The Challenge of DNS and IP Mappings - PowerPoint Presentation

1. The Challenge of DNS and IP MappingsBy: Dr. T V Gopal, Professor, DCSE, CEG Campus, Anna University, Chennaie-mail: gopal@annauniv.edu; gopal.tadepalli@gmail.comBased on my experience in teaching “Network Programming” [with Focus on UNIX & JAVA] & Research in “Distributed Operating Systems”

2. @ THE NETWORK MODELISO – OSI Reference Model

3. IP AddressesAn identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.

4. IP Address ClassesClass A - 168.212.226.204supports 16 million hosts on each of 127 networks Class B - 168.212.226.204supports 65,000 hosts on each of 16,000 networks NDUS has two Class B addresses134.129.xxx.xxx Eastern ND134.234.xxx.xxx Western NDClass C - 168.212.226.204supports 254 hosts on each of 2 million networks

5. IPv4 vs. IPv6 [Noting the Transition]IPv432 bits used for address4,294,967,296Addresses not assigned by geographic region (http://map-o-net.com/)IPv6128 bits used for address340,282,366,920,938,463,374,607,431,768,211,456That about 3.7x10^21 addresses per square inch of the earth’s surfaceAddresses will be assigned by geographic region

6. IPv4 vs. IPv6IPv4 addresses written as four octets (8 bits) separated by periods. 134.129.67.235IPv6 address written as eight 4-digit (16-bit) hexadecimal numbers separated by colons. 1080:0:0:0:0:800:0:417A

7. IPv4-to-IPv6IPv4 Compatible Address0:0:0:0:0:0:w.x.y.z (or ::w.x.y.z)Is used by dual-stack nodes that are communicating with IPv6 over an IPv4 infrastructureThe last four octets (w.x.y.z) represent the dotted decimal representation of an IPv4 address

8. Loopback address127.0.0.0Network number that cannot be assigned to any network127.0.0.1The loopback addressUsed for diagnostic testing of the local TCP/IP installation

9. Automatic Private IP Addressing (APIPA)169.254.x.xIP addresses are self-assigned when the computer asks for an IP address and no one responds.i.e. the computer cannot reach a DHCP server over the network.

10. Network & Broadcast AddressesYou cannot assign a network number to a computer or any other host on the network.You cannot assign the highest number on a network to a host. This address is interpreted as a broadcast message for the subnet.

11. Reserved IP Network NumbersNetwork numberSubnet maskIP address range10.0.0.0255.0.0.010.0.0.1-10.255.255.255172.16.0.0-172.31.0.0255.255.0.0172.16.0.1-172.31.255.255192.168.0.0255.255.255.0192.168.0.1-192.168.255.255Designed for use on a private network behind a Network Address Translation (NAT) device, such as a firewall, proxy servers, or some routers.A NAT device can be used to disguise local or internal IP addresses from outside networks.For more reserved addresses see:http://en.wikipedia.org/wiki/Reserved_IP_addresses

12. IP & Domain Name ExamplesIP: 134.129.67.85URL: gdc.busad.ndsu.nodak.eduIP: 134.129.67.235URL: dyn235.minard-67.ndsu.nodak.edu

13. How are IP Addresses GeneratedIP addresses are generated automatically using an integrated algorithm by IANA [Internet of Assigned Numbers Authority].IANA is a part of ICANN [Internet Corporation for Assigned Names and Numbers]IANA Responsibilities: #1. DNS root zones #2. IP addresses and Autonomous System Numbers [ASN]s and #3. Protocol parametersIP addresses and ASNs

14. Parts of an IP AddressNetwork ID: The network ID is a portion of an IP address that is used to designate a specific network or host. This section of the IP address is typically found towards the beginning of an IP address.Host ID: The host ID is another portion of an IP address used to identify a specific IP/TCP network. A host ID is found after a network ID and can be used in conjunction with class identifiers and to create default subnet masks as needed.IANA assigns blocks of IP addresses to each Regional Internet Registry. Subsequently, RIRs split the blocks into smaller blocks and assign them to respective National Internet Registries (NIRs) and Local Internet Registries (LIRs).Please consult GITHUB. You may be able to reverse engineer the IANA Integrated Algorithm.

15. IP Address RegistriesRegional Internet Registries:African Network Information Center AFRINICAmerican Registry for Internet Numbers, ARINRéseaux IP Européens Network Coordination Centre, RIPE NCC Asia Pacific Network Information Centre, APNICLatin American and Caribbean Internet Addresses Registry, LACNIC

16. INTO THE APPLICATION LAYER ISO – OSI Reference ModelDNS is an application layer protocol. All application layer protocols use one of the two transport layer protocols, UDP and TCP.

17. DNS: Domain Name SystemPeople: many identifiers:SSN, name, Passport #Internet hosts, routers:IP address (32 bit) - used for addressing datagrams“name”, e.g., gaia.cs.umass.edu - used by humansQ: map between IP addresses and name ?Domain Name System:distributed database implemented in hierarchy of many name serversapplication-layer protocol host, routers, name servers to communicate to resolve names (address/name translation)note: core Internet function implemented as application-layer protocolcomplexity at network’s “edge”

18. DNS name serversno server has all name-to-IP address mappingslocal name servers:each ISP, company has local (default) name serverhost DNS query first goes to local name serverauthoritative name server:for a host: stores that host’s IP address, namecan perform name/address translation for that host’s name Why not centralize DNS?single point of failuretraffic volumedistant centralized databasemaintenancedoesn’t scale!

19. DNS has the following ComponentsDomains: A domain is a logical group of computers in a large network. Access to each computer in a given group is controlled by the same server.Distributed Database: A distributed database is an archive of information about the computers in a network.Name Servers: A name server contains address information about other computers on the network. This information can be given to client computers that make a request to the name server.Clients: A client requests information from the servers. In a domain name system, the client requests network addressing information from the name servers.Resolver: A resolver provides clients with address information about other computers on the network

20. Simple DNS examplehost surf.eurecom.fr wants IP address of gaia.cs.umass.edu1. Contacts its local DNS server, dns.eurecom.fr2. dns.eurecom.fr contacts root name server, if necessary3. root name server contacts authoritative name server, dns.umass.edu, if necessary requesting hostsurf.eurecom.frgaia.cs.umass.eduroot name serverauthorititive name serverdns.umass.edulocal name serverdns.eurecom.fr123456

21. Simple DNS examplehost surf.eurecom.fr wants IP address of gaia.cs.umass.edu1. Contacts its local DNS server, dns.eurecom.fr2. dns.eurecom.fr contacts root name server, if necessary3. root name server contacts authoritative name server, dns.umass.edu, if necessary requesting hostsurf.eurecom.frgaia.cs.umass.eduroot name serverauthorititive name serverdns.umass.edulocal name serverdns.eurecom.fr123456

22. DNS exampleRoot name server:may not know authoratiative name servermay know intermediate name server: who to contact to find authoritative name serverrequesting hostsurf.eurecom.frgaia.cs.umass.eduroot name serverlocal name serverdns.eurecom.fr123456authoritative name serverdns.cs.umass.eduintermediate name serverdns.umass.edu78

23. DNS: iterated queriesrecursive query:puts burden of name resolution on contacted name serverheavy load?iterated query:contacted server replies with name of server to contact“I don’t know this name, but ask this server”requesting hostsurf.eurecom.frgaia.cs.umass.eduroot name serverlocal name serverdns.eurecom.fr123456authoritative name serverdns.cs.umass.eduintermediate name serverdns.umass.edu78iterated query

24. DNS: caching and updating recordsonce (any) name server learns mapping, it caches mappingcache entries timeout (disappear) after some timeupdate/notify mechanisms under design by IETFRFC 2136http://www.ietf.org/html.charters/dnsind-charter.html

25. UNIX Socket-programming using TCPSocket: a door between application process and end-end-transport protocol (UCP or TCP)TCP service: reliable transfer of bytes from one process to anotherprocessTCP withbuffers,variablessocketcontrolled byapplicationdevelopercontrolled byoperatingsystemhost orserverprocessTCP withbuffers,variablessocketcontrolled byapplicationdevelopercontrolled byoperatingsystemhost orserverinternet

26. UNIX Socket programming with TCPClient must contact serverserver process must first be runningserver must have created socket (door) that welcomes client’s contactClient contacts server by:creating client-local TCP socketspecifying IP address, port number of server processWhen client creates socket: client TCP establishes connection to server TCPWhen contacted by client, server TCP creates new socket for server process to communicate with clientallows server to talk with multiple clientsTCP provides reliable, in-order transfer of bytes (“pipe”) between client and serverapplication viewpoint

27. JAVA Client/server socket interaction: UDPcloseclientSocketServer (running on hostid)read reply fromclientSocketcreate socket,clientSocket = DatagramSocket()ClientCreate, address (hostid, port=x,send datagram request using clientSocketcreate socket,port=x, forincoming request:serverSocket = DatagramSocket()read request fromserverSocketwrite reply toserverSocketspecifying clienthost address,port umber

28. THE REALMS OF DISTRIBUTED COMPUTING"The Network is the Computer“ - John Gage, Sun Microsystems,1984MASSIVELY DISRUPTIVE IDEA THAT IS SO SIMPLE TO EXPRESS

29. NamingHow do we efficiently locate resources?DNS: name  IP addressChallengeHow do we scale these to the wide area?

30. Domain Name System GoalsBasically a wide-area distributed databaseScalabilityDecentralized maintenanceRobustnessGlobal scope Names mean the same thing everywhereDon’t needAtomicityStrong consistency

31. Programmer’s View of DNSConceptually, programmers can view the DNS database as a collection of millions of host entry structures:in_addr is a struct consisting of 4-byte IP addressFunctions for retrieving host entries from DNS:gethostbyname: query key is a DNS host name.gethostbyaddr: query key is an IP address./* DNS host entry structure */ struct hostent { char *h_name; /* official domain name of host */ char **h_aliases; /* null-terminated array of domain names */ int h_addrtype; /* host address type (AF_INET) */ int h_length; /* length of an address, in bytes */ char **h_addr_list; /* null-terminated array of in_addr structs */ };

32. DNS Message FormatIdentificationNo. of QuestionsNo. of Authority RRsQuestions (variable number of answers)Answers (variable number of resource records)Authority (variable number of resource records)Additional Info (variable number of resource records)FlagsNo. of Answer RRsNo. of Additional RRsName, type fields for a queryRRs in response to queryRecords for authoritative serversAdditional “helpful info that may be used12 bytes

33. DNS Header FieldsIdentificationUsed to match up request/responseFlags1-bit to mark query or response1-bit to mark authoritative or not1-bit to request recursive resolution1-bit to indicate support for recursive resolution

34. Lecture 13: 02-22-200534DNS RecordsRR format: (class, name, value, type, ttl)DB contains tuples called resource records (RRs)Classes = Internet (IN), Chaosnet (CH), etc.Each class defines value associated with typeFOR IN class:Type=Aname is hostnamevalue is IP addressType=NSname is domain (e.g. foo.com)value is name of authoritative name server for this domainType=CNAMEname is an alias name for some “canonical” (the real) namevalue is canonical nameType=MXvalue is hostname of mailserver associated with name

35. Properties of DNS Host EntriesDifferent kinds of mappings are possible:Simple case: 1-1 mapping between domain name and IP addr:kittyhawk.cmcl.cs.cmu.edu maps to 128.2.194.242Multiple domain names maps to the same IP address:eecs.mit.edu and cs.mit.edu both map to 18.62.1.6Single domain name maps to multiple IP addresses:aol.com and www.aol.com map to multiple IP addrs.Some valid domain names don’t map to any IP address:for example: cmcl.cs.cmu.edu

36. DNS Design: Hierarchy DefinitionsrootedunetorgukcomgwuucbcmubumitcsececmclEach node in hierarchy stores a list of names that end with same suffixSuffix = path up treeE.g., given this tree, where would following be stored:Fred.comFred.eduFred.cmu.eduFred.cmcl.cs.cmu.eduFred.cs.mit.edu

37. DNS Design: Zone DefinitionsrootedunetorgukcomcagwuucbcmubumitcsececmclSingle nodeSubtreeComplete TreeZone = contiguous section of name spaceE.g., Complete tree, single node or subtreeA zone has an associated set of name serversMust store list of names and tree links

38. DNS Design: Cont.Zones are created by convincing owner node to create/delegate a subzoneRecords within zone stored multiple redundant name serversPrimary/master name server updated manuallySecondary/redundant servers updated by zone transfer of name spaceZone transfer is a bulk transfer of the “configuration” of a DNS server – uses TCP to ensure reliabilityExample:CS.CMU.EDU created by CMU.EDU administratorsWho creates CMU.EDU or .EDU?

39. DNS: Root Name ServersResponsible for “root” zoneApprox. 13 root name servers worldwideCurrently {a-m}.root-servers.netLocal name servers contact root servers when they cannot resolve a nameConfigured with well-known root servers

40. Servers/Resolvers Each host has a resolverTypically a library that applications can link toLocal name servers hand-configured (e.g. /etc/resolv.conf)Name serversEither responsible for some zone or…Local serversDo lookup of distant host names for local hostsTypically answer queries about local zone

41. Typical ResolutionClientLocal DNS serverroot & edu DNS serverns1.cmu.edu DNS serverwww.cs.cmu.eduNS ns1.cmu.eduwww.cs.cmu.eduNS ns1.cs.cmu.eduA www=IPaddrns1.cs.cmu.eduDNSserver

42. Typical ResolutionSteps for resolving www.cmu.eduApplication calls gethostbyname() (RESOLVER)Resolver contacts local name server (S1)S1 queries root server (S2) for (www.cmu.edu)S2 returns NS record for cmu.edu (S3)What about A record for S3?This is what the additional information section is for (PREFETCHING)S1 queries S3 for www.cmu.eduS3 returns A record for www.cmu.eduCan return multiple A records  what does this mean?

43. Typical ResolutionSteps for resolving www.cmu.eduApplication calls gethostbyname() (RESOLVER)Resolver contacts local name server (S1)S1 queries root server (S2) for (www.cmu.edu)S2 returns NS record for cmu.edu (S3)What about A record for S3?This is what the additional information section is for (PREFETCHING)S1 queries S3 for www.cmu.eduS3 returns A record for www.cmu.eduCan return multiple A records  what does this mean?

44. Lecture 13: 02-22-200544Workload and CachingAre all servers/names likely to be equally popular?Why might this be a problem? How can we solve this problem?DNS responses are cached Quick response for repeated translationsOther queries may reuse some parts of lookupNS records for domains DNS negative queries are cachedDon’t have to repeat past mistakesE.g. misspellings, search strings in resolv.confCached data periodically times outLifetime (TTL) of data controlled by owner of dataTTL passed with every record

45. Lecture 13: 02-22-200545Subsequent Lookup ExampleClientLocal DNS serverroot & edu DNS servercmu.edu DNS servercs.cmu.eduDNSserverftp.cs.cmu.eduftp=IPaddrftp.cs.cmu.edu

46. ReliabilityDNS servers are replicatedName service available if ≥ one replica is upQueries can be load balanced between replicasUDP used for queriesNeed reliability  must implement this on top of UDP!Why not just use TCP?Try alternate servers on timeoutExponential backoff when retrying same serverSame identifier for all queriesDon’t care which server responds

47. Reverse DNSTaskGiven IP address, find its nameMethodMaintain separate hierarchy based on IP namesWrite 128.2.194.242 as 242.194.128.2.in-addr.arpaWhy is the address reversed?ManagingAuthority manages IP addresses assigned to itE.g., CMU manages name space 128.2.in-addr.arpaeducmucskittyhawk128.2.194.242cmclunnamed rootarpain-addr1282194242

48. .arpa Name Server HierarchyAt each level of hierarchy, have group of servers that are authorized to handle that region of hierarchy1282194kittyhawk128.2.194.242in-addr.arpaa.root-servers.net • • • m.root-servers.netchia.arin.net(dill, henna, indigo, epazote, figwort, ginseng)cucumber.srv.cs.cmu.edu,t-ns1.net.cmu.edut-ns2.net.cmu.edumango.srv.cs.cmu.edu(peach, banana, blueberry)

49. Mail AddressesMX records point to mail exchanger for a nameE.g. mail.acm.org is MX for acm.orgAddition of MX record type proved to be a challengeHow to get mail programs to lookup MX record for mail delivery?Needed critical mass of such mailers

50. Root ZoneGeneric Top Level Domains (gTLD) = .com, .net, .org, etc…Country Code Top Level Domain (ccTLD) = .us, .ca, .fi, .uk, etc…Root server ({a-m}.root-servers.net) also used to cover gTLD domainsLoad on root servers was growing quickly!Moving .com, .net, .org off root servers was clearly necessary to reduce load  done Aug 2000

51. PrefetchingName servers can add additional data to responseTypically used for prefetchingCNAME/MX/NS typically point to another host nameResponses include address of host referred to in “additional section”

52. Recent MeasurementsNo centralized caching per siteEach machine runs own caching local serverWhy is this a problem?How many hosts do we need to share cache?  recent studies suggest 10-20 hosts“Hit rate for DNS = 80%  1 - (#DNS/#connections)Is this good or bad?Most Internet traffic is WebWhat does a typical page look like?  average of 4-5 imbedded objects  needs 4-5 transfersThis alone accounts for 80% hit rate!Lower TTLs for A records does not affect performanceDNS performance really relies more on NS-record caching

53. Tracing HierarchyDig ProgramAllows querying of DNS systemUse flags to find name server (NS)Disable recursion so that operates one step at a timeAll .edu names handled by set of serversunix> dig +norecurse @a.root-servers.net NS kittyhawk.cmcl.cs.cmu.edu;; AUTHORITY SECTION:edu. 172800 IN NS L3.NSTLD.COM.edu. 172800 IN NS D3.NSTLD.COM.edu. 172800 IN NS A3.NSTLD.COM.edu. 172800 IN NS E3.NSTLD.COM.edu. 172800 IN NS C3.NSTLD.COM.edu. 172800 IN NS F3.NSTLD.COM.edu. 172800 IN NS G3.NSTLD.COM.edu. 172800 IN NS B3.NSTLD.COM.edu. 172800 IN NS M3.NSTLD.COM.

54. THE TECHNIUM“The greater, global, massively interconnected system of technology"

55.

56.

57.

58.

59.

60. Towards IDN Engineering