Chapter 2, Section 4: DNS (Domain Name System)
Authoritative DNS servers:
organization's own DNS server(s) ,providing authoritative hostname to IP mappings for organization's named hosts can be maintained by organization or service provider
Recursive query
puts burden of name resolution on contacted name server heavy load at upper levels of hierarchy
DNS protocol messages
query and reply messages both with same message format
Top-level domain (TLD) servers:
responsible for com,org,net,edu, aero, jobs, museums, and all top-level country domains, ex.:uk, fr,ca, jp Network Solutions maintains servers for .com TLD Educause for .edu TLD.
Exploit DNS for DDoS
send queries with spoofed source address: target IP requires amplification
type=A
name is hostname value is IP address
redirect attacks
man-in-middle: intercept queries DNS poisoning: send bogus relies to DNS server ,caches
type=MX
value is name of mailserver associated wit name
Domain Name System:
Distributed database implemented in hierarchy of many name servers application-layer protocol:hosts,name servers communicate to resolve names (address/name translation) - core Internet function,implemented as application-layer protocol. complexity at network's "edge"
DDoS attacks
bombard root servers with traffic: not successful to date traffic filtering local DNS servers cache IPs of TLD servers,allowing root server bypass bombard TLD servers: potentially more dangerous
Iterated query
contacted server replies with name of server to contact
DNS Records
distributed database storing resource records (RR)
Local DNS name server
does not strictly belong to hierarchy each ISP (residential ISP,company,university) has one. also called "default name server" when host makes DNS query,query is sent to its local DNS server has local cache of recent name-to-address translation pairs(but may be out of date!) acts as proxy,forwards query into hierarchy
DNS Services
hostname to IP address translation. host aliasing-canonical,alias names mail server aliasing load distribution replicated web servers: many IP addresses correspond to one name.
type=CNAME
name is alias name for some "canonical" (the real) name value is canonical name
type=NS
name is domain (ex. foo.com) value is hostname of authoritative name server for this domain
DNS: caching,updating records
once (any) name server learns mapping,it caches mapping-cache entries timeout (disappear) after some time (TTL) TLD servers typically cached in local name servers.-thus root name servers not often visited cached entries may be out-of-date (best effort name-to-address translation!)- if name host changes IP address,may not be known internet-wide until all TTLs expire update/notify mechanisms proposed IETF standard :RFC 2136
why not centralize DNS?
single point of failure. traffic volume. distant centralized database. maintenance.