Introduction to the

DNS system
Olaf M. Kolkman
Okolkman@ripe.net

slideset 1 February 2003

 Purpose of naming
 Addresses are used to locate objects

 Names are easier to remember than numbers

 You would like to get to the address or other

objects using a name

 DNS provides a mapping from names to

resources of several types
February 2003
slideset 1 -2 Jump to first page
 Names and addresses in
general
 An address is how you get to an endpoint
 Typically, hierarchical (for scaling):

 950 Charter Street, Redwood City CA, 94063

 204.152.187.11, +1-650-381-6003

 A “name” is how an endpoint is referenced

 Typically, no structurally significant hierarchy

 “David”, “Tokyo”, “itu.int”

February 2003
slideset 1 -3 Jump to first page
 Naming History
 1970’s ARPANET
 Host.txt maintained by the SRI-NIC
 pulled from a single machine
 Problems
 traffic
and load
 Name collisions

 Consistency

 DNS reated in 1983 by Paul Mockapetris (RFCs 1034 and

1035), modified, updated, and enhanced by a myriad of
subsequent RFCs

February 2003
slideset 1 -4 Jump to first page
 DNS
 A lookup mechanism for translating objects into
other objects
 A globally distributed, loosely coherent, scalable,
reliable, dynamic database
 Comprised of three components
 A “name space”

 Servers making that name space available

 Resolvers (clients) which query the servers

about the name space

February 2003
slideset 1 -5 Jump to first page
 DNS Features: Global
Distribution
 Data is maintained locally, but retrievable globally
 No single computer has all DNS data

 DNS lookups can be performed by any device

 Remote DNS data is locally cachable to improve

performance

February 2003
slideset 1 -6 Jump to first page
 DNS Features: Loose
Coherency
 The database is always internally consistent
 Each version of a subset of the database (a zone) has a
serial number
 The serial number is incremented on each database change

 Changes to the master copy of the database are replicated

according to timing set by the zone administrator

 Cached data expires according to timeout set by zone

administrator
February 2003
slideset 1 -7 Jump to first page
 DNS Features: Scalability
 No limit to the size of the database
 One server has over 20,000,000 names
 Not a particularly good idea

 No limit to the number of queries

 24,000 queries per second handled easily

 Queries distributed among masters, slaves, and

caches
February 2003
slideset 1 -8 Jump to first page
 DNS Features: Reliability
 Data is replicated
 Data from master is copied to multiple slaves

 Clients can query

 Master server
 Any of the copies at slave servers

 Clients will typically query local caches

 DNS protocols can use either UDP or TCP

 If UDP, DNS protocol handles retransmission, sequencing,
etc.
February 2003
slideset 1 -9 Jump to first page
 DNS Features: Dynamicity
 Database can be updated dynamically
 Add/delete/modify of any record

 Modification of the master database triggers

replication
 Only master can be dynamically updated
 Creates a single point of failure

February 2003
slideset 1 -10 Jump to first page
 DNS Concepts
 Next slides are about concepts

 After this set of slides you should understand

 How the DNS is built

 Why it is built the way it is

 The terminology used throughout the course

February 2003
slideset 1 -11 Jump to first page
 Concept: DNS Names 1

 The namespace needs to be made hierarchical to

be able to scale.
 The idea is to name objects based on
 location (within country, set of organizations, set of
companies, etc)
 unit within that location (company within set of
company, etc)
 object within unit (name of person in company)

February 2003
slideset 1 -12 Jump to first page
 Concept: DNS Names 2
How names appear in the DNS
Fully Qualified Domain Name (FQDN)
WWW.RIPE.NET.
 labels separated by dots Note the trailing dot

 DNS provides a mapping from FQDNs to

resources of several types

 Names are used as a key when fetching data in

the DNS
February 2003
slideset 1 -13 Jump to first page
 Concept: Resource
Records
 The DNS maps names into data using Resource
Records.

Resource Record

www.ripe.net. … A 10.10.10.2

Address Resource

 More detail later

February 2003
slideset 1 -14 Jump to first page
 Concept: DNS Names 3

ws1 ws2  Domain names can be

ftp mapped to a tree.
•
www www
disi
• sun •  New branches at the ‘dots’
ripe isi tislabs
• moon
• •
google No restriction to the amount
net edu com of branches.
•

February 2003
slideset 1 -15 Jump to first page
 Concept: Domains
 Domains are “namespaces”
 Everything below .com is in the com domain.
 Everything below ripe.net is in the ripe.net domain
and in the net domain. •
com domain
net edu com
• • •
google
ripe.net domain ripe isi sun tislabs
•
moon •
www disi
net domain ftp • www
ws2 ws1
February 2003
slideset 1 -16 Jump to first page
 Delegation
 Administrators can create subdomains to group hosts
 According to geography, organizational affiliation or any
other criterion

 An administrator of a domain can delegate responsibility

for managing a subdomain to someone else
 But this isn’t required

 The parent domain retains links to the delegated

subdomain
 The parent domain “remembers” who it delegated the
subdomain to

February 2003
slideset 1 -17 Jump to first page
 Concept: Zones and
Delegations
 Zones are “administrative spaces”
 Zone administrators are responsible for portion of
a domain’s name space
 Authority is delegated from a parent and to a child
•
net zone
net edu com
net domain •
google
• •

ripe.net zone ripe isi sun tislabs

moon
•
•
www disi
disi.ripe.net zone ftp
• www
February 2003 ws2 ws1
slideset 1 -18 Jump to first page
 Concept: Name Servers
 Name servers answer ‘DNS’ questions.

 Several types of name servers

 Authoritative servers
 master (primary)
 slave (secondary)

 (Caching) recursive servers

 also caching forwarders
 Mixture of functionality

February 2003
slideset 1 -19 Jump to first page
 Concept: Name Servers
authoritative name server
 Give authoritative answers for one or more zones.
 The master server normally loads the data from a
zone file
 A slave server normally replicates the data from
the master via a zone transfer

slave

master
February 2003
slideset 1 -20 slave Jump to first page
 Concept: Name Servers
recursive server
 Recursive servers do the actual lookups; they ask
questions to the DNS on behalf of the clients.

 Answers are obtained from authoritative servers

but the answers forwarded to the clients are
marked as not authoritative

 Answers are stored for future reference in the

cache

February 2003
slideset 1 -21 Jump to first page
 Concept: Resolvers

 Resolvers ask the questions to the DNS system

on behalf of the application.

 Normally implemented in a system library (e.g,

libc)
gethostbyname(char *name);
gethostbyaddr(char *addr, int len,
type);

February 2003
slideset 1 -22 Jump to first page
 Concept: Resolving
process & Cache
Question: www.ripe.net A
www.ripe.net A ? root-server
Ask net server @ X.gtld-servers.net (+ glue)
www.ripe.net A ?

Resolver Caching
192.168.5.10
forwarder www.ripe.net A ?

(recursive) gtld-server
Ask ripe server @ ns.ripe.net (+ glue)

Add to cache www.ripe.net A ?

192.168.5.10

ripe-server

February 2003
slideset 1 -23 Jump to first page
 Concept: Resource
Records (more detail)
 Resource records consist of it’s name, it’s TTL, it’s
class, it’s type and it’s RDATA
 TTL is a timing parameter
 IN class is widest used
 There are multiple types of RR records
 Everything behind the type identifier is called rdata

www.ripe.net. 3600 IN A 10.10.10.2

ttl rdata
Label type
class
February 2003
slideset 1 -24 Jump to first page
 Example: RRs in a zone
file

ripe.net. 7200 IN SOA ns.ripe.net. olaf.ripe.net. (

2001061501 ; Serial
43200 ; Refresh 12 hours
14400 ; Retry 4 hours
345600 ; Expire 4 days
7200 ; Negative cache 2 hours
)
ripe.net. 7200 IN NS ns.ripe.net.
ripe.net. 7200 IN NS ns.eu.net.

pinkje.ripe.net. 3600 IN A 193.0.1.162

host25.ripe.net. 2600 IN A 193.0.3.25

Label ttl class type rdata

February 2003
slideset 1 -25 Jump to first page
 Resource Record: SOA
and NS
 The SOA and NS records are used to provide
information about the DNS itself.
 The NS indicates where information about a given
zone can be found:
ripe.net. 7200 IN NS ns.ripe.net.
ripe.net. 7200 IN NS ns.eu.net.

 The SOA record provides information about the

start of authority, i.e. the top of the zone, also
called the APEX.

February 2003
slideset 1 -26 Jump to first page
 Resource Record: SOA

Master server Contact address

net. 3600 IN SOA A.GTLD-SERVERS.net. nstld.verisign-grs.com. (

2002021301 ; serial
30M ; refresh
15M ; retry
1W ; expiry
Version number 1D ) ; neg. answ. ttl

Timing parameter
February 2003
slideset 1 -27 Jump to first page
 Concept: TTL and other
Timers
 TTL is a timer used in caches
 An indication for how long the data may be reused
 Data that is expected to be ‘stable’ can have high
TTLs

 SOA timers are used for maintaining consistency

between primary and secondary servers

February 2003
slideset 1 -28 Jump to first page
 Places where DNS data
lives
Changes in DNS do not propagate instantly!
Slave
Might take up to refresh
to get data from master

Not going to net if TTL>0

Cache server
Upload of zone
data is local policy

Master

Registry DB

Slave server
February 2003
slideset 1 -29 Jump to first page
 To remember...
 Multiple authoritative servers to distribute load and
risk:
 Put your name servers apart from each other

 Caches to reduce load to authoritative servers and

reduce response times

 SOA timers and TTL need to be tuned to needs of

zone. Stable data: higher numbers
February 2003
slideset 1 -30 Jump to first page
 What have we learned
What are we about to learn
 We learned about the architecture:
 resolvers,
 caching forwarders,
 authoritative servers,
 timing parameters

February 2003
slideset 1 -31 Jump to first page