DNS pair- à- pair début

(1)

DNS – pair-‐à-‐pair début

(2)

DNS: Domain Name System

People: many identifiers:

v  SSN, name, passport #

Internet hosts, routers:

v  IP address (32 bit) - used for addressing datagrams

v  “name”, e.g.,

ww.yahoo.com - used by humans

Q: map between IP

addresses and name ?

Domain Name System:

q  distributed database

implemented in hierarchy of many name servers

q  application-layer protocol

host, routers, name servers to communicate to resolve names (address/name translation)

v  note: core Internet

function, implemented as application-layer protocol

v  complexity at network’s

“edge”

H. Fauconnier M2-Internet 2

(3)

DNS

DNS services

q  hostname to IP

address translation

q  host aliasing

v  Canonical, alias names q  mail server aliasing

q  load distribution

v  replicated Web servers:

set of IP addresses for one canonical name

Why not centralize DNS?

q  single point of failure

q  traffic volume

q  distant centralized database

q  maintenance doesn’t scale!

(4)

Distributed, Hierarchical Database

Client wants IP for www.amazon.com; 1^st approx:

q  client queries a root server to find com DNS server

q  client queries com DNS server to get amazon.com DNS server

q  client queries amazon.com DNS server to get IP address for www.amazon.com

Root DNS Servers

com DNS servers org DNS servers edu DNS servers poly.edu

DNS servers

umass.edu DNS servers yahoo.com

DNS servers amazon.com DNS servers

pbs.org

DNS servers

(5)

DNS: Root name servers

q  contacted by local name server that can not resolve name

q  root name server:

v  contacts authoritative name server if name mapping not known

v  gets mapping

v  returns mapping to local name server

13 root name servers worldwide

b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA e NASA Mt View, CA

f Internet Software C. Palo Alto, CA (and 36 other locations)

i Autonomica, Stockholm (plus 28 other locations) k RIPE London (also 16 other locations)

m WIDE Tokyo (also Seoul, Paris, SF)

a Verisign, Dulles, VA

c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US DoD Vienna, VA

h ARL Aberdeen, MD j Verisign, ( 21 locations)

(6)

TLD and Authoritative Servers

q 

Top-level domain (TLD) servers:

v  responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp.

v  Network Solutions maintains servers for com TLD

v  Educause for edu TLD

q 

Authoritative DNS servers:

v  organization’s DNS servers, providing

authoritative hostname to IP mappings for organization’s servers (e.g., Web, mail).

v  can be maintained by organization or service provider

(7)

Anycast

q 

Technique d’adressage permettant de router vers la plus « proche » des

destinations

q 

BGP permet en général l’anycast.

q 

Les serveurs racines de DNS sont des clusters qui utilisent anycast

q 

Permet de lutter contre de déni de service (par répartition de la charge)

(8)

Icann

q 

Internet corporation for assigned names and numbers

v  Attribution de noms de domaine et des adresses IP

v  Lié au dns (qui fait l’association des noms aux adresses IP)

v  Sous tutelle du gouvernement US…

v  Icann + DNS -> contrôle de l’internet

v  Des projets alternatifs existent

H. Fauconnier M2-Internet 1-8

(9)

Megaupload

q 

Serveurs à Hong Kong

v  Décision juridique Etats-Unis : empêcher l’accès aux serveurs

•  Les DNS top level ne délivrent plus les adresses IP des serveurs

•  Les serveurs deviennent inaccessibles (par le nom)

nslookup www.megaupload.com

Non-authoritative answer:

Name: www.megaupload.com Address: 107.21.243.42

(10)

Local Name Server

q 

does not strictly belong to hierarchy

q 

each ISP (residential ISP, company, university) has one.

v  also called “default name server”

q 

when host makes DNS query, query is sent to its local DNS server

v  acts as proxy, forwards query into hierarchy

(11)

DNS name

resolution example

q  Host at cis.poly.edu wants IP address for gaia.cs.umass.edu

requesting host

cis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS server

dns.poly.edu

1

2 3

4 5

6

authoritative DNS server dns.cs.umass.edu

8 7

TLD DNS server

iterated query:

❒  contacted server replies with name of server to contact

❒  “I don’t know this name, but ask this server”

(12)

DNS name

resolution example

requesting host

cis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS server

dns.poly.edu

1

2

5 4 6

authoritative DNS server dns.cs.umass.edu

7

8

TLD DNS server

recursive query: 3

❒  puts burden of name resolution on

contacted name server

❒  heavy load?

(13)

DNS: caching and updating records

q  once (any) name server learns mapping, it caches mapping

v  cache entries timeout (disappear) after some time

v  TLD servers typically cached in local name servers

•  Thus root name servers not often visited

q  update/notify mechanisms under design by IETF

v  RFC 2136

v  http://www.ietf.org/html.charters/dnsind-charter.html

(14)

DNS records

DNS: distributed db storing resource records (RR)

q  Type=NS

v  name is domain (e.g.

foo.com)

v  value is hostname of

authoritative name server for this domain

RR format: (name, value, type, ttl)

❒  Type=A

v  name is hostname

v  value is IP address

❒  Type=CNAME

v  name is alias name for some

“canonical” (the real) name

www.ibm.com is really

servereast.backup2.ibm.com

v  value is canonical name

❒  Type=MX

v  value is name of mailserver associated with name

(15)

(compléments)

q 

AAAA record: nom vers IPV6

q 

PTR record: adresse IP vers nom de domaine

q 

SOA record: (start of authority record) informations sur la zone serveur, courrier, durée de vie, expiration…

(16)

DNS protocol, messages

DNS protocol : query and reply messages, both with same message format

msg header

❒  identification: 16 bit # for query, reply to query uses same #

❒  flags:

v  query or reply

v  recursion desired

v  recursion available

v  reply is authoritative

(17)

DNS protocol, messages

Name, type fields for a query

RRs in response to query records for authoritative servers additional “helpful” info that may be used

(18)

Inserting records into DNS

q  example: new startup “Network Utopia”

q  register name networkuptopia.com at DNS registrar (e.g., Network Solutions)

v  provide names, IP addresses of authoritative name server (primary and secondary)

v  registrar inserts two RRs into com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 212.212.212.1, A)

q  create authoritative server Type A record for www.networkuptopia.com; Type MX record for networkutopia.com

q  How do people get IP address of your Web site?

(19)

Attacking DNS

DDoS attacks

q  Bombard root servers with traffic

v  Not successful to date

v  Traffic Filtering

v  Local DNS servers cache IPs of TLD servers,

allowing root server bypass

q  Bombard TLD servers

v  Potentially more dangerous

Redirect attacks

v  Man-in-middle

§  Intercept queries

v  DNS poisoning

§  Send bogus relies to DNS server, which caches

Exploit DNS for DDoS

v  Send queries with spoofed source address: target IP

v  Requires amplification

Application Layer 2-19

(20)

Exemples

q 

Cache poisoing:

v  Spoofing:

•  Alice envoie beaucoup de requêtes vers A pour obtenir IP de www.un.fr

•  Elle envoie aussi des réponses avec IP w.x.y.z en se faisant passer pour un serveur B avec des identifiants aléatoires. -> probabilité non nulle qu’un de ces

identifiants corresponde à celui d’une des requêtes de A

•  Bob demande www.un.fr et obtient w.x.y.z

.

0

(21)

Exemples

q 

A partir du contrôle d’un serveur de nom remplir le cache:

v  Alice demande au serveur A: « empoisonnement- dns.com »

v  A contacte le serveur du domaine empoisonnement-dns.com

v  Serveur du domaine empoisonnement-dns.com répond avec des fausses infos.

(22)

Couche Application

q  2.6 P2P applications

(23)

P2P file sharing

Example

q  Alice runs P2P client application on her notebook computer

q  Intermittently

connects to Internet;

gets new IP address for each connection

q  Asks for “Hey Jude”

q  Application displays other peers that have copy of Hey Jude.

q  Alice chooses one of the peers, Bob.

q  File is copied from Bob’s PC to Alice’s notebook: HTTP

q  While Alice downloads, other users uploading from Alice.

q  Alice’s peer is both a Web client and a

transient Web server.

All peers are servers = highly scalable!

(24)

Pair à pair

q  quelques principes

v  les nœuds offrent des fonctionnalités identiques (pair)

v  volatilité importante (apparition/disparition)

v  grande échelle et dispersion géographique

v  dynamicité importante q  applications

v  partage de fichiers

v  messagerie

v  téléphone (Skype)

v  …

différent du client-serveur

(25)

Partage de fichiers

q 

Communication basée sur deux types de protocoles différents

v  découverte et localisation des fichiers

•  recherche des données

•  mettre en contact deux (ou plusieurs) utilisateurs parmi des millions

v  téléchargement des fichiers

(26)

Découverte-localisation

q 

Base

v  publication des fichiers partagés avec des méta-données

v  découverte des fichiers disponibles

v  localisation des sources à télécharger

v  (En plus

•  identification des doublons

•  détection des fichiers corrompus

•  forums)

(27)

Architecture du réseau

q 

Centralisée: un serveur ou un cluster sur lequel les clients se connectent (Napster)

q 

Décentralisée: il n'y a que des clients (Gnutella)

q 

Faiblement centralisée: des clients et des serveurs (Edonkey)

q 

Hybride: les clients peuvent devenir des serveurs

(28)

P2P: problems with centralized directory

q  Single point of failure

q  Performance bottleneck

q  Copyright

infringement

file transfer is

decentralized, but locating content is highly centralized

(29)

Pure P2P architecture

q  no always-on server

q  arbitrary end systems directly communicate

q  peers are intermittently connected and change IP addresses

q  Three topics:

v  File distribution

v  Searching for information

v  Case Study: Skype

peer-peer

(30)

File Distribution: Server-Client vs P2P

Question : How much time to distribute file from one server to N peers ?

u_s

u₂ d₁

d₂ u₁

u_N d_N

Server

Network (with

abundant bandwidth) File, size F

u_s: server upload bandwidth

u_i: peer i upload bandwidth

d_i: peer i download bandwidth

(31)

File distribution time: server-client

q 

server sequentially sends N copies:

v  NF/u_stime

q 

client i takes F/d

_i

time to download

u_s

u₂ d₁ d₂ u₁

u_N d_N Server

Network (with

abundant bandwidth) F

increases linearly in N (for large N)

= d_cs = max

{

NF/u_s, F/min(d_i)

}

i

Time to distribute F to N clients using client/server approach

(32)

File distribution time: P2P

q  server must send one copy: F/u_stime

q  client i takes F/d_itime to download

q  NF bits must be

downloaded (aggregate)

u_s

u₂ d₁ d₂ u₁

u_N d_N Server

Network (with

abundant bandwidth) F

❒  fastest possible upload rate: u_s +

Σ

^ui

d_P2P = max

{

F/u_s, F/min(d_i) , NF/(u_s +

Σ

^ui)

}

i

(33)

0 0.5 1 1.5 2 2.5 3 3.5

0 5 10 15 20 25 30 35

N

Minimum Distribution Time ^P2P

Client-Server

Server-client vs. P2P: example

Client upload rate = u, F/u = 1 hour, u_s = 10u, d_min ≥ u_s

DNS pair- à- pair début