Name Services

Vidya Satyanarayanan

Why do we need Name Services?

Requirements for name spaces

• Allow simple but meaningful names to be used• Potentially infinite number of names• Structured

– to allow similar subnames without clashes– to group related names

• Allow re-structuring of name trees– for some types of change, old programs

should continue to work• Management of trust

Composed naming domains used to access a resource from a URL

file

Web serverSocket

http://www.cdk3.net:8888/WebExamples/earth.html

URL

Resource ID (IP number, port number, pathname)

138.37.88.61 WebExamples/earth.html8888

DNS lookup

(Ethernet) Network address

2:60:8c:2:b0:5a

ARP lookup

URI

Uniform Resource Identifiers (URI) offer a general solution for any type of resource. There two main classes:

URL Uniform Resource Locator– typed by the protocol field (http, ftp, nfs, etc.)

– resources cannot be moved between domains

URN Uniform Resource Name– Solves the dangling problem of URL.

– Given URN it return the URL.

– requires a universal resource name lookup service - a DNS-like system for all resources

– Format of URN: urn:<nameSpace>:<name-within-namespace>

– e.g. urn:ISBN:021-61918-0

Name Resolution: Navigation methods

Client 12

3

A client iteratively contacts name servers NS1–NS3 in order to resolve a name

NS2

NS1

NS3

Nameservers

Used in:

DNS: Client presents entire name to servers, starting at a local server, NS1. If NS1 has the requested name, it is resolved, else NS1 suggests contacting NS2 (a server for a domain that includes the requested name).

NFS: Client segments pathnames (into 'simple names') and presents them one at a time to a server together with the filehandle of the directory that contains the simple name.

Iterative navigation

Non-recursive and recursive server-controlled navigation

A name server NS1 communicates with other name servers on behalf of a client

Recursiveserver-controlled

1

23

5

4

client

NS2

NS1

NS3

12

34client

NS2

NS1

NS3

Non-recursiveserver-controlled

DNS offers recursive navigation as an option, but iterative is the standard technique. Recursive navigation must be used in domains that limit client access to their DNS information for security reasons.

DNS - The Internet Domain Name System

• A distributed naming database

• Name structure reflects administrative structure of the Internet

• Rapidly resolves domain names to IP addresses– exploits caching heavily

– typical query time ~100 milliseconds

• Scales to millions of computers– partitioned database

– caching

• Resilient to failure of a server– replication

DNS name servers

Note: Name server names are in italics, and the corresponding domains are in parentheses.Arrows denote name server entries

a.root-servers.net(root)

ns0.ja.net(ac.uk)

dns0.dcs.qmw.ac.uk(dcs.qmw.ac.uk)

alpha.qmw.ac.uk(qmw.ac.uk)

dns0-doc.ic.ac.uk(ic.ac.uk)

ns.purdue.edu(purdue.edu)

ukpurdue.edu

ic.ac.uk

qmw.ac.uk...

dcs.qmw.ac.uk*.qmw.ac.uk

*.ic.ac.uk*.dcs.qmw.ac.uk

* .purdue.edu

ns1.nic.uk(uk)

ac.uk...

co.uk

yahoo.com ....

authoritative path to lookup:

jeans-pc.dcs.qmw.ac.uk

DNS server functions and configuration

• Main function is to resolve domain names for computers, i.e. to get their IP addresses (Host name resolution)– caches the results of previous searches until they pass their 'time to

live'

• Other functions:– get mail host for a domain

– reverse resolution - get domain name from IP address

– Host information - type of hardware and OS

– Well-known services - a list of well-known services offered by a host

– Other attributes can be included (optional)

DNS resource records

Record type Meaning Main contentsA A computer address IP numberNS An authoritative name server Domain name for serverCNAME The canonical name for an alias Domain name for aliasSOA Marks the start of data for a zone Parameters governing the zoneWKS A well-known service description List of service names and protocolsPTR Domain name pointer (reverse

lookups)Domain name

HINFO Host information Machine architecture and operatingsystem

MX Mail exchange List of <TXT Text string Arbitrary text

DNS issues

• Name tables change infrequently, but when they do, caching can result in the delivery of stale data.– Clients are responsible for detecting this and recovering

• Its design makes changes to the structure of the name space difficult. For example:– merging previously separate domain trees under a new root– moving sub trees to a different part of the structure (e.g. if

Scotland became a separate country, its domains should all be moved to a new country-level domain.

Directory and discovery services

• Directory service:- 'yellow pages' for the resources in a network– Retrieves the set of names that satisfy a given description – e.g. X.500, LDAP, MS Active Directory Services

• (DNS holds some descriptive data, but:– the data is very incomplete– DNS isn't organised to search it)

• Discovery service:- a directory service that also:– is automatically updated as the network configuration changes– meets the needs of clients in spontaneous networks (Section 2.2.3)– discovers services required by a client (who may be mobile) within the current

scope, for example, to find the most suitable printing service for image files after arriving at a hotel.

– Examples of discovery services: Jini discovery service, the 'service location protocol', the 'simple service discovery protocol' (part of UPnP), the 'secure discovery service'.

Internet

gateway

PDA

service

Music service

serviceDiscovery

Alarm

Camera

Guest'sdevices

LaptopTV/PC

Hotel wirelessnetwork

Revision: Spontaneous networks

• Easy connection of guest's devices– wireless network

– automatic configuration

• Easy integration with local services– discovery of services relevant to guest's needs

Service discovery in Jini

Printing service

serviceLookup

serviceLookup

Printing service

admin

admin

admin, finance

finance

Client

Mobile client

Corporate infoservice

Network2. Here I am: .....

3. Requestprinting &receive proxy

1. ‘finance’ lookup service?

4. Use printing service

• Jini services register their interfaces and descriptions with the Jini lookup services in their scope

• Clients find the Jini lookup services in their scope by IP multicast• Jini lookup service searches by attribute or by interface type

Case Study of Global Name Service

• Designed and implemented to provide facilities for resource location, mail addressing and authentication.

• GNS manages a naming database, composed of a tree of directories holding names and values.– Each directory is assigned an integer which serves as the

unique directory identifier (DI).– The values stored at the leaves of the directory tree are

organized into value trees.– Names in GNS has 2 parts: <directory name, value name>.

GNS directory tree and value tree for user Peter.Smith

UK FR

AC

QMWDI: 322

Peter.Smith

passwordmailboxes

DI: 599 (EC)

DI: 574DI: 543

DI: 437

Alpha GammaBeta

Accommodating the change of structure

• Integrating 2 separate GNS –

• Integrate the database rooted at the EC directory and another directory rooted at NORTH AMERICA.

• When the client refers to the name </UK/AC/QMW, Peter.Smith> with EC as the root, will it still be valid?

• <#599/UK/AC/QMW,Peter.Smith> will work.

EC

UK FR

DI: 599

DI: 574DI: 543

NORTH AMERICA

US

DI: 642

DI: 732

#599 = #633/EC#642 = #633/NORTH AMERICA

Well-known directories:

CANADA

DI: 633 (WORLD)

Restructuring the directory

• Suppose US becomes part of the EC, then names beginning WORLD/NORTH AMERICA/US will no longer work.

• So we insert a “symbolic link” in place of the original US entry which acts as a redirection to the US directory in its new location.

EC

UK FR

DI: 599

DI: 574DI: 543

NORTH AMERICA

US

DI: 642

DI: 457DI: 732

#599 = #633/EC#642 = #633/NORTH AMERICA

Well-known directories:

CANADA

DI: 633 (WORLD)

#633/EC/US

US

• Summary of GNS

GNS addresses the needs for scalability and re-configurability.

The solution adopted for merging & moving directory trees has a lot of overload.

X.500 Directory Service

• Satisfies the descriptive queries, designed to discover the names and attributes of other users or system resources.

• Range of Queries – White pages: e.g. access to obtain a user’s electronic mail address. Yellow pages: e.g. obtaining the names of all the garages specializing in

the repair of a car.

• The data stored is organized in a tree structure with named nodes.

• Supports wide range of attributes,that are stored at each node

• Access both by name and by searching with required attributes.

• The name tree is called the Directory Information Tree (DIT) and the entire directory structure including the data is called the Directory Information Base (DIB).

Servers – Directory Service Agents (DSA).

Clients – Directory User Agents (DUA).

DSA

DSA

DSA

DSA

DSADSADUA

DUA

DUA

Relation between DIB entries and OOPs

... France (country) Great Britain (country) Greece (country)...

BT Plc (organization) University of Gormenghast (organization)... ...

Department of Computer Science (organizationalUnit)

Computing Service (organizationalUnit)

Engineering Department (organizationalUnit)

...

...

X.500 Service (root)

Departmental Staff (organizationalUnit)

Research Students (organizationalUnit)

ely (applicationProcess)...

...

Alice Flintstone (person) Pat King (person) James Healey (person) ...... Janet Papworth (person)...

Methods to access the directory

1. read:

An absolute or relative name for an entry is given, together with the attributes to be read.

2. search:• This is an attribute based access request. A base name

and a filter expression is specified as arguments. • Returns a list of names (Domain Names) for all the entries

below the base node for which the filter evaluates to TRUE.

• Searching is very costly when it is applied to a large portions of directory tree.

Administration and updating of the DIB

• Interface includes operations for adding, deleting and modifying entries.

• Relies on extensive use of replication and caching technologies.

LDAP – Lightweight directory Access Protocol

The Standard interface to X.500 uses LDAP.

The DUA accesses X.500 directory services directly over TCP/IP.

Replaces the ASN.1 encoding with textual encoding.

LDAP can be used as an interface to any Directory Service if it obeys the LDAP specification.

LDAP provides secure access to directory data through authentication.

Summary

Name services:– refer the binding of resource names to addresses (and other attributes)– Names are resolved to give addresses and other attributes– Goals :

• Scalability (size of database, access traffic (hits/second), update traffic)• Reliability• Trust management (authority of servers)

– Issues• exploitation of replication and caching to achieve scalability without

compromising the distribution of updates• navigation methods

Directory and discovery services:– 'yellow pages' retrieval by attributes– dynamic resource registration and discovery