1 / 25

DNS and Internet Structure

Monica Stoica, smonica@cs.bu.edu. DNS and Internet Structure. Papers used: 1. http://www.cpsr.org/dns/ 2. http://www.cpsr.org/cpsr/nii/cyber-rights/web/current-domain.html 3.http://www.lantimes.com/handson/97/706a107a.html 4. http://www.internetstudies.org/members/holitscher/paris.html

moanna
Télécharger la présentation

DNS and Internet Structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Monica Stoica, smonica@cs.bu.edu DNS and Internet Structure Papers used: 1. http://www.cpsr.org/dns/ 2. http://www.cpsr.org/cpsr/nii/cyber-rights/web/current-domain.html 3.http://www.lantimes.com/handson/97/706a107a.html 4. http://www.internetstudies.org/members/holitscher/paris.html 5.http://hotwired.lycos.com/webmonkey/templates/print_template.htmlt?meta=/webmonkey/geektalk/97/03/index4a_meta.html 6. http://www.mids.org/mn/806/dns.html 7. http://www.mids.org/mn/712/reht.html 8. http://www.shirky.com/writings/abuse_property.html

  2. DNS • The domain name system is a global network of servers that translate host names like www.hotwired.com into numerical IP (Internet Protocol) addresses, like 204.62.131.129, which computers on the Net use to communicate with each other. • Without DNS, we'd all be memorizing long numbers instead of intuitive URLs or email addresses. And that wouldn't be much fun, would it?

  3. DNS history • DNS was invented in 1984 to solve escalating problems with the old name-to-address mapping system. • The old system consisted of a single file, known as the host table, maintained by the Stanford Research Institute's Network Information Center (SRI-NIC). • As new host names trickled in, SRI-NIC would add them to the table - a couple times a week. Systems administrators would grab the newest version (via FTP) and update their domain name servers.

  4. Advantages of DNS • But as the Net grew, the host table became unwieldy. Though it worked fine for name-to-address mapping, it wasn't the most practical or effective way to update and distribute the information. So DNS was invented. • The great thing about the domain name system is that no single organization is responsible for updating it. It's what's known as a distributed database; it exists on many different name servers around the world, with no one server storing all the information. • Because of this, DNS allows for almost unlimited growth.

  5. DNS in US • Each node on the tree represents a domain. Everything below a node falls into its domain. • the machine chichi is part of the .us domain as well as the .com domain. • If your site is outside the United States, the organization that assigns domain names has its own standards.

  6. DNS: server and resolver • A DNS server is just a computer that's running DNS software. Since most servers are Unix machines, the most popular program is BIND (Berkeley Internet Name Domain), but you can find software for the Mac and the PC as well. • DNS software is generally made up of two elements: the actual name server, and something called a resolver. The name server responds to browser requests by supplying name-to-address conversions. When it doesn't know the answer, the resolver will ask another name server for the information.

  7. How It Works • When you type in a URL, your browser sends a request to the closest name server. If that server has ever fielded a request for the same host name (within a time period set by the administrator to prevent passing old information), it will locate the information in its cache and reply. • If the name server is unfamiliar with the domain name, the resolver will attempt to "solve" the problem by asking a server farther up the tree. If that doesn't work, the second server will ask yet another - until it finds one that knows. (When a server can supply an answer without asking another, it's known as an authoritative server.)

  8. Time-out? • Once the information is located, it's passed back to your browser, and you're sent on your merry way. Usually this process occurs quickly, but occasionally it can take an excruciatingly long time (like 15 seconds). • In the worst cases, you'll get a dialog box that says the domain name doesn't exist - even though you know it does. • This happens because the authoritative server is slow replying to the first, and your computer gets tired of waiting so it times-out (drops the connection). But if you try again, there's a good chance it will work, because the authoritative server has had enough time to reply, and your name server has stored the information in its cache.

  9. How to Configure DNS • There are two basic ways: • use your ISP's DNS server. Many ISPs will let you do this. • set up a DNS server on your own network. • If you choose the first option you need to do the followings:

  10. How to set your own DNS server • First, have your ISP inform the InterNIC that it is providing both primary and secondary DNS services for your organization. • Second, your ISP will give you the numeric IP addresses of the primary and secondary DNS servers, which you'll need to configure your users‘ TCP/IP stacks. You can do this by entering the information manually either at the desktop or at your Dynamic Host Configuration Protocol (DHCP) server.

  11. Setting up your server • Finally, you need to tell your ISP about the DNS records that you wish to publish to allow outside users to interact with your network. • In addition, if you want to receive E-mail from the Internet, you will need to have a Mail Exchange (MX) record for your domain in your ISP's DNS database. MX refers to a machine that accepts E-mail connections for your domain. • An MX record has three parts: your domain name, the name of the machine that will accept mail for the domain, and a preference value.The preference value lets you build some fault tolerance into your mail setup.

  12. Setting up the mail server • Your domain can have multiple MX records, such as the following: • Acme.com mail.acme.com 0 ; Acme.com mail2.acme.com 10 ; and Acme.com mail.isp.net 100. • In this case, mail delivery will be attempted to mail.acme.com first because it has the lowest preference value. If delivery fails mail2.acme.com will be tried next. If mail2 is also down, mail will be sent to a relay host called mail.isp.net, which in this case is at Acme's ISP.

  13. A records • the ISP has to set up some A records, which associate IP addresses with computer names. Each of the computers mentioned in your MX records needs an A record to associate them with an IP address. • You may also want to set up A records for each of your workstations if your users need to use ftp. This is because some ftp sites perform a lookup to get the DNS name of the machine from which they receive download requests. If the machine has no name, the sites deny the request. • You'll also need A records for any public servers you maintain. For example, if you have a World Wide Web server, you'll need to have the ISP set up an A record linking the name www.acme.com to the IP address of your Web server.

  14. Primary and Secondary DNS servers • if your ISP does not provide name services or if you need to have a DNS server at your site to support internal networking applications, the first thing you need to know is that you must have at least two name servers--a primary and a secondary. • This is because the InterNIC will not grant you a domain name unless there are at least two DNS servers on the Internet with information about that domain. Another reason for a second server is that you really need the fault tolerance a second name server can provide. If your one and only DNS server goes down, users will be cut off from the Internet.

  15. Why bother having a DNS server on your LAN? • First, if you are running IP network-based applications inside your network that require users to connect to internal machines by name, it is not a great idea to advertise the names and addresses of these machines. DNS can give hackers a map of your network, so setting up an internal DNS server that does not publish information to the world is a good idea. • Second, a DNS server inside your network lets you be the master of your own domain. You can make changes, additions, and deletions on your own schedule. • Finally, name resolution will be faster for your users because your DNS server is probably not as heavily loaded as your ISP's server.

  16. One last note on having your own DNS server: • If you choose to administer the primary name server yourself, keep in mind that you'll have to maintain the DNS records .

  17. InterNIC and the US government • On June 5, 1998 the U.S. government issued a White Paper on the Internet Domain Name System (DNS). This White Paper is the U.S. government's solution to expansion of the organizational mechanisms supporting the Internet DNS. It follows a Commerce Dept. Green Paper that was issued 30 January 1998, which in turn followed a commerce Request for Comments (RFC) of 2 July 1997, which followed a presidential directive of 1 July 1997 to ``privatize the domain name system (DNS) in a manner that increases competition and facilitates international participation in its management.''

  18. Problem because: • The U.S. government never owned the DNS in the first place, so it has no authority to privatize it. • It's true that the U.S. government has been partly funding the administration of the GOV, EDU, ORG, NET, and COM domains, through a series of grant agreements, most recently through InterNIC, which is run by Network Solutions, Inc. (NSI). The U.S. government can privatize the administration of those domains (now known as generic top level domains, or gTLDs) insofar as it funds their administration. • But the U.S. government has never owned, for example, the FR domain for France or the PE domain for Peru or the HT domain for Haiti. And whole regions of DNS and IP network number assignment authority have been delegated to organizations such as RIPE for Europe and APNIC for Asia-Pacific.

  19. Why the mess? • So why has the U.S. government now issued a White Paper spelling out who is supposed to run the DNS? Because everybody else had made such a mess of it. • Just as no one predicted the extended rapid growth of the Internet or the social effects resulting from it, no one adequately anticipated the organizational changes that would be necessary to handle such growth. The DNS itself was one of the several factors that combined around 1998 to make possible the rapid growth of the Internet. Now that growth has made some kind of reform of the DNS necessary. Unfortunately, the pre-existing organization took too long to arrange for a change.

  20. Problems with DNS • This permitted various other organizations to move in. They failed to produce a solution that the Internet at large would agree to. The resulting continuing lack of adequate DNS organization led the U.S. government to step in. • Problems with DNS: • lack of competition in domain name registration • confusion of trademarks and domains

  21. One too common problem with DNS • “Conflicts between trademark holders and domain name holders are becoming more common. Mechanism for resolving these conflicts are expensive and cumbersome.'' • This wording implicitly accepts that trademarks are closely related to domains, which is a point that has not been resolved. The White Paper essentially delegates such resolution to WIPO (World Intellectual Property Organization), which indicates de facto acceptance of an equation of trademarks and domain names.

  22. Example • In March 1997 IANA (the Internet Assigned Numbers Authority) gave the HT domain for Haiti briefly to one registrar: REHRED and then a week later to another registrar FOCUS DATA • The latter change of registration was made without any warning and without any of the due process spelled out in IANA's own published guidelines, RFC 1591 of March 1994, http://ftp.internic.net/rfc/rfc1591.txt>, ``Domain Name System Structure and Delegation'' by J. Postel. • The developments since then (as of the time the paper was written) follow:

  23. The Haiti case – IANA mistake • How many subdomains have been registered under the top level domain HT? Zero; none at all. • Has any agreement been reached among the various parties in Haiti regarding who should be the registrar of the HT domain? Not as of this writing. • Has the Haitian government changed or clarified its position? No, it has not. Meanwhile, the prime minister has resigned (for unrelated reasons), making it difficult even to find out who would be in charge of such a position • Has IANA changed its position? No, it has not. • “The IANA has asked the parties is Haiti to work together to come up with a commonly agreed on plan for the management of the .HT top level domain. As yet, we have not received any such plan or proposal for such a plan. “

  24. Other cases – laugh or cry? • Volkswagen suing to have control over Vw.org • Priceline suing Expedia over Priceline's patented "name your own price" business model • Amazon suing Barnes and Noble for copying Amazon's "One-Click Ordering." • trademark lawyers, with Etoys convincing a California court to issue a preliminary injunction against etoy.com, the Swiss art site, because the etoy.com URL might "confuse" potential shoppers. Never mind that etoy.com registered its URL years before Etoys existed: etoy has now been stripped of its domain name without so much as a trial, and is only accessible at its IP address (http://146.228.204.72:8080).

  25. Last case … • Most recently, MIT's journal of electronic culture, Leonardo, is being sued by a company called Transasia which has trademarked the name "Leonardo" in France, and is demanding a million dollars in damages on the grounds that search engines return links to the MIT journal, in violation of Transasia's trademark…

More Related