Transcript DNS - Department of Computer Science

Internet Address and Domain
Name Service (DNS)
CS587x Lecture
Department of Computer Science
Iowa State University
What to cover today
Internet Address


IPv4
CIDR
Domain Name Service


Name Resolution
Load Balancing
Internet Addressing
IPv4


Each address is represented by 4 bytes
Four numbers, 0-255, separated by dots
Classified IP address (developed in 1970s)

networks
routes
12.0.0.0
XXX
123.0.0.0
XXX
::
::
Class+Network ID+Host ID
byte 0
byte 1
A 0
Network ID
B 1 0
Network ID
C 1 1 0
D 1 1 1 0
E 1 1 1 1 0
byte 3
byte 2
Host ID
Host ID
Network ID
Host ID
#nets
#hosts
128
16,777,216
16,384
65,536
2,097,152 256
Multicast
Reserved
To minimize routing table entries
•Given an IP packet, a router examines its first one to four bits to determine
its class and then breaks it down into network and host bits. The network
bits are used to find a route to the network. Once a packet reached its target
network, its host field was examined for final delivery.
Special IP Addresses
Some special addresses
127.0.0.1 – loopback/localhost
255.255.255.255 – broadcast


Reserved addresses
Can be used locally (behind Network Address Translator, for example)





192.168.0.0-192.168.255.255
172.16.0.0-172.31.255.255
10.0.0.0-10.255.255.255
Not routed through the Internet
Space limitation of IP Address
32 bits

IPv6 calls for 128-bit address, but requires
significant changes throughout much of the
Internet
Classified

not flexible and efficient in address allocation
 While the Internet was running out of unassigned
addresses, only 3% of the assigned addresses were
actually being used
Challenges
Represent more networks
Need more network IDs, given the same 32-bits
address space

Global routing tables at capacity
As the number of networks on the Internet
increased, so did the number of routes


A few years back, it was forecasted that the global
backbone Internet routers were fast approaching their limit
on the number of routes they could support.
Even using the latest router technology, the
maximum theoretical routing table size is
approximately 60,000 routing table entries


If nothing was done, the global routing tables would have
reached capacity by mid-1994 and all Internet growth
would be halted
Solutions
Assign IP to machines dynamically


For an ISP, at any given time, only a small percentage of its
customers are connected to the network
Not effective for DSL/cable connections, where clients are
always on
Computers not visible to the Internet can share the
same block of IP address

Use those special address blocks
Classless Inter-Domain Routing (CIDR)


Restructuring IP address assignments to increase efficiency
Hierarchical routing aggregation to minimize route table
entries
CIDR
A CIDR address includes the standard 32-bit IP address and also
information on how many bits are used for the network prefix,
e.g.,


206.13.01.48/25, the "/25" indicates the first 25 bits are used to
identify the unique network leaving the remaining bits to identify the
specific host
129.186.0.0/16 (ISU), 192.188.162.0/24 (ISU Research Park),
63.224.0.0/13 (USWest)
CIDR allows the division between the network and host portions of
the IP addresses to occur at any point in the 32-bit number

Mask length currently is anywhere from 13 to 27 bits
Compatibility with Existing Addresses



Class A address, a#.b#.c#.d#  a#.b#.c#.d#/8
Class B address, a#.b#.c#.d#  a#.b#.c#.d#/16
Class C address, a#.b#.c#.d#  a#.b#.c#.d#/24
Advantages of CIDR
More network IDs -- Flexible allocation of IP address
blocks allows more efficient use of 32-bit address
space


The size of a block of IP addresses could be any power of 2
An organization needing 512 addresses could be assigned with
a 23-bit mask, rather than an entire class B network (65536
addresses)
Minimizing routing table entries -- ISPs can now
aggregate their networks into larger blocks

Suppose an ISP is assigned the 12.0.0.0/8 network, the ISP
can further divide this block of addresses into smaller blocks
and allocate them to its customers
 E.g., one customer can have 12.45.0.0/16 and another might
have 12.194.34.0/23 network
 The allocation of address blocks may depend on the size of the
customer

Global routers need to remember only the routes to 12.0.0.0/8
Example of Address Aggregation
Organization1
12.1.0.0/16
Organization2
12.2.0.0/16
:
:
Organization255
12.255.0.0/16
networks
routes
12.0.0.0/8
XXX
13.0.0.0/20
XXX
::
::
ISP/Router
12.0.0.0/8
Internet
Packet with
IP 12.255.1.1
Example of Address Aggregation
networks
routes
12.0.0.0/8
XXX
13.0.0.0/20
XXX
12.255.0.0/16
XXX
Organization1
12.1.0.0/16
Organization2
12.2.0.0/16
:
:
Organization255
12.255.0.0/16
ISP/Router
12.0.0.0/8
Internet
ISP/Router
12.255.0.0/16
1.
2.
Packet with
IP 12.255.1.1
Which entry to use?
• The entry with longest mask length
Which entry to drop?
• A subnet entry with longest mask length
(a block <= 8192 most likely be
dropped)
• The original ISP is still responsible for
resolving all addresses in its block
Routing with CIDR
Internet routers normally do not remember each
individual IP



Internet routers need only to know how to reach ISPs
Given an IP packet, routers determine the block it belongs to
and send the packet to the ISP who are responsible for this
block
The ISP needs to know how to reach each of its own separate
networks
CIDR significantly reduces the growth in the number of
routing table entries at each level in the network
hierarchy

Currently, the global routing tables have approximately 35,000
entries
Domain Name Service
Routers need an address to route while people
need a host name to remember


Host Names yield information to people
IP addresses yield information to routers
Solution: give each IP address a name


popeye.cs.iastate.edu  129.186.3.1
www.myown.com  111.222.333.444
Questions:


Given an IP, how to find out its hostname?
Given a hostname, how to find out its IP?
DNS: History
1970’s ARPANET




All host-address mappings were in hosts.txt (in /etc/hosts)
Changes were submitted to SRI-NIC by email
New versions of hosts.txt were updated periodically from SRI
Administrators could pick names at their discretion
As the internet grew this system broke down because of



Traffic and load: SRI couldn’t handled the load
Reliability: The system was unreliable since there was a single
point of contact
Consistency and confliction: Names were not unique and many
hosts had inaccurate copies of hosts.txt
Internet growth was threatened

DNS was created in 1983 (RFCs 1034 and 1035), modified,
updated, and enhanced by subsequent RFCs
DNS Concepts
Provide a lookup mechanism for object
translation (IP address  hostname)
DNS is implemented as a globally distributed,
loosely coherent, scalable, reliable, dynamic
database
DNS consists of three components



Namespace
Domain Name Servers
DNS queries (issued by clients)


gethostbyname()
gethostbyaddr()
DNS Namespace
The namespace must be able to scale
Solution: make namespace hierarchical by
naming objects based on



location (within country, set of organizations,
set of companies, etc)
unit within that location (company within set
of company, etc)
object within unit (name of person in
company)
Hierarchical Organization of Host names
root
edu
iastate
cs
popeye
eece
com
mit
gov
mil
org
net
fr
cn
The first level names are called “Top
Level Domains”
Depth of tree is arbitrary (limit 128)
No restriction on the amount of branch
Domains are subtrees

e.g. iastate.edu and cs.iastate.edu
Name collision avoided

e.g. iastate.edu and iastate.com
Hierarchical Administration of Host Names
root
edu
iastate
cs
popeye
eece
com
gov
mil
org
net
fr
cn
mit
Each zone corresponds to an administrative
authority that is responsible for that portion
of the hierarchy
• Zones are “administrative spaces”
• Zone administrators are responsible for portion of
a domain’s name space
• Authority is delegated from a parent and to a child
Domain Name Servers
Name servers, who answer “DNS” questions,
are organized in hierarchies
Each server has authority over a portion of the
hierarchy

A server maintains only a subset of all names
Each server contains all the records for the
hosts in its zone
Each server may know other servers who are
responsible for the other portions of the
hierarchy


Every server knows the root
Root server knows about all top-level domains
DNS Protocol
Govern the communication between a DNS
client and a DNS server


A DNS client sends a query to a DNS server, which returns a
response with the requested information
DNS primarily uses UDP for sending queries and responses,
although TCP may also be used
DNS queries can be


Recursive : such queries request the receiving DNS
server resolve the entire request itself
Iterative : such queries request the receiving DNS
server respond directly to the DNS client with the IP
address of the next DNS server in the hierarchy
 Root server handles only iterative queries
Example of Recursive Query
root name server
popeye.cs.iastate.edu
wants IP address of
www.berkeley.edu
2
4
5
1. Contacts its local DNS server,
129.186.3.1
2. 129.186.3.1 contacts root
name server, if necessary
local name server
129.186.3.1
3. Root name server contacts
1
authoritative name server,
6
ns1.berkeley.edu, if
necessary
requesting host
popeye.cs.iastate.edu
3
authorititive name server
ns1.berkeley.edu
www.berkeley.edu
Example of Iterated Queries
Contacted server
replies with name
2
of server to
3
contact
“I don’t know this
name, but you
local name server
129.186.3.1
can ask this
server”
1
8
root name server
iterated queries
4
5
intermediate name server
(com server)
6
7
authoritative name server
www.myown.com
requesting host
popeye.cs.iastate.edu
www.sales.myown.com
DNS query is expensive
Resolving an IP hostname may invoke
several messages
Solution: caching previous query results


The cached mapping can be used
The cached results can be associated with
TTL to reduce the risk of using expired
information
DNS-based Web Server Load Balancing
A popular web site can be replicated in
different geographical locations in order
to provide better service to a diverse set
of clients

One web site can be associated with more
than one IP addresses
 For example, all hosts in the acme.com may have the same
IP address
 The return of an IP address may depend on where a query
is sent from
Load Balancing (1)
DNS can return an IP address based on
where queries come from

Direct HTTP requests to a collection of web
servers that provide access to the same
content
Example: www.akamai.com
From Ames
C:\>ping www.akamai.com
Pinging a1440.g.akamai.net [209.152.119.232] with 32 bytes of data:
Request
Request
Request
Request
timed
timed
timed
timed
out.
out.
out.
out.
Ping statistics for 209.152.119.232:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
From the NY area

63.240.15.146
From the UK

194.82.174.224
Load Balancing (2)
A query to a host name may return several IP
address

e.g., www.big.com may correspond to four machines
with IP addresses 1.2.3.1, 1.2.3.2, 1.2.3.3, 1.2.3.4
By default, the requesting client uses the first IP
address

Heavy load on the server 1.2.3.1
DNS can vary the order of the IP addresses for
each query

The response to the second query could be 1.2.3.2,
1.2.3.3, 1.2.3,4, 1.2.3.1.
DNS Summary
Internet address and CIDR
DNS is a crucial part of the Internet
Namespace is hierarchical
Globally distributed and locally managed
DNS performance is enhanced by caching
DNS can help balance web server
workload