1 / 30

CSE 124 Networked Services Fall 2009

CSE 124 Networked Services Fall 2009. B. S. Manoj, Ph.D http://cseweb.ucsd.edu/classes/fa09/cse124. Some of these slides are adapted from various sources/individuals including but not limited to the slides from the text books by Kurose and Ross and Tanenbaum, and Google.com.

cassidy-drake
Download Presentation

CSE 124 Networked Services Fall 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE 124Networked ServicesFall 2009 B. S. Manoj, Ph.D http://cseweb.ucsd.edu/classes/fa09/cse124 Some of these slides are adapted from various sources/individuals including but not limited to the slides from the text books by Kurose and Ross and Tanenbaum, and Google.com. Use of these slides other than for pedagogical purpose for CSE 124, may require explicit permissions from the respective sources. CSE 124 Networked Services Fall 2009

  2. Reminders • Week1-Homework • Due by the Thursday, 8th October • Programming Project-1 • Due by the Thursday, 23rd October • Programming Project-2 • Start thinking now • What services you might want • Not existing or not popularly existing today • Novel variations of existing protocols, architectures, and services CSE 124 Networked Services Fall 2009

  3. Application Layer Services: Domain Name System • Provides many services including the name-to-address translation • Why DNS • Names are easy for human reading, however, IP addresses are required for Internet routers • In original ARPANET, • hosts.txt file contained host-to-address translation • A central server maintained and managed the changes in hosts.txt file • Hosts downloaded the hosts.txt file periodically (e.g., midnight ) • With the growth of ARPANET, the above method proved unscalable CSE 124 Networked Services Fall 2009

  4. Domain Name System • One of the most important application layer protocol • Every other application layer protocol needs DNS • Provides many services • Name to address resolution • Host name to IP address translation • Name aliasing • Host name aliasing • Service aliasing • Mail services aliasing • Information services • Performance optimization • Traffic load distribution, Improving response time, and Improving scalability CSE 124 Networked Services Fall 2009

  5. Name to Address resolution • Translation from human-readable name to router-readable address • Example: # nslookup > cseweb.ucsd.edu Server: 132.239.0.252 Address: 132.239.0.252#53 Name: cseweb.ucsd.edu Address: 132.239.51.6 > > server Default server: 132.239.0.252 Address: 132.239.0.252#53 Default server: 128.54.16.2 Address: 128.54.16.2#53 Domain Name IP address Primary Local DNS server Secondary Local DNS server CSE 124 Networked Services Fall 2009

  6. Host Name aliasing • Translation from complex canonical names to simple mnemonic names • e.g., cluster0028.asia.microsoft.com • Relay8951.cluster392.utopia.com # nslookup > docs.google.com Server: 132.239.0.252 Address: 132.239.0.252#53 Non-authoritative answer: docs.google.com canonical name = writely.l.google.com. Name: writely.l.google.com Address: 66.102.7.139 > PING google.com (74.125.67.100) 56(84) bytes of data. 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=1 ttl=46 time=88.9 ms 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=2 ttl=46 time=88.8 ms Mnemonic domain name Canonical domain name CSE 124 Networked Services Fall 2009

  7. Service Aliasing • DNS can also be used for service aliasing • e.g., mail services aliasing • IP address aliasing • SRV extensions • Mail services are typically not provided by the web server • Web server is more popular than mail servers (www.microsoft.com) • It is better served when associated with the same server name for both • somebody@ucsd.edu is better than somebody@receive-mailserver001.cse.ucsd.edu • The DNS uses a special record to provide the domain name of the mail server associated with a domain name • Helps multiple services such as web and mail using same domain name CSE 124 Networked Services Fall 2009

  8. Features of DNS • A hierarchical naming system • e.g., cseweb.ucsd.edu • A distributed, federated, hierarchically organized, server system • An application layer protocol • Simple, Query-Reply-based, On UDP CSE 124 Networked Services Fall 2009

  9. Features of DNS • A hierarchical naming system • e.g., cseweb.ucsd.edu CSE 124 Networked Services Fall 2009

  10. Hierarchical naming/server system TLD for country domains 13 root domain servers (10 in US, 2 in Europe, 1 in Asia) Top Level Domains (TLD) (> 258) Sub domain CSE 124 Networked Services Fall 2009

  11. Examples of Generic Top Level Domains (gTLDs) • .aero Aviation • .asiaAsia • .biz Business Organizations • .cat Catalan language and culture • .com Commercial • .coop Co-Operative Organizations • .eduEducation • .govUS Government • .info Open TLD • .intInternational Organizations • .jobs Jobs • .mil US Department of Defense • .mobiMobile devices • .museum Museums • .name Personal • .netNetworks • .org Organizations • .pro Credentialed professionals and related entities • .telPublishing of contact data • .travel Travelling CSE 124 Networked Services Fall 2009

  12. DNS Server Hierarchy • Root DNS (rDNS) servers • 13 of them (10 in US, 2 in Europe, and 1 in Asia), each is a collection of servers • Do not maintain A records • Maintain records for locating Top level DNS servers • Top level domain (TLD) DNS servers • Do not maintain A records • Responsible for the top level domains such as .com, .org, .edu etc • Also responsible for the country level domains such as .us, .uk, .no, .jp, .cn, etc. • More than 258 domains exist today, (likely to grow even further) • Authoritative DNS server • Provided by the organization which hosts the web servers and hosts • Maintains A record for many hosts (in some cases there may be hierarchy of aDNS servers) • Either hosted within the organization or through a DNS service provider • Local DNS server • Plays the intermediary role between client and the hierarchy of DNS servers • Not part of the hierarchy of the DNS CSE 124 Networked Services Fall 2009

  13. How DNS works • A client calls resolver function • A software library that implements the DNS client in an end-user machine • Resolver sends a DNS query message to its local DNS (LDNS) server • LDNS replies immediately if it has a cached information available • If LDNS does not have the IP address, then it tries • First the root DNS servers • Then the general TLD servers • Then one or more of the authoritative DNS servers CSE 124 Networked Services Fall 2009

  14. DNS APIs • For unix-based systems, the client calls • structhostent *gethostbyname(const char *name); • returns a structure of type hostent for the given host name. • Name is a character array contains the host name • structhostent *gethostbyaddr(const char *addr, intlen, inttype); • Used for reverse lookup (IP address to hostname) • structhostent { char *h_name; /* official name of host */ char **h_aliases; /* alias list */ inth_addrtype; /* host address type */ inth_length; /* length of address */ char **h_addr_list; /* list of addresses */ } CSE 124 Networked Services Fall 2009

  15. A client side code example …… intsfd; structsockaddr_unaddr; char host_name[256]; structhostent *host_addr; sprintf(host_name,”www.google.com”); /* copies the name to the host_name array*/ host_addr = gethostbyname(host_name); If(!host_addr) { fprintf(stderr,”Unknown host: %s\n”,host_name); exit(1); } sfd = socket(AF_UNIX, SOCK_STREAM, 0); /* socket is opened*/ if (sfd == -1) { perror("socket"); exit(EXIT_FAILURE); } memset(&addr, 0, sizeof(structsockaddr_un)); /* Clear structure */ addr.sun_family = AF_UNIX; strncpy(addr.sun_path, MY_SOCK_PATH, sizeof(addr.sun_path) - 1); CSE 124 Networked Services Fall 2009

  16. How DNS works Root DNS (rDNS) servers The Internet docs.google.com Local DNS (lDNS) server docs.google.com NS: .com General Top Level Domain (gTLD) DNS servers Enterprise/Campus/ Local Network 2 docs.google.com 4 1 3 5 8 NS: dns.google.com 6 66.102.7.113 and ….. 7 A: 66.102.7.113 and ….. Authoritative DNS (aDNS) servers CSE 124 Networked Services Fall 2009

  17. DNS resource record types • A Resource Record (RR) is a basic data element in a DNS database • DNS server stores different types of RRs • Each RR corresponds to a set of information for a particular service DNS provides • A record consists of multiple values that contains {Name, TTL, Class, Type, Value} CSE 124 Networked Services Fall 2009

  18. DNS record types • Record: {Name, Value, Class, Type, TTL} • Type A: Name=Hostname, Value= IP address, TTL=time to live • Type A record gives hostname-to-address resolution • E.g; {cseweb.ucsd.edu, 132.239.51.6, A, 19800} • Type NS: Name=domain (e.g., google.com), Value = address of the authoritative DNS (aDNS) server • aDNS server can help with resolution of hostnames in the domain • Type CNAME: Name=hostname, Value=canonical host name for hostname • Provides hostname aliasing service • e.g., {docs.google.com, writely.l.google.com, CNAME} • Type MX: Name=hostname, Value=canonical name of the mail server associated with the hostname • e.g., {ucsd.edu, mail-jsoe.ucsd.edu, MX} CSE 124 Networked Services Fall 2009

  19. An estimate of DNS queries (2003) • Organizations managing rDNS servers report 100s of millions of queries per day • Traces from F-root server • San Francisco and Palo Alto • 4 root server machines • 152 million queries/24 hours Source: D. Wessels and M. Fomenkov, “WoW, That’s a lot of packets,” ACM PAM 2003 CSE 124 Networked Services Fall 2009

  20. DNS protocol :queryand reply messages, both with same message format DNS protocol, messages • msg header • identification: 16 bit # for query, reply to query uses same # • flags: • query or reply • recursion desired • recursion available • reply is authoritative CSE 124 Networked Services Fall 2009

  21. DNS query flags CSE 124 Networked Services Fall 2009

  22. DNS protocol, messages Name, type fields for a query RRs in response to query records for authoritative servers additional “helpful” info that may be used CSE 124 Networked Services Fall 2009

  23. Inserting records into DNS • example: new startup “Network Utopia” • register name networkuptopia.com at DNS registrar (e.g., Network Solutions) • provide names, IP addresses of authoritative name server (primary and secondary) • registrar inserts two RRs into com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 212.212.212.1, A) • Similarly, create authoritative server Type A record for www.networkuptopia.com; Type MX record for networkutopia.com CSE 124 Networked Services Fall 2009

  24. DNS Performance optimization services • Not originally intended • However, today it is a very important service • Main performance optimization • Load Distribution • Provisioning Reliability • Content Distribution network services • Load distribution • DNS is used to provide load balancing among multiple servers that serve the same domain • Many popular web servers use server replication • A set of IP addresses is associated with a canonical name • When a client queries, DNS server replies with the entire set of IP addresses • Each client makes use of the first IP address in the set • The set of IP addresses is rotated in order when subsequent request • Therefore, the load is almost equally balanced among the set of servers CSE 124 Networked Services Fall 2009

  25. An example 1 2 3 >docs.google.com Server: 132.239.0.252 Address: 132.239.0.252#53 Non-authoritative answer: docs.google.com canonical name = writely.l.google.com. Address: 66.102.7.113 Address: 66.102.7.138 Address: 66.102.7.139 Address: 66.102.7.100 Address: 66.102.7.101 Address: 66.102.7.102 > docs.google.com Server: 132.239.0.252 Address: 132.239.0.252#53 Non-authoritative answer: docs.google.com canonical name = writely.l.google.com. Address: 66.102.7.139 Address: 66.102.7.100 Address: 66.102.7.101 Address: 66.102.7.102 Address: 66.102.7.113 Address: 66.102.7.138 > docs.google.com Server: 132.239.0.252 Address: 132.239.0.252#53 Non-authoritative answer: docs.google.com canonical name = writely.l.google.com. Address: 66.102.7.102 Address: 66.102.7.113 Address: 66.102.7.138 Address: 66.102.7.139 Address: 66.102.7.100 Address: 66.102.7.101 CSE 124 Networked Services Fall 2009

  26. Content Distribution Network services • DNS is effectively used to provide content distribution services • When a client queries for an address of a host, the DNS server provide the name of a CDN • The CDN’s DNS replies with the address of the web cache nearest to the client’s location • The client receives content from a nearby Web cache than the main web server • Quick response • Better load balancing • High server scalability CSE 124 Networked Services Fall 2009

  27. origin server (www.cnn.com) distributes HTML replaces: http://www.cnn.com/sports.ruth.gif withhttp://www.cdn.com/www.cnn.com/sports/ruth.gif HTTP request for www.cnn.com/sports/sports.html CDN example origin server 1 DNS query for www.cdn.com 2 client CDN’s authoritative DNS server 3 HTTP request for www.cdn.com/www.cnn.com/sports/ruth.gif CDN server near client CDN company (cdn.com) • distributes gif files • uses its authoritative DNS server to route redirect requests CSE 124 Networked Services Fall 2009

  28. Additional sources • Domain names are sold by domain name registrars • Very competitive business models exist for domain names • Domain names are one of the most sought after real-estates in the web today • Some simple names are worth several millions • Business.com: $8 million • Wine.com: $2.9 million • Drugs.com: $830,000 • Important • When you register valuable names, register for longer duration • Internet Corporation of Assigned Names and Numbers (ICANN) • Responsible for accrediting various domain name registrars • http://www.internic.net/ • For the list of accredited registrars CSE 124 Networked Services Fall 2009

  29. Attacks on DNS • Distributed Denial of Service • Bandwidth flooding or resource consumption • Flooding Ping messages • Distributed DNS query attack • Man-in-the middle attack • Capture DNS queries and generate bogus DNS replys • DNS poisoning • Erroneously populate the DNS caches by originating bogus replys • Reflection attacks against hosts by • Generate spoofed DNS queries and thus create large number of replys • Targetting a host with DSN replys • Querys can be ANY? So that replys will be bigger packets CSE 124 Networked Services Fall 2009

  30. Summary of DNS • DNS is an important service on Internet • Every other service depends on it • DNS is scalable, distributed, hierarchical, and federated • Many performance optimization strategies are used with the help of DNS CSE 124 Networked Services Fall 2009

More Related