DNS – Domain Name System Seminar in distributed Computing 2007/08

Lucien Hansen - [email protected]

Overview ƒ Naming and Binding of Network Destinations ƒ

Terminology ƒ Examples ƒ Interpretation

ƒ Development of the Domain Name System ƒ

Design ƒ Surprises ƒ Successes / Shortcomings ƒ Conclusions

ƒ Link between papers ƒ Things change 1988 2007 24.10.2007

2

Naming and Binding

ƒ Confusion about terminology ƒ Analogy to operating systems

24.10.2007

3

What are we looking at… ƒ 4 Objects:

ƒ 3 Bindings:

ƒ

Services

ƒ

Service to node

ƒ

Nodes

ƒ

Node to attachment point

ƒ

Attachment Point

ƒ

Attachment point to route

ƒ

Routes

24.10.2007

4

Terminology Via della Pace 11 (Piazza Navona)

ƒ Name ƒ Address ƒ Route

24.10.2007

5

Types of Network Destinations ƒ Service and users ƒ

Time of day, Notebook

ƒ Nodes ƒ

PC on which a service runs, forwarding node

ƒ Network attachment points ƒ

Ports of a network

ƒ Paths ƒ

Run between network attachment points 24.10.2007

6

Name != Name “A-real-good-name”

ƒ Print name ƒ Machine Name ƒ

often called address

ƒ Name – broad sense “01010010”

24.10.2007

7

Binding among network destinations

ƒ Service and Node ƒ Node and network attachment point ƒ Attachment points and paths

Preserve identity

24.10.2007

8

Concrete Examples my-service.ch file

128.12.4.6 storage region

08:00:00:3a:12:80 physical location

ƒ Bind network attachment point to path?

24.10.2007

9

Send data packet to Service

ƒ Find node

ƒ Service name resolution

ƒ Find net. att. Point

ƒ Node name resolution

ƒ Find path

ƒ Route service

24.10.2007

10

Example: ARPANET NCP protocol “Mail-Service”

Node

“Email-Service” IMP 18,port 1

IMP 18,port 0 Network attachment point Confusion: • Different Name 24.10.2007

11

Authors Interpretation of terminology ƒ Name – human readable character string ƒ Address: Service

ƒ Route

Node

Network attachment point

Path

24.10.2007

12

Development of the DNS The following slides summarize the paper 'Development of the Domain Name System, Mockapetris, Dunlap, SIGCOMM 1988'

ƒ Today – largest name service in operation ƒ History with hosts.txt

24.10.2007

13

DNS Design assumptions ƒ Same information as hosts.txt ƒ Distribution ƒ No size limits ƒ Interoperate in many environments ƒ Performance

24.10.2007

14

“Leanness Criterion” Lean service

ƒ More implementation

general distributed database

ƒ More applications

effort and early availability ƒ Greater functionality

ƒ Operate in more environments The following was omitted: • Dynamic updates with atomicity • Backup considerations

24.10.2007

15

Quick “Refresher” root name server

local name server dns.ethz.ch

authoritive name server dns.delivery.it

Student within ETH

pizza.delivery.it 24.10.2007

16

Design points ƒ Architecture ƒ

Name servers

ƒ

Resolvers

(Source: wikipedia.org)

Resource Record

ƒ Hierarchical name space ƒ Database distribution ƒ

Zones

ƒ

Caching

24.10.2007

17

Surprises for developers ƒ Semantics well-understood? ƒ

Example: multiple addr. for single host

ƒ Performance of underlying network ƒ

Response time 30-60 sec (worst case)

ƒ Negative caching

24.10.2007

18

Successes ƒ Datagram access 9 8

512 byte restriction, better performance than TCP Develop/Refine retransmission strategies

ƒ Additional section processing ƒ Caching

24.10.2007

19

Shortcomings ƒ Type and class growth ƒ Easy upgrading of applications ƒ

Transient failure of a distributed naming system

ƒ Distribution of control vs. distribution of expertise

24.10.2007

20

Conclusions ƒ What the “dns-team” learned: ƒ ƒ ƒ

Caching and also negative caching Difficulty of removing fkt. vs. adding new fkt. Implementers don’t like optimizing …

24.10.2007

21

Link between the two papers ƒ DNS provides binding between Service and Node

ƒ Remove DNS ?? ƒ ƒ

Address the host directly with IP “google” for it

ƒ Problems: ƒ

Moving service to another node

24.10.2007

22

Figures … Paper(1988) : 20 000 hosts

24.10.2007

23

1988 2007 : things change… ƒ DDos attack (distributed denial of service) ƒ ƒ

October 2002 – 9 of 13 root servers down February 2007 – 2 root servers down

ƒ Phishing attacks: ƒ ƒ

DNS-spoofing Cache poisoning

ƒ Networks change: ƒ

Mobility ( WLAN, GSM, ad-hoc, P2P, …) 24.10.2007

24

DNS Extensions to support IPv6 ƒ New resource record type (AAAA) ƒ New domain to support lookups based on addr. ƒ

4321:0:…:89ab -> b.a.9.8 … 0.1.2.3.4.IP6.INT

ƒ Additional section processing redefined for processing both IPv4 and IPv6

24.10.2007

25

The papers… ƒ On The Naming and Binding of Network Destinations. Jerome H. Saltzer, in Pier Ravasio et al.

ƒ Development of the domain name system. Mockapetris, P. and Dunlap, K. J.

24.10.2007

26

Additional papers … ƒ RFC 1886, S.Thomson and C.Huitema ƒ GSEC Paper Practical Assignment Version 1.4b, David Hinshelwood – DNS,DNSSEC and the Future

24.10.2007

27

Burning Questions at this moment?

24.10.2007

28

Discussion inputs … ƒ Bindings (more/less – examples?) ƒ What about an open name space? (whatever.I.want) ƒ Future: DNSSec (secure DNS) ƒ Alternative root servers ƒ Politics: ƒ ƒ

VeriSign … “SiteFinder” ICANN … “influenced by …” (.xxx discussion) 24.10.2007

29

Thanks for your attention….

24.10.2007

30