Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS & X.500.

Published byOsborne Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "DNS & X.500."— Presentation transcript:

1 DNS & X.500

2 Overview The Domain Name System(DNS) X.500 Directory Service
Domain Name Space DNS Name Servers Name resolution algorithm Caching: The Key to Efficiency Domain Server Message Format Resource Records Example X.500 Directory Service

3 DNS The Domain Name System(DNS)
A name service design whose principal naming database is used across the Internet The original Internet naming scheme All host names and addresses were held in a single central master file Downloaded by FTP to all computers that required them The major shortcomings of original scheme It does not scale to large numbers of computers Local organizations wish to administer their own naming system A general name service is needed – not one that only serves for looking up computer address To map a name onto an IP address, an application program calls a library procedure called the resolver, passing it the name as a parameter The resolver sends a UDP packet to a local DNS server, which look up the name and returns the IP address to the resolver, which then returns it to the caller

4 DNS(Cont.) The Domain Name Space has a tree structure
Internet is divided into several hundred top-level domains Each domain is partitioned into subdomains, and these are further partitioned, and so on The Internet DNS name space is partitioned both organizationally and according to geography com, deu, gov, mil, net, org, int… us, uk, fr, kr… Domains can be inserted into the tree in two different ways Each domain is named by the path upward from it to the root Each domain controls how it allocates the domains under it To create a new domain, permission is required of the domain in which it will be included Domains names are completely independent of their location

5 DNS(Cont.) A portion of the Internet domain name space

6 DNS(Cont.) Name Servers
A name server is a server program that supplies name-to-address translation, mapping from domain to IP addresses A large organization is highly unlike to store all of its naming information on a single server such a server would be a bottleneck and a critical point of failure Each name server maintain entire directories The database is divided up into sections called zones The essential task of a name server is to answer queries using data in its zones The name server marks its responses to queries so that the requester can tell whether the response comes from authoritative data or not Authoritative record is one that comes from the authority that manages the record, and is thus always correct(complete information)

7 DNS(Cont.) DNS name servers ns1.cs.ucl.ac.uk (ac.uk) ns.nasa.gov
dcs.qmw.ac.uk doc.ic.ac.uk aAlpha.qmw.ac.uk (qmw.ac.uk) (root) (purdue.edu) ns.purdue.edu (dcs.qmw.ac.uk) magician.dcs.qmw.ac.uk dns-0.doc.ic.ac.uk (doc.ic.ac.uk) qmw.ac.uk ac.uk purdue.edu *.purdue.edu *.doc.ic.ac.uk *.dcs.qmw.ac.uk *.qmw.ac.uk

8 DNS(Cont.) Name resolution algorithm
There are two ways : by contacting name servers one at a time(non-recursive, iterative) or asking the name server system to perform the complete translation(recursive) Conceptually, domain name resolution proceeds top-down, starting with the root name server and proceeding to servers located at the leaves of the tree The client software forms a domain name query It sends the query to a name server for resolution When a domain server receives a query, it checks to see if the name lies in the subdomain for which it is an authority If so, it translates the name to an address according to its database, and appends an answer to the query before sending it back to the client If the client requested complete translation, the server contacts a domain name server that can resolve the name and returns the answer to the client If the client requested non-recursive resolution, the name server cannot supply an answer It generate a reply that specifies the name server the client should contact next to resolve the name

9 DNS(Cont.) Iterative navigation Non-recursive navigation
UA NS2 NS1 NS3 Namesevers 1 2 3 UA NS2 NS1 NS3 1 2 3 4 Recursive navigation UA NS2 NS1 NS3 1 2 3 5 4

10 DNS(Cont.) Efficient Translation Inefficiencies for three reasons
Most name resolution refers to local names, those found within the same subdivision of the namespace as the machine from which the request originates If each name resolution always started by contacting the topmost level of the hierarchy, the machine at that point would become overloaded Failure of machines at the topmost levels of the hierarchy would prevent name resolution, even if the local authority could resolve the name In the two-step name resolution process, resolution begins with the local name sever If the local server cannot resolve a name, the query must then be sent to another server in the domain system

11 DNS(Cont.) Caching: The Key to Efficiency
To improve the overall performance of a name server system, it is necessary to lower the cost lookup for nonlocal names Internet name servers use name caching to optimize search costs Each server maintains a cache of recently used as well as a record of where the mapping information for that name was obtained (marking as a nonauthoritative) To keep the cache correct, servers time each entry and dispose of entries that exceed a reasonable time Servers do not apply a single fixed timeout to all entries, but allow the authority for an entry to configure its timeout Whenever an authority responds to a request, it includes a Time To Live(TTL) value in the response that species how long it guarantees the binding to remain

12 DNS(Cont.)

13 ADDITOINAL INFORMATION SECTION
DNS(Cont.) Domain Server Message Format Standard message format ADDITOINAL INFORMATION SECTION AUTHORITY SECTION ANSWER SECTION QUESTION SECTION NUMBER OF ADDITIONAL NUMBER OF AUTHORITY NUMBER OF ANSWER NUMBER OF QUESTIONS PARAMETER IDENTIFICATION 16 31

14 DNS(Cont.) Unique IDENTIFACTION field that the client uses to match response PARAMETER field that specifies the operation requested and a response NUMBER OF QUESTION gives the count of entries in the QUESTION SECTION QUESTION SECTION contains queries for which answers are desired ANSWER SECTION, AUTHORITY SECTION, ADDITIONAL SECTION consists of a set of resource records The client fills in only the question section; the server returns the question and answers in its response

15 DNS(Cont.) The format entries in the QUESTION SECTION of a domain name server message 16 31 QUERY DOMAIN NAME QUERY TYPE QUERY CLASS The format of Resource Records of messages returned by domain name servers RESOURCE DATA RESOURCE DATA LENGTH TIME TO LIVE CLASS TYPE RESOURCE DOMAIN NAME 31 16

16 DNS(Cont.) Resource Records
When a resolver gives a domain name to DNS, what it gets back are the resource records associated with that name RESOURCE DOMAIN NAME field contains the domain name to which this resource record refers TIME TO LIVE field describes how long can be cashed before it should be discarded CLASS field species the data’ class. For Internet information, it is always IN The TYPE field specifies the type of the data included in the resource record The RESOURCE DATA field can be a number, a domain name, or an ASCII string depending on the record record type

17 The principal DNS resource record types
DNS(Cont.) The principal DNS resource record types Type Meaning Value SOA Start of Authority Parameters for this zone A IP address of a host 32-Bit integer MX Mail exchange Priority, domain willing to accept NS Name Server Name of a server for this domain CNAME Canonical name Domain name PTR Pointer Alias for an IP address HINFO Host description CPU and OS in ASCII TXT Text Uninterpreted ASCII text

18 DNS(Cont.) How a resolver looks up a remote name int gov edu com mil
nl net us org jp eng yale sun acm keio ieee cs ac co jack jill pc24 nec robot csl linda ai fluit oce vu flits Originator name server VU CS Edu Yale Yale CS yale.edu flits.cs.vu.nl Edu-server.net cs.yale.edu cs.vu.nl 1 4 3 2 7 5 6 8

19 X.500 Directory Service Attribute–based name service : <name, attribute> X.500 directory is under a common root directory is a tree hierarchy of : country, organization, organizational unit, person wide range of attributes are stored at each node in the tree access is not just by name searching for entries with any required combination of attributes DIT(Directory Information Tree) The X.500 name tree DIB(Directory Information Base) Entire directory structure including the data associated with the nodes Two of the largest directory service provider are InterNIC and ESnet

20 X.500 Directory Service(Cont.)
Part of the X.500 Directory Information Tree X500 Service (root) …France(country) Great Britain(country) Greece(country)… …BT Plc(organization) Cambridge University(oiganization)… ….Computing Service(organizational Unit) …Computer Lab(organizationalUnit) Engineering Department(organizationalUnit)… …Departmental Staff(organizationalUnit) ely (applicationProcess) Research Students(organizationalUnit)… Jon Fairbairn(person) Ken Moody(person) Karen Sparck-jones(person)… …Jean Bacon(person)

21 X.500 Directory Service(Cont.)
DSA(Directory Service Agents) : server Each local directory represent one organization or a group of organizations DUA(Directory User Agents) : client user interface program for access to one of more DSAs DUA DSA

22 X.500 Directory Service(Cont.)
Operation client ---- connection ----> server access directory(issued query) If have no required data in DIB invoke other server or redirected the client to another server The full name of an entry corresponds to a path through the DIT from the root of the tree to the entry A DIB entry consists of a set of attributes, where an attributes has a type and one or more values Type name : for example, countryName, organizationalName, commonName, telephoneNumber, mailbox, objectClass

23 X.500 Directory Service(Cont.)
The name of a DIB entry is determined by selecting one or more of its attributes as distinguished attributes – Distinguished Name(DN) Two main types of access request read an absolute or relative name for an entry is given together with a list of attributes to be read The DSA server retrieves the required attributes and returns them to the client search A base name and a filter expression are supplied as arguments This command returns a list of names for all of the entries below the base node for which the filter evaluates to TRUE

24 X.500 Directory Service(Cont.)
DNS Versus X.500 DNS X.500 - simply look up data attached to a given domain name supports many types of searching matches and specify incomplete information - relatively simple distributed database meant to solve a particular problem - is a full-blown distributed database meant to be used for a wide variety of applications - can store the phone book , information about all sorts of network devices and their attributes - is not secure - has a security features involving credentials and the support of multiple encryption types

Download ppt "DNS & X.500."

Similar presentations

Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.

DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
DNS – The Domain Name System Presented By: Shravan S. Mylavarapu.

DNS – The Domain Name System Presented By: Shravan S. Mylavarapu.
COS 420 DAY 23. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due.

COS 420 DAY 23. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.
CMPE 150 – Winter 2009 Lecture 18 March 10, 2009 P.E. Mantey.

CMPE 150 – Winter 2009 Lecture 18 March 10, 2009 P.E. Mantey.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Chapter 25 Domain Name System.

McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 25 Domain Name System.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
Domain Name System: DNS

Domain Name System: DNS
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Domain Name System (DNS) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Domain Name System (DNS) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute
DOMAIN NAME SYSTEM. Introduction  There are several applications that follow client server paradigm.  The client/server programs can be divided into.

DOMAIN NAME SYSTEM. Introduction  There are several applications that follow client server paradigm.  The client/server programs can be divided into.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
Chapter 25 Domain Name System

Chapter 25 Domain Name System
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
The Domain Name System Presented by: Baolan Bo Bo Liangzhen LiangzhenShuguangWeihuaYujun Instructor: Dr. Sharon P. Hall.

The Domain Name System Presented by: Baolan Bo Bo Liangzhen LiangzhenShuguangWeihuaYujun Instructor: Dr. Sharon P. Hall.
ES 101. Module 3 Domain Name System (DNS). Last Lecture Routing and IP addressing.

ES 101. Module 3 Domain Name System (DNS). Last Lecture Routing and IP addressing.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

Similar presentations

Ads by Google