DNS Architecture
Domain Name Service
====================
[i] /etc/hosts [HOSTS.TXT]
----------------------
Users like names , NWs like numbers
Also called Local resolver or local DNS file
Use of Aliases - historic, generic [www,mail], alternate names [spellings etc]
[ii] Uses of /etc/hosts
-----------------------
* Primary names are used by system to do reverse lookups [ IP - names ]
* Reverse lookups are reqd to create more readable displays
# netstat --inet [-net]
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 ganesh.bom.labs.n:32822 ganesh.bom.labs.net:ftp ESTABLISHED
tcp 0 0 ganesh.bom.labs.net:ftp ganesh.bom.labs.n:32822 ESTABLISHED
tcp 0 0 localhost.localdom:smtp localhost.localdo:32823 TIME_WAIT
tcp 0 0 localhost.localdom:smtp localhost.localdo:32824 TIME_WAIT
Displays open TCP/IP connections and hosts/Ports involved in the connection
Why use /etc/hosts when we have DNS ?
A: DNS may not be available at boot time, immediately
[iii] Limitations of /etc/hosts
-------------------------------
* Flat file, easy to read/edit, hard to search
* not indexed or encrypted
* Central maint. reqd for new entries [NIC - HOSTS.TXT]
* Govt agency
* Enter a whale of new m/c entries everyday
* Download daily for latest version from NIC so traffic-problems
================
B. DNS Hierarchy
================
[i] Structure of DNS
--------------------
A Unix FS v/s DNS Database Comparision study
=============================================
* Distributed, hierarchical DB
* Localized, not centralized maint. reqd
eg / etc / httpd / conf / httpd.conf <--------- filename
/etc / httpd / remote / httpd.conf
|
root of FS
----------------------->
<--- generic [/] to specific [file] --->
A hostname on the Internet is exactly the opposite
eg willy.dolphin.mammals.org. <-------- dot denotes root of DNS tree
| | | |
hostname sub-domain domain TLD
<-----------------------
<--- specific [host] to generic [.] --->
willy - Name of the computer [hostname -s]
dolphin - sub-domain under 'mammals'
mammals - Domain we have purchased under 'org'
org - A TLD
. - Root node
. or root node is like /, the root of the FS
Dirs are like domains or more precisely sub-domains
Files are like hosts - or computers with IPs and hostnames
Each domain can be further divided or partitioned in to subdomains, just
like a dir can be further subdivided into subdirs.
Directores use '/' as the seperator. Domains are seperated by '.'.
Note:
Subdomains are like dirs unders a parent dir but this dir is not any
normal dir but appears as a dir bcos it is like a NFS mounted share.
A dir which is a FS system on some other host. Can be detached but once
mounted on a particular FS, becomes part of that.
Like every dir, a domain name has a unique name and identifies its
position in the db; Much as a dir's Abs-PN identifies its place in the
FS.
---------------------------------------------------------------------
A domain is a sequence of labels from the node at the root of the domain
to the root of the whole tree, with the labels separated by dots.
In Unix, a dir's abs PN is a list of relative names read from root '/' to
leaf [opp dir to DNS], using a slash to seperate the names.
Just as one can have two files with the same name in seperate dirs,
so can one have two similar hosts but in different domains [nodes].
---------------------------------------------------------------------
DNS requires that sibling nodes - nodes that are children of the same
parent - have different labels - This is to ensure uniqueness.
eg willy.dolphin.mammals.org
willy.whale.mammals.org
Here the parent is 'mammals' and has 2 siblings - 'dolphin' and
'whale'. These have to have different labels.
The above 2 are names of 2 machines i.e. they are 2 completely
different hosts.
Now examine the similarity with the Unix FS :
Similarly, the Unix FS, requires that sibling dirs or files in the same
dir have different names. This is to ensure uniqueness.
Like /usr/local/funny and /usr/bin/funny
Here the parent is '/usr' and has 2 siblings - 'local' and
'bin'. These have to have different labels.
The above 2 are names of 2 subdirs i.e. they are 2 completely
different directories and subsequently 2 different files although
they have the same name.
---------------------------------------------------------------------
Domains and Domain names
------------------------
Domains : A subtree of the domain name space
The domain name of a domain is the same as the domain name of
the node at the very top of the domain.
"." [root node]
|
-----------------------------
| | |
edu org com
|
|
------*<---------- mumbai.edu. node
| mumbai | or the domain name of the mumbai.edu domain
| |
| <------------------- mumbai.edu domain [name space]
| |
| |
-----*-------
Check out the comparision with the Unix FS :
"/" [root node]
|
-----------------------------
| | |
usr bin usr
|
|
------*<---------- /usr/bin/ node
| bin | or the dir name of the /usr/bin dir
| |
| <------------------- /usr/bin/ dir space
| |
| |
-----*-------
-------------------------------------------------------------------
A domain name can also be in many domains.
Eg the domain name "maths.mumbai.edu" is a part of the "mumbai.edu"
domain as well as of the "edu." domain which is once again a part of
the . domain.
All DNS servers are in the . domain
"." [root node]
|
-----------------------------
+-------------------+ | |
| edu | org com
| | |
| | |<----------- edu domain
| --------------- |
| | mumbai |<--------------- mumbai.edu domain
| | --------- | |
| | | maths <-----|------------- maths.mumbai.edu domain
| | | bio <-----|------------- bio.mumbai.edu domain
| | --------- | |
| |-----*-------| |
| |
-------------------
SubDomain Delegation
--------------------
One of the main goals of the DNS was to decentralize administration.
How is this done ?
Consider the CEO of a large Corp. How does she delegate responsibility?
CEO [BOSS] [ "." root node or / ]
|
----------------------------------
| | | |
MKTG SALES HRD ACCTS [Depts or gTLDs or TLDirs]
|
| Mr M
-----------------------
| | |
LOCAL INTL PLANNING
| [sub-Depts or sub-domains delegated
| by Mr M to Mr L, Mr I, Mr P]
Mr L Mr I Mr P
|
-----------------------
| | |
RJ TN WB
Mr R Mr T Mr W
---------
| |
KOL DARJEELING
|
Mr WW [WW.KOL.WB.LOCAL.MKTG.CEO]
She breaks up the org into Depts. Each with its own head.
The Head has total responsibility for his Dept.
The Dept is created by the CEO and hence cannot be made without the CEO
knowing about it.
That is, its made by the CEO and total responsibility is delegated to the
Dept Head to handle his Dept.
The Dept Head CAN create more sub-Depts under his Dept, without consulting
the CEO. He has total authority over his Dept [domain]
He is said to be authorative over his Dept [domain]
CEO only knows about Depts but nothing about the sub-Depts [sub-domains].
Why ?
She does not have to.
That would mean redundancy of information [extra work].
All she has to know is the Dept Head and she can procure whatever info she
needs about sub-Depts etc from the respective Dept Head concerned.
After all, what is he being paid for if she has to keep all his sub-Dept
information !! And all other sub-Depts too.
This is called "Department Delegation".
The parent Dept [domain] retains only pointers to sources of the
sub-Depts [sub-domains] data, so that it can refer queries there.
Now what would happen if I asked the CEO his Question ?
Where is Mr W or WB.LOCAL.MKTG.CEO ?
The CEO would not directly answer this query.
It would refer me to MKTG.CEO. i.e. to Mr M
I would then have to ask [Mr M] MKTG.CEO which would refer me to
LOCAL.MKTG.CEO. [Mr L]
I would then have to ask Mr L who would finally direct me to Mr W at
WB.LOCAL.MKTG.CEO
I have found my man !
This referral business is called 'recursive querying' and most DNS
servers are non-recursive , in that, they just put you on the path to
another server.
----------------------------------------------------------------------
NOW LET'S SEE HOW DNS DOES DOMAIN DELEGATION
"." [root node]
|
-----------------------------
| | |
edu org com
|
-------------------------------
| | -------|---------
kolkatta chennai | mumbai |
| | |
| ------------ |
| | | |
| kalina fort|
| |
-----------------
The "." is controlled by ICANN. [Int'l Corp for Assigned Names/Nos]
"edu" domain is controlled by Network Solutions.
Network Solutions has sub-domains kolkatta, chennai and mumbai.
Network Solutions can handle all the data there, but why should it ?
It therefore delegates the subdomain "mumbai.edu' to the folks at Mumbai
to manage.
The folks at mumbai have total authority over this domain now and can
create more domains [subdomains et al] and they do.
They create "kalina.mumbai.edu" and "fort.mumbai.edu" and let the folks
at Kalina and Fort handle those domains.
At Kalina Office : shiva.kalina.mumbai.edu
ganesh.kalina.mumbai.edu
Some two hosts at the Kalina office.
At Fort Office : shiva.fort.mumbai.edu
ganesh.fort.mumbai.edu
Some two hosts at the Fort office.
Now I do "ping shiva.fort.mumbai.edu".
The query would go to "." which would direct me to a server which handles
the "edu" domain. The "edu" domain knows about the "mumbai" subdomain, so
it directs me another DNS server which knows all about the "mumbai.edu"
domain. Once there, this server again directs me to another DNS server
which know all about "fort.mumbai.edu" domains.
At the DNS server which handles the "fort.mumbai.edu" domain, I finally
find a RR [Resource Record] which is something like this :
shiva.fort.mumbai.edu. IN A 192.168.0.10
And at last, I have the DNS-resolved IP of my shiva.fort.mumbai.edu !
The programs which store info about the domain name space are called
"name servers" and, yes, one of these prgs was running on this last
machine which solved by problem.
Let's do some light stuff now !
[ii] gTLDS : Global Top-Level Domains
---------------------------------------
* com, .edu, .gov, .int, .mil, .net, .org [in US]
DNS Database :
------------- ICANN - [Int'l Corp for Assigned Names/Nos]
Responsible for managing domain name
space
"." [root node] Managed by ICANN
|
-------------------------------------------------------------------
| | | | | | |
org int gov edu mil net com
--------- [Int' orgs]
| |
fish mammals
| | |
---------------
| | |
dolphin whale bat
| | |
willy hector blindy
Hence, willy.dolphin.mammals.org is a host on the DNS DB system
Consider the similarity to the Unix FS :
/
|
-------------------------------------------------------------------
| | | | | | |
etc usr lib int mil net org
--------
| |
httpd
|
conf
|
--------
| |
httpd.conf src.conf
Geopolitical domains : ccTLDs or ISO country codes - eg .uk, .de, .in
2nd Level registration under ccTLDS : eg amazon.de, amazon.co.uk
3nd level domains as states of the US : .ca.us, .ny.us
Eg: 'mammals' is the 2nd level domain purchased and is registered under
the gTLD - 'net'
[iii] Reverse Domains :
-----------------------
* Addr to Name conversion
* Reverse lookups are reqd to create more readable o/p displays / logs etc
* They are called RDs, since they are written in the reverse order
Consider : /etc/hosts
192.168.0.10 crow.birds.org
-----------------------------------------------
Consider the hostname : --------------- [A]
crow .birds. org
<-------- specific [host] ----------> generic [.]
host domain gTLD
-----------------------------------------------
Now consider the IP : --------------- [B]
192.168.0. 10
<--NW portion-->
generic ---------> specific
-----------------------------------------------
Bcos the structure of an IP addr [B] is the opposite of the domainname [A],
to create a 'Reverse Domain Name' we reverse the IP address
10.0.168.192.in-addr.arpa.
'in-addr.arpa.' is a special TLD domain in which all reverse domains are
located.
. [Reverse Domain root DNS servers]
|
arpa
|
in-addr
-------------------------------------------------------------------
| | | | | | |
192.168
|
-------
|->|->|
0 1 255
|
-------
| | |
1->40 254
No comments:
Post a Comment