>
Case
Studies:
DNS, X.500, and NARS
EEE465 1999
Lecture 38
Major Greg Phillips
Royal Military College
of Canada
Electrical and Computer
Engineering
greg.phillips@rmc.ca
+01-613-541-6000 ext.
6190
Context
We have looked at the
design of a Simple Name Service, discussed some of its deficiencies,
and examined some additional design issues for name services
Today we will look at two
of the most successful name services: the Internet Domain Name System
(DNS) and ITU(C) recommendation X.500
The Problem
dial
1234
Y
1234
1234?
X
Inefficient Solution
I
dial
1234
Y
1234
X
1234?
1234?
1234?
1234?
1234?
1234?
It00
ME!!!
Inefficient Solution
II
dial
1234
Y
1234
X
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
5555
The Usual Solution
dial
1234
Y
1234
X
ask A
A
1234 : Y
1234?
1234
: Y
Internet Domain Name
System
pre-DNS (1987), Internet
relied on a central hostname database downloaded by FTP to all clients.
This did not:
scale
to large numbers of computers
allow distributed
administration
allow lookups
of entities other than hosts
key design goal: scalability
resolves domain names (e.g.,
tarpit.rmc.ca) into numeric IP addresses (e.g., 137.94.178.161), and
vice versa
also responsible for resolving
service names (e.g., mail addresses: greg.phillips@rmc.ca)
based on a distributed database
the hierarchical
namespace is divided into zones
the responsibility
and authority for the names in each zone assigned to a name
authority
zones can
be further divided and authority and responsibility delegated downward
DNS Name Hierarchy
root
edu
gov
net
org
ch
us
au
su
at
rmc
tarpit
An administrative (vice
physical) hierarchy. The name itself tells you nothing about IP addresses,
routing, or physical location of the named entity.
00eneric00/font>
ISO-3166
int
mil
com
ca
DNS Name Servers
Each zone will have one or
more name servers
Each server is either a primary
or a secondary
server
primary
servers read zone data directly from a local master file
secondary
servers periodically download data from a primary server
Servers typically cache frequently
used data from other servers
when cached
data is supplied, it must be marked as non-authoritative
cached data
has an associated time to live value,
and eventually 00ges out00/font>
DNS Lookup
DNS requests are typically
directed to a local name server
Resolves names within the
local domain, plus any cached names
Maintains references to other
domains at various levels, including the root
when a
non-resolvable query comes in, it is forwarded to the lowest level appropriate
server known by the forwarding server
lookup can
be either iterative or recursive
Also 00everse resolves00
IP addresses to host names using the special in-addr.arpa domain
X.500
A directory
service or attribute-based
name service
can store
arbitrary attributes
allows lookup
by arbitrary (and partially-known) attributes, not just known names
All information contained
in a single global hierarchy called the Directory
Information Tree (DIT) stored
in the Directory
Information Base (DIB)
The DIB is organizationally
partitioned
Actual information partitioned
among the distributed servers which provide the service
Data structure is object-based;
entries have objectClasses
X.500 Lookup
can perform lookup (read)
based on absolute or relative names
relative
to a defined context, including a base node
can search on a base
name and a filter
expression
base name
specifies search start; filter expression specifies success criteria
search returns
all names for which the filter evaluates true
searches
can be extremely costly
possible
to supply additional arguments which restrict search scope
X.500 does not specify implementation
most systems
expected to include replication and caching
Lightweight Directory Access
Protocol (LDAP) is a small and widely used protocol for accessing
X.500 conformant name databases; including RMC00
implemented
by many internet directory systems; most web browsers can act as clients
Tactical Use of DNS
and X.500
DNS and X.500 both require
each computer to know of at least one available name server
In the tactical domain, the
presence of such a server cannot be guaranteed
The Iris Solution
(NARS)
dial
1234
Y
1234
X
ask ?
A
1234 : Y
1234?
1234
: Y
A
To $
Port
A
5 M
.....
F
12 R
X
7 L
Y
0 -
....
To $
Port
A
17 Q
.....
F
1 F
X
0 -
Y 7 B
....
Finding the Name
Server
dial
1234
Y
1234
X
ask ?
A
1234 : Y
The ADB Calculation
Intermediate
Hash Space
Name
Space
Address
Space
0
n
0000
9999
0.0.0.0
255.255.255.255
1234
A
F
X
Y
Summary
Name services attempt to
solve the name or attribute lookup problem
name services
search by well-known name
directory
services search by partially-defined attributes
DNS is the name service of
the Internet
has proven
very flexible and scalable
can also
be used in non-Internet contexts
X.500 is the most widely
implemented directory service standard
large and
complex; the LDAP subset has enjoyed considerable success
NARS is a special purpose
name service designed for the tactical environment, where it is unwise
to rely on the availability of any particular set of name servers
NARS can
implement a service which looks like DNS from the client perspective;
this is likely to become a requirement
Next
Class:
Course Summary and Exam Study Hints
Case Studies: DNS, X.500, and NARS EEE465 1999 Lecture 38
127.5k 
