SlideShare a Scribd company logo
DNS
( DOMAIN NAME SYSTEM )
Prepared by:
•YASH NIMAVAT-91600103106
•BHAUTIK CHOVATIYA-91600103130
•CHETAN KHUNTI-91600103105
•BHAVIK VAISHNANI-91600103074
•JAY JOSHI-91600103094
Overview
Introduction to the DNS
DNS Components
 The name space
 The servers
 The resolvers
DNS Structure and Hierarchy
The DNS in Context
DNS History
 ARPANET utilized a central file HOSTS.TXT
 Contains names to addresses mapping
 Maintained by SRI’s NIC (Stanford-Research-Institute:
Network-Information-Center)
 Administrators email changes to NIC
 NIC updates HOSTS.TXT periodically
 Administrators FTP (download) HOSTS.TXT
 As the system grew, HOSTS.TXT had problems
with:
 Scalability (traffic and load)
 Name collisions
 Consistency
 In 1984, Paul Mockapetris released the first
version (RFCs* 882 and 883, superseded by 1034
and 1035 …)
*RFC: Request for Comments
The DNS is…
The “Domain Name System”.
What Internet users use to reference anything by
name on the Internet.
The mechanism by which Internet software
translates names to attributes such as addresses.
The DNS is also…
A globally distributed, scalable, reliable database.
Comprised of three components :
 A “name space”
 Servers making that name space available
 Resolvers (clients) which query the servers about the name
space
DNS as a Lookup Mechanism
Users generally prefer names to numbers
e.g. – google.com, fb.com etc.
Computers prefer numbers to names
e.g. – 10.2.1.32, 10.2.4.56 etc.
DNS provides the mapping between the two
 I have “x”, give me “y”
 i.e. for e.g. : “google.com” with “10.2.1.32”.
DNS as a Database
Keys to the database are “domain names”
 www.foo.com, 18.in-addr.arpa, 6.4.e164.arpa
Over 200,000,000 domain names stored.
Each domain name contains one or more attributes:
 Known as “resource records”
Each attribute individually retrievable.
Global Distribution
Data is maintained locally, but retrievable globally
 No single computer has all DNS data
DNS lookups can be performed by any device.
Remote DNS data is locally cacheable to improve
performance.
Loose Coherency
Each version of a subset of the database (a zone)
has a serial number
 The serial number is incremented on each database change
Changes to the master copy of the database are
propagated to replicas according to timing set by
the zone administrator
Cached data expires according to timeout set by
zone administrator
Scalability
No limit to the size of the database.
No limit to the number of queries
 Tens of thousands of queries handled easily every second
Queries distributed among masters, slaves, and
caches.
Reliability
Data is replicated
 Data from master is copied to multiple slaves
Clients can query
 Master server
 Any of the copies at slave servers
Clients will typically query local caches.
DNS protocols can use either UDP or TCP
 If UDP, DNS protocol handles retransmission,
sequencing, etc.
Dynamicity
Database can be updated dynamically
 Add/delete/modify of any record
 Only master can be dynamically updated
Modification of the master database triggers
replication.
The Name Space
The name space is the structure of the DNS
database
 An inverted tree with the root node at the top.
Each node has a label
 The root node has a null label, written as “”
t h ir d -le v e l n o d e
s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e
t o p -le v e l n o d e
t h ir d -le v e l n o d e t h ir d -le v e l n o d e
s e c o n d - le v e l n o d e
t o p -le v e l n o d e
s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e
t o p -le v e l n o d e
T h e r o o t n o d e
" "
An Analogy – E.164
Root node maintained by the ITU (call it “+”)
Top level nodes contains country codes (1, 81, etc)
Second level nodes contains regional codes (1-402,
81-3, etc.)
. . .
. . . 2 0 2
6 0 0 3
3 8 1
6 0 0 3
7 7 9
6 5 0 8 0 8
1
5 2 2 6 2 0 2 4
3 4 8 9
3 4 8 5 2
8 1 . . .
" + "
fo o fo o
to p -1
fo o a t& t
to p -2
b a r b a z
to p -3
""
Labels
Each node in the tree
must have a label
 A string of up to 63 bytes
 RFCs 852 and 1123 define
legal characters for
“hostnames”
 A-Z, 0-9, and “-” only with
a-z and A-Z treated as the
same.
Sibling nodes must
have unique labels.
The null label is
reserved for the root
node.
Domain Names
A domain name is the sequence of labels from a node
to the root, separated by dots (“.”s), read left to right
 The name space has a maximum depth of 127 levels
 Domain names are limited to 255 characters in length
A node’s domain name identifies its position in the
name space
d a k o ta
w e s t
t o r n a d o
e a s t w w w
n o m in u m m e ta in fo
c o m
b e r k e le y n w u
e d u g o v
n a to
in t
a r m y
m il
u u
n e t o rg
" "
Subdomains
One domain is a subdomain of another if its domain
name ends in the other’s domain name
 So sales.nominum.com is a subdomain of
nominum.com & .com
 nominum.com is a subdomain of .com
Dividing a Domain into Zones
.a r p a
a c m e b w
m o lo k a i s k y e
r w c w w w f tp
g o u d a c h e d d a r
a m s
n o m in u m n e ts o l
.c o m . e d u
" "
nominum.com
domain
nominum.com
zone
ams.nominum.com
zonerwc.nominum.com
zone
Name Servers
Name servers store information about the name
space in units called “zones”
 The name servers that load a complete zone are said to
“have authority for” or “be authoritative for” the zone
Usually, more than one name server are
authoritative for the same zone
 This ensures redundancy and spreads the load
Name Servers and Zones
128.8.10.5
nominum.com
204.152.187.11
202.12.28.129
Name Servers
isc.org
Zones128.8.10.5 serves
data for both
nominum.com
and isc.org zones
202.12.28.129
serves data for
nominum.com
zone only
204.152.187.11
serves data for
isc.org zone only
Types of Name Servers
Two main types of servers
 Authoritative – maintains the data
 Master – where the data is edited
 Slave – where data is replicated to
 Caching – stores data obtained from an authoritative server
No special hardware necessary.
Name Server Architecture
You can think of a name server as part of:
 database server, answering queries about the parts of the
name space it knows about (i.e., is authoritative for),
 cache, temporarily storing data it learns from other name
servers, and
 agent, helping resolvers and other name servers find data
Name Resolution
Name resolution is the process by which
resolvers and name servers cooperate to find
data in the name space
Closure mechanism for DNS?
 Starting point: the names and IP addresses of the name
servers for the root zone (the “root name servers”)
 The root name servers know about the top-level zones
and can tell name servers whom to contact for all
TLD(TOP LEVEL DOMAINS).
Name Resolution
A DNS query has three parameters:
 A domain name (e.g., www.nominum.com),
 Remember, every node has a domain name!
 A class (e.g., IN), and
 A type (e.g., A)
 http://network-tools.com/nslook/
Upon receiving a query from a resolver, a
name server :
1) looks for the answer in its authoritative data and its
cache.
2) If step 1 fails, the answer must be looked up
ping www.nominum.com.
The Resolution Process
Let’s look at the resolution process step-by-step:
annie.west.sprockets.com
What’s the IP address
of
www.nominum.com?
The workstation annie asks its configured
name server, dakota, for
www.nominum.com’s address
ping www.nominum.com.
annie.west.sprockets.com
dakota.west.sprockets.com
The name server dakota asks a root name server, m,
for www.nominum.com’s address
ping www.nominum.com.
annie.west.sprockets.com
m.root-servers.net
dakota.west.sprockets.com
What’s the IP address
of
www.nominum.com?
The root server m refers dakota to the com name
servers
This type of response is called a “referral”
ping www.nominum.com.
annie.west.sprockets.com
m.root-servers.net
dakota.west.sprockets.com Here’s a list of the
com name servers.
Ask one of them.
The name server dakota asks a com name
server, f, for www.nominum.com’s address
ping www.nominum.com.
annie.west.sprockets.com
m.root-servers.net
dakota.west.sprockets.com
What’s the IP address
of
www.nominum.com?
f.gtld-servers.net
The com name server f refers dakota to the
nominum.com name servers
ping www.nominum.com.
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
Here’s a list of the
nominum.com
name servers.
Ask one of them.
The name server dakota asks a nominum.com name
server, ns1.sanjose, for www.nominum.com’s address
ping www.nominum.com.
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.net
What’s the IP address
of
www.nominum.com?
The nominum.com name server ns1.sanjose
responds with www.nominum.com’s address
ping www.nominum.com.
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.netHere’s the IP
address for
www.nominum.com
Here’s the IP
address for
www.nominum.com
The name server dakota responds to annie
with www.nominum.com’s address
ping www.nominum.com.
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.net
ping ftp.nominum.com.
Resolution Process (Caching)
After the previous query, the name server dakota now
knows:
 The names and IP addresses of the com name servers
 The names and IP addresses of the nominum.com name
servers
 The IP address of www.nominum.com
Let’s look at the resolution process again
annie.west.sprockets.com
ping ftp.nominum.com.
What’s the IP address
of ftp.nominum.com?
The workstation annie asks its configured
name server, dakota, for ftp.nominum.com’s
address
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.net
ping ftp.nominum.com.
What’s the IP address
of ftp.nominum.com?
Resolution Process (Caching)
dakota has cached a NS record indicating ns1.sanjose
is an nominum.com name server, so it asks it for
ftp.nominum.com’s address
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.net
ping ftp.nominum.com.
Here’s the IP
address for
ftp.nominum.com
The nominum.com name server ns1.sanjose
responds with ftp.nominum.com’s address
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.net
ping ftp.nominum.com.
Here’s the IP
address for
ftp.nominum.com
The name server dakota responds to annie
with ftp.nominum.com’s address
annie.west.sprockets.com
f.gtld-servers.net
m.root-servers.net
dakota.west.sprockets.com
ns1.sanjose.nominum.net
DNS Structure and Hierarchy
The DNS imposes no constraints on how the DNS
hierarchy is implemented except:
 A single root
 The label restrictions
 So, can we create a host with a name
a.wonderful.world?
If a site is not connected to the Internet, it can use
any domain hierarchy it chooses
 Can make up whatever TLDs (top level domains) you
want
Connecting to the Internet implies use of the
existing DNS hierarchy
Top-level Domain (TLD) Structure
In 1983 (RFC 881), the idea was to have TLDs
correspond to network service providers
 e.g., ARPA, DDN, CSNET, etc.
By 1984 (RFC 920), functional domains was
established
 e.g., GOV for Government, COM for commercial,
EDU for education, etc.
RFC 920 also
 Provided country domains
 Provided “Multiorganizations”
The Current TLDs
C O M
C o m m e r c ia l O r g a n iz a tio n s
N E T
N e tw o rk I n fr a s tr u c tu re
O R G
O t h e r O r g a n iz a tio n s
G e n e r ic T L D s
( g T L D s )
A F
A fg h a n is t a n
A L
A lb a n ia
D Z
A lg e r ia
. ..
Y U
Y u g o s la v ia
Z M
Z a m b ia
Z W
Z im b a b w e
C o u n try C o d e T L D s
( c c T L D s )
I N T
I n t e r n a t io n a l T r e a ty O r g a n iz a t io n s
A R P A
( T r a n s itio n D e v ic e )
In t e rn a t io n a l T L D s
( iT L D s )
G O V
G o v e r n m e n t a l O r g a n iz a tio n s
M I L
M ilit a r y O r g a n iz a t io n s
E D U
E d u c a t io n a l I n s t it u tio n s
U S L e g a c y T L D s
( u s T L D s )
" ."
Root Name Server Operators
Nameserver Operated by:
A Verisign (US East Coast)
B University of S. California –Information Sciences Institute (US West Coast)
C Cogent Communications (US East Coast)
D University of Maryland (US East Coast)
E NASA (Ames) (US West Coast)
F Internet Software Consortium (US West Coast)
G U. S. Dept. of Defense (ARL) (US East Coast)
H U. S. Dept. of Defense (DISA) (US East Coast)
I Autonomica (SE)
J Verisign (US East Coast)
K RIPE-NCC (UK)
L ICANN (US West Coast)
M WIDE (JP)
The Root Nameservers
The root zone file lists the names and IP addresses
of the authoritative DNS servers for all top-level
domains (TLDs)
The root zone file is published on 13 servers, “A”
through “M”, around the Internet
Root name server operations currently provided by
volunteer efforts by a very diverse set of
organizations
Registries, Registrars, and Registrants
A classification of roles in the operation of a domain
name space
Registry
 the name space’s database
 the organization which has edit control of that database
Registrar
 the agent which submits change requests to the registry on
behalf of the registrant
Registrant
 the entity which makes use of the domain name
.COM, .NET, and .ORG
 By far the largest top level domains on the Internet today
Verisign received the contract for the registry
for .COM, .NET, and .ORG
 also a registrar for these TLDs
Registries, Registrars, and Registrants
Registry Zone DB
RegistrantsRegistrants
End user requests
add/modify/delete
Registrar submits
add/modify/delete
to registry
Registrar RegistrarRegistrar
Master
updated
Registry updates
zone
Slaves
updated
Load Concerns
DNS can handle the load
 DNS root servers get approximately 3000 queries per second
 Empirical proofs (DDoS attacks) show root name servers can
handle 50,000 queries per second
 Limitation is network bandwidth, not the DNS protocol
 in-addr.arpa zone, which translates numbers to names, gets
about 2000 queries per second
Performance Concerns
DNS is a very lightweight protocol
 Simple query – response
Any performance limitations are the result of
network limitations
 Speed of light
 Network congestion
 Switching/forwarding latencies
Security Concerns
Base DNS protocol (RFC 1034, 1035) is insecure
 DNS spoofing (cache poisoning) attacks are possible
DNS Security Enhancements (DNSSEC, RFC
2565) remedies this flaw
 But creates new ones
 DoS attacks
 Amplification attacks
Questions?

More Related Content

What's hot

Domain name system
Domain name systemDomain name system
Domain name system
Diwaker Pant
 
Chapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptChapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.ppt
webhostingguy
 

What's hot (20)

Dns presentation
Dns presentationDns presentation
Dns presentation
 
Dns 2
Dns 2Dns 2
Dns 2
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Domain name system
Domain name systemDomain name system
Domain name system
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
 
Domain name system
Domain name systemDomain name system
Domain name system
 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)
 
DNS Record
DNS RecordDNS Record
DNS Record
 
Chapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptChapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.ppt
 
Dns ppt
Dns pptDns ppt
Dns ppt
 
Dns(Domain name system)
Dns(Domain name system)Dns(Domain name system)
Dns(Domain name system)
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
 
Domain name system presentation
Domain name system presentationDomain name system presentation
Domain name system presentation
 
Domain Name System ppt
Domain Name System pptDomain Name System ppt
Domain Name System ppt
 
Dns
DnsDns
Dns
 
DNS(Domain Name System)
DNS(Domain Name System)DNS(Domain Name System)
DNS(Domain Name System)
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Dns server
Dns serverDns server
Dns server
 
Domain name system (dns)
Domain name system (dns)Domain name system (dns)
Domain name system (dns)
 

Similar to Domain Name System(ppt)

Domain name system
Domain name systemDomain name system
Domain name system
Rahul Baghla
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentation
rituchouhan1508
 

Similar to Domain Name System(ppt) (20)

Dns
DnsDns
Dns
 
Dns
DnsDns
Dns
 
Dns ppt
Dns pptDns ppt
Dns ppt
 
Introduction
IntroductionIntroduction
Introduction
 
Dns
DnsDns
Dns
 
Dns And Snmp
Dns And SnmpDns And Snmp
Dns And Snmp
 
Meeting 4 DNS
Meeting 4   DNSMeeting 4   DNS
Meeting 4 DNS
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
Ch20 system administration
Ch20 system administration Ch20 system administration
Ch20 system administration
 
Domain name system
Domain name systemDomain name system
Domain name system
 
CSE dns ppt.pptx
CSE dns ppt.pptxCSE dns ppt.pptx
CSE dns ppt.pptx
 
Domainnamesystem
DomainnamesystemDomainnamesystem
Domainnamesystem
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
 
Dns
DnsDns
Dns
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC Deployment
 
Dns
DnsDns
Dns
 
The Application Layer
The Application LayerThe Application Layer
The Application Layer
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentation
 
DNS.pptx
DNS.pptxDNS.pptx
DNS.pptx
 

Recently uploaded

一比一原版(UofT毕业证)多伦多大学毕业证成绩单
一比一原版(UofT毕业证)多伦多大学毕业证成绩单一比一原版(UofT毕业证)多伦多大学毕业证成绩单
一比一原版(UofT毕业证)多伦多大学毕业证成绩单
tuuww
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Lovely Professional University
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DrGurudutt
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
Kamal Acharya
 
Teachers record management system project report..pdf
Teachers record management system project report..pdfTeachers record management system project report..pdf
Teachers record management system project report..pdf
Kamal Acharya
 

Recently uploaded (20)

Attraction and Repulsion type Moving Iron Instruments.pptx
Attraction and Repulsion type Moving Iron Instruments.pptxAttraction and Repulsion type Moving Iron Instruments.pptx
Attraction and Repulsion type Moving Iron Instruments.pptx
 
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission line
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单
一比一原版(UofT毕业证)多伦多大学毕业证成绩单一比一原版(UofT毕业证)多伦多大学毕业证成绩单
一比一原版(UofT毕业证)多伦多大学毕业证成绩单
 
Natalia Rutkowska - BIM School Course in Kraków
Natalia Rutkowska - BIM School Course in KrakówNatalia Rutkowska - BIM School Course in Kraków
Natalia Rutkowska - BIM School Course in Kraków
 
Furniture showroom management system project.pdf
Furniture showroom management system project.pdfFurniture showroom management system project.pdf
Furniture showroom management system project.pdf
 
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
RM&IPR M5 notes.pdfResearch Methodolgy & Intellectual Property Rights Series 5
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
 
ENERGY STORAGE DEVICES INTRODUCTION UNIT-I
ENERGY STORAGE DEVICES  INTRODUCTION UNIT-IENERGY STORAGE DEVICES  INTRODUCTION UNIT-I
ENERGY STORAGE DEVICES INTRODUCTION UNIT-I
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
 
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data StreamKIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
 
retail automation billing system ppt.pptx
retail automation billing system ppt.pptxretail automation billing system ppt.pptx
retail automation billing system ppt.pptx
 
KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering
KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and ClusteringKIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering
KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
 
Lect 2 - Design of slender column-2.pptx
Lect 2 - Design of slender column-2.pptxLect 2 - Design of slender column-2.pptx
Lect 2 - Design of slender column-2.pptx
 
RM&IPR M4.pdfResearch Methodolgy & Intellectual Property Rights Series 4
RM&IPR M4.pdfResearch Methodolgy & Intellectual Property Rights Series 4RM&IPR M4.pdfResearch Methodolgy & Intellectual Property Rights Series 4
RM&IPR M4.pdfResearch Methodolgy & Intellectual Property Rights Series 4
 
1. Henrich Triangle Safety and Fire Presentation
1. Henrich Triangle Safety and Fire Presentation1. Henrich Triangle Safety and Fire Presentation
1. Henrich Triangle Safety and Fire Presentation
 
Teachers record management system project report..pdf
Teachers record management system project report..pdfTeachers record management system project report..pdf
Teachers record management system project report..pdf
 
Peek implant persentation - Copy (1).pdf
Peek implant persentation - Copy (1).pdfPeek implant persentation - Copy (1).pdf
Peek implant persentation - Copy (1).pdf
 

Domain Name System(ppt)

  • 1. DNS ( DOMAIN NAME SYSTEM ) Prepared by: •YASH NIMAVAT-91600103106 •BHAUTIK CHOVATIYA-91600103130 •CHETAN KHUNTI-91600103105 •BHAVIK VAISHNANI-91600103074 •JAY JOSHI-91600103094
  • 2. Overview Introduction to the DNS DNS Components  The name space  The servers  The resolvers DNS Structure and Hierarchy The DNS in Context
  • 3. DNS History  ARPANET utilized a central file HOSTS.TXT  Contains names to addresses mapping  Maintained by SRI’s NIC (Stanford-Research-Institute: Network-Information-Center)  Administrators email changes to NIC  NIC updates HOSTS.TXT periodically  Administrators FTP (download) HOSTS.TXT
  • 4.  As the system grew, HOSTS.TXT had problems with:  Scalability (traffic and load)  Name collisions  Consistency  In 1984, Paul Mockapetris released the first version (RFCs* 882 and 883, superseded by 1034 and 1035 …) *RFC: Request for Comments
  • 5. The DNS is… The “Domain Name System”. What Internet users use to reference anything by name on the Internet. The mechanism by which Internet software translates names to attributes such as addresses.
  • 6. The DNS is also… A globally distributed, scalable, reliable database. Comprised of three components :  A “name space”  Servers making that name space available  Resolvers (clients) which query the servers about the name space
  • 7. DNS as a Lookup Mechanism Users generally prefer names to numbers e.g. – google.com, fb.com etc. Computers prefer numbers to names e.g. – 10.2.1.32, 10.2.4.56 etc. DNS provides the mapping between the two  I have “x”, give me “y”  i.e. for e.g. : “google.com” with “10.2.1.32”.
  • 8. DNS as a Database Keys to the database are “domain names”  www.foo.com, 18.in-addr.arpa, 6.4.e164.arpa Over 200,000,000 domain names stored. Each domain name contains one or more attributes:  Known as “resource records” Each attribute individually retrievable.
  • 9. Global Distribution Data is maintained locally, but retrievable globally  No single computer has all DNS data DNS lookups can be performed by any device. Remote DNS data is locally cacheable to improve performance.
  • 10. Loose Coherency Each version of a subset of the database (a zone) has a serial number  The serial number is incremented on each database change Changes to the master copy of the database are propagated to replicas according to timing set by the zone administrator Cached data expires according to timeout set by zone administrator
  • 11. Scalability No limit to the size of the database. No limit to the number of queries  Tens of thousands of queries handled easily every second Queries distributed among masters, slaves, and caches.
  • 12. Reliability Data is replicated  Data from master is copied to multiple slaves Clients can query  Master server  Any of the copies at slave servers Clients will typically query local caches. DNS protocols can use either UDP or TCP  If UDP, DNS protocol handles retransmission, sequencing, etc.
  • 13. Dynamicity Database can be updated dynamically  Add/delete/modify of any record  Only master can be dynamically updated Modification of the master database triggers replication.
  • 14. The Name Space The name space is the structure of the DNS database  An inverted tree with the root node at the top. Each node has a label  The root node has a null label, written as “” t h ir d -le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e t o p -le v e l n o d e t h ir d -le v e l n o d e t h ir d -le v e l n o d e s e c o n d - le v e l n o d e t o p -le v e l n o d e s e c o n d - le v e l n o d e s e c o n d - le v e l n o d e t o p -le v e l n o d e T h e r o o t n o d e " "
  • 15. An Analogy – E.164 Root node maintained by the ITU (call it “+”) Top level nodes contains country codes (1, 81, etc) Second level nodes contains regional codes (1-402, 81-3, etc.) . . . . . . 2 0 2 6 0 0 3 3 8 1 6 0 0 3 7 7 9 6 5 0 8 0 8 1 5 2 2 6 2 0 2 4 3 4 8 9 3 4 8 5 2 8 1 . . . " + "
  • 16. fo o fo o to p -1 fo o a t& t to p -2 b a r b a z to p -3 "" Labels Each node in the tree must have a label  A string of up to 63 bytes  RFCs 852 and 1123 define legal characters for “hostnames”  A-Z, 0-9, and “-” only with a-z and A-Z treated as the same. Sibling nodes must have unique labels. The null label is reserved for the root node.
  • 17. Domain Names A domain name is the sequence of labels from a node to the root, separated by dots (“.”s), read left to right  The name space has a maximum depth of 127 levels  Domain names are limited to 255 characters in length A node’s domain name identifies its position in the name space d a k o ta w e s t t o r n a d o e a s t w w w n o m in u m m e ta in fo c o m b e r k e le y n w u e d u g o v n a to in t a r m y m il u u n e t o rg " "
  • 18. Subdomains One domain is a subdomain of another if its domain name ends in the other’s domain name  So sales.nominum.com is a subdomain of nominum.com & .com  nominum.com is a subdomain of .com
  • 19. Dividing a Domain into Zones .a r p a a c m e b w m o lo k a i s k y e r w c w w w f tp g o u d a c h e d d a r a m s n o m in u m n e ts o l .c o m . e d u " " nominum.com domain nominum.com zone ams.nominum.com zonerwc.nominum.com zone
  • 20. Name Servers Name servers store information about the name space in units called “zones”  The name servers that load a complete zone are said to “have authority for” or “be authoritative for” the zone Usually, more than one name server are authoritative for the same zone  This ensures redundancy and spreads the load
  • 21. Name Servers and Zones 128.8.10.5 nominum.com 204.152.187.11 202.12.28.129 Name Servers isc.org Zones128.8.10.5 serves data for both nominum.com and isc.org zones 202.12.28.129 serves data for nominum.com zone only 204.152.187.11 serves data for isc.org zone only
  • 22. Types of Name Servers Two main types of servers  Authoritative – maintains the data  Master – where the data is edited  Slave – where data is replicated to  Caching – stores data obtained from an authoritative server No special hardware necessary.
  • 23. Name Server Architecture You can think of a name server as part of:  database server, answering queries about the parts of the name space it knows about (i.e., is authoritative for),  cache, temporarily storing data it learns from other name servers, and  agent, helping resolvers and other name servers find data
  • 24. Name Resolution Name resolution is the process by which resolvers and name servers cooperate to find data in the name space Closure mechanism for DNS?  Starting point: the names and IP addresses of the name servers for the root zone (the “root name servers”)  The root name servers know about the top-level zones and can tell name servers whom to contact for all TLD(TOP LEVEL DOMAINS).
  • 25. Name Resolution A DNS query has three parameters:  A domain name (e.g., www.nominum.com),  Remember, every node has a domain name!  A class (e.g., IN), and  A type (e.g., A)  http://network-tools.com/nslook/ Upon receiving a query from a resolver, a name server : 1) looks for the answer in its authoritative data and its cache. 2) If step 1 fails, the answer must be looked up
  • 26. ping www.nominum.com. The Resolution Process Let’s look at the resolution process step-by-step: annie.west.sprockets.com
  • 27. What’s the IP address of www.nominum.com? The workstation annie asks its configured name server, dakota, for www.nominum.com’s address ping www.nominum.com. annie.west.sprockets.com dakota.west.sprockets.com
  • 28. The name server dakota asks a root name server, m, for www.nominum.com’s address ping www.nominum.com. annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com What’s the IP address of www.nominum.com?
  • 29. The root server m refers dakota to the com name servers This type of response is called a “referral” ping www.nominum.com. annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Here’s a list of the com name servers. Ask one of them.
  • 30. The name server dakota asks a com name server, f, for www.nominum.com’s address ping www.nominum.com. annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com What’s the IP address of www.nominum.com? f.gtld-servers.net
  • 31. The com name server f refers dakota to the nominum.com name servers ping www.nominum.com. annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com Here’s a list of the nominum.com name servers. Ask one of them.
  • 32. The name server dakota asks a nominum.com name server, ns1.sanjose, for www.nominum.com’s address ping www.nominum.com. annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net What’s the IP address of www.nominum.com?
  • 33. The nominum.com name server ns1.sanjose responds with www.nominum.com’s address ping www.nominum.com. annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.netHere’s the IP address for www.nominum.com
  • 34. Here’s the IP address for www.nominum.com The name server dakota responds to annie with www.nominum.com’s address ping www.nominum.com. annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net
  • 35. ping ftp.nominum.com. Resolution Process (Caching) After the previous query, the name server dakota now knows:  The names and IP addresses of the com name servers  The names and IP addresses of the nominum.com name servers  The IP address of www.nominum.com Let’s look at the resolution process again annie.west.sprockets.com
  • 36. ping ftp.nominum.com. What’s the IP address of ftp.nominum.com? The workstation annie asks its configured name server, dakota, for ftp.nominum.com’s address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net
  • 37. ping ftp.nominum.com. What’s the IP address of ftp.nominum.com? Resolution Process (Caching) dakota has cached a NS record indicating ns1.sanjose is an nominum.com name server, so it asks it for ftp.nominum.com’s address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net
  • 38. ping ftp.nominum.com. Here’s the IP address for ftp.nominum.com The nominum.com name server ns1.sanjose responds with ftp.nominum.com’s address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net
  • 39. ping ftp.nominum.com. Here’s the IP address for ftp.nominum.com The name server dakota responds to annie with ftp.nominum.com’s address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net
  • 40. DNS Structure and Hierarchy The DNS imposes no constraints on how the DNS hierarchy is implemented except:  A single root  The label restrictions  So, can we create a host with a name a.wonderful.world? If a site is not connected to the Internet, it can use any domain hierarchy it chooses  Can make up whatever TLDs (top level domains) you want Connecting to the Internet implies use of the existing DNS hierarchy
  • 41. Top-level Domain (TLD) Structure In 1983 (RFC 881), the idea was to have TLDs correspond to network service providers  e.g., ARPA, DDN, CSNET, etc. By 1984 (RFC 920), functional domains was established  e.g., GOV for Government, COM for commercial, EDU for education, etc. RFC 920 also  Provided country domains  Provided “Multiorganizations”
  • 42. The Current TLDs C O M C o m m e r c ia l O r g a n iz a tio n s N E T N e tw o rk I n fr a s tr u c tu re O R G O t h e r O r g a n iz a tio n s G e n e r ic T L D s ( g T L D s ) A F A fg h a n is t a n A L A lb a n ia D Z A lg e r ia . .. Y U Y u g o s la v ia Z M Z a m b ia Z W Z im b a b w e C o u n try C o d e T L D s ( c c T L D s ) I N T I n t e r n a t io n a l T r e a ty O r g a n iz a t io n s A R P A ( T r a n s itio n D e v ic e ) In t e rn a t io n a l T L D s ( iT L D s ) G O V G o v e r n m e n t a l O r g a n iz a tio n s M I L M ilit a r y O r g a n iz a t io n s E D U E d u c a t io n a l I n s t it u tio n s U S L e g a c y T L D s ( u s T L D s ) " ."
  • 43. Root Name Server Operators Nameserver Operated by: A Verisign (US East Coast) B University of S. California –Information Sciences Institute (US West Coast) C Cogent Communications (US East Coast) D University of Maryland (US East Coast) E NASA (Ames) (US West Coast) F Internet Software Consortium (US West Coast) G U. S. Dept. of Defense (ARL) (US East Coast) H U. S. Dept. of Defense (DISA) (US East Coast) I Autonomica (SE) J Verisign (US East Coast) K RIPE-NCC (UK) L ICANN (US West Coast) M WIDE (JP)
  • 44. The Root Nameservers The root zone file lists the names and IP addresses of the authoritative DNS servers for all top-level domains (TLDs) The root zone file is published on 13 servers, “A” through “M”, around the Internet Root name server operations currently provided by volunteer efforts by a very diverse set of organizations
  • 45. Registries, Registrars, and Registrants A classification of roles in the operation of a domain name space Registry  the name space’s database  the organization which has edit control of that database Registrar  the agent which submits change requests to the registry on behalf of the registrant
  • 46. Registrant  the entity which makes use of the domain name .COM, .NET, and .ORG  By far the largest top level domains on the Internet today Verisign received the contract for the registry for .COM, .NET, and .ORG  also a registrar for these TLDs
  • 47. Registries, Registrars, and Registrants Registry Zone DB RegistrantsRegistrants End user requests add/modify/delete Registrar submits add/modify/delete to registry Registrar RegistrarRegistrar Master updated Registry updates zone Slaves updated
  • 48. Load Concerns DNS can handle the load  DNS root servers get approximately 3000 queries per second  Empirical proofs (DDoS attacks) show root name servers can handle 50,000 queries per second  Limitation is network bandwidth, not the DNS protocol  in-addr.arpa zone, which translates numbers to names, gets about 2000 queries per second
  • 49.
  • 50. Performance Concerns DNS is a very lightweight protocol  Simple query – response Any performance limitations are the result of network limitations  Speed of light  Network congestion  Switching/forwarding latencies
  • 51. Security Concerns Base DNS protocol (RFC 1034, 1035) is insecure  DNS spoofing (cache poisoning) attacks are possible DNS Security Enhancements (DNSSEC, RFC 2565) remedies this flaw  But creates new ones  DoS attacks  Amplification attacks

Editor's Notes

  1. Advanced Research Projects Agency Network (ARPANET) was the world's first operational packet switching network, the first network to implement TCP/IP
  2. ITU: International Telecommunication Union 1: US/CA 81: JP
  3. BIND: Berkeley Internet Name Domain
  4. Also, the caching resolver can insert data into the cache, and can "query" the cache and the database server.
  5. ARPA: Advanced Research Projects Agency
  6. ARPA: originally was the acronym for the Advanced Research Projects Agency (ARPA), the funding organization in the United States that developed the precursor of the Internet (ARPANET), it now stands for Address and Routing Parameter Area.
  7. a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data