granularity (hostname vs. service name) – proximity (client, local DNS, CDN server) – accuracy (network positioning) • Bottom-line: avoid the worst, hope for the best 1/25/17
CSC361
21
This lecture • DNS – DNS names and hierarchies – DNS resource records – DNS resolution queries
• DNS-based server selection – “site delivery”: mechanisms, pros and cons
• Explore further – CDN: “object delivery” 1/25/17
CSC361
22