TCP/IP Illustracted Vol1.TCP/IP Illustracted Vol1.

제목 제목 : DNS - DDDS: DNS - DDDS

2005. 4. 11( 월 )한 민 규

icemk@mclab.hufs.ac.kr

ContentContent DNS(Domain Name System)

IPv4/v6 DNS

DDDS(Dynamic Delegation Discovery System) NAPTR RR

DNS – What is DNS? DNS – What is DNS? DNS(Domain Name System)

A database that is used by TCP/IP applications to map between hostnames and IP addresses, and to provide E-mail routing information

Characteristics of DNS A hierarchical namespace for hosts and IP addresses A host table implemented as a distributed database A Client/Server system

Components of DNS Namespace and Resource Record Name Server Resolver(Client)

DNS – What is DNS?(Con’t)DNS – What is DNS?(Con’t)

Resolver

LocalNameServer

“.”Name Server

“kr”Name Server

“ac.kr”Name Server

“hufs.ac.kr”Name Server

“.”

“kr” “jp” “com”

“ac” “co”

“hufs” “…”

Reso

lver

Qu

ery

Answ

er

Query for add. A

Query for add. A

Query for add. A

Query for add. A

add. A ::= mclab.hufs.ac.kr

Referral to kr NS

Referral to ac.kr NS

Referral to hufs.ac.kr NS

Answer to mclab.hufs..ac.kr

DNS – What is DNS?(Con’t)DNS – What is DNS?(Con’t) Namespace

DNS namespace is a tree of “domains” Resource Records(RR)

RRs contain the data associated with domain names

Name Server The server programs that store information

about the domain name space Resolver(Client)

The programs that extract information from name servers in response to client requests gethostbyname(3) : hostname -> IP address gethostbyaddr(3) : IP address -> hostname

DNS – What is BIND?DNS – What is BIND? BIND(Berkeley Internet Name Domain system)

A open source software package that implements the DNS protocol and provides name service on systems(UNIX & NT)

Characteristics of BIND Same as DNS, a Client/Server system Client side : resolver / Server side : named

Components of BIND DNS Server(named) DNS Resolver library Tools for verifying the proper operation of the DNS server

DNS – What is BIND?(Con’t)DNS – What is BIND?(Con’t) BIND – DNS Implement S/W BIND Configuration Step

/etc/named.conf – BIND 환경설정 /etc/resolve.conf – 네임서버 지정 /etc/hosts – 원격호스트의 호스트 이름과 IP

주소지정 /var/named/*.zone – Forward Zone file

( 실제 호스트에 대한 정보 ) /var/named/*.rev – Reverse Zone file

DNS – What is BIND(Con’t)DNS – What is BIND(Con’t) DNS Server(named)

Answers queries about hostname and IP addresses. Asks other servers and caches their responses zone transfers

DNS Resolver library Contains the routines that you need to write your

application. May use the generate query or the name server

library routines Tools for verifying the proper operation of the DNS

server Provide a command-line interface for excuting DNS

queries e.g. – dig : same as “nslookup”, but more information. nslookup : query name servers interactively

DNS-MessageDNS-Message

Questions

Answers(variable number of RRs)

Identification Flag

Number of questions Number of answer RRs

Number of authority RRs Number of additional RRs

12 byte

Authority(variable number of RRs)

Additional information(variable number of RRs)

0 15 16 31

DNS – Message(Header)DNS – Message(Header) Header Format

ID

0 15

QR(1)

Opcode

(4)

AA(1)

TC(1)

RD(1)

RA(1)

Z(3)

RCODE(3)

QDCOUNT (Number of Question)

ANCOUNT (Variable number of answer RRs)

NSCOUNT (Variable number of Authority RRs)

ARCOUNT (Variable number of Additional RRs)

QR : Query or Response Query Request : 0 Response : 1OPCODE : Query Request side set 0 : Standard Query 1 : Inverse Query 2 : Server state Request(STATUS) 3 – 15 : unusedAA : Authoritative Answer TC : Truncation(512 byte)RD : Recursion Desired RA : Recursion AvailableZ : ReservedRCODE : Response Code 0 : No error condition 1 : Format Error 2 : Server Failure 3 : Name Error 4 : Not Completed 5 : Refused 6 – 15 : unused

DNS-Message(Con’t)DNS-Message(Con’t)

Flag

Query message

Representation of domain name

QR opcode AA TC RD RA (zero) rcode

1 4 1 1 1 1 3 4

Query name

Query type Query class

0 15 16 31

t s4 k4 i m l u 2 c 2ak rk

count count countcount

0

count

DNS-RR’sDNS-RR’s

Basic format of RR(RFC 1035 Based)

class

Time-to-live

type

Domain name

Resource data length

Resource data

0 15 16 31

DNS – RR’s(Con’t)DNS – RR’s(Con’t) Type

Type Value meaningA 1 a host address NS 2 an authoritative name server MD 3 a mail destination (Obsolete - use MX) MF 4 a mail forwarder (Obsolete - use MX) CNAME 5 the canonical name for an alias SOA 6 marks the start of a zone of authority MB 7 a mailbox domain name (EXPERIMENTAL) MG 8 a mail group member (EXPERIMENTAL) MR 9 a mail rename domain name (EXPERIMENTAL) NULL 10 a null RR (EXPERIMENTAL) WKS 11 a well known service description PTR 12 a domain name pointer HINFO 13 host information MINFO 14 mailbox or mail list information MX 15 mail exchange TXT 16 text strings

DNS – RR’s (example)DNS – RR’s (example)

DNS – RR’s (example)DNS – RR’s (example)

DNS – RR’s(example)DNS – RR’s(example)

IP datagram

UDP datagram

DNS message

IP header

UDP header

DNS header

Question Answer #1(RR) Answer #2(RR)

Domain name(6gemini3tuc4noao3edu0)

qtype(1)

qclass(1)

ptr(12)

type(1)

class(1)

TTLlength

(4)IP addr

21 bytes 2 2 2222 4 4

25 1612820 16

DNSv6 IssueDNSv6 Issue Fragmentation

DNS Response Size 13 개의 Root NameServer UDP 를 사용한 DNS 메시지는 512 바이트로 최대

길이가 제한 512byte 초과시 TC bit Set TCP 연결요구

IPv6 Only Network13 IPv4 Only Root Name Server

[a-m].root.servers.net

IPv6-OnlyCache

NameServer

Resolver

QueryIpv6.etri.or.kr

ReplyTimeOut

“.”NameServer

.kr

.

.or

Query ‘Ipv6.etri.or.kr’ RR-AAAA

.etri

Ipv6

FAIL

IPv4 Only Network

IPv4-OnlyCache

NameServer

Resolver

QueryIpv6.etri.or.kr

ReplyTimeOut

“.”NameServer

.kr

.

.or

Query ‘Ipv6.etri.or.kr’ RR-A

.etri

Ipv6

“.kr”NameServer

“.or.kr”NameServer

“.etri.or.kr”IPv6 Only

NameServer

FAILRR-A

DNSv6 Issue(con’t)DNSv6 Issue(con’t) Lame Delegation

잘못된 위임정보 캐슁 리졸버의 레코드 유지

전환메커니즘과의 연동 IP Layer 에서의 DNS 관점

Public IPv4/IPv6 Host

Host 관점에서의 전환메커니즘 IPv4/IPv6 Connectivity 보장

etri . or. kr 300 I N MX I pv6. etri . or. krI pv6. etri . or. kr 300 I N A 192. 0. 2. 1I Pv6. etri . or. kr 100 I N AAAA 2001: db8: : 1

Configuration File - /etc/named.confConfiguration File - /etc/named.conf

Zone File – Forward Zone File – Forward

Zone File - ReverseZone File - Reverse

DNS – Query Flow(A/AAAA)DNS – Query Flow(A/AAAA)

Eth0 : 192.168.5.2 Ipv6 :: 2

Eth1 : 192.168.6.10 IPv6 ::10

Eth1 : 192.168.6.1 IPv6 ::1

Eth0 : 192.168.5.1 IPv6 ::1

Eth2 : 192.168.4.1 IPv6 ::1

Eth1 : 192.168.4.3 IPv6 ::3

Eth0 : 192.168.5.100 IPv6 :: 100

Eth0 : 192.168.2.2 IPv6 ::2

Eth0 : 192.168.6.100 IPv6 ::100

ns.krns.or.kr

ns.hufs.or.krns.etri.or.kr

Ipv6.etri.or.kr Mclab.hufs.or.kr

Eth0 : 192.168.2.1 IPv6 ::1

Eth2 : 192.168.3.2 IPv6 ::2

Eth1 : 192.168.3.1 IPv6 ::1

delegation

IPv6 Address delegation

delegation

3ffe:2e01:1:2000::/64

3ffe:2e01:1:4000::/64

3ffe:2e01:1:1000::/643ffe:2e01:1:5000::/64

FAIL

DNS Query Response<mclab.hufs.or.kr AAAA IPv6

Address>

DNS QueryIpv6.etri.or.kr. AAAA ?

DNS Query Response<Ipv6.etri.or.kr AAAA IPv6 Address>

DNS Query Reponse<OR.KR. NS NS.OR.KR>

<NS.OR.KR AAAA IPv6 6to4 Address>

DNS Querymclab.hufs.or.kr. AAAA ?

DNS Query Response<KR NS NS.KR>

<NS.KR A ipv4_address>

DNS Querymclab.hufs.or.kr. AAAA ?

“.KR” DNS .OR DNSLocal

DNS(HUFS)Recursive Name

Server(ns.etri.or.kr)IPv6

Host(ETRI)

DNS Querymclab.hufs.or.kr

AAAAIPv4 IPv6

mclab

6to4 Tunneling 통신

IPv4/IPv6 Support DNS

DDDS (Dynamic Delegation Discovery DDDS (Dynamic Delegation Discovery System)System) 목표

인터넷 식별 체계는 URN 체계에 기반하고 있으며 , URN 기반 식별 체계는 궁극적으로 URL 이나 기타 원하는 정보 형태로 변환하여 서비스되어야 한다 . 이러한 변환 기능에 대한 국제적으로 통일된 체계를 제공함으로써 상호간의 운용성과 확장성을 제공하기 위하여 표준을 제정

DDDS AlgorithmDDDS Algorithm 용어정의

AUS (Application Unique String) Rewrite Rule (or Rewrite Rule Set) FWKR (First Well Known Rule) Terminal Rule Application Rule Database

위임 단계에서 사용되는 것을 나타내는 키를 가진 규칙 DB

Service Flag

응용에 신호를 보내기 위한 규칙을 위한 방법

DDDS – Algorithm FlowDDDS – Algorithm FlowAUS

FWKR

First Key

Key

Lookup Key in DDDS DB

RuleSet

Non Empty 결과가 나올 때 까지 AUS 에 규칙 적용

Key

매칭규칙 종료 ?

마지막 규칙 결과가 응용이 원하는 결과

No

DDDS – Rule StructureDDDS – Rule Structure Preference

규칙 중에서 어느 것이 우선권을 가지는지 나타내는 숫자

Flag 규칙이 마지막으로 적용될지 결정하는 속성을 명시

마지막 규칙은 종료 규칙

Service 위임의 의미적 속성

Replacement DDDS 마지막 결과인 문자열을 만드는 다시 쓰기

규칙 종료 규칙의 결과로써 위임 서버 연결정보

DDDS Rule Structure (Con’t)DDDS Rule Structure (Con’t)

URI System1AUS

System1

System1

System n

Rule

Rule

Rule

DDDS DB

NAPTR RR Rules &

Domain Names

DDDS DB : DNS

Key Format : DNS Domain Name

Lookup Request : 주어진 Key 의 RuleSet 을 위하여 NAPTR RR 요청

Lookup Response : 연속적 NAPTR 레코드

DDDS DB – DNS Match(NAPTR)DDDS DB – DNS Match(NAPTR) NAPTR 형식 Order : NAPTR 레코드 순서 Preference

같은 Order 를 가진 레코드가 처리해야 하는 순서 Flag

Rewrite 와 필드해석에 대한 제어를 위한 1 글자 Services

위임경로에 적용하는 서비스 매개변수를 나타내는 문자열 스트링

Regexp 다음 도메인을 찾기에 적용하기 위하여 , 하나의

스트링에 적용하는 대체 표현을 포함하는 스트링 Replacement

Flag 필드에서 발견된 값에 의존한 다음 도메인 이름

DDDS DNS DB - URN ExampleDDDS DNS DB - URN Example URI : urn:cid:1234567@bar.example.com

FWKR : cid( 첫 번째 “ :” 과 두 번째 “ :” 사이 글자 추출

DB 에 유효한 키를 만들기 위하여 ‘ urn.arpa’ 가 FWKR 에 붙여져 , ‘cid.urn.arpa’ 를 만든다 .

cid.urn.arpa domain 을 위한 NAPTR 레코드의 DNS Query

cid.urn.arpa;; order pref flags service regexp replacementIN NAPTR 100 10 “” “” “!urn:cid:.+@([^\.]+\.)+\.)(.*)$!\2! .Regexp 의 \2 부분은 ‘ example.com’ 스크링을 돌려준다 . Flag 필드가 비어있으므로 Lookup 은 종료가 아님 . 다음 검사는 새로운 도메인인 ‘ example.com’ 의 NAPTR레코드이다 .example.com;; order pref flags service regexp replacementIN NAPTR 100 10 “a” “http+N2L+N2C+N2R” “” www.example.com

Service field = [[protocol]*(+” rs)] : rs filed 32 char N2L(URNURL), N2R(URN->Resource), N2C(URN->RUC)

NAPTR – Flag fieldNAPTR – Flag field Field Value = ‘S’ ‘A’ ‘U’ ‘P’

‘S’ : 다음 lookup 이 DNS SRV(DNS specifying the location service) 레코드임을 의미한다 .

‘A’ : 다음 lookup 이 A, AAAA 레코드임을 의미한다 . ‘U’ : 다음 과정은 DNS lookup 이 아니라 Regexp

필드의 결과임을 나타낸다 . ‘P’ : 이후의 과정이 프로토콜에 의존적인 것이므로 더

이상 DNS 질의를 하지 않아야 한다는 것을 의미한다 .‘S’ ‘A’ ‘U’ – Terminating Rule

onspc.com;; order pref flags service regexp replacementIN NAPTR 0 0 “u” “EPC+epcis” “!^.*$!http://example.com/cgi-bin/epcis! .

DDDS DB – ONSDDDS DB – ONS RFID CODE – EPC vs NIDA

<item reference>.<Company prefix>.<header value>.sgtin.id.onsepc.com<item reference>.<Company prefix>.<header value>.sgtin.id.onsepc.com urn:epc:id:sgtin:2.24.400

Remove the ‘urn:epc:’ header (leaving id:sgtin:2.24.400) Remove the item field(leaving id:sgtin:2.24) Invert the order of the remaining fields(leaving 24.2:sgtin:id) Convert the “:” to “.” (leaving 24.2.sgtin.id) Append ‘.onsepc.com’(ending up with 24.3.sgtin.id.onsepc.com)

<item reference>.<Company prefix>.<Code Type>.ods.or.kr