The Domain Name SystemVaibhav Puranik

Abbey

Areej

Amit Shetty

Heekyoung

Vaibhav Kamath

yahoo.com

hotmail.com

nas.cl.uh.educricket.org

time.gov

What is a name ?A name is merely an identifier that consist of a sequence of characters chosen from a finite alphabet

- a kind of high level name

Initial naming scheme - Flat Namespacee.g. Accounting, development, purdueAdvantages# Short & convenient names

Disadvantages# Cannot generalize to large sets of machines for following reasonsPotential for conflict

Administrative authority workload

Cost of maintaining is high

Hierarchical Naming SystemWorks like a management of a large organizationThe topmost level of hierarchy divides the namespace and delegates authority for each division. It need not be bothered by changes within a divisionExample : local.siteThe authority may be further subdivided at each level e.g. local.group.site

Example of hierarchical system - US telephone system

Internet Domain NamesThe mechanism that implements a machine name hierarchy for TCP/IP internet is called the Domain Name SystemDNS has two conceptually independent aspects# The first specifies name syntax and rules for delegatingauthority over names# The second specifies implementation of a distributed

computing system that efficiently maps names to addresses

Example : cl.uh.edu

contains three labels

Domain names are written with the local label first and top domain last

24.8 Official and Unofficial

Internet Domain Names

Domain Names

• Most users of the domain technology follow the hierarchical labels used by the official internet domain system.

• Two reasons:– The internet scheme is both comprehensive

and flexible.– Most sites follow the internet scheme so

they can attach their TCP/IP installations to the global internet without changing names.

Top-level Internet Domains

MeaningDomain Name

Each country (geographic scheme)country code

International organizationINT

Temporary ARPANET domain (obsolete)

ARPA

Organizations other than those aboveORG

Major network support centersNET

Military groupsMIL

Government institutionsGOV

Educational institutions (4-year)EDU

Commercial organizationsCOM

Domain Names

• Top-level names permit two completely different naming hierarchies– Geographic

• Divides the universe of machines by country• Two-letter identifiers (va.Us)

– Organizational• Allows organizations to be grouped by

organizational type

Domain Name Hierarchy Tree

com edu govus

va

reston

cnri

purdue nsf

cc cs ecn

unnamed root

24.9Named Items And Syntax

Of Names

Named Items and Syntax of Names

• Multiple naming hierarchies may be embedded in one system.

• The system must assign a type to determine what the specific address maps to.– A machine.– A mailbox.– A user.– Etc.

• A given name may map to more than one item in the domain system. The client specifies the type of object desired when resolving a name, and the server returns objects of that type.

Named Items and Syntax of Names

• The syntax of a name does not determine what type of object it names or the class of protocol suite.

• The number of labels in a name does not determine whether the name refers to an individual object(machine) or a domain.– Machine: gwen.purdue.edu.– Subdomain: cs.purdue.edu.

Named Items and Syntax of Names

To summarize this point:

One cannot distinguish the names of subdomains from the names of individual objects or the type of an object using only the domain name syntax.

Mapping Domain Names to Addresses

The Domain name scheme includes an efficient , reliable, general purpose, distributed system for mapping names to address.

Efficient most name scan be mapped locally; only a few require internet traffic Distributed a set of servers operating at multiple sites cooperatively solve the mapping problem . General purpose it is not restricted to machine names. Reliable no single machine failure will prevent the system from operating correctly.

Mapping Domain Names to Address

The Domain mechanism for mapping names to address Consists of independent cooperative system “name server”

Name server is a server program that supplies name- to- address translation , mapping from domain names to IP addresses.

The client s/w , name resolver ,uses one or more name servers when translating name .

To under stand how domain serves work is to imagine them arranged in a tree structure that corresponds to the naming hierarchy .fig 24.3 each server knows the addresses of all lower_levels servers for all subdomain with in the domain it handles

In particular ,organization often collect information from all of their subdomain into single server .fig 24.4 show a more realistic organization of servers for the naming hierarchy of fig 24.2

Domain Name Resolution

Conceptually ,domain name resolution proceeds top-down ,starting with the root name server & proceeding to servers located at leaves of the tree.

There are two way to use the domain name system - Contacting name servers one at a time . Or - Asking the name server system to perform the complete translation .

In either way the the client soft ware : - forms a domain name query that contains the name to be resolved , A declaration of the class of the name ,the type of answer desired ,and a

code that specifies whether the name server should translate the name completely .

-sends the query to a name server for resolution.

When the domain server receives a query checks to see if the name lies in the subdomain for which it is authority see the hand out & p471.

Domain name Resolution

• How does a client find a name server at which to begin the search? How does a name server find other name servers that can answer question when it cannot ?

• a client must know how to contact at least one name server,to ensure that a domain name server can reach others .

• The domain system requires that each server know the address of at least one root server.

• a server may know the address of a server for the domain immediately above it ”the parent ”.

• Domain name servers use a well-known protocol port for all communication ,so clients know how to communicate with a server once they know the IP @ of the m/c in which the server executes.

Efficient Translation

and Caching

Amit Shetty

Efficient Translation

• Resolving queries by working down the tree of name servers, can lead to inefficiencies for three reasons:

Tracing a path through the hierarchy to contact the local authority would be inefficient since most name resolution refers to local names.

The machine at topmost level of the hierarchy, would become overloaded.

Failure of machine at the topmost level of the hierarchy would prevent name resolution, even if the local authority could resolve the name.

Two-Step name resolution process

• In the two step name resolution process, resolution begins with the local name server. If the server cannot resolve a name, the query must then be sent to another server in the domain system.

Caching: The Key To Efficiency

• Each server maintains a cache of recently used names as well as a record of where the mapping information for that was obtained.

When a client asks a server to resolve a name:

• The server first checks to see if it has the authority for the the name according to standard procedure.

• If not, the server checks its cache to see if the name has been resolved recently.• The local server also sends along additional information that tells the client the binding

between between domain name of the server S and an IP address. • Servers do not apply a single fixed timeout to all entries, but allow the authority for an entry to

configure its timeout.

Timesharing Systems with Complex form of Resolver Code.

• The host downloads the complete database of names and addresses from a local domain name server at startup, maintaining its own cache of recently used names, and uses the server only when names are not found.

• Advantages:• Name resolution on local hosts is extremely fast.• Local site has protection in case the local name server fails.• It reduces computational load on the name server, and makes it possible for a given server to supply names

to more machines.

Domain Server Message Format

• Fig 24.5 shows the message format– The DNS message defined for both queries and

responses– The message has a fixed 12-byte header

followed by four variable-length fields

• Unique IDENTIFICATION - the client uses to

match responses to queries • PARAMATER - specifies the operation requested and response code (Fig. 24.6)Bit of field 0 1- 4 5 6 7 8 9-11 12-15

QR Query type TCAA RD RA (zero)

Response type

Domain Server Message Format (2)

• Number of __ fields

– Account of entries in the corresponding sections that occur later in the message

– For query, the number of questions is normally 1 and the other three counts are 0

– Similarly, for a reply the number of answers is at least 1, and the remaining two counts can be 0 or nonzero

Domain Server Message Format (3)

• QUESTION SECTION – Fig. 24.7 shows – contains queries for which answers are desired– QUERY DOMAIN NAME : the name being

looked up • Representation of the domain name

– QUERY TYPE : Type of Question(Name or address)

– A (1), MX(15) , CNAME (5) -canonical name

– QUERY CLASS : allows domain names to be used for arbitrary objects

– It is normally 1, meaning Internet address

Domain Server Message Format (4)

• The format of resource records -Fig. 24.8– ANSWER, AUTHORITY, and ADDITIONAL INFORMATION

fields share a common format called resource records

– RESOURCE DOMAIN NAME : contains the domain name to which this resource record refers

– TYPE, CLASS : the type of the data ; the data’s class

– TIME TO LIVE : specifies the number of seconds that the RR can be cached by client . RRs often have a TTL of 2 days

– RESTOURCE DATA LENGTH specifies the amount of RESOURCE DATA

Domain Server Message Format (5) - Example

Compressed Name FormatCompressed Name Format

When represented in a message, domain names are stored as a sequence of labelslabels. Each label begins with an octet that specifies its length. Thus the receiver reconstructs a domain name by repeatedly reading a 1-octet length, n, and then reading a label n octets long. A length octet of zero, marks the end of the name.

Most of the times Domain Name Servers return multiple answers to a query with some of the suffixes of the domain names overlapping. To conserve space in the reply packet, the name server compresses names by storing only one copy of each domain name. When extracting a domain name from a message, the client software must check each segment of the name to see whether it consists of a literal string (1 octet count followed by characters that form the name) or a pointer to a literal string.

Check the first octetif the top two bits are 1 then

the next 14 bits form a POINTERPOINTERelse if the top two bits are 0 then

next 6 bits form a COUNTCOUNT

POINTERSPOINTERS always occur at the beginning of segment and points to a new place in the message to find the remainder of the name.

COUNTCOUNT on the other hand specify the number of characters in the label that follows the count octet.

Abbreviation of Domain NamesAbbreviation of Domain Names

Given a name, the resolving process can assume that it lies on the same local authority and supply the missing part of the name automatically.

ExampleExamplediamond.rocks

is equivalent to the full domain namediamond.rocks.cl.uh.edu

The local network manager configures a list of possible suffixes to be appended to names during lookup. When a resolver encounters a name, it steps through the list, appending each suffix and trying to look-up the resulting name.

The domain name system only maps full domain names The domain name system only maps full domain names into addresses. Abbreviations are not part of the domain into addresses. Abbreviations are not part of the domain name system itself, but are introduced by client name system itself, but are introduced by client software to make local names convenient for users.software to make local names convenient for users.

Inverse MappingsInverse Mappings

We have seen that Domain Name Systems are used to fetch the IP address for a given name. It might so happen that we want the Name, given the IP address.

Different names might have the same IP address.

Although inverse queries have been part of the domain system since it was first specified, they are generally not used because there is often no way to find the server that resolve the query without searching the entire set of servers.

One form of inverse mapping that the domain system supports called pointer querypointer query.

Pointer Pointer QueriesQueriesIn pointer query, the question presented to the domain

name server specifies an IP address encoded as string in the form of a domain name. It requests the name server to return the correct domain name for the machine with the specified IP address.

Pointer Queries are especially useful for diskless machines because they allow the system to obtain a high-level name given only an IP address.

IP address as string:IP address as string: aaa.bbb.ccc.ddd

Pointer Query by the client:Pointer Query by the client: aaa.bbb.ccc.ddd.in-addr.arpa

Because the local name server may not have the authority for either arpa or in-addr.arpa it may need to contact other servers to complete the resolution. To make the resolution efficient the Internet root domain name servers maintain a database of valid IP addresses along with information about domain name servers that can resolve each address.

Object Types and Resource Record ContentsObject Types and Resource Record Contents

The domain system is quite general in that it can be used for arbitrary hierarchical names. The system accommodates a variety of mappings by including a type in each resource record. When sending a request, a client must specify the type in its query. The type determines the contents of the resource record according to the table in figure 24.9 on page 480.

To make lookup efficient, a server always returns additional bindings that it knows in the ADDITIONAL INFORMATION SECTION ADDITIONAL INFORMATION SECTION of a response.

Obtaining Authority for a Obtaining Authority for a SubdomainSubdomain

Before an institution is granted authority for an official second-level domain, it must agree to operate a domain name server that meets the Internet standards. The server must know the addresses of servers that handle each subdomain as well as the addresses of at least one root server.

A subtree of names managed by a given name server forms a zone of authorityzone of authority.

ProblemsProblemsThe domain name system is much more complex than that we have seen so far.Servers must be able to handle many requests, some may take a long time to resolve.Server implementation is complicated because the Internet authority requires that the information in every domain name server be replicated.

In Practice the requirements are quite stringent.

The servers must have no single common point of failure.Avoiding common point of failure means that the two name servers cannot both attach to the same network; they cannot even obtain electrical power from the same source.

To meet these requirements a site must find at least one other site that agrees to operate a backup name server. Hence at any point in the tree of servers, a server must know how to locate both the primary and backup name servers for sub-domains, and it must direct queries to a backup server if the primary server is unavailable.