w5ch3

Domain Name System (DNS)

• A domain name is a string of characters that represents an IP address
• DNS is a hierarchical system that translates domain names into IP addresses

FQDN (Fully Qualified Domain Name)

• A domain name that contains the full name of a host
• Includes all labels, from the most specific to the most general, that uniquely define the name of the host
• Example: challenger.ate.tbda.edu
• Must end with a null label, which is a dot (.)

PQDN (Partially Qualified Domain Name)

• A domain name that is not terminated by a null string
• Starts from a node, but does not reach the root
• Used when the name to be resolved belongs to the same site as the client
• Resolver can supply the missing part, called the suffix, to create an FQDN
• Example: Challenger can be defined as a partial name, and the resolver adds the suffix atc.jhda.edu to create an FQDN

Domain

• A subtree of the domain name space
• The name of the domain is the domain name of the node at the top of the subtree
• A domain may be divided into subdomains

Distribution of Name Space

• The information contained in the domain name space must be stored
• It is inefficient and unreliable to have just one computer store the huge amount of information
• A server can divide part of its domain and delegate responsibility to lower-level servers
• The server still has a zone, but the detailed information is kept by the lower-level servers

Root Server

• A server whose zone consists of the whole tree
• Does not store any information about domains but delegates its authority to other servers
• Keeps references to those servers
• There are several root servers, each covering the whole domain name space

Primary and Secondary Servers

• Primary server: stores a file about the zone for which it is an authority
• Responsible for creating, maintaining, and updating the zone file
• Stores the zone file on a local disk
• Secondary server: transfers the complete information about a zone from another server (primary or secondary) and stores the file on its local disk
• Neither creates nor updates the zone files

Mapping Addresses to Names

• A client can send an IP address to a server to be mapped to a domain name (PTR query)
• DNS uses the inverse domain to answer queries of this kind
• The IP address is reversed and the two labels in-addr and arpa are appended to create a domain acceptable by the inverse domain section

Recursive Resolution

• The client (resolver) can ask for a recursive answer from a name server
• The resolver expects the server to supply the final answer
• If the server is not the authority, it sends the request to another server (the parent usually) and waits for the response

Iterative Resolution

• If the client does not ask for a recursive answer, the mapping can be done iteratively
• The server returns (to the client) the IP address of the server that it thinks can resolve the query
• The client is responsible for repeating the query to this second server

DNS Sections

• Answer Section: includes the answer from the server to the client (resolver)
• Authoritative Section: gives information (domain name) about one or more authoritative servers for the query
• Additional Information Section: provides additional information that may help the resolver

Types of Records

• Question Record: used by the client to get information from a server
• Resource Record: each domain name (each node on the tree) is associated with a record called the resource record
• The server database consists of resource records

Registrars

• Commercial entities accredited by ICANN that add new domains to DNS
• Verify that the requested domain name is unique and then enter it into the DNS database
• A fee is charged

Dynamic Domain Name System (DDNS)

• Designed to respond to the need for dynamic updating of DNS records
• When a binding between a name and an address is determined, the information is sent to a primary DNS server
• The primary server updates the zone, and the secondary servers are notified
• Uses an authentication mechanism to prevent unauthorized changes in the DNS records

Domain Name System (DNS)

• A central authority assigns the part of the domain name that defines the organization's nature and the organization's name.
• The organization can add suffixes or prefixes to define its host or resources.
• Hierarchical name space with an inverted-tree structure, with the root at the top and up to 128 levels.

Domain Name Space

• Each node in the tree has a label, a string with a maximum of 63 characters.
• The root label is a null string (empty string).
• Children of a node have different labels, ensuring uniqueness of domain names.

Domain Name

• A full domain name is a sequence of labels separated by dots (.).
• Domain names are read from the node up to the root.
• A full domain name always ends in a null label, which means the last character is a dot.

Fully Qualified Domain Name (FQDN)

• A label terminated by a null string is a fully qualified domain name (FQDN).

DNS in the Internet

• DNS is a protocol that can be used in different platforms.
• The domain name space is divided into three sections: generic domains, country domains, and inverse domain.

Generic Domains

• Define registered hosts according to their generic behavior.
• Each node in the tree defines a domain, which is an index to the domain name space database.

Country Domains

• Use two-character country abbreviations (e.g., "in" for India).
• Second labels can be organizational or specific designations.

Inverse Domain

• Used to map an address to a name.
• The inverse domain is added to the domain name space with the first-level node called "arpa" and the second level "in-addr".
• The rest of the domain defines IP addresses.

Resolution

• Mapping a name to an address or an address to a name is called name-address resolution.
• A resolver accesses a DNS server with a mapping request.
• The resolver receives the mapping and interprets the response to see if it's a real resolution or an error.

DNS Messages

• Two types of messages: query and response.
• Both types have the same format, with a header and question records, answer records, authoritative records, and additional records.

Header

• 12 bytes in length.
• Contains identification subfield, flags subfield, number of question records, number of answer records, number of authoritative records, and number of additional records.

Question Section

• Consists of one or more question records.
• Present in both query and response messages.

Answer Section

• Consists of one or more resource records.
• Present only in response messages.
• Includes the answer from the server to the client (resolver).

Authoritative Section

• Consists of one or more resource records.
• Present only in response messages.
• Gives information about one or more authoritative servers for the query.

Additional Information Section

• Consists of one or more resource records.
• Present only in response messages.
• Provides additional information that may help the resolver.

Resource Records

• Associated with each domain name (each node on the tree).
• The server database consists of resource records.
• Returned by the server to the client.

Registrars

• Commercial entities accredited by ICANN.
• Verify that the requested domain name is unique and then enter it into the DNS database.
• Charge a fee.

DNS Overview

• One solution to store host file information is to centralize it on a single computer, but this would create significant internet traffic.
• Another solution, used by DNS, is to divide the information into smaller parts and store each on a different computer, allowing hosts to access the closest computer with the needed information.

Name Space

• Names assigned to machines must be unique and carefully selected from a name space with complete control over the binding between names and IP addresses.
• A name space can be organized in two ways: flat or hierarchical.

Flat Name Space

• A flat name space assigns a name to an address without structure.
• It cannot be used in a large system like the Internet because it must be centrally controlled to avoid ambiguity and duplication.

Hierarchical Name Space

• A hierarchical name space consists of multiple parts, defining the nature of the organization, the organization's name, and departments.
• The authority to assign and control name spaces can be decentralized, with the original server delegating responsibility to lower-level servers.

Zones and Domains

• A server can divide its domain and delegate responsibility to other servers, keeping references to the delegated parts.
• A zone is made up of detailed information for the part of the domain not delegated and references to the delegated parts.

Root Server

• A root server has a zone that consists of the whole tree.
• It usually doesn't store domain information but delegates authority to other servers, keeping references to those servers.
• There are multiple root servers distributed around the world.

Primary and Secondary Servers

• A primary server stores a file about the zone for which it is an authority and is responsible for creating, maintaining, and updating the zone file.
• A secondary server transfers the complete information about a zone from another server and stores it on its local disk.
• Both primary and secondary servers are authoritative for the zones they serve.

DNS in the Internet

• DNS is a protocol used in different platforms, dividing the domain name space into three sections: generic domains, country domains, and inverse domain.

Generic Domains

• Generic domains define registered hosts according to their generic behavior.
• Each node in the tree defines a domain, which is an index to the domain name space database.

Country Domains

• Country domains use two-character country abbreviations, with second labels being organizational or specific designations.

Inverse Domain

• The inverse domain is used to map an address to a name, using a hierarchical structure with nodes for IP addresses.
• The inverse domain is added to the domain name space with the first-level node "arpa" and the second-level node "in-addr".

Caching

• Caching reduces search time by storing query results in cache memory.
• When a server receives a query, it checks its cache memory before sending the query to another server.
• The server marks the response as unauthoritative if it comes from the cache memory.

Time-to-Live (TTL)

• TTL defines the time in seconds that a receiving server can cache the information.
• After the TTL, the mapping is invalid, and any query must be sent again to the authoritative server.

Dynamic Domain Name System (DDNS)

• DDNS updates the DNS master file dynamically, responding to changes such as adding or removing hosts, or changing IP addresses.
• In DDNS, the primary server updates the zone, and secondary servers are notified actively or passively.

Summary

• DNS can use either UDP or TCP, with a well-known port 53.
• UDP is used when the response message is less than 512 bytes, and TCP is used when the response message is more than 512 bytes.

Introduction to DNS

• DNS is a supporting program that is used by other programs such as e-mail to map an e-mail address to the corresponding IP address.
• The DNS client program sends a request to a DNS server to map the e-mail address to the IP address.
• IP protocols use IP addresses to identify an entity, but people prefer to use names instead of numeric addresses.

Hierarchical Structure of DNS

• The solution to the problem of mapping names to addresses is to distribute the information among many computers called DNS servers.
• The DNS servers form a hierarchical structure, with each server being responsible for a domain or a zone.
• A zone is a contiguous part of the entire tree, and a server makes a database called a zone file and keeps all the information for every node under that domain.

DNS in the Internet

• DNS is a protocol that can be used in different platforms.
• In the Internet, the domain name space (tree) is divided into three different sections: generic domains, country domains, and inverse domain.

Generic Domains

• Generic domains define registered hosts according to their generic behavior.
• Each node in the tree defines a domain, which is an index to the domain name space database.

Country Domains

• Country domains use two-character country abbreviations (e.g., in for India).
• Second labels can be organizational, or they can be more specific designations.

Inverse Domain

• The inverse domain is used to map an address to a name.
• This type of query is called an inverse or pointer (PTR) query.
• The servers that handle the inverse domain are also hierarchical.

Resolution

• Mapping a name to an address or an address to a name is called name-address resolution.
• A host that needs to map an address to a name or a name to an address calls a DNS client called a resolver.
• The resolver accesses the closest DNS server with a mapping request.

Resolver

• The resolver gives a domain name to the server and asks for the corresponding address.
• If the server has the information, it satisfies the resolver; otherwise, it either refers the resolver to other servers or asks other servers to provide the information.

Mapping Names to Addresses

• Mostly, the resolver gives a domain name to the server and asks for the corresponding address.
• If the domain name is from the generic domains section, the resolver receives a domain name such as "chal.atc.jhda.edu.".
• If the domain name is from the country domains section, the resolver receives a domain name such as "ch.jhda.cu.ca.us.".

Iterative Resolution

• If the local server cannot resolve the query, it either refers the resolver to other servers or asks other servers directly.
• This process is called iterative resolution because the client repeats the same query to multiple servers.

Caching

• Each time a server receives a query for a name that is not in its domain, it needs to search its database for a server IP address.
• DNS handles this with a mechanism called caching.
• When a server asks for a mapping from another server and receives the response, it stores this information in its cache memory before sending it to the client.

Time-to-Live (TTL)

• The authoritative server always adds information to the mapping called time-to-live (TTL).
• TTL defines the time in seconds that the receiving server can cache the information.
• After that time, the mapping is invalid and any query must be sent again to the authoritative server.