DNS pairpair dbut DNS Domain Name System People
DNS – pair-à-pair début
DNS: Domain Name System People: many identifiers: v SSN, name, passport # Internet hosts, routers: v v IP address (32 bit) used for addressing datagrams “name”, e. g. , ww. yahoo. com - used by humans Q: map between IP addresses and name ? H. Fauconnier Domain Name System: q distributed database implemented in hierarchy of many name servers q application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) v note: core Internet function, implemented as application-layer protocol v complexity at network’s “edge” M 2 -Internet 2
DNS services q hostname to IP address translation q host aliasing v Canonical, alias names q mail server aliasing q load distribution v replicated Web servers: set of IP addresses for one canonical name H. Fauconnier Why not centralize DNS? q single point of failure q traffic volume q distant centralized database q maintenance doesn’t scale! M 2 -Internet 3
Distributed, Hierarchical Database Root DNS Servers com DNS servers yahoo. com amazon. com DNS servers org DNS servers pbs. org DNS servers edu DNS servers poly. edu umass. edu DNS servers Client wants IP for www. amazon. com; 1 st approx: q client queries a root server to find com DNS server q client queries com DNS server to get amazon. com DNS server q client queries amazon. com DNS server to get IP address for www. amazon. com H. Fauconnier M 2 -Internet 4
DNS: Root name servers q contacted by local name server that can not resolve name q root name server: v v v contacts authoritative name server if name mapping not known gets mapping returns mapping to local name server a Verisign, Dulles, VA c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US Do. D Vienna, VA h ARL Aberdeen, MD j Verisign, ( 21 locations) e NASA Mt View, CA f Internet Software C. Palo Alto, k RIPE London (also 16 other locations) i Autonomica, Stockholm (plus 28 other locations) m WIDE Tokyo (also Seoul, Paris, SF) CA (and 36 other locations) 13 root name servers worldwide b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA H. Fauconnier M 2 -Internet 5
TLD and Authoritative Servers q Top-level domain (TLD) servers: v responsible for com, org, net, edu, etc, and all top -level country domains uk, fr, ca, jp. v Network Solutions maintains servers for com TLD v Educause for edu TLD q Authoritative DNS servers: v organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e. g. , Web, mail). v can be maintained by organization or service provider H. Fauconnier M 2 -Internet 6
Anycast q Technique d’adressage permettant de router vers la plus « proche » destinations q BGP permet en général l’anycast. q Les serveurs racines de DNS sont des clusters qui utilisent anycast q Permet de lutter contre de déni de service (par répartition de la charge) H. Fauconnier M 2 -Internet 7
Icann q Internet corporation for assigned names and numbers Attribution de noms de domaine et des adresses IP v Lié au dns (qui fait l’association des noms aux adresses IP) v Sous tutelle du gouvernement US… v Icann + DNS -> contrôle de l’internet v Des projets alternatifs existent v H. Fauconnier M 2 -Internet 1 -8
Megaupload q Serveurs à Hong Kong v Décision juridique Etats-Unis : empêcher l’accès aux serveurs • Les DNS top level ne délivrent plus les adresses IP des serveurs • Les serveurs deviennent inaccessibles (par le nom) nslookup www. megaupload. com Non-authoritative answer: Name: www. megaupload. com Address: 107. 21. 243. 42 H. Fauconnier M 2 -Internet 1 -9
Local Name Server q does not strictly belong to hierarchy q each ISP (residential ISP, company, university) has one. v also called “default name server” q when host makes DNS query, query is sent to its local DNS server v acts as proxy, forwards query into hierarchy H. Fauconnier M 2 -Internet 10
DNS name resolution example root DNS server 2 q Host at cis. poly. edu wants IP address for gaia. cs. umass. edu iterated query: r contacted server replies with name of server to contact r “I don’t know this name, but ask this server” 3 TLD DNS server 4 5 local DNS server dns. poly. edu 1 8 requesting host 7 6 authoritative DNS server dns. cs. umass. edu cis. poly. edu gaia. cs. umass. edu H. Fauconnier M 2 -Internet 11
DNS name resolution example root DNS server recursive query: r puts burden of name resolution on contacted name server r heavy load? 2 3 7 6 TLD DNS server local DNS server dns. poly. edu 1 5 4 8 requesting host authoritative DNS server dns. cs. umass. edu cis. poly. edu gaia. cs. umass. edu H. Fauconnier M 2 -Internet 12
DNS: caching and updating records q once (any) name server learns mapping, it caches mapping v cache entries timeout (disappear) after some time v TLD servers typically cached in local name servers • Thus root name servers not often visited q update/notify mechanisms under design by IETF v RFC 2136 v http: //www. ietf. org/html. charters/dnsind-charter. html H. Fauconnier M 2 -Internet 13
DNS records DNS: distributed db storing resource records (RR) RR format: (name, r Type=A v v name is hostname value is IP address value, type, ttl) r Type=CNAME v name is alias name for some “canonical” (the real) name www. ibm. com is really q Type=NS servereast. backup 2. ibm. com v name is domain (e. g. v value is canonical name foo. com) v value is hostname of authoritative name server r Type=MX for this domain v value is name of mailserver associated with name H. Fauconnier M 2 -Internet 14
(compléments) q AAAA record: nom vers IPV 6 q PTR record: adresse IP vers nom de domaine q SOA record: (start of authority record) informations sur la zone serveur, courrier, durée de vie, expiration… H. Fauconnier M 2 -Internet 1 -15
DNS protocol, messages DNS protocol : query and reply messages, both with same message format msg header r identification: 16 bit # for query, reply to query uses same # r flags: v query or reply v recursion desired v recursion available v reply is authoritative H. Fauconnier M 2 -Internet 16
DNS protocol, messages Name, type fields for a query RRs in response to query records for authoritative servers additional “helpful” info that may be used H. Fauconnier M 2 -Internet 17
Inserting records into DNS q example: new startup “Network Utopia” q register name networkuptopia. com at DNS registrar (e. g. , Network Solutions) v v provide names, IP addresses of authoritative name server (primary and secondary) registrar inserts two RRs into com TLD server: (networkutopia. com, dns 1. networkutopia. com, NS) (dns 1. networkutopia. com, 212. 1, A) q create authoritative server Type A record for www. networkuptopia. com; Type MX record for networkutopia. com q How do people get IP address of your Web site? H. Fauconnier M 2 -Internet 18
Attacking DNS DDo. S attacks Redirect attacks q Bombard root servers with v Man-in-middle traffic § Intercept queries v Not successful to date v DNS poisoning v Traffic Filtering § Send bogus relies to v Local DNS servers cache DNS server, which IPs of TLD servers, caches allowing root server Exploit DNS for DDo. S bypass v Send queries with spoofed q Bombard TLD servers source address: target IP v Potentially more dangerous v Requires amplification Application Layer 2 -19
Exemples q Cache poisoing: v Spoofing: • Alice envoie beaucoup de requêtes vers A pour obtenir IP de www. un. fr • Elle envoie aussi des réponses avec IP w. x. y. z en se faisant passer pour un serveur B avec des identifiants aléatoires. -> probabilité non nulle qu’un de ces identifiants corresponde à celui d’une des requêtes de A • Bob demande www. un. fr et obtient w. x. y. z . H. Fauconnier M 2 -Internet 1 -20
Exemples q A partir du contrôle d’un serveur de nom remplir le cache: Alice demande au serveur A: « empoisonnementdns. com » v A contacte le serveur du domaine empoisonnement-dns. com v Serveur du domaine empoisonnement-dns. com répond avec des fausses infos. v H. Fauconnier M 2 -Internet 1 -21
Couche Application q 2. 6 P 2 P applications H. Fauconnier M 2 -Internet 22
P 2 P file sharing Example q Alice runs P 2 P client application on her notebook computer q Intermittently connects to Internet; gets new IP address for each connection q Asks for “Hey Jude” q Application displays other peers that have copy of Hey Jude. H. Fauconnier q Alice chooses one of the peers, Bob. q File is copied from Bob’s PC to Alice’s notebook: HTTP q While Alice downloads, other users uploading from Alice. q Alice’s peer is both a Web client and a transient Web server. All peers are servers = highly scalable! M 2 -Internet 23
Pair à pair q quelques principes v les nœuds offrent des fonctionnalités identiques (pair) v volatilité importante (apparition/disparition) v grande échelle et dispersion géographique v dynamicité importante q applications v partage de fichiers v messagerie v téléphone (Skype) v … différent du client-serveur H. Fauconnier M 2 -Internet 24
Partage de fichiers q Communication basée sur deux types de protocoles différents v découverte et localisation des fichiers • recherche des données • mettre en contact deux (ou plusieurs) utilisateurs parmi des millions v téléchargement des fichiers H. Fauconnier M 2 -Internet 25
Découverte-localisation q Base v publication des fichiers partagés avec des méta -données v découverte des fichiers disponibles v localisation des sources à télécharger v (En plus • identification des doublons • détection des fichiers corrompus • forums) H. Fauconnier M 2 -Internet 26
Architecture du réseau q Centralisée: un serveur ou un cluster sur lequel les clients se connectent (Napster) q Décentralisée: il n'y a que des clients (Gnutella) q Faiblement centralisée: des clients et des serveurs (Edonkey) q Hybride: les clients peuvent devenir des serveurs H. Fauconnier M 2 -Internet 27
P 2 P: problems with centralized directory q Single point of failure q Performance bottleneck q Copyright infringement H. Fauconnier file transfer is decentralized, but locating content is highly centralized M 2 -Internet 28
Pure P 2 P architecture q no always-on server q arbitrary end systems directly communicate peer-peer q peers are intermittently connected and change IP addresses q Three topics: v File distribution v Searching for information v Case Study: Skype H. Fauconnier M 2 -Internet 29
File Distribution: Server-Client vs P 2 P Question : How much time to distribute file from one server to N peers? us: server upload bandwidth Server us u 1 d 1 u 2 ui: peer i upload bandwidth d 2 File, size F d. N u. N H. Fauconnier di: peer i download bandwidth Network (with abundant bandwidth) M 2 -Internet 30
File distribution time: server-client Server q server sequentially sends N copies: v NF/us time q client i takes F/di time to download F us d. N u 1 d 1 u 2 d 2 Network (with abundant bandwidth) u. N Time to distribute F to N clients using = dcs = max { NF/us, F/min(di) } i client/server approach H. Fauconnier increases linearly in N (for large N) M 2 -Internet 31
File distribution time: P 2 P Server q server must send one u 1 d 1 u 2 F d 2 copy: F/us time us q client i takes F/di time Network (with d. N to download abundant bandwidth) u. N q NF bits must be downloaded (aggregate) r fastest possible upload rate: us + Sui d. P 2 P = max { F/us, F/min(di) , NF/(us + Sui) } i H. Fauconnier M 2 -Internet 32
Server-client vs. P 2 P: example Client upload rate = u, F/u = 1 hour, us = 10 u, dmin ≥ us H. Fauconnier M 2 -Internet 33
- Slides: 33