Chapter 23
The Domain Name System (DNS)
吳俊興
國立高雄大學 資訊工程學系
CSC521 – Communication Protocols
Outline
1. Introduction2. Names For Machines 3. Flat Namespace
4. Hierarchical Names
5. Delegation Of Authority For Names
6. Subset Authority
7. Internet Domain Names 8. Top-Level Domains
9. Name Syntax And Type
10. Mapping Domain Names To Addresses
11. Domain Name Resolution 12. Efficient Translation
13. Caching: The Key To Efficiency 14. Domain Name System Message
Format
15. Compressed Name Format
16. Abbreviation Of Domain Names 17. Inverse Mappings
18. Pointer Queries
19. Object Types And Resource Record Contents
20. Obtaining Authority For A Subdomain 21. Dynamic DNS Update And
Notification
22. DNS Security Extensions (DNSSEC) 23. Summary
Names For Computers
• Humans prefer pronounceable names rather than numeric
addresses
• Two possibilities of names
– Flat namespace
– Hierarchical namespace
• Two possibilities of naming hierarchy
– According to network topology
– By organizational structure (independent of physical networks) Internet uses the latter
Internet Domain Names
• Internet Hierarchy
– In the Internet, hierarchical machine names are assigned according to the structure of organizations that obtain authority for parts of the namespace, not necessarily according to the structure of the physical network interconnections
• Flexible hierarchy
– Universal naming scheme (same everywhere)
– Each organization determines internal naming structure
• Mechanism known as Domain Name System (DNS)
– Name assigned to a computer known as domain name
• Domain Name Syntax
– Set of labels separated by delimiter character (period) – Example: cs . purdue . edu
Original Top-Level Domains
• Meaning assigned to each
– ccTLD: Country Code TLD – gTLD: Generic TLD
• Three domains considered generic
– .com – .net – .org
• Proponents argued (incorrectly) that DNS would collapse
without additional TLDs
• New TLDs created legal nightmare
• Authority delegated down the tree
• Example
– Purdue University registers under top level domain .edu and receives authority for domain purdue.edu
– Computer Science Department at Purdue registers with the Purdue authority, and becomes the authority for domain cs.purdue.edu
– Owner of a lab in the CS Department registers with the departmental authority, and becomes the authority for domain xinu.cs.purdue.edu
Mapping Domain Names To Addresses
• DNS uses a set of on-line servers
• Servers arranged in tree
• Given server can handle entire subtree
– Example: ISP manages domain names for its clients
• DNS Database: Record has ( name, class )
– Class specifies type of object (e.g., computer, email exchanger)
• Consequence:
– A given name may map to more than one item in the domain system. The client specifies the type of object desired when resolving a name, and the server returns objects of that type
• DNS server known as name server
– Single server can handle multiple levels of the naming tree – Example: root server handles all top-level domains
• DNS client software known as resolver
• Conceptually, must search from root of tree downward
• In practice
– Every name server knows location of a root server – Only contacts root if no subdomain known
– Lookup always starts with local server first (host can learn address of DNS server from DHCP)
• Efficient Translation
– Most lookups refer to local names
– Name-to-address bindings change infrequently – User is likely to repeat same lookup
• To increase efficiency
– Initial contact begins with local name server
Resolution Example
requesting host
pc1.csie.nuk.edu.tw www.google.com
local DNS server
ccdns.nuk.edu.tw
(140.127.198.1)
1
root DNS server
2
3 4
5
6
authoritative DNS server
ns1.google.com 7 8 .com TLD DNS server Host pc1.csie.nuk.edu.tw wants IP address for
www.google.com
Later:
• host pc1.csie.nuk.edu.tw wants IP address for mail.google.com • host pc2.csie.nuk.edu.tw wants
DNS Records
DNS: distributed database storing resource records (RR)
• Type=NS
– name is domain (e.g. foo.com)
– value is IP address of
authoritative name server for
RR format:
(name, value, type, ttl)• Type=A
– name is hostname
– value is IP address
• Type=CNAME
– name is alias name for some
“cannonical” (the real) name
www.ibm.com is really
servereast.backup2.ibm.com
– value is cannonical name
• Type=MX
DNS Message Format
TYPE meaning
A 1 a host address
NS 2 an authoritative name server CNAME 5 canonical name for an alias SOA 6 start of a zone of authority PTR 12 a domain name pointer MX 15 mail exchange
Specifying Domain Names with Labels
• Domain name
– a sequence of labels
– A maximum length of 255 characters is allowed
• Label
– Must start with a letter and can only consist of letters, digits and hyphens – Can be up to 63 characters long and are case insensitive (00xx xxxx)
• Label encoding
– Begins with an octet that specifies its length; 0 marks the end
– i.e. www.google.com = 0x03 w w w 0x06 g o o g l e 0x03 c o m 0x00
• Label compression with pointer
– Begins with two ones (11xx xxxx xxxx xxxx) – Followed with the offset field
DNS
Query
Example
Looking up www.google.com.tw
– Parameter=0x0100=0000 0001 0000 0000: Recursion desired – Class=INternet: 0x01
DNS
Reply
Domain Name Abbreviation
• Abbreviation Of Domain Names
– DNS only recognizes full domain names – Client software allows abbreviation
• Example of Abbreviation
– Client configured with suffix list • . cs . purdue . edu
• . cc . purdue . edu • . purdue . edu • null
– User enters abbreviation xinu – Client tries the following in order
• xinu. cs . purdue . edu • xinu. cc . purdue . edu • xinu. purdue . edu • xinu
Pointer Query
• Inverse Query
– Map in reverse direction – Excessive overhead
– May not have unique answer – Not used in practice
• Pointer Query
– Special case of inverse mapping – Convert IP address to domain name
– Trick: write IP address as a string and look up as a name
• Example
– Start with dotted decimal address such as – aaa . bbb . ccc . ddd
Discussions
• Internationalized Domain Name
– Label extension?
• TTL Issues
– DNS Caching – Dynamic Update
• DNS Security Issues
– Authentication – Data integrity
• Performance Issues
– ARP: cache / ? – IP: routing table /?
