Case Studies: DNS, X.500, and NARS EEE465 1999 Lecture 38
Major Greg Phillips
Royal Military College of Canada
Electrical and Computer Engineering
greg.phillips@rmc.ca
+01-613-541-6000 ext. 6190
Context
We have looked at the design of a Simple Name Service, discussed some of its deficiencies, and examined some additional design issues for name services Today we will look at two of the most successful name services: the Internet Domain Name System (DNS) and ITU(C) recommendation X.500The Problem
dial
1234
Y
1234
1234?
X
Inefficient Solution I
dial
1234
Y
1234
X
1234?
1234?
1234?
1234?
1234?
1234?
It00 ME!!!
Inefficient Solution II
dial
1234
Y
1234
X
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
1234 : Y
5555
The Usual Solution
dial
1234
Y
1234
X
ask A
A
1234 : Y
1234?
1234 : Y
Internet Domain Name System
pre-DNS (1987), Internet relied on a central hostname database downloaded by FTP to all clients. This did not: scale to large numbers of computers allow distributed administration allow lookups of entities other than hosts key design goal: scalability resolves domain names (e.g., tarpit.rmc.ca) into numeric IP addresses (e.g., 137.94.178.161), and vice versa also responsible for resolving service names (e.g., mail addresses: greg.phillips@rmc.ca) based on a distributed database the hierarchical namespace is divided into zones the responsibility and authority for the names in each zone assigned to a name authority zones can be further divided and authority and responsibility delegated downwardDNS Name Hierarchy
root
edu
gov
net
org
ch
us
au
su
at
rmc
tarpit
An administrative (vice physical) hierarchy. The name itself tells you nothing about IP addresses, routing, or physical location of the named entity.
00eneric00/font>
ISO-3166
int
mil
com
ca
DNS Name Servers
Each zone will have one or more name servers Each server is either a primary or a secondary server primary servers read zone data directly from a local master file secondary servers periodically download data from a primary server Servers typically cache frequently used data from other servers when cached data is supplied, it must be marked as non-authoritative cached data has an associated time to live value, and eventually 00ges out00/font>DNS Lookup
DNS requests are typically directed to a local name server Resolves names within the local domain, plus any cached names Maintains references to other domains at various levels, including the root when a non-resolvable query comes in, it is forwarded to the lowest level appropriate server known by the forwarding server lookup can be either iterative or recursive Also 00everse resolves00 IP addresses to host names using the special in-addr.arpa domainX.500
A directory service or attribute-based name service can store arbitrary attributes allows lookup by arbitrary (and partially-known) attributes, not just known names All information contained in a single global hierarchy called the Directory Information Tree (DIT) stored in the Directory Information Base (DIB) The DIB is organizationally partitioned Actual information partitioned among the distributed servers which provide the service Data structure is object-based; entries have objectClassesX.500 Lookup
can perform lookup (read) based on absolute or relative names relative to a defined context, including a base node can search on a base name and a filter expression base name specifies search start; filter expression specifies success criteria search returns all names for which the filter evaluates true searches can be extremely costly possible to supply additional arguments which restrict search scope X.500 does not specify implementation most systems expected to include replication and caching Lightweight Directory Access Protocol (LDAP) is a small and widely used protocol for accessing X.500 conformant name databases; including RMC00 implemented by many internet directory systems; most web browsers can act as clientsTactical Use of DNS and X.500
DNS and X.500 both require each computer to know of at least one available name server In the tactical domain, the presence of such a server cannot be guaranteedThe Iris Solution (NARS)
dial
1234
Y
1234
X
ask ?
A
1234 : Y
1234?
1234 : Y
A
To $ Port
A 5 M
.....
F 12 R
X 7 L
Y 0 -
....
To $ Port
A 17 Q
.....
F 1 F
X 0 -
Y 7 B
....
Finding the Name Server
dial
1234
Y
1234
X
ask ?
A
1234 : Y
The ADB Calculation
Intermediate
Hash Space
Name
Space
Address
Space
0
n
0000
9999
0.0.0.0
255.255.255.255
1234
A
F
X
Y
Summary
Name services attempt to solve the name or attribute lookup problem name services search by well-known name directory services search by partially-defined attributes DNS is the name service of the Internet has proven very flexible and scalable can also be used in non-Internet contexts X.500 is the most widely implemented directory service standard large and complex; the LDAP subset has enjoyed considerable success NARS is a special purpose name service designed for the tactical environment, where it is unwise to rely on the availability of any particular set of name servers NARS can implement a service which looks like DNS from the client perspective; this is likely to become a requirementNext Class: Course Summary and Exam Study Hints
download Case Studies: DNS, X.500, and NARS EEE465 1999 Lecture 38
