2.4 The Domain Name System (DNS)
Understanding the Domain Name System (DNS)
Overview of DNS
- The Domain Name System (DNS) translates host names like
gaia.cs.umass.eduinto IP addresses such as128.119.40.186, functioning as a critical part of the internet.
- DNS operates at the application layer, utilizing TCP and UDP services, which emphasizes its role as an application-level service.
Structure and Functioning of DNS
- The session will cover the structure, functioning, query resolution process, DNS records, and message format of the DNS protocol.
- The DNS serves to provide translation between names and IP addresses; it is akin to personal identifiers like social security numbers or employee IDs.
Characteristics of DNS
- The DNS is a distributed database containing records that facilitate name translation among host names and IP addresses.
- It consists of a hierarchy of servers across the internet that communicate to deliver name translation services while maintaining simplicity in network core design.
Functions Provided by DNS
- Besides translating IP addresses to host names, DNS also offers aliasing functions for complex internal hostnames and service resolution for domain-associated mail servers.
- Load balancing is another function where multiple IP addresses can serve requests for a web server, allowing efficient distribution of traffic.
Centralized vs Decentralized Approach
- A centralized approach would create single points of failure and high traffic concentration; thus, decentralization enhances performance and resilience against failures.
- Given the scale with trillions of daily queries (e.g., Akamai handles over a trillion), decentralized systems are essential for managing computational demands effectively.
Summary Insights on DNS Design
- The design philosophy behind DNS emphasizes high scalability and performance while handling massive volumes of requests efficiently.
- Organizationally decentralized with hundreds of thousands responsible for their records within this distributed database presents significant challenges but ensures robustness.
Hierarchical Structure of DNS
Understanding Hierarchy in DNS
- The hierarchical structure includes root servers at the top level followed by Top-Level Domain (TLD) servers responsible for domains like
.com,.edu, etc.
- Authoritative name servers hold ultimate responsibility for resolving names within their specific domains (e.g.,
umass.edu).
Query Resolution Process
Understanding the DNS Hierarchy
The Role of Root Servers
- Root servers serve as a last resort for name resolution, acting as a contact point to obtain translations rather than providing them directly.
- They are crucial for internet functionality, likened to the central nervous system, with security being a significant concern.
- There are 13 logical root servers globally, replicated into nearly 1,000 physical servers, with over 200 located in the U.S.
Top-Level Domains (TLD)
- TLD servers resolve addresses ending in .com, .edu, .net, and .org; they are managed by internet registries.
- Authoritative name servers hold the ultimate authority over an organization's names and provide definitive answers regarding those names.
Local DNS Servers
- Every internet host has an associated local DNS server that resolves names by contacting it first.
- If the local server has cached information about a name translation, it responds immediately; otherwise, it initiates a resolution process.
DNS Name Resolution Process
Example of DNS Querying
- A request from engineering.nyu.edu to resolve gaia.cs.umass.edu illustrates how queries traverse through various DNS levels.
- The local NYU DNS server queries the root server which provides TLD server IP addresses based on the .edu suffix.
Iterative vs. Recursive Queries
- The example demonstrates iterative querying where each query is sent sequentially until resolution occurs; four messages were exchanged in total.
- In contrast to iterative queries, recursive queries place the burden on higher-level servers to resolve requests completely before responding back down the chain.
Caching Mechanisms in DNS
Importance of Caching
- Caching allows previously resolved mappings to be stored temporarily for quicker future access and reduces overall query traffic on DNS infrastructure.
Time-to-Live (TTL)
- Cached entries have a TTL after which they expire; this helps manage outdated information but can lead to temporary inaccuracies if records change before expiration.
Understanding DNS Protocol Messages
Overview of DNS Records
- DNS database records consist of a four-tuple: name, value, type, and TTL (time to live).
- Common types of DNS records include:
- A Record: Maps a hostname to its IP address for name-to-address translation.
- NS Record: Indicates the authoritative name server for a domain (e.g., umass.edu).
- CNAME Record: Used for aliasing one domain name to another.
- MX Record: Specifies the mail server associated with a domain.
DNS Protocol Message Formats
- Both query and reply messages share the same format; they are part of a query-response protocol.
- The ID field is a 16-bit number set by the querier, which matches in responses to indicate correspondence.
- The flag field indicates if the message is a query or reply and whether recursion is requested or if the reply is authoritative.
Query and Response Structure
- In queries, questions like resolving hostnames are included; replies contain resource records (e.g., A record with hostname and IP).
Setting Up an Internet Presence
- To establish an online presence (e.g., networkutopia.com), registration with a DNS registrar is necessary.
- After obtaining IP addresses, provide your authoritative name server's details to the registrar. This includes:
- NS record for your name server's name.
- A record for its IP address in the global DNS database.
Importance of DNS Security
- Protecting DNS from denial-of-service attacks primarily involves firewalls.
- Authentication services are crucial to ensure that only authorized sources can enter records into the database.