DNS DNS DOMAIN NAME SYSTEM by wuyunqing

VIEWS: 67 PAGES: 26

									                                      DNS

                           DOMAIN NAME SYSTEM

      O DNS (Domain Name System) é um serviço de resolução de nomes.
Embora cada programa pudesse referir os utilizadors por números é difícil para
os humanos terem presente em memória todos os endereços que pretendem
utilizar. No caso dos endereços IP o facto de estaem organizados em grupos
de números xxx.yyy.zzz.hhh mesmo assim torna-se inconveniente utilizar um
endereço de mail eu@85.123.34.42. Se por acaso o endereço do servidor de
mail é alterado o mail também o é. Torna-se assim necessário a existência de
uma tabela de conversão de nomes em endereços de modo a poder
desarticular as duas referências.

      No início da ARPANET havia um ficheiro hosts.txt com o nome de todos
os utilizadores e seus endereços IP. Ao fim do dia todos os equipamentos
utilizadores iriam buscar este ficheiro para actualizar os seus. Este método
funciona relativamente bem para redes com o máximo de uma centena de
máquinas.

      Com o aumento do número de máquinas ligadas procurou-se adoptar
outro método, não só devido à dimensão dos ficheiros mas também porque
diversas subredes poderiam atribuir endereços cujos nomes entrariam em
conflito, o que obrigaria a uma gestão centralizada de nomes. Surge assim o
DNS.

      O DNS, Domain Name System, é um esquema hierárquico de
mapeamento de nomes numa base de dados distribuída. Embora a utilidade
principal do DNS seja a da atribuição de nomes das máquinas e dos endereços
de e-mail também pode ser utilizado para outro tipo de informação. Está
definido nos RFCs 1034 e 1035.

      De um modo simples pode-se dizer que o DNS funciona da seguinte
forma: Para mapear um nome ao seu endereço IP correspondente a aplicação
evoca um procedimento da biblioteca (library) chamado resolver tendo o dito


Vítor Vaz da Silva                                                         H-1
nome como parâmetro. O resolver ( gethostbyname() ) envia um pacote UDP
para o servidor DNS local que procura na tabela e devolve um endereço IP ao
resolver, e este por sua vez entrega-o ao processo cliente que estabelece
contacto com o destinatário usando pacotes TCP ou UDP.


      Domain Name Space

      Encontramos como um bom exemplo de atribuição de nomes a
experiência que os correios têm na entrega de cartas. Pessoas distintas com o
mesmo nome, em ruas com o mesmo nome, em localidades diferentes têm a
sua correspondência bem encaminhada. Este método de endereçamento
hierárquico funciona muito bem e em poucas linhas nome, rua, localidade, país
determina qualquer pessoa que vive numa habitação numa zona urbanizada. O
equivalente ao país é na Internet o top-level domain com mais de 200. Cada
domínio destes está subdividido em vários subdomínios e estes noutros e
assim sucessivamente. Podemos representar esta distribuição, como também
a dos correios, numa árvore. As folhas das árvores representam domínios sem
subdomínios e podem conter um ou mais hosts.


                                                                pt




Vítor Vaz da Silva                                                        H-2
      O top-level domain pode conter dois tipos de domínios, os genéricos e os
de países. Os genéricos (gTLD - generic Top Level Domain) são os seguintes:

         arpa — (advance research projects agency) – Address and Routing
             Parameter Area
         com — comercial
         edu — estabelecimentos comerciais (primarily US)
         gov — governo dos EUA
         net —infrastructura de rede
         org — outras organizações que não se enquadram nas restantes
             gTLDs
         mil — serviços militares dos EUA


      Para os países existe uma notação de duas letras (ex: Portugal Pt, Brasil
Br) e estão definidos no ISSO 3166.
      Foram introduzidos depois do ano 2000 mais outros domínios na raiz
         aero — industria aeronáutica
         biz — businesses, negócios
         coop — coperativas
         info — informação sem restrições (unrestricted use)
         museum — museus
         name — individuais
         pro — profissionais


      Há uma série de LLDs reservados pela RFC 2606 para que não seja
possível encontrar esses domínios a partir da raiz.
      reserves the following four top-level domain names for various purposes,
with the intention that these should never become actual TLDs in the global
DNS:
            example — reservado para uso em exemplos
            invalid — reservado para uso em domínios não válidos
            localhost — reservado para evitar confusão com o termo localhost



Vítor Vaz da Silva                                                          H-3
            test — reservado para uso em testes


      Os nomes de domínio podem ser relativos ou absolutos. Os nomes
absolutos terminam sempre com um ponto (. dot), (ex: sapo.pt. ). Os nomes
relativos têm de ser vistos dentro de um determinado contexto (ex: meu.blog =
meu.blog.sapo.pt. )
      É indiferente a utilização de letras maiúsculas ou minúsculas na atribuição
dos nomes.
      Há domínios que podem estar duplicados por exemplo cc.yale.edu é
idêntico a cc.yale.ct.us, o que acontece frequentemente por estarem nos EUA.
á também organizações multinacionais que têm diversos domínios registados,
como é o caso da sony.com, sony.nl.
      Cada país faz a sua organização, por exemplo a Holanda coloca tudo sob
o nl, como o caso de Portugal pt, porém o Brasil utiliza uma distribuição que
imita o top-level domain (sombrasil.ig.com.br).
      Para se registar um nome tal tem de ser pedido ao registar do domínio,
por exemplo (edu, com, pt, br, com.br). Depois os subdomínios são atribuídos
responsavelmente pelo detentor do domínio sem ter de ir ao registar da raiz.
Deste modo os ISP portugueses como o caso do clix, sapo, netcabo, e outros
podem aceitar os nomes que bem entenderem escolhidos pelos seus clientes
sem que seja necessária qualquer aprovação por uma instância superior. Pode
também haver repetições de nomes sem qualquer confusão, por exemplo
zecabra.no.sapo.pt e zecabra.netcabo.pt.
      A organização em domínios nada tem a ver com a distribuição espacial
física, podendo assim coexistirem no mesmo local máquinas com domínios
diferentes e pertencendo ao mesmo domínio de outras noutros lugares do
mundo.


      Resource Records


      Todos os domínios, quer sejam de uma única máquina ou um dos da raiz
podem ter um conjunto de resource records associado. Para o caso de uma
única máquina, o registo resource records apenas tem o endereço IP da



Vítor Vaz da Silva                                                            H-4
máquina. Quando um resolver dá um nome a um servidor DNS obtém os
resource records associados com esse nome. Assim, a função primária do
DNS é a de mapear nomes de domínio a um registo de recursos.
      Um registo de recursos é uma tabela com 5 colunas. Estão codificadas em
binário por uma questão de eficiência, e são representadas em ASCII para se
poder compreender.
           Domain_Name             Time_to_Live     Class        Type    Value

      Domain_Name – indica o domínio a que se refere o registo. Podem haver
diversas entradas com o mesmo nome de domínio. A ordem pela qual está
escrita a tabela não tem qualquer importância. É este o nome que o DNS vem
procurar.

      Time_to_Live – Dá uma indicação da estabilidade do valor da entrada
correspondente. No caso do domínio correspondente ser muito estável, o valor
pode ser grande, 86400 (o número de segundos num dia). Informação volátil
pode ter valores como 60 segundos. Este campo é utilizado pela cach que será
explicada mais à frente.

      Class – No caso da Internet este valor é sempre IN, e toma outros valores
para informação que não pertence à Internet.

      Type – Indica o tipo de registo. Ao tipo está associado o campo seguinte
de Value que contém valores necessários para o tipo re registo assinalado.
Existem os seguintes tipos:


     TYPE                   Significado                         VALUE
SOA                  Start of Authority     Parâmetros
A                    IP address of a host   Inteiro a 32 bits
MX                   Mail Exchange          Prioridade, domínio_e_mail
NS                   Name Server            Nome do servidor para este domínio
CNAME                Canonical name         Nome do Domínio
PTR                  Pointer                Alias para um endereço IP
HINFO                Host description       CPU e Sistema Operativo, em ASCII
TXT                  Text                   Comentário



Vítor Vaz da Silva                                                               H-5
        SOA – Contém o nome da fonte primária de informação do servidor de
zona (explicado mais à frente), o endereço de mail do administrador, um
número de série único, algumas flags e timeouts.

        A – Este é o valor pretendido quando se quer saber o endereço IP de uma
determinada máquina neste domínio. Uma máquina pode ter mais do que um
endereço IP o que se reflecte aqui com tantas entradas quantos os endereços
IP que tiver. Nesta situação, oDNS pode ser configurado para responder com
um endereço diferente de cada vez que se recebe um pedido do resolver com
o mesmo nome. Este é o tipo de registo mais importante da tabela.

        MX – É o segundo tipo de registo mais importante. Especifica o nome do
host preparado para receber mail para o domínio especificado. Isto é
necessário porque nem todas as máquinas estão preparadas para receber e-
mail.

        NS – Especifica o name server que está acima hierarquicamente caso
este não tenha a informação pretendida.

        CNAME – É um modo de criar aliases. Por exemplo para enviar mail para
o marius no ISR pode enviar-se assim marius@isr.ist.pt, contudo o endereço
correcto é marius@dsor.isr.ist.utl.pt. Facilita assim o envio de mail sem que o
remetente saiba exactamente o endereço correcto do destinatário e apenas a
empresa em que trabalha.

        PTR – É idêntico ao CNAME mas neste caso associado a um endereço IP
físico. Pode ser utilizado de um modo indirecto para obter o endereço IP de
uma máquina e depois devolver o nome correcto dessa máquina que
entretanto está com uma entrada A. Esta procura inversa tem o nome de
reverse lookups.

        HINFO – Permite saber informação acerca da máquina a que corresponde
o domínio.

        TXT – É utilizado como uma identificação própria, serve de comentário e
este valor não é essencial, tal como o HINFO, nem todos os programas os


Vítor Vaz da Silva                                                          H-6
procuram nem tem de haver uma resposta a um pedido para este tipo de
informação.

       Apresenta-se um exemplo hipotético para o domínio cs.vu.nl




       As primeiras entradas nesta tabela são a identificação do domínio e seu
administrador. Seguem-se duas entradas que indicam os servidores de mail
que devem ser tentados pela prioridade apresentada. Se for recebido um mail
para     pessoa@cs.vu.nl,   o   mail   será   encaminhado   para    a   máquina
zephyr.cs.vu.nl e caso esta não esteja disponível encaminha-se para a
top.cs.vu.nl

       Segue-se a máquina flits com dois endereços IP e três possíveis
servidores de mail.

       A linha seguinte é um alias para a página www.cs.vu.nl de modo que o
servidor pode alterar sem que essa mudança se reflita em todos os que já




Vítor Vaz da Silva                                                          H-7
conhecem o endereço. Tanto o servidor de web como o de ftp estão nas
máquinas indicadas pelo alias.

      Segue-se a entrada para uma workstation rowboat, e a de uma máquina
que não pode receber e-mail directamente, a little-sister, e por fim uma
impressora de rede.

      A informação que não está neste ficheiro e que se encontra noutro é a dos
endereços IP dos servidores de nomes para este domínio, hierarquicamente
acima, e como não pertencem ao domínio cs.vu.nl, não se encontram aí.

      Essa informação está nos root servers cujos endreços IP estão presentes
num ficheiro de configuração e que é introduzido na cache do DNS quando o
servidor é iniciado a partir do boot. Há cerca de 13 root-servers e basta saber o
endereço de um que esse sabe o endereço dos outros e a partir daí qualquer
endereço IP na Internet pode ser conhecido.


      Name Servers

      Teoricamente bastaria um único root-server para dar os endereços IP,
mas como há a possibilidade das máquinas e ligações falharem bem como
todo o peso do tráfego dirigido a uma única máquina o espaço de nomes é
dividido em zonas que não se intersectam. As zonas podem ser divididas de
modo a conter parte da árvore e alguns name-servers que contêm informação
dessa zona. Um exemplo encontra-se na figura seguinte.




Vítor Vaz da Silva                                                            H-8
      Cada zona contém normalmente um primary name server que tem a
informação em disco, e um secondary name server que obtem a informação do
primary name-server. O name-server secundário ou outros podem situar-se
fora da zona por uma questão de fiabilidade.
      Os limites de zona ficam sob a responsabilidade do administrador. Na
figura apresentada, na universidade de Yale o name-server yale.edu serve
yale.edu e eng.yale.edu e o departamente de ciências da computação
cs.yale.edu tem o seu próprio servidor de nomes e enquadra-se assim numa
outra zona.
      Quando um resolver interroga acerca de um nome de domínio um dos
servidores locias responde. Se o domínio procurado enquadra-se dentro do
domínio do name-server, é devolvido o authoritative resource record. Por
exemplo a procura do domínio de ai.cs.yale.edu pertence a cs.yale.edu e é
devolvido o registo correspondente.
      O registo authoritative é aquele que é gerido directamente pela
administração e por isso está sempre correcto. Os outros que não são
authoritative pertencem à cache e podem por isso estar desactualizados.
      No caso do domínio pretendido ser remoto e não haver informação acerca
dele localmente, o o name server envia um pedido para o top-level name server
do domínio pretendido. Por exemplo o flits.cs.vu.nl quer saber o endereço IP de
linda.cs.yale.edu. Então o pedido segue o trajecto da figura até chegar a
cs.yale.edu que responde com o authoritative resource record. À medida que a
resposta segue o caminho de volta, ela é colocada em cache de tal modo que
se houver mais algum pedido para o mesmo endereço IP, é devolvido o da
cache. Contudo, esse valor pode mudar, por isso é que é atribuído a cada valor
de cache um tempo de vida time_to_live, para assegura que alterações
efectuadas pelo adiministrador nas entradas authoritative, acabam por serem
sentidas mais tarde por aqueles que pretendem aceder às máquinas desse
domínio.




        o ver http://www.juliobattisti.com.br/artigos/windows/tcpip_p8.asp


Vítor Vaz da Silva                                                           H-9
There are currently 13 root name servers, with names in the form ?.ROOT-SERVERS.NET where ? runs
from A to M, namely:


     old name                 operator             location

A ns.internic.net    VeriSign                 Dulles, VA

B ns1.isi.edu        ISI                      Marina Del Rey, CA

C c.psi.net          Cogent                   Herndon, VA

D terp.umd.edu       University of Maryland   College Park, MD

E ns.nasa.gov        NASA                     Mountain View, CA

F ns.isc.org         ISC                      Palo Alto, CA

G ns.nic.ddn.mil     U.S. DoD NIC             Vienna, VA

H aos.arl.army.mil U.S. Army Research Lab Aberdeen, MD

I nic.nordu.net      Autonomica               Stockholm

J                    VeriSign                 Dulles, VA

K                    RIPE                     London

L                    ICANN                    Los Angeles

M                    WIDE Project             Tokyo




      Sistema de nomes de domínios ()
      1. Estrutura de nomes
      2. Nomes no domínio Internet



Vítor Vaz da Silva                                                                           H-10
        3. Nomes de domínios versus endereços
        4. Resolução de nomes de domínios
         5. Translação eficiente
         6. Caching: chave para a eficiência
         7. Formato das mensagens do DNS
         8. Formato dos nomes comprimidos


        53/tcp DNS Domain Name Server e 53/udp




                               Distributed database


A 'distributed database' is a database that is under the control of a central database management system
in which storage devices are not all attached to a common CPU. It may be stored in multiple computers
located in the same physical location, or may be dispersed over a network of interconnected computers.




                         Uniform Resource Locator

A 'Uniform Resource Locator', 'URL' (pronounced as "earl" ( SAMPA: @rl?) or spelled out), or 'web
address', is a standardized address for some resource (such as a document or image) on the Internet.
First created by Tim Berners-Lee for use on the World Wide Web, the currently used forms are detailed by
IETF standard RFC 2396 (1998).


The URL was a fundamental innovation in the history of the Internet. It combines into one simple address
the four basic items of information necessary to find a document anywhere on the Internet:


        The protocol to use to communicate with that machine
        The machine or domain name to go to
        An open network port on the target machine connected to some service
        The path or file name on that machine


A typical simple URL can look like:


http://www.wikipedia.org:80/wiki


where




Vítor Vaz da Silva                                                                                  H-11
         http specifies which protocol to use.
         //www.wikipedia.org specifies the domain name to contact.
         80 specifies the network port number of the remote machine. Under most circumstances, this
          portion may be omitted entirely. In the case of the http protocol the default value is 80.
         /wiki is the request path on the specified system.


Most web browsers do not require the user to enter "http://" to go to a web page. One usually just enters
the page name (without the slashes) such as www.wikipedia.org/wiki/Train. To go to the homepage one
usually just enters the domain name such as www.wikipedia.org. Sometimes, and also in this case, "www."
can be omitted: wikipedia.org.


Note that in www.wikipedia.org/wiki/Train the hierarchical order of the five elements is org - wikipedia -
www - wiki - Train, i.e. before the first slash from right to left, then the rest from left to right.


GET: Query Strings

HTTP URLs can also contain additional elements, like a query string (placed after the path and separated
from it by a question mark (?)) containing information from a HTML form with method=get, or a name tag
(placed after the path and separated from it by a sharp mark (#)) giving the location within a hypertext
page to display. FTP URLs often contain a port number.


examples: http://www.wikipedia.org/w/wiki.phtml?title=Train&action=history
http://www.wikipedia.org/wiki/Train#Model_railways


The Big Picture

URLs are one type of URI.


The term URL is also used outside the context of the World Wide Web. Database servers specify URLs as
a parameter to make connections to it. Similarly any Client-Server application following a particular
protocol may specify a URL format as part of its communication process.


Example of a database URL : jdbc:datadirect:oracle://myserver:1521;sid=testdb


If a webpage is uniquely defined by a URL it can be linked to (see also deep linking). This is not always the
case, e.g. a menu option may change the contents of a frame within the page, without this new
combination having its own URL. A webpage may also depend on temporarily stored information. If the
webpage or frame has its own URL, this is not always obvious for someone who wants to link to it: the
URL of a frame is not shown in the address bar of the browser, and a page without address bar may have
been produced. The URL may be derivable from the source code and/or "properties" of various
components of the page. See also Webpage#URL.


Apart from the purpose of linking to a page or page component, one may want to know the URL to show
the component alone, and/or to lift restrictions such as a browser window without toolbars, and/or of a
small non-adjustable size.



Vítor Vaz da Silva                                                                                         H-12
Case-sensitivity

URLs in general are case-sensitive. For some URLs and parts of URLs this is not the case.



                                           IP address

The Internet protocol (IP) knows each logical host interface by a number, the so-called 'IP address'. On
any given network, this number must be unique among all the host interfaces that communicate through
this network. Users of the Internet usually use a domain name instead of a numerical IP address.


The IP address of someone browsing the world wide web is known to the server of the web site. Also it is
usually in the header of email messages one sends. Depending on one's Internet connection the IP
address can be the same every time, a 'static IP address', or different per session (but the first part being
the same each time): a 'dynamic IP address'.


Internet addresses are needed not only for unique enumeration of host interfaces, but also for routing
purposes, therefore a high fraction of them is always unused. As there are only a limited number of 32-bit
IP addresses currently available to be allocated, with rising demand for new devices, including personal
communicators for up to 6 billion people world-wide, there is a real prospect of the world running out of IP
addresses.


A number of measures have been taken to conserve the existing IPv4 address space (such as CIDR and
the use of NAT and DHCP), but there is a general consensus that the Internet is going to have to upgrade
its addressing scheme to the longer 128-bit IPv6 addressing scheme sometime in the next 5 to 15 years.


IP version 4

In ' IPv4', the current standard protocol for the Internet, IP addresses consist of 32 bits, which makes for
4,294,967,296 (over 4 US billion) unique host interface addresses in theory. In practice the address space
is sparsely populated due to routing issues, so that there is some pressure to extend the address range via
IP version 6 (see below).


IPv4 addresses are commonly expressed as a dotted quad, four octets (8 bits) separated by periods. The
host known as www.wikipedia.org currently has the number 3482223596, written as 207.142.131.236.
(Resolving the name "www.wikipedia.org" to its associated number is handled by DNS.)


A range of consecutive IP addresses (also called a netblock or subnet) can be specified in various ways.
An older method uses a network number (a dotted quad, e.g. 130.94.122.199) together with a netmask
(another dotted quad, for example 255.255.255.240) which in binary notation consists of a series of 1's
followed by a series of 0's. Here the netblock is comprised of all the addresses, that, when binary ANDed
with the netmask, result in the network number; 64.78.205.192 through 64.78.205.207 in our example.


A shorter form, known as CIDR notation, gives the network number followed by a slash and the number of
'one' bits in the binary notation of the netmask (i.e. the number of relevant bits in the network number).



Vítor Vaz da Silva                                                                                        H-13
Using this notation, the netblock above could be referred to as 130.94.122.199/28 or as the
130.94.122.192/28 prefix.


The actual assignment of an address is not arbitrary. An organization, typically an Internet service provider,
requests an assignment of a netblock from a registry such as ARIN (American Registry for Internet
Numbers). The network number comprises a range of addresses which the organization is free to allocate
as they wish. An organization that has exhausted a significant part of its allocated address space, can
request another netblock.


For example, ARIN has allocated the addresses 64.78.200.0 through 64.78.207.255 to Verado, Inc. In turn,
Verado has allocated the addresses 64.78.205.0 through 64.78.205.15 to Bomis. Bomis, in turn, has
assigned the specific address 64.78.205.6 to the host interface that is named www.wikipedia.com.


Some private IP address space has been allocated via RFC 1918. This means the addresses are available
for any use by anyone and therefore the same RFC 1918 IP addresses can be reused. However they are
not routeable on the internet. They are used extensively due to the shortage of registerable addresses and
therefore Network address translation is required to connect those networks to the internet.


IP version 5

What would be considered as IPv5 existed only as an experimental non-IP real time streaming protocol
called ST2 described in RFC 1819. This protocol was abandoned in favour for RSVP.


IP version 6

In ' IPv6', the new (but not yet widely deployed) standard protocol for the Internet, addresses are 128 bits
wide, which, even with generous assignment of netblocks, should suffice for the foreseeable future. This
big address space will be sparsely populated, which makes it possible to again encode more routing
information into the addresses themselves.


A version 6 address is written as eight 4-digit hexadecimal (16-bit) numbers separated by colons. One
string of zeros per address may be left out, so that 1080::800:0:417A is the same as
1080:0:0:0:0:800:0:417A


Global unicast IPv6 addresses are constructed as two parts: a 64-bit routing part followed by a 64-bit host
identifier.


Netblocks are specified as in the modern alternative for IPv4: network number, followed by a slash, and
the number of relevant bits of the network number (in decimal). Example: 12AB::CD30:0:0:0:0/60 includes
all addresses starting with 12AB00000000CD3.


IPv6 has many other improvements over IPv4 than just bigger address space, including autorenumbering
and mandatory use of IPSec.




Vítor Vaz da Silva                                                                                        H-14
Further reading: Internet RFCs including RFC 791 , RFC 1519 (IPv4 addresses), and RFC 2373 (IPv6
addresses).


See also:


        MAC address
        Subnet address



                                                  IPSec

'IPSec' (abbreviation of 'IP security') is a standard for securing internet protocol communications by
encrypting and authenticating all IP packets.


IPSec is a protocol suite (ie, a set of protocols) consisting of (1) protocols for securing packet flows, and (2)
of key exchange protocols used for setting up those secure flows. Of the former there are two:
Encapsulating Security Payload (ESP) for encrypting packet flows, and the rarely used Authentication
Header (AH) which provides authentication and message integrity guarantees for such flows, but does not
offer confidentiality. See Information security for definitions of these terms. Currently only one key
exchange protocol is defined, the IKE protocol.


IPSec is required as a part of IPv6, the new IETF Internet standard for Internet Protocol (IP) packet traffic,
and is optional for use with IPv4. As a result, IPSec is expected to become more widely deployed as IPv6
becomes more popular.


IPSec protocols operate at layer 3 of the OSI model, which makes them suitable for protecting UDP-based
protocols when used alone. The down side is that compared with transport-layer protocols, such as SSL,
the IPSec protocols need to deal with reliability and fragmentation issues, which is usually done at the
(higher level) TCP layer.


IPSec was intended to provide either (1) portal-to-portal communications security in which security of
packet traffic is provided to several machines (even whole LANs) by a single node, or (2) end-to-end
security of packet traffic in which the endpoint computers do the security processing. It can be used to
construct Virtual Private Networks in either mode, and this is the dominant use. Note, however, that
security implications are quite different between the two operational modes.


End-to-end communication security on an Internet-wide scale has been slower to develop than many had
expected. Part of the reason is that no universal, or universally trusted, public key infrastructure has
emerged ( DNSSEC was originally envisioned for this), part is that many users understand neither their
needs nor the available options well enough to force inclusion in vendor product (and so widespread
adoption), and part is probably due to degradation (or anticipated degradation) of Net responsivity due to
bandwidth loss from such things as spam.


The Free S/WAN project has developed an open source implementation of IPSec for GNU/Linux. IPSec is
included in the 2.6 Linux kernel and so will be widely available as GNU/Linux distributions change over to
2.6. Development of the Free S/WAN project was discontinued in March 2004.



Vítor Vaz da Silva                                                                                         H-15
IPSec is also bundled with newer versions of Microsoft Windows, as well as several commercial flavors of
Unix, e.g. Solaris.


IPSec protocols are defined by RFCs 2401-2409; currently ( 2003) these documents are slowly being
replaced by newer versions.



                                    Top-level domain

Internet domain names consist of parts separated by periods; the last part is the 'top-level domain' or 'TLD'.
For example, in the domain name wikipedia.org the top-level domain is org (or ORG, as domain names
are not case-sensitive).


Two kinds of top-level domains exist. A 'country code top-level domain' (ccTLD) is used by a country or a
dependent territory and is two letters long, for example jp for Japan). A 'generic top-level domain' (gTLD) is
three or more letters long and is used (at least in theory) by a particular class of organizations (for example,
com for commercial organizations). Most gTLDs are available for use worldwide, but for historical reasons
gov and mil are restricted to the government and military of the USA respectively.


See also: List of Internet TLDs.


Country code top-level domains

There are over 240 ccTLDs: see List of Internet TLDs and http://www.iana.org/cctld/cctld-whois.htm . Most
ccTLDs correspond to the two-letter ISO 3166-1 country codes, but there are several differences,
explained below.


Each country appoints managers for its ccTLD and sets the rules for allocating domains. Some countries
allow anyone in the world to acquire a domain in their ccTLD, for example Armenia ( am), Austria ( at)
Cocos Islands ( cc), Germany ( de), Niue ( nu), Samoa ( ws), Tonga ( to), Turkmenistan ( tm) and Tuvalu
( tv). This has resulted in the domain names I.am, start.at and go.to.


Other countries or dependent territories allow only residents to acquire a domain in their ccTLD, for
example Canada ( ca) and Mongolia ( mn).


ISO 3166-1 codes not used as ccTLDs

The codes eh and kp, although theoretically available as ccTLDs for Western Sahara and North Korea,
have never been assigned and do not exist in DNS.


The new codes tl ( East Timor), cs ( Serbia and Montenegro) and ax ( Ŭand Islands) are not yet used as
ccTLDs.




Vítor Vaz da Silva                                                                                        H-16
The ccTLDs for the Norwegian territories Bouvet Island ( bv) and Svalbard ( sj) do exist in DNS, but no
subdomains have been assigned.


Very few (if any) sites use gb ( United Kingdom) and no new registrations are being accepted for it. Sites
in the UK use uk.


ccTLDs not in ISO 3166-1

Eight ccTLDs currently remain in use despite not being ISO 3166-1 two-letter codes:


        ac ( Ascension Island), gg ( Guernsey), im ( Isle of Man) and je ( Jersey): these codes came
         from IANA's decision in 1996 to allow the use of codes reserved in the ISO 3166-1 alpha-2
         reserve list for use by the Universal Postal Union. The decision was later reversed, and only
         these four ccTLDs were assigned under this rule.
        su (the obsolete ISO 3166-1 code for Soviet Union; the su managers stated in 2001 they will
         commence accepting new su registrations, but it is unclear whether this action is compatible with
         ICANN policy)
        tp (the previous ISO 3166-1 code for East Timor)
        uk ( United Kingdom; this dates back to the early days of the Internet before the policy of using
         ISO 3166-1 codes had been settled)
        yu ( Serbia and Montenegro; the previous ISO 3166-1 code for Yugoslavia)


Other ccTLDs

On September 25, 2000, ICANN decided to allow the use of any two-letter code in the ISO 3166-1 reserve
list that is reserved for all purposes. Only eu (for the European Union) currently meets this criterion.
Following a decision by the EU's Council of Telecommunications Ministers in March 2002, progress has
been slow, but a registry (named EURid) has been appointed, and criteria for allocation set: the current
estimate is that the eu ccTLD will be open for registrations in late 2004/early 2005.


Generic top-level domains

When top-level domains were first implemented, in January 1985, there were seven:
        arpa — (see below)                                          net — network infrastructure
        com — commercial                                            org — other organizations not clearly
        edu — educational establishments                             falling within the other gTLDs
         (primarily US)                                              mil — US military
        gov — US government
The com, net and org gTLDs, despite their original different purposes, are now in practice open for use by
anybody.




Vítor Vaz da Silva                                                                                         H-17
The arpa TLD was intended to be a temporary measure to facilitate the transition to the Domain Name
System. However, removing it completely proved to be impractical, because in-addr.arpa is used for
reverse DNS lookup for IPv4 addresses, so it has been retained for Internet-infrastructure purposes. The
arpa TLD no longer has any connection with the ARPANET, and now officially stands for "Address and
Routing Parameter Area".


Originally, it was intended that new infrastructure databases be created in int (see below), with a view to
eventually deleting arpa. However, in May 2000 that policy was reversed, and it was decided that arpa
should be retained for this purpose, and int should be retained solely for the use of international
organizations. IANA considers arpa to be an infrastructure domain rather than a generic domain.


In November 1988, another gTLD was introduced:


        int — international organizations established by treaty (although it is also used for some Internet
         infrastructure databases, such as ip6.int, the IPv6 equivalent of in-addr.arpa).


This TLD was introduced in response to NATO's request for a domain name which adequately reflected its
character as an international organization -- see discussion of nato below. In May 2000, the Internet
Architecture Board proposed to close the int domain to new infrastructure databases. All future such
databases would be created in arpa, and existing ones would move to arpa wherever feasible.


By the mid- 1990s there was pressure for more gTLDs to be introduced. Jon Postel, as head of IANA,
invited applications from interested parties http://www.gtld-mou.org/gtld-discuss/mail-archive/00990.html .
In early 1995, Postel created "Draft Postel", an Internet draft containing the procedures to create new
domain name registries and new TLDs. Draft Postel created a number of small committees to approve the
new TLDs. Because of the increasing interest, an number of large organizations took over the process
under the Internet Society's umbrella. This second attempt involved the setting up of a temporary
organization called the International Ad Hoc Committee (IAHC). On 4 February 1997, the IAHC issued a
report ignoring the Draft Postel recommendations and instead recommended the introduction of seven
new gTLDs (arts, firm, info, nom, rec, store and web). However, progress on this stalled after the US
Government intervened and nothing ever came of it.


In October 1998, the Internet Corporation for Assigned Names and Numbers (ICANN) formed to take over
the task of managing domain names. After a call for proposals ( August 15, 2000) and a brief period of
public consultation, ICANN announced on November 16, 2000 its selection of the following seven new
gTLDs:


        aero — air transport industry                              museum — museums
        biz — businesses                                           name — individuals
        coop — cooperatives                                        pro — professionals
        info — information (unrestricted use)




Vítor Vaz da Silva                                                                                        H-18
These new gTLDs started to come into use in June 2001, and by the end of that year all except pro
existed, with biz, info and museum already in full operation. name and coop became fully operational in
January 2002, and aero followed later in the year. pro became a gTLD in May 2002.


ICANN now intends to add further gTLDs, starting with a set of sponsored top-level domains (like the
current aero, coop and museum). The application period for these lasted from 15 December 2003 until
16 March 2004, and resulted in ten applications. The most high-profile of these applications came from a
consortium of companies including Microsoft, Vodafone, Samsung, Sun Microsystems and Nokia. It aims
to develop a gTLD for mobile devices, potentially offering stripped-down versions of existing sites. The full
list of proposed new TLDs consists of: asia, cat (or ctl or catala), jobs, mail (or tmail or mta), mobi (or
mbl), post, tel, travel and xxx. Two separate, unrelated entities applied for tel.


Historical TLDs

The ARPANET was a predecessor to the Internet established by the U.S. Defense Advanced Research
Projects Agency (DARPA). When the Domain Name System was introduced, ARPANET host names were
initially converted to domain names by adding .arpa to the end. Domain names of this form were rapidly
phased out by replacing them with domain names using the other, more informative, TLDs. However, as
has been explained above, the arpa TLD remains in use for other purposes including reverse DNS lookup
where for example the IP address 212.30.222.56 is mapped to a host name by issuing a DNS query for
the PTR record for the special host name 56.222.30.212.in-addr.arpa.


There are a few ccTLDs which have been deleted after the corresponding 2-letter code was withdrawn
from ISO_3166-1. Examples include cs (for Czechoslovakia) and zr (for Zaire). There is usually a
significant delay between withdrawal from ISO 3166-1 and deletion from the DNS. For example, zr ceased
to be an ISO 3166-1 code in 1997, but the zr ccTLD was not deleted until 2001, and the su (Soviet Union)
ccTLD remains in use more than a decade after su was removed from ISO 3166-1.


A nato TLD was added in the late 1980s by the NIC for the use of NATO, who felt that none of the then
existing TLDs adequately reflected their status as an international organization. Soon after this addition,
however, the NIC created the int TLD for the use of international organizations, and convinced NATO to
use nato.int instead. However, the nato TLD, although no longer used, was not deleted until July 1996.


In the past the Internet was just one of many wide area computer networks. Computers not connected to
the Internet, but connected to another network such as Bitnet or UUCP could generally exchange e-mail
with the Internet via e-mail gateways. When used on the Internet, addresses on these networks were often
placed under pseudo-domains such as bitnet and uucp; however these pseudo-domains were not real
top-level domains and did not exist in DNS.


Most of these networks have long since ceased to exist, and although UUCP still gets significant use in
parts of the world where Internet infrastructure has not yet become well-established, it subsequently
transitioned to using Internet domain names, so pseudo-domains now largely survive as historical relics.




Vítor Vaz da Silva                                                                                       H-19
Reserved TLDs

RFC 2606 reserves the following four top-level domain names for various purposes, with the intention that
these should never become actual TLDs in the global DNS:


        example — reserved for use in examples
        invalid — reserved for use in obviously invalid domain names
        localhost — reserved to avoid conflict with the traditional use of localhost
        test — reserved for use in tests


TLDs in alternate roots

Alternate DNS roots have their own sets of TLDs. See that article for details.




                                   Alternate DNS root

In addition to the Internet's main DNS root (currently consisting of 13 root nameservers working in
agreement with ICANN), several organizations operate 'alternate DNS roots' (often referred to as 'alt
roots'). Each alternate root has its own root nameservers and its own set of top-level domains.


The BIZ TLD created by Pacific Root was in operation before ICANN proposed running BIZ, and at least
one of the alternate root servers resolves BIZ to Pacific Root's. There are BIZ domain names that exist in
different roots and point to different IP addresses. The possibility of such conflicts, and their potential for
destabilizing the Internet, is the main source of controversy surrounding alt roots.


Only a small proportion of ISPs actually use any of the zones served by alt-root operators, generally
sticking to the ICANN-specified root servers.


Among the most well-known alt-root zones are:


        Open Root Server Confederation (ORSC)
              o    The ORSC root zone is too large to be fully quoted here. The ORSC root zone can be
                   downloaded from http://dns.vrx.net/tech/rootzone/db.root
        OpenNIC
        GLUE -- root server administration                           OSS -- Open Source Software
        INDY -- independent news                                     PARODY -- parodies
        GEEK -- anything geeky
        NULL -- miscellaneous non-
         commercial individual sites




Vítor Vaz da Silva                                                                                          H-20
        AlterNIC
              o     EXP --                                                 o    NIC --
              o     LLC --                                                 o    NOC --
              o     LNX --                                                 o    PORN --
              o     LTD --                                                 o    XXX --
              o     MED --
        Pacific Root (many TLDs, not all listed here)
              o     AIS --                                                 o    SAT --
              o     BIO --                                                 o    WWW --
              o     CAL --                                                 o    BIZ --
              o     IND --                                                 o    ETC --
              o     JOB --                                                 o    MEN --
              o     LIB --                                                 o    NGO --
              o     NPO --                                                 o    NOT --
              o     PPP --

                                     Root nameserver

A 'root nameserver' is a DNS server that answers requests for the root namespace domain, and redirects
requests for a particular top-level domain to that TLD's nameservers.


All domain names on the Internet actually end in a '.' (period) character -- that is, technically, Wikipedia is
actually hosted on the domain "'www.wikipedia.org.'" (try it.) This final dot is implied, and all modern DNS
software does not actually require that the final dot be included when attempting to translate a domain
name to an IP address. The final dot is called the 'root domain', and all other domains
(i.e. .com, .org, .net, .uk, etc.) are contained within the root domain.


When a computer on the Internet wants to resolve a domain name, it works from right to left, asking each
nameserver in turn about the element to its left. The root nameservers (which have responsibility for the .
domain) know about which servers are responsible for the top-level domains. Each top-level domain (such
as .org) has its own set of servers, which in turn delegate to the nameservers responsible for individual
domain names (such as wikipedia), which in turn answer queries for IP addresses of subdomains (such as
www).


In practice, most of this information doesn't change very often and gets cached, and DNS lookups to the
root nameservers are relatively rare.




Vítor Vaz da Silva                                                                                         H-21
There are currently 13 root name servers, with names in the form ?.ROOT-SERVERS.NET where ? runs
from A to M, namely:


     old name                 operator              location

A ns.internic.net    VeriSign                 Dulles, VA

B ns1.isi.edu        ISI                      Marina Del Rey, CA

C c.psi.net          Cogent                   Herndon, VA

D terp.umd.edu       University of Maryland   College Park, MD

E ns.nasa.gov        NASA                     Mountain View, CA

F ns.isc.org         ISC                      Palo Alto, CA

G ns.nic.ddn.mil     U.S. DoD NIC             Vienna, VA

H aos.arl.army.mil U.S. Army Research Lab Aberdeen, MD

I nic.nordu.net      Autonomica               Stockholm

J                    VeriSign                 Dulles, VA

K                    RIPE                     London

L                    ICANN                    Los Angeles

M                    WIDE Project             Tokyo


Older servers had their own name before the policy of using similar names was established.


No more names can be used because of protocol limitations, but the C, F, I, J and K servers exist in
multiple locations on different continents, using anycast announcements to provide a decentralized service.
As a result most of the physical, rather than nominal, root servers are now outside the United States.


There are quite a few alternate namespace systems with their own set of root nameservers that exist in
opposition to the mainstream nameservers. The first, AlterNIC, generated a substantial amount of press.
See Alternate DNS root for more information.



                                         Dynamic DNS

'Dynamic DNS' is a system for allowing an Internet domain name to be assigned to a varying IP address.
This makes it possible for other sites on the Internet to establish connections to the machine without
needing to track the IP address themselves. A common use is for running server software on a computer
that has a dynamic IP address (e.g., a dialup connection where a new address is assigned at each
connection, or a DSL service where the address is changed by the ISP occasionally).


To implement dynamic DNS it is necessary to set the maximum caching time of the domain to an
unusually short period (typically a few minutes). This prevents other sites on the Internet from retaining the
old address in their cache, so that they will typically contact the name server of the domain for each new
connection.




Vítor Vaz da Silva                                                                                       H-22
Dynamic DNS service is provided on a large scale by various organizations, which retain the current
addresses in a database and provide a means for the user to update it as required. Some "client"
programs will, when installed, operate in the background and check the IP address of the computer every
few minutes. If it has changed, then it will send an update request to the service. Many routers and other
networking components contain a feature such as this in their firmware.


External links

Dynamic DNS providers

        ChangeIP.com
        Dynip.com
        Dynamic Network Services
        Hammernode
        No-IP
        ThatIP
        DYNSERV



                             Internet service provider
An 'Internet Service Provider' (an 'ISP') is a provider of Internet services. Most
telecommunications operators are ISPs. They provide services like internet transit, domain
name registration and hosting, dial-up access, leased line access and colocation.

In early 2000s, ISPs in the United States faced serious challenges. Telecommunications and
IT-related stocks fell sharply, and many ISPs were forced to close, restructure, sell, or merge.
The slower-than-expected growth of broadband services and key decisions on broadband
open access matters have all added to the industry's problems.


ISPs

Dialups
        United Online
              o NetZero
              o Juno
        AOL
              o CompuServe
        AT&T
        Boingo
        Demon Internet
        Earthlink
              o MindSpring
        XS4ALL


Free dialups
        Wanadoo
        Freeola



Vítor Vaz da Silva                                                                                     H-23
       Juno Online Services
       NetZero
       Free 24/7


DSL / Cable
       Blueyonder
       Covad
       NorthPoint Communications
       Rhythms NetConnections
       Excite at Home
       Rogers Cable
       Sympatico


Others
       community networks
       PIPEX
       Prodigy
       UUNET
       IIJ
       Etisalat


Other relevant acronyms
       IAP ( Internet Access Provider)
       NSP ( Network Service Provider)


Related services
       Broadband access
            o DSL -- Digital Subscriber Line
            o Fixed wireless access
            o Cable
       Web hosting services
       Usenet servers
       Email sevices
       DNS
            o Dynamic DNS




Vítor Vaz da Silva                             H-24
                     Assimilação de Conceitos
o DNS
o ISP
o Domain Name Space
o http://www.juliobattisti.com.br/artigos/windows/tcpip_p8.asp
o



                         Para Aprofundar
o RFC 1034
o RFC 1035




Vítor Vaz da Silva                                               H-25
    Two-Level Domain Name Query
                                         Non-Recursive Domain Name
                                                  Query




                                  Single-Level Domain Name Query



Vítor Vaz da Silva                                                   H 26

								
To top