Domain Name System (DNS)

DNS acts like the “phonebook” for the internet. Its purpose is to translate human-readable domain names (like google.com) into machine-readable IP addresses (like 192.168.1.1), and vice versa. This is necessary because while domain names are easy for people to remember.

Domain Name System (DNS)

• distributed database implemented in hierarchy of many name servers
• application-layer protocol: hosts, DNS servers communicate to resolve names (address/name translation)
  • note: core Internet function, implemented as application-layer protocol
  • complexity at network’s “edge”

people: many identifiers:

• SSN, name, passport # Internet hosts, routers:
• IP address (32-bit) - used for addressing datagrams
• ”name”, e.g., cs.umass.edu - used by humans

How to map between IP address and name, and vice versa?

DNS: services, structure

DNS services:

• hostname-to-IP-address translation
• host aliasing
  • canonical, alias names
  • host like web server might have multiple domain names
  • DNS allows several domain names to map to the same IP address (aliasing), and let’s one domain name refer to another (canonical names)
• mail server aliasing
• load distribution
  • replicated Web servers: many IP addresses correspond to one name
  • distribute high traffic load across multiple servers, each with a different IP address but the same domain name
  • crucial for balancing loads and ensuring network reliability during high demand

Why not centralize DNS?

• single point of failure
  • if central server goes down, entire internet could potentially become unreachable
• traffic volume
  • would result in a bottleneck where all DNS queries must pass through one point
• distant centralized database
  • users from distant locations might experience significant delays in name resolution
• maintenance
  • managing single central for entire global internet would be impractical and vulnerable to attacks and failures

A: doesn’t scale!

• Comcast DNS server alone: 600B DNS queries/day
• Akamai DNS servers alone: 2.2T DNS queries/day

DNS: a distributed, hierarchical database

Clients wants IP address for www.amazon.com; 1st approximation:

• client queries root server to find .com DNS server
• client queries .com DNS server to get amazon.com DNS server
• client queries amazon.com DNS server to get IP address for www.amazon.com

DNS Resolution process

• Step 1: A client (such as a web browser) queries the root DNS server to find the .com DNS server when trying to access a website like www.amazon.com.
• Step 2: The root server responds with the address of the .com TLD server responsible for .com domains.
• Step 3: The client then queries the .com DNS server to find the specific authoritative DNS server for amazon.com.
• Step 4: The .com server responds with the IP address of the amazon.com DNS server.
• Step 5: Finally, the client queries the amazon.com DNS server, which provides the IP address for www.amazon.com, allowing the client to make a direct request to the Amazon website.

DNS: root name servers

• official, contact-of-last-resort by name servers that can not resolve name
• incredibly important Internet function
  • Internet couldn’t function without it!
  • DNSSEC - provides security (authentification, message integrity)
• ICANN (Internet Corporation for Assigned Names and Numbers) manages root DNS domain

Top-Level Domain, and authoritative servers

authoritative DNS servers:

• organization’s own DNS server(s), providing authoritative hostname to IP mappings for organization’s named hosts
• can be maintained by organization or service provider

Local DNS name servers

• when host makes DNS query, it is sent to its local DNS server
  • Local DNS server returns reply, answering:
    • from its local cache of recent name-to-address translation pairs (possibly out of date!)
    • forwarding request into DNS hierarchy for resolution
  • each ISP has local DNS name server; to find yours:
    • MacOS: % scutil --dns
    • Windows: >ipconfig /all
  • local DNS server doesn’t strictly belong to hierarchy

Local DNS servers are typically not part of the DNS hierarchy but are essential for speeding up DNS queries by caching results and reducing the load on upper-level servers.

DNS name resolution: iterated query

Example

Host at engineering.nyu.edu wants IP address for gaia.cs.umass.edu

Iterated query:

• contacted server replies with name of server to contact
• ”I don’t know this name, but ask this server”

• In an iterated query, each DNS server contacted by the client provides the address of the next server to query rather than the final result. This continues until the answer is found.
• The burden of processing the query is on the client, which must handle multiple DNS queries.

DNS name resolution: recursive query

Example

Host at engineering.nyu.edu wants IP address for gaia.cs.umass.edu

Iterated query:

• puts burden of name resolution on contacted name server
• heavy load at upper levels of hierarchy?

• In a recursive query, the client sends a single request to its local DNS server, which then performs all subsequent requests until it retrieves the final answer.
• This method can put a significant load on the DNS server since it must handle the full resolution process.

Caching DNS Information

• once (any) name server learns mapping, it caches mapping, and immediately returns a cached mapping in response to a query
  • caching improves response time
  • cache entries timeout (disappear) after some time (TTL)
  • TLD servers typically cached in local name servers
• cached entries may be out-of-date
  • if named host changes IP address, may not be known Internet-wide until all TTLs expire!
  • best-effort name-to-address translation!

Caching:

• Purpose: Caching is used to store DNS query results for a predetermined period (defined by the TTL - Time to Live) to speed up future queries.
• Challenges: Cached data can become outdated if the domain’s IP address changes, leading to potential errors until the cache is updated after the TTL expires.

DNS records

DNS

distributed database storing resource records (RR)

RR format: (name, value, type, ttl)

• type=A
  • name is hostname
  • value is IP address
• type=NS
  • name is domain (e.g., foo.com)
  • value is hostname of authoritative name server for this domain
• type=CNAME
  • name is alias name for some “canonical” (the real) name
  • www.ibm.com is really servereast.backup2.ibm.com
  • value is canonical name
• type=MX
  • value is name of SMTP mail server associated with name

Summary:

• A Record: Maps a hostname to its corresponding IP address.
• NS Record: Specifies the servers that are authoritative for a particular domain.
• CNAME Record: Used to alias one domain name to another (canonical name).
• MX Record: Points to the mail servers responsible for receiving email on behalf of a domain.

DNS protocol messages

DNS query and reply messages, both have same format:

• identification
  • 16 bit # for query
  • reply to query uses same #
• flags:
  • query or reply
  • recursion desired
  • recursion available
  • reply is authoritative
• questions
• RRs in response to query
• authority
  • records for authoritative servers
• additional info

Getting your info into the DNS

New startup "Network Utopia"

• register name networkutopia.com at DNS registrar (e.g., Network Solutions)
  • provide names, IP addresses of authoritative name server (primary and secondary)
  • registrar inserts NS, A RRs into .com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 212.212.212.1, A)
• create authoritative server locally with IP address 212.212.212.1
  • type A record for www.networkutopia.com
  • type MX record for networkutopia.com

Process:

1. Registration: Register your domain (e.g., networkutopia.com) with a DNS registrar, providing names and IP addresses of your primary and secondary authoritative name servers.
2. DNS Records Insertion: The registrar inserts NS and A records into the appropriate TLD server.
3. Local DNS Setup: Set up an authoritative DNS server for your domain with necessary DNS records (e.g., A and MX records).