Domain Name System (revision)

Distributed database, maps domain names to IP addresses

RFC 1034, 1035 and lots of other RFCs
Local resolvers send DNS queries to name servers
DNS: System Operation, Top of DNS tree are root servers, A..M
Root servers resolve country-code domains, e.g. .nz, .de
Resource Records and Packet formats Generic Top Level Domain (gTLD) servers A..M resolve
other top-level domains, e.g. .com, .net
Computer Science 742 S2C, 2010 Servers can be authoritative or non-authoritative
Nevil Brownlee Servers can also be primary or secondary (updated at
regular intervals by primary)

DNS COMPSCI 742 S2C, 2010 – p. 1/18 DNS COMPSCI 742 S2C, 2010 – p. 2/18

DNS: looking up a domain name DNS: Nameserver Hierarchy

DNS looks up a Fully Qualified Domain Name (FQDN)
A client sends a lookup query to a nameserver, e.g. using
dig or nslookup. Nameserver will try to answer query
from its own records. If it can’t, it will start either a recursive
or a non-recursive query
Recursive query: DNS server will query higher-level
nameservers on behalf of the client and return the result
‘Higher-level’ normally means walking down the tree from its
root, but it may also mean asking the ‘next-higher’
nameserver
DNS servers usually cache (temporarily store) records
retrieved from other DNS servers – this reduces lookup
traffic
Cached records are ‘non-authoritative,’ genuine original
records are ‘authoritative’

DNS COMPSCI 742 S2C, 2010 – p. 3/18 DNS COMPSCI 742 S2C, 2010 – p. 4/18
DNS: Root Servers Configuring a Nameserver
There are 13 root servers, A-M; e.g. f.root-servers.net, run Nameserver configuration is commonly stored in a zone file
by various different organisations A zone file is a set of DNS Resource Records (RRs), each
There are also 13 gTLD servers, A-M, run by Verisign with several parts, separated by spaces ..
Many of the root servers are anycast Label host or subdomain name (no trailing .)
All instances use the same IP address and AS number Class network: IN = Internet
The global (BGP) routing system finds the ‘best’ instance for Type acronym indicating resource
each user Data varies according to Type
For example, F root has 36 instances. Our closest one is at
APE, floor 54 of the SkyTower Comment starts with a semicolon
Likewise, I root has an instance at WIX in Wellington Values and Identifiers for the RR fields are set out in
Anycast servers share the query load, and make the DNS http://www.bind9.net/dns-parameters
more resilient against attacks An RRset is a group of RRs with the same
Label, Class and Type
More info at http://www.root-servers.org/
You can inspect configurations using dig, the
Domain Information Groper

DNS COMPSCI 742 S2C, 2010 – p. 5/18 DNS COMPSCI 742 S2C, 2010 – p. 6/18

Examining Resource Records (1) Examining Resource Records (2)

Zone file starts with an SOA RR, Start Of Authority dig www.auckland.ac.nz

; <<>> DiG 9.4.3-P1 <<>> www.auckland.ac.nz

SOA sets the TTL for everything in the zone, ;; global options: printcmd
;; Got answer:
and parameters describing this nameserver ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60397
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 4
We can ask dig for a particuar RR type, e.g. SOA .. ;; QUESTION SECTION:
;www.auckland.ac.nz. IN A
Note that dig looks up FQDNs, and prints a trailing dot after ;; ANSWER SECTION:
www.auckland.ac.nz. 1800 IN CNAME www-vip.auckland.ac.nz.
them www-vip.auckland.ac.nz. 1800 IN A 130.216.11.141
;; AUTHORITY SECTION:
; <<>> DiG 9.4.3-P1 <<>> www.auckland.ac.nz SOA auckland.ac.nz. 1800 IN NS dns1.auckland.ac.nz.
; (1 server found) auckland.ac.nz. 1800 IN NS dhcp2.tmk.auckland.ac.nz.
;; global options: printcmd auckland.ac.nz. 1800 IN NS dhcp1.tmk.auckland.ac.nz.
;; Got answer: auckland.ac.nz. 1800 IN NS dns2.auckland.ac.nz.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29502 auckland.ac.nz. 1800 IN NS pubsec.domainz.net.nz.
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; ADDITIONAL SECTION:
;; QUESTION SECTION: dns1.auckland.ac.nz. 1800 IN A 130.216.1.2
;www.auckland.ac.nz. IN SOA dns2.auckland.ac.nz. 1800 IN A 130.216.1.1
dhcp1.tmk.auckland.ac.nz. 1800 IN A 130.216.207.1
;; ANSWER SECTION: dhcp2.tmk.auckland.ac.nz. 1800 IN A 130.216.207.2
www.auckland.ac.nz. 1800 IN CNAME www-vip.auckland.ac.nz.
;; Query time: 18 msec
;; AUTHORITY SECTION: ;; SERVER: 130.216.35.35#53(130.216.35.35)
auckland.ac.nz. 1800 IN SOA dns3.auckland.ac.nz. ;; WHEN: Mon Aug 9 13:26:21 2010
soa.auckland.ac.nz. 2010080922 10800 3600 2419200 1800
;; MSG SIZE rcvd: 253

DNS COMPSCI 742 S2C, 2010 – p. 7/18 DNS COMPSCI 742 S2C, 2010 – p. 8/18
RFC 1035: DNS Message Specifications DNS Header Format (1)
+---------------------+ 1 1 1 1 1 1
| Header | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+---------------------+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Question | the question for the name server | ID |
+---------------------+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Answer | RRs answering the question |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+---------------------+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Authority | RRs pointing toward an authority | QDCOUNT |
+---------------------+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| Additional | RRs holding additional information | ANCOUNT |
+---------------------+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
All five fields above have 16 bits
ID A 16 bit identifier assigned by the program that
Header begins every DNS Message, it points to the four generates any kind of query. This identifier is copied
following sections the corresponding reply and can be used by the requester
to match up replies to outstanding queries.
Next four fields are counts, giving the number of question, QR A one bit field that specifies whether this message is a
query (0), or a response (1).
answer, authority and additional RRs OPCODE Query type. 0 = Standard Query
AA Authoritative Answer.
A count will be zero if there are no RRs of that type
TC TrunCation - specifies that this message was truncated.

DNS COMPSCI 742 S2C, 2010 – p. 9/18 DNS COMPSCI 742 S2C, 2010 – p. 10/18

DNS Header Format (2) RR Format Definitions (1)

RD Recursion Desired - this bit may be set in a query and 1 1 1 1 1 1
is copied into the response. If RD is set, it directs 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
the name server to pursue the query recursively. +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
RA Recursion Available - this be is set or cleared in a / /
response, and denotes whether recursive query support is / NAME /
available in the name server. | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TYPE |
QDCOUNT unsigned 16 bit integer, nbr entries in questions section. +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| CLASS |
ANCOUNT unsigned 16 bit integer, nbr entries in answers section. +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
NSCOUNT unsigned 16 bit integer, nbr entries in ns-records section. | TTL |
| |
ARCOUNT unsigned 16 bit integer, nbr entries in ’additional’ section. +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| RDLENGTH |
RCODE Response code - this 4 bit field is set as part of +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
responses. The values are: / RDATA /
/ /
0 No error condition +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1 Format error - Name server couldn’t interpret the query. NAME an owner name, i.e., the name of the node to which this
resource record pertains.
2 Server failure - Nsme server was unable to process query.
TYPE two octets containing one of the RR TYPE codes.
3 Name Error - Meaningful only for responses from an
authoritative name server, this code signifies that the A(1) = address, NS(2) = authoritative name server,
domain name referenced in the query does not exist. MX(15) = mail exchange, AAAA(28) = IPv6 address
CLASS IN(1) = Internet

DNS COMPSCI 742 S2C, 2010 – p. 11/18 DNS COMPSCI 742 S2C, 2010 – p. 12/18
RR Format Definitions (2) FQDN format in Questions and Answers
TTL a 32 bit signed integer that specifies the time interval A domain name is represented as a sequence of labels,
that the resource record may be cached before the source where each label consists of a length octet followed by
of the information should again be consulted. Zero that number of octets. The domain name terminates with
values are interpreted to mean that the RR can only be the zero length octet for the null label of the root.
used for the transaction in progress, and should not be
cached. Note that this field may be an odd number of octets; no
padding is used.
Resolvers cache looked-up names, with lifetimes (TTLs) Example: 0x3 w w w 0x8 a u c k l a n d 0x2 a c 2 n z 0x0
specified by the nameserver
TLD = .nz
Setting a short lifetime is sometimes used as a form of
server load balancing. This is not a good idea

RDLENGTH an unsigned 16 bit integer that specifies the length in

octets of the RDATA field.

Number of bytes in RDATA, i.e. the field following

RDLENGTH
Every RR has an RDATA field, carrying data specific to that
type of RR

DNS COMPSCI 742 S2C, 2010 – p. 13/18 DNS COMPSCI 742 S2C, 2010 – p. 14/18

DNS Query-Response Times (RTTs) RTT distributions: Plotted with log y scale
A 742 assignment in 2008 gave students a trace file of DNS % 100
DNS RTTs for three TLDs at U Auckland, April 2008

packets, and asked them to plot distributions of the RTTs for .au
.nz
three TLDs, .nz, .au and .com .com

The data covers servers all over the world .. 10

RTTs are strongly influenced by ‘speed-of-light’ propogation,

also by buffering (congestion) delays in routers
1
and (less so) by delays in nameservers
RTT for Sydney is ∼20ms, US West Coast ∼110ms,
US East Coast ∼170ms, Europe ∼300ms 0.1

We used gnuplot to make the plots

Need to be careful when choosing plot axis scales –
a bad choice makes it a lot harder to see ‘interesting’ things! 0.01

0.001
0 50 100 150 200 250 300 350 400 450
Request/Response time (ms)

DNS COMPSCI 742 S2C, 2010 – p. 15/18 DNS COMPSCI 742 S2C, 2010 – p. 16/18
Comments on the RTT plots Another Research Example: Root Server RTTs
All three TLDs show the same sort of distribution Nevil has been measuring Query-Response times to root
spikes at RTTs corresponding to continents and gTLD servers from several locations since 2001
gaps at RTTs corresponding to oceans
The measurement system stores RTT plots in a database
.com has nameservers on all continents, highest There is a web page you can use to look at any of the data ..
concentration on US West Cost one day we’ll find a student to do some statistical analysis of
long-term trends in this data!
.au has its highest concentration of nameservers in Australia
.nz has lots of nameservers in New Zealand, but its highest http://www.caida.org/cgi-bin/dns_perf/main.pl
concentration is in the US!
that’s because it’s cheaper for NZ content providers to have
their servers outside New Zealand

DNS COMPSCI 742 S2C, 2010 – p. 17/18 DNS COMPSCI 742 S2C, 2010 – p. 18/18