DNS – pair-à-pair début

Présentation au sujet: "DNS – pair-à-pair début"— Transcription de la présentation:

1 DNS – pair-à-pair début

2 DNS: Domain Name System
People: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 bit) - used for addressing datagrams “name”, e.g., ww.yahoo.com - used by humans Q: map between IP addresses and name ? Domain Name System: distributed database implemented in hierarchy of many name servers application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet function, implemented as application-layer protocol complexity at network’s “edge” H. Fauconnier M2-Internet

3 DNS Why not centralize DNS? DNS services single point of failure
traffic volume distant centralized database maintenance doesn’t scale! DNS services hostname to IP address translation host aliasing Canonical, alias names mail server aliasing load distribution replicated Web servers: set of IP addresses for one canonical name H. Fauconnier M2-Internet

4 Distributed, Hierarchical Database
Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu yahoo.com amazon.com pbs.org Client wants IP for 1st approx: client queries a root server to find com DNS server client queries com DNS server to get amazon.com DNS server client queries amazon.com DNS server to get IP address for H. Fauconnier M2-Internet

5 DNS: Root name servers contacted by local name server that can not resolve name root name server: contacts authoritative name server if name mapping not known gets mapping returns mapping to local name server a Verisign, Dulles, VA c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, ( 21 locations) k RIPE London (also 16 other locations) i Autonomica, Stockholm (plus other locations) e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 36 other locations) m WIDE Tokyo (also Seoul, Paris, SF) 13 root name servers worldwide b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA H. Fauconnier M2-Internet

6 TLD and Authoritative Servers
Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Network Solutions maintains servers for com TLD Educause for edu TLD Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web, mail). can be maintained by organization or service provider H. Fauconnier M2-Internet

7 Anycast Technique d’adressage permettant de router vers la plus « proche » des destinations BGP permet en général l’anycast. Les serveurs racines de DNS sont des clusters qui utilisent anycast Permet de lutter contre de déni de service (par répartition de la charge) H. Fauconnier M2-Internet

8 Icann Internet corporation for assigned names and numbers
Attribution de noms de domaine et des adresses IP Lié au dns (qui fait l’association des noms aux adresses IP) Sous tutelle du gouvernement US… Icann + DNS -> contrôle de l’internet Des projets alternatifs existent H. Fauconnier M2-Internet

9 Megaupload Serveurs à Hong Kong
Décision juridique Etats-Unis : empêcher l’accès aux serveurs Les DNS top level ne délivrent plus les adresses IP des serveurs Les serveurs deviennent inaccessibles (par le nom) nslookup Non-authoritative answer: Name: Address: H. Fauconnier M2-Internet

10 Local Name Server does not strictly belong to hierarchy
each ISP (residential ISP, company, university) has one. also called “default name server” when host makes DNS query, query is sent to its local DNS server acts as proxy, forwards query into hierarchy H. Fauconnier M2-Internet

11 DNS name resolution example
root DNS server 2 Host at cis.poly.edu wants IP address for gaia.cs.umass.edu 3 TLD DNS server 4 5 iterated query: contacted server replies with name of server to contact “I don’t know this name, but ask this server” local DNS server dns.poly.edu 7 6 1 8 authoritative DNS server dns.cs.umass.edu requesting host cis.poly.edu gaia.cs.umass.edu H. Fauconnier M2-Internet

12 DNS name resolution example
requesting host cis.poly.edu gaia.cs.umass.edu root DNS server local DNS server dns.poly.edu 1 2 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server 3 recursive query: puts burden of name resolution on contacted name server heavy load? H. Fauconnier M2-Internet

13 DNS: caching and updating records
once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers Thus root name servers not often visited update/notify mechanisms under design by IETF RFC 2136 H. Fauconnier M2-Internet

14 RR format: (name, value, type, ttl)
DNS records DNS: distributed db storing resource records (RR) RR format: (name, value, type, ttl) Type=A name is hostname value is IP address Type=CNAME name is alias name for some “canonical” (the real) name is really servereast.backup2.ibm.com value is canonical name Type=NS name is domain (e.g. foo.com) value is hostname of authoritative name server for this domain Type=MX value is name of mailserver associated with name H. Fauconnier M2-Internet

15 (compléments) AAAA record: nom vers IPV6
PTR record: adresse IP vers nom de domaine SOA record: (start of authority record) informations sur la zone serveur, courrier, durée de vie, expiration… H. Fauconnier M2-Internet

16 DNS protocol, messages DNS protocol : query and reply messages, both with same message format msg header identification: 16 bit # for query, reply to query uses same # flags: query or reply recursion desired recursion available reply is authoritative H. Fauconnier M2-Internet

17 DNS protocol, messages Name, type fields for a query RRs in response
to query records for authoritative servers additional “helpful” info that may be used H. Fauconnier M2-Internet

18 Inserting records into DNS
example: new startup “Network Utopia” register name networkuptopia.com at DNS registrar (e.g., Network Solutions) provide names, IP addresses of authoritative name server (primary and secondary) registrar inserts two RRs into com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, , A) create authoritative server Type A record for Type MX record for networkutopia.com How do people get IP address of your Web site? H. Fauconnier M2-Internet

19 Attacking DNS DDoS attacks Bombard root servers with traffic
Not successful to date Traffic Filtering Local DNS servers cache IPs of TLD servers, allowing root server bypass Bombard TLD servers Potentially more dangerous Redirect attacks Man-in-middle Intercept queries DNS poisoning Send bogus relies to DNS server, which caches Exploit DNS for DDoS Send queries with spoofed source address: target IP Requires amplification Application Layer

20 Exemples Cache poisoing: Spoofing: .
Alice envoie beaucoup de requêtes vers A pour obtenir IP de Elle envoie aussi des réponses avec IP w.x.y.z en se faisant passer pour un serveur B avec des identifiants aléatoires. -> probabilité non nulle qu’un de ces identifiants corresponde à celui d’une des requêtes de A Bob demande et obtient w.x.y.z . H. Fauconnier M2-Internet

21 Exemples A partir du contrôle d’un serveur de nom remplir le cache:
Alice demande au serveur A: « empoisonnement-dns.com » A contacte le serveur du domaine empoisonnement-dns.com Serveur du domaine empoisonnement-dns.com répond avec des fausses infos. H. Fauconnier M2-Internet

22 Couche Application 2.6 P2P applications H. Fauconnier M2-Internet

23 P2P file sharing Alice chooses one of the peers, Bob.
File is copied from Bob’s PC to Alice’s notebook: HTTP While Alice downloads, other users uploading from Alice. Alice’s peer is both a Web client and a transient Web server. All peers are servers = highly scalable! Example Alice runs P2P client application on her notebook computer Intermittently connects to Internet; gets new IP address for each connection Asks for “Hey Jude” Application displays other peers that have copy of Hey Jude. H. Fauconnier M2-Internet

24 Pair à pair quelques principes applications
les nœuds offrent des fonctionnalités identiques (pair) volatilité importante (apparition/disparition) grande échelle et dispersion géographique dynamicité importante applications partage de fichiers messagerie téléphone (Skype) … différent du client-serveur H. Fauconnier M2-Internet

25 Partage de fichiers Communication basée sur deux types de protocoles différents découverte et localisation des fichiers recherche des données mettre en contact deux (ou plusieurs) utilisateurs parmi des millions téléchargement des fichiers H. Fauconnier M2-Internet

26 Découverte-localisation
Base publication des fichiers partagés avec des méta-données découverte des fichiers disponibles localisation des sources à télécharger (En plus identification des doublons détection des fichiers corrompus forums) H. Fauconnier M2-Internet

27 Architecture du réseau
Centralisée: un serveur ou un cluster sur lequel les clients se connectent (Napster) Décentralisée: il n'y a que des clients (Gnutella) Faiblement centralisée: des clients et des serveurs (Edonkey) Hybride: les clients peuvent devenir des serveurs H. Fauconnier M2-Internet

28 P2P: problems with centralized directory
Single point of failure Performance bottleneck Copyright infringement file transfer is decentralized, but locating content is highly centralized H. Fauconnier M2-Internet

29 Pure P2P architecture no always-on server
arbitrary end systems directly communicate peers are intermittently connected and change IP addresses Three topics: File distribution Searching for information Case Study: Skype peer-peer H. Fauconnier M2-Internet

30 File Distribution: Server-Client vs P2P
Question : How much time to distribute file from one server to N peers? us: server upload bandwidth Server ui: peer i upload bandwidth u1 d1 u2 d2 us di: peer i download bandwidth File, size F dN Network (with abundant bandwidth) uN H. Fauconnier M2-Internet

31 File distribution time: server-client
server sequentially sends N copies: NF/us time client i takes F/di time to download F u2 u1 d1 d2 us Network (with abundant bandwidth) dN uN = dcs = max { NF/us, F/min(di) } i Time to distribute F to N clients using client/server approach increases linearly in N (for large N) H. Fauconnier M2-Internet

32 File distribution time: P2P
Server server must send one copy: F/us time client i takes F/di time to download NF bits must be downloaded (aggregate) F u2 u1 d1 d2 us Network (with abundant bandwidth) dN uN fastest possible upload rate: us + Sui dP2P = max { F/us, F/min(di) , NF/(us + Sui) } i H. Fauconnier M2-Internet

33 Server-client vs. P2P: example
Client upload rate = u, F/u = 1 hour, us = 10u, dmin ≥ us H. Fauconnier M2-Internet