Refer to: www .isc.org/community/rfcs/dns/
domain name system (DNS): 1) a distributed database implemented in a hierarchy of DNS servers and 2) an application-layer protocol (runs over UDP, uses port 53) that allows hosts to query the distributed database.
DNS services include:
- Translating hostnames to IP address
DNS is commonly employed by other application-layer protocols (HTTP, SMTP, FTP ..) to translate hostnames to IP address;
- Host aliasing
An application can invoke DNS to obtain the canonical hostname for a supplied alias hostname (typically more mnemonic) as well as the IP address of the host
- Mail server aliasing
A mail application can invoke DNS to obtain the canonical hostname for a supplied alias hostname as well as the IP address of the host.
- Load distribution
For replicate Web servers, a set of IP address is associated with one canonical host name.
When client makes a DNS query for a name mapped to a set of addresses, the server responds with the entire set of IP addresses, but rotates the ordering of the addresses within each reply, distributing the traffic among the replicated servers.
DNS rotation is also used for e-mail.
DNS Records – refer to: www.iana.org/assignments/dns-parameters/
The DNS servers that together implements the DNS distributed database store resources records (RRs). Each DNS reply message carries one or more RRs.
A resource record is a four-tuple that contains: (Name, Value, Type, TTL).
TTL: The time to live of the resource record, determines when a resource should be removed from a cache.
The meaning of Name and Value depends on Type:
Type: A
Name: A hostname;
Value: IP address for the host-name.
A Type A record provides the standard hostname-to-IP address mapping.
e.g. (relay1.bar.foo.com, 145.37.93.126, A, TTL)
Type: NS
Name: A domain;
Value: The hostname of an authoritative DNS server that knows how to obtain the IP addresses for hosts in the domain.
A Type NS record is used to route DNS queries further along in the query chain.
e.g. (foo.com, dns.foo.com, NS, TTL)
Type: CNAME
Name: An alias hostname;
Value: The canonical hostname for the alias hostname.
e.g. (foo.com, relay1.bar.foo.com, CNAME, TTL)
Type: MX
Name: An alias hostname of a mail server
Value: The canonical name of the mail server
By using the MX record, a company can have the same aliased name for its mail server and for one of its other servers.
e.g. (foo.com, mail.bar.foo.com, MX, TTL)
Packet Structure
DNS messages includes DNS query message and DNS reply message, both of them have the same format.
DNS ID Number / Identification: 16-bit number, used to associate DNS queries with DNS response;
Query/Response (QR): denotes whether the packet is a DNS query or response;
OpCode: defines the type of query;
Authoritative Answers (AA): If this is set in a response packet, it indicates the response is from a name server with authority over the domain;
Truncation (TC): indicates the response was truncated because it was too large;
Recursion Desired (RD): If this is set in a query, it indicates the DNS client requests a recursive query if the target name server doesn’t contain the requested information;
Recursive Available (RA): If this is set in a response, it indicates the name server supports recursive queries;
Reserved (Z): defined to be set as all 0s, sometimes is used as an extension of RCode;
Response Code (RCode): Used in DNS responses to indicate the presence of any errors;
Question Count / Number of questions: the number of entries in the Question Section;
Answer Count / Number of answer RRs: The number of entries in the Answer Section;
Name Server (Authority) Record Count / Number of Authority RRs: The number of name server resource records in the Authority Section;
Additional Records Count / Number of Additional RRs: The number of other resource records in the Additional Information Section;
Questions Section: contains one or more queries, each query includes: 1) a name field that contains the name that is being queried; 2) A type field that indicates the type of question being asked about the name;
Answers Section: In a reply packet, it contains one or more RRs that answer queries. A reply can return multiple RRs;
Authority Section: contains RRs that point to authoritative name servers that can be used to continue the resolution process;
Additional Information Section: contains RRs that hold additional information related to the query that is not absolutely necessary to answer the query.
How DNS Works in hostname-to-IP-address translation
-> An application invokes the client side of DNS application running on the user’s host;
-> The DNS client sends a DNS query message containing the hostname to a DNS server in the network;
-> The DNS client receives a DNS reply message including the desired mapping;
-> The invoking application receives the mapping from the DNS client, so it can initiate a TCP connection to its server process;
All DNS query and reply messages are sent within UDP datagrams to port 53.
e.g. packets in a DNS query-response
// a standard query packet
the response packet has identical identification number (Transaction ID) to its query packet;
the response packet includes the original question in conjunction with its answer;
// a response packet
Hierarchy
The DNS uses a large number of servers, organized in a hierarchical fashion and distributed around the world.
3 classes of DNS servers in the hierarchy
a) Root DNS servers
b) Top-level domain (TLD) servers: are responsible for top-level domains (e.g. com, org, net, edu, gov) and all of the country top-level domains (e.g. uk, fr, ca, jp).
c) Authoritative DNS servers: Every organization with publicly accessible hosts on the Internet must provide publicly accessible DNS records that map the name of those hosts to IP addresses. An organization’s authoritative DNS server houses (originates) these DNS records.
Local DNS serer / default name server: (not strictly belong to the hierarchy) Each ISP has a local DNS server. When a host connecting to to an ISP makes a DNS query, the query is sent to the local DNS server, which acts a proxy, forwarding the query into the DNS server hierarchy.
DNS Recursion
Recursion: the process of a DNS server queries another DNS server on behalf of the client to find an IP address, in effect acting like a client.
Any DNS query can be iterative or recursive.
e.g. a typical DNS query chain
1) The requesting host sends a DNS query message (containing the hostname to be translated, ‘gaia.cs.umass.edu’) to its local DNS server; [Recursive query]
2) The local DNS server forwards the query message to a root DNS server; [Iterative query]
3) The root DNS server takes note of the suffix (edu) and returns to the local DNS server a list of IP addresses for TLD servers responsible for that suffix;
4) The local DNS server resends the query message to one of these TLD servers; [Iterative query]
5) The TLD servers takes note of the suffix (umass.edu) and responds with the IP address of the authoritative DNS server for that suffix;
(In general, the TLD server may know only of an intermediate DNS server, which in turn knows the authoritative DNS server for the hostname.)
6) The local DNS server resends the query message to the authoritative DNS server; [Iterative query]
7) The authoritative DNS server responds with the IP address of the hostname to be translated.
(1) is a recursive query, since cis.poly.edu ask dns.poly.edu to obtain the mapping on its behalf;
(2)(3)(4) are iterative queries since the replies are directly returned to dns.poly.edu.
e.g. A DNS query chain for which all queries are recursive:
e.g. 1-layer of recursion
client: 172.16.0.8
local DNS server: 172.16.0.102
DNS server’s traffic:
-> DNS server received the initial query, checked its local database and realized it doesn’t know the answer;
-> because the query was sent with Recursion desired bit set, DNS server can ask another server with a new packet mirroring the original query:
//the new query has a different transaction ID
-> the DNS server received a response from the another server;
-> the DNS server can then transmit the requested answer to the client.
DNS caching: In a query chain, when a DNS server receives a DNS reply, it can cache the information contained in the reply in its local memory. In a period of time, if another query arrives to the DNS server for the same hostname, the DNS can provide the desired IP address (or the IP addresses of TLD servers) without having to query any other DNS servers.
(Can improve the delay performance, reduce the number of DNS messages ricocheting around the Internet.)
DNS Zone Transfers
DNS zone: the namespace that a DNS server has been delegated to manage.
zone transfer: transfer zone data between 2 devices typically out of desire for redundancy. There are 2 types of zone transfers:
- Full zone transfer (AXFR): transfer an entire zone between devices;
- Incremental zone transfer (IXFR): transfer only a portion of the zone information.
Although DNS relies on UDP, it uses TCP for certain tasks such as zone transfers.
e.g. packets in a simple DNS AXFR
1~3: TCP three-way handshake;
4: TCP segment of a reassembled PDU, because the zone transfer request was sent in multiple packets;
5: ack for 4;
6: DNS zone transfer request;
7: DNS zone transfer respond;
8~11: TCP connection teardown.
packet 6 – DNS zone transfer request:
packet 7 – responds with zone records: