Case Studies: DNS, X'500, and NARS EEE465 1999 Lecture 38

1
Case StudiesDNS, X.500, and NARSEEE465 1999
Lecture 38

• Major Greg Phillips
• Royal Military College of Canada
• Electrical and Computer Engineering
• greg.phillips_at_rmc.ca
• 01-613-541-6000 ext. 6190

2
Context

• We have looked at the design of a Simple Name
  Service, discussed some of its deficiencies, and
  examined some additional design issues for name
  services
• Today we will look at two of the most successful
  name services the Internet Domain Name System
  (DNS) and ITU(C) recommendation X.500

3
The Problem
Y 1234
1234?
X
4
Inefficient Solution I
1234?
1234?
1234?
Y 1234
X
1234?
1234?
1234?
Its ME!!!
5
Inefficient Solution II
1234 Y
1234 Y
Y 1234
1234 Y
X 1234 Y
1234 Y
5555
1234 Y
1234 Y
1234 Y
1234 Y
6
The Usual Solution
Y 1234
X ask A
A 1234 Y
7
Internet Domain Name System

• pre-DNS (1987), Internet relied on a central
  hostname database downloaded by FTP to all
  clients. This did not
• scale to large numbers of computers
• allow distributed administration
• allow lookups of entities other than hosts
• key design goal scalability
• resolves domain names (e.g., tarpit.rmc.ca) into
  numeric IP addresses (e.g., 137.94.178.161), and
  vice versa
• also responsible for resolving service names
  (e.g., mail addresses greg.phillips_at_rmc.ca)
• based on a distributed database
• the hierarchical namespace is divided into zones
• the responsibility and authority for the names in
  each zone assigned to a name authority
• zones can be further divided and authority and
  responsibility delegated downward

8
DNS Name Hierarchy
root
generic
ISO-3166
ch
net
au
at
mil
com
edu
gov
org
us
su
int
ca
rmc
An administrative (vice physical) hierarchy. The
name itself tells you nothing about IP addresses,
routing, or physical location of the named
entity.
tarpit
9
DNS Name Servers

• Each zone will have one or more name servers
• Each server is either a primary or a secondary
  server
• primary servers read zone data directly from a
  local master file
• secondary servers periodically download data from
  a primary server
• Servers typically cache frequently used data from
  other servers
• when cached data is supplied, it must be marked
  as non-authoritative
• cached data has an associated time to live value,
  and eventually ages out

10
DNS Lookup

• DNS requests are typically directed to a local
  name server
• Resolves names within the local domain, plus any
  cached names
• Maintains references to other domains at various
  levels, including the root
• when a non-resolvable query comes in, it is
  forwarded to the lowest level appropriate server
  known by the forwarding server
• lookup can be either iterative or recursive
• Also reverse resolves IP addresses to host
  names using the special in-addr.arpa domain

11
X.500

• A directory service or attribute-based name
  service
• can store arbitrary attributes
• allows lookup by arbitrary (and partially-known)
  attributes, not just known names
• All information contained in a single global
  hierarchy called the Directory Information Tree
  (DIT) stored in the Directory Information Base
  (DIB)
• The DIB is organizationally partitioned
• Actual information partitioned among the
  distributed servers which provide the service
• Data structure is object-based entries have
  objectClasses

12
X.500 Lookup

• can perform lookup (read) based on absolute or
  relative names
• relative to a defined context, including a base
  node
• can search on a base name and a filter expression
• base name specifies search start filter
  expression specifies success criteria
• search returns all names for which the filter
  evaluates true
• searches can be extremely costly
• possible to supply additional arguments which
  restrict search scope
• X.500 does not specify implementation
• most systems expected to include replication and
  caching
• Lightweight Directory Access Protocol (LDAP) is a
  small and widely used protocol for accessing
  X.500 conformant name databases including RMCs
• implemented by many internet directory systems
  most web browsers can act as clients

13
Tactical Use of DNS and X.500

• DNS and X.500 both require each computer to know
  of at least one available name server
• In the tactical domain, the presence of such a
  server cannot be guaranteed

14
The Iris Solution (NARS)
Y 1234
X ask ?
A
A 1234 Y
15
Finding the Name Server
Y 1234
X ask ?
A 1234 Y
16
The ADB Calculation
Intermediate Hash Space
Address Space
Name Space
0
0.0.0.0
0000
A
1234
F
X
Y
9999
255.255.255.255
n
17
Summary

• Name services attempt to solve the name or
  attribute lookup problem
• name services search by well-known name
• directory services search by partially-defined
  attributes
• DNS is the name service of the Internet
• has proven very flexible and scalable
• can also be used in non-Internet contexts
• X.500 is the most widely implemented directory
  service standard
• large and complex the LDAP subset has enjoyed
  considerable success
• NARS is a special purpose name service designed
  for the tactical environment, where it is unwise
  to rely on the availability of any particular set
  of name servers
• NARS can implement a service which looks like DNS
  from the client perspective this is likely to
  become a requirement

18
Next ClassCourse Summary and Exam Study Hints