From Wikipedia, the free encyclopedia
Jump to: navigation, search
Not to be confused with the Institution of Electrical Engineers (IEE).
It has been suggested that this article or section be merged with IEEE ICME. (Discuss)
Institute of Electrical and Electronics Engineers
Website
www.ieee.org
The IEEE corporate office is on the 17th floor of 3 Park Avenue in New York City
The Institute of Electrical and Electronics Engineers or IEEE (read eye-triple-e) is an international non-profit, professional organization for the advancement of technology related to electricity. It has the most members of any technical professional organization in the world, with more than 365,000 members in around 150 countries.
History
The IEEE is incorporated in the State of New York, United States. It was formed in 1963 by the merger of the Institute of Radio Engineers (IRE, founded 1912) and the American Institute of Electrical Engineers (AIEE, founded 1884).
The major interests of the AIEE were wire communications (telegraph and telephony) and light and power systems. The IRE concerned mostly radio engineering, and was formed from two smaller organizations, the Society of Wireless and Telegraph Engineers and the Wireless Institute. With the rise of electronics in the 1930s, electronics engineers usually became members of the IRE, but the applications of electron tube technology became so extensive that the technical boundaries differentiating the IRE and the AIEE became difficult to distinguish. After World War II, the two organizations became increasingly competitive, and in 1961, the leadership of both the IRE and the AIEE resolved to consolidate the two organizations. The two organizations formally merged as the IEEE on January 1, 1963.
Notable Presidents of IEEE and its founding organizations include Elihu Thomson (AIEE, 1889-1890), Alexander Graham Bell (AIEE, 1891-1892), Charles Proteus Steinmetz (AIEE, 1901-1902), Lee De Forest (IRE, 1930), Frederick E. Terman (IRE, 1941), William R. Hewlett (IRE, 1954), Ernst Weber (IRE, 1959; IEEE, 1963), and Ivan Getting (IEEE, 1978).
[edit] Overview
IEEE's Constitution defines the purposes of the organization as "scientific and educational, directed toward the advancement of the theory and practice of electrical, electronics, communications and computer engineering, as well as computer science, the allied branches of engineering and the related arts and sciences." In pursuing these goals, the IEEE serves as a major publisher of scientific journals and a conference organizer. It is also a leading developer of industrial standards (having developed over 900 active industry standards) in a broad range of disciplines, including electric power and energy, biomedical technology and healthcare, information technology, information assurance, telecommunications, consumer electronics, transportation, aerospace, and nanotechnology. IEEE develops and participates in educational activities such as accreditation of electrical engineering programs in institutes of higher learning. The IEEE logo is a diamond-shaped design which illustrates the right hand grip rule. It also sponsors or cosponsors more than 450 international technical conferences each year .
IEEE has a dual complementary regional and technical structure - with organizational units based on geography (e.g., the IEEE Philadelphia Section) and technical focus (e.g., the IEEE Computer Society). It manages a separate organizational unit (IEEE-USA) which recommends policies and implements programs specifically intended to benefit the members, the profession and the public in the United States.
The IEEE consists of 39 societies, organized around specialized technical fields, with more than 300 local organizations that hold regular meetings.
The IEEE Standards Association is in charge of the standardization activities of the IEEE. There are seven steps to its standard setting process, which typically takes 18 months to complete: 1. Securing Sponsorship, 2. Requesting Project Authorization, 3. Assembling a Working Group, 4. Drafting the Standard, 5. Balloting (75% approval required), 6. Review Committee, and 7. Final Vote.
The current (2008) president of IEEE is Lewis M. Terman. The current (2007) president of IEEE-USA is John W. Meredith.
[edit] Publications
Main article: List of IEEE publications
IEEE produces 30 percent of the world's literature in the electrical and electronics engineering and computer science fields, publishing well over 100 peer-reviewed journals.[1].
The content in these journals as well as the content from several hundred annual conferences are available in the IEEE's online digital library [2]
[edit] Educational opportunities
The IEEE provides learning opportunities within the engineering sciences, research, and technology. The goal of the IEEE education programs is to ensure the growth of skill and knowledge in the electricity-related technical professions and to foster individual commitment to continuing education among IEEE members, the engineering and scientific communities, and the general public.
IEEE offers educational opportunities such as Expert Now IEEE ,[3] the Education Partners Program,[4] Standards in Education[5] and Continuing Education Units (CEUs).[6]
Expert Now IEEE is a collection of online educational courses designed for self-paced learning. Education Partners, exclusive for IEEE members, offers on-line degree programs, certifications and courses at a 10% discount. The Standards in Education website explains what standards are and the importance of developing and using them. The site includes tutorial modules and case illustrations to introduce the history of standards, the basic terminology, their applications and impact on products, as well as news related to standards, book reviews and links to other sites that contain information on standards. Currently, twenty-nine states require Professional Development Hours (PDH) to maintain P.E. licensure, encouraging engineers to seek Continuing Education Units (CEUs) for their participation in continuing education programs. CEUs readily translate into Professional Development Hours (PDHs) (1 CEU is equivalent to 10 PDHs).
IEEE also sponsors a website[7] designed to help young people understand better what engineering means, and how an engineering career can be made part of their future. Students (ages 8-18), parents, and teachers can explore the site to prepare for an engineering career, ask experts engineering-related questions, play interactive games, explore curriculum links, and review lesson plans. This website also allows students to search for accredited engineering degree programs in Canada and the United States; visitors are able to search by state/province/territory, country, degree field, tuition ranges, room and board ranges, size of student body, and location (rural, suburban, or urban).
[edit] Criticism
A number of Open Source software proponents, such as Richard Stallman[8] and Daniel J. Bernstein[9], have criticized IEEE's copyright policy. When publishing with the IEEE, the author is forced to transfer his copyright[10] to the IEEE who then sells the paper in journals as well as online without paying anything to the authors or the reviewers. Attendance fees to conference meetings are also notoriously high. This has prompted the appearance of new, more open scientific publishers[11][12]. However, publishing in IEEE journals is almost mandatory for those operating in the scientific communities of IEEE covered fields: impact factors of IEEE publications are among the highest[13].
[edit] Standards and the IEEE Standards Development Process
IEEE is one of the leading standards-making organizations in the world. IEEE performs its standards making and maintaining functions through the IEEE Standards Association (IEEE-SA). IEEE standards affect a wide range of industries including: power and energy, biomedical and healthcare, Information Technology (IT), telecommunications, transportation, nanotechnology, information assurance, and many more. In 2005, IEEE had close to 900 active standards, with 500 standards under development. One of the more notable IEEE standards is the IEEE 802 LAN/MAN group of standards which includes the IEEE 802.3 Ethernet standard and the IEEE 802.11 Wireless Networking standard.
The IEEE standards development process can be broken down into seven basic steps, as follows:
1. Securing Sponsorship: An IEEE-approved organization must sponsor a standard. A sponsoring organization is in charge of coordinating and supervising the standard development from inception to completion. The professional societies within IEEE serve as the natural sponsor for many standards.
2. Requesting Project Authorization: To gain authorization for the standard a Project Authorization Request (PAR) is submitted to the IEEE-SA Standards Board. The New Standards Committee (NesCom) of the IEEE-SA Standards Board reviews the PAR and makes a recommendation to the Standards Board about whether to approve the PAR.
3. Assembling a Working Group: After the PAR is approved, a "working group" of individuals affected by, or interested in, the standard is organized to develop the standard. IEEE-SA rules ensure that all Working Group meetings are open and that anyone has the right to attend and contribute to the meetings
4. Drafting the Standard: The Working Group prepares a draft of the proposed standard. Generally, the draft follows the IEEE Standards Style Manual that sets “guidelines” for the clauses and format of the standards document.
5. Balloting: Once a draft of the standard is finalized in the Working Group, the draft is submitted for Balloting approval. The IEEE Standards Department sends an invitation-to-ballot to any individual who has expressed an interest in the subject matter of the standard. Anyone who responds positively to the invitation-to-ballot becomes a member of the balloting group, as long as the individual is an IEEE member or has paid a balloting fee. The IEEE requires that a proposed draft of the standard receive a response rate of 75% (i.e., at least 75% of potential ballots are returned) and that, of the responding ballots, at least 75% approve the proposed draft of the standard. If the standard is not approved, the process returns to the drafting of the standard step in order to modify the standard document to gain approval of the balloting group.
6. Review Committee: After getting 75% approval, the draft standard, along with the balloting comments, are submitted to the IEEE-SA Standards Board Review Committee (RevCom). The RevCom reviews the proposed draft of the standard against the IEEE-SA Standards Board Bylaws and the stipulations set forth in the IEEE-SA Standards Board Operations Manual. The RevCom then makes a recommendation about whether to approve the submitted draft of the standard document.
7. Final Vote: Each member of the IEEE-SA Standards Board places a final vote on the submitted standard document. It takes a majority vote of the Standards Board to gain final approval of the standard. In general, if the RevCom recommends approval, the Standards Board will vote to approve the standard.
Notable IEEE Standards committees and formats
It has been suggested that this list should be changed into a table format to meet Wikipedia's quality standards.This list may be better presented as a table. Please help improve this list, prune it, or discuss it on the talk page.This article has been tagged since January 2008.
-IEEE 488 — Standard Digital Interface for Programmable Instrumentation, IEEE-488-1978 (now 488.1).
-IEEE 610 — Standard Glossary of Software Engineering Terminology
-IEEE 754 — floating point arithmetic specifications
-IEEE 802 — LAN/MAN
-IEEE 802.1 — Standards for LAN/MAN bridging and management and remote media access control (MAC) bridging.
-IEEE 802.2 — Standards for Logical Link Control (LLC) standards for connectivity.
-IEEE 802.3 — Ethernet Standards for Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
-IEEE 802.4 — Standards for token passing bus access
-IEEE 802.5 — Standards for token ring access and for communications between LANs and MANs
-IEEE 802.6 — Standards for information exchange between systems.
-IEEE 802.7 — Standards for broadband LAN cabling.
-IEEE 802.8 — Fiber optic connection
-IEEE 802.9 — Standards for integrated services, like voice and data.
-IEEE 802.10 — Standards for LAN/MAN security implementations.
-IEEE 802.11 — Wireless Networking – "WiFi"
-IEEE 802.12 — Standards for demand priority access method
-IEEE 802.14 — Standards for cable television broadband communications
-IEEE 802.15.1 — Bluetooth
-IEEE 802.15.4 — Wireless Sensor/Control Networks – "ZigBee"
-IEEE 802.16 — Wireless Networking – "WiMAX"
-IEEE 829 — Software Test Documentation
-IEEE 830 — Software Requirements Specifications
-IEEE 896 — Futurebus
-IEEE 1003 — POSIX – "Unix" compatibility programming standard
-IEEE 1044 — Standard Classification for Software Anomalies
-IEEE 1059 — Software Verification And Validation Plan
-IEEE 1073 — Point of Care Medical Device Communication Standards
-IEEE 1074 — Software Development Life Cycle
-IEEE 1076 — VHDL – VHSIC Hardware Description Language
-IEEE 1149.1 — JTAG
-IEEE 1149.6 — AC-JTAG
-IEEE 1180 — Discrete cosine transform accuracy
-IEEE 1275 — Open Firmware
-IEEE 1284 — Parallel port
-IEEE P1363 — Public key cryptography
-IEEE 1394 — Serial Bus — "FireWire", "i.Link"
-IEEE P1901 — Broadband over Power Line Networks
-IEEE 1541 — Prefixes for Binary Multiples
-IEEE 1584 — Guide for Performing Arc Flash Hazard Calculations
-IEEE 1588 — Precision Time Protocol
-IEEE 1667 — Standard Protocol for Authentication in Host Attachments of Transient Storage Devices
-IEEE 12207 — Information Technology
-IEEE Switchgear Committee C37 series of standards for Low and High voltage equipment
Membership and member grades
Most IEEE members are electrical engineers, computer engineers, and computer scientists, but the organization's wide scope of interests has attracted engineers in other disciplines (e.g., mechanical and civil) as well as biologists, physicists, and mathematicians.
Member
Member Grade is limited to those who satisfy a set of IEEE-specified educational and/or professional requirements in IEEE-designated fields of interest. This is usually:
- A three-to-five year university-level or higher degree from an accredited institution or program and in an IEEE-designated field; or
- A three-to-five year university-level or higher degree from an accredited institution or program, plus at least three years of professional work experience engaged in teaching, creating, developing, practicing or managing in IEEE-designated fields; or
- At least six years of professional work experience which demonstrate competence in teaching, creating, developing, practicing or managing within IEEE-designated fields.
Associate Member
Associates are members of the IEEE who do not qualify for Member Grade. They receive all rights and privileges of Members, but they generally cannot participate in the governance of IEEE (e.g., vote in IEEE elections, or hold offices that are restricted to Member Grade and above).
Student Member
Full time students in one of the IEEE disciplines can obtain special reduced dues and are entitled to all of the IEEE Member benefits, excluding the right to vote and hold office. Full time students who already satisfy the requirements for being a member (Graduate Student Members) are entitled also to these rights, while retaining the discounted dues.
Senior Member
The grade of Senior Member is the highest which can be obtained by application. The candidate must have been an engineer, scientist, educator, technical executive, or originator in IEEE-designated fields for a total of 10 years, and have demonstrated exceptional performance over the last five.
Fellow Grade
The grade of Fellow recognizes unusual distinction in the profession, and is conferred by invitation of the Board of Directors to members of outstanding and extraordinary qualifications and experience in IEEE-designated fields, and who have made important individual contributions to one or more of these fields. Every year, less than 1 member in a thousand can be promoted to Fellow. On January 1, 2007 there were 5,777 IEEE Fellows [14] These members include Fellow candidates that are selected by the IEEE Fellow committee [15] In 2007, 268 "Senior Members" were promoted to Fellows [16]
Non-members
Affiliate
Society Affiliates are non-members that subscribe solely to one of the technical societies of IEEE. As such, they are not entitled to any IEEE benefits or services that are reserved to IEEE members.
IEEE Awards and Honors
Major Medals
-IEEE Medal of Honor
-IEEE Edison Medal
-IEEE Richard W. Hamming Medal
-IEEE John von Neumann Medal
-IEEE Alexander Graham Bell Medal
-IEEE Simon Ramo Medal
-IEEE Benjamin G. Lamme Medal
-IEEE James H. Mulligan, Jr. Education Medal
Field Awards
-IEEE SA International Award
-IEEE Reynold B. Johnson Information Storage Systems Award
-IEEE Morris N. Liebmann Memorial Award (no longer active)
-IEEE Charles Proteus Steinmetz Award
-IEEE Nikola Tesla Award
-IEEE Internet Award
-IEEE Long Island Section Awards & Region 1 Awards [2]
-IEEE Computer Pioneer Award
-IEEE James H. Mulligan, Jr. Education Medal
IEEE Societies
In 2007 there were the following societies [17]:
-IEEE Aerospace and Electronic Systems Society
-IEEE Antennas & Propagation Society
-IEEE Broadcast Technology Society
-IEEE Circuits & Systems Society
-IEEE Communications Society
-IEEE Components, Packaging & Manufacturing Technology Society
-IEEE Computational Intelligence Society
-IEEE Computer Society
-IEEE Consumer Electronics Society
-IEEE Control Systems Society
-IEEE Dielectrics & Electrical Insulation Society
-IEEE Education Society
-IEEE Electromagnetic Compatibility Society
-IEEE Electron Devices Society
-IEEE Engineering in Medicine & Biology Society
-IEEE Geoscience & Remote Sensing Society
-IEEE Industrial Electronics Society
-IEEE Industry Applications Society
-IEEE Information Theory Society
-IEEE Instrumentation & Measurement Society
-IEEE Intelligent Transportation Systems Society
-IEEE Laser & Electro-Optics Society
-IEEE Magnetics Society
-IEEE Microwave Theory & Techniques Society
-IEEE Nuclear & Plasma Sciences Society
-IEEE Oceanic Engineering Society
-IEEE Power Electronics Society
-IEEE Power Engineering Society
-IEEE Product Safety Engineering Society
-IEEE Professional Communication Society
-IEEE Reliability Society
-IEEE Robotics and Automation Society
-IEEE Signal Processing Society
-IEEE Society on Social Implications of Technology
-IEEE Solid-State Circuits Society
-IEEE Systems, Man & Cybernetics Society
-IEEE Ultrasonics, Ferroelectrics & Frequency Control Society
-IEEE Vehicular Technology Society
See also
IEEE Computer Society Certified Software Development Professional (CSDP) Program
References
1. ^ About IEEE
2. ^ IEEE's online digital library
3. ^ http://www.ieee.org/web/education/Expert_Now_IEEE/index.html
4. ^ http://www.ieee.org/web/education/partners/eduPartners.html
5. ^ http://www.ieee.org/portal/cms_docs/education/setf/index.html
6. ^ http://www.ieee.org/web/education/ceus/index.html
7. ^ http://www.tryengineering.org/
8. ^ Richard Stallman's Personal Home Page, section "Long-term action items". Richard Stallman.
9. ^ Don't Publish with IEEE!. D.J. Bernstein. Retrieved on 2007-07-10.
10. ^ IEEE copyright transfer form. IEEE.
11. ^ Public Library of Science. Retrieved on 2007-08-08.
12. ^ The Insight Journal. Retrieved on 2007-08-08.
13. ^ Impact factors of IEEE publications. Retrieved on 2008-02-10.
14. ^http://www.ieee.org/portal/cms_docs_iportals/iportals/membership/fellows/fellow_stats_summary_years_2006-2007.xls
15. ^ http://www.ieee.org/web/membership/fellows/committee.html
16. ^ http://www.ieee.org/web/membership/fellows/new_fellows.html
17. ^ http://www.ieee.org/web/membership/societies/index.html
The Standards & the IEEE Standards Development Process section is based on information originally obtained from the IEEE and IEEE-SA websites, and the Appendix of the article "The Role of Market-Based and Committee-Based Standards," by Sanjiv Patel, Babson College 2002.
External links
-IEEE Global Website
-IEEE Standard Association
-IEEE Xplore — over a million online documents
-Organization of the IEEE
-IEEE Students
-IEEE Graduates of the Last Decade (GOLD)
-www.tryengineering.org - IEEE website for students age 8-18, and their parents, teachers, and guidance counselors.
-IEEE Virtual Museum A virtual museum that illustrates many of the basic electrical engineering and electricity concepts through examples, figures, and interviews
-The IEEE-USA Entrepreneurs Village, established to support those people who create entrepreneurial businesses based on technology.
-IEEE Components Packaging and Manufacturing and Technology Society
-IEEE Richmond Section Blog
-University of Western Australia IEEE Student Branch
-IEEE PHEV info
[hide]
v • d • eTechnical Societies of the IEEE
Aerospace and Electronic Systems • Antennas and Propagation • Broadcast Technology • Circuits and Systems • Communications • Components Packaging and Manufacturing and Technology • Computational Intelligence • Computer • Consumer Electronics • Control Systems • Dielectrics and Electrical Insulation • Education • Electromagnetic Compatibility • Electron Devices • Engineering Management • Engineering in Medicine and Biology • Geoscience and Remote Sensing • Industrial Electronics • Industry Applications • Information Theory • Intelligent Transportation Systems • Instrumentation and Measurement • Lasers and Electro-Optics • Magnetics • Microwave Theory and Techniques • Nuclear and Plasma Sciences • Oceanic Engineering • Power Electronics • Power Engineering • Product Safety Engineering • Professional Communication • Reliability • Robotics and Automation • Signal Processing • Social Implications of Technology • Systems, Man and Cybernetics • Ultrasonics, Ferroelectronics and Frequency Control • Vehicular Technology
Retrieved from "http://en.wikipedia.org/wiki/Institute_of_Electrical_and_Electronics_Engineers"
Categories: Wikipedia list cleanup All articles requiring tables Organizations established in 1963 American professional bodies Institute of Electrical and Electronics Engineers International nongovernmental organizations Engineering societies Standards organizations
วันพุธที่ 5 มีนาคม พ.ศ. 2551
Web service
From Wikipedia, the free encyclopedia
Jump to: navigation, search
A Web service (also Web Service) is defined by the W3C as "a software system designed to support interoperable Machine to Machine interaction over a network." Web services are frequently just Web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services.
The W3C Web service definition encompasses many different systems, but in common usage the term refers to clients and servers that communicate using XML messages that follow the SOAP standard. Common in both the field and the terminology is the assumption that there is also a machine readable description of the operations supported by the server written in the Web Services Description Language (WSDL). The latter is not a requirement of a SOAP endpoint, but it is a prerequisite for automated client-side code generation in many Java and .NET SOAP frameworks (frameworks such as Spring and Apache CXF being notable exceptions). Some industry organizations, such as the WS-I, mandate both SOAP and WSDL in their definition of a Web service.
Specifications
Profiles
To improve interoperability of Web Services, the WS-I publishes profiles. A profile is a set of core specifications (SOAP, WSDL, ...) in a specific version (SOAP 1.1, UDDI 2, ...) with some additional requirements to restrict the use of the core specifications. The WS-I also publishes use cases and test tools to help deploying profile compliant Web Service.
Additional specifications, WS-*
Some specifications have been developed or are currently being developed to extend Web Services capabilities. These specifications are generally referred to as WS-*. Here is a non-exhaustive list of these WS-* specifications.
WS-Security
Defines how to use XML Encryption and XML Signature in SOAP to secure message exchanges, as an alternative or extension to using HTTPS to secure the channel.
WS-Reliability
An OASIS standard protocol for reliable messaging between two Web services.
WS-ReliableMessaging
A protocol for reliable messaging between two Web services, issued by Microsoft, BEA and IBM it is currently being standardized by the OASIS organization [1].
WS-Addressing
A way of describing the address of the recipient (and sender) of a message, inside the SOAP message itself.
WS-Transaction
A way of handling transactions.
Some of these additional specifications have come from the W3C. There is much discussion around the organization's participation, as the general Web and the Semantic Web story appear to be at odds with much of the Web Services vision. This has surfaced most recently in February 2007, at the Web of Services for the Enterprise workshop. Some of the participants advocated a withdrawal of the W3C from further WS-* related work, and a focus on the core Web.
In contrast, OASIS has standardized many Web service extensions, including Web Services Resource Framework and WSDM.
Styles of use
Web services are a set of tools that can be used in a number of ways. The three most common styles of use are RPC, SOA and REST.
Remote procedure calls
RPC Web services present a distributed function (or method) call interface that is familiar to many developers. Typically, the basic unit of RPC Web services is the WSDL operation.
The first Web services tools were focused on RPC, and as a result this style is widely deployed and supported. However, it is sometimes criticised for not being loosely coupled, because it was often implemented by mapping services directly to language-specific functions or method calls. Many vendors felt this approach to be a dead end, and pushed for RPC to be disallowed in the WS-I Basic Profile.
Service-oriented architecture
Web services can also be used to implement an architecture according to Service-oriented architecture (SOA) concepts, where the basic unit of communication is a message, rather than an operation. This is often referred to as "message-oriented" services.
SOA Web services are supported by most major software vendors and industry analysts. Unlike RPC Web services, loose coupling is more likely, because the focus is on the "contract" that WSDL provides, rather than the underlying implementation details.
Representational state transfer
Finally, RESTful Web services attempt to emulate HTTP and similar protocols by constraining the interface to a set of well-known, standard operations (e.g., GET, PUT, DELETE). Here, the focus is on interacting with stateful resources, rather than messages or operations. RESTful Web services can use WSDL to describe SOAP messaging over HTTP, which defines the operations, or can be implemented as an abstraction purely on top of SOAP (e.g., WS-Transfer).
WSDL version 2.0 offers support for binding to all the HTTP request methods (not only GET and POST as in version 1.1) so it enables a better implementation of RESTful Web services[1] . However support for this specification is still poor in software development kits, which often offer tools only for WSDL 1.1.
Criticisms
Critics of non-RESTful Web services often complain that they are too complex[2] and biased towards large software vendors or integrators, rather than open source implementations.
One big concern of the REST Web Service developers is that the SOAP WS toolkits make it easy to define new interfaces for remote interaction, often relying on introspection to extract the WSDL and service API from Java, C# or VB code. This is viewed as a feature by the SOAP stack authors (and many users) but it is feared that it can increase the brittleness of the systems, since a minor change on the server (even an upgrade of the SOAP stack) can result in different WSDL and a different service interface. The client-side classes that can be generated from WSDL and XSD descriptions of the service are often similarly tied to a particular version of the SOAP endpoint and can break if the endpoint changes or the client-side SOAP stack is upgraded. Well designed SOAP endpoints (with handwritten XSD and WSDL) do not suffer from this but there is still the problem that a custom interface for every service requires a custom client for every service.
There are also concerns about performance due to Web services' use of XML as a message format and SOAP and HTTP in enveloping and transport.
Similar efforts
There are several other approaches to the set of problems that Web services attempts to address, both preceding and contemporary to it. RMI was one of many middleware systems that have seen wide deployment. More ambitious efforts like CORBA and DCOM attempted to effect distributed objects, which Web services implementations sometimes try to mimic.
More basic efforts include XML-RPC, a precursor to SOAP that was only capable of RPC, and various forms of HTTP usage without SOAP.
See also
List of Web service Frameworks
Service system
Service Oriented Architecture
Enterprise Information Integration (EII)
Business Intelligence 2.0 (BI 2.0)
Devices Profile for Web Services
Web Processing Service
Microsoft Connected Services Framework
Web Services Discovery
OAuth
Notes
^ Web Services Description Language (WSDL) Version 2.0 Part 2: Adjuncts.
^ http://www.tbray.org/ongoing/When/200x/2004/09/21/WS-Research
External links
W3C Web Services Activity home page
Web Services Architecture (W3C Working Group Note)
Secure, Reliable, Transacted Web Services (IBM/Microsoft white paper)
Automate Web service testing, Part 3: Test a secured Web service with IBM Rational Software Architect and XMLUnit (IBM developerWorks tutorial - advanced level)
The Performance Woe of Binary XML
Retrieved from "http://en.wikipedia.org/wiki/Web_service"
Categories: Web services
Jump to: navigation, search
A Web service (also Web Service) is defined by the W3C as "a software system designed to support interoperable Machine to Machine interaction over a network." Web services are frequently just Web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services.
The W3C Web service definition encompasses many different systems, but in common usage the term refers to clients and servers that communicate using XML messages that follow the SOAP standard. Common in both the field and the terminology is the assumption that there is also a machine readable description of the operations supported by the server written in the Web Services Description Language (WSDL). The latter is not a requirement of a SOAP endpoint, but it is a prerequisite for automated client-side code generation in many Java and .NET SOAP frameworks (frameworks such as Spring and Apache CXF being notable exceptions). Some industry organizations, such as the WS-I, mandate both SOAP and WSDL in their definition of a Web service.
Specifications
Profiles
To improve interoperability of Web Services, the WS-I publishes profiles. A profile is a set of core specifications (SOAP, WSDL, ...) in a specific version (SOAP 1.1, UDDI 2, ...) with some additional requirements to restrict the use of the core specifications. The WS-I also publishes use cases and test tools to help deploying profile compliant Web Service.
Additional specifications, WS-*
Some specifications have been developed or are currently being developed to extend Web Services capabilities. These specifications are generally referred to as WS-*. Here is a non-exhaustive list of these WS-* specifications.
WS-Security
Defines how to use XML Encryption and XML Signature in SOAP to secure message exchanges, as an alternative or extension to using HTTPS to secure the channel.
WS-Reliability
An OASIS standard protocol for reliable messaging between two Web services.
WS-ReliableMessaging
A protocol for reliable messaging between two Web services, issued by Microsoft, BEA and IBM it is currently being standardized by the OASIS organization [1].
WS-Addressing
A way of describing the address of the recipient (and sender) of a message, inside the SOAP message itself.
WS-Transaction
A way of handling transactions.
Some of these additional specifications have come from the W3C. There is much discussion around the organization's participation, as the general Web and the Semantic Web story appear to be at odds with much of the Web Services vision. This has surfaced most recently in February 2007, at the Web of Services for the Enterprise workshop. Some of the participants advocated a withdrawal of the W3C from further WS-* related work, and a focus on the core Web.
In contrast, OASIS has standardized many Web service extensions, including Web Services Resource Framework and WSDM.
Styles of use
Web services are a set of tools that can be used in a number of ways. The three most common styles of use are RPC, SOA and REST.
Remote procedure calls
RPC Web services present a distributed function (or method) call interface that is familiar to many developers. Typically, the basic unit of RPC Web services is the WSDL operation.
The first Web services tools were focused on RPC, and as a result this style is widely deployed and supported. However, it is sometimes criticised for not being loosely coupled, because it was often implemented by mapping services directly to language-specific functions or method calls. Many vendors felt this approach to be a dead end, and pushed for RPC to be disallowed in the WS-I Basic Profile.
Service-oriented architecture
Web services can also be used to implement an architecture according to Service-oriented architecture (SOA) concepts, where the basic unit of communication is a message, rather than an operation. This is often referred to as "message-oriented" services.
SOA Web services are supported by most major software vendors and industry analysts. Unlike RPC Web services, loose coupling is more likely, because the focus is on the "contract" that WSDL provides, rather than the underlying implementation details.
Representational state transfer
Finally, RESTful Web services attempt to emulate HTTP and similar protocols by constraining the interface to a set of well-known, standard operations (e.g., GET, PUT, DELETE). Here, the focus is on interacting with stateful resources, rather than messages or operations. RESTful Web services can use WSDL to describe SOAP messaging over HTTP, which defines the operations, or can be implemented as an abstraction purely on top of SOAP (e.g., WS-Transfer).
WSDL version 2.0 offers support for binding to all the HTTP request methods (not only GET and POST as in version 1.1) so it enables a better implementation of RESTful Web services[1] . However support for this specification is still poor in software development kits, which often offer tools only for WSDL 1.1.
Criticisms
Critics of non-RESTful Web services often complain that they are too complex[2] and biased towards large software vendors or integrators, rather than open source implementations.
One big concern of the REST Web Service developers is that the SOAP WS toolkits make it easy to define new interfaces for remote interaction, often relying on introspection to extract the WSDL and service API from Java, C# or VB code. This is viewed as a feature by the SOAP stack authors (and many users) but it is feared that it can increase the brittleness of the systems, since a minor change on the server (even an upgrade of the SOAP stack) can result in different WSDL and a different service interface. The client-side classes that can be generated from WSDL and XSD descriptions of the service are often similarly tied to a particular version of the SOAP endpoint and can break if the endpoint changes or the client-side SOAP stack is upgraded. Well designed SOAP endpoints (with handwritten XSD and WSDL) do not suffer from this but there is still the problem that a custom interface for every service requires a custom client for every service.
There are also concerns about performance due to Web services' use of XML as a message format and SOAP and HTTP in enveloping and transport.
Similar efforts
There are several other approaches to the set of problems that Web services attempts to address, both preceding and contemporary to it. RMI was one of many middleware systems that have seen wide deployment. More ambitious efforts like CORBA and DCOM attempted to effect distributed objects, which Web services implementations sometimes try to mimic.
More basic efforts include XML-RPC, a precursor to SOAP that was only capable of RPC, and various forms of HTTP usage without SOAP.
See also
List of Web service Frameworks
Service system
Service Oriented Architecture
Enterprise Information Integration (EII)
Business Intelligence 2.0 (BI 2.0)
Devices Profile for Web Services
Web Processing Service
Microsoft Connected Services Framework
Web Services Discovery
OAuth
Notes
^ Web Services Description Language (WSDL) Version 2.0 Part 2: Adjuncts.
^ http://www.tbray.org/ongoing/When/200x/2004/09/21/WS-Research
External links
W3C Web Services Activity home page
Web Services Architecture (W3C Working Group Note)
Secure, Reliable, Transacted Web Services (IBM/Microsoft white paper)
Automate Web service testing, Part 3: Test a secured Web service with IBM Rational Software Architect and XMLUnit (IBM developerWorks tutorial - advanced level)
The Performance Woe of Binary XML
Retrieved from "http://en.wikipedia.org/wiki/Web_service"
Categories: Web services
Domain Name System
From Wikipedia, the free encyclopedia
(Redirected from Domain name system)
This article may require cleanup to meet Wikipedia's quality standards.Please improve this article if you can. (October 2007)
This article needs additional citations for verification.Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (December 2007)
The Domain Name System (DNS) associates various sorts of information with so-called domain names; most importantly, it serves as the "phone book" for the Internet by translating human-readable computer hostnames, e.g. www.example.com, into the IP addresses, e.g. 208.77.188.166, that networking equipment needs to deliver information. It also stores other information such as the list of mail exchange servers that accept email for a given domain. In providing a worldwide keyword-based redirection service, the Domain Name System is an essential component of contemporary Internet use.
Uses
The most basic task of DNS is to translate hostnames to IP addresses. In very simple terms, it can be compared to a phone book. DNS also has other important uses.
Preeminently, DNS makes it possible to assign Internet names to organizations (or concerns they represent), independently of the physical routing hierarchy represented by the numerical IP address. Because of this, hyperlinks and Internet contact information can remain the same, whatever the current IP routing arrangements may be, and can take a human-readable form (such as "example.com") which is rather easier to remember than the IP address 208.77.188.166. People take advantage of this when they recite meaningful URLs and e-mail addresses without caring how the machine will actually locate them.
The Domain Name System distributes the responsibility for assigning domain names and mapping them to IP networks by allowing an authoritative server for each domain to keep track of its own changes, avoiding the need for a central registrar to be continually consulted and updated.
[edit] History
The practice of using a name as a more human-legible abstraction of a machine's numerical address on the network predates even TCP/IP, and goes all the way to the ARPAnet era. Back then however, a different system was used, as DNS was invented only in 1983, shortly after TCP/IP was deployed. With the older system, each computer on the network retrieved a file called HOSTS.TXT from a computer at SRI (now SRI International). The HOSTS.TXT file mapped numerical addresses to names. A hosts file still exists on most modern operating systems, either by default or through configuration, and allows users to specify an IP address (eg. 192.0.34.166) to use for a hostname (eg. www.example.net) without checking DNS. As of 2006, the hosts file serves primarily for troubleshooting DNS errors or for mapping local addresses to more organic names. Systems based on a hosts file have inherent limitations, because of the obvious requirement that every time a given computer's address changed, every computer that seeks to communicate with it would need an update to its hosts file.
The growth of networking called for a more scalable system: one that recorded a change in a host's address in one place only. Other hosts would learn about the change dynamically through a notification system, thus completing a globally accessible network of all hosts' names and their associated IP Addresses.
At the request of Jon Postel, Paul Mockapetris invented the Domain Name system in 1983 and wrote the first implementation. The original specifications appear in RFC 882 and RFC 883. In November 1987, the publication of RFC 1034 and RFC 1035 updated the DNS specification[1] and made RFC 882 and RFC 883 obsolete. Several more-recent RFCs have proposed various extensions to the core DNS protocols.
In 1984, four Berkeley students — Douglas Terry, Mark Painter, David Riggle and Songnian Zhou — wrote the first UNIX implementation, which was maintained by Ralph Campbell thereafter. In 1985, Kevin Dunlap of DEC significantly re-wrote the DNS implementation and renamed it BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon). Mike Karels, Phil Almquist and Paul Vixie have maintained BIND since then. BIND was ported to the Windows NT platform in the early 1990s.
Due to BIND's long history of security issues and exploits, several alternative nameserver and resolver programs have been written and distributed in recent years.
How DNS works in theory
The domain name space
The domain name space consists of a tree of domain names. Each node or leaf in the tree has one or more resource records, which hold information associated with the domain name. The tree sub-divides into zones. A zone consists of a collection of connected nodes authoritatively served by an authoritative DNS nameserver. (Note that a single nameserver can host several zones.)
When a system administrator wants to let another administrator control a part of the domain name space within his zone of authority, he can delegate control to the other administrator. This splits a part of the old zone off into a new zone, which comes under the authority of the second administrator's nameservers. The old zone ceases to be authoritative for what goes under the authority of the new zone.
Parts of a domain name
A domain name usually consists of two or more parts (technically labels), separated by dots. For example example.com.
The rightmost label conveys the top-level domain (for example, the address www.example.com has the top-level domain com).
Each label to the left specifies a subdivision, or subdomain of the domain above it. Note;"subdomain" expresses relative dependence, not absolute dependence. For example: example.com comprises a subdomain of the com domain, and www.example.com comprises a subdomain of the domain example.com. In theory, this subdivision can go down to 127 levels deep. Each label can contain up to 63 characters. The whole domain name does not exceed a total length of 255 characters. In practice, some domain registries may have shorter limits.
A hostname refers to a domain name that has one or more associated IP addresses; ie: the www.example.com and example.com domains are both hostnames, however, the com domain is not.
DNS servers
The Domain Name System consists of a hierarchical set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it. The hierarchy of authoritative DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root nameservers: the servers to query when looking up (resolving) a top-level domain name (TLD).
DNS resolvers
A resolver looks up the resource record information associated with nodes. A resolver knows how to communicate with name servers by sending DNS queries and heeding DNS responses.
A DNS query may be either a recursive query or a non-recursive query:
A non-recursive query is one where the DNS server may provide a partial answer to the query (or give an error). DNS servers must support non-recursive queries.
A recursive query is one where the DNS server will fully answer the query (or give an error). DNS servers are not required to support recursive queries.
The resolver (or another DNS server acting recursively on behalf of the resolver) negotiates use of recursive service using bits in the query headers.
Resolving usually entails iterating through several name servers to find the needed information. However, some resolvers function simplistically and can only communicate with a single name server. These simple resolvers rely on a recursive query to a recursive name server to perform the work of finding information for them.
Address resolution mechanism
(This description deliberately uses the fictional .example TLD in accordance with the DNS guidelines themselves.)
In theory a full host name may have several name segments, (e.g ahost.ofasubnet.ofabiggernet.inadomain.example). In practice, in the experience of the majority of public users of Internet services, full host names will frequently consist of just three segments (ahost.inadomain.example, and most often www.inadomain.example).
For querying purposes, software interprets the name segment by segment, from right to left, using an iterative search procedure. At each step along the way, the program queries a corresponding DNS server to provide a pointer to the next server which it should consult.
As originally envisaged, the process was as simple as:
the local system is pre-configured with the known addresses of the root servers in a file of root hints, which need to be updated periodically by the local administrator from a reliable source to be kept up to date with the changes which occur over time.
query one of the root servers to find the server authoritative for the next level down (so in the case of our simple hostname, a root server would be asked for the address of a server with detailed knowledge of the example top level domain).
querying this second server for the address of a DNS server with detailed knowledge of the second-level domain (inadomain.example in our example).
repeating the previous step to progress down the name, until the final step which would, rather than generating the address of the next DNS server, return the final address sought.
The diagram illustrates this process for the real host www.wikipedia.org.
The mechanism in this simple form has a difficulty: it places a huge operating burden on the root servers, with each and every search for an address starting by querying one of them. Being as critical as they are to the overall function of the system such heavy use would create an insurmountable bottleneck for trillions of queries placed every day. The section DNS in practice describes how this is addressed.
Circular dependencies and glue records
Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a circular dependency if the nameserver referred to is under the domain that it is authoritative of, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record.
For example, assume that the sub-domain en.wikipedia.org contains further sub-domains (such as something.en.wikipedia.org) and that the authoritative nameserver for these lives at ns1.something.en.wikipedia.org. A computer trying to resolve something.en.wikipedia.org will thus first have to resolve ns1.something.en.wikipedia.org. Since ns1 is also under the something.en.wikipedia.org subdomain, resolving something.en.wikipedia.org requires resolving ns1.something.en.wikipedia.org which is exactly the circular dependency mentioned above. The dependency is broken by the glue record in the nameserver of en.wikipedia.org that provides the IP address of ns1.something.en.wikipedia.org directly to the requestor, enabling it to bootstrap the process by figuring out where ns1.something.en.wikipedia.org is located.
In practice
When an application (such as a web browser) tries to find the IP address of a domain name, it doesn't necessarily follow all of the steps outlined in the Theory section above. We will first look at the concept of caching, and then outline the operation of DNS in "the real world."
Caching and time to live
Because of the huge volume of requests generated by a system like DNS, the designers wished to provide a mechanism to reduce the load on individual DNS servers. To this end, the DNS resolution process allows for caching (i.e. the local recording and subsequent consultation of the results of a DNS query) for a given period of time after a successful answer. How long a resolver caches a DNS response (i.e. how long a DNS response remains valid) is determined by a value called the time to live (TTL). The TTL is set by the administrator of the DNS server handing out the response. The period of validity may vary from just seconds to days or even weeks.
Caching time
As a noteworthy consequence of this distributed and caching architecture, changes to DNS do not always take effect immediately and globally. This is best explained with an example: If an administrator has set a TTL of 6 hours for the host www.wikipedia.org, and then changes the IP address to which www.wikipedia.org resolves at 12:01pm, the administrator must consider that a person who cached a response with the old IP address at 12:00pm will not consult the DNS server again until 6:00pm. The period between 12:01pm and 6:00pm in this example is called caching time, which is best defined as a period of time that begins when you make a change to a DNS record and ends after the maximum amount of time specified by the TTL expires. This essentially leads to an important logistical consideration when making changes to DNS: not everyone is necessarily seeing the same thing you're seeing. RFC 1537 helps to convey basic rules for how to set the TTL.
Note that the term "propagation", although very widely used in this context, does not describe the effects of caching well. Specifically, it implies that [1] when you make a DNS change, it somehow spreads to all other DNS servers (instead, other DNS servers check in with yours as needed), and [2] that you do not have control over the amount of time the record is cached (you control the TTL values for all DNS records in your domain, except your NS records and any authoritative DNS servers that use your domain name).
Some resolvers may override TTL values, as the protocol supports caching for up to 68 years or no caching at all. Negative caching (the non-existence of records) is determined by name servers authoritative for a zone which MUST include the Start of Authority (SOA) record when reporting no data of the requested type exists. The MINIMUM field of the SOA record and the TTL of the SOA itself is used to establish the TTL for the negative answer. RFC 2308
Many people incorrectly refer to a mysterious 48 hour or 72 hour propagation time when you make a DNS change. When one changes the NS records for one's domain or the IP addresses for hostnames of authoritative DNS servers using one's domain (if any), there can be a lengthy period of time before all DNS servers use the new information. This is because those records are handled by the zone parent DNS servers (for example, the .com DNS servers if your domain is example.com), which typically cache those records for 48 hours. However, those DNS changes will be immediately available for any DNS servers that do not have them cached. And any DNS changes on your domain other than the NS records and authoritative DNS server names can be nearly instantaneous, if you choose for them to be (by lowering the TTL once or twice ahead of time, and waiting until the old TTL expires before making the change).
In the real world
Users generally do not communicate directly with a DNS resolver. Instead DNS-resolution takes place transparently in client-applications such as web-browsers, mail-clients, and other Internet applications. When an application makes a request which requires a DNS lookup, such programs send a resolution request to the local DNS resolver in the local operating system, which in turn handles the communications required.
The DNS resolver will almost invariably have a cache (see above) containing recent lookups. If the cache can provide the answer to the request, the resolver will return the value in the cache to the program that made the request. If the cache does not contain the answer, the resolver will send the request to one or more designated DNS servers. In the case of most home users, the Internet service provider to which the machine connects will usually supply this DNS server: such a user will either have configured that server's address manually or allowed DHCP to set it; however, where systems administrators have configured systems to use their own DNS servers, their DNS resolvers point to separately maintained nameservers of the organization. In any event, the name server thus queried will follow the process outlined above, until it either successfully finds a result or does not. It then returns its results to the DNS resolver; assuming it has found a result, the resolver duly caches that result for future use, and hands the result back to the software which initiated the request.
Broken resolvers
An additional level of complexity emerges when resolvers violate the rules of the DNS protocol. A number of large ISPs have configured their DNS servers to violate rules (presumably to allow them to run on less-expensive hardware than a fully-compliant resolver), such as by disobeying TTLs, or by indicating that a domain name does not exist just because one of its name servers does not respond.[citation needed]
As a final level of complexity, some applications (such as web-browsers) also have their own DNS cache, in order to reduce the use of the DNS resolver library itself. This practice can add extra difficulty when debugging DNS issues, as it obscures the freshness of data, and/or what data comes from which cache. These caches typically use very short caching times — on the order of one minute. Internet Explorer offers a notable exception: recent versions cache DNS records for half an hour.[1]
Other applications
The system outlined above provides a somewhat simplified scenario. The Domain Name System includes several other functions:
Hostnames and IP addresses do not necessarily match on a one-to-one basis. Many hostnames may correspond to a single IP address: combined with virtual hosting, this allows a single machine to serve many web sites. Alternatively a single hostname may correspond to many IP addresses: this can facilitate fault tolerance and load distribution, and also allows a site to move physical location seamlessly.
There are many uses of DNS besides translating names to IP addresses. For instance, Mail transfer agents use DNS to find out where to deliver e-mail for a particular address. The domain to mail exchanger mapping provided by MX records accommodates another layer of fault tolerance and load distribution on top of the name to IP address mapping.
Sender Policy Framework and DomainKeys instead of creating their own record types were designed to take advantage of another DNS record type, the TXT record.
To provide resilience in the event of computer failure, multiple DNS servers are usually provided for coverage of each domain, and at the top level, thirteen very powerful root servers exist, with additional "copies" of several of them distributed worldwide via Anycast.
Protocol details
DNS primarily uses UDP on port 53 [2] to serve requests. Almost all DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. TCP comes into play only when the response data size exceeds 512 bytes, or for such tasks as zone transfer. Some operating systems such as HP-UX are known to have resolver implementations that use TCP for all queries, even when UDP would suffice.
Extensions to DNS
EDNS is an extension of the DNS protocol which allows the transport over UDP of DNS replies exceeding 512 bytes, and adds support for expanding the space of request and response codes. It is described in RFC 2671.
Standards
A number of the aspects of the Domain name system are specified by an Internet standard. The following is a list of some of the RFCs that pertain to DNS.
RFC 882 Concepts and Facilities (Deprecated by RFC 1034)
RFC 883 Domain Names: Implementation specification (Deprecated by RFC 1035)
RFC 920 Specified original TLDs: .arpa, .com, .edu, .org, .gov, .mil and two-character country codes
RFC 1032 Domain administrators guide
RFC 1033 Domain administrators operations guide
RFC 1034 Domain Names - Concepts and Facilities.
RFC 1035 Domain Names - Implementation and Specification
RFC 1101 DNS Encodings of Network Names and Other Types
RFC 1123 Requirements for Internet Hosts -- Application and Support
RFC 1183 New DNS RR Definitions
RFC 1706 DNS NSAP Resource Records
RFC 1876 Location Information in the DNS (LOC)
RFC 1886 DNS Extensions to support IP version 6
RFC 1912 Common DNS Operational and Configuration Errors
RFC 1995 Incremental Zone Transfer in DNS
RFC 1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
RFC 2136 Dynamic Updates in the domain name system (DNS UPDATE)
RFC 2181 Clarifications to the DNS Specification
RFC 2182 Selection and Operation of Secondary DNS Servers
RFC 2308 Negative Caching of DNS Queries (DNS NCACHE)
RFC 2317 Classless IN-ADDR.ARPA delegation
RFC 2671 Extension Mechanisms for DNS (EDNS0)
RFC 2672 Non-Terminal DNS Name Redirection (DNAME record)
RFC 2782 A DNS RR for specifying the location of services (DNS SRV)
RFC 2845 Secret Key Transaction Authentication for DNS (TSIG)
RFC 2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering
RFC 3403 Dynamic Delegation Discovery System (DDDS) (NAPTR records)
RFC 3696 Application Techniques for Checking and Transformation of Names
RFC 4398 Storing Certificates in the Domain Name System
RFC 4408 Sender Policy Framework (SPF) (SPF records)
Types of DNS records
Main article: List of DNS record types
Important categories of data stored in DNS include the following:
An A record or address record maps a hostname to a 32-bit IPv4 address.
An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.
A CNAME record or canonical name record is an alias of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (such as an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and www.example.com.)
An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address.
An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.
An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
An SRV record is a generalized service location record.
A TXT Record was originally intended to carry arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record is more often used to carry machine-readable data such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework and DomainKeys.
An NAPTR record ("Naming Authority Pointer") is a newer type of DNS record that support regular expression based rewriting.
An SPF record is a new, experimental record used as part of the Sender Policy Framework to identify and reject forged addresses in the 'Return-Path' (aka 'envelope from') address of an email message (common in e-mail spam).
Other types of records are not widely used. For example, a LOC record gives the physical location of a host; a WKS record gives a bit list of well known service (such as HTTP or POP3) running on a given host[3].
Internationalized domain names
Main article: Internationalized domain name
While domain names technically have no restrictions on the characters they use and can include non-ASCII characters, the same is not true for host names.[4] Host names are the names most people see and use for things like e-mail and web browsing. Host names are restricted to a small subset of the ASCII character set that includes the Roman alphabet in upper and lower case, the digits 0 through 9, the dot, and the hyphen. (See RFC 3696 section 2 for details.) This prevented the representation of names and words of many languages natively. ICANN has approved the Punycode-based IDNA system, which maps Unicode strings into the valid DNS character set, as a workaround to this issue. Some registries have adopted IDNA.
Security issues
DNS was not originally designed with security in mind, and thus has a number of security issues.
One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into believing it has received authentic information when, in reality, it has not.
DNS responses are traditionally not cryptographically signed, leading to many attack possibilities; DNSSEC modifies DNS to add support for cryptographically signed responses. There are various extensions to support securing zone transfer information as well.
Even with encryption, a DNS server could become compromised by a virus (or for that matter a disgruntled employee) that would cause IP addresses of that server to be redirected to a malicious address with a long TTL. This could have far-reaching impact to potentially millions of Internet users if busy DNS servers cache the bad IP data. This would require manual purging of all affected DNS caches as required by the long TTL (up to 68 years).
Some domain names can spoof other, similar-looking domain names. For example, "paypal.com" and "paypa1.com" are different names, yet users may be unable to tell the difference when the user's typeface (font) does not clearly differentiate the letter l and the number 1. This problem is much more serious in systems that support internationalized domain names, since many characters that are different, from the point of view of ISO 10646, appear identical on typical computer screens. This vulnerability is often exploited in phishing.
Techniques such as Forward Confirmed reverse DNS can also be used to help validate DNS results.
Legal users of domains
Registrant
Most of the domain name registrars in the world receive an annual fee from a legal user in order for the legal user to utilize the domain name (i.e. a sort of a leasing agreement exists, subject to the registry's terms and conditions). Depending on the various naming conventions of the registries, legal users are commonly known as "registrants" or as "domain holders".
ICANN holds a complete list of domain registries in the world. One can obtain information about the legal user of a domain name by looking in the WHOIS database held by most domain registries.
For most of the more than 240 country code top-level domains (ccTLDs), the domain registries hold the authoritative WHOIS (Registrant, name servers, expiration dates, etc.). For instance, DENIC, Germany NIC, holds the authoritative WHOIS to a .DE domain name. Since about 2001, most gTLD registries (.ORG, .BIZ, .INFO) have adopted this so-called "thick" registry approach, i.e. keeping the authoritative WHOIS in the central registries instead of the registrars.
For .COM and .NET domain names, a "thin" registry is used: the domain registry (e.g. VeriSign) holds a basic WHOIS (registrar and name servers, etc.). One can find the detailed WHOIS (registrant, name servers, expiry dates, etc.) at the registrars.
Some domain name registries, also called Network Information Centres (NIC), also function as registrars, and deal directly with end users. But most of the main ones, such as for .COM, .NET, .ORG, .INFO, etc., use a registry-registrar model. There are hundreds of Domain Name Registrars that actually perform the domain name registration with the end user (see lists at ICANN or VeriSign). By using this method of distribution, the registry only has to manage the relationship with the registrar, and the registrar maintains the relationship with the end users, or 'registrants' -- in some cases through additional layers of resellers.
Administrative contact
- A registrant usually designates an administrative contact to manage the domain name. In practice, the administrative contact usually has the most immediate power over a domain.
- Management functions delegated to the administrative contacts may include (for example):
the obligation to conform to the requirements of the domain registry in order to retain the right to use a domain name
authorization to update the physical address, e-mail address and telephone number etc. in WHOIS
Technical contact
A technical contact manages the name servers of a domain name. The many functions of a technical contact include:
- making sure the configurations of the domain name conforms to the requirements of the domain registry
- updating the domain zone
- providing the 24×7 functionality of the name servers (that leads to the accessibility of the domain name)
Billing contact
The party whom a domain name registrar invoices.
Name servers
Namely the authoritative name servers that host the domain name zone of a domain name.
Politics
Critics commonly claim abuse of domains by monopolies or near-monopolies, such as VeriSign, Inc. Particularly noteworthy was the VeriSign Site Finder system which redirected all unregistered .com and .net domains to a VeriSign webpage. For example, at a public meeting with VeriSign to air technical concerns about SiteFinder [5], numerous people, active in the IETF and other technical bodies, explained how they were surprised by VeriSign's changing the fundamental behavior of a major component of Internet infrastructure, not having obtained the customary consensus. SiteFinder, at first, assumed every Internet query was for a website, and it monetized queries for incorrect domain names, taking the user to VeriSign's search site. Unfortunately, other applications, such as many implementations of email, treat a lack of response to a domain name query as an indication that the domain does not exist, and that the message can be treated as undeliverable. The original VeriSign implementation broke this assumption for mail, because it would always resolve an erroneous domain name to that of SiteFinder. While VeriSign later changed SiteFinder to have this behavior only in response to true Web queries, there was still widespread protest about VeriSign's action being more in its financial interest than in the interest of the Internet infrastructure component for which VeriSign was the steward.
Despite widespread criticism, VeriSign only reluctantly removed it after the Internet Corporation for Assigned Names and Numbers (ICANN) threatened to revoke its contract to administer the root name servers. ICANN published the extensive set of letters exchanged, committee reports, and ICANN decisions [6].
There is also significant disquiet regarding the United States' political influence over ICANN. This was a significant issue in the attempt to create a .xxx top-level domain and sparked greater interest in alternative DNS roots that would be beyond the control of any single country.[citation needed]
Additionally, there are numerous accusations of domain name "front running", whereby registrars, when given whois queries, automatically register the domain name for themselves. Recently, Network Solutions has been accused of this. <http://slashdot.org/article.pl?sid=08/01/08/1920215>
Truth in Domain Names Act
Main article: Anticybersquatting Consumer Protection Act
In the United States, the "Truth in Domain Names Act" (actually the "Anticybersquatting Consumer Protection Act"), in combination with the PROTECT Act, forbids the use of a misleading domain name with the intention of attracting people into viewing a visual depiction of sexually explicit conduct on the Internet.
See also
- Dynamic DNS
- Alternative DNS root
- Comparison of DNS server software
- Round robin DNS
- Split-horizon DNS
References
1. ^ How Internet Explorer uses the cache for DNS host entries. Microsoft (2004). Retrieved on 2006-03-07.
2. ^ Mockapetris, P (November, 1987). RFC1035: Domain Names - Implementation and Specification. Retrieved on 2007-07-31.
3. ^ RFC 1101 mentions the WKS syndrome as an example of structures and methods which can work but do not because of indifference or errors on the part of system administrators when maintaining the database. As an update to RFC 1035, it classifies WKS as an historical attempt without officially deprecating it.
4. ^ The term host name is here being used to mean an FQDN for a host, such as eg. en.wikipedia.org., and not just (to use the same example) en .While most domain names do indeed designate hosts, some domain name DNS entries may not. In this sense, a (FQDN) hostname is a type of domain name, but not all domain names are actual host names. Cf. this host name vs domain name explanation from the DNS OP IETF Working Group.
5. ^ McCullagh, Declan (2003-10-03). VeriSign fends off critics at ICANN confab. CNET News.com. Retrieved on 2007-09-22.
6. ^ Internet Corporation for Assigned Names and Numbers (ICANN). Verisign's Wildcard Service Deployment. Retrieved on 2007-09-22.
External links
- DNS Complexity, Paul Vixie, ACM Queue
- Open Source Guide - DNS for Rocket Scientists, an on-line technical book for further reading
Retrieved from "http://en.wikipedia.org/wiki/Domain_Name_System"
Categories: Internet protocols Domain name system Application layer protocols
(Redirected from Domain name system)
This article may require cleanup to meet Wikipedia's quality standards.Please improve this article if you can. (October 2007)
This article needs additional citations for verification.Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (December 2007)
The Domain Name System (DNS) associates various sorts of information with so-called domain names; most importantly, it serves as the "phone book" for the Internet by translating human-readable computer hostnames, e.g. www.example.com, into the IP addresses, e.g. 208.77.188.166, that networking equipment needs to deliver information. It also stores other information such as the list of mail exchange servers that accept email for a given domain. In providing a worldwide keyword-based redirection service, the Domain Name System is an essential component of contemporary Internet use.
Uses
The most basic task of DNS is to translate hostnames to IP addresses. In very simple terms, it can be compared to a phone book. DNS also has other important uses.
Preeminently, DNS makes it possible to assign Internet names to organizations (or concerns they represent), independently of the physical routing hierarchy represented by the numerical IP address. Because of this, hyperlinks and Internet contact information can remain the same, whatever the current IP routing arrangements may be, and can take a human-readable form (such as "example.com") which is rather easier to remember than the IP address 208.77.188.166. People take advantage of this when they recite meaningful URLs and e-mail addresses without caring how the machine will actually locate them.
The Domain Name System distributes the responsibility for assigning domain names and mapping them to IP networks by allowing an authoritative server for each domain to keep track of its own changes, avoiding the need for a central registrar to be continually consulted and updated.
[edit] History
The practice of using a name as a more human-legible abstraction of a machine's numerical address on the network predates even TCP/IP, and goes all the way to the ARPAnet era. Back then however, a different system was used, as DNS was invented only in 1983, shortly after TCP/IP was deployed. With the older system, each computer on the network retrieved a file called HOSTS.TXT from a computer at SRI (now SRI International). The HOSTS.TXT file mapped numerical addresses to names. A hosts file still exists on most modern operating systems, either by default or through configuration, and allows users to specify an IP address (eg. 192.0.34.166) to use for a hostname (eg. www.example.net) without checking DNS. As of 2006, the hosts file serves primarily for troubleshooting DNS errors or for mapping local addresses to more organic names. Systems based on a hosts file have inherent limitations, because of the obvious requirement that every time a given computer's address changed, every computer that seeks to communicate with it would need an update to its hosts file.
The growth of networking called for a more scalable system: one that recorded a change in a host's address in one place only. Other hosts would learn about the change dynamically through a notification system, thus completing a globally accessible network of all hosts' names and their associated IP Addresses.
At the request of Jon Postel, Paul Mockapetris invented the Domain Name system in 1983 and wrote the first implementation. The original specifications appear in RFC 882 and RFC 883. In November 1987, the publication of RFC 1034 and RFC 1035 updated the DNS specification[1] and made RFC 882 and RFC 883 obsolete. Several more-recent RFCs have proposed various extensions to the core DNS protocols.
In 1984, four Berkeley students — Douglas Terry, Mark Painter, David Riggle and Songnian Zhou — wrote the first UNIX implementation, which was maintained by Ralph Campbell thereafter. In 1985, Kevin Dunlap of DEC significantly re-wrote the DNS implementation and renamed it BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon). Mike Karels, Phil Almquist and Paul Vixie have maintained BIND since then. BIND was ported to the Windows NT platform in the early 1990s.
Due to BIND's long history of security issues and exploits, several alternative nameserver and resolver programs have been written and distributed in recent years.
How DNS works in theory
The domain name space
The domain name space consists of a tree of domain names. Each node or leaf in the tree has one or more resource records, which hold information associated with the domain name. The tree sub-divides into zones. A zone consists of a collection of connected nodes authoritatively served by an authoritative DNS nameserver. (Note that a single nameserver can host several zones.)
When a system administrator wants to let another administrator control a part of the domain name space within his zone of authority, he can delegate control to the other administrator. This splits a part of the old zone off into a new zone, which comes under the authority of the second administrator's nameservers. The old zone ceases to be authoritative for what goes under the authority of the new zone.
Parts of a domain name
A domain name usually consists of two or more parts (technically labels), separated by dots. For example example.com.
The rightmost label conveys the top-level domain (for example, the address www.example.com has the top-level domain com).
Each label to the left specifies a subdivision, or subdomain of the domain above it. Note;"subdomain" expresses relative dependence, not absolute dependence. For example: example.com comprises a subdomain of the com domain, and www.example.com comprises a subdomain of the domain example.com. In theory, this subdivision can go down to 127 levels deep. Each label can contain up to 63 characters. The whole domain name does not exceed a total length of 255 characters. In practice, some domain registries may have shorter limits.
A hostname refers to a domain name that has one or more associated IP addresses; ie: the www.example.com and example.com domains are both hostnames, however, the com domain is not.
DNS servers
The Domain Name System consists of a hierarchical set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it. The hierarchy of authoritative DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root nameservers: the servers to query when looking up (resolving) a top-level domain name (TLD).
DNS resolvers
A resolver looks up the resource record information associated with nodes. A resolver knows how to communicate with name servers by sending DNS queries and heeding DNS responses.
A DNS query may be either a recursive query or a non-recursive query:
A non-recursive query is one where the DNS server may provide a partial answer to the query (or give an error). DNS servers must support non-recursive queries.
A recursive query is one where the DNS server will fully answer the query (or give an error). DNS servers are not required to support recursive queries.
The resolver (or another DNS server acting recursively on behalf of the resolver) negotiates use of recursive service using bits in the query headers.
Resolving usually entails iterating through several name servers to find the needed information. However, some resolvers function simplistically and can only communicate with a single name server. These simple resolvers rely on a recursive query to a recursive name server to perform the work of finding information for them.
Address resolution mechanism
(This description deliberately uses the fictional .example TLD in accordance with the DNS guidelines themselves.)
In theory a full host name may have several name segments, (e.g ahost.ofasubnet.ofabiggernet.inadomain.example). In practice, in the experience of the majority of public users of Internet services, full host names will frequently consist of just three segments (ahost.inadomain.example, and most often www.inadomain.example).
For querying purposes, software interprets the name segment by segment, from right to left, using an iterative search procedure. At each step along the way, the program queries a corresponding DNS server to provide a pointer to the next server which it should consult.
As originally envisaged, the process was as simple as:
the local system is pre-configured with the known addresses of the root servers in a file of root hints, which need to be updated periodically by the local administrator from a reliable source to be kept up to date with the changes which occur over time.
query one of the root servers to find the server authoritative for the next level down (so in the case of our simple hostname, a root server would be asked for the address of a server with detailed knowledge of the example top level domain).
querying this second server for the address of a DNS server with detailed knowledge of the second-level domain (inadomain.example in our example).
repeating the previous step to progress down the name, until the final step which would, rather than generating the address of the next DNS server, return the final address sought.
The diagram illustrates this process for the real host www.wikipedia.org.
The mechanism in this simple form has a difficulty: it places a huge operating burden on the root servers, with each and every search for an address starting by querying one of them. Being as critical as they are to the overall function of the system such heavy use would create an insurmountable bottleneck for trillions of queries placed every day. The section DNS in practice describes how this is addressed.
Circular dependencies and glue records
Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a circular dependency if the nameserver referred to is under the domain that it is authoritative of, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record.
For example, assume that the sub-domain en.wikipedia.org contains further sub-domains (such as something.en.wikipedia.org) and that the authoritative nameserver for these lives at ns1.something.en.wikipedia.org. A computer trying to resolve something.en.wikipedia.org will thus first have to resolve ns1.something.en.wikipedia.org. Since ns1 is also under the something.en.wikipedia.org subdomain, resolving something.en.wikipedia.org requires resolving ns1.something.en.wikipedia.org which is exactly the circular dependency mentioned above. The dependency is broken by the glue record in the nameserver of en.wikipedia.org that provides the IP address of ns1.something.en.wikipedia.org directly to the requestor, enabling it to bootstrap the process by figuring out where ns1.something.en.wikipedia.org is located.
In practice
When an application (such as a web browser) tries to find the IP address of a domain name, it doesn't necessarily follow all of the steps outlined in the Theory section above. We will first look at the concept of caching, and then outline the operation of DNS in "the real world."
Caching and time to live
Because of the huge volume of requests generated by a system like DNS, the designers wished to provide a mechanism to reduce the load on individual DNS servers. To this end, the DNS resolution process allows for caching (i.e. the local recording and subsequent consultation of the results of a DNS query) for a given period of time after a successful answer. How long a resolver caches a DNS response (i.e. how long a DNS response remains valid) is determined by a value called the time to live (TTL). The TTL is set by the administrator of the DNS server handing out the response. The period of validity may vary from just seconds to days or even weeks.
Caching time
As a noteworthy consequence of this distributed and caching architecture, changes to DNS do not always take effect immediately and globally. This is best explained with an example: If an administrator has set a TTL of 6 hours for the host www.wikipedia.org, and then changes the IP address to which www.wikipedia.org resolves at 12:01pm, the administrator must consider that a person who cached a response with the old IP address at 12:00pm will not consult the DNS server again until 6:00pm. The period between 12:01pm and 6:00pm in this example is called caching time, which is best defined as a period of time that begins when you make a change to a DNS record and ends after the maximum amount of time specified by the TTL expires. This essentially leads to an important logistical consideration when making changes to DNS: not everyone is necessarily seeing the same thing you're seeing. RFC 1537 helps to convey basic rules for how to set the TTL.
Note that the term "propagation", although very widely used in this context, does not describe the effects of caching well. Specifically, it implies that [1] when you make a DNS change, it somehow spreads to all other DNS servers (instead, other DNS servers check in with yours as needed), and [2] that you do not have control over the amount of time the record is cached (you control the TTL values for all DNS records in your domain, except your NS records and any authoritative DNS servers that use your domain name).
Some resolvers may override TTL values, as the protocol supports caching for up to 68 years or no caching at all. Negative caching (the non-existence of records) is determined by name servers authoritative for a zone which MUST include the Start of Authority (SOA) record when reporting no data of the requested type exists. The MINIMUM field of the SOA record and the TTL of the SOA itself is used to establish the TTL for the negative answer. RFC 2308
Many people incorrectly refer to a mysterious 48 hour or 72 hour propagation time when you make a DNS change. When one changes the NS records for one's domain or the IP addresses for hostnames of authoritative DNS servers using one's domain (if any), there can be a lengthy period of time before all DNS servers use the new information. This is because those records are handled by the zone parent DNS servers (for example, the .com DNS servers if your domain is example.com), which typically cache those records for 48 hours. However, those DNS changes will be immediately available for any DNS servers that do not have them cached. And any DNS changes on your domain other than the NS records and authoritative DNS server names can be nearly instantaneous, if you choose for them to be (by lowering the TTL once or twice ahead of time, and waiting until the old TTL expires before making the change).
In the real world
Users generally do not communicate directly with a DNS resolver. Instead DNS-resolution takes place transparently in client-applications such as web-browsers, mail-clients, and other Internet applications. When an application makes a request which requires a DNS lookup, such programs send a resolution request to the local DNS resolver in the local operating system, which in turn handles the communications required.
The DNS resolver will almost invariably have a cache (see above) containing recent lookups. If the cache can provide the answer to the request, the resolver will return the value in the cache to the program that made the request. If the cache does not contain the answer, the resolver will send the request to one or more designated DNS servers. In the case of most home users, the Internet service provider to which the machine connects will usually supply this DNS server: such a user will either have configured that server's address manually or allowed DHCP to set it; however, where systems administrators have configured systems to use their own DNS servers, their DNS resolvers point to separately maintained nameservers of the organization. In any event, the name server thus queried will follow the process outlined above, until it either successfully finds a result or does not. It then returns its results to the DNS resolver; assuming it has found a result, the resolver duly caches that result for future use, and hands the result back to the software which initiated the request.
Broken resolvers
An additional level of complexity emerges when resolvers violate the rules of the DNS protocol. A number of large ISPs have configured their DNS servers to violate rules (presumably to allow them to run on less-expensive hardware than a fully-compliant resolver), such as by disobeying TTLs, or by indicating that a domain name does not exist just because one of its name servers does not respond.[citation needed]
As a final level of complexity, some applications (such as web-browsers) also have their own DNS cache, in order to reduce the use of the DNS resolver library itself. This practice can add extra difficulty when debugging DNS issues, as it obscures the freshness of data, and/or what data comes from which cache. These caches typically use very short caching times — on the order of one minute. Internet Explorer offers a notable exception: recent versions cache DNS records for half an hour.[1]
Other applications
The system outlined above provides a somewhat simplified scenario. The Domain Name System includes several other functions:
Hostnames and IP addresses do not necessarily match on a one-to-one basis. Many hostnames may correspond to a single IP address: combined with virtual hosting, this allows a single machine to serve many web sites. Alternatively a single hostname may correspond to many IP addresses: this can facilitate fault tolerance and load distribution, and also allows a site to move physical location seamlessly.
There are many uses of DNS besides translating names to IP addresses. For instance, Mail transfer agents use DNS to find out where to deliver e-mail for a particular address. The domain to mail exchanger mapping provided by MX records accommodates another layer of fault tolerance and load distribution on top of the name to IP address mapping.
Sender Policy Framework and DomainKeys instead of creating their own record types were designed to take advantage of another DNS record type, the TXT record.
To provide resilience in the event of computer failure, multiple DNS servers are usually provided for coverage of each domain, and at the top level, thirteen very powerful root servers exist, with additional "copies" of several of them distributed worldwide via Anycast.
Protocol details
DNS primarily uses UDP on port 53 [2] to serve requests. Almost all DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. TCP comes into play only when the response data size exceeds 512 bytes, or for such tasks as zone transfer. Some operating systems such as HP-UX are known to have resolver implementations that use TCP for all queries, even when UDP would suffice.
Extensions to DNS
EDNS is an extension of the DNS protocol which allows the transport over UDP of DNS replies exceeding 512 bytes, and adds support for expanding the space of request and response codes. It is described in RFC 2671.
Standards
A number of the aspects of the Domain name system are specified by an Internet standard. The following is a list of some of the RFCs that pertain to DNS.
RFC 882 Concepts and Facilities (Deprecated by RFC 1034)
RFC 883 Domain Names: Implementation specification (Deprecated by RFC 1035)
RFC 920 Specified original TLDs: .arpa, .com, .edu, .org, .gov, .mil and two-character country codes
RFC 1032 Domain administrators guide
RFC 1033 Domain administrators operations guide
RFC 1034 Domain Names - Concepts and Facilities.
RFC 1035 Domain Names - Implementation and Specification
RFC 1101 DNS Encodings of Network Names and Other Types
RFC 1123 Requirements for Internet Hosts -- Application and Support
RFC 1183 New DNS RR Definitions
RFC 1706 DNS NSAP Resource Records
RFC 1876 Location Information in the DNS (LOC)
RFC 1886 DNS Extensions to support IP version 6
RFC 1912 Common DNS Operational and Configuration Errors
RFC 1995 Incremental Zone Transfer in DNS
RFC 1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
RFC 2136 Dynamic Updates in the domain name system (DNS UPDATE)
RFC 2181 Clarifications to the DNS Specification
RFC 2182 Selection and Operation of Secondary DNS Servers
RFC 2308 Negative Caching of DNS Queries (DNS NCACHE)
RFC 2317 Classless IN-ADDR.ARPA delegation
RFC 2671 Extension Mechanisms for DNS (EDNS0)
RFC 2672 Non-Terminal DNS Name Redirection (DNAME record)
RFC 2782 A DNS RR for specifying the location of services (DNS SRV)
RFC 2845 Secret Key Transaction Authentication for DNS (TSIG)
RFC 2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering
RFC 3403 Dynamic Delegation Discovery System (DDDS) (NAPTR records)
RFC 3696 Application Techniques for Checking and Transformation of Names
RFC 4398 Storing Certificates in the Domain Name System
RFC 4408 Sender Policy Framework (SPF) (SPF records)
Types of DNS records
Main article: List of DNS record types
Important categories of data stored in DNS include the following:
An A record or address record maps a hostname to a 32-bit IPv4 address.
An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.
A CNAME record or canonical name record is an alias of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (such as an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and www.example.com.)
An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address.
An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.
An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
An SRV record is a generalized service location record.
A TXT Record was originally intended to carry arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record is more often used to carry machine-readable data such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework and DomainKeys.
An NAPTR record ("Naming Authority Pointer") is a newer type of DNS record that support regular expression based rewriting.
An SPF record is a new, experimental record used as part of the Sender Policy Framework to identify and reject forged addresses in the 'Return-Path' (aka 'envelope from') address of an email message (common in e-mail spam).
Other types of records are not widely used. For example, a LOC record gives the physical location of a host; a WKS record gives a bit list of well known service (such as HTTP or POP3) running on a given host[3].
Internationalized domain names
Main article: Internationalized domain name
While domain names technically have no restrictions on the characters they use and can include non-ASCII characters, the same is not true for host names.[4] Host names are the names most people see and use for things like e-mail and web browsing. Host names are restricted to a small subset of the ASCII character set that includes the Roman alphabet in upper and lower case, the digits 0 through 9, the dot, and the hyphen. (See RFC 3696 section 2 for details.) This prevented the representation of names and words of many languages natively. ICANN has approved the Punycode-based IDNA system, which maps Unicode strings into the valid DNS character set, as a workaround to this issue. Some registries have adopted IDNA.
Security issues
DNS was not originally designed with security in mind, and thus has a number of security issues.
One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into believing it has received authentic information when, in reality, it has not.
DNS responses are traditionally not cryptographically signed, leading to many attack possibilities; DNSSEC modifies DNS to add support for cryptographically signed responses. There are various extensions to support securing zone transfer information as well.
Even with encryption, a DNS server could become compromised by a virus (or for that matter a disgruntled employee) that would cause IP addresses of that server to be redirected to a malicious address with a long TTL. This could have far-reaching impact to potentially millions of Internet users if busy DNS servers cache the bad IP data. This would require manual purging of all affected DNS caches as required by the long TTL (up to 68 years).
Some domain names can spoof other, similar-looking domain names. For example, "paypal.com" and "paypa1.com" are different names, yet users may be unable to tell the difference when the user's typeface (font) does not clearly differentiate the letter l and the number 1. This problem is much more serious in systems that support internationalized domain names, since many characters that are different, from the point of view of ISO 10646, appear identical on typical computer screens. This vulnerability is often exploited in phishing.
Techniques such as Forward Confirmed reverse DNS can also be used to help validate DNS results.
Legal users of domains
Registrant
Most of the domain name registrars in the world receive an annual fee from a legal user in order for the legal user to utilize the domain name (i.e. a sort of a leasing agreement exists, subject to the registry's terms and conditions). Depending on the various naming conventions of the registries, legal users are commonly known as "registrants" or as "domain holders".
ICANN holds a complete list of domain registries in the world. One can obtain information about the legal user of a domain name by looking in the WHOIS database held by most domain registries.
For most of the more than 240 country code top-level domains (ccTLDs), the domain registries hold the authoritative WHOIS (Registrant, name servers, expiration dates, etc.). For instance, DENIC, Germany NIC, holds the authoritative WHOIS to a .DE domain name. Since about 2001, most gTLD registries (.ORG, .BIZ, .INFO) have adopted this so-called "thick" registry approach, i.e. keeping the authoritative WHOIS in the central registries instead of the registrars.
For .COM and .NET domain names, a "thin" registry is used: the domain registry (e.g. VeriSign) holds a basic WHOIS (registrar and name servers, etc.). One can find the detailed WHOIS (registrant, name servers, expiry dates, etc.) at the registrars.
Some domain name registries, also called Network Information Centres (NIC), also function as registrars, and deal directly with end users. But most of the main ones, such as for .COM, .NET, .ORG, .INFO, etc., use a registry-registrar model. There are hundreds of Domain Name Registrars that actually perform the domain name registration with the end user (see lists at ICANN or VeriSign). By using this method of distribution, the registry only has to manage the relationship with the registrar, and the registrar maintains the relationship with the end users, or 'registrants' -- in some cases through additional layers of resellers.
Administrative contact
- A registrant usually designates an administrative contact to manage the domain name. In practice, the administrative contact usually has the most immediate power over a domain.
- Management functions delegated to the administrative contacts may include (for example):
the obligation to conform to the requirements of the domain registry in order to retain the right to use a domain name
authorization to update the physical address, e-mail address and telephone number etc. in WHOIS
Technical contact
A technical contact manages the name servers of a domain name. The many functions of a technical contact include:
- making sure the configurations of the domain name conforms to the requirements of the domain registry
- updating the domain zone
- providing the 24×7 functionality of the name servers (that leads to the accessibility of the domain name)
Billing contact
The party whom a domain name registrar invoices.
Name servers
Namely the authoritative name servers that host the domain name zone of a domain name.
Politics
Critics commonly claim abuse of domains by monopolies or near-monopolies, such as VeriSign, Inc. Particularly noteworthy was the VeriSign Site Finder system which redirected all unregistered .com and .net domains to a VeriSign webpage. For example, at a public meeting with VeriSign to air technical concerns about SiteFinder [5], numerous people, active in the IETF and other technical bodies, explained how they were surprised by VeriSign's changing the fundamental behavior of a major component of Internet infrastructure, not having obtained the customary consensus. SiteFinder, at first, assumed every Internet query was for a website, and it monetized queries for incorrect domain names, taking the user to VeriSign's search site. Unfortunately, other applications, such as many implementations of email, treat a lack of response to a domain name query as an indication that the domain does not exist, and that the message can be treated as undeliverable. The original VeriSign implementation broke this assumption for mail, because it would always resolve an erroneous domain name to that of SiteFinder. While VeriSign later changed SiteFinder to have this behavior only in response to true Web queries, there was still widespread protest about VeriSign's action being more in its financial interest than in the interest of the Internet infrastructure component for which VeriSign was the steward.
Despite widespread criticism, VeriSign only reluctantly removed it after the Internet Corporation for Assigned Names and Numbers (ICANN) threatened to revoke its contract to administer the root name servers. ICANN published the extensive set of letters exchanged, committee reports, and ICANN decisions [6].
There is also significant disquiet regarding the United States' political influence over ICANN. This was a significant issue in the attempt to create a .xxx top-level domain and sparked greater interest in alternative DNS roots that would be beyond the control of any single country.[citation needed]
Additionally, there are numerous accusations of domain name "front running", whereby registrars, when given whois queries, automatically register the domain name for themselves. Recently, Network Solutions has been accused of this. <http://slashdot.org/article.pl?sid=08/01/08/1920215>
Truth in Domain Names Act
Main article: Anticybersquatting Consumer Protection Act
In the United States, the "Truth in Domain Names Act" (actually the "Anticybersquatting Consumer Protection Act"), in combination with the PROTECT Act, forbids the use of a misleading domain name with the intention of attracting people into viewing a visual depiction of sexually explicit conduct on the Internet.
See also
- Dynamic DNS
- Alternative DNS root
- Comparison of DNS server software
- Round robin DNS
- Split-horizon DNS
References
1. ^ How Internet Explorer uses the cache for DNS host entries. Microsoft (2004). Retrieved on 2006-03-07.
2. ^ Mockapetris, P (November, 1987). RFC1035: Domain Names - Implementation and Specification. Retrieved on 2007-07-31.
3. ^ RFC 1101 mentions the WKS syndrome as an example of structures and methods which can work but do not because of indifference or errors on the part of system administrators when maintaining the database. As an update to RFC 1035, it classifies WKS as an historical attempt without officially deprecating it.
4. ^ The term host name is here being used to mean an FQDN for a host, such as eg. en.wikipedia.org., and not just (to use the same example) en .While most domain names do indeed designate hosts, some domain name DNS entries may not. In this sense, a (FQDN) hostname is a type of domain name, but not all domain names are actual host names. Cf. this host name vs domain name explanation from the DNS OP IETF Working Group.
5. ^ McCullagh, Declan (2003-10-03). VeriSign fends off critics at ICANN confab. CNET News.com. Retrieved on 2007-09-22.
6. ^ Internet Corporation for Assigned Names and Numbers (ICANN). Verisign's Wildcard Service Deployment. Retrieved on 2007-09-22.
External links
- DNS Complexity, Paul Vixie, ACM Queue
- Open Source Guide - DNS for Rocket Scientists, an on-line technical book for further reading
Retrieved from "http://en.wikipedia.org/wiki/Domain_Name_System"
Categories: Internet protocols Domain name system Application layer protocols
สมัครสมาชิก:
บทความ (Atom)