Upload
dennis
View
102
Download
3
Tags:
Embed Size (px)
DESCRIPTION
제목 : DNS - DDDS. 2005. 4. 11( 월 ) 한 민 규 [email protected]. DNS(Domain Name System) IPv4/v6 DNS DDDS(Dynamic Delegation Discovery System) NAPTR RR. Content. DNS – What is DNS?. DNS( D omain N ame S ystem) - PowerPoint PPT Presentation
Citation preview
TCP/IP Illustracted Vol1.TCP/IP Illustracted Vol1.
제목 제목 : DNS - DDDS: DNS - DDDS
2005. 4. 11( 월 )한 민 규
ContentContent DNS(Domain Name System)
IPv4/v6 DNS
DDDS(Dynamic Delegation Discovery System) NAPTR RR
DNS – What is DNS? DNS – What is DNS? DNS(Domain Name System)
A database that is used by TCP/IP applications to map between hostnames and IP addresses, and to provide E-mail routing information
Characteristics of DNS A hierarchical namespace for hosts and IP addresses A host table implemented as a distributed database A Client/Server system
Components of DNS Namespace and Resource Record Name Server Resolver(Client)
DNS – What is DNS?(Con’t)DNS – What is DNS?(Con’t)
Resolver
LocalNameServer
“.”Name Server
“kr”Name Server
“ac.kr”Name Server
“hufs.ac.kr”Name Server
“.”
“kr” “jp” “com”
“ac” “co”
“hufs” “…”
Reso
lver
Qu
ery
Answ
er
Query for add. A
Query for add. A
Query for add. A
Query for add. A
add. A ::= mclab.hufs.ac.kr
Referral to kr NS
Referral to ac.kr NS
Referral to hufs.ac.kr NS
Answer to mclab.hufs..ac.kr
DNS – What is DNS?(Con’t)DNS – What is DNS?(Con’t) Namespace
DNS namespace is a tree of “domains” Resource Records(RR)
RRs contain the data associated with domain names
Name Server The server programs that store information
about the domain name space Resolver(Client)
The programs that extract information from name servers in response to client requests gethostbyname(3) : hostname -> IP address gethostbyaddr(3) : IP address -> hostname
DNS – What is BIND?DNS – What is BIND? BIND(Berkeley Internet Name Domain system)
A open source software package that implements the DNS protocol and provides name service on systems(UNIX & NT)
Characteristics of BIND Same as DNS, a Client/Server system Client side : resolver / Server side : named
Components of BIND DNS Server(named) DNS Resolver library Tools for verifying the proper operation of the DNS server
DNS – What is BIND?(Con’t)DNS – What is BIND?(Con’t) BIND – DNS Implement S/W BIND Configuration Step
/etc/named.conf – BIND 환경설정 /etc/resolve.conf – 네임서버 지정 /etc/hosts – 원격호스트의 호스트 이름과 IP
주소지정 /var/named/*.zone – Forward Zone file
( 실제 호스트에 대한 정보 ) /var/named/*.rev – Reverse Zone file
DNS – What is BIND(Con’t)DNS – What is BIND(Con’t) DNS Server(named)
Answers queries about hostname and IP addresses. Asks other servers and caches their responses zone transfers
DNS Resolver library Contains the routines that you need to write your
application. May use the generate query or the name server
library routines Tools for verifying the proper operation of the DNS
server Provide a command-line interface for excuting DNS
queries e.g. – dig : same as “nslookup”, but more information. nslookup : query name servers interactively
DNS-MessageDNS-Message
Questions
Answers(variable number of RRs)
Identification Flag
Number of questions Number of answer RRs
Number of authority RRs Number of additional RRs
12 byte
Authority(variable number of RRs)
Additional information(variable number of RRs)
0 15 16 31
DNS – Message(Header)DNS – Message(Header) Header Format
ID
0 15
QR(1)
Opcode
(4)
AA(1)
TC(1)
RD(1)
RA(1)
Z(3)
RCODE(3)
QDCOUNT (Number of Question)
ANCOUNT (Variable number of answer RRs)
NSCOUNT (Variable number of Authority RRs)
ARCOUNT (Variable number of Additional RRs)
QR : Query or Response Query Request : 0 Response : 1OPCODE : Query Request side set 0 : Standard Query 1 : Inverse Query 2 : Server state Request(STATUS) 3 – 15 : unusedAA : Authoritative Answer TC : Truncation(512 byte)RD : Recursion Desired RA : Recursion AvailableZ : ReservedRCODE : Response Code 0 : No error condition 1 : Format Error 2 : Server Failure 3 : Name Error 4 : Not Completed 5 : Refused 6 – 15 : unused
DNS-Message(Con’t)DNS-Message(Con’t)
Flag
Query message
Representation of domain name
QR opcode AA TC RD RA (zero) rcode
1 4 1 1 1 1 3 4
Query name
Query type Query class
0 15 16 31
t s4 k4 i m l u 2 c 2ak rk
count count countcount
0
count
DNS-RR’sDNS-RR’s
Basic format of RR(RFC 1035 Based)
class
Time-to-live
type
Domain name
Resource data length
Resource data
0 15 16 31
DNS – RR’s(Con’t)DNS – RR’s(Con’t) Type
Type Value meaningA 1 a host address NS 2 an authoritative name server MD 3 a mail destination (Obsolete - use MX) MF 4 a mail forwarder (Obsolete - use MX) CNAME 5 the canonical name for an alias SOA 6 marks the start of a zone of authority MB 7 a mailbox domain name (EXPERIMENTAL) MG 8 a mail group member (EXPERIMENTAL) MR 9 a mail rename domain name (EXPERIMENTAL) NULL 10 a null RR (EXPERIMENTAL) WKS 11 a well known service description PTR 12 a domain name pointer HINFO 13 host information MINFO 14 mailbox or mail list information MX 15 mail exchange TXT 16 text strings
DNS – RR’s (example)DNS – RR’s (example)
DNS – RR’s (example)DNS – RR’s (example)
DNS – RR’s(example)DNS – RR’s(example)
IP datagram
UDP datagram
DNS message
IP header
UDP header
DNS header
Question Answer #1(RR) Answer #2(RR)
Domain name(6gemini3tuc4noao3edu0)
qtype(1)
qclass(1)
ptr(12)
type(1)
class(1)
TTLlength
(4)IP addr
21 bytes 2 2 2222 4 4
25 1612820 16
DNSv6 IssueDNSv6 Issue Fragmentation
DNS Response Size 13 개의 Root NameServer UDP 를 사용한 DNS 메시지는 512 바이트로 최대
길이가 제한 512byte 초과시 TC bit Set TCP 연결요구
IPv6 Only Network13 IPv4 Only Root Name Server
[a-m].root.servers.net
IPv6-OnlyCache
NameServer
Resolver
QueryIpv6.etri.or.kr
ReplyTimeOut
“.”NameServer
.kr
.
.or
Query ‘Ipv6.etri.or.kr’ RR-AAAA
.etri
Ipv6
FAIL
IPv4 Only Network
IPv4-OnlyCache
NameServer
Resolver
QueryIpv6.etri.or.kr
ReplyTimeOut
“.”NameServer
.kr
.
.or
Query ‘Ipv6.etri.or.kr’ RR-A
.etri
Ipv6
“.kr”NameServer
“.or.kr”NameServer
“.etri.or.kr”IPv6 Only
NameServer
FAILRR-A
DNSv6 Issue(con’t)DNSv6 Issue(con’t) Lame Delegation
잘못된 위임정보 캐슁 리졸버의 레코드 유지
전환메커니즘과의 연동 IP Layer 에서의 DNS 관점
Public IPv4/IPv6 Host
Host 관점에서의 전환메커니즘 IPv4/IPv6 Connectivity 보장
etri . or. kr 300 I N MX I pv6. etri . or. krI pv6. etri . or. kr 300 I N A 192. 0. 2. 1I Pv6. etri . or. kr 100 I N AAAA 2001: db8: : 1
Configuration File - /etc/named.confConfiguration File - /etc/named.conf
Zone File – Forward Zone File – Forward
Zone File - ReverseZone File - Reverse
DNS – Query Flow(A/AAAA)DNS – Query Flow(A/AAAA)
Eth0 : 192.168.5.2 Ipv6 :: 2
Eth1 : 192.168.6.10 IPv6 ::10
Eth1 : 192.168.6.1 IPv6 ::1
Eth0 : 192.168.5.1 IPv6 ::1
Eth2 : 192.168.4.1 IPv6 ::1
Eth1 : 192.168.4.3 IPv6 ::3
Eth0 : 192.168.5.100 IPv6 :: 100
Eth0 : 192.168.2.2 IPv6 ::2
Eth0 : 192.168.6.100 IPv6 ::100
ns.krns.or.kr
ns.hufs.or.krns.etri.or.kr
Ipv6.etri.or.kr Mclab.hufs.or.kr
Eth0 : 192.168.2.1 IPv6 ::1
Eth2 : 192.168.3.2 IPv6 ::2
Eth1 : 192.168.3.1 IPv6 ::1
delegation
IPv6 Address delegation
delegation
3ffe:2e01:1:2000::/64
3ffe:2e01:1:4000::/64
3ffe:2e01:1:1000::/643ffe:2e01:1:5000::/64
FAIL
DNS Query Response<mclab.hufs.or.kr AAAA IPv6
Address>
DNS QueryIpv6.etri.or.kr. AAAA ?
DNS Query Response<Ipv6.etri.or.kr AAAA IPv6 Address>
DNS Query Reponse<OR.KR. NS NS.OR.KR>
<NS.OR.KR AAAA IPv6 6to4 Address>
DNS Querymclab.hufs.or.kr. AAAA ?
DNS Query Response<KR NS NS.KR>
<NS.KR A ipv4_address>
DNS Querymclab.hufs.or.kr. AAAA ?
“.KR” DNS .OR DNSLocal
DNS(HUFS)Recursive Name
Server(ns.etri.or.kr)IPv6
Host(ETRI)
DNS Querymclab.hufs.or.kr
AAAAIPv4 IPv6
mclab
6to4 Tunneling 통신
IPv4/IPv6 Support DNS
DDDS (Dynamic Delegation Discovery DDDS (Dynamic Delegation Discovery System)System) 목표
인터넷 식별 체계는 URN 체계에 기반하고 있으며 , URN 기반 식별 체계는 궁극적으로 URL 이나 기타 원하는 정보 형태로 변환하여 서비스되어야 한다 . 이러한 변환 기능에 대한 국제적으로 통일된 체계를 제공함으로써 상호간의 운용성과 확장성을 제공하기 위하여 표준을 제정
DDDS AlgorithmDDDS Algorithm 용어정의
AUS (Application Unique String) Rewrite Rule (or Rewrite Rule Set) FWKR (First Well Known Rule) Terminal Rule Application Rule Database
위임 단계에서 사용되는 것을 나타내는 키를 가진 규칙 DB
Service Flag
응용에 신호를 보내기 위한 규칙을 위한 방법
DDDS – Algorithm FlowDDDS – Algorithm FlowAUS
FWKR
First Key
Key
Lookup Key in DDDS DB
RuleSet
Non Empty 결과가 나올 때 까지 AUS 에 규칙 적용
Key
매칭규칙 종료 ?
마지막 규칙 결과가 응용이 원하는 결과
No
DDDS – Rule StructureDDDS – Rule Structure Preference
규칙 중에서 어느 것이 우선권을 가지는지 나타내는 숫자
Flag 규칙이 마지막으로 적용될지 결정하는 속성을 명시
마지막 규칙은 종료 규칙
Service 위임의 의미적 속성
Replacement DDDS 마지막 결과인 문자열을 만드는 다시 쓰기
규칙 종료 규칙의 결과로써 위임 서버 연결정보
DDDS Rule Structure (Con’t)DDDS Rule Structure (Con’t)
URI System1AUS
System1
System1
System n
Rule
Rule
Rule
DDDS DB
NAPTR RR Rules &
Domain Names
DDDS DB : DNS
Key Format : DNS Domain Name
Lookup Request : 주어진 Key 의 RuleSet 을 위하여 NAPTR RR 요청
Lookup Response : 연속적 NAPTR 레코드
DDDS DB – DNS Match(NAPTR)DDDS DB – DNS Match(NAPTR) NAPTR 형식 Order : NAPTR 레코드 순서 Preference
같은 Order 를 가진 레코드가 처리해야 하는 순서 Flag
Rewrite 와 필드해석에 대한 제어를 위한 1 글자 Services
위임경로에 적용하는 서비스 매개변수를 나타내는 문자열 스트링
Regexp 다음 도메인을 찾기에 적용하기 위하여 , 하나의
스트링에 적용하는 대체 표현을 포함하는 스트링 Replacement
Flag 필드에서 발견된 값에 의존한 다음 도메인 이름
DDDS DNS DB - URN ExampleDDDS DNS DB - URN Example URI : urn:cid:[email protected]
FWKR : cid( 첫 번째 “ :” 과 두 번째 “ :” 사이 글자 추출
DB 에 유효한 키를 만들기 위하여 ‘ urn.arpa’ 가 FWKR 에 붙여져 , ‘cid.urn.arpa’ 를 만든다 .
cid.urn.arpa domain 을 위한 NAPTR 레코드의 DNS Query
cid.urn.arpa;; order pref flags service regexp replacementIN NAPTR 100 10 “” “” “!urn:cid:.+@([^\.]+\.)+\.)(.*)$!\2! .Regexp 의 \2 부분은 ‘ example.com’ 스크링을 돌려준다 . Flag 필드가 비어있으므로 Lookup 은 종료가 아님 . 다음 검사는 새로운 도메인인 ‘ example.com’ 의 NAPTR레코드이다 .example.com;; order pref flags service regexp replacementIN NAPTR 100 10 “a” “http+N2L+N2C+N2R” “” www.example.com
Service field = [[protocol]*(+” rs)] : rs filed 32 char N2L(URNURL), N2R(URN->Resource), N2C(URN->RUC)
NAPTR – Flag fieldNAPTR – Flag field Field Value = ‘S’ ‘A’ ‘U’ ‘P’
‘S’ : 다음 lookup 이 DNS SRV(DNS specifying the location service) 레코드임을 의미한다 .
‘A’ : 다음 lookup 이 A, AAAA 레코드임을 의미한다 . ‘U’ : 다음 과정은 DNS lookup 이 아니라 Regexp
필드의 결과임을 나타낸다 . ‘P’ : 이후의 과정이 프로토콜에 의존적인 것이므로 더
이상 DNS 질의를 하지 않아야 한다는 것을 의미한다 .‘S’ ‘A’ ‘U’ – Terminating Rule
onspc.com;; order pref flags service regexp replacementIN NAPTR 0 0 “u” “EPC+epcis” “!^.*$!http://example.com/cgi-bin/epcis! .
DDDS DB – ONSDDDS DB – ONS RFID CODE – EPC vs NIDA
<item reference>.<Company prefix>.<header value>.sgtin.id.onsepc.com<item reference>.<Company prefix>.<header value>.sgtin.id.onsepc.com urn:epc:id:sgtin:2.24.400
Remove the ‘urn:epc:’ header (leaving id:sgtin:2.24.400) Remove the item field(leaving id:sgtin:2.24) Invert the order of the remaining fields(leaving 24.2:sgtin:id) Convert the “:” to “.” (leaving 24.2.sgtin.id) Append ‘.onsepc.com’(ending up with 24.3.sgtin.id.onsepc.com)
<item reference>.<Company prefix>.<Code Type>.ods.or.kr