ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. A Quick Introduction to the Domain Name System Jim Reid Director, European Operations Nominum.

Slides:



Advertisements
Similar presentations
A Primer on the Domain Name System Joint ITU/WIPO Multilingual Name Symposium 6 December 2001 David C Lawrence.
Advertisements

ITU ENUM Workshop Jan 17, 2000 Copyright © 2001, Nominum, Inc. A Quick Introduction to the Domain Name System David Conrad Chief Technology Officer.
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
Structured Naming Internet Naming Service: DNS* Chapter 5 *referred to slides by David Conrad at nominum.com.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
February 2003slideset 1 Introduction to the DNS system Olaf M. Kolkman
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
COS 420 DAY 23. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.
Application Layer At long last we can ask the question - how does the user interface with the network?
Domain Name System: DNS
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Domain Name Services Oakton Community College CIS 238.
DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Domain Names System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the.
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Network Protocols Chapter 25 (Data Communication & Networking Book): Domain Name System (DNS) 1.
Chapter 17 Domain Name System
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Domain Name System. CONTENTS Definitions. DNS Naming Structure. DNS Components. How DNS Servers work. DNS Organizations. Summary.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
1 Kyung Hee University Chapter 18 Domain Name System.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Configuring Name Resolution and Additional Services Lesson 12.
Internet Address and Domain Name Service (DNS)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Copyright © 2001, Nominum, Inc. Introduction to the DNS DNS Components DNS Structure and Hierarchy The DNS in Context Copyright © 2001, Nominum, Inc.
BZUPAGES.COM. Presented to: Sir. Muizuddin sb Presented by: M.Sheraz Anjum Roll NO Atif Aneaq Roll NO Khurram Shehzad Roll NO Wasif.
Domain Name System (DNS)
Web Server Administration Chapter 4 Name Resolution.
COMP 431 Internet Services & Protocols
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
WHAT IS THE DOMAIN NAME SYSTEM (DNS) ?. Overview 1. Introduction to the DNS. 2. How big is the Domain Name System (DNS) ? 3. Components of the DNS. 4.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
Networking Applications
Chapter 25 Domain Name System.
Domain Name System (DNS)
Principles of Computer Security
DNS.
Net 323 D: Networks Protocols
Chapter 19 Domain Name System (DNS)
Introduction to the DNS system
Chapter 25 Domain Name System
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
A Quick Introduction to the Domain Name System
Chapter 25 Domain Name System
Introduction to the DNS system
Computer Networks Primary, Secondary and Root Servers
Computer Networks Presentation
Apache : Installation, Configuration, Basic Security
Presentation transcript:

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. A Quick Introduction to the Domain Name System Jim Reid Director, European Operations Nominum Ltd

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Overview Introduction to the DNS DNS Components DNS Structure and Hierarchy The DNS in Context

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The DNS is… The Domain Name System –Created in 1983 by Paul Mockapetris (RFCs 1034 and 1035), modified, updated, and enhanced by a myriad of subsequent RFCs What Internet users use to reference anything by name on the Internet The mechanism by which Internet software translates names to addresses and vice versa

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. A Quick Digression: Names versus Addresses An address is how you get to an endpoint –Typically, hierarchical (for scaling): 950 Charter Street, Redwood City CA, , A name is how an endpoint is referenced –Typically, no structurally significant hierarchy David, Hamilton, itu.int

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The DNS is also… A lookup mechanism for translating objects into other objects A globally distributed, loosely coherent, scalable, reliable, dynamic database Comprised of three components –A name space –Servers making that name space available –Resolvers (clients) which query the servers about the name space

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. DNS as a Lookup Mechanism Users generally prefer names to numbers Computers prefer numbers to names DNS provides the mapping between the two –I have x, give me y DNS is NOT a directory service –No way to search the database No easy way to add this functionality

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. DNS as a Database Keys to the database are domain names – 18.in-addr.arpa, 6.4.e164.arpa Over 100,000,000 domain names stored Each domain name contains one or more attributes –Known as resource records Each attribute individually retrievable

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Global Distribution Data is maintained locally, but retrievable globally –No single computer has all DNS data DNS lookups can be performed by any device Remote DNS data may be locally cached to improve performance

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Loose Coherency The database is always internally consistent –Each version of a subset of the database (a zone) has a serial number The serial number is incremented on each database change Changes to the master copy of the database are replicated according to timing set by the zone administrator Cached data expires according to timeout set by zone administrator

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Scalability No limit to the size of the database –One server has over 20,000,000 names Not a particularly good idea No limit to the number of queries –20-30,000 queries per second handled easily Queries distributed among masters, slaves, and caches

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Reliability Data is replicated –Data from master is copied to multiple slave servers Clients can query –Master server –Any of the copies at slave servers Clients will typically query local caches DNS protocols can use either UDP or TCP –If UDP, DNS protocol handles retransmission, sequencing, etc.

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Content Control Database can be updated dynamically –Add/delete/modify any record Modification of the master database triggers replication to slave name servers –Only master can be dynamically updated Creates a single point of failure

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Overview Introduction to the DNS DNS Components –The name space –The servers –The resolvers DNS Structure and Hierarchy The DNS in Context

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the top Each node has a label –The root node has a null label, written as

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. An Analogy – E.164 Root node maintained by the ITU (call it +) Top level nodes = country codes (1, 81, etc) Second level nodes = regional codes (1-808, 81-3, etc.)

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Labels Each node in the tree must have a label –A string of up to 63 8 bit bytes The DNS protocol makes NO limitation on what binary values are used in labels –RFCs 952 and 1123 define legal characters for hostnames A-Z, 0-9, and - only with a-z and A-Z treated as the same Sibling nodes must have unique labels The null label is reserved for the root node

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Domain Names A domain name is the sequence of labels from a node to the root, separated by dots (.s), read left to right –The name space has a maximum depth of 127 levels –Domain names are limited to 255 characters in length A nodes domain name identifies its position in the name space

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Subdomains One domain is a subdomain of another if its apex node is a descendant of the others apex node More simply, one domain is a subdomain of another if its domain name ends in the others domain name –So sales.nominum.com is a subdomain of nominum.com com –nominum.com is a subdomain of com

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Delegation Administrators can create subdomains to group hosts –According to geography, organizational affiliation or any other criterion An administrator of a domain can delegate responsibility for managing a subdomain to someone else –But this isnt required The parent domain retains links to the delegated subdomain –The parent domain remembers who it delegated the subdomain to

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Delegation Creates Zones Each time an administrator delegates a subdomain, a new unit of administration is created –The subdomain and its parent domain can now be administered independently –These units are called zones –The boundary between zones is a point of delegation in the name space Delegation is good: it is the key to scalability

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Dividing a Domain into Zones nominum.com domain nominum.com zone ams.nominum.com zone rwc.nominum.com zone

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Overview Introduction to the DNS DNS Components –The name space –The servers –The resolvers DNS Structure and Hierarchy The DNS in Context

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Name Servers Name servers store information about the name space in units called zones –The name servers that load a complete zone are said to have authority for or be authoritative for the zone Usually, more than one name server are authoritative for the same zone –This ensures redundancy and spreads the load Also, a single name server may be authoritative for many zones

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Name Servers and Zones nominum.com Name Servers isc.org Zones serves data for both nominum.com and isc.org zones serves data for nominum.com zone only serves data for isc.org zone only

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Types of Name Servers Two main types of servers –Authoritative – maintains the data Master – where the data is edited Slave – where data is replicated to –Caching – stores data obtained from an authoritative server The most common name server implementation (BIND) combines these two into a single process –Sometimes discrete processes in other implementations No special hardware necessary

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Name Server Architecture You can think of a name server as part: –database server, answering queries about the parts of the name space it knows about (i.e., is authoritative for), –cache, temporarily storing data it learns from other name servers, and –agent, helping resolvers and other name servers find data that other name servers know about

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Name Server Architecture Master server Zone transfer Zone data file From disk Authoritative Data (primary master and slave zones) Agent (looks up queries on behalf of resolvers) Cache Data (responses from other name servers) Name Server Process

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Authoritative Data Resolver Query Response Authoritative Data (primary master and slave zones) Agent (looks up queries on behalf of resolvers) Cache Data (responses from other name servers) Name Server Process

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Using Other Name Servers Arbitrary name server Response Resolver Query Authoritative Data (primary master and slave zones) Agent (looks up queries on behalf of resolvers) Cache Data (responses from other name servers) Name Server Process Response

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Cached Data Query Response Authoritative Data (primary master and slave zones) Agent (looks up queries on behalf of resolvers) Cache Data (responses from other name servers) Name Server Process Resolver

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Overview Introduction to the DNS DNS Components –The name space –The servers –The resolvers DNS Structure and Hierarchy The DNS in Context

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Name Resolution Name resolution is the process by which resolvers and name servers cooperate to find data in the name space To find information anywhere in the name space, a name server only needs the names and IP addresses of the name servers for the root zone (the root name servers) –The root name servers know about the top-level zones and can tell name servers whom to contact for all TLDs

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Name Resolution A DNS query has three parameters: –A domain name (e.g., ), Remember, every node has a domain name! –A class (e.g., IN), and –A type (e.g., A) A name server receiving a query from a resolver looks for the answer in its authoritative data and its cache –If the server isnt authoritative for the answer and the answer isnt in the cache, the answer must be looked up

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ping The Resolution Process Lets look at the resolution process step-by- step: annie.west.sprockets.com

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Whats the IP address of The Resolution Process The workstation annie asks its configured name server, dakota, for address ping annie.west.sprockets.com dakota.west.sprockets.com

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Resolution Process The name server dakota asks a root name server, m, for address ping annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Whats the IP address of

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Resolution Process The root server m refers dakota to the com name servers This type of response is called a referral ping annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Heres a list of the com name servers. Ask one of them.

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Resolution Process The name server dakota asks a com name server, f, for address ping annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Whats the IP address of f.gtld-servers.net

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Resolution Process The com name server f refers dakota to the nominum.com name servers ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com Heres a list of the nominum.com name servers. Ask one of them.

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Resolution Process The name server dakota asks an nominum.com name server, ns1.sanjose, for address ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net Whats the IP address of

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Resolution Process The nominum.com name server ns1.sanjose responds with address ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net Heres the IP address for

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Heres the IP address for The Resolution Process The name server dakota responds to annie with address ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ping ftp.nominum.com. Resolution Process (Caching) After the previous query, the name server dakota now knows: –The names and IP addresses of the com name servers –The names and IP addresses of the nominum.com name servers –The IP address of Lets look at the resolution process again annie.west.sprockets.com

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ping ftp.nominum.com. Whats the IP address of ftp.nominum.com? Resolution Process (Caching) The workstation annie asks its configured name server, dakota, for ftp.nominum.coms address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ping ftp.nominum.com. Whats the IP address of ftp.nominum.com? Resolution Process (Caching) dakota has cached an NS record indicating ns1.sanjose is an nominum.com name server, so it asks it for ftp.nominum.coms address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ping ftp.nominum.com. Heres the IP address for ftp.nominum.com Resolution Process (Caching) The nominum.com name server ns1.sanjose responds with ftp.nominum.coms address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ping ftp.nominum.com. Heres the IP address for ftp.nominum.com Resolution Process (Caching) The name server dakota responds to annie with ftp.nominum.coms address annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. What can be Resolved? Any name in the name space Class –Internet (IN), Chaos (CH), Hesiod (HS) Type –Address (A, AAAA, A6) –Pointer (PTR, NAPTR) –Aliases (CNAME, DNAME) –Security related (TSIG, SIG, NXT, KEY) –Etc.

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Overview Introduction to the DNS DNS Components DNS Structure and Hierarchy The DNS in Context

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. DNS Structure and Hierarchy The DNS imposes no constraints on how the DNS hierarchy is implemented except: –A single root –The label restrictions If a site is not connected to the Internet, it can use any domain hierarchy it chooses –Can make up whatever TLDs you want Connecting to the Internet implies use of the existing DNS hierarchy

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Top-level Domain (TLD) Structure In 1983 (RFC 881), the idea was to have TLDs correspond to network service providers –e.g., ARPA, DDN, CSNET, etc. Bad idea: if your network changes, your address changes By 1984 (RFC 920), functional domains was established –The motivation is to provide an organization name that is free of undesirable semantics. – e.g., GOV for Government, COM for commercial, EDU for education, etc. RFC 920 also provided for –Provided for country domains –Provided for Multiorganizations Large, composed of other (particularly international) organizations –Provided a stable TLD structure until 1996 or so

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Domain Name Wars In 1996,the US National Science Foundation permitted Network Solutions to charge a usage fee for the allocation and registration of domain names –To compensate for the explosive growth the Internet was facing at the time The resultant controversy caused the US Government (Dept. of Commerce) to take a much more active role –Official governmental policy (the White Paper) on Internet resource administration created That policy resulted in the creation of ICANN

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Internet Corporation for Assigned Names and Numbers California non-profit, operating in Marina Del Rey, California, USA Consists of: –A set of Support Organizations Address Support Organization, Domain Name Support Organization, Protocol Support Organization –A board of 19 members 9 elected by public membership 3 each by each of the SOs 1 President/CEO –A set of committees Governmental Advisory Committee, Addressing Ad Hoc Committee, etc. that advise the board

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. ICANNs Role To oversee administer Internet resources including –Addresses Delegating blocks of addresses to the regional registries –Protocol identifiers and parameters Allocating port numbers, etc. –Names Administration of the root zone file Oversight of the operation of the root name servers

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Internet Root The DNS protocol assumes a consistent name space –This consistency is enforced by the constraint of a SINGLE root for the Internet domain name space There is no assumption on how that single root is created ICANN oversees modification of the zone file that makes up the Internet DNS root

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Multiple Roots? The single root is often seen as a single point of control for the entire Internet –Edit control of the root zone file implies the ability to control the entire tree Multiple root solutions have often been proposed –Unless coordinated, inconsistencies will almost certainly result This would be very, very bad Answers from the DNS would depend on where you are and who you ask

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. DNS Fundamental Principle Universal response: The same query always gets the same answer no matter where it was asked or what name server(s) were queried Alternate (multiple) root solutions generally violate this fundamental principle

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Multiple Root Problems They define different name spaces! –Bogus TLDs Unreachable addresses and web sites only visible from a DNS tree served by another root –Which one? –Fake domains and TLDs Two or more.com domains –Not necessarily identical Two or more sun.com domains (say) –Which one is real? –Non-existent, but real TLDs Tree served by alternate root drops.com or.uk (say) Lots of confusion…. And litigation!

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Root Nameservers Modification of the root zone file is pointless unless that zone file is published The root zone file is published on 13 servers, A through M, around the Internet –Location of root nameserver is a function of network topology Root name server operations currently provided by volunteer efforts by a very diverse set of organizations –Volunteer nature will change soon

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Root Name Server Operators NameserverOperated by: AVerisign (US East Coast) BUniversity of S. California –Information Sciences Institute (US West Coast) CPSI (US East Coast) DUniversity of Maryland (US East Coast) ENASA (Ames) (US West Coast) FInternet Software Consortium (US West Coast) GU. S. Dept. of Defense (ARL) (US East Coast) HU. S. Dept. of Defense (DISA) (US East Coast) IKTH (SE) JVerisign (US East Coast) KRIPE-NCC (UK) LICANN (US West Coast) MWIDE (JP)

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Current TLDs

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. The Generic Top-Level Domains (gTLDs).COM,.NET, and.ORG –By far the largest top level domains on the Internet today.COM has approx. 20,000,000 names –Essentially no restriction on what can be registered Network Solutions (now Verisign) received the contract for the registry for.COM,.NET, and.ORG –also a registrar for these TLDs

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. New Top Level Domains Recently, ICANN created 7 new top level domains: –.aero,.biz,.coop,.info,.museum,.name,.pro Some are chartered (.aero,.coop,.museum,.name,.pro) Some are generic (.biz,.info) Many people unhappy with the process by which these new TLDs were created –Expect continued discussion

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Country Code Top-Level Domains With RFC 920, the concept of domains delegated on the basis of nations was recognized Conveniently, ISO has a list of official country code abbreviations –ISO-3166 IANA has also used Universal Postal Codes –(e.g.,.GG for Guernsey) Key consideration is to use lists other organizations define to avoid getting into political battles over what is or is not a valid ccTLD

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Structuring a ccTLD How each country top-level domain is organized is up to the country –Some, like Australias au, follow the functional definitions com.au, edu.au, etc. –Others, like Great Britains uk and Japans jp, divide the domain functionally but use their own abbreviations ac.uk, co.uk, ne.jp, ad.jp, etc. –A few, like the United States us, are largely geographical co.us, md.us, etc. –Some are flat, that is, no hierarchy nlnet.nl, univ-st-etienne.fr Considered a question of national sovereignty

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc..arpa Now, Address and Routing Parameter Area –Was Advanced Research Projects Administration US Dept. of Defense network, precursor to the Internet Used for infrastructure domains –IPv4 reverse (address to name) lookups –IPv6 reverse lookups –E.164 Only.arpa is hard-coded into the DNS system –DNS resolver software has it explicitly

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Other TLDs.GOV – used by US Governmental organizations –E.g., state.gov, doj.gov, whitehouse.gov, etc..MIL – used by the US Military –E.g., af.mil, army.mil, etc..EDU – used for Educational institutions –Higher learning, not only US-based ones –E.g., harvard.edu, unu.edu, utoronto.edu.INT – international treaty organizations –E.g., itu.int, nato.int, wipo.int

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Registries, Registrars, and Registrants The Domain Wars resulted in a codification of roles in the operation of a domain name space Registry –the name spaces database –the organization which has edit control of that database Including dispute resolution, policy control, etc. –The organization which runs the authoritative name servers for that name space Registrar –the agent which submits change requests to the registry on behalf of the registrant Registrant –The entity which makes use of the domain name

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Registries, Registrars, and Registrants Registry Zone DB Registrants End user requests add/modify/delete Registrar submits add/modify/delete to registry Registrar Master updated Registry updates zone Slaves updated

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Overview Introduction to the DNS DNS Components DNS Hierarchy The DNS in Context

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Load concerns DNS can handle the load –DNS Root Servers get approximately 3000 queries per second (down from 8000 qps) Empirical proofs (DDoS attacks) show root name servers can handle 50,000 queries per second –Limitation is network bandwidth, not the DNS protocol –in-addr.arpa zone, which translates numbers to names, gets about 2000 queries per second Current closest analogue to e164.arpa

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Performance concerns DNS is a very lightweight protocol –Simple query – response Any performance limitations are the result of network limitations –Speed of light –Network congestion –Switching/forwarding latencies

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Security Concerns Base DNS protocol (RFC 1034, 1035) is insecure –Spoof attacks are possible DNS Security Enhancements (DNSSEC, RFC 2565) remedies this flaw –But creates new ones DoS attacks Amplification attacks Operational considerations DNSSEC strongly discourages large flat zones –Hierarchy (delegation) is good

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Technically Speaking… ENUM is technically non-challenging –Intelligent delegation model will permit unlimited scaling –Performance considerations at the feet of service providers –Security concerns can be addressed by DNSSEC

ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. Questions?