DNS

Posted on In , , Reading time ≈ 3 mins.

DNS (Domain Name System)

Internet hosts (or routers) has IP address and name.
DNS maps between IP address and name and vice versa.

DNS is a distributed database implemented in hierarchy of many name servers.
It is actually an application-layer protocol: hosts and DNS servers communicate to resolve names. (address/name translation)

DNS is at network's edge; It's not core function of network!

DNS uses TCP, UDP, or even TLS!

DNS services

  • Hostname-to-IP-address translation
  • Host aliasing (Canonical, alias names)
  • Mail server aliasing
  • Load distribution (Replicated Web servers: many IP addresses can correspond to one name)

Distributed, hierarchical databse

DNS is organizationally, physically decentralized!
If client wants IP address for www.amazon.com,

  1. Client queries root DNS server to find .com DNS server
  2. Client queries .com DNS server to find amazon.com DNS server
  3. Client queries amazon.com DNS server to get IP address for www.amazon.com

Why DNS is distributed? (i.e. not centralized?)

  • Single point of failure: One mistake can take down the entire internet's naming system.
  • Can't scale: Even single DNS server processes 2.2T DNS queries per day
  • Traffic volume: Centralized DNS would be a massive bottleneck
  • Performance: Users far from centralized DNS would have higher delays
  • Maintenance: No single entity should control the entire internet; Millions of different organizations are responsible for their records

Root name servers

Root name servers only have records for top level domain servers.
There are only 13 logical root name servers! (a.root-servers.net to m.root-servers.net)
Each server is physically replicated many times to prevent attack.

  • ICANN manages top level domains.
  • DNSSEC provides security.

Top level domain servers

Responsible for Top-level Domain (TLD), e.g. .com, .org, .net, .edu, .aero, .jobs, .museums, .kr, .uk, .jp

Authoritative servers

Organization's own DNS servers that provides authoritative hostname to IP mappings for organization's named hosts.
Can be maintained by organization or service provider.

Local DNS name servers

Whenever host makes DNS query, it sends query to its local DNS server.
Local DNS server either returns cached name-to-address translation pair (possibly out of date!), or forward request into DNS hierarchy for resolutions.

Each ISP has its local DNS name server.

DNS name resolution

Iterated query

Contancted server replies with name of server to contact.

  1. Host ask local DNS server.
  2. Local DNS server ask root DNS server.
  3. Root DNS server replies with TLD DNS server.
  4. Local DNS server ask TLD DNS server.
  5. TLD DNS server replies with authoritative DNS server.
  6. Local DNS server ask authoritative DNS server.
  7. Authoritative DNS server replies with actual IP address.

Recursive query

Puts burden of name resolution on contacted name server.

  1. Host ask local DNS server.
  2. Local DNS server ask root DNS server.
  3. Root DNS server ask TLD DNS server.
  4. TLD DNS server ask authoritative DNS server.
  5. Authoritative DNS server replies with actual IP address.
  6. TLD DNS server replies with actual IP address.
  7. Root DNS server replies with actual IP address.

Caching DNS information

DNS server responses mapping with Time To Live (TTL).
Once a name server learns mapping, it caches mapping and immediately returns until cache expires.
Local name server typically cache famous sites, including TLD servers.

If the named host change its IP address before all TTLs have expired, the internet may not know that the host changed its IP address!
If DNS server don't want to be cached, it can reply with 0 TTL.

DNS records

Recall) DNS is distributed database storing resource records (RR).
RR format looks like this: (name, value, type, ttl)

  • type=A: name is hostname, value is IP address
  • type=NS: name is domain, value is hostname of authoritative name server for this domain
  • type=CNAME: name is alias name, value is canonical name
  • type=MX: value is name of SMTP mail server associated with name

DNS protocol message

Message header

  • Identification: 16 bit number for query, response uses same nubmer.
  • Flags: e.g. query or reply, recursion desired, recursion available, reply is authoritative
  • Number of questions, answer RRs, authority RRs, additional RRs

Message

  • Questions: name, type fields for a query
  • Answers: RRs in response
  • Authority: RRs for authoritative servers
  • Additional info: additional helpful RRs that may be used

Getting your info into the DNS

  1. Register name newsite.com at DNS registrar (e.g. Network Solutions)
    • Provide names, IP addresses of authoritative name server to registrar.
    • Registrar inserts NS, A RRs into TLD server:
      (newsite.com, dns1.newsite.com, NS)
      (dns1.newsite.com, 212.212.212.1, A)
  2. Create authoritative server locally with IP address 212.212.212.1
    • type A record for www.newsite.com
    • type MX record for newsite.com

DNS attack

  • DDoS attacks: bombard root server or TLD server with traffic
    • However, root servers are very heavily guarded!
    • So far, no one has successfully attacked the root server and taken it down.
  • Spoofing attacks: Intercept DNS queries and return bogus replies. e.g. DNS cache poisoning
    • Can be prevented by RFC from DNSSEC, but DNSSEC is not widely used...