Domain Name System

The Problem

People use names like www.mylittlepony.com.
Computers uses IP addresses like 23.3.12.8.
How to translate from one to the other?

The Solution

Solution: The Domain Name System

Application-layer protocol to resolve names
- (convert names like www.mylittlepony.com into IP addresses like 23.3.12.8)
Distributed database implemented in hierarchy of many name servers
First step in nearly every networky application:
- Use DNS to convert a name into an IP address

DNS Development

    129.82.46.190  albany.cs.colostate.edu albany
    129.82.46.191  annapolis.cs.colostate.edu annapolis
    129.82.46.192  atlanta.cs.colostate.edu atlanta
    129.82.46.193  augusta.cs.colostate.edu augusta
    129.82.46.194  austin.cs.colostate.edu austin
    129.82.46.195  baton-rouge.cs.colostate.edu baton-rouge
    129.82.46.196  bismarck.cs.colostate.edu bismarck
    129.82.46.197  boise.cs.colostate.edu boise
    129.82.46.198  boston.cs.colostate.edu boston
    129.82.46.199  carson-city.cs.colostate.edu carson-city
    129.82.46.200  charleston.cs.colostate.edu charleston
    129.82.46.201  cheyenne.cs.colostate.edu cheyenne
    129.82.46.202  columbia.cs.colostate.edu columbia
    129.82.46.203  columbus-oh.cs.colostate.edu columbus-oh
    129.82.46.204  concord.cs.colostate.edu concord
    129.82.46.205  denver.cs.colostate.edu denver
    129.82.46.206  des-moines.cs.colostate.edu des-moines
    129.82.46.207  dover.cs.colostate.edu dover
    129.82.46.208  frankfort.cs.colostate.edu frankfort
    129.82.46.209  harrisburg.cs.colostate.edu harrisburg
    129.82.46.210  hartford.cs.colostate.edu hartford
    129.82.46.211  helena.cs.colostate.edu helena
    129.82.46.212  honolulu.cs.colostate.edu honolulu
    129.82.46.213  indianapolis.cs.colostate.edu indianapolis
    129.82.46.214  jackson.cs.colostate.edu jackson
    129.82.46.215  jefferson-city.cs.colostate.edu jefferson-city
    129.82.46.216  juneau.cs.colostate.edu juneau
    129.82.46.217  lansing.cs.colostate.edu lansing
    129.82.46.218  lincoln.cs.colostate.edu lincoln
    129.82.46.219  little-rock.cs.colostate.edu little-rock
    129.82.46.226  phoenix.cs.colostate.edu phoenix
    129.82.46.227  pierre.cs.colostate.edu pierre
    129.82.46.228  providence.cs.colostate.edu providence
    129.82.46.229  raleigh.cs.colostate.edu raleigh
    129.82.46.230  richmond.cs.colostate.edu richmond
    129.82.46.231  sacramento.cs.colostate.edu sacramento
    129.82.46.232  saint-paul.cs.colostate.edu saint-paul
    129.82.46.233  salem.cs.colostate.edu salem
    129.82.46.234  salt-lake-city.cs.colostate.edu salt-lake-city
    129.82.46.235  santa-fe.cs.colostate.edu santa-fe
    129.82.46.236  springfield.cs.colostate.edu springfield
    129.82.46.237  tallahassee.cs.colostate.edu tallahassee
    129.82.46.238  topeka.cs.colostate.edu topeka
    129.82.46.239  trenton.cs.colostate.edu trenton

An Early Centralized System:

Initially created as a “hosts.txt” file
Each line in the file listed the hostname and corresponding IP address
Distant centralized database
Need one entry for every Internet host!
- When host changes IP, notify central repository

DNS Development

DNS Today

Distributed organization
Still provides hostname to IP address mapping
Also provides:
- Host aliasing
  - www.colostate.edu is alias for wwwlb.colostate.edu
- Mail server identification
  - cs.colostate.edu mail server is chico.cs.colostate.edu
- Load distribution
- Phone numbers, host locations, service records, …

Domain Name Service Data

A typical host name: “denver.cs.colostate.edu.” is a Fully Qualified Domain Name (FQDN) made up of parts:

“denver” = Hostname
“cs.colostate.edu.” = domain name
“cs.colostate.edu.” = a subdomain of “colostate.edu.” which is a subdomain of “edu.”
“edu.” is a Top Level Domain (TLD)
“.” = the root of DNS data and technically all DNS names should end in “.” but is typically left out.

Domain Name Space

A partial DNS hierarchy

                    root
                      │
           ┌──────────┼───────┬───────┐
           │          │       │       │
          edu        com     mil     se
           │          │       │       │
         ┌─┴────┐     │       │       │
         │      │     │       │       │
    colostate  mit    hp      │      mil
         │                    │
     ┌───┼────┐             ┌─┴──┐
     │   │    │             │    │
    engr cs  www           af  navy
         │                  │
     ┌───┴────┐             │
     │        │             │
    www     denver       buckley

DNS Organization

                 root
                   │
           ┌───────┼────┬────┐
          edu     com  mil  se
         ┌─┴────┐  │    │    │
    colostate  mit hp   │   mil
     ┌───┼────┐       ┌─┴──┐
    engr cs  www     af  navy
     ┌───┴────┐       │
    www     denver buckley

Data organized as tree structure.
- Each zone is authoritative for its local data.
Each zone operates a set of name servers that contain the zone data (in NS records).
- Change to host.cs.colostate.edu is entered at cs.colostate.edu servers.
Tree structure directs queries to the appropriate name server.
- Root knows how to reach edu
- Edu knows how to reach colostate.edu

DNS Query and Response

┌────────┐
│ Home   │
│ laptop │
│        │
└────────┘

My laptop’s browser wants the IP address of www.colostate.edu.

Step 1

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │
│ laptop │                           │ router │
│        │                           │        │
└────────┘                           └────────┘

My laptop doesn’t know the IP address, so it asks its smart friend.

Step 2

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │   Comcast   │
                                                           │     DNS     │
                                                           │   server    │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           └─────────────┘

My router doesn’t know, either, so it asks its smart friend, the Comcast server.

Step 3

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘                                     │             │
                                                           │             │
                                                           │   Comcast   │
                                                           │     DNS     │
                                                           │   server    │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           └─────────────┘

The Comcast server doesn’t know, either, so it asks a random root server.

Step 4

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
                                                           │   Comcast   │
                                                           │     DNS     │
                                                           │   server    │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           └─────────────┘

The root server doesn’t know the IP address, but it knows who handles .edu.

Step 5

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(5)---------│   Comcast   │
│ c.edu-servers.net  │                                     │     DNS     │
└────────────────────┘                                     │   server    │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           └─────────────┘

The Comcast DNS server asks the .edu server to resolve www.colostate.edu.

Step 6

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(5)---------│   Comcast   │
│ c.edu-servers.net  │                                     │     DNS     │
└────────────────────┘-----“Ask dns1.colostate.edu”(6)----▷│   server    │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           │             │
                                                           └─────────────┘

The .edu server knows several authoritative servers for .colostate.edu.

Step 7

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(5)---------│   Comcast   │
│ c.edu-servers.net  │                                     │     DNS     │
└────────────────────┘-----“Ask dns1.colostate.edu”(6)----▷│   server    │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(7)---------│             │
│ dns1.colostate.edu │                                     │             │
└────────────────────┘                                     │             │
                                                           └─────────────┘

The Comcast server asks dns1.colostate.edu to resolve the name.

Step 8

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │                         │
└────────┘                           └────────┘                         │
                                                                        ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(5)---------│   Comcast   │
│ c.edu-servers.net  │                                     │     DNS     │
└────────────────────┘-----“Ask dns1.colostate.edu”(6)----▷│   server    │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(7)---------│             │
│ dns1.colostate.edu │                                     │             │
└────────────────────┘-----“It is 129.82.103.106”(8)------▷│             │
                                                           └─────────────┘

The dns1.colostate.edu server, on the CSU campus, replies with the IP address.

Step 9

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │                           │        │◁--“129.82.103.106”(9)   │
└────────┘                           └────────┘                     △   │
                                                                    │   ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(5)---------│   Comcast   │
│ c.edu-servers.net  │                                     │     DNS     │
└────────────────────┘-----“Ask dns1.colostate.edu”(6)----▷│   server    │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(7)---------│             │
│ dns1.colostate.edu │                                     │             │
└────────────────────┘-----“It is 129.82.103.106”(8)------▷│             │
                                                           └─────────────┘

The Comcast server sends the IP address to my home router.

Step 10

┌────────┐                           ┌────────┐                                 
│ Home   │--“www.colostate.edu?”(1)-▷│ Home   │--“www.colostate.edu?”(2)┐
│ laptop │                           │ router │                         │
│        │◁--“129.82.103.106”(10)----│        │◁--“129.82.103.106”(9)   │
└────────┘                           └────────┘                     △   │
                                                                    │   ▽
                                                           ┌─────────────┐
┌────────────────────┐◁----“www.colostate.edu?”(3)---------│             │
│ j.root-servers.net │                                     │             │
└────────────────────┘-----“Ask c.edu-servers.net”(4)-----▷│             │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(5)---------│   Comcast   │
│ c.edu-servers.net  │                                     │     DNS     │
└────────────────────┘-----“Ask dns1.colostate.edu”(6)----▷│   server    │
                                                           │             │
┌────────────────────┐◁----“www.colostate.edu?”(7)---------│             │
│ dns1.colostate.edu │                                     │             │
└────────────────────┘-----“It is 129.82.103.106”(8)------▷│             │
                                                           └─────────────┘

My home router tells my laptop the IP address.

Caching

That was the worst case. Really, caching occurs at all levels:

my browser (maybe)
my laptop
my router
the Comcast DNS server
the edu server
the colostate.edu server

Caching

I expect that the local Comcast DNS server will pretty much always know the IP address for colostate.edu. It’s in Fort Collins—some CSU student must access colostate.edu often enough to keep the address in its cache.
Further, once my router’s DNS server learns the IP addr, it’ll remember it.
Further, once my laptop learns the IP addr, it’ll remember it.

But, for how long?

Redundancy

Multiple servers for each zone in case any one server fails:

13 root servers
- That is, 13 IP addresses. Each has multiple hardware backing it, in some way that I don’t understand.
13 edu servers
5 colostate.edu servers

Querying

Sometimes, it’s recursive
Sometimes, it’s not
Sometimes, it’s “ask the next smarter server”
Sometimes, it’s not

Types of DNS Servers

Authoritative DNS servers:
- Every DNS zone must be assigned a set of authoritative name servers (information contained in NS record of parent zone)
- Provide authoritative records for a particular zone (eg colostate.edu, cisco.com, edu, uk, etc)
- Can be maintained by organization or service provider
- Top-level domain (TLD) servers:
Authoritative servers responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp.
Network solutions maintains servers for com TLD
Educause for edu TLD
Caching Servers
- Accept queries for end hosts, lookup requested data, and cache answers for later replies.

Types of Queries

Recursive query:

Puts burden of name resolution on contacted name server
Heavy load on the name server, but less network traffic.
In the example above, the Comcast DNS server handles recursive queries.

Iterated query:

Contacted server replies with name of server to contact
“I don’t know this name, but ask this server”
- It might be that the other server really knows
- It might be that the other server is just smarter than this one

DNS Caching

Local caching name server saves results:
- Cache entries timeout (disappear) after some time
- TLD servers typically cached in local name servers
Thus root name servers not often visited
DNS changes are slow to propagate

DNS Record Types: SOA

The Start of Authority (SOA) record defines global parameters for a “zone”:

Time To Live (TTL) – number of seconds records may be cached.
Primary DNS server – FQDN of an authoritative DNS server.
Email Addr – Contact info for domain. e.g., dnsadmin.colostate.edu.
Serial number – Updated when data changes; used for replication.
Refresh – Interval in seconds a secondary tries to refresh zone data.
Retry – Interval in seconds between refresh attempts after failure.
Expiry – Interval in seconds secondary data is valid without refresh.

DNS Record Types: SOA (cont.)

DNS RFC defines a text representation for records as well as a binary or “wire” representation. SOA records have the following text format:

    ; Name             TTL  Class RType Email
    acns.colostate.edu 3600 IN    SOA   dnsadmin.colostate.edu. (
        249427 ; sn
        900    ; refresh (15 min)
        600    ; retry (10 min)
        86400  ; expiry (1 day)
        3600   ; minTTL (1 hour)
    )

DNS Record Types: NS

Name Server (NS): Defines the authoritative name server(s) for a domain. Actually located both at the root of the zone and at the point of delegation in the parent zone.

The NS records for acns.colostate.edu reside in the parent zone, “colostate.edu”, like this :

    Name    TTL	Class	RecordType  Data
    acns	IN	NS	    dns1.colostate.edu
    acns	IN	NS	    dns2.colostate.edu

And they exist in the acns.colostate.edu zone where they look like:

    Name    TTL	Class	RecordType  Data
    @		IN	NS	    dns1.colostate.edu
    @		IN	NS	    dns2.colostate.edu

DNS Record Types: A, AAAA

IPv4 Address (A): Associates a name with an IPv4 address The A record for chico.cs.colostate.edu resides in the “cs.colostate.edu” zone and looks like:

    Name    TTL	Class	RecordType  Data
    www		IN	A	    129.82.45.30

IPv6 Address (AAAA): Associates a name with an IPv6 address An AAAA record looks like:

    Name    TTL	Class	RecordType  Data
    www		IN	AAAA	    2002:8152:e6d2::8052:f8d1

DNS Record Types: CNAME

Canonical Name (CNAME): Associates an alias with another DNS name record. The CNAME record for www.cs.colostate.edu looks like:

    Name    TTL	Class	RecordType  Data
    www		IN	CNAME	    parsons.cs.colostate.edu

According to the RFC, you may not create any other records with the same name as a CNAME record. Recently added exceptions for DNSSEC record types RRSIG, NSEC and KEY.

Other DNS Record Types

Others… There are ~71 record types. The other, more common records include:

MX – Mail Exchanger. Specify mail servers for a mail domain name.
PTR – Pointer. Maps IPv4 addresses to names (reverse lookup).
SRV – Service record. Defines network service information available for zone (LDAP, Kerberos, etc.). Used heavily by Windows domains.
TXT – Text information associated with a name. Basically a note. Also used in Sender Policy Framework (SPF) system to validate email.

DNS Forward and Reverse Lookups

Most common use is forward lookup (name to IP).
Also need reverse lookup (IP to name).

This is also a tree structure, delegated in a similar fashion. All reverse space is rooted in the special domain called “IN-ADDR.ARPA”

For delegation to work as in the forward space, the networks are listed most specific to least specific. Thus CSU’s IP space (129.82.0.0) has a reverse DNS zone of “82.129.IN-ADDR.ARPA”

DNS Reverse Data Organization

chico.cs.colostate.edu

129.82.45.30

30.45.82.129.in-addr.arpa

                 root
                   │
                 arpa
                   │
                in-addr
                   │
             ┌─────┼─────┐	
            128   129   130
                   │
             ┌─────┼─────┐	
            81    82    83 
                   │
             ┌─────┼─────┐
            44    45    46 
                   │
             ┌─────┼─────┐
            29    30    31

DNS Authorities

Internet Assigned Numbers Authority (IANA) and Internet Network Information Center (InterNIC) originally established by various US Government agencies and now run under contract by a private, non-profit organization.

Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for:

Coordination of DNS Root globally
Coordination of IP space globally
Maintaining the list of gTLDs (generic top level domains) and ccTLDs (country code top level domains).
Root Hints: http://www.internic.net/zones/named.root

DNS Registries and Registrars

DNS Registry – the authoritative source for a DNS domain.

DNS Registrar – entity authorized to manage registry data.

Registrars sell domains to others and maintain that data in the registry.
VeriSign operates the current registry for .com and .net but does not act as a registrar.
Hundreds of Registrars are certified with Verisign to sell .com domains (e.g. Tucows, GoDaddy, etc.)
Reverse Registries run by regional entities (ARIN, LACNIC, RIPENCC, AFRINIC, APNIC).

DNS Server Software

BIND – originally UNIX.
Windows 2000 move to heavy reliance on DNS
Network traffic: UDP and TCP port 53
Authoritative-only servers only respond to queries for zones they host. No gossip!
Recursive/Caching Servers: Resolve any DNS request for clients. Store answers locally to answer other requests.
Replication: Slave and master. Uses zone serial numbers, refresh and retry intervals to update slaves which have a read-only copy of data.

Dynamic DNS

Dynamic DNS (DDNS) – Allows clients to update A and PTR records on the fly. It’s handy when your ISP doesn’t guarantee a constant IP address.

Periodically, the client contacts the registrar.
- I use wget from cron.
The registrar notes the inbound IP address, and changes the A and PTR records for the corresponding name.

DNS Commands

Command	Purpose
`ping`	Ping and incidentally reveal IP address
`nslookup`	Show DNS record info
`dig`	Get DNS record info
`host`	Get DNS record info
`whois`	Get contact information

nslookup example

    % nslookup denver.cs.colostate.edu
    Server:         129.82.45.181
    Address:        129.82.45.181#53

    Name:   denver.cs.colostate.edu
    Address: 129.82.46.205

What’s the IP address, 129.82.45.181 or 129.82.46.205?
What’s the #53?

dig example

    % dig frii.com

    ;; ANSWER SECTION:
    frii.com.               2363    IN      A       216.17.136.180

    ;; AUTHORITY SECTION:
    frii.com.               2363    IN      NS      ns2.frii.net.
    frii.com.               2363    IN      NS      ns1.frii.net.

    ;; ADDITIONAL SECTION:
    ns1.frii.net.           430763  IN      A       216.17.128.1
    ns2.frii.net.           430763  IN      A       216.17.128.2
    ns2.frii.net.           516     IN      AAAA    2607:fa88:1::2

    ;; SERVER: 129.82.45.181#53

What is all this‽

host example

    % host amazon.com
    amazon.com has address 54.239.25.192
    amazon.com has address 54.239.25.208
    amazon.com has address 54.239.25.200
    amazon.com has address 54.239.17.6
    amazon.com has address 54.239.26.128
    amazon.com has address 54.239.17.7
    amazon.com mail is handled by 5 amazon-smtp.amazon.com.

Six different IP addresses‽

whois example

    % whois boneheads.us
    Domain Name:                BONEHEADS.US
    Sponsoring Registrar:       GODADDY.COM, INC.
    Registrar URL:              whois.godaddy.com
    Registrant Name:            Bret McKee
    Registrant Address1:        ×××× ××××××× ×××× Road
    Registrant City:            Fort Collins
    Registrant State/Province:  Colorado
    Registrant Postal Code:     80526
    Registrant Country:         United States
    Registrant Phone Number:    +1.970×××××××
    Registrant Email:           ×××××@boneheads.us

Web sites

These websites can look up things for you:

CT320: Network and System Administration

Fall 2016