SlideShare ist ein Scribd-Unternehmen logo

Addressing

Online
Online

Click Here http://www.eacademy4u.com/ Online Educational Website For You

BildungTechnologie
1 von 67
ADDRESSING 1
The DNS is… • The “Domain Name System” – Created in 1983 by Paul Mockapetris (RFCs 1034 and 1035), modified, updated, and enhanced by a myriad of subsequent RFCs • What Internet users use to reference anything by name on the Internet • The mechanism by which Internet software translates names to addresses and vice versa 2
A Quick Digression: Names versus Addresses • An address is how you get to an endpoint – Typically, hierarchical (for scaling): • 950 Charter Street, Redwood City CA, 94063 • 204.152.187.11, +1-650-381-6003 • A “name” is how an endpoint is referenced – Typically, no structurally significant hierarchy • “David”, “Tokyo”, “itu.int” 3
The DNS is also… • A lookup mechanism for translating objects into other objects • A globally distributed, loosely coherent, scalable, reliable, dynamic database • Comprised of three components – A “name space” – Servers making that name space available – Resolvers (clients) which query the servers about the name space 4
DNS as a Lookup Mechanism • Users generally prefer names to numbers • Computers prefer numbers to names • DNS provides the mapping between the two – I have “x”, give me “y” • DNS is NOT a directory service – No way to search the database • No easy way to add this functionality 5
DNS as a Database • Keys to the database are “domain names” – www.foo.com, 18.in-addr.arpa, 6.4.e164.arpa • Over 100,000,000 domain names stored • Each domain name contains one or more attributes – Known as “resource records” • Each attribute individually retrievable 6
Global Distribution • Data is maintained locally, but retrievable globally – No single computer has all DNS data • DNS lookups can be performed by any device • Remote DNS data is locally cachable to improve performance 7
Loose Coherency • The database is always internally consistent – Each version of a subset of the database (a zone) has a serial number • The serial number is incremented on each database change • Changes to the master copy of the database are replicated according to timing set by the zone administrator • Cached data expires according to timeout set by zone administrator 8
Scalability • No limit to the size of the database – One server has over 20,000,000 names • Not a particularly good idea • No limit to the number of queries – 24,000 queries per second handled easily • Queries distributed among masters, slaves, and caches 9
Reliability • Data is replicated – Data from master is copied to multiple slaves • Clients can query – Master server – Any of the copies at slave servers • Clients will typically query local caches • DNS protocols can use either UDP or TCP – If UDP, DNS protocol handles retransmission, sequencing, etc. 10
Dynamicity • Database can be updated dynamically – Add/delete/modify of any record • Modification of the master database triggers replication – Only master can be dynamically updated • Creates a single point of failure 11
The Name Space • The name space is the structure of the DNS database – An inverted tree with the root node at the top • Each node has a label – The root node has a null label, written as “” T h e ro o t n o d e "" t o p -le v e l n o d e t o p -le v e l n o d e t o p -le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e t h ir d -le v e l n o d e t h ir d -le v e l n o d e t h ir d -le v e l n o d e 12
An Analogy – E.164 • Root node maintained by the ITU (call it “+”) • Top level nodes = country codes (1, 81, etc) • Second level nodes = regional codes (1-808, 81-3, etc.) "+ " . .. 1 81 ... . .. 202 650 808 3 4 852 381 779 3489 6003 6003 5226 2024 13
Labels • Each node in the tree must have a label – A string of up to 63 8 bit bytes "" • The DNS protocol makes NO limitation on what binary values are used in labels – RFCs 852 and 1123 define legal t o p -1 t o p -2 t o p -3 characters for “hostnames” • A-Z, 0-9, and “-” only with a-z and A-Z treated as the same • Sibling nodes must have unique fo o fo o fo o a t& t bar baz labels • The null label is reserved for the root node 14
Domain Names • A domain name is the sequence of labels from a node to the root, separated by dots (“.”s), read left to right – The name space has a maximum depth of 127 levels – Domain names are limited to 255 characters in length • A node’s domain name identifies its position in the name space "" com edu gov in t m il net o rg n o m in u m m e ta in fo b e r k e le y nwu n a to a rm y uu w est e a st w w w d a k o ta 15 to rn a d o
Subdomains • One domain is a subdomain of another if its apex node is a descendant of the other’s apex node • More simply, one domain is a subdomain of another if its domain name ends in the other’s domain name – So sales.nominum.com is a subdomain of • nominum.com • com – nominum.com is a subdomain of com 16
Name Servers • Name servers store information about the name space in units called “zones” – The name servers that load a complete zone are said to “have authority for” or “be authoritative for” the zone • Usually, more than one name server are authoritative for the same zone – This ensures redundancy and spreads the load • Also, a single name server may be authoritative for many zones 17
Name Servers and Zones 128.8.10.5 serves Name Servers Zones data for both nominum.com and isc.org zones 128.8.10.5 nominum.com 202.12.28.129 serves data for nominum.com 202.12.28.129 zone only isc.org 204.152.187.11 serves data for 204.152.187.11 isc.org zone only 18
Types of Name Servers • Two main types of servers – Authoritative – maintains the data • Master – where the data is edited • Slave – where data is replicated to – Caching – stores data obtained from an authoritative server – The most common name server implementation (BIND) combines these two into a single process • Other types exist… • No special hardware necessary 19
Name Server Architecture • You can think of a name server as part: – database server, answering queries about the parts of the name space it knows about (i.e., is authoritative for), – cache, temporarily storing data it learns from other name servers, and – agent, helping resolvers and other name servers find data that other name servers know about 20
Name Server Architecture Zone From data Name Server Process disk file Authoritative Data Master Zone transfer server (primary master and slave zones) Cache Data (responses from other name servers) Agent (looks up queries on behalf of resolvers) 21
Authoritative Data Name Server Process Authoritative Data (primary master and slave zones) Response Cache Data (responses from other name servers) Agent (looks up queries Resolver Query on behalf of resolvers) 22
Using Other Name Servers Name Server Process Authoritative Data (primary master and slave zones) Response Cache Data Response (responses from Arbitrary other name servers) name Agent Query server (looks up queries Resolver Query on behalf of resolvers) 23
Cached Data Name Server Process Authoritative Data (primary master and slave zones) Response Cache Data (responses from other name servers) Agent (looks up queries Query Resolver on behalf of resolvers) 24
Name Resolution • Name resolution is the process by which resolvers and name servers cooperate to find data in the name space • To find information anywhere in the name space, a name server only needs the names and IP addresses of the name servers for the root zone (the “root name servers”) – The root name servers know about the top-level zones and can tell name servers whom to contact for all TLDs 25
Name Resolution • A DNS query has three parameters: – A domain name (e.g., www.nominum.com), • Remember, every node has a domain name! – A class (e.g., IN), and – A type (e.g., A) • A name server receiving a query from a resolver looks for the answer in its authoritative data and its cache – If the answer isn’t in the cache and the server isn’t authoritative for the answer, the answer must be looked up 26
The Resolution Process • Let’s look at the resolution process step-by- step: annie.west.sprockets.com ping www.nominum.com. 27
The Resolution Process • The workstation annie asks its configured name server, dakota, for www.nominum.com’s address dakota.west.sprockets.com What’s the IP address of www.nominum.com? annie.west.sprockets.com ping www.nominum.com. 28
The Resolution Process • The name server dakota asks a root name server, m, for www.nominum.com’s address m.root-servers.net dakota.west.sprockets.com What’s the IP address of www.nominum.com? annie.west.sprockets.com ping www.nominum.com. 29
The Resolution Process • The root server m refers dakota to the com name servers • This type of response is called a “referral” m.root-servers.net dakota.west.sprockets.com Here’s a list of the com name servers. Ask one of them. annie.west.sprockets.com ping www.nominum.com. 30
The Resolution Process • The name server dakota asks a com name server, f, for www.nominum.com’s address What’s the IP address of www.nominum.com? m.root-servers.net dakota.west.sprockets.com f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 31
The Resolution Process • The com name server f refers dakota to the nominum.com name servers Here’s a list of the nominum.com name servers. Ask one of them. m.root-servers.net dakota.west.sprockets.com f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 32
The Resolution Process • The name server dakota asks an nominum.com name server, ns1.sanjose, for www.nominum.com’s address What’s the IP address of www.nominum.com? m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 33
The Resolution Process • The nominum.com name server ns1.sanjose responds with www.nominum.com’s address m.root-servers.net dakota.west.sprockets.com Here’s the IP ns1.sanjose.nominum.net address for www.nominum.com f.gtld-servers.net annie.west.sprockets.com 34 ping www.nominum.com.
The Resolution Process • The name server dakota responds to annie with www.nominum.com’s address Here’s the IP address for www.nominum.com m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 35
Resolution Process (Caching) • After the previous query, the name server dakota now knows: – The names and IP addresses of the com name servers – The names and IP addresses of the nominum.com name servers – The IP address of www.nominum.com • Let’s look at the resolution process again annie.west.sprockets.com ping ftp.nominum.com. 36
Resolution Process (Caching) • The workstation annie asks its configured name server, dakota, for ftp.nominum.com’s address m.root-servers.net dakota.west.sprockets.com What’s the IP address ns1.sanjose.nominum.net of ftp.nominum.com? f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 37
Resolution Process (Caching) • dakota has cached an NS record indicating ns1.sanjose is an nominum.com name server, so it asks it for ftp.nominum.com’s address What’s the IP address of ftp.nominum.com? m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 38
Resolution Process (Caching) • The nominum.com name server ns1.sanjose responds with ftp.nominum.com’s address m.root-servers.net dakota.west.sprockets.com Here’s the IP address for ns1.sanjose.nominum.net ftp.nominum.com f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 39
Resolution Process (Caching) • The name server dakota responds to annie with ftp.nominum.com’s address Here’s the IP address for ftp.nominum.com m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 40
What can be Resolved? • Any name in the name space • Class – Internet (IN), Chaos (CH), Hesiod (HS) • Type – Address (A, AAAA, A6) – Pointer (PTR, NAPTR) – Aliases (CNAME, DNAME) – Security related (TSIG, SIG, NXT, KEY) – Etc. 41
DNS Structure and Hierarchy • The DNS imposes no constraints on how the DNS hierarchy is implemented except: – A single root – The label restrictions • If a site is not connected to the Internet, it can use any domain hierarchy it chooses – Can make up whatever TLDs you want • Connecting to the Internet implies use of the existing DNS hierarchy 42
Top-level Domain (TLD) Structure • In 1983 (RFC 881), the idea was to have TLDs correspond to network service providers – e.g., ARPA, DDN, CSNET, etc. • Bad idea: if your network changes, your email address changes • By 1984 (RFC 920), functional domains was established – “The motivation is to provide an organization name that is free of undesirable semantics.” – e.g., GOV for Government, COM for commercial, EDU for education, etc. • RFC 920 also provided for – Provided for country domains – Provided for “Multiorganizations” • Large, composed of other (particularly international) organizations – Provided a stable TLD structure until 1996 or so 43
The Domain Name Wars • In 1996,the US National Science Foundation permitted Network Solutions to charge a usage fee for the allocation and registration of domain names – To compensate for the explosive growth the Internet was facing at the time • The resultant controversy caused the US Government (Dept. of Commerce) to take a much more active role – Official governmental policy (the White Paper) on Internet resource administration created • That policy resulted in the creation of ICANN 44
Internet Corporation for Assigned Names and Numbers • California non-profit, operating in Marina Del Rey, California, USA • Consists of: – A set of Support Organizations • Address Support Organization, Domain Name Support Organization, Protocol Support Organization – A board of 19 members • 9 elected by public membership • 3 each by each of the SOs • 1 President/CEO – A set of committees • Governmental Advisory Committee, Addressing Ad Hoc Committee, etc. that advise the board 45
The Internet Root • The DNS protocol assumes a consistent name space – This consistency is enforced by the constraint of a SINGLE root for the Internet domain name space • There is no assumption on how that single root is created • ICANN oversees modification of the zone file that makes up the Internet DNS root 46
Multiple Roots? • The single root is often seen as a single point of control for the entire Internet – Edit control of the root zone file implies the ability to control the entire tree • Multiple root solutions have often been proposed – Unless coordinated, inconsistencies will almost certainly result • The answer you get depends on where you ask – This would be “bad”. 47
The Root Nameservers • Modification of the root zone file is pointless unless that zone file is published • The root zone file is published on 13 servers, “A” through “M”, around the Internet – Location of root nameserver is a function of network topology • Root name server operations currently provided by volunteer efforts by a very diverse set of organizations – Volunteer nature will change soon 48
Root Name Server Operators Nameserver Operated by: A Verisign (US East Coast) B University of S. California –Information Sciences Institute (US West Coast) C PSI (US East Coast) D University of Maryland (US East Coast) E NASA (Ames) (US West Coast) F Internet Software Consortium (US West Coast) G U. S. Dept. of Defense (ARL) (US East Coast) H U. S. Dept. of Defense (DISA) (US East Coast) I KTH (SE) J Verisign (US East Coast) K RIPE-NCC (UK) L ICANN (US West Coast) M WIDE (JP) 49
The Current TLDs " ." G e n e r ic T L D s C o u n try C o d e T L D s I n t e r n a t io n a l T L D s U S Legacy TLDs (g T L D s ) (c c T L D s ) ( iT L D s ) (u s T L D s ) COM AF IN T GOV C o m m e r c i a l O r g a n iz a t io n s A f g h a n is t a n I n t e r n a t io n a l T r e a t y O r g a n iz a t io n s G o v e r n m e n t a l O r g a n iz a t io n s NET AL ARPA M IL N e tw o rk In fra s tru c tu re A lb a n ia ( T r a n s it io n D e v ic e ) M i l it a r y O r g a n iz a t i o n s ORG DZ EDU O t h e r O r g a n iz a t io n s A l g e r ia E d u c a t io n a l I n s t i t u t io n s ... YU Y u g o s l a v ia ZM Z a m b ia ZW Z im b a b w e 50
Registries, Registrars, and Registrants • The Domain Wars resulted in a codification of roles in the operation of a domain name space • Registry – the name space’s database – the organization which has edit control of that database • Including dispute resolution, policy control, etc. – The organization which runs the authoritative name servers for that name space • Registrar – the agent which submits change requests to the registry on behalf of the registrant • Registrant – The entity which makes use of the domain name 51
Registries, Registrars, and Registrants Registry updates Master zone updated Registry Zone DB Slaves Registrar submits updated add/modify/delete to registry Registrar Registrar Registrar End user requests add/modify/delete Registrants 52
The “Generic” Top-Level Domains (gTLDs) • .COM, .NET, and .ORG – By far the largest top level domains on the Internet today • .COM has approx. 20,000,000 names – Essentially no restriction on what can be registered • Network Solutions (now Verisign) received the contract for the registry for .COM, .NET, and .ORG – also a registrar for these TLDs 53
New Top Level Domains • Recently, ICANN created 7 new top level domains: – .aero, .biz, .coop, .info, .museum, .name, .pro • Some are chartered (.aero, .coop, .museum, .name, .pro) • Some are generic (.biz, .info) – Expect these new TLDs to show up around 2Q01 • Many people unhappy with the process by which these new TLDs were created – Expect continued “discussion” 54
Country Code Top-Level Domains • With RFC 920, the concept of domains delegated on the basis of nations was recognized • Conveniently, ISO has a list of “official” country code abbreviations – ISO-3166 • IANA has also used Universal Postal Codes – (e.g., .GG for Guernsey) • Key consideration is to use lists other organizations define to avoid getting into political battles over what is or is not a valid ccTLD 55
ccTLD Organization • How each country top-level domain is organized is up to the country – Some, like Australia’s au, follow the functional definitions • com.au, edu.au, etc. – Others, like Great Britain’s uk and Japan’s jp, divide the domain functionally but use their own abbreviations • ac.uk, co.uk, ne.jp, ad.jp, etc. – A few, like the United State’s us, are largely geographical • co.us, md.us, etc. – Canada uses organizational scope • bnr.ca has national scope, risq.qc.ca has Quebec scope – Some are flat, that is, no hierarchy • nlnet.nl, univ-st-etienne.fr – Considered a question of national sovereignty 56
.arpa • Now, Address and Routing Parameter Area – Was Advanced Research Projects Administration • US Dept. of Defense network, precursor to the Internet • Used for infrastructure domains – IPv4 reverse (address to name) lookups – IPv6 reverse lookups – E.164 • Only .arpa is hardwired into the DNS sysem – DNS resolver software has it explicitly 57
Other TLDs • .GOV – used by US Governmental organizations – E.g., state.gov, doj.gov, whitehouse.gov, etc. • .MIL – used by the US Military – E.g., af.mil, army.mil, etc. • .EDU – used for Educational institutions – Higher learning, not only US-based ones – E.g., harvard.edu, unu.edu, utoronto.edu • .INT – international treaty organizations – E.g., itu.int, nato.int, wipo.int 58
Load concerns • DNS can handle the load – DNS Root Servers get approximately 3000 queries per second (down from 8000 qps) • Empirical proofs (DDoS attacks) show root name servers can handle 50,000 queries per second – Limitation is network bandwidth, not the DNS protocol – in-addr.arpa zone, which translates numbers to names, gets about 2000 queries per second • Current closest analog to e164.arpa 59
Performance concerns • DNS is a very lightweight protocol – Simple query – response • Any performance limitations are the result of network limitations – Speed of light – Network congestion – Switching/forwarding latencies 60
Security Concerns • Base DNS protocol (RFC 1034, 1035) is insecure – “Spoof” attacks are possible • DNS Security Enhancements (DNSSEC, RFC 2565) remedies this flaw – But creates new ones • DoS attacks • Amplification attacks • Operational considerations • DNSSEC strongly discourages large flat zones – Hierarchy (delegation) is good 61
Technically Speaking… • ENUM is technically non-challenging – Intelligent delegation model will permit unlimited scaling – Performance considerations at the feet of service providers – Security concerns can be addressed by DNSSEC 62
Dynamic Host Configuration Protocol What is it? • The Dynamic Host Configuration Protocol is a mechanism for having a DHCP server distribute IP addresses to DHCP or BOOTP client systems on a network. • Additionally, it can provide a DHCP client with a full set of TCP/IP configuration values, such as netmask, gateway address etc. 63
Why do you need it? • Basically, because end-users are illiterate and don’t care about your network. It is a method of making the process of connecting up a PC or device to the network as transparent as possible by centralizing the allocation of sometimes complex and changing configuration information. • It thus minimizes the impact of any changes in network topology. 64
What is needed • A mapping between Ethernet address and other information, e.g. IP address, subnet mask, broadcast address, TFTP configuration file, DNS servers, NTP servers etc. • On boot up, a client generates a DHCP broadcast request, and an available server matches the requestor to an entry, then returns the appropriate information to the requestor – who may or may not be able to interpret or use all the returned parameters. 65
Assigning addresses • Statically - allocate a fixed address to clients • Automatically - permanently assign an address from a pool • Dynamically – assign address for a limited time period, called a lease, and then return to pool for re-use • The method used at Rhodes is dynamic allocation of static IP addresses, to allow for possible changes. The DHCP configuration file is generated at the same time as the DNS zone files by automated scripts 66
Complications • Routers must be enabled to forward BOOTP requests, and backup DHCP servers need to be strategically placed • Some systems, e.g. servers, routers – need fixed or static IP addresses • With dynamic allocation you lose accountability • There can be problems with DNS, which must track dynamic changes • Rogue DHCP servers can be hard to track down and kill 67

Empfohlen

Dynamic Domain Name System
Dynamic Domain Name SystemDynamic Domain Name System
Dynamic Domain Name SystemRajan Kumar
 
25 DNS
25 DNS25 DNS
25 DNSAhmar Hashmi
 
Domain name system
Domain name systemDomain name system
Domain name systemDiwaker Pant
 
Dns ppt
Dns pptDns ppt
Dns pptMauood Hamidi
 
Ch20 system administration
Ch20 system administration Ch20 system administration
Ch20 system administration Raja Waseem Akhtar
 
understanding-dns-essential
understanding-dns-essentialunderstanding-dns-essential
understanding-dns-essentialwael eshag eshag
 
Dns
DnsDns
DnsLukindo Tenga
 
Introduction to computers
Introduction to computersIntroduction to computers
Introduction to computersVisualBee.com
 

Empfohlen

Dynamic Domain Name System
Dynamic Domain Name SystemDynamic Domain Name System
Dynamic Domain Name SystemRajan Kumar
 
25 DNS
25 DNS25 DNS
25 DNSAhmar Hashmi
 
Domain name system
Domain name systemDomain name system
Domain name systemDiwaker Pant
 
Dns ppt
Dns pptDns ppt
Dns pptMauood Hamidi
 
Ch20 system administration
Ch20 system administration Ch20 system administration
Ch20 system administration Raja Waseem Akhtar
 
understanding-dns-essential
understanding-dns-essentialunderstanding-dns-essential
understanding-dns-essentialwael eshag eshag
 
Dns
DnsDns
DnsLukindo Tenga
 
Introduction to computers
Introduction to computersIntroduction to computers
Introduction to computersVisualBee.com
 
Decision making with is
Decision making with isDecision making with is
Decision making with isOnline
 
Governmentæs monetary policy
Governmentæs monetary policyGovernmentæs monetary policy
Governmentæs monetary policyOnline
 
Leadership
LeadershipLeadership
LeadershipOnline
 
Optical transmission technique
Optical transmission techniqueOptical transmission technique
Optical transmission techniqueOnline
 
Telecommunications systemsand networking
Telecommunications systemsand networkingTelecommunications systemsand networking
Telecommunications systemsand networkingOnline
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Online
 
Introduction to management
Introduction to managementIntroduction to management
Introduction to managementOnline
 
Operation and expression in c++
Operation and expression in c++Operation and expression in c++
Operation and expression in c++Online
 
Internet standard routing protocols
Internet standard routing protocolsInternet standard routing protocols
Internet standard routing protocolsOnline
 
Application protocols
Application protocolsApplication protocols
Application protocolsOnline
 
Design & Fabrication of a Ground Survellance Robot
Design & Fabrication of a Ground Survellance RobotDesign & Fabrication of a Ground Survellance Robot
Design & Fabrication of a Ground Survellance RobotIEEEP Karachi
 
Parts of speech
Parts of speechParts of speech
Parts of speechOnline
 
DNS
DNSDNS
DNSFTC
 
Dns ppt
Dns pptDns ppt
Dns pptBizuworkk Jemaneh
 
Dns
DnsDns
Dnsaimanqalla
 
Domain name system
Domain name systemDomain name system
Domain name systemSiddique Ibrahim
 
Meeting 4 DNS
Meeting 4 DNSMeeting 4 DNS
Meeting 4 DNSSyaiful Ahdan
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dnsAbhinav Mehta
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)chovatiyabhautik
 
DNS(In_Linux).pptx
DNS(In_Linux).pptxDNS(In_Linux).pptx
DNS(In_Linux).pptxShanmugapriyaSenthil3
 
Lec-7-dns.pptx
Lec-7-dns.pptxLec-7-dns.pptx
Lec-7-dns.pptxSyed Ejaz
 
applicationlayer.pptx
applicationlayer.pptxapplicationlayer.pptx
applicationlayer.pptxgeorgejustymirobi1
 

Weitere ähnliche Inhalte

Andere mochten auch

Decision making with is
Decision making with isDecision making with is
Decision making with isOnline
 
Governmentæs monetary policy
Governmentæs monetary policyGovernmentæs monetary policy
Governmentæs monetary policyOnline
 
Leadership
LeadershipLeadership
LeadershipOnline
 
Optical transmission technique
Optical transmission techniqueOptical transmission technique
Optical transmission techniqueOnline
 
Telecommunications systemsand networking
Telecommunications systemsand networkingTelecommunications systemsand networking
Telecommunications systemsand networkingOnline
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Online
 
Introduction to management
Introduction to managementIntroduction to management
Introduction to managementOnline
 
Operation and expression in c++
Operation and expression in c++Operation and expression in c++
Operation and expression in c++Online
 
Internet standard routing protocols
Internet standard routing protocolsInternet standard routing protocols
Internet standard routing protocolsOnline
 
Application protocols
Application protocolsApplication protocols
Application protocolsOnline
 
Design & Fabrication of a Ground Survellance Robot
Design & Fabrication of a Ground Survellance RobotDesign & Fabrication of a Ground Survellance Robot
Design & Fabrication of a Ground Survellance RobotIEEEP Karachi
 
Parts of speech
Parts of speechParts of speech
Parts of speechOnline
 

Andere mochten auch (12)

Decision making with is
Decision making with isDecision making with is
Decision making with is
 
Governmentæs monetary policy
Governmentæs monetary policyGovernmentæs monetary policy
Governmentæs monetary policy
 
Leadership
LeadershipLeadership
Leadership
 
Optical transmission technique
Optical transmission techniqueOptical transmission technique
Optical transmission technique
 
Telecommunications systemsand networking
Telecommunications systemsand networkingTelecommunications systemsand networking
Telecommunications systemsand networking
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)
 
Introduction to management
Introduction to managementIntroduction to management
Introduction to management
 
Operation and expression in c++
Operation and expression in c++Operation and expression in c++
Operation and expression in c++
 
Internet standard routing protocols
Internet standard routing protocolsInternet standard routing protocols
Internet standard routing protocols
 
Application protocols
Application protocolsApplication protocols
Application protocols
 
Design & Fabrication of a Ground Survellance Robot
Design & Fabrication of a Ground Survellance RobotDesign & Fabrication of a Ground Survellance Robot
Design & Fabrication of a Ground Survellance Robot
 
Parts of speech
Parts of speechParts of speech
Parts of speech
 

Ähnlich wie Addressing

DNS
DNSDNS
DNSFTC
 
Lec-7-dns.pptx
Lec-7-dns.pptxLec-7-dns.pptx
Lec-7-dns.pptxSyed Ejaz
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleLuis Garay
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 
Computer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfComputer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfShanthalaKV
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxmanju772238
 

Ähnlich wie Addressing (20)

DNS
DNSDNS
DNS
 
Dns ppt
Dns pptDns ppt
Dns ppt
 
Dns
DnsDns
Dns
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Meeting 4 DNS
Meeting 4 DNSMeeting 4 DNS
Meeting 4 DNS
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dns
 
Domain Name System(ppt)
Domain Name System(ppt)Domain Name System(ppt)
Domain Name System(ppt)
 
DNS(In_Linux).pptx
DNS(In_Linux).pptxDNS(In_Linux).pptx
DNS(In_Linux).pptx
 
Lec-7-dns.pptx
Lec-7-dns.pptxLec-7-dns.pptx
Lec-7-dns.pptx
 
applicationlayer.pptx
applicationlayer.pptxapplicationlayer.pptx
applicationlayer.pptx
 
DNS_Presentation.pptx
DNS_Presentation.pptxDNS_Presentation.pptx
DNS_Presentation.pptx
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
 
Data Distribution Theory
Data Distribution TheoryData Distribution Theory
Data Distribution Theory
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server role
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
 
13 dns
13 dns13 dns
13 dns
 
Computer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfComputer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdf
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
 
dns-approximately.pdf
dns-approximately.pdfdns-approximately.pdf
dns-approximately.pdf
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptx
 

Mehr von Online

Philosophy of early childhood education 3
Philosophy of early childhood education 3Philosophy of early childhood education 3
Philosophy of early childhood education 3Online
 
Philosophy of early childhood education 2
Philosophy of early childhood education 2Philosophy of early childhood education 2
Philosophy of early childhood education 2Online
 
Philosophy of early childhood education 1
Philosophy of early childhood education 1Philosophy of early childhood education 1
Philosophy of early childhood education 1Online
 
Philosophy of early childhood education 4
Philosophy of early childhood education 4Philosophy of early childhood education 4
Philosophy of early childhood education 4Online
 
Functions
FunctionsFunctions
FunctionsOnline
 
Formatted input and output
Formatted input and outputFormatted input and output
Formatted input and outputOnline
 
Control structures selection
Control structures selectionControl structures selection
Control structures selectionOnline
 
Control structures repetition
Control structures repetitionControl structures repetition
Control structures repetitionOnline
 
Introduction to problem solving in c++
Introduction to problem solving in c++Introduction to problem solving in c++
Introduction to problem solving in c++Online
 
Lan technologies
Lan technologiesLan technologies
Lan technologiesOnline
 
Introduction to internet technology
Introduction to internet technologyIntroduction to internet technology
Introduction to internet technologyOnline
 
Internet protocol
Internet protocolInternet protocol
Internet protocolOnline
 
Transport protocols
Transport protocolsTransport protocols
Transport protocolsOnline
 
Motivation
MotivationMotivation
MotivationOnline
 
Organizational structure
Organizational structureOrganizational structure
Organizational structureOnline
 
Organizational design
Organizational designOrganizational design
Organizational designOnline
 
Fundamentals of planning
Fundamentals of planningFundamentals of planning
Fundamentals of planningOnline
 
Decision making
Decision makingDecision making
Decision makingOnline
 
Controlling
ControllingControlling
ControllingOnline
 
Conflict management
Conflict managementConflict management
Conflict managementOnline
 

Mehr von Online (20)

Philosophy of early childhood education 3
Philosophy of early childhood education 3Philosophy of early childhood education 3
Philosophy of early childhood education 3
 
Philosophy of early childhood education 2
Philosophy of early childhood education 2Philosophy of early childhood education 2
Philosophy of early childhood education 2
 
Philosophy of early childhood education 1
Philosophy of early childhood education 1Philosophy of early childhood education 1
Philosophy of early childhood education 1
 
Philosophy of early childhood education 4
Philosophy of early childhood education 4Philosophy of early childhood education 4
Philosophy of early childhood education 4
 
Functions
FunctionsFunctions
Functions
 
Formatted input and output
Formatted input and outputFormatted input and output
Formatted input and output
 
Control structures selection
Control structures selectionControl structures selection
Control structures selection
 
Control structures repetition
Control structures repetitionControl structures repetition
Control structures repetition
 
Introduction to problem solving in c++
Introduction to problem solving in c++Introduction to problem solving in c++
Introduction to problem solving in c++
 
Lan technologies
Lan technologiesLan technologies
Lan technologies
 
Introduction to internet technology
Introduction to internet technologyIntroduction to internet technology
Introduction to internet technology
 
Internet protocol
Internet protocolInternet protocol
Internet protocol
 
Transport protocols
Transport protocolsTransport protocols
Transport protocols
 
Motivation
MotivationMotivation
Motivation
 
Organizational structure
Organizational structureOrganizational structure
Organizational structure
 
Organizational design
Organizational designOrganizational design
Organizational design
 
Fundamentals of planning
Fundamentals of planningFundamentals of planning
Fundamentals of planning
 
Decision making
Decision makingDecision making
Decision making
 
Controlling
ControllingControlling
Controlling
 
Conflict management
Conflict managementConflict management
Conflict management
 

Kürzlich hochgeladen

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 

Kürzlich hochgeladen (20)

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 

Addressing

  • 2. The DNS is… • The “Domain Name System” – Created in 1983 by Paul Mockapetris (RFCs 1034 and 1035), modified, updated, and enhanced by a myriad of subsequent RFCs • What Internet users use to reference anything by name on the Internet • The mechanism by which Internet software translates names to addresses and vice versa 2
  • 3. A Quick Digression: Names versus Addresses • An address is how you get to an endpoint – Typically, hierarchical (for scaling): • 950 Charter Street, Redwood City CA, 94063 • 204.152.187.11, +1-650-381-6003 • A “name” is how an endpoint is referenced – Typically, no structurally significant hierarchy • “David”, “Tokyo”, “itu.int” 3
  • 4. The DNS is also… • A lookup mechanism for translating objects into other objects • A globally distributed, loosely coherent, scalable, reliable, dynamic database • Comprised of three components – A “name space” – Servers making that name space available – Resolvers (clients) which query the servers about the name space 4
  • 5. DNS as a Lookup Mechanism • Users generally prefer names to numbers • Computers prefer numbers to names • DNS provides the mapping between the two – I have “x”, give me “y” • DNS is NOT a directory service – No way to search the database • No easy way to add this functionality 5
  • 6. DNS as a Database • Keys to the database are “domain names” – www.foo.com, 18.in-addr.arpa, 6.4.e164.arpa • Over 100,000,000 domain names stored • Each domain name contains one or more attributes – Known as “resource records” • Each attribute individually retrievable 6
  • 7. Global Distribution • Data is maintained locally, but retrievable globally – No single computer has all DNS data • DNS lookups can be performed by any device • Remote DNS data is locally cachable to improve performance 7
  • 8. Loose Coherency • The database is always internally consistent – Each version of a subset of the database (a zone) has a serial number • The serial number is incremented on each database change • Changes to the master copy of the database are replicated according to timing set by the zone administrator • Cached data expires according to timeout set by zone administrator 8
  • 9. Scalability • No limit to the size of the database – One server has over 20,000,000 names • Not a particularly good idea • No limit to the number of queries – 24,000 queries per second handled easily • Queries distributed among masters, slaves, and caches 9
  • 10. Reliability • Data is replicated – Data from master is copied to multiple slaves • Clients can query – Master server – Any of the copies at slave servers • Clients will typically query local caches • DNS protocols can use either UDP or TCP – If UDP, DNS protocol handles retransmission, sequencing, etc. 10
  • 11. Dynamicity • Database can be updated dynamically – Add/delete/modify of any record • Modification of the master database triggers replication – Only master can be dynamically updated • Creates a single point of failure 11
  • 12. The Name Space • The name space is the structure of the DNS database – An inverted tree with the root node at the top • Each node has a label – The root node has a null label, written as “” T h e ro o t n o d e "" t o p -le v e l n o d e t o p -le v e l n o d e t o p -le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e t h ir d -le v e l n o d e t h ir d -le v e l n o d e t h ir d -le v e l n o d e 12
  • 13. An Analogy – E.164 • Root node maintained by the ITU (call it “+”) • Top level nodes = country codes (1, 81, etc) • Second level nodes = regional codes (1-808, 81-3, etc.) "+ " . .. 1 81 ... . .. 202 650 808 3 4 852 381 779 3489 6003 6003 5226 2024 13
  • 14. Labels • Each node in the tree must have a label – A string of up to 63 8 bit bytes "" • The DNS protocol makes NO limitation on what binary values are used in labels – RFCs 852 and 1123 define legal t o p -1 t o p -2 t o p -3 characters for “hostnames” • A-Z, 0-9, and “-” only with a-z and A-Z treated as the same • Sibling nodes must have unique fo o fo o fo o a t& t bar baz labels • The null label is reserved for the root node 14
  • 15. Domain Names • A domain name is the sequence of labels from a node to the root, separated by dots (“.”s), read left to right – The name space has a maximum depth of 127 levels – Domain names are limited to 255 characters in length • A node’s domain name identifies its position in the name space "" com edu gov in t m il net o rg n o m in u m m e ta in fo b e r k e le y nwu n a to a rm y uu w est e a st w w w d a k o ta 15 to rn a d o
  • 16. Subdomains • One domain is a subdomain of another if its apex node is a descendant of the other’s apex node • More simply, one domain is a subdomain of another if its domain name ends in the other’s domain name – So sales.nominum.com is a subdomain of • nominum.com • com – nominum.com is a subdomain of com 16
  • 17. Name Servers • Name servers store information about the name space in units called “zones” – The name servers that load a complete zone are said to “have authority for” or “be authoritative for” the zone • Usually, more than one name server are authoritative for the same zone – This ensures redundancy and spreads the load • Also, a single name server may be authoritative for many zones 17
  • 18. Name Servers and Zones 128.8.10.5 serves Name Servers Zones data for both nominum.com and isc.org zones 128.8.10.5 nominum.com 202.12.28.129 serves data for nominum.com 202.12.28.129 zone only isc.org 204.152.187.11 serves data for 204.152.187.11 isc.org zone only 18
  • 19. Types of Name Servers • Two main types of servers – Authoritative – maintains the data • Master – where the data is edited • Slave – where data is replicated to – Caching – stores data obtained from an authoritative server – The most common name server implementation (BIND) combines these two into a single process • Other types exist… • No special hardware necessary 19
  • 20. Name Server Architecture • You can think of a name server as part: – database server, answering queries about the parts of the name space it knows about (i.e., is authoritative for), – cache, temporarily storing data it learns from other name servers, and – agent, helping resolvers and other name servers find data that other name servers know about 20
  • 21. Name Server Architecture Zone From data Name Server Process disk file Authoritative Data Master Zone transfer server (primary master and slave zones) Cache Data (responses from other name servers) Agent (looks up queries on behalf of resolvers) 21
  • 22. Authoritative Data Name Server Process Authoritative Data (primary master and slave zones) Response Cache Data (responses from other name servers) Agent (looks up queries Resolver Query on behalf of resolvers) 22
  • 23. Using Other Name Servers Name Server Process Authoritative Data (primary master and slave zones) Response Cache Data Response (responses from Arbitrary other name servers) name Agent Query server (looks up queries Resolver Query on behalf of resolvers) 23
  • 24. Cached Data Name Server Process Authoritative Data (primary master and slave zones) Response Cache Data (responses from other name servers) Agent (looks up queries Query Resolver on behalf of resolvers) 24
  • 25. Name Resolution • Name resolution is the process by which resolvers and name servers cooperate to find data in the name space • To find information anywhere in the name space, a name server only needs the names and IP addresses of the name servers for the root zone (the “root name servers”) – The root name servers know about the top-level zones and can tell name servers whom to contact for all TLDs 25
  • 26. Name Resolution • A DNS query has three parameters: – A domain name (e.g., www.nominum.com), • Remember, every node has a domain name! – A class (e.g., IN), and – A type (e.g., A) • A name server receiving a query from a resolver looks for the answer in its authoritative data and its cache – If the answer isn’t in the cache and the server isn’t authoritative for the answer, the answer must be looked up 26
  • 27. The Resolution Process • Let’s look at the resolution process step-by- step: annie.west.sprockets.com ping www.nominum.com. 27
  • 28. The Resolution Process • The workstation annie asks its configured name server, dakota, for www.nominum.com’s address dakota.west.sprockets.com What’s the IP address of www.nominum.com? annie.west.sprockets.com ping www.nominum.com. 28
  • 29. The Resolution Process • The name server dakota asks a root name server, m, for www.nominum.com’s address m.root-servers.net dakota.west.sprockets.com What’s the IP address of www.nominum.com? annie.west.sprockets.com ping www.nominum.com. 29
  • 30. The Resolution Process • The root server m refers dakota to the com name servers • This type of response is called a “referral” m.root-servers.net dakota.west.sprockets.com Here’s a list of the com name servers. Ask one of them. annie.west.sprockets.com ping www.nominum.com. 30
  • 31. The Resolution Process • The name server dakota asks a com name server, f, for www.nominum.com’s address What’s the IP address of www.nominum.com? m.root-servers.net dakota.west.sprockets.com f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 31
  • 32. The Resolution Process • The com name server f refers dakota to the nominum.com name servers Here’s a list of the nominum.com name servers. Ask one of them. m.root-servers.net dakota.west.sprockets.com f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 32
  • 33. The Resolution Process • The name server dakota asks an nominum.com name server, ns1.sanjose, for www.nominum.com’s address What’s the IP address of www.nominum.com? m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 33
  • 34. The Resolution Process • The nominum.com name server ns1.sanjose responds with www.nominum.com’s address m.root-servers.net dakota.west.sprockets.com Here’s the IP ns1.sanjose.nominum.net address for www.nominum.com f.gtld-servers.net annie.west.sprockets.com 34 ping www.nominum.com.
  • 35. The Resolution Process • The name server dakota responds to annie with www.nominum.com’s address Here’s the IP address for www.nominum.com m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping www.nominum.com. 35
  • 36. Resolution Process (Caching) • After the previous query, the name server dakota now knows: – The names and IP addresses of the com name servers – The names and IP addresses of the nominum.com name servers – The IP address of www.nominum.com • Let’s look at the resolution process again annie.west.sprockets.com ping ftp.nominum.com. 36
  • 37. Resolution Process (Caching) • The workstation annie asks its configured name server, dakota, for ftp.nominum.com’s address m.root-servers.net dakota.west.sprockets.com What’s the IP address ns1.sanjose.nominum.net of ftp.nominum.com? f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 37
  • 38. Resolution Process (Caching) • dakota has cached an NS record indicating ns1.sanjose is an nominum.com name server, so it asks it for ftp.nominum.com’s address What’s the IP address of ftp.nominum.com? m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 38
  • 39. Resolution Process (Caching) • The nominum.com name server ns1.sanjose responds with ftp.nominum.com’s address m.root-servers.net dakota.west.sprockets.com Here’s the IP address for ns1.sanjose.nominum.net ftp.nominum.com f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 39
  • 40. Resolution Process (Caching) • The name server dakota responds to annie with ftp.nominum.com’s address Here’s the IP address for ftp.nominum.com m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net f.gtld-servers.net annie.west.sprockets.com ping ftp.nominum.com. 40
  • 41. What can be Resolved? • Any name in the name space • Class – Internet (IN), Chaos (CH), Hesiod (HS) • Type – Address (A, AAAA, A6) – Pointer (PTR, NAPTR) – Aliases (CNAME, DNAME) – Security related (TSIG, SIG, NXT, KEY) – Etc. 41
  • 42. DNS Structure and Hierarchy • The DNS imposes no constraints on how the DNS hierarchy is implemented except: – A single root – The label restrictions • If a site is not connected to the Internet, it can use any domain hierarchy it chooses – Can make up whatever TLDs you want • Connecting to the Internet implies use of the existing DNS hierarchy 42
  • 43. Top-level Domain (TLD) Structure • In 1983 (RFC 881), the idea was to have TLDs correspond to network service providers – e.g., ARPA, DDN, CSNET, etc. • Bad idea: if your network changes, your email address changes • By 1984 (RFC 920), functional domains was established – “The motivation is to provide an organization name that is free of undesirable semantics.” – e.g., GOV for Government, COM for commercial, EDU for education, etc. • RFC 920 also provided for – Provided for country domains – Provided for “Multiorganizations” • Large, composed of other (particularly international) organizations – Provided a stable TLD structure until 1996 or so 43
  • 44. The Domain Name Wars • In 1996,the US National Science Foundation permitted Network Solutions to charge a usage fee for the allocation and registration of domain names – To compensate for the explosive growth the Internet was facing at the time • The resultant controversy caused the US Government (Dept. of Commerce) to take a much more active role – Official governmental policy (the White Paper) on Internet resource administration created • That policy resulted in the creation of ICANN 44
  • 45. Internet Corporation for Assigned Names and Numbers • California non-profit, operating in Marina Del Rey, California, USA • Consists of: – A set of Support Organizations • Address Support Organization, Domain Name Support Organization, Protocol Support Organization – A board of 19 members • 9 elected by public membership • 3 each by each of the SOs • 1 President/CEO – A set of committees • Governmental Advisory Committee, Addressing Ad Hoc Committee, etc. that advise the board 45
  • 46. The Internet Root • The DNS protocol assumes a consistent name space – This consistency is enforced by the constraint of a SINGLE root for the Internet domain name space • There is no assumption on how that single root is created • ICANN oversees modification of the zone file that makes up the Internet DNS root 46
  • 47. Multiple Roots? • The single root is often seen as a single point of control for the entire Internet – Edit control of the root zone file implies the ability to control the entire tree • Multiple root solutions have often been proposed – Unless coordinated, inconsistencies will almost certainly result • The answer you get depends on where you ask – This would be “bad”. 47
  • 48. The Root Nameservers • Modification of the root zone file is pointless unless that zone file is published • The root zone file is published on 13 servers, “A” through “M”, around the Internet – Location of root nameserver is a function of network topology • Root name server operations currently provided by volunteer efforts by a very diverse set of organizations – Volunteer nature will change soon 48
  • 49. Root Name Server Operators Nameserver Operated by: A Verisign (US East Coast) B University of S. California –Information Sciences Institute (US West Coast) C PSI (US East Coast) D University of Maryland (US East Coast) E NASA (Ames) (US West Coast) F Internet Software Consortium (US West Coast) G U. S. Dept. of Defense (ARL) (US East Coast) H U. S. Dept. of Defense (DISA) (US East Coast) I KTH (SE) J Verisign (US East Coast) K RIPE-NCC (UK) L ICANN (US West Coast) M WIDE (JP) 49
  • 50. The Current TLDs " ." G e n e r ic T L D s C o u n try C o d e T L D s I n t e r n a t io n a l T L D s U S Legacy TLDs (g T L D s ) (c c T L D s ) ( iT L D s ) (u s T L D s ) COM AF IN T GOV C o m m e r c i a l O r g a n iz a t io n s A f g h a n is t a n I n t e r n a t io n a l T r e a t y O r g a n iz a t io n s G o v e r n m e n t a l O r g a n iz a t io n s NET AL ARPA M IL N e tw o rk In fra s tru c tu re A lb a n ia ( T r a n s it io n D e v ic e ) M i l it a r y O r g a n iz a t i o n s ORG DZ EDU O t h e r O r g a n iz a t io n s A l g e r ia E d u c a t io n a l I n s t i t u t io n s ... YU Y u g o s l a v ia ZM Z a m b ia ZW Z im b a b w e 50
  • 51. Registries, Registrars, and Registrants • The Domain Wars resulted in a codification of roles in the operation of a domain name space • Registry – the name space’s database – the organization which has edit control of that database • Including dispute resolution, policy control, etc. – The organization which runs the authoritative name servers for that name space • Registrar – the agent which submits change requests to the registry on behalf of the registrant • Registrant – The entity which makes use of the domain name 51
  • 52. Registries, Registrars, and Registrants Registry updates Master zone updated Registry Zone DB Slaves Registrar submits updated add/modify/delete to registry Registrar Registrar Registrar End user requests add/modify/delete Registrants 52
  • 53. The “Generic” Top-Level Domains (gTLDs) • .COM, .NET, and .ORG – By far the largest top level domains on the Internet today • .COM has approx. 20,000,000 names – Essentially no restriction on what can be registered • Network Solutions (now Verisign) received the contract for the registry for .COM, .NET, and .ORG – also a registrar for these TLDs 53
  • 54. New Top Level Domains • Recently, ICANN created 7 new top level domains: – .aero, .biz, .coop, .info, .museum, .name, .pro • Some are chartered (.aero, .coop, .museum, .name, .pro) • Some are generic (.biz, .info) – Expect these new TLDs to show up around 2Q01 • Many people unhappy with the process by which these new TLDs were created – Expect continued “discussion” 54
  • 55. Country Code Top-Level Domains • With RFC 920, the concept of domains delegated on the basis of nations was recognized • Conveniently, ISO has a list of “official” country code abbreviations – ISO-3166 • IANA has also used Universal Postal Codes – (e.g., .GG for Guernsey) • Key consideration is to use lists other organizations define to avoid getting into political battles over what is or is not a valid ccTLD 55
  • 56. ccTLD Organization • How each country top-level domain is organized is up to the country – Some, like Australia’s au, follow the functional definitions • com.au, edu.au, etc. – Others, like Great Britain’s uk and Japan’s jp, divide the domain functionally but use their own abbreviations • ac.uk, co.uk, ne.jp, ad.jp, etc. – A few, like the United State’s us, are largely geographical • co.us, md.us, etc. – Canada uses organizational scope • bnr.ca has national scope, risq.qc.ca has Quebec scope – Some are flat, that is, no hierarchy • nlnet.nl, univ-st-etienne.fr – Considered a question of national sovereignty 56
  • 57. .arpa • Now, Address and Routing Parameter Area – Was Advanced Research Projects Administration • US Dept. of Defense network, precursor to the Internet • Used for infrastructure domains – IPv4 reverse (address to name) lookups – IPv6 reverse lookups – E.164 • Only .arpa is hardwired into the DNS sysem – DNS resolver software has it explicitly 57
  • 58. Other TLDs • .GOV – used by US Governmental organizations – E.g., state.gov, doj.gov, whitehouse.gov, etc. • .MIL – used by the US Military – E.g., af.mil, army.mil, etc. • .EDU – used for Educational institutions – Higher learning, not only US-based ones – E.g., harvard.edu, unu.edu, utoronto.edu • .INT – international treaty organizations – E.g., itu.int, nato.int, wipo.int 58
  • 59. Load concerns • DNS can handle the load – DNS Root Servers get approximately 3000 queries per second (down from 8000 qps) • Empirical proofs (DDoS attacks) show root name servers can handle 50,000 queries per second – Limitation is network bandwidth, not the DNS protocol – in-addr.arpa zone, which translates numbers to names, gets about 2000 queries per second • Current closest analog to e164.arpa 59
  • 60. Performance concerns • DNS is a very lightweight protocol – Simple query – response • Any performance limitations are the result of network limitations – Speed of light – Network congestion – Switching/forwarding latencies 60
  • 61. Security Concerns • Base DNS protocol (RFC 1034, 1035) is insecure – “Spoof” attacks are possible • DNS Security Enhancements (DNSSEC, RFC 2565) remedies this flaw – But creates new ones • DoS attacks • Amplification attacks • Operational considerations • DNSSEC strongly discourages large flat zones – Hierarchy (delegation) is good 61
  • 62. Technically Speaking… • ENUM is technically non-challenging – Intelligent delegation model will permit unlimited scaling – Performance considerations at the feet of service providers – Security concerns can be addressed by DNSSEC 62
  • 63. Dynamic Host Configuration Protocol What is it? • The Dynamic Host Configuration Protocol is a mechanism for having a DHCP server distribute IP addresses to DHCP or BOOTP client systems on a network. • Additionally, it can provide a DHCP client with a full set of TCP/IP configuration values, such as netmask, gateway address etc. 63
  • 64. Why do you need it? • Basically, because end-users are illiterate and don’t care about your network. It is a method of making the process of connecting up a PC or device to the network as transparent as possible by centralizing the allocation of sometimes complex and changing configuration information. • It thus minimizes the impact of any changes in network topology. 64
  • 65. What is needed • A mapping between Ethernet address and other information, e.g. IP address, subnet mask, broadcast address, TFTP configuration file, DNS servers, NTP servers etc. • On boot up, a client generates a DHCP broadcast request, and an available server matches the requestor to an entry, then returns the appropriate information to the requestor – who may or may not be able to interpret or use all the returned parameters. 65
  • 66. Assigning addresses • Statically - allocate a fixed address to clients • Automatically - permanently assign an address from a pool • Dynamically – assign address for a limited time period, called a lease, and then return to pool for re-use • The method used at Rhodes is dynamic allocation of static IP addresses, to allow for possible changes. The DHCP configuration file is generated at the same time as the DNS zone files by automated scripts 66
  • 67. Complications • Routers must be enabled to forward BOOTP requests, and backup DHCP servers need to be strategically placed • Some systems, e.g. servers, routers – need fixed or static IP addresses • With dynamic allocation you lose accountability • There can be problems with DNS, which must track dynamic changes • Rogue DHCP servers can be hard to track down and kill 67

Hinweis der Redaktion

  1. Also, the caching resolver can insert data into the cache, and can "query" the cache and the database server.