What is DNS? • DNS (Domain Name Service) is primarily used to translate
human readable names into machine translate human readable names nto mach
ne.
Outline
15-441 Lecture 7
DNS
•DNS DNS Design •DNS DN Today d (Extra credit, remind me at end)
C Copyright i ht © S Seth th Goldstein, G ld t i 2008 Based on slides from previous 441 lectures Lecture 13
15-441 © 2008
1
Lecture 13
What is DNS?
15-441 © 2008
2
How resolve name Æ IP addr?
• DNS (Domain Name Service) is primarily used to translate human readable names into nto machine mach ne usable addresses, e.g., IP addresses. •DNS goal: – Efficiently locate resources. E.g., Map name Æ IP address y users over a large g area – Scale to many – Scale to many updates
Lecture 13
15-441 © 2008
3
Lecture 13
15-441 © 2008
4
Obvious Solutions (1)
Obvious Solutions (2) Why not use /etc/hosts? Or g nal Name to Address ddress Mapping Mapp ng •Original – Flat namespace – /etc/hosts – SRI kept main copy g y – Downloaded regularly •Mid 80’s this became untenable. Why? •Count of hosts was increasing: machine per d domain i Æ machine hi per user – Many more downloads /etc/hosts still exists. exists – Many M more updates d t
Why not centralize DNS? Single point of failure •Single •Traffic volume •Distant centralized database •Single point of update •Doesn’t scale!
Lecture 13
15-441 © 2008
5
Lecture 13
15-441 © 2008
15-441 © 2008
6
Programmer’s View of DNS
Domain Name System y Goals •Basically a wide-area distributed database ((The he biggest b ggest in n the world!) •Scalability Decentralized maintenance •Decentralized •Robustness Global scope •Global – Names mean the same thing everywhere •Don’tt need all of ACID •Don – Atomicity – Strong consistency •Do need: distributed update/query & Performance
Lecture 13
• Conceptually, programmers can view the DNS database as a collection of millions of host entry structures: /* DNS host entry structure struct hostent { char *h_name; ; / /* char **h_aliases; /* int h_addrtype; /* int h_length; /* char **h_addr_list; /* };
*/ official domain name of host */ / null-terminated array of domain names */ host address type (AF_INET) */ length of an address, in bytes */ null-termed array y of in_addr structs */
– in_addr is a struct consisting of 4-byte IP addr • Functions for retrieving host entries from DNS: – gethostbyname: query key is a DNS host name. – gethostbyaddr: query key k is an IP address. dd 7
Lecture 13
15-441 © 2008
8
DNS Message Format
12 bytes
Identification
Flags
No. of Questions
No. of Answer RRs
No of Authority RRs No.
No of Additional RRs No.
Name, type fields for a query
Questions (variable number of answers)
RRs in response to query
Answers (variable number of resource records)
Records for authoritative servers
DNS Header Fields •Identification – Used to match up request/response •Flags – 1-bit 1 bit to mark query or response – 1-bit to mark authoritative or not – 1-bit 1 bit to request recursive resolution – 1-bit to indicate support for recursive resolution
Authority (variable number of resource records)
Additional “helpful info that may be used
Additional Info (variable number of resource records)
Lecture 13
15-441 © 2008
9
Lecture 13
Different kinds of mappings are possible:
name, value, type, ttl)
•1 1 mapping between domain name and IP addr: •1-1
• DB contains tuples called resource records (RRs)
provolone.crcl.cs.cmu.edu maps to 128.2.218.81
• Classes = Internet (IN), Chaosnet (CH), etc. • Each class defines value associated with type
•Multiple domain names maps to the same IP addr: www.scs.cmu.edu and www.cs.cmu.edu both map to 128.2.203.164
For “IN” class:
• Type Type=CNAME CNAME
• Type Type=A A • Type=NS T NS – name is domain (e.g. foo.com) – value is name of authoritative name server for this domain Lecture 13
•Single domain name maps to multiple IP addresses: aol.com and www.aol.com map to multiple IP addrs.
• name is an alias name for some “canonical” name • value is canonical name
– name is hostname – value is IP address
•Some valid domain names don’t map to any IP addr: crcl.cs.cmu.edu doesn’t have a host
• Type=MX
15-441 © 2008
10
Properties of DNS Host Entries
DNS Records RR format: (class,
15-441 © 2008
• value is hostname of mailserver associated with name 11
Lecture 13
15-441 © 2008
12
DNS Design: Hierarchy Definitions root
org
net
gwu ucb
edu com uk cmu bu mit cs ece crcl
Lecture 13
DNS Design: Zone Definitions
• Each node in hierarchy stores a list of names that end with same suffix • Suffix = path up tree • E.g., given this tree, where would following be stored: • Fred.com Fred com • Fred.edu • Fred.cmu.edu • Fred.crcl.cs.cmu.edu • Fred.cs.mit.edu
15-441 © 2008
root
org
gwu ucb
cmu
bu mit
Subtree Single l node d Complete Tree
13
Lecture 13
15-441 © 2008
14
DNS: Root Name Servers
•Zones are created by convincing owner node to create/delegate g a subzone – Records within zone stored in multiple redundant name servers – Primary/master P i / name server updated d d manually ll – Secondary/redundant servers updated by zone transfer of name space
• Responsible p for “root” zone • 13 root name servers – Currently y {a-m}.root-servers.net
• Local name servers contact root servers when h they h cannot resolve a name • Why Wh 13?
• Zone transfer is a bulk transfer of the “configuration” of a DNS server – uses TCP to ensure reliability
•Example: – CS.CMU.EDU created by CMU.EDU admins – Who creates CMU.EDU or .EDU? 15-441 © 2008
edu com uk
cs ece crcl
DNS Design: Cont.
Lecture 13
net
• Zone = contiguous section of name space p • E.g., Complete tree, single node or subtree • A zone has an associated set of name servers • Must store list of names and d tree t links li k
15
Lecture 13
15-441 © 2008
16
Not really 13!
Check out anycast) Lecture 13
So Far •Database structure xyz – Hierarchy of labels x.y.z – Organized into zones – Zones have nameservers (notice plural!) •Database layout – Records which map namesÆnames, namesÆip, namesÆip etc. Programmer API API: gethostbyname, … •Programmer
10/08, from
www.root-servers.org
15-441 © 2008
17
Lecture 13
15-441 © 2008
Servers/Resolvers
18
Typical Resolution
•Each host has a resolver – Typically a library that applications can link to – Local name servers hand-configured (or DHCP) (e g /etc/resolv.conf) (e.g. /etc/resolv conf) •Name servers or – Either responsible for some zone or… – Local servers
root & edu DNS server
www.cs.cmu.edu
Client
• Do lookup of distant host names for local hosts • Typically answer queries about local zone
ns1.cmu.edu ns1 cmu edu DNS server
Local DNS server
ns1.cs.cmu.edu ns1 cs cmu edu DNS server
Hmm: Notice root server returned NS ns1.cmu.edu Lecture 13
15-441 © 2008
19
Lecture 13
15-441 © 2008
20
Typical Resolution
Lookup Methods R Recursive i query:
•Steps for resolving www.cmu.edu
root name server
• Server goes out and searches for more info • Only returns final answer or “not found”
– Application calls gethostbyname() (RESOLVER) – Resolver contacts local name server (S1) – S1 q queries root server (S2) for (www.cmu.edu) – S2 returns NS record for cmu.edu (S3) – What about A record for S3?
2 iterated query 3
4
Iterative query:
• Server responds with as much as it knows. • “I don’t d ’t k know thi this name, but ask this server”
• This h is what h the h additional dd l info f section is for f (PREFETCHING) ( E E )
– S1 queries S3 for www.cmu.edu – S3 returns A record for www.cmu.edu www cmu edu
7 local name server dns.eurecom.fr
1
8
intermediate name server dns.umass.edu
5
6 authoritative name server dns.cs.umass.edu
requesting host
•Can Can return multiple A records Æ What does this mean? Lecture 13
15-441 © 2008
gaia.cs.umass.edu
surf.eurecom.fr
Workload impact on choice?
• Root/distant server does iterative • Local server typically does recursive 21
Lecture 13
How to manage workload?
15-441 © 2008
22
Workload and Caching
•Does root nameserver do recursive lookups? What about other zones? •What •What about imbalance in popularity? – .com com versus .dj dj – google.com versus bleu.crcl.cs.cmu.edu? •How How do we scale query workload?
•DNS responses are cached – Quick response for repeated translations – Other queries may reuse some parts of lookup g NS records for domains • E.g.,
•DNS negative queries are cached – Don’t have to repeat past mistakes – E.g., misspellings, search strings in resolv.conf
•How do you handle updates?
Lecture 13
15-441 © 2008
23
Lecture 13
15-441 © 2008
24
Workload and Caching
Typical Resolution
•DNS responses are cached – Quick response for repeated translations – Other queries may reuse some parts of lookup • E.g., g NS records for domains
•DNS negative queries are cached
root & edu DNS server
www.cs.cmu.edu
– Don’t have to repeat past mistakes – E.g., misspellings, search strings in resolv.conf
Client
•Cached data periodically times out
ns1.cmu.edu ns1 cmu edu DNS server
Local DNS server
ns1.cs.cmu.edu ns1 cs cmu edu DNS server
– Lifetime (TTL) of data controlled by owner of data – TTL passed with every record
Lecture 13
15-441 © 2008
25
Lecture 13
Subsequent Lookup Example
15-441 © 2008
26
Reliability •DNS servers are replicated – Name service available if ≥ one replica is up – Queries can be load balanced between replicas
ftp.cs.cmu.edu
Client
Local DNS server
root & edu DNS server
•UDP used f for q queries
cmu edu cmu.edu DNS server
•Try alternate servers on timeout
– Need reliability Æ must implement this on top of UDP! – Why not just use TCP? – Exponential backoff when retrying same server
cs.cmu.edu cs cmu edu DNS server
Lecture 13
15-441 © 2008
•Same identifier for all queries – Don’t care which server responds
27
Lecture 13
15-441 © 2008
28
So far
Reverse DNS A Arpa: b k backronym Æ Address Add and dR Routing ti P Parameter t A Area
•Hierarchial name space
unnamed root
edu
arpa
in-addr
128
cmu
crcl
15-441 © 2008
29
Lecture 13
.arpa Name Server Hierarchy in-addr.arpa in addr.arpa
128
2
204
bleu 128 2 204 27 128.2.204.27
Lecture 13
•Method
– Maintain separate hierarchy based on IP names – Wr Write t 128.2.204.27 . . . 7a as 27.204.2.128.in-addr.arpa
•Managing
204
Lecture 13
– Given IP address, find its name
• Why is the address reversed?
cs
2
27
•Task
bleu 128.2.204.27
– Authority manages IP addresses assigned to it – E.g., CMU manages name space 2.128.in-addr.arpa
15-441 © 2008
30
Prefetching •Name servers can add additional data to response Why would they? •Why
a root-servers a.root servers.net net • • • m.root m root-servers servers.net net
chia.arin.net (dill henna, (dill, henna indigo, indigo epazote, epazote figwort, figwort ginseng) cucumber.srv.cs.cmu.edu, t-ns1.net.cmu.edu t-ns2.net.cmu.edu
mango.srv.cs.cmu.edu (peach,, banana,, blueberry) (p y)
• At each level of hierarchy, have group of servers that are authorized to handle that region of hierarchy 15-441 © 2008
31
Lecture 13
15-441 © 2008
32
Prefetching
Mail Addresses
•Name servers can add additional data to response Why would they? •Why •Typically used for prefetching – CNAME/MX/NS typically point to another host name – Responses include address of host referred to in “additional section”
Lecture 13
15-441 © 2008
•MX records point to mail exchanger for a name Eg – E.g. cmu.edu. cmu.edu.
2590 2590
IN IN
MX MX
10 CMU-MX4.ANDREW.cmu.edu. 10 CMU-MX5.ANDREW.cmu.edu.
•Addition of MX record type proved to be a challenge – How to get mail programs to lookup MX record for mail delivery? – Needed critical mass of such mailers – Could we add a new one now? 33
Lecture 13
15-441 © 2008
Outline
34
Root Zone •Generic Top Level Domains (gTLD) = .com, .net, .org, g etc… •Country Code Top Level Domain (ccTLD) = .us, .ca, .fi, .uk, etc… •Root R server ({ ({a-m}.root-servers.net) } ) also l used d to cover gTLD domains – Load on root servers was growing quickly! – Moving .com, .net, .org off root servers was clearly necessary to reduce load Æ done Aug 2000 – How significant an effect would this have?
•DNS Design
•DNS DNS Today
• On load? • On performance?
Lecture 13
15-441 © 2008
35
Lecture 13
15-441 © 2008
36
gTLDs
New Registrars
• Unsponsored – – – –
.com, .edu, .gov, .mil, .net, .org .biz Æ businesses .info i f Æ generall info i f .name Æ individuals
– – – – – – –
.aero aero Æ air air-transport transport industry .cat Æ catalan related .coop Æ business cooperatives there anything special about .com? .jobs Æ jobIs announcements goldstein as a gTLD? .museum Æ What museumsabout adding .goldstein .pro Æ accountants, lawyers, and physicians .travel Æ travel industry
•Network Solutions (NSI) used to handle all registrations, reg strat ons, root servers, etc… – Clearly not the democratic (Internet) way – Large number of registrars that can create new domains Æ However NSI still handles A root server
• Sponsored (controlled by a particular association)
• Starting up
– .mobi Æ mobile phone targeted domains – .post Æ postal – .tel Æ telephone related
• Proposed P d Lecture 13
– .asia, .cym, .geo, .kid, .mail, .sco, .web, .xxx – Whatever you want! 15-441 © 2008
37
Measurements of DNS
Lecture 13
15-441 © 2008
Measurements of DNS
•No centralized caching per site
•No centralized caching per site
• “Hit Hit rate for DNS:1 - (#DNS/#connections)Æ80%
• “Hit Hit rate for DNS:1 - (#DNS/#connections)Æ80%
• What does a typical page look like? Æ average of 4-5 imbedded objects Æ needs 4-5 transfers • This alone accounts f for 80% hit rate!
• What does a typical page look like? Æ average of 4-5 imbedded objects Æ needs 4-5 transfers • This alone accounts f for 80% hit rate!
– Each machine runs own caching local server y is this a problem? p – Why – How many hosts do we need to share cache? Æ recent studies suggest 10-20 hosts
– Each machine runs own caching local server y is this a problem? p – Why – How many hosts do we need to share cache? Æ recent studies suggest 10-20 hosts
– Is this good or bad? – Most Internet traffic was Web with HTTP 1.0
•Lower TTLs for A records does not affect performance •DNS performance really relies more on NS-record caching
Lecture 13
15-441 © 2008
38
– Is this good or bad? – Most Internet traffic was Web with HTTP 1.0
39
•Lower TTLs for A records does not affect performance •DNS performance really relies more on NS-record caching
Lecture 13
15-441 © 2008
40
Tracing Hierarchy (1)
Tracing Hierarchy (2)
•Dig Program – Allows querying of DNS system – Use flags fl to f find d name server (N (NS)) – Disable recursion so that operates one step at a time
•3 servers handle CMU names unix> dig +norecurse @e3.nstld.com NS kittyhawk.cmcl.cs.cmu.edu ;; AUTHORITY SECTION: cmu.edu. 172800 IN cmu.edu. 172800 IN cmu.edu. 172800 IN
unix> dig +norecurse @a.root-servers.net NS kittyhawk.cmcl.cs.cmu.edu
Zone
;; AUTHORITY SECTION: TTL edu edu. 172800 IN NS edu. 172800 IN NS edu. 172800 IN NS edu. 172800 IN Type NS edu. 172800 IN NS edu. 172800 IN NS edu. 172800 IN NS edu. 172800 IN NS Class edu. 172800 IN NS
Lecture 13
L3.NSTLD.COM. L3 NSTLD COM D3.NSTLD.COM. A3.NSTLD.COM. E3.NSTLD.COM. C3.NSTLD.COM. F3.NSTLD.COM. G3.NSTLD.COM. Value B3.NSTLD.COM. M3.NSTLD.COM.
– All .edu names handled by set of servers 15-441 © 2008
41
Lecture 13
Tracing Hierarchy (3 & 4)
NS NS NS NS
MANGO.SRV.cs.cmu.edu. PEACH.SRV.cs.cmu.edu. BANANA.SRV.cs.cmu.edu. BLUEBERRY.SRV.cs.cmu.edu.
•Quasar Quasar is master NS for this zone unix>dig +norecurse @blueberry.srv.cs.cmu.edu NS kittyhawk.cmcl.cs.cmu.edu ;; AUTHORITY SECTION: cs.cmu.edu. 300 IN Lecture 13
SOA
15-441 © 2008
42
•Motivations Æ large distributed database Scalab l ty – Scalability – Independent update – Robustness •Hierarchical database structure – Zones – How lookups are done •Caching/prefetching and TTLs •Reverse name lookup •What are the steps to creating your own domain?
unix> dig +norecurse @t-ns1.net.cmu.edu NS kittyhawk.cmcl.cs.cmu.edu
IN IN IN IN
CUCUMBER.SRV.cs.cmu.edu. T-NS1.NET.cmu.edu. T-NS2.NET.cmu.edu.
DNS (Summary)
•4 servers handle CMU CS names ;; AUTHORITY SECTION: cs.cmu.edu. 86400 cs.cmu.edu. 86400 cs.cmu.edu. 86400 cs.cmu.edu. 86400
NS NS NS
QUASAR.FAC.cs.cmu.edu.
15-441 © 2008
43
Lecture 13
15-441 © 2008
44
