Internet Technology

Assignment1

DNS
DOMAIN NAME SYSTEM
1. Introduction
Every time you visit a website, you are interacting with the largest distributed
database in the world. This massive database is collectively known as the
DNS, or the Domain Name System. Without it, the Internet as we know it
would be unable to function. The work that the DNS does happens so
seamlessly and instantaneously that you are usually completely unaware that
it's even happening. The only time that you'll get an inkling about what the
DNS is doing is when you're presented with an error after trying to visit a
website. Learn more about what the DNS is, how it works and why it's so
critical by reading on below.
When DNS was not into existence, one had to download a Host file containing
host names and their corresponding IP address . But with increase in number of
hosts of internet, the size of host file also increased. This resulted in increased
traffic on downloading this file. To solve this problem the DNS system was
introduced.
2. What is Domain Name System

The Domain Name System (DNS) is a hierarchical decentralized naming

system for computers, services, or other resources connected to the Internet or
a private network. It associates various information with domain names
assigned to each of the participating entities. Most prominently, it translates
more readily memorized domain names to the numerical IP addresses needed
for locating and identifying computer services and devices with the underlying
network protocols. By providing a worldwide, distributed directory service, the
Domain Name System is an essential component of the functionality of the
Internet, that has been in use since 1985.
The Domain Name System delegates the responsibility of assigning domain
names and mapping those names to Internet resources by designating
authoritative name servers for each domain. Network administrators may
delegate authority over sub-domains of their allocated name space to other
name servers. This mechanism provides distributed and fault tolerant service
and was designed to avoid a single large central database.
3. Why is DNS important?
DNS is like a phone book for the Internet. If you know a person’s name but
don’t know their telephone number, you can simply look it up in a phone
book. DNS provides this same service to the Internet.

When you visit http://dyn.com in a browser, your computer uses DNS to

retrieve the website’s IP address of 204.13.248.115. Without DNS, you
would only be able to visit our website (or any website) by visiting its IP
address directly, such as http://204.13.248.115.

4. Purpose of DNS

DNS purpose:
DNS provides a mapping between symbolic names and IP
addresses in a worldwide distributed and hierarchic database.

Addressing before DNS was introduced:

Prior to the introduction of DNS, symbolic name to IP address

mappings were stored in the file hosts on each computer or
host. Naturally, this scheme did not scale well because updates
to the hosts file were necessary on each host every time a new
host joined the network.
This file still exists and may contain static mappings, e.g.
localhost to 127.0.0.1 and ::1: Windows:
C:\Windows\system32\drivers\etc\hosts
Unix / Linux: /etc/hosts

DNS key characteristics:

• DNS is a distributed system (many servers cooperating,
worldwide).
• Hierarchy & delegation (if one server does not know the
binding, it goes up the hierarchy).
 • Names are organized in a tree-structure allowing delegation of
responsibility.
5. IP Address
In order to understand what the DNS is and how it works, you need to have a
basic understanding of IP addresses and domain names. An IP address, or
Internet Protocol address, is a complex string of numbers that acts as a binary
identifier for devices across the Internet. In short, an IP address is the address
that computers, servers and other devices use to identify one another online.
The vast majority of IP addresses are arranged into four sets of digits - i.e.,
12.34.56.78.
IP address is a unique logical address assigned to a machine over the network.
An IP address exhibits the following properties:
- IP address is the unique address assigned to each host present on Internet.
- IP address is 32 bits 4byteslong.
- IP address consists of two components: network component and host
component
.
- Each of the 4 bytes is represented by a number from 0 to 255, separated
with dots. For example 137.170.4.124

IP address is 32-bit number while on the other hand domain names are easy to
remember names. For example, when we enter an email address we always
enter a symbolic string such as webmaster@tutorialspoint.com.

- Uniform Resource Locator URL

Uniform Resource Locator URL : refers to a web address which uniquely

identifies a document over the internet.
This document can be a web page, image, audio, video or anything else
present on the web.
For example, www.tutorialspoint.com/internet_technology/index.html
is an URL to the index.html which is stored on tutorialspoint web server
under internet_technology directory.
- URL Types
There are two forms of URL as listed below:
1. Absolute URL
2. Relative URL

1- Absolute URL
Absolute URL is a complete address of a resource on the web. This
completed address comprises of protocol used, server name, path name and
file name.
For example http:// www.tutorialspoint.com / internet_technology
/index.htm. where:
http is the protocol.
tutorialspoint.com is the server name.
index.htm is the file name.

The protocol part tells the web browser how to handle the file. Similarly we
have some other protocols also that can be used to create URL are:
FTP
https
Gopher
mailto
news

2- Relative URL
Relative URL is a partial address of a webpage. Unlike absolute URL, the
protocol and server part are omitted from relative URL.
Relative URLs are used for internal links i.e. to create links to file that are
part of same website as the Web Pages on which you are placing the link.
For example, to link an image on
tutorialspoint.com/internet_technology/internet_referemce_models, we
can use the relative URL which can take the form like
/internet_technologies/internet-osi_model.jpg.
6. Domain Name System Architecture
The Domain name system comprises of Domain Names, Domain Name Space,
Name Server that have been described below:

Domain Names

Domain Name is a symbolic string associated with an IP address. There are

several domain names available; some of them are generic such as
com, edu, gov, net etc, while some country level domain names such as au, in,
za, us etc.

The following table shows the Generic Top-Level Domain names:

The following table shows the Country top-level domain names:

7. DNS elements
Every organization running DNS must operate 2 DNS servers (redundancy).
Like HTTP pages, DNS records can be cached (in the client or in DNS servers).
The lifetime of a record is contolled by the DNS TTL (Time-To-Live).

8. DNS Name Space Hierarchy

The name space is organized in a (hierarchic) tree. Responsibility for a sub tree
can be delegated to another organization (e.g. from an ISP to a company).
9 . DNS terms

Root (name) server:

Servers that have in their database IPs of top level servers (gTLD servers).
Every server knows at least 2 root servers which in turn know all top level
domains. Where are the root servers? http://www.root-servers.org/
DNS client:
Performs lookups (resolver).
Sometimes the requesting application and not the resolver is called client.
But from the server‘s point of view the resolver is the client.
DNS server:
a. When RR is in local database (authoritative or cached), the server
returns requested RR (Resource Record with mapping nameIP).
b. When RR is not in local database, the server performs lookup on behalf of
client (recursive query).
c. When RR is not in local database, the server returns IP address of
DNS server higher up in the hierarchy (iterative query).
DNS resolver:
Process/program that performs name lookup on behalf ofapplication.
Access to DNS resolver from applicaton is through OS calls:
gethostbyname(), gethostbyaddress().

Primary name server:

Authoritative name server for zone. The databases of the primary and
secordary name server contain the authoritative RRs (changes to the
database are made here).
Secondary name server:
Serves as (hot standby) server for primary server.
The secondary name server is also authoritative.
The secondary name server maintains a database with cached name
records from the primary server (through zone transfers every 3 hours
or so).
TLD (Top Level Domain):
All nodes in name tree directly underneath the root node
 are TLDs.
The TDLs are: arpa, com, edu, gov, int, mil, net, org, and
all country domains.
Generic domain:
Top-level domains that are not country level domains:
arpa, com, edu, gov, int, mil, net, org.
Resource record RR:
Record that contains mapping nameIP.
Name space:
Defines a hierarchic tree of names and labels.
Label:
„Token“ of DNS name (the pieces between the dots). E.g. in
www.zhaw.ch. www, zhaw and ch are labels.
Zone:
Part of name tree that is separately administered. Zones may contain
smaller zones in a hierarchic way. A zone that contains another zone
delegates administration and responsibility for the name space of the
contained zone (to the contained zone). Each zone must have one
primary and at least 1 secondary name server (redundancy).
FQDN (Fully Qualified Domain Name):
Name that fully specifies a host. Example: www.zhaw.ch.
is a FQDN.
Note: FQDNs have a dot at the end to indicate that it is an FQDN (the
dot represents the root node).
Relative domain name:
All non-FQDN are relative domain names. Example: e.g.
zhaw.ch.
Authoritative record:
Record that comes from the authority that manages the record (opposite:
cached records in non-authoritative servers). DNS servers responsible for
a zone return authoritative records (primary, secondary DNS server).

9. DNS Packet
  DNS uses the same format for query and response.

 DNS uses UDP (port 53), but for large transfers (zone transfers) it uses TCP
(DNS
then uses format of zone file, see
http://www.isoc.org/briefings/020/zonefile.shtml

10. DNS Resource Record

A DNS record contains the information queried for (value field) in the question
plus additional information on the record (TTL, class, type of record).

11.DNS root servers

DNS root servers are themost critical component in the entire DNS. List of
root servers: http://www.root-servers.org/.
Root servers basically publish the „root zone file“ – a file containing all
names and IP addresses of all top- level domains (gTLDs and ccTLDs). See
http://www.isoc.org/briefings/020/zonefile.shtml.
Root zone file excerpt:
…
$ORIGIN .
LU 172800 IN NS MERAPI.SWITCH.CH.
$ORIGIN SWITCH.CH.
MERAPI 172800 IN A 130.59.211.10
172800 IN AAAA 2001:620::5
$ORIGIN .
LU 172800 IN NS SUNIC.SUNET.SE.
…

There are 13 logical root servers, named ‚A‘ through ‚M‘, each administered
by a different organization. Some organizations (such as RIPE, K-root-
server) chose to run multiple redundant physical root servers (called
„mirrors“, DNS server clusters) distributed worldwide. See http://k.root-
servers.org/ for RIPE‘s root servers. These mirrored root servers are
reachable through IPv4 anycast (same IP address, but depending on the host‘s
location the nearest root server is reached by a querying host):
12. How does DNS work?

When you visit a domain such as dyn.com, your computer follows a series of steps
to turn the human-readable web address into a machine-readable IP address. This
happens every time you use a domain name, whether you are viewing websites,
sending email or listening to Internet radio stations like Pandora.

Step 1: Request information

The process begins when you ask your computer to resolve a hostname, such as
visiting http://dyn.com. The first place your computer looks is its local DNS cache,
which stores information that your computer has recently retrieved.

If your computer doesn’t already know the answer, it needs to perform a DNS
query to find out.

Step 2: Ask the recursive DNS servers

If the information is not stored locally, your computer queries (contacts) your ISP’s
recursive DNS servers. These specialized computers perform the legwork of a
DNS query on your behalf. Recursive servers have their own caches, so the process
usually ends here and the information is returned to the user.

Step 3: Ask the root name servers

If the recursive servers don’t have the answer, they query the root nameservers. A
nameserver is a computer that answers questions about domain names, such as IP
addresses. The thirteen root nameservers act as a kind of telephone switchboard for
DNS. They don’t know the answer, but they can direct our query to someone that
knows where to find it.

Step 4: Ask the TLD name servers

The root name servers will look at the first part of our request, reading from right
to left — www.dyn.com — and direct our query to the Top-Level Domain (TLD)
nameservers for .com. Each TLD, such as .com, .org, and .us, have their own set
of nameservers, which act like a receptionist for each TLD. These servers don’t
have the information we need, but they can refer us directly to the servers that do
have the information.

Step 5: Ask the authoritative DNS servers

The TLD nameservers review the next part of our request — www.dyn.com — and
direct our query to the nameservers responsible for this specific domain. These
authoritative nameservers are responsible for knowing all the information about
a specific domain, which are stored in DNS records. There are many types of
records, which each contain a different kind of information. In this example, we
want to know the IP address for www.dyndns.com, so we ask the authoritative
nameserver for the Address Record (A).

Step 6: Retrieve the record

The recursive server retrieves the A record for dyn.com from the authoritative
nameservers and stores the record in its local cache. If anyone else requests the
host record for dyn.com, the recursive servers will already have the answer and will
not need to go through the lookup process again. All records have a time-to-live
value, which is like an expiration date. After a while, the recursive server will need
to ask for a new copy of the record to make sure the information doesn’t become
out-of-date.

Step 7: Receive the answer

Armed with the answer, recursive server returns the A record back to your
computer. Your computer stores the record in its cache, reads the IP address from
the record, then passes this information to your browser. The browser then opens a
connection to the webserver and receives the website.
13. DNS Operation
Case A. Server does not know binding (not cached locally):

Example: flits.cs.vu.nl looks up linda.cs.yale.edu

1. flits.cs.vu.nl asks local DNS server cs.vu.nl.
2. cs.vu.nl does not have binding, but as per RFC1035 must have IP address of
server for ‘edu’ = edu-server.net. cs.vu.nl forwards request to edu-server.net.
3. edu-server.net must know IP address of all of its children, so it forwards the
request to yale.edu.
4. yale.edu must know all of its children so it forwards request to cs.yale.edu.
5. cs.yale.edu is authoritative server for all children underneath cs.yale.edu so it
replies with the corresponding record.
6./7./8. The reply goes back to the client (through all servers).

Case B. Server knows binding (cached) and directly responds to client.

14. DNS recursive versus iterative queries

 Recursive: The first contacted DNS server performs the lookup on behalf of
the client; resolvers (clients) use recursive query.
Iterative: The first contacted DNS server refers the client to some other
server in the hierarchy; servers use iterative query (referral).
nslookup example for www.indigoo.com (via root servers):

15. DNS Pointer Query

Pointer query = Lookup IP address to name (= inverse lookup).
Problem:
DNS name space is hierarchic and allows quick lookup name
IP.
Because the tree is hierarchic the lookup is like a mathematical one-
way function (easy lookup in one direction, virtually impossible in
the other direction).
Solution:
Special name space in-addr.arpa in DNS name space.
Beneath this name space every organization is responsible for a
portion of the in-addr.arpa name space.
For example the owner of the IP address range 193.5.54.0/24
is responsible for serving pointer queries to this address.
N.B.: 33.13.252.140.in-addr.arpa. is the FQDN for a host with
IP address 140.252.13.33 (note reversed order of IP address
 bytes).

Demo nslookup:
>cmd nslookup
>set type=ptr (set query type to
>193.5.54.112 pointer)
>112.54.4.193.in- (reversed IP
addr.arpa address!)

16. Dynamic DNS dynDNS RFC2136

Problem:
DNS is pretty static which means it does not allow to quickly change the IP
address to name binding (this takes days to propagate through the network
because of caching). Because of IP address scarcity, providers (ISPs) have
fewer public IP addresses than customers (overbooking: only a portion of
customers is online at any time).
This was ok some years ago but people (customers) start to run more
elaborate applications like Internet Telephony.

Solution:
Dynamic DNS enhances DNS with the capability to register a name and IP
address with a server. The lookup to the server is still plain vanilla DNS, but
dynDNS makes it possible to reregister the IP address with the server once it
has changed
(e.g. DSL access with dynamic IP addresses, DHCP).
As opposed to standard DNS, DynDNS uses very low TTL values (~2
minutes or so).
There are also proprietary protocols used for dynamic DNS name
registration with a server.
Often some REST-style protocol (HTTP-based) is used.

Conclusion
DNS and the BIND server both play essential rolls in today's Internet and in
many private networks around the world, so it is beneficial for anyone using a
computer or networked device to at least have a general understanding of how it
all works. Few services effect so many systems and users of those systems as
much as DNS, which is involved virtually every time someone accesses a
network.