Domain Name System

DNS
ARPANET utilized a central file HOSTS.TXT
Contains names to addresses mapping
Maintained by SRIs NIC (Stanford-Research-
Institute: Network-Information-Center)

Administrators email changes to NIC

NIC updates HOSTS.TXT periodically
Administrators FTP (download) HOSTS.TXT

DNS History
As the system grew, HOSTS.TXT had problems with:
Scalability (traffic and load)
Name collisions In 1984, Paul Mockapetris released the first
Consistency version (RFCs 882 and 883, superseded
by 1034 and 1035 )
The Domain Name System is What Internet users use to reference
anything by name on the Internet

The mechanism by which Internet software translates names

to attributes such as addresses

DNS

A globally distributed, scalable, reliable database

Comprised of three components
1. A name space
2. Servers making that name space available
3. Resolvers (clients) which query the servers about the name space
DNS as a Database Global Distribution
A domain name may represent entire Data is maintained locally, but retrievable
collections of resources or individual globally
instances
No single computer has all DNS data
Keys to the database are domain names DNS lookups can be performed by any
Over 300 Million domain names stored device
Remote DNS data is locally cachable to
Loose Coherency improve performance
Each version of a subset of the database
(zone) has a serial number which is Scalability
incremented on each database change No limit to the size of the database
Changes to the master copy of the database No limit to the number of queries
are propagated to replicas according to Tens of thousands of queries handled
timing set by the zone administrator easily every second
Cached data expires according to timeout Queries distributed among masters, slaves,
set by zone administrator and caches
 Dynamicity
Reliability
Database can be updated dynamically
Data is replicated Add/delete/modify of any record
Data from master is copied to Only master can be dynamically updated
multiple slaves
Clients can query Modification of the master database triggers
Master server replication
Any of the copies at slave
servers
Clients will typically query local
caches
DNS protocols can use either UDP or
TCP
If UDP, DNS protocol handles
retransmission, sequencing, etc.
 Hierarchical Name Space
In a hierarchical name space, each name is made of several parts.
The first part can define the nature of the organization, the second,
part can define the name of an organization, the third part can
define departments in the organization, and so on.

In this case, the authority to assign and control the name spaces can be
decentralized.

A central authority can assign the part of the name that defines the nature of
the organization and the name of the organization.
The responsibility of the rest of the name can be given to the
organization itself.
The organization can add suffixes (or prefixes) to the name to define
its host or resources.
 DOMAIN NAME SPACE
The name space is the structure of the DNS database
An inverted tree with the root node at the top
Each node has a label
The root node has a null label, written as
The root node
""

top-level node top-level node top-level node

second-level node second-level node second-level node second-level node second-level node

third-level node third-level node third-level node

Each node in the tree must have a label
A string of up to 63 bytes
RFCs 852 and 1123 define legal characters for hostnames
A-Z, 0-9, and - only with a-z and A-Z treated as the same
Sibling nodes must have unique labels
The null label is reserved for the root node

A domain name is the sequence of labels from a node to the root, separated
by dots (.s), read left to right
The name space has a maximum depth of 127 levels
Domain names are limited to 255 characters in length

One domain is a subdomain of another if its domain name ends in the others
domain name
So sales.nominum.com is a subdomain of
nominum.com & com
nominum.com is a subdomain of com
A fully qualified domain name (FQDN) If a label is not terminated by a null string,
is the complete domain name for a it is called a partially qualified domain
specific computer, or host, on the name(PQDN).
Internet.
A PQDN starts from a node,but it does not
The FQDN consists of two parts: the reach the root.
hostname and the domain name.
It is used when the name to be resolved
For example, an FQDN for a belongs to the same site as the client .
hypothetical mail server might be
mymail.somecollege.edu Here the resolver can supply the missimg
part, called the suffix,to create an FQDN.
A fully qualified domain name
(FQDN), sometimes also referred to For example, an PQDN for a hypothetical
as an absolute domain name mail server might be mymail
Hierarchy of Name Servers
Zone
Distribute the information among
many computers called DNS
What a server is responsible for or has
servers.
authority over is called a zone.
One way to do this is to divide the
If a server accepts responsibility for a
whole space into many domains
domain and does not divide the domain
based on the first level.
into smaller domains, the "domain" and the
"zone" refer to the same thing.
DNS allows domains to be divided
further into smaller domains
The server makes a database called a zone
(subdomains).
file and keeps all the information for every
node under that domain.
Each server can be responsible
(authoritative) for either a large or
small domain.
A root server is a server
whose zone consists of Hostname IP Addresses Manager
the whole tree. a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 VeriSign, Inc.
University of Southern California
b.root-servers.net 192.228.79.201, 2001:500:84::b
(ISI)
A root server usual) does c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications
not store any information d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland
about domains but e.root-servers.net 192.203.230.10, 2001:500:a8::e NASA (Ames Research Center)
delegates its authority to f.root-servers.net 192.5.5.241, 2001:500:2f::f
Internet Systems Consortium,
Inc.
other senders, keeping g.root-servers.net 192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC)
references to those h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab)
servers. i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod
192.58.128.30,
j.root-servers.net VeriSign, Inc.
2001:503:c27::2:30
Currently there are 13 k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC
root servers each l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN
covering the whole m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Project

domain name space.

Name servers store information about the name space in units called
zones
Usually, more than one name server are authoritative for the
same zone

Also, a single name server may be authoritative for many zones

DNS defines two types of servers: primary and secondary.

A primary server is a server that A secondary server is a server that transfers

stores a file about the zone for the complete information about a zone from
which it is an authority. It it another server (primary or secondary) and
responsible for creating, stores the file on its local disk. The secondary
maintaining, and updating the zone server neither creates nor updates the zone
file. It stores the zone file on a local files. If updating is required, it must be done
disk. by the primary server, which sends the
updated version to the secondary.
DNS is a protocol that can be
used in different platforms.
In the Internet, the domain
name space (tree) is divided
into three different sections:
generic domains, country
domains, and inverse
domain
DNS is designed as a client/server application.

A host that needs to map an address to a

name or a name to an address calls a DNS
client called a resolver.
The resolver accesses the closest DNS server
with a mapping request.
Resolver
If the server has the information, it satisfies
the resolver otherwise, it either refers the
resolver to other servers or asks other
servers to provide the information.
After the resolver receives the mapping, it
interprets the response to see if it is a real
resolution or an error, and finally delivers the
result to the process that requested it.
Recursive Resolution

The client (resolver)

can ask for a
recursive answer
from a name server.

This means that the

resolver expects the
server to supply the
final answer.
Iterative Resolution

If the client does not

ask for a recursive
answer, the mapping
can be done iteratively.

If the server is an
authority for the name,
it sends the answer.

If it is not, it returns
the IP address of the
server that it thinks can
resolve the query.
When a server asks for a mapping from another server and receives the
response, it stores this information in its cache memory before sending
it to the client.

If the same or another client asks for the same mapping, it

can check its cache memory and resolve the problem.

Caching

The authoritative server always adds a piece of information to the

mapping called time-to-live (TTL). It defines the time in seconds
that the receiving server can cache the information.

DNS requires that each server keep a TTL counter for

each mapping it caches