DNS Domain Name System
Download
Report
Transcript DNS Domain Name System
“An unambiguous, short presentation on the domain name
system,some various components and issues
surrounding it.” – UP627394
[F2]
What is the Domain name
system (DNS)?
Simply put, the DNS is an internet technology which resolves host
names to IP addresses – metaphorically speaking, the domain name
system is an internet technology that converts a domain name (such
as http://www.google.com )to its coordinating IP address - a lot like
a digital postal sorting centre for websites and their corresponding
IP address. The DNS is an ever- growing gargantuan
hierarchical naming system/collection of web domains and their
matching IP address.
“The domain name system (DNS) is the way that Internet domain names are
located and translated into Internet Protocol addresses. A domain name is a
meaningful and easy-to-remember "handle" for an Internet address.” [1]
2
How would you describe
the size of the Domain
Name System?
“There are more than 32 million domain names in the
popular TLDs for which the whois utility works” [2]
3
As earlier stated (come on, keep up) - the DNS system is a
herculean collection of websites' domain names and their
matching IP addresses.
Since there are now millions of websites on the
web, the domain name system is constantly updated so,
juxtaposed, you can imagine the sheer size of the domain
name system.
So trying to picture the size of the DNS is something not
easily achieved as it is increasing every second, everyday of
every year – it is unfathomably large.
4
Well before the presence that is DNS (yes, I said presence on
purpose - something which goes largely unnoticed by the vast
majority of internet users) its equivalent at the time –
ARPANET, used a simple numerical text file containing other
internet addresses which was saved on every computer at
the time which used the TCP/IP protocol – called,
HOSTS.TXT.
Imagine today with more than 266 million
websites distributed across the web, this method would be
entirely unpractical.
5
Figure 1. [F1]
Furthermore, using the old method of ARPANET, computers
would have to update that little txt file I told you about HOSTS.TXT (remember?) literally every few seconds – so an
average internet user would need to download a new copy
of that file every few seconds to access an updated website,
a new website, new domain or their favourite apache server
- perhaps.
Correct, now you see how mind-numbingly tedious
this would become to your average Joe. Step aside
APRANETs HOSTS.TXT file, you ancient hierarchical naming
system! And welcome to the fray – the domain name
system – marvellous!
Now, lets move on to some of the main components of the domain name system…
6
[F4]
7
The namespace part of the domain
name system is another hierarchical system – imagine
it as a inverted tree like system whereby the each
segment contains [a] node(s) (Imagine those as the fruits on
the tree each connected to a different branch).
Each node has a name or label which can
comprise of up to 63 characters and can include lower
and higher case letters as well as hyphens and
numerals.
8
Some of the top level domains (TLDs) child nodes which are most
commonly used through the DNS are .com, .net, .co.uk, .org and .gov
for example.
A label can be found in multiple locations within a
namespace but two nodes cannot share the same label as the parent
node. Each node must be unique with their various other sibling nodes
from the parent node. Which can is inputted to the..
[F3] – Figure 3 shows how the domain name system operates at several
corresponding domains such as the Top-level domain and the second level
domains for example.
“A namespace is an abstract container or environment created to hold a
9
logical grouping of unique identifiers
or symbols (i.e., names).” [5]
Another vital component of the DNS is a globally
connected network of “name servers”.
“This is a type of server that translates a domain name (e.g. Yahoo.com) into a
numerical IP address (e.g. 12.10.42.108) which can then be understood by
machines and the website you want to visit can be accessed.” [6]
Each location has a primary or master server which is a
link between the locations resource records.
Name servers will
store data in a temporary location which in turn
greatly increases its exchange of data between the
server and its clients.
10
If a name server can’t find a website, IP or Domain within its zone
or location it will send a query request to the next available server
in the system to push the domain request a step further to
receiving the required data.
[F13]
This event will repeat itself until it reaches the top-level domain
which means the entire namespace will be queried if applicable.
This process then requires the…
11
“Programs that use DNS queries to query for information from servers. Resolvers
can communicate with either remote DNS servers or the DNS server program running
on the local computer. Resolvers are usually built into utility programs or are
accessible through library functions” [7]
Yet another important component of the Domain name
system is the resolver. This is a small piece of software
that is incorporated into the IP stack of every
destination IP or host.
When a host has been configured
whether manually or through a DHCP – it is assigned at
the minimum one name server as well as its own IP
address and the subnet mask.
12
If for example the domain is in a local location or within the
current network – the domain name sever can handle the request,
if not, the default name server queries on one of the master or
root servers of that particular domain.
This will return a list of applicable servers that contain data for
the top level domain of the query – this is known in the industry as
a referral.
The name server queries the top level domain name
server and receives a list of name servers for the second level domain
name. This, in turn, will repeat infinitely until the local name server has
acquired the IP/address for that particular domain name. This is then
stored into a temporary memory to form a record (DNS data) and is
returned to the original querier. This is the DNS resolver – not bad, eh?
Anyway, moving on…
13
"There is no reason anyone would want a computer in their home."
-- Ken Olson, president, chairman and founder of Digital Equipment Corp.,
1977 [3]
14
The Domain name system is a marvellous technology especially for
the average-Joe (Oh you see why I used the quote in the last page
now do you? Let me remind those who have a short memory span) –
"There is no reason anyone would want a computer in their home."
- Ken Olson, president, chairman and founder of Digital Equipment
Corp., 1977 [3]
- The DNS is great for people like you and me, because it allows us
to access websites without the memory of Google’s SuperComputer.
It enables us to quickly and efficiently access our favourite sports
site or shopping domain (no stereotyping ladies and gentlemen, no
seriously..).
The Domain Name System is a
technology that’s translates internet domains and host names into IP
addresses. DNS is a protocol which has been designed within a set of
industry standards to address the problem of how computers
exchange information over the global network – the internet.
15
In layman's terms, it would be appropriate to describe the
function of the Domain Name System as a type of
global/local router that sorts data requests and queries then
sends them to the pre-defined address.
A good example would be a postal office – where,
data is stored, processed and delivered to the pre-set
address or location.
In 1977 before the DNS was implemented you could see why
someone would have said such a thing -why would average
people want to type out a long numerical value into their
browser to visit their favourite website.
16
“DNS is a technology that has
helped increase the userfunctionality and friendliness
of the internet based PC.” –
Me, UP627394.
17
The vast majority of the world now uses computers and the
internet and it’s a safe guess to predict the majority of those
who have opened up their internet browser to visit their
favourite site have used the Domain Name System – with or
probably without ever realising the fundamental technology
behind it.
It’s most basic function is to convert a user friendly
domain name like www.google.com into a more computer
friendly format – like 45.342.21.1 that computers and other
electronic devices use to identify others on the network or
internet. PC’s and other devices on the internet or network use
a IP address to route data through to the server to request the
data on the website your trying to access.
18
One huge advantage of the Domain Name System is that
network and internet devices do not have to store a
huge list of IP address in an address book like the
aforementioned - ARPANET.
With DNS technology you
connect to a domain name server which contains a large
database of addresses, then manages to map out IP
addresses and Domain names.
With more than 266 million websites available on a
single interconnected web, each computer would have
to store terabytes worth of data in its address book –
something which is not realistic in the slightest to the
average PC user. Hence the need for the domain name
system – brilliant.
19
Nowadays, whether you’re browsing your favourite internet
shopping site or sending electronic mail, your computer will
automatically use a DNS server to request the domain name
you’re trying to access – this is called the DNS name resolution,
the DNS server resolves a particular domain name to the IP
address.
Without DNS the internet would be a very lonely place indeed,
and would most probably not be the booming technology we
know and love today.
So in retrospect the Domain Name
System can be compared to a very, large electronic postal
sorting centre – forwarding and receiving information ready to
be processed to and from various addresses.
20
[F5]
21
The Domain Name System is not directly affected by
legislation in the United Kingdom. However, with that being
said, there are some laws that [potentially] apply to it.
As more and more consumers use the
internet for their everyday needs, the need for increased
electronic security rises simultaneously.
A DNS exploit has arisen on the web called – DNS Hijacking.
This exploit is used by cyber-criminals and black-hat-hackers
alike by redirecting the DNS addresses to fake DNS servers
that they themselves have set-up with malicious intent (those
damn crooks are at it again)…
[F9]
22
[F10]
As these new threats surface, the need for increased
protection and legislations is evident, government
organizations must protect consumer’s details from these
threats, which, is why, legislations DO indirectly affect the
Domain Name System. The computer misuse act 1990 may
not directly reference the DNS but it certain circumstances
could affect its operation for example.
23
Another legislation problem that can occur with the DNS is
copyright. Domain names can often use the same domain name
used by other hosts. This may cause legal confrontations between
website authors and their counterparts. Domain names are
attributed to a host on a first come, first serve basis, but, various
companies have often had trouble with other domain names sharing
a similar name. Although there is no written legislation for this
problem it is becoming increasingly important with the increasing
size of the DNS – hopefully something IPv6 can help solve, but more
on that a little later..
Naughty Hacker, stop using
metasploit to steal credit
card numbers and
identities! 20 YEARS, NO
BAIL – TAKE HIM AWAY BOYS
*Hammer*
[F14]
24
[F12]
25
DNS has some well-known exploits which need to be fixed but
these threats are thankfully being worked on. These include DNS
Hijacking and another exploit called DNS cache poisoning.
One significant disadvantage of the DNS,
which could juxtaposed also be seen as a benefit, is its
continuing popularity. As more and more businesses and
consumers use the internet, the demands of the DNS increase,
the size of the DNS will also increase exponentially – something
we’ll talk about in the next slide… IPv4 v IPv6…
26
It is of my opinion that the most significant limitation to the
continued operation of the DNS is in its current use of the
IPv4 protocol.
The IPv4 protocol has 32 bit
address spaces which enable space for 4,294,967,296 unique
addresses, and, guess what? Yep, nearly every single one of
these unique addresses has now been allocated.
But don’t worry back in 1999 some smart chaps invented [its
soon to be implemented] successor – IPv6, lets see some of
IPv6s improvements over IPv4 shall we?...
[F8]
27
[F7]
Figure 7 – So what do we know about DNS’s use of the IPv4 protocol? Well,
we know that nearly all the available IP (remember that metaphorical
digital post code) addresses have nearly been allocated and that soon web
pages will be uploaded and addressed using the IPv6 Protocol – Fantastic!
We can see that IPv6 uses a superior address size of 128-bits which will
enable an even bigger vast collective of knowledge far superior to the
inferior IPv4! (It rhymes – IPv4 inferior to its successor the superior IPv6!
Just something to remember).
28
[F11]
Some clever-clogs knew that the number of IPV4 addresses
would eventually run out as more internet devices become
connected. The first klaxon was sounded when broadband
became mainstream and permanent internet connections
became common. Easy work arounds quickly squelched the
IP address crisis that many had predicted and the world
continued normally without much debacle. About a decade
and a half later, we could actually be facing a problem…
..the solution of IPV6 has been with us for some time, and
implementation should be transparent for most of us. That
won’t stop every opportunist in the known universe from
trying to capitalize on a crisis.
29
Necessary changes and upgrades will be made, and a few fortunes could
be made from them. Don’t be worried by investment “experts”,
government and academic “technology supporters” clamouring for big
spend to avert a looming crisis.
They’re out to create a frenzy to make a pound or two, and light their
cigars from £50 notes (once again, any stereotyping is purely
coincidental).
If you think IPV6 could be a good investment opportunity, the usual cast
of network equipment makers will likely benefit from the arsenal of
software and hardware upgrades.
If your going to buy a new router anytime soon, buying an IPV6 ready unit
is recommended, but IPV4 units should continue working without any
problem for some time.
30
The Domain name system is a revolutionary digital technology that has
inaugurated a whole cyber universe to the average schmuck – Yeah I’m looking
at you!
Without the Domain Name System the Internet would still be full of
weird funny haired computer scientists and 38 year-old nerds who still live in
their mothers basement, doing God knows what on there. Thanks to the domain
name system I can now order farts in a jar off eBay from Australia – without
remembering some tedious IP address .
I think a round of applause is in order for one of the (or possibly the) greatest,
most time-saving and revolutionary technologies to grip our computer monitors
today…
I think we can all agree on this –
31
The boring part…
Sources
[1] - www.cert.gov.om/English_Information/Glossary.shtml
[2] - Contributor(s) names – “Alvin”. Title – DNS Components. Retrieved from http://www.accuwebhosting.com/Articles/DNS_COMPONENTS.html [2]
[3] - Contributor(s) names - Unknown. Title - Computer predictions. Retrieved from - http://www.mth.uct.ac.za/digest/pcquotes.html [1]
[7] - technet.microsoft.com/en-us/library/cc958968.aspx
Images/Figures
[F1] - http://www.labnol.org/internet/total-websites-on-internet-worldwide/5206/
[F2] - http://www.juicedcode.com/wp-content/uploads/2011/12/The-Importance-of-DNS-and-IP-Address.jpg
[F3] - http://idg.bg/test/nww/2009/11/30/domainnamespace.gif
[F4] - http://2.bp.blogspot.com/_-TEgGKsYSBk/R698tK8ktuI/AAAAAAAAAFg/rW_NMfDAgbw/S460/domain-name-service.jpg
[F5] - http://www.provaltech.com/wp-content/uploads/2011/09/DNS-DHCP-Server-Support.jpg
[F7] - http://news.cnet.com/i/tim/2011/02/03/IPv4-vs-IPv6-graphic.png
[F8] - http://cdn.thetechjournal.com/wp-content/uploads/images/1109/1317314893-ipv6-vs-ipv4-1.gif
[F9] - http://sushantskoltey.files.wordpress.com/2010/02/hacker.jpg
[F10] - http://www.koreaittimes.com/images/hacker_0.jpg
[F11] - http://www.itu.int/net/ITU-T/ipv6/images/ipv6-v2.jpg
[F12] - http://mars.netanya.ac.il/~unesco/cdrom/booklet/HTML/NETWORKING/IMAGES/dns1.gif
[F13] - http://4.bp.blogspot.com/_9VNaIzjiOr0/TTM43cQwg3I/AAAAAAAAAf8/CvB8E2DheYk/s1600/server1.jpg
[F14] - http://www.legaljuice.com/judge.jpg
32