DNS & X.500. 2 Overview The Domain Name System(DNS) Domain Name Space DNS Name Servers Name...
-
Upload
osborne-preston -
Category
Documents
-
view
223 -
download
1
Transcript of DNS & X.500. 2 Overview The Domain Name System(DNS) Domain Name Space DNS Name Servers Name...
DNS & X.500
DNS DNS && X.500 X.500
2DNS & X.500
Overview
The Domain Name System(DNS) Domain Name Space
DNS Name Servers
Name resolution algorithm
Caching: The Key to Efficiency
Domain Server Message Format
Resource Records
Example
X.500 Directory Service
3DNS & X.500
DNS
The Domain Name System(DNS) A name service design whose principal naming database is used across the I
nternet The original Internet naming scheme
• All host names and addresses were held in a single central master file• Downloaded by FTP to all computers that required them
The major shortcomings of original scheme• It does not scale to large numbers of computers• Local organizations wish to administer their own naming system• A general name service is needed – not one that only serves for looking
up computer address To map a name onto an IP address, an application program calls a library pro
cedure called the resolver, passing it the name as a parameter The resolver sends a UDP packet to a local DNS server, which look up the n
ame and returns the IP address to the resolver, which then returns it to the caller
4DNS & X.500
DNS(Cont.)
The Domain Name Space has a tree structure Internet is divided into several hundred top-level domains Each domain is partitioned into subdomains, and these are further partitioned,
and so on The Internet DNS name space is partitioned both organizationally and accordin
g to geography• com, deu, gov, mil, net, org, int…• us, uk, fr, kr…
Domains can be inserted into the tree in two different ways Each domain is named by the path upward from it to the root Each domain controls how it allocates the domains under it To create a new domain, permission is required of the domain in which it will be
included Domains names are completely independent of their location
5DNS & X.500
DNS(Cont.)
int goveducom mil nlnet usorg jp
eng
yalesun acm
keio
ieee
cs
ac co
jack jill
pc24
nec
robot
csllindaai fluit
oce
cs eng
vu
cs
flits
Generic Countries
A portion of the Internet domain name space
…
6DNS & X.500
DNS(Cont.)
Name Servers A name server is a server program that supplies name-to-address
translation, mapping from domain to IP addresses A large organization is highly unlike to store all of its naming information
on a single server such a server would be a bottleneck and a critical point of failure
Each name server maintain entire directories The database is divided up into sections called zones The essential task of a name server is to answer queries using data in
its zones The name server marks its responses to queries so that the requester
can tell whether the response comes from authoritative data or not Authoritative record is one that comes from the authority that manages
the record, and is thus always correct(complete information)
7DNS & X.500
DNS(Cont.)
ns1.cs.ucl.ac.uk(ac.uk)
ns.nasa.gov
dcs.qmw.ac.ukdoc.ic.ac.uk
aAlpha.qmw.ac.uk(qmw.ac.uk)
(root)
(purdue.edu)ns.purdue.edu
(dcs.qmw.ac.uk)magician.dcs.qmw.ac.uk dns-0.doc.ic.ac.uk
(doc.ic.ac.uk)
qmw.ac.uk
ac.ukpurdue.edu
*.purdue.edu
*.doc.ic.ac.uk*.dcs.qmw.ac.ukdcs.qmw.ac.uk*.qmw.ac.uk
DNS name servers
8DNS & X.500
DNS(Cont.)
Name resolution algorithm• There are two ways : by contacting name servers one at a time(non-recursive, iter
ative) or asking the name server system to perform the complete translation(recursive)
• Conceptually, domain name resolution proceeds top-down, starting with the root name server and proceeding to servers located at the leaves of the tree
• The client software forms a domain name query • It sends the query to a name server for resolution• When a domain server receives a query, it checks to see if the name lies in the su
bdomain for which it is an authority• If so, it translates the name to an address according to its database, and appends
an answer to the query before sending it back to the client• If the client requested complete translation, the server contacts a domain name ser
ver that can resolve the name and returns the answer to the client• If the client requested non-recursive resolution, the name server cannot supply an
answer• It generate a reply that specifies the name server the client should contact next to r
esolve the name
9DNS & X.500
Iterative navigation
DNS(Cont.)
UA
NS2
NS1
NS3
Namesevers1
2
3
UA
NS2
NS1
NS3
1 2
34
Non-recursive navigation
UA
NS2
NS1
NS3
12
35
4
Recursive navigation
10DNS & X.500
DNS(Cont.)
Efficient Translation Inefficiencies for three reasons
• Most name resolution refers to local names, those found within the same subdivision of the namespace as the machine from which the request originates
• If each name resolution always started by contacting the topmost level of the hierarchy, the machine at that point would become overloaded
• Failure of machines at the topmost levels of the hierarchy would prevent name resolution, even if the local authority could resolve the name
In the two-step name resolution process, resolution begins with the local name sever
If the local server cannot resolve a name, the query must then be sent to another server in the domain system
11DNS & X.500
DNS(Cont.)
Caching: The Key to Efficiency To improve the overall performance of a name server system, it is n
ecessary to lower the cost lookup for nonlocal names Internet name servers use name caching to optimize search costs Each server maintains a cache of recently used as well as a record
of where the mapping information for that name was obtained (marking as a nonauthoritative)
To keep the cache correct, servers time each entry and dispose of entries that exceed a reasonable time
Servers do not apply a single fixed timeout to all entries, but allow the authority for an entry to configure its timeout
Whenever an authority responds to a request, it includes a Time To Live(TTL) value in the response that species how long it guarantees the binding to remain
12DNS & X.500
DNS(Cont.)
13DNS & X.500
DNS(Cont.)
Domain Server Message Format Standard message format
ADDITOINAL INFORMATION SECTION
AUTHORITY SECTION
ANSWER SECTION
QUESTION SECTION
NUMBER OF ADDITIONALNUMBER OF AUTHORITY
NUMBER OF ANSWERNUMBER OF QUESTIONS
PARAMETERIDENTIFICATION
0 3116
14DNS & X.500
DNS(Cont.)
Unique IDENTIFACTION field that the client uses to match response PARAMETER field that specifies the operation requested and a response NUMBER OF QUESTION gives the count of entries in the QUESTION
SECTION QUESTION SECTION contains queries for which answers are desired ANSWER SECTION, AUTHORITY SECTION, ADDITIONAL SECTION
consists of a set of resource records The client fills in only the question section; the server returns the question
and answers in its response
15DNS & X.500
RESOURCE DATA
RESOURCE DATA LENGTH
TIME TO LIVE
CLASSTYPE
RESOURCE DOMAIN NAME310 16
QUERY CLASSQUERY TYPE
QUERY DOMAIN NAME
0 16 31
DNS(Cont.) The format entries in the QUESTION SECTION of a domain name server message
The format of Resource Records of messages returned by domain name servers
16DNS & X.500
DNS(Cont.)
Resource Records When a resolver gives a domain name to DNS, what it gets back are
the resource records associated with that name
RESOURCE DOMAIN NAME field contains the domain name to which this resource record refers
TIME TO LIVE field describes how long can be cashed before it should be discarded
CLASS field species the data’ class. For Internet information, it is always IN
The TYPE field specifies the type of the data included in the resource record
The RESOURCE DATA field can be a number, a domain name, or an ASCII string depending on the record record type
17DNS & X.500
The principal DNS resource record types
DNS(Cont.)
Type Meaning Value
SOA Start of Authority Parameters for this zone
A IP address of a host 32-Bit integer
MX Mail exchange Priority, domain willing to accept email
NS Name Server Name of a server for this domain
CNAME Canonical name Domain name
PTR Pointer Alias for an IP address
HINFO Host description CPU and OS in ASCII
TXT Text Uninterpreted ASCII text
18DNS & X.500
int goveducom mil nlnet usorg jp
eng
yalesun acm
keio
ieee
cs
ac co
jack jill
pc24
nec
robot
csllindaai fluit
oce
cs eng
vu
cs
flits
DNS(Cont.) How a resolver looks up a remote name
Originator name serverVU CS
name server name serverEdu Yale Yale CS
yale.eduflits.cs.vu.nl Edu-server.net cs.yale.educs.vu.nl
1 432
7 568
19DNS & X.500
X.500 Directory Service
Attribute–based name service : <name, attribute> X.500 directory is under a common root directory is a tree hierar
chy of : country, organization, organizational unit, person wide range of attributes are stored at each node in the tree access is not just by name searching for entries with any required combination of attributes
DIT(Directory Information Tree) The X.500 name tree
DIB(Directory Information Base) Entire directory structure including the data associated with the nodes
Two of the largest directory service provider are InterNIC and ESnet
20DNS & X.500
X.500 Directory Service(Cont.)
X500 Service (root)
…France(country)
Great Britain(country)
Greece(country)…
…BT Plc(organization) Cambridge University(oiganization)…
….Computing Service(organizational Unit)
…Computer Lab(organizationalUnit)
Engineering Department(organizationalUnit)…
…Departmental Staff(organizationalUnit)ely (applicationProcess)
Research Students(organizationalUnit)…
Jon Fairbairn(person) Ken Moody(person) Karen Sparck-jones(person)……Jean Bacon(person)
Part of the X.500 Directory Information Tree
21DNS & X.500
DUA
DSA
DSA DSA
DUA
DUA DSA
DSA
DSA
DSA(Directory Service Agents) : serverEach local directoryrepresent one organization or a group of organizations
DUA(Directory User Agents) : clientuser interface program for access to one of more DSAs
X.500 Directory Service(Cont.)
22DNS & X.500
X.500 Directory Service(Cont.)
Operation client ---- connection ----> server
access directory(issued query) If have no required data in DIB
• invoke other server or
• redirected the client to another server
The full name of an entry corresponds to a path through the DIT from the root of the tree to the entry
A DIB entry consists of a set of attributes, where an attributes has a type and one or more values
Type name : for example, countryName, organizationalName, commonName, telephoneNumber, mailbox, objectClass
23DNS & X.500
The name of a DIB entry is determined by selecting one or more of its attributes as distinguished attributes – Distinguished Name(DN)
Two main types of access request read
• an absolute or relative name for an entry is given together with a list of attributes to be read
• The DSA server retrieves the required attributes and returns them to the client
search
• A base name and a filter expression are supplied as arguments
• This command returns a list of names for all of the entries below the base node for which the filter evaluates to TRUE
X.500 Directory Service(Cont.)
24DNS & X.500
DNS X.500
- simply look up data attached to a given domain name
- supports many types of searching- matches and specify incomplete information
- relatively simple distributed database meant to solve a particular problem
- is a full-blown distributed database meant to be used for a wide variety of applications
- can store the phone book , information about all sorts of network devices and their attributes
- is not secure - has a security features involving credentials and the support of multiple encryption types
X.500 Directory Service(Cont.)
DNS Versus X.500