Domain Name System (DNS)

Need of DNS
Tree structure of Domain Name
Distributed hierarchy of DNS
DNS Header
Features of DNS

OPM

Purpose of naming (domain naming)

Addresses are used to locate objects like websites, Mail servers etc.
Names are easier to remember than numbers/ IP addresses.
It is user friendly to get IP address of Websites, Mail server etc. using
a name.
DNS provides a mapping from names to IP addresses and vice
versa.

OPM

Names and addresses in general

An address is how you get to an endpoint
Typically, hierarchical (for scaling):
MANIT Bhopal, M.P., India, 462051
+91-755-405-1500
204.152.187.11
www.manit.ac.in, www.upsc.gov.in, www.google.com
Subdomain for emails:- hod@ece.manit.ac.in

DNS was developed in 1983 by Paul Mockapetris (RFCs 1034 and

1035), modified, updated, and enhanced by subsequent RFCs.
OPM

DNS Terms
Domain name: any name represented in the DNS format
mail.yahoo.com
www.manit.ac.in
opm@manit.ac.in (to target mail server @ symbol is used)

DNS label: each string between two .

ac.in 2 labels

DNS zone: a set of names that are under the same authority
cs.manit.ac.in, ee.manit.ac.in and www.manit.ac.in

Delegation: transfer of authority for a domain

gmail.com is a delegation from com.

OPM

DNS name server

DNS name server is also called as DNS server.
DNS server stores the DNS records for a domain name.
DNS server maintains database of domain names and
corresponding IP addresses.
DNS name server responds with answers to queries against its
database.

OPM

DNS name Servers (cont.)

Name servers answer DNS questions.
Several types of name servers
Authoritative servers
master (primary)
slave (secondary)
(Caching) recursive servers
also caching forwarders
Mixture of functionality
NMS, DHCP and DNS server

OPM

Domain Name System - DNS

Provides mapping from ASCII domain names to IP addresses

Hierarchical naming system.

The set of names are divided into mutually exclusive parts.

Supplies mechanism for global data storage and information

retrieval.

Most important principles:

Distributed system set of servers sharing information.

Efficiency - most of the requests resolved by local servers.

Use of Caching.

Reliability works even if some of the servers fail.

OPM

DNS Servers
authoritative name server
Give authoritative answers for one or more zones based on domains
and country.
The master server normally loads the data from a zone file
A slave server normally replicates the data from the master via a
zone transfer

slave

master
OPM

slave

Domain name syntax

consists of one or more parts (label ) concatenated, and delimited by dots, such
as www.gmail.com
The right-most label conveys the top-level domain; for example, the domain
name www.gmail.com belongs to the top-level domain com.

The hierarchy of domains descends from right to left; each label to the left
specifies a subdivision, or subdomain of the domain to the right. For example:
the label gmail specifies a subdomain of the com domain, and www is a sub
domain of gmail.com. This tree of subdomain may have up to 127 levels.

Each label may contain up to 63 characters. The full domain name may not
exceed a total length of 253 characters in its external dotted-label specification.

The characters allowed in a label are a subset of the ASCII character set, and
includes the characters a through z, A through Z, digits 0 through 9, and the
hyphen (-). This rule is known as the LDH rule(Letters, Digits, Hyphen). There
are demands for domain name in regional languages.
Domain names are interpreted in case-independent manner. Labels may not start
or end with a hyphen.
OPM
9

DNS tree

root
com

ibm

org

gov

net

cnn

in

ac

manit

OPM

co

gov

iitk

10

Reliability over UDP

DNS is an application which runs over UDP
Advantage: not as complex as TCP.
Disadvantage: requires reliability implementation at application level .

Reliability scheme:
Time out.
Retransmissions - resends timed out query to a different server.

OPM

11

DNS Elements
Resolver:
only asks questions;
recursive: takes simple query and makes all necessary steps to
get the full answer.

Server (some perform both roles of resolver & server at the same
time):
authoritative: the servers that contain the zone file for a zone,
one Primary, one or more Secondary;
caching: a recursive resolver that stores prior results and reuses
them (local network servers and web browsers like google
Crome etc.).
OPM

12

Registries, Registrars, and Registrants

The Domain Wars resulted in a codification of roles in the
operation of a domain name space
Registry
the name spaces database
the organization which has edit control of that database
Including dispute resolution, policy control, etc.
The organization which runs the authoritative name servers for that name
space

Registrar
the agent which submits change requests to the registry on behalf of the
registrant

Registrant
The entity (person or organization) which makes use of the domain name
OPM

13

Obtaining Authority for a subname

Before an Institution is granted authority for an official secondlevel domain, it must agree to operate a domain name server that
meets internet standards.

In case of main Name server and backup name server, there should
not be a common point of failure like common power backup.
Examples of Donain and Subdomains
www.manit.ac.in
www.ece.manit.ac.in,

www.cse.manit.ac.in, etc.

OPM

14

Registries, Registrars, and Registrants

Master server
updated

Registry updates
zone
Registry

Zone DB
Registrar submits
add/modify/delete
to registry

Registrar

Registrar

Slaves server
updated

Registrar

End user requests

add/modify/delete
Registrants
OPM

NIR: National Internet Registry to

maintain records of IP allocation and
domain names in India, has been set
up in March 2013 under ministry of
Information and Communication,
15
govt. of India.

How Does DNS Work?

The resolver sends a DNS request message over UDP to a local
domain name server.
DNS caches stored data for a short time defined by TTL on the
Record.
When a name server does not have the requested information,
it starts at longest match on query name it has when looking for data.
The root server knows the IP address of each second-level domain
name server.
Every server knows how to reach servers that are authorities for
names further down the hierarchy.
The resolver follows delegations until it receives an answer.

OPM

16

Name Server Architecture

Name Server Process

From
disk

Authoritative Data
(primary master and
slave zones)

Zone
data
file
Zone transfer

Master
server

Cache Data
(responses from
other name servers)

Agent
(looks up queries
on behalf of resolvers)
OPM

17

Authoritative Data
Name Server Process

Authoritative Data
(primary master and
slave zones)

Response

Cache Data
(responses from
other name servers)

Agent
(looks up queries
on behalf of resolvers)

Query

OPM

Resolver

18

Using Other Name Servers

Name Server Process

Authoritative Data
(primary master and
slave zones)
Cache Data
(responses from
other name servers)

Agent
(looks up queries
on behalf of resolvers)

Response

Response

Query

Arbitrary
name
server

Query

OPM

Resolver

19

Cached Data
Name Server Process

Authoritative Data
(primary master and
slave zones)

Response

Cache Data
(responses from
other name servers)

Agent
(looks up queries
on behalf of resolvers)

Query

OPM

Resolver

20

DNS query example (from IETF slides)

Root Server
Ask org NS
www.ietf.org

Org Server

Ask ietf.org NS
Stub resolver

www.ietf.org A
65.256.255.51

Recursive
Resolver

ietf.org Server
www.ietf.org A
65.256.255.51

OPM

21

DNS recursive server

Recursive servers do the actual lookups; they ask questions to the
DNS on behalf of the clients.
Answers are obtained from authoritative servers but the answers
forwarded to the clients are marked as not authoritative
Answers are stored for future reference in the cache

OPM

22

Places where DNS data lives

Changes in DNS do not propagate instantly!

Might take up to refresh

to get data from master

Slave

Not going to net if TTL>0

Cache server

Upload of zone
data is local policy
Master
Registry DB
Slave server
slideset
OPM1 -23

Host device

DNS message

OPM

24

OPM

25

DNS Header (cont.)

Identification:- A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied into the
corresponding reply and can be used by the requester to match up
replies to outstanding queries.
Parameter:- 16 bit flag field classified as below

QR:-A one bit field that specifies whether this message is a query (0), or a
response (1).
Opcode:- A four bit field that specifies type of query in this message.
Standard (0), Inverse (1), completion (2 & 3 now obsolete).

AA(Authoritative Answer) :- this bit is only meaningful in responses,

and specifies that the responding name server is an authority for the
domain name in question section.
TC (TrunCation):- specifies that this message was truncated.
OPM

26

DNS Header (cont.)

RD (Recursion Desired) :- this bit directs the name server to pursue the query
recursively.
RA (Recursion Available) - this be is set or cleared in a response, and denotes
whether recursive query support is available in the name server. Recursive query
support is optional.
Z Reserved for future use.
AD (Authentic Data)- to show data authenticity and integrity of record and errors.
CD (Checking Disabled)- to disable signature validation in a security-aware name
server's processing of a particular query.

RCODE (Response code) - this 4 bit field is set as part of responses. The values have
the following interpretation:
0 No error condition
1 Format error - The name server was unable to interpret the query.
2 Server failure - The name server was unable to process this query due to a problem with3
the name server.
3 Name Error - Meaningful only for responses from an authoritative name server, this code
signifies that the domain name referenced in the query does not exist.
4 Not Implemented - The name server does not support the requested kind of query.
5 Refused - The name server refuses to perform the specified operation for policy reasons.
OPM

27

DNS Header (cont.)

Number of Questions:- an unsigned 16 bit integer specifying the number of
entries in the question section.

Number of Answers:- an unsigned 16 bit integer specifying the number of

resource records in the answer section.

Number of Authority:- an unsigned 16 bit integer specifying the number of

name server resource records in the authority records section.

Number of Additional :- ARCOUNT an unsigned 16 bit integer specifying

the number of resource records in the additional records section.

OPM

28

Question section

QNAME (Query Domain Name) :-A domain name represented as a sequence of

labels, where each label consists of a length octet followed by that number of octets.
The domain name terminates with the zero length octet for the null label of the root.
QTYPE (Query Type):- A two octet code which specifies the type of the query.
0x0001 for representing A records (host addresses/web), 0x000f for mail server
(MX) records and 0x0002 for name servers (NS) records.
QCLASS (Query Class):- A two octet code that specifies the class of the query.
0x0001 for representing Internet addresses.
OPM

29

Answer Section

NAME (Resource Domain Name) The domain name that was queried, in the same
format as the QNAME in the questions.
TYPE Two octets containing one of the type codes. This field specifies the meaning
of the data in the RDATA field. type 0x0001 (A record), type 0x0002 (name servers)
, type 0x0005 (CNAME/ Alias) and 0x000f (mail servers).

CLASS Two octets which specify the class of the data in the RDATA field.
0x0001 for Internet addresses etc.

OPM

30

Answer Section (cont.)

TTL (Time To Live)The number of seconds the results can be
cached.

RDLENGTH (Resource data length) The length of the RDATA

field.
RDATA (Resource data) The data of the response. The format is
dependent on the TYPE field:

if the TYPE is 0x0001 for A records, then this is the IP address (4 octets).
If the type is 0x0005 for CNAMEs, then this is the name of the alias.
If the type is 0x0002 for name servers, then this is the name of the server.
Finally if the type is 0x000f for mail servers,
OPM

31

Authority & Additional sections

Authority Section
Resource Records (RRs) pointing toward an authority

Additional Section
Resource Records (RRs) holding additional information

OPM

32

DNS Features: Dynamicity

Database can be updated dynamically
Add/delete/modify of any record
Modification of the master database triggers replication
Only master can be dynamically updated
Creates a single point of failure

OPM

33

DNS Features: Global Distribution

Data is maintained locally, but retrievable globally
No single computer has all DNS data

DNS lookups can be performed by any device

Remote DNS data is locally cachable to improve performance

OPM

34

DNS Features: Loose Coherency

The database is always internally consistent
Each version of a subset of the database (a zone) has a serial
number
The serial number is incremented on each database change
Changes to the master copy of the database are replicated
according to timing set by the zone administrator

Cached data expires according to timeout set by zone

administrator
OPM

35

DNS Features: Scalability

No limit to the size of the database
One server has over 20,000,000 names
No limit to the number of queries
24,000 queries per second handled easily
Queries distributed among masters, slaves, and caches

OPM

36

DNS Features: Reliability

Data is replicated
Data from master is copied to multiple slaves
Clients can query
Master server
Any of the copies at slave servers

Clients typically query local caches

DNS protocols can use either UDP or TCP
If UDP, DNS protocol handles retransmission, sequencing,
etc.
OPM

37