%!PS-Adobe-2.0
%%Creator: dvips 5.485 Copyright 1986-92 Radical Eye Software
%%Title: 94-028.dvi
%%Pages: 97 1
%%BoundingBox: 0 0 612 792
%%EndComments
%DVIPSCommandLine: /usr/local/tex/dvips 94-028.dvi
%%BeginProcSet: tex.pro
/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N /X{S N}
B /TR{translate}N /isls false N /vsize 11 72 mul N /@rigin{isls{[0 -1 1 0 0 0]
concat}if 72 Resolution div 72 VResolution div neg scale isls{Resolution hsize
-72 div mul 0 TR}if Resolution VResolution vsize -72 div 1 add mul TR matrix
currentmatrix dup dup 4 get round 4 exch put dup dup 5 get round 5 exch put
setmatrix}N /@landscape{/isls true N}B /@manualfeed{statusdict /manualfeed
true put}B /@copies{/#copies X}B /FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N
/IE 0 N /ctr 0 N /df-tail{/nn 8 dict N nn begin /FontType 3 N /FontMatrix
fntrx N /FontBBox FBB N string /base X array /BitMaps X /BuildChar{
CharBuilder}N /Encoding IE N end dup{/foo setfont}2 array copy cvx N load 0 nn
put /ctr 0 N[}B /df{/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0
0 sf neg 0 0]N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data
dup length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{128
ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub get 127
sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data dup type
/stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N /rc 0 N /gp 0 N
/cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup /base get 2 index get
S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx 0 ch-xoff ch-yoff ch-height
sub ch-xoff ch-width add ch-yoff setcachedevice ch-width ch-height true[1 0 0
-1 -.1 ch-xoff sub ch-yoff .1 add]{ch-image}imagemask restore}B /D{/cc X dup
type /stringtype ne{]}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1
ne{dup dup length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}
B /I{cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
0 0 moveto pop}N /eop{SI restore showpage userdict /eop-hook known{eop-hook}
if}N /@start{userdict /start-hook known{start-hook}if /VResolution X
/Resolution X 1000 div /DVImag X /IE 256 array N 0 1 255{IE S 1 string dup 0 3
index put cvn put}for 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N
/RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X
/rulex X V}B /V statusdict begin /product where{pop product dup length 7 ge{0
7 getinterval(Display)eq}{pop false}ifelse}{false}ifelse end{{gsave TR -.1 -.1
TR 1 1 scale rulex ruley false RMat{BDot}imagemask grestore}}{{gsave TR -.1
-.1 TR rulex ruley scale 1 1 false RMat{BDot}imagemask grestore}}ifelse B /a{
moveto}B /delta 0 N /tail{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{
S p tail}B /c{-4 M}B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B
/j{3 M}B /k{4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w
}B /q{p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p
a}B /bos{/SS save N}B /eos{SS restore}B end
%%EndProcSet
%%BeginProcSet: special.pro
TeXDict begin /SDict 200 dict N SDict begin /@SpecialDefaults{/hs 612 N /vs
792 N /ho 0 N /vo 0 N /hsc 1 N /vsc 1 N /ang 0 N /CLIP 0 N /rwiSeen false N
/rhiSeen false N /letter{}N /note{}N /a4{}N /legal{}N}B /@scaleunit 100 N
/@hscale{@scaleunit div /hsc X}B /@vscale{@scaleunit div /vsc X}B /@hsize{/hs
X /CLIP 1 N}B /@vsize{/vs X /CLIP 1 N}B /@clip{/CLIP 2 N}B /@hoffset{/ho X}B
/@voffset{/vo X}B /@angle{/ang X}B /@rwi{10 div /rwi X /rwiSeen true N}B /@rhi
{10 div /rhi X /rhiSeen true N}B /@llx{/llx X}B /@lly{/lly X}B /@urx{/urx X}B
/@ury{/ury X}B /magscale true def end /@MacSetUp{userdict /md known{userdict
/md get type /dicttype eq{userdict begin md length 10 add md maxlength ge{/md
md dup length 20 add dict copy def}if end md begin /letter{}N /note{}N /legal{
}N /od{txpose 1 0 mtx defaultmatrix dtransform S atan/pa X newpath clippath
mark{transform{itransform moveto}}{transform{itransform lineto}}{6 -2 roll
transform 6 -2 roll transform 6 -2 roll transform{itransform 6 2 roll
itransform 6 2 roll itransform 6 2 roll curveto}}{{closepath}}pathforall
newpath counttomark array astore /gc xdf pop ct 39 0 put 10 fz 0 fs 2
F/|______Courier fnt invertflag{PaintBlack}if}N /txpose{pxs pys scale ppr
aload pop por{noflips{pop S neg S TR pop 1 -1 scale}if xflip yflip and{pop S
neg S TR 180 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0
get neg sub neg TR}if xflip yflip not and{pop S neg S TR pop 180 rotate ppr 3
get ppr 1 get neg sub neg 0 TR}if yflip xflip not and{ppr 1 get neg ppr 0 get
neg TR}if}{noflips{TR pop pop 270 rotate 1 -1 scale}if xflip yflip and{TR pop
pop 90 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 get
neg sub neg TR}if xflip yflip not and{TR pop pop 90 rotate ppr 3 get ppr 1 get
neg sub neg 0 TR}if yflip xflip not and{TR pop pop 270 rotate ppr 2 get ppr 0
get neg sub neg 0 S TR}if}ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3
1 roll add 2 div 2 copy TR .96 dup scale neg S neg S TR}if}N /cp{pop pop
showpage pm restore}N end}if}if}N /normalscale{Resolution 72 div VResolution
72 div neg scale magscale{DVImag dup scale}if 0 setgray}N /psfts{S 65781.76
div N}N /startTexFig{/psf$SavedState save N userdict maxlength dict begin
/magscale false def normalscale currentpoint TR /psf$ury psfts /psf$urx psfts
/psf$lly psfts /psf$llx psfts /psf$y psfts /psf$x psfts currentpoint /psf$cy X
/psf$cx X /psf$sx psf$x psf$urx psf$llx sub div N /psf$sy psf$y psf$ury
psf$lly sub div N psf$sx psf$sy scale psf$cx psf$sx div psf$llx sub psf$cy
psf$sy div psf$ury sub TR /showpage{}N /erasepage{}N /copypage{}N /p 3 def
@MacSetUp}N /doclip{psf$llx psf$lly psf$urx psf$ury currentpoint 6 2 roll
newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S lineto S lineto closepath
clip newpath moveto}N /endTexFig{end psf$SavedState restore}N /@beginspecial{
SDict begin /SpecialSave save N gsave normalscale currentpoint TR
@SpecialDefaults count /ocount X /dcount countdictstack N}N /@setspecial{CLIP
1 eq{newpath 0 0 moveto hs 0 rlineto 0 vs rlineto hs neg 0 rlineto closepath
clip}if ho vo TR hsc vsc scale ang rotate rwiSeen{rwi urx llx sub div rhiSeen{
rhi ury lly sub div}{dup}ifelse scale llx neg lly neg TR}{rhiSeen{rhi ury lly
sub div dup scale llx neg lly neg TR}if}ifelse CLIP 2 eq{newpath llx lly
moveto urx lly lineto urx ury lineto llx ury lineto closepath clip}if
/showpage{}N /erasepage{}N /copypage{}N newpath}N /@endspecial{count ocount
sub{pop}repeat countdictstack dcount sub{end}repeat grestore SpecialSave
restore end}N /@defspecial{SDict begin}N /@fedspecial{end}B /li{lineto}B /rl{
rlineto}B /rc{rcurveto}B /np{/SaveX currentpoint /SaveY X N 1 setlinecap
newpath}N /st{stroke SaveX SaveY moveto}N /fil{fill SaveX SaveY moveto}N
/ellipse{/endangle X /startangle X /yrad X /xrad X /savematrix matrix
currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix
setmatrix}N end
%%EndProcSet
TeXDict begin 40258431 52099146 1000 300 300 @start /Fa 61
124 df<00000FE0000030180000E01C0001C03C0001803C000380380003800000038000000700
0000070000000700000007000000070000000E000000FFFFE0000E00E0000E00E0000E01C0001C
01C0001C01C0001C01C0001C0380001C0380003803800038038000380700003807000038070000
70070800700E1000700E1000700E1000700E2000E0062000E003C000E0000000E0000000C00000
01C0000001C0000071800000F1800000F3000000620000003C0000001E2D82A21B>12
D<0007800000001C6003800030100780006010078000E010038000C010010001C07001000380F0
02000380F002000380600400070000080007000010000700006000073C00A00007E20310000781
041000070108080007011008000F022008001F842008001C782C08003C003E080038003E080078
001C0800780000080078000008007000001000F000001000700000200070000020007800004000
380000800038000100001C000200000E000C00000380700000007F80000021257BA325>38
D<0C1E3F3F1D02020204040810204080080F75A20F>I<0E1E1E1E1E0202040408081020408007
0F7D840F>44 D<FFF0FFF0FFE00C037C8B11>I<70F8F8F0E005057A840F>I<0000000800000018
000000300000003000000060000000C0000000C000000180000001800000030000000600000006
0000000C0000000C0000001800000030000000300000006000000060000000C000000180000001
800000030000000300000006000000060000000C00000018000000180000003000000030000000
60000000C0000000C0000001800000018000000300000006000000060000000C0000000C000000
1800000030000000300000006000000060000000C0000000C0000000800000001D317FA419>I<
000F800030C000E06001C0700380700300700700700F00700E00701E00701E00701C00F03C00F0
3C00F03C00F07801E07801E07801E07801E0F003C0F003C0F003C0F00380E00780E00780E00700
E00F00E00E00E01C00E01C00E0380060700030E0001F000014227AA019>I<0001000300030006
001E002E03CE001C001C001C001C0038003800380038007000700070007000E000E000E000E001
C001C001C001C003800380038003800780FFFC10217AA019>I<000FC000106000603800801800
801C01001C02201E02101E04101E04101E04101E08203C08203C0840380840780880F00700E000
01C000030000060000180000200000C0000100000200000400100800301000202000605F80C063
FFC040FF80807F00801E0017227CA019>I<000FC000307000C01801001C02001C04000C04401C
08201C08201C08201C08403808C0380700700000600001C000070000FC00000700000380000380
0001C00001C00001C00003C06003C0F003C0F00380E00780800700800E00801C0040380020F000
1F800016227BA019>I<0000180000380000380000700000700000700000E00000E00000E00000
C00001C0000180000380000300000300000600000600000C00000C000018000010000031800061
C00043800083800183800303800207000407000807003FC700403E00800FF0000E00000E00001C
00001C00001C00001C00003800003800003800003000152B7EA019>I<00400400703800FFF000
FFE000BF80008000010000010000010000010000020000020000023E0002C3000501800601C004
01C00001E00001E00001E00001E00001E00001E07003C0F003C0F003C0E00780800700800F0080
0E00401C0040380030E0000F800016227BA019>I<000FC000306000401000801801000803000C
03000C06001807001807001007003007C06007E0C003F18001FE0000FC0000FE00033F00061F80
0C07C01803C03001C06001C06000C0C000C0C000C0C00080C00180C00100C00200C00600600800
3030000FC00016227BA019>56 D<000FC000386000703000E03001C0380380380780380700380F
00380F00380F00381E00781E00781E00781E00F81E00F01C00F00E01F00E02F00605E00309E001
F1E00003C00003C0000380000700000700600E00F00C00F01800E0300080600041C0003F000015
227BA019>I<07000F800F800F000E000000000000000000000000000000000000000000000070
00F800F800F000E00009157A940F>I<0000030000000300000007000000070000000F0000000F
0000001F0000002F0000002F0000004F0000004F80000087800000878000010780000207800002
078000040780000407800008078000080780001007800030078000200780007FFF80004007C000
8007C0008003C0010003C0030003C0020003C0040003C0040003C00C0003C03C0007C0FF003FFC
1E237DA224>65 D<00FFFFE0000F0038000F001C000F001E001E000E001E000F001E000F001E00
0F003C000E003C001E003C001E003C003C00780078007800F0007801E00078078000FFFF8000F0
01E000F000F000F0007801E0007801E0003801E0003C01E0003C03C0007803C0007803C0007803
C000F0078000F0078001E0078003C0078007000F801E00FFFFF00020227DA122>I<00007F0080
0003808100000E00630000380027000070001F0000E0000E0001C0000E000380000E000700000E
000F000004000E000004001E000004003C000004003C0000080078000000007800000000780000
0000F000000000F000000000F000000000F000000000F000000000E000000000E000002000E000
002000E000004000E000004000F00000800070000080007000010000380002000018000400001C
0008000006003000000381C0000000FE000000212479A223>I<00FFFFF000000F003C00000F00
0E00000F000700001E000380001E000380001E0001C0001E0001C0003C0001C0003C0001E0003C
0001E0003C0001E000780001E000780001E000780001E000780001E000F00003C000F00003C000
F00003C000F00003C001E000078001E000078001E000070001E0000F0003C0000E0003C0001C00
03C0003C0003C00038000780007000078000E000078001C00007800700000F801C0000FFFFF000
0023227DA125>I<00FFFFFF80000F000780000F000180000F000180001E000180001E00018000
1E000100001E000100003C000100003C000100003C010100003C01000000780200000078020000
007806000000780E000000FFFC000000F00C000000F00C000000F00C000001E008000001E00800
0001E008040001E000080003C000080003C000080003C000100003C00010000780002000078000
6000078000C000078001C0000F8007C000FFFFFF800021227DA121>I<00FFFFFF000F000F000F
0003000F0003001E0003001E0003001E0002001E0002003C0002003C0002003C0102003C010000
780200007802000078060000780E0000FFFC0000F00C0000F00C0000F00C0001E0080001E00800
01E0080001E0000003C0000003C0000003C0000003C00000078000000780000007800000078000
000F800000FFFC000020227DA120>I<00007F00800003808100000E0063000038002700007000
1F0000E0000E0001C0000E000380000E000700000E000F000004000E000004001E000004003C00
0004003C00000800780000000078000000007800000000F000000000F000000000F000000000F0
00000000F0003FFC00E00001E000E00001E000E00001E000E00003C000E00003C000F00003C000
700003C0007000078000380007800018000F80001C0013800006002300000381C1000000FE0000
00212479A226>I<00FFF87FFC000F000780000F000780000F000780001E000F00001E000F0000
1E000F00001E000F00003C001E00003C001E00003C001E00003C001E000078003C000078003C00
0078003C000078003C0000FFFFF80000F000780000F000780000F000780001E000F00001E000F0
0001E000F00001E000F00003C001E00003C001E00003C001E00003C001E000078003C000078003
C000078003C000078003C0000F8007C000FFF87FFC0026227DA124>I<00FFF8000F00000F0000
0F00001E00001E00001E00001E00003C00003C00003C00003C0000780000780000780000780000
F00000F00000F00000F00001E00001E00001E00001E00003C00003C00003C00003C00007800007
80000780000780000F8000FFF80015227DA113>I<00FFF807FC000F0001E0000F0001C0000F00
0100001E000200001E000400001E001000001E002000003C004000003C008000003C010000003C
04000000780800000078180000007838000000787C000000F0BC000000F23C000000F41E000000
F81E000001F01F000001E00F000001E00F000001E00F800003C007800003C007800003C003C000
03C003C000078003C000078001E000078001E000078001E0000F8001F000FFF80FFE0026227DA1
25>75 D<00FF800007FC000F80000F80000F80001780000F80001780001780002F000013C0002F
000013C0004F000013C0008F000023C0009E000023C0011E000023C0011E000023C0021E000043
C0043C000043C0043C000043C0083C000041E0083C000081E01078000081E02078000081E02078
000081E04078000101E040F0000101E080F0000101E100F0000101E100F0000200F201E0000200
F201E0000200F401E0000200F801E0000400F803C0000400F003C0000400F003C0000C00E003C0
001E00C007C000FFC0C07FFC002E227DA12C>77 D<00FF000FFC000F8001E0000F800180000FC0
00800013C001000013C001000011E001000011E001000021E002000020F002000020F002000020
F0020000407804000040780400004078040000403C040000803C080000803E080000801E080000
801E080001001F100001000F100001000F10000100079000020007A000020007A000020003E000
020003E000040003C000040001C000040001C0000C0001C0001E00008000FFC000800026227DA1
24>I<0000FE0000078380000C00E0003800700070003800E0003801C0001C0380001C0700001C
0F00001E1E00001E1C00001E3C00001E3C00001E7800001E7800001E7800001EF000003CF00000
3CF000003CF0000078F0000078E0000078E00000F0E00000F0E00001E0E00001C0F00003C0F000
07807000070078000E0038001C001C0038000E00E0000703800001FC00001F2479A225>I<00FF
FFE0000F0038000F001E000F000E001E0007001E0007001E0007001E0007003C000F003C000F00
3C000F003C001E0078001E0078003C00780078007800E000F003C000FFFE0000F0000000F00000
01E0000001E0000001E0000001E0000003C0000003C0000003C0000003C0000007800000078000
0007800000078000000F800000FFF8000020227DA121>I<00FFFFC0000F0070000F003C000F00
1C001E000E001E000E001E000F001E000F003C001E003C001E003C001E003C003C007800380078
0070007801E00078078000FFFC0000F00E0000F0070000F0038001E003C001E003C001E003C001
E003C003C0078003C0078003C0078003C0078007800F0007800F0107800F01078007020F800702
FFF8038C000000F020237DA124>82 D<0001F020000E0C40001802C0003001C0006001C000E001
8000C0018001C0018001C0018003C0010003C0010003C0000003C0000003E0000001F8000001FF
000000FFE000007FF000001FF8000003FC0000007C0000003C0000001E0000001E0000001E0020
001C0020001C0020001C00200018006000380060003000700060007000C000C8018000C6070000
81FC00001B247DA21B>I<1FFFFFF81E03C0381803C0183003C018200780182007801840078010
40078010400F0010800F0010800F0010000F0000001E0000001E0000001E0000001E0000003C00
00003C0000003C0000003C00000078000000780000007800000078000000F0000000F0000000F0
000000F0000001E0000001E0000001E0000001E0000003E00000FFFF00001D2277A123>I<3FFE
03FF03C0007803C0006003C00020078000400780004007800040078000400F0000800F0000800F
0000800F0000801E0001001E0001001E0001001E0001003C0002003C0002003C0002003C000200
7800040078000400780004007800040070000800F0000800F00010007000100070002000700040
003000400038018000180200000E0C000003F00000202377A124>I<FFF03FF80FF81F0007C003
C01E00078001801E00078001001E00078002001E000F8002001E000F8004001F00178004001F00
178008000F00278008000F00278010000F00478010000F00C78020000F00878020000F01078040
000F010780C0000F02078080000F02078100000F04078100000F0407C200000F0807C200000F08
03C400000F1003C400000F1003C800000F2003C800000F2003D000000F4003D000000FC003E000
000F8003E000000F0003C000000F00038000000E00038000000E00030000000C00030000000C00
020000002D2376A131>87 D<007FF81FF8000FC007C000078003000007C002000003C004000003
C008000003E010000001E030000001E020000001F040000000F080000000F100000000FA000000
007C000000007C000000007C000000003C000000003C000000007E000000009E000000011E0000
00031F000000060F000000040F000000080F80000010078000002007C000004007C00000C003C0
00018003E000010001E000070001E0001F0003F000FFC01FFE0025227EA124>I<00F8C00185C0
0705C00E03800E03801C03803C0380380700780700780700780700F00E00F00E00F00E00F00E10
F01C20701C20703C20305C40308C400F078014157B9419>97 D<03C03F80038003800380070007
00070007000E000E000E000E001C001CF81D0C1E0E3C0638073807380F700F700F700F700FE01E
E01EE01EE03CE038E038607060E031C01F0010237BA216>I<007E0001C1000301800703800E07
801C07803C0000380000780000780000780000F00000F00000F00000F00000F001007001007002
00300C001830000FC00011157B9416>I<00003C0003F800003800003800003800007000007000
00700000700000E00000E00000E00000E00001C000F9C00185C00705C00E03800E03801C03803C
0380380700780700780700780700F00E00F00E00F00E00F00E10F01C20701C20703C20305C4030
8C400F078016237BA219>I<00F803840E021C023C0238027804F018FFE0F000F000E000E000E0
00E000E002E0026004701830600F800F157A9416>I<00003E0000470000CF00018F0001860003
80000380000380000700000700000700000700000700000E0000FFF0000E00000E00000E00001C
00001C00001C00001C00001C000038000038000038000038000038000070000070000070000070
0000700000E00000E00000E00000E00000C00001C00001C000718000F18000F300006200003C00
00182D82A20F>I<001F180030B800E0B801C07001C0700380700780700700E00F00E00F00E00F
00E01E01C01E01C01E01C01E01C01E03800E03800E0780060B8006170001E70000070000070000
0E00000E00000E00701C00F01800F0300060E0003F8000151F7E9416>I<00F0000FE00000E000
00E00000E00001C00001C00001C00001C000038000038000038000038000070000071F00072180
07C0C00F00E00F00E00E00E00E00E01C01C01C01C01C01C01C01C0380380380380380380380704
700708700E08700E10700610E006206003C016237DA219>I<00C001E001C001C0000000000000
000000000000000000001C002300430043008700870087000E000E001C001C001C003800380038
40708070807080710032001C000B217BA00F>I<00F0000FE00000E00000E00000E00001C00001
C00001C00001C0000380000380000380000380000700000701E0070210070C700E10F00E10F00E
20600E40001D80001E00001FC0001C7000383800383800381C00381C2070384070384070384070
1880E01880600F0014237DA216>107 D<01E01FC001C001C001C0038003800380038007000700
070007000E000E000E000E001C001C001C001C0038003800380038007000700070007100E200E2
00E200E200640038000B237CA20C>I<1C0F80F8002610C10C0047606606008780780700878078
0700870070070087007007000E00E00E000E00E00E000E00E00E000E00E00E001C01C01C001C01
C01C001C01C01C001C01C038203803803840380380704038038070803803803080700700310030
03001E0023157B9428>I<1C0F002631C04740C08780E08780E08700E08700E00E01C00E01C00E
01C00E01C01C03801C03801C03801C0704380708380E08380E103806107006203003C016157B94
1B>I<007E0001C3000381800701C00E01C01C01E03C01E03801E07801E07801E07801E0F003C0
F003C0F00380F00780700700700E00700C0030180018700007C00013157B9419>I<01C1F00262
1804741C08780C08700E08700E08701E00E01E00E01E00E01E00E01E01C03C01C03C01C03C01C0
7803807003807003C0E003C1C0072380071E000700000700000E00000E00000E00000E00001C00
001C00001C0000FFC000171F7F9419>I<00F8400184C00705C00E03800E03801C03803C038038
0700780700780700780700F00E00F00E00F00E00F00E00F01C00701C00703C00305C0030B8000F
380000380000380000700000700000700000700000E00000E00000E0000FFE00121F7B9416>I<
1C1F002620804741C08783C08703C08701808700000E00000E00000E00000E00001C00001C0000
1C00001C000038000038000038000038000070000030000012157B9415>I<00FC000183000200
800401800C03800C03000C00000F00000FF00007FC0003FE00003E00000F00000700700700F006
00F00600E004004008002030001FC00011157D9414>I<00C001C001C001C001C0038003800380
03800700FFF8070007000E000E000E000E001C001C001C001C0038003800380038107020702070
40708031001E000D1F7C9E10>I<1E00602300E04380E04381C08381C08701C08701C00703800E
03800E03800E03801C07001C07001C07001C07081C0E10180E101C0E101C1E200C262007C3C015
157B941A>I<1E03802307C04387C04383C08381C08700C08700C00700800E00800E00800E0080
1C01001C01001C01001C02001C02001C04001C08001C08000C300003C00012157B9416>I<1E00
60E02300E1F04380E1F04381C0F08381C0708701C0308701C030070380200E0380200E0380200E
0380201C0700401C0700401C0700401C0700801C0700801C0701001C0F01000C0F020006138C00
03E0F0001C157B9420>I<1E00302300704380704380E08380E08700E08700E00701C00E01C00E
01C00E01C01C03801C03801C03801C03801C07001C07001C07001C0F000C3E0003CE00000E0000
0E00001C00601C00F03800F03000E0600080C0004380003E0000141F7B9418>121
D<01E02003F06007F8C0041F800801000802000004000008000010000020000040000080000100
000200000400800801001003003F060061FC0040F80080700013157D9414>I<FFFFFC16017C8C
19>I E /Fb 15 119 df<40E04003037D8209>58 D<01F90607080310021002100018000F8003
F0003800080008400840084010E0609F8010117D9013>83 D<072018E0306060606060C0C0C0C0
C0C841C862D03C700D0B7E8A11>97 D<780018001800300030003000370078C0604060606060C0
C0C0C0C0C0418063003C000B117E900E>I<007800180018003000300030073018E03060606060
60C0C0C0C0C0C841C862D03C700D117E9010>100 D<07801840304060407F80C000C000C00040
2020C01F000B0B7E8A0F>I<040C0000000000705898983030606464683006127E910B>105
D<71F1F09A1A189C1C18981818181818303030303030303032303062606064606038170B7E8A1B
>109 D<71F09A189C18981818183030303030323062606460380F0B7E8A13>I<07C01820303060
106018C030C030C020406021801F000D0B7E8A0F>I<1C70278C2604260606060C0C0C0C0C0C0C
181E3019C01800180030003000FC000F10808A10>I<73C09C2098609800180030003000300030
00600060000B0B7E8A0E>114 D<0F001080218020003E001F0001808080C00083007C00090B7D
8A0F>I<381048308C309830183030603060306430E431E80E380E0B7E8A12>117
D<386048608C2098201820304030403040308011000E000B0B7E8A10>I
E /Fc 1 49 df<060F0F0E1E1E1C3C383830707060E0C04008117F910A>48
D E /Fd 17 120 df<60F0F06004047D830A>58 D<0008001800300030003000600060006000C0
00C000C0018001800180030003000600060006000C000C000C0018001800180030003000300060
0060006000C000C0000D217E9812>61 D<07FE03F800E001C000E0010000E0020000E0080001C0
100001C0200001C0800001C1000003830000038F00000393800003A380000781C0000701C00007
00E0000700E0000E0070000E0070000E0038000E0038001C003C00FF80FF001D177F961E>75
D<003E1000C1A00100E00200600600600C00400C00400E00000F000007E00007FC0001FE00003F
00000780000380000380200180400300400300600600600400D8180087E00014177E9615>83
D<7C0018001800180018003000300030003000678068C070406060C060C060C060C06080C080C0
8180C10046003C000B177E960F>98 D<003E000C000C000C000C0018001800180018073018F030
7060706060C060C060C06080C080C480C4C1C446C838700F177E9612>100
D<07C01C20301060106020FFC0C000C000C000C000C010402060C01F000C0E7E8D10>I<1F0006
000600060006000C000C000C000C0018F01B181C08180838183018301830306030603160616062
C022C03C10177E9614>104 D<0300038003000000000000000000000000001C00240046004600
8C000C0018001800180031003100320032001C0009177F960C>I<383C0044C600470200460200
8E06000C06000C06000C0C00180C00180C40181840181880300880300F00120E7F8D15>110
D<07C00C20101020186018C018C018C01880308030C060C0C061803E000D0E7E8D11>I<1C3C22
462382230346030603060306030C060C060C0C0C081A3019E018001800300030003000FC001014
808D12>I<38F04518463846308C000C000C000C001800180018001800300030000D0E7F8D10>
114 D<030003000600060006000600FFC00C000C000C0018001800180018003000308030803100
31001E000A147F930D>116 D<1C0200260600460600460600860C000C0C000C0C000C0C001818
001818801818801838800C5900078E00110E7F8D14>I<1C04260E4606460686040C040C040C04
18081808181018100C6007800F0E7F8D11>I<1C020426060E460606460606860C040C0C040C0C
040C0C041818081818081818100818100C2C2003C7C0170E7F8D19>I E
/Fe 3 67 df<1F00618040C08060C0600060006000C00180030006000C00102020207FC0FFC00B
107F8F0F>50 D<00C00000C00000C000016000016000023000023000023000041800041800080C
000FFC00080C00100600100600300700FC1FC012117F9016>65 D<FFF8180C1806180318031803
1806181C1FFC180618031803180318031806180EFFF810117F9015>I E
/Ff 17 122 df<0038007800F001E003C007800F000E001C001C0038003800700070007000E000
E000E000E000E000E000E000E000E000E000700070007000380038001C001C000E000F00078003
C001E000F8007800380D2878A21A>40 D<6000F00078003C001E000F000780038001C001C000E0
00E0007000700070003800380038003800380038003800380038003800700070007000E000E001
C001C0038007800F001E003C007800F00060000D287CA21A>I<FFFE00FFFF80FFFFC01C03E01C
00E01C00F01C00701C00701C00701C00701C00E01C01E01C07C01FFF801FFF801FFFC01C01E01C
00F01C00701C00381C00381C00381C00381C00381C00781C00F01C01F0FFFFE0FFFFC0FFFF0015
1E7E9D1A>66 D<1FF0003FFC007FFE00780F00300700000380000380007F8007FF801FFF803F83
80780380700380E00380E00380E00380700780780F803FFFFC1FFDFC07F0FC16157D941A>97
D<FE0000FE0000FE00000E00000E00000E00000E00000E00000E00000E3E000EFF800FFFE00FC1
F00F80700F00380E00380E001C0E001C0E001C0E001C0E001C0E001C0E001C0F00380F00780F80
F00FC1E00FFFC00EFF80063E00161E7F9D1A>I<001FC0001FC0001FC00001C00001C00001C000
01C00001C00001C001F1C007FDC00FFFC01E0FC03C07C07803C07001C0E001C0E001C0E001C0E0
01C0E001C0E001C0E001C07003C07003C03807C03E0FC01FFFFC07FDFC01F1FC161E7E9D1A>
100 D<01F80007FF000FFF801E07C03C01C07800E07000E0E00070E00070FFFFF0FFFFF0FFFFF0
E000007000007000007800703C00701F01F00FFFE003FFC000FE0014157D941A>I<01F87C07FF
FE0FFFFE1E078C1C03803801C03801C03801C03801C03801C01C03801E07801FFF001FFE0039F8
003800003800001C00001FFF801FFFE03FFFF878007C70001CE0000EE0000EE0000EE0000E7000
1C78003C3E00F81FFFF007FFC001FF0017217F941A>103 D<FE0000FE0000FE00000E00000E00
000E00000E00000E00000E00000E3E000EFF800FFFC00FC1C00F80E00F00E00E00E00E00E00E00
E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E0FFE3FEFFE7FEFFE3FE171E
7F9D1A>I<7CE0E000FFFBF8007FFFF8001F1F1C001E1E1C001E1E1C001C1C1C001C1C1C001C1C
1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C001C1C1C007F
1F1F00FF9F9F807F1F1F00191580941A>109 D<FE3E00FEFF80FFFFC00FC1C00F80E00F00E00E
00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E00E0FFE3FEFF
E7FEFFE3FE17157F941A>I<01F00007FC001FFF003E0F803C07807803C07001C0E000E0E000E0
E000E0E000E0E000E0E000E0F001E07001C07803C03C07803E0F801FFF0007FC0001F00013157D
941A>I<FE3E00FEFF80FFFFE00FC1F00F80700F00380E00380E001C0E001C0E001C0E001C0E00
1C0E001C0E001C0F00380F00780F80F00FC1E00FFFC00EFF800E3E000E00000E00000E00000E00
000E00000E00000E00000E0000FFE000FFE000FFE00016207F941A>I<7F83F0FF8FF87FBFFC03
FC3C03F01803E00003C00003C00003800003800003800003800003800003800003800003800003
80000380007FFF00FFFF007FFF0016157E941A>114 D<07FB801FFF807FFF80780780E00380E0
0380E003807800007FC0003FFC0007FE00003F800007806001C0E001C0E001C0F003C0FC0780FF
FF00EFFE00E3F80012157C941A>I<00C00001C00001C00001C00001C00001C00001C0007FFFE0
FFFFE0FFFFE001C00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C070
01C07001C07001C07000E0E000FFE0007FC0001F00141C7F9B1A>I<7FC3FCFFC7FE7FC3FC0E00
E00E00E00700E00701C00781C00381C003838003C38001C38001C70000E70000E70000E6000066
00006E00003C00003C00003C0000380000380000380000700000700030700078E00071E0007FC0
003F80001E000017207F941A>121 D E /Fg 10 115 df<FFE0FFE00B027D8B10>45
D<0000040000000006000000000E000000001E000000001E000000003E000000003F000000004F
000000004F000000008F000000008F000000010F00000001078000000207800000020780000004
0780000004078000000807C000000803C000001003C000001003C000002003C000003FFFE00000
4001E000004001E000008001E000008001E000010001E000010000F000020000F000060000F000
040000F0000C0000F0003E0001F800FF800FFF8021237EA225>65 D<00FF000381C00603C00C03
C01C0180380000780000700000F00000F00000F00000F00000F00000E00000F00000F000807001
007001003806001C180007E00012157C9416>99 D<00FE000383800701C00C00E01C00E03800E0
7800E07000E0FFFFE0F00000F00000F00000F00000E00000E00000F00040700080300080180300
0E0C0003F00013157D9416>101 D<00000780001F88800070D18000E0E18001C0700003C07000
03C070000780F0000780F0000780F0000780E0000381E0000181C00002C30000027E0000040000
0004000000040000000600000007FF800007FFE00007FFF0001C00780030001800600018006000
1800C0001800C0001800C0003000600060003000C0001C07800003FC00001921809518>103
D<007000F001F000F000E00000000000000000000000000000000001C00FC001C001C001C001C0
0380038003800380038003800700070007000700070007000E000F00FFE00C227FA10E>105
D<007803F800700070007000700070007000E000E000E000E000E000E001C001C001C001C001C0
01C00380038003800380038003800700070007000700070007000E000F00FFE00D237FA20E>
108 D<01C3F01FCC1801D00C01E00E01E00E01C00E03C01C03801C03801C03801C03801C03801C
0700380700380700380700380700380700380E00700F0078FFE7FF18157F941B>110
D<007E000383800600C00C00E01C0070380070780078700078F00078F00078F00078F00078E000
F0E000F0E000E0F001E07001C07003803807001C1C0007F00015157D9418>I<01C7C01FC8E001
D1E001E1E001E0C001C00003C00003800003800003800003800003800007000007000007000007
00000700000700000E00000F0000FFF00013157F9413>114 D E /Fh 16
127 df<F0F0F0F004047B830E>46 D<0000800001800001800003000003000003000006000006
00000600000C00000C00000C000018000018000018000030000030000030000060000060000060
0000C00000C00000C0000180000180000180000180000300000300000300000600000600000600
000C00000C00000C0000180000180000180000300000300000300000600000600000600000C000
00C00000C0000011317DA418>I<001F0000001F0000003F8000003F8000003B8000007BC00000
73C0000071C00000F1E00000F1E00000E0E00001E0F00001E0F00001C0F00003C0780003C07800
0380780007803C0007803C0007003C000F001E000F001E000FFFFE001FFFFF001FFFFF001C000F
003C0007803C00078038000780780003C0780003C0700003C0F00001E0F00001E0E00001E01B23
7EA220>65 D<01FC0007FF000FFF801F03803C0180780000780000700000F00000F00000F00000
F00000F00000F000007800007800007800003C00401F03C00FFFC007FF8001FC0012167E9516>
99 D<0003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C00003C0
0003C003E3C00FFBC01FFFC03F0FC03C07C07803C07803C0F003C0F003C0F003C0F003C0F003C0
F003C0F003C0F003C07803C07803C03C07C03E0FC01FFFC00FFBC003E3C012237EA219>I<03F0
0007FC001FFE003E0F003C0780780380780380F001C0FFFFC0FFFFC0FFFFC0F00000F00000F000
007000007800007800003C00801F07800FFF8007FF0001F80012167E9516>I<01F07807FFF80F
FFF81F1F001E0F003C07803C07803C07803C07803C07801E0F001F1F000FFE001FFC0019F00038
00003800003C00001FFE001FFFC01FFFE03FFFF07801F07800F8F00078F00078F00078F0007878
00F03E03E01FFFC00FFF8001FC0015217F9518>103 D<F000F000F000F000F000F000F000F000
F000F000F000F000F000F1F8F3FCF7FEFE1EF80FF80FF00FF00FF00FF00FF00FF00FF00FF00FF0
0FF00FF00FF00FF00FF00FF00FF00F10237CA219>I<F0F0F0F0000000000000000000F0F0F0F0
F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F004237DA20B>I<F0F0F0F0F0F0F0F0F0F0F0F0F0F0
F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F004237DA20B>108 D<F1F8F3FCF7FEFE1EF8
0FF80FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00F10167C95
19>110 D<01FC0007FF000FFF801F07C03C01E07800F07800F0700070F00078F00078F00078F0
0078F00078F000787800F07800F07C01F03E03E01F07C00FFF8007FF0001FC0015167F9518>I<
F0E0F3E0F7E0FF00FE00FC00F800F800F000F000F000F000F000F000F000F000F000F000F000F0
00F000F0000B167C9511>114 D<07F01FFC3FFE3C0E7806780078007C003F003FF01FF80FFC01
FE001F000F000F000FC00FF81EFFFE3FFC0FF010167F9513>I<0F000F000F000F000F000F00FF
F8FFF8FFF80F000F000F000F000F000F000F000F000F000F000F000F000F000F000F080F1C07FC
07F803E00E1C7F9B12>I<1C0E3F0E7F8EE3FCE1F8E0700F067CA118>126
D E /Fi 1 124 df<FFFFFFE0FFFFFFE01B02808E1C>123 D E /Fj 4 107
df<03F0000FFC001FFE003FFF007FFF807FFF80FFFFC0FFFFC0FFFFC0FFFFC0FFFFC0FFFFC0FF
FFC0FFFFC07FFF807FFF803FFF001FFE000FFC0003F00012147D9519>15
D<000000006000000000003000000000003000000000001800000000001800000000000C000000
00000600000000000380FFFFFFFFFFE0FFFFFFFFFFC0000000000380000000000600000000000C
000000000018000000000018000000000030000000000030000000000060002B127D9432>33
D<001FFF007FFF01E0000380000600000C0000180000300000300000600000600000600000C000
00C00000FFFFFFFFFFFFC00000C000006000006000006000003000003000001800000C00000600
0003800001E000007FFF001FFF181E7C9A21>50 D<C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C002317AA40E>106
D E /Fk 68 124 df<007E0001C1800301800703C00E03C00E01800E00000E00000E00000E0000
0E0000FFFFC00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C00E01C0
0E01C00E01C00E01C00E01C00E01C07F87F8151D809C17>12 D<6060F0F0F8F868680808080808
08101010102020404080800D0C7F9C15>34 D<00E0000001900000030800000308000007080000
0708000007080000070800000710000007100000072000000740000003C03FE003800F00038006
000380040005C0040009C0080010E0100030E010006070200060702000E0384000E03C4000E01C
8000E00F0020E0070020700780403009C0401830E18007C03E001B1F7E9D20>38
D<004000800100020006000C000C0018001800300030007000600060006000E000E000E000E000
E000E000E000E000E000E000E000E000600060006000700030003000180018000C000C00060002
000100008000400A2A7D9E10>40 D<800040002000100018000C000C0006000600030003000380
01800180018001C001C001C001C001C001C001C001C001C001C001C001C0018001800180038003
000300060006000C000C00180010002000400080000A2A7E9E10>I<01800180018001804182F1
8F399C0FF003C003C00FF0399CF18F4182018001800180018010127E9E15>I<60F0F070101010
1020204080040C7C830C>44 D<FFE0FFE00B0280890E>I<60F0F06004047C830C>I<0001000300
0600060006000C000C000C0018001800180030003000300060006000C000C000C0018001800180
030003000300060006000C000C000C00180018001800300030003000600060006000C000C00010
297E9E15>I<03C00C301818300C300C700E60066006E007E007E007E007E007E007E007E007E0
07E007E007E007E00760066006700E300C300C18180C3007E0101D7E9B15>I<030007003F00C7
000700070007000700070007000700070007000700070007000700070007000700070007000700
0700070007000F80FFF80D1C7C9B15>I<07C01830201C400C400EF00FF80FF807F8077007000F
000E000E001C001C00380070006000C00180030006010C01180110023FFE7FFEFFFE101C7E9B15
>I<07E01830201C201C781E780E781E381E001C001C00180030006007E00030001C001C000E00
0F000F700FF80FF80FF80FF00E401C201C183007E0101D7E9B15>I<000C00000C00001C00003C
00003C00005C0000DC00009C00011C00031C00021C00041C000C1C00081C00101C00301C00201C
00401C00C01C00FFFFC0001C00001C00001C00001C00001C00001C00001C0001FFC0121C7F9B15
>I<300C3FF83FF03FC020002000200020002000200023E024302818301C200E000E000F000F00
0F600FF00FF00FF00F800E401E401C2038187007C0101D7E9B15>I<00F0030C06040C0E181E30
1E300C700070006000E3E0E430E818F00CF00EE006E007E007E007E007E007600760077006300E
300C18180C3003E0101D7E9B15>I<4000007FFF807FFF007FFF00400200800400800400800800
00100000100000200000600000400000C00000C00001C000018000018000038000038000038000
038000078000078000078000078000078000078000030000111D7E9B15>I<03E00C301008200C
20066006600660067006780C3E083FB01FE007F007F818FC307E601E600FC007C003C003C003C0
0360026004300C1C1007E0101D7E9B15>I<03C00C301818300C700C600EE006E006E007E007E0
07E007E0076007700F300F18170C2707C700060006000E300C780C78187010203030C00F80101D
7E9B15>I<7FFFFFC0FFFFFFE00000000000000000000000000000000000000000000000000000
000000000000FFFFFFE07FFFFFC01B0C7E8F20>61 D<000600000006000000060000000F000000
0F0000000F00000017800000178000001780000023C0000023C0000023C0000041E0000041E000
0041E0000080F0000080F0000180F8000100780001FFF80003007C0002003C0002003C0006003E
0004001E0004001E000C001F001E001F00FF80FFF01C1D7F9C1F>65 D<FFFFC00F00F00F00380F
003C0F001C0F001E0F001E0F001E0F001E0F001C0F003C0F00780F01F00FFFE00F00780F003C0F
001E0F000E0F000F0F000F0F000F0F000F0F000F0F001E0F001E0F003C0F0078FFFFE0181C7E9B
1D>I<001F808000E0618001801980070007800E0003801C0003801C0001803800018078000080
7800008070000080F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00000
00700000807800008078000080380000801C0001001C0001000E000200070004000180080000E0
3000001FC000191E7E9C1E>I<FFFFC0000F00F0000F003C000F000E000F0007000F0007000F00
03800F0003C00F0001C00F0001C00F0001E00F0001E00F0001E00F0001E00F0001E00F0001E00F
0001E00F0001E00F0001C00F0001C00F0003C00F0003800F0007800F0007000F000E000F001C00
0F007000FFFFC0001B1C7E9B20>I<FFFFFC0F003C0F000C0F00040F00040F00060F00020F0002
0F02020F02000F02000F02000F06000FFE000F06000F02000F02000F02000F02010F00010F0002
0F00020F00020F00060F00060F000C0F003CFFFFFC181C7E9B1C>I<FFFFF80F00780F00180F00
080F00080F000C0F00040F00040F02040F02000F02000F02000F06000FFE000F06000F02000F02
000F02000F02000F00000F00000F00000F00000F00000F00000F00000F8000FFF800161C7E9B1B
>I<FFF00F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F
000F000F000F000F000F000F000F000F00FFF00C1C7F9B0F>73 D<FFF8000F80000F00000F0000
0F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F0000
0F00000F00080F00080F00080F00180F00180F00100F00300F00700F01F0FFFFF0151C7E9B1A>
76 D<FF8000FF800F8000F8000F8000F8000BC00178000BC00178000BC001780009E002780009
E002780008F004780008F004780008F0047800087808780008780878000878087800083C107800
083C107800083C107800081E207800081E207800081E207800080F407800080F40780008078078
000807807800080780780008030078001C03007800FF8307FF80211C7E9B26>I<FF007FC00F80
0E000F8004000BC0040009E0040009E0040008F0040008F8040008780400083C0400083C040008
1E0400080F0400080F0400080784000807C4000803C4000801E4000801E4000800F40008007C00
08007C0008003C0008003C0008001C0008000C001C000C00FF8004001A1C7E9B1F>I<003F8000
00E0E0000380380007001C000E000E001C0007003C00078038000380780003C0780003C0700001
C0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0F00001E0700001C07800
03C0780003C0380003803C0007801C0007000E000E0007001C000380380000E0E000003F80001B
1E7E9C20>I<FFFF800F00E00F00780F003C0F001C0F001E0F001E0F001E0F001E0F001E0F001C
0F003C0F00780F00E00FFF800F00000F00000F00000F00000F00000F00000F00000F00000F0000
0F00000F00000F0000FFF000171C7E9B1C>I<FFFF00000F01E0000F0078000F003C000F001C00
0F001E000F001E000F001E000F001E000F001C000F003C000F0078000F01E0000FFF00000F03C0
000F00E0000F00F0000F0078000F0078000F0078000F0078000F0078000F0078000F0078100F00
78100F0038100F003C20FFF01C20000007C01C1D7E9B1F>82 D<07E0801C198030058070038060
0180E00180E00080E00080E00080F00000F800007C00007FC0003FF8001FFE0007FF0000FF8000
0F800007C00003C00001C08001C08001C08001C0C00180C00180E00300D00200CC0C0083F80012
1E7E9C17>I<7FFFFFC0700F01C0600F00C0400F0040400F0040C00F0020800F0020800F002080
0F0020000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000
000F0000000F0000000F0000000F0000000F0000000F0000000F0000000F0000001F800003FFFC
001B1C7F9B1E>I<FFF07FC00F000E000F0004000F0004000F0004000F0004000F0004000F0004
000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F0004000F00
04000F0004000F0004000F0004000F0004000700080007800800038010000180100000C0200000
70C000001F00001A1D7E9B1F>I<FFE0FFE0FF1F001F003C1E001E00180F001F00100F001F0010
0F001F001007801F00200780278020078027802003C027804003C043C04003C043C04003E043C0
4001E081E08001E081E08001E081E08000F100F10000F100F10000F100F100007900FA00007A00
7A00007A007A00003E007C00003C003C00003C003C00003C003C00001800180000180018000018
001800281D7F9B2B>87 D<7FF0FFC00FC03E000780180003C0180003E0100001E0200001F06000
00F0400000788000007D8000003D0000001E0000001F0000000F0000000F8000000F80000013C0
000023E0000021E0000041F00000C0F8000080780001007C0003003C0002001E0006001F001F00
3F80FFC0FFF01C1C7F9B1F>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07297C9E0C>91 D<08081010202040404040808080808080
B0B0F8F8787830300D0C7A9C15>I<FEFE06060606060606060606060606060606060606060606
060606060606060606060606060606FEFE0729809E0C>I<1FC000307000783800781C00301C00
001C00001C0001FC000F1C00381C00701C00601C00E01C40E01C40E01C40603C40304E801F8700
12127E9115>97 D<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C00001C
00001C7C001D86001E03001C01801C01C01C00C01C00E01C00E01C00E01C00E01C00E01C00E01C
00C01C01C01C01801E030019060010F800131D7F9C17>I<07E00C301878307870306000E000E0
00E000E000E000E00060007004300418080C3007C00E127E9112>I<003F000007000007000007
0000070000070000070000070000070000070000070003E7000C1700180F003007007007006007
00E00700E00700E00700E00700E00700E00700600700700700300700180F000C370007C7E0131D
7E9C17>I<03E00C301818300C700E6006E006FFFEE000E000E000E00060007002300218040C18
03E00F127F9112>I<00F8018C071E061E0E0C0E000E000E000E000E000E00FFE00E000E000E00
0E000E000E000E000E000E000E000E000E000E000E000E000E007FE00F1D809C0D>I<00038003
C4C00C38C01C3880181800381C00381C00381C00381C001818001C38000C300013C00010000030
00001800001FF8001FFF001FFF803003806001C0C000C0C000C0C000C06001803003001C0E0007
F800121C7F9215>I<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C0000
1C00001C7C001C87001D03001E03801C03801C03801C03801C03801C03801C03801C03801C0380
1C03801C03801C03801C03801C0380FF9FF0141D7F9C17>I<18003C003C001800000000000000
0000000000000000FC001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C
001C00FF80091D7F9C0C>I<00C001E001E000C000000000000000000000000000000FE000E000
E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E060E0
F0C0F1C061803E000B25839C0D>I<FC00001C00001C00001C00001C00001C00001C00001C0000
1C00001C00001C00001C3FC01C0F001C0C001C08001C10001C20001C40001CE0001DE0001E7000
1C78001C38001C3C001C1C001C0E001C0F001C0F80FF9FE0131D7F9C16>I<FC001C001C001C00
1C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C001C
001C001C001C001C00FF80091D7F9C0C>I<FC7E07E0001C838838001D019018001E01E01C001C
01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C001C01C01C00
1C01C01C001C01C01C001C01C01C001C01C01C001C01C01C00FF8FF8FF8021127F9124>I<FC7C
001C87001D03001E03801C03801C03801C03801C03801C03801C03801C03801C03801C03801C03
801C03801C03801C0380FF9FF014127F9117>I<03F0000E1C00180600300300700380600180E0
01C0E001C0E001C0E001C0E001C0E001C06001807003803003001806000E1C0003F00012127F91
15>I<FC7C001D86001E03001C01801C01C01C00C01C00E01C00E01C00E01C00E01C00E01C00E0
1C01C01C01C01C01801E03001D06001CF8001C00001C00001C00001C00001C00001C00001C0000
FF8000131A7F9117>I<03C1000C3300180B00300F00700700700700E00700E00700E00700E007
00E00700E00700600700700700300F00180F000C370007C7000007000007000007000007000007
00000700000700003FE0131A7E9116>I<FCE01D301E781E781C301C001C001C001C001C001C00
1C001C001C001C001C001C00FFC00D127F9110>I<1F9030704030C010C010E010F8007F803FE0
0FF000F880388018C018C018E010D0608FC00D127F9110>I<04000400040004000C000C001C00
3C00FFE01C001C001C001C001C001C001C001C001C001C101C101C101C101C100C100E2003C00C
1A7F9910>I<FC1F801C03801C03801C03801C03801C03801C03801C03801C03801C03801C0380
1C03801C03801C03801C07800C07800E1B8003E3F014127F9117>I<FF07E03C03801C01001C01
000E02000E020007040007040007040003880003880003D80001D00001D00000E00000E00000E0
0000400013127F9116>I<FF3FCFE03C0F03801C0701801C0701001C0B01000E0B82000E0B8200
0E1182000711C4000711C4000720C40003A0E80003A0E80003C0680001C0700001C07000018030
00008020001B127F911E>I<7F8FF00F03800F030007020003840001C80001D80000F000007000
00780000F800009C00010E00020E000607000403801E07C0FF0FF81512809116>I<FF07E03C03
801C01001C01000E02000E020007040007040007040003880003880003D80001D00001D00000E0
0000E00000E000004000004000008000008000F08000F10000F300006600003C0000131A7F9116
>I<FFFFF01401808B15>123 D E /Fl 7 56 df<0C001C00EC000C000C000C000C000C000C000C
000C000C000C000C000C000C000C000C00FFC00A137D9211>49 D<1F0060C06060F070F0306030
00700070006000C001C00180020004000810101020207FE0FFE00C137E9211>I<0FC030707038
703870380038003000E00FC0007000380018001C601CF01CF018E03860701FC00E137F9211>I<
006000E000E00160026006600C600860106020606060C060FFFC0060006000600060006003FC0E
137F9211>I<60607FC07F8044004000400040004F0070C040E0006000700070E070E070E06040
E021C01F000C137E9211>I<07C00C201070207060006000C000CF00D0C0E060C020C030C030C0
3040306020206010C00F000C137E9211>I<40007FFC7FF8401080108020004000800100010003
000200060006000E000E000E000E000E0004000E147E9311>I E /Fm 19
117 df<03000700FF000700070007000700070007000700070007000700070007000700070007
00070007007FF00C157E9412>49 D<0F8030E040708030C038E0384038003800700070006000C0
0180030006000C08080810183FF07FF0FFF00D157E9412>I<0FE030306018701C701C001C0018
0038006007E000300018000C000E000EE00EE00EC00C401830300FE00F157F9412>I<00300030
007000F001F001700270047008701870107020704070C070FFFE0070007000700070007003FE0F
157F9412>I<20303FE03FC0240020002000200020002F8030E020700030003800384038E038E0
388030406020C01F000D157E9412>I<01F00608080C181C301C70006000E000E3E0EC30F018F0
0CE00EE00EE00E600E600E300C3018183007C00F157F9412>I<40007FFE7FFC7FF8C008801080
200040008000800100010003000200060006000E000E000E000E000E0004000F167E9512>I<00
1000003800003800003800005C00005C00005C00008E00008E00008E0001070001070003078002
038002038007FFC00401C00401C00800E00800E01800E03800F0FE03FE17177F961A>65
D<FFFE001C03801C00E01C00601C00701C00701C00701C00701C00E01C01C01FFF801FFFC01C00
E01C00701C00301C00381C00381C00381C00381C00701C00E01C01C0FFFF0015177F9619>I<FF
83FE1C00701C00701C00701C00701C00701C00701C00701C00701C00701C00701FFFF01C00701C
00701C00701C00701C00701C00701C00701C00701C00701C0070FF83FE17177F961A>72
D<1FC0386038301038003803F81E3830387038E039E039E07970FF1F1E100E7F8D12>97
D<007E00000E00000E00000E00000E00000E00000E00000E00000E0007CE001C3E00300E00700E
00600E00E00E00E00E00E00E00E00E00600E00700E00301E00182E0007CFC012177F9614>100
D<FC00001C00001C00001C00001C00001C00001C00001C00001C00001C7C001D8E001E07001C07
001C07001C07001C07001C07001C07001C07001C07001C07001C0700FF9FE01317809614>104
D<183C3C1800000000007C1C1C1C1C1C1C1C1C1C1C1C1CFF081780960A>I<FC7C1F001D8E6380
1E0781C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701C01C0701
C01C0701C0FF9FE7F81D0E808D1E>109 D<FC7C001D8E001E07001C07001C07001C07001C0700
1C07001C07001C07001C07001C07001C0700FF9FE0130E808D14>I<07C018303018600C600CE0
0EE00EE00EE00EE00E701C3018183007C00F0E7F8D12>I<1F4060C0C040C040E000FF007F801F
C001E080608060C060E0C09F000B0E7F8D0E>115 D<080008000800180018003800FF80380038
003800380038003800380038403840384038401C800F000A147F930E>I
E /Fn 14 116 df<70F8F8F87005057C840E>58 D<70F8FCFC7404040404080810102040060F7C
840E>I<0000001800000078000001E00000078000001E00000078000003E000000F8000003C00
0000F0000003C000000F0000003C000000F0000000F00000003C0000000F00000003C0000000F0
0000003C0000000F80000003E0000000780000001E0000000780000001E000000078000000181D
1C7C9926>I<C0000000F00000003C0000000F00000003C0000000F00000003E0000000F800000
01E0000000780000001E0000000780000001E00000007800000078000001E00000078000001E00
000078000001E000000F8000003E000000F0000003C000000F0000003C000000F0000000C00000
001D1C7C9926>62 D<007FFFF8000007801E0000078007000007800380000F0001C0000F0001C0
000F0000E0000F0000E0001E0000E0001E0000F0001E0000F0001E0000F0003C0000F0003C0000
F0003C0000F0003C0000F000780001E000780001E000780001E000780001E000F00003C000F000
03C000F000038000F000078001E000070001E0000E0001E0001E0001E0001C0003C000380003C0
00700003C000E00003C003800007C00E0000FFFFF8000024227EA128>68
D<007FFFFFC000078003C000078000C000078000C0000F0000C0000F0000C0000F000080000F00
0080001E000080001E000080001E008080001E008000003C010000003C010000003C030000003C
070000007FFE000000780600000078060000007806000000F004000000F004000000F004010000
F000020001E000020001E000020001E000040001E0000C0003C000080003C000180003C0003000
03C000700007C003F000FFFFFFE00022227EA124>I<007FFC01FF000780007800078000600007
8000C0000F000180000F000200000F000400000F000800001E001000001E004000001E00800000
1E010000003C020000003C040000003C1E0000003C3E000000785F000000788F0000007A0F0000
007C07800000F807800000F007C00000F003C00000F003C00001E001E00001E001E00001E001E0
0001E000F00003C000F00003C000F80003C000780003C000780007C000FC00FFFC07FF8028227E
A129>75 D<007FFE000007C0000007800000078000000F0000000F0000000F0000000F0000001E
0000001E0000001E0000001E0000003C0000003C0000003C0000003C0000007800000078000000
7800000078000000F0000000F0000000F0001000F0001001E0002001E0002001E0004001E00040
03C000C003C0008003C0018003C0078007C01F00FFFFFF001C227EA121>I<007FC00001FF0007
C00003E00007C00005E00007C00005E00009E0000BC00009E0000BC00009E00013C00009E00023
C00011E00027800011E00047800011E00047800011E00087800021E0010F000020F0010F000020
F0020F000020F0040F000040F0041E000040F0081E000040F0081E000040F0101E000080F0203C
00008078203C00008078403C00008078803C000100788078000100790078000100790078000100
7A00780002007C00F00002007C00F00002003800F00006003800F0000F003001F000FFE0203FFF
0030227EA12F>I<00786001C4E00302E00601C00E01C01C01C03C01C038038078038078038078
0380F00700F00700F00700F00708F00E10700E10701E1030262018C6200F01C015157E941A>97
D<003F0000E0800380C00701C00E03C01C03C03C00003C0000780000780000780000F00000F000
00F00000F000007000407000403001803802001C1C0007E00012157E9415>99
D<00F0000FE00000E00000E00000E00001C00001C00001C00001C0000380000380000380000380
00070000071F0007218007C0C00F00E00F00E00E00E00E00E01C01C01C01C01C01C01C01C03803
80380380380700380704700708700E08700E08700610E006206003C016237DA21C>104
D<3C07E01F00461830618047201880C087401D00E087801E00E087801C00E087001C00E00E0038
01C00E003801C00E003801C00E003801C01C007003801C007003801C007007001C007007043800
E007083800E00E083800E00E083800E006107001C006203000C003C026157E942B>109
D<007E0000810003008002018006038006030006000007000007F80003FE0001FF00003F000007
80000380700380F00300F00300E002004004003018000FE00011157E9417>115
D E /Fo 89 128 df<001F83E000706E3000C07C780180F8780380F07807007000070070000700
7000070070000700700007007000070070000700700007007000FFFFFFC0070070000700700007
007000070070000700700007007000070070000700700007007000070070000700700007007000
070070000700700007007000070070000700700007007000070078007FE3FF801D2380A21C>11
D<001FC0000070200000C010000180380003807800070078000700300007000000070000000700
000007000000070000000700000007000000FFFFF8000700780007003800070038000700380007
003800070038000700380007003800070038000700380007003800070038000700380007003800
07003800070038000700380007003800070038007FE1FF80192380A21B>I<001FD80000703800
00C078000180780003807800070038000700380007003800070038000700380007003800070038
000700380007003800FFFFF8000700380007003800070038000700380007003800070038000700
380007003800070038000700380007003800070038000700380007003800070038000700380007
00380007003800070038007FF3FF80192380A21B>I<000FC07F00007031C08000E00B00400180
1E00E003803E01E007003C01E007001C00C007001C000007001C000007001C000007001C000007
001C000007001C000007001C0000FFFFFFFFE007001C01E007001C00E007001C00E007001C00E0
07001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00
E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E007001C00E07FF1FF
CFFE272380A229>I<00004000008000008000010000010001F200060E001C0700380780300980
7009C06010C0E030E0E020E0E060E0E040E0E0C0E0E080E0E180E06100C07201C03201803C0380
1C07000E0C0009F000100000100000200000200000400000131F7E9918>28
D<70F8F8F8F8F8F8F8707070707070707070707070202020202020000000000070F8F8F8700524
7CA30E>33 D<7038F87CFC7EFC7E743A04020402040204020804080410081008201040200F0F7E
A218>I<003C000000006200000000C20000000181000000018100000003810000000381000000
03810000000381000000038200000003820000000384000000038800000001C800000001D00000
0001E003FF8001C0007C0000E000380001E000300001F000200002700040000470004000083800
8000183C008000301C010000701E020000700E020000F007040000F007880000F003880000F001
D00100F000E0010078007003003800B802003C031C04000E0C0E0C0003F003F00021257EA326>
38 D<70F8FCFC7404040404080810102040060F7CA20E>I<00200040008001000300060004000C
000C00180018003000300030007000600060006000E000E000E000E000E000E000E000E000E000
E000E000E000E000E0006000600060007000300030003000180018000C000C0004000600030001
000080004000200B327CA413>I<800040002000100018000C0004000600060003000300018001
80018001C000C000C000C000E000E000E000E000E000E000E000E000E000E000E000E000E000E0
00C000C000C001C0018001800180030003000600060004000C00180010002000400080000B327D
A413>I<70F8FCFC7404040404080810102040060F7C840E>44 D<FFE0FFE00B027F8B10>I<70F8
F8F87005057C840E>I<000080000180000180000300000300000300000600000600000600000C
00000C00000C0000180000180000180000300000300000300000600000600000600000C00000C0
0000C0000180000180000180000180000300000300000300000600000600000600000C00000C00
000C0000180000180000180000300000300000300000600000600000600000C00000C00000C000
0011317DA418>I<01F000071C000C06001803003803803803807001C07001C07001C07001C0F0
01E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F001E0F0
01E07001C07001C07001C07803C03803803803801C07000C0600071C0001F00013227EA018>I<
008003800F80F38003800380038003800380038003800380038003800380038003800380038003
800380038003800380038003800380038003800380038007C0FFFE0F217CA018>I<03F0000C1C
001007002007804003C04003C08003E0F003E0F801E0F801E0F801E02003E00003E00003C00003
C0000780000700000E00001C0000180000300000600000C0000180000100000200200400200800
201800603000403FFFC07FFFC0FFFFC013217EA018>I<03F8000C1E001007002007804007C078
07C07803C07807C03807C0000780000780000700000F00000E0000380003F000001C00000F0000
07800007800003C00003C00003E02003E07003E0F803E0F803E0F003C04003C040078020078010
0F000C1C0003F00013227EA018>I<000200000600000E00000E00001E00001E00002E00004E00
004E00008E00008E00010E00020E00020E00040E00040E00080E00100E00100E00200E00200E00
400E00800E00FFFFF8000E00000E00000E00000E00000E00000E00000E00001F0001FFF015217F
A018>I<1000801E07001FFF001FFE001FF80013E0001000001000001000001000001000001000
0010F800130E001407001803801003800001C00001C00001E00001E00001E00001E07001E0F001
E0F001E0E001C08001C04003C04003802007001006000C1C0003F00013227EA018>I<007E0001
C1000300800601C00E03C01C03C0180180380000380000780000700000700000F0F800F30C00F4
0600F40300F80380F801C0F001C0F001E0F001E0F001E0F001E0F001E07001E07001E07001E038
01C03801C01803801C03000C0600070C0001F00013227EA018>I<4000006000007FFFE07FFFC0
7FFFC0400080C00100800100800200800200000400000800000800001000003000002000006000
00600000600000E00000C00000C00001C00001C00001C00001C00003C00003C00003C00003C000
03C00003C00003C00003C00001800013237DA118>I<01F800060E000803001001802001802000
C06000C06000C06000C07000C07801803E01003F02001FC4000FF80003F80003FC00067F00083F
80100F803007C06001C06000E0C000E0C00060C00060C00060C000606000406000C03000801803
000E0E0003F00013227EA018>I<01F000060C000C0600180700380380700380700380F001C0F0
01C0F001C0F001E0F001E0F001E0F001E0F001E07001E07003E03803E01805E00C05E00619E003
E1E00001C00001C00001C0000380000380300300780700780600700C002018001030000FC00013
227EA018>I<70F8F8F870000000000000000000000070F8F8F87005157C940E>I<70F8F8F87000
0000000000000000000070F8F8F87808080808101010204040051F7C940E>I<70F8F8F8700000
000000202020202020707070707070707070707070F8F8F8F8F8F8F87005247C980E>I<FFFFFF
FEFFFFFFFE0000000000000000000000000000000000000000000000000000000000000000FFFF
FFFEFFFFFFFE1F0C7D9126>I<07E01838201C400E800FF00FF00FF00F000F000E001C00380030
006000C000C000800080018001000100010001000100010000000000000000000000038007C007
C007C0038010237DA217>63 D<000FE00000701C00008002000300018004000040080000200800
00201007C01020183008203008084060040440C0078441C0038481C00382838003828380038283
8003828380038283800382838003828380038281C0038241C0038240C007824060078420300B84
201831881007C0F00800000008000000040000000300000E00800078007007C0000FFC001F237D
A226>I<0001800000018000000180000003C0000003C0000003C0000005E0000005E000000DF0
000008F0000008F0000010F800001078000010780000203C0000203C0000203C0000401E000040
1E0000401E0000800F0000800F0000FFFF000100078001000780030007C0020003C0020003C004
0003E0040001E0040001E00C0000F00C0000F03E0001F8FF800FFF20237EA225>I<FFFFF8000F
800E0007800780078003C0078003E0078001E0078001F0078001F0078001F0078001F0078001F0
078001E0078003E0078007C007800F8007803E0007FFFE0007800780078003C0078001E0078001
F0078000F0078000F8078000F8078000F8078000F8078000F8078000F8078001F0078001F00780
03E0078007C00F800F00FFFFFC001D227EA123>I<0007E0100038183000E0063001C001700380
00F0070000F00E0000701E0000701C0000303C0000303C0000307C0000107800001078000010F8
000000F8000000F8000000F8000000F8000000F8000000F8000000F80000007800000078000010
7C0000103C0000103C0000101C0000201E0000200E000040070000400380008001C0010000E002
0000381C000007E0001C247DA223>I<FFFFF0000F801E0007800700078003C0078001C0078000
E0078000F007800078078000780780007C0780003C0780003C0780003C0780003E0780003E0780
003E0780003E0780003E0780003E0780003E0780003E0780003E0780003C0780003C0780007C07
80007807800078078000F0078000E0078001E0078003C0078007000F801E00FFFFF8001F227EA1
25>I<FFFFFFC00F8007C0078001C0078000C00780004007800040078000600780002007800020
0780002007802020078020000780200007802000078060000780E00007FFE0000780E000078060
000780200007802000078020000780200807800008078000080780001007800010078000100780
00300780003007800070078000E00F8003E0FFFFFFE01D227EA121>I<FFFFFFC00F8007C00780
01C0078000C0078000400780004007800060078000200780002007800020078020200780200007
80200007802000078060000780E00007FFE0000780E00007806000078020000780200007802000
078020000780000007800000078000000780000007800000078000000780000007800000078000
000FC00000FFFE00001B227EA120>I<0007F008003C0C1800E0021801C001B8038000F8070000
780F0000381E0000381E0000183C0000183C0000187C0000087800000878000008F8000000F800
0000F8000000F8000000F8000000F8000000F8000000F8001FFF780000F8780000787C0000783C
0000783C0000781E0000781E0000780F00007807000078038000B801C000B800E00318003C0C08
0007F00020247DA226>I<FFFC3FFF0FC003F0078001E0078001E0078001E0078001E0078001E0
078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E007FFFF
E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E0078001E00780
01E0078001E0078001E0078001E0078001E0078001E00FC003F0FFFC3FFF20227EA125>I<FFFC
0FC007800780078007800780078007800780078007800780078007800780078007800780078007
80078007800780078007800780078007800780078007800FC0FFFC0E227EA112>I<03FFF0001F
00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F
00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00700F00F80F
00F80F00F80E00F01E00401C0020380018700007C00014237EA119>I<FFFC03FF000FC000F800
078000600007800040000780008000078001000007800200000780040000078008000007801000
0007802000000780400000078080000007818000000783C000000787E000000789E000000788F0
00000790F0000007A078000007C03C000007803C000007801E000007800F000007800F00000780
078000078007C000078003C000078001E000078001E000078000F000078000F8000FC000FC00FF
FC07FF8021227EA126>I<FFFE00000FC000000780000007800000078000000780000007800000
078000000780000007800000078000000780000007800000078000000780000007800000078000
000780000007800000078000000780000007800000078000800780008007800080078000800780
01800780018007800100078003000780030007800F000F803F00FFFFFF0019227EA11E>I<FFC0
0003FF0FC00003F007C00003E005E00005E005E00005E004F00009E004F00009E004F00009E004
780011E004780011E004780011E0043C0021E0043C0021E0043C0021E0041E0041E0041E0041E0
040F0081E0040F0081E0040F0081E004078101E004078101E004078101E00403C201E00403C201
E00401E401E00401E401E00401E401E00400F801E00400F801E00400F801E004007001E00E0070
01E01F007003F0FFE0203FFF28227EA12D>I<FF8007FF07C000F807C0007005E0002004F00020
04F0002004780020047C0020043C0020041E0020041F0020040F002004078020040780200403C0
200401E0200401E0200400F0200400F8200400782004003C2004003E2004001E2004000F200400
0F20040007A0040003E0040003E0040001E0040001E0040000E00E0000601F000060FFE0002020
227EA125>I<000FE00000783C0000E00E0003C00780078003C00F0001E00E0000E01E0000F03C
0000783C0000787C00007C7C00007C7800003C7800003CF800003EF800003EF800003EF800003E
F800003EF800003EF800003EF800003EF800003E7800003C7C00007C7C00007C3C0000783E0000
F81E0000F00F0001E00F0001E0078003C003C0078000E00E0000783C00000FE0001F247DA226>
I<FFFFF0000F803C0007800F0007800780078007C0078003C0078003E0078003E0078003E00780
03E0078003E0078003E0078003C0078007C00780078007800F0007803C0007FFF0000780000007
800000078000000780000007800000078000000780000007800000078000000780000007800000
0780000007800000078000000FC00000FFFC00001B227EA121>I<000FE00000783C0000E00E00
03C00780078003C00F0001E00E0000E01E0000F03E0000F83C0000787C00007C7C00007C780000
3C7800003CF800003EF800003EF800003EF800003EF800003EF800003EF800003EF800003EF800
003E7800003C7C00007C7C00007C3C0000783C0000781E0380F00E0420E00F0801E0078813C003
C8178000E80E00007C3C02000FEC0200000C0200000C0200000E0600000F0E000007FC000007FC
000007F8000003F8000001E01F2D7DA226>I<FFFFE000000F803C000007800E00000780078000
078007C000078003C000078003E000078003E000078003E000078003E000078003E000078003C0
00078007C000078007800007800E000007803C000007FFE000000780700000078038000007801C
000007801E000007800E000007800F000007800F000007800F000007800F000007800F80000780
0F800007800F800007800F808007800FC080078007C0800FC003C100FFFC01E2000000007C0021
237EA124>I<03F0200C0C601802603001E07000E0600060E00060E00060E00020E00020E00020
F00000F000007800007F00003FF0001FFE000FFF0003FF80003FC00007E00001E00000F00000F0
000070800070800070800070800070C00060C00060E000C0F000C0C80180C6070081FC0014247D
A21B>I<7FFFFFF87807807860078018400780084007800840078008C007800C80078004800780
048007800480078004000780000007800000078000000780000007800000078000000780000007
800000078000000780000007800000078000000780000007800000078000000780000007800000
078000000780000007800000078000000FC00003FFFF001E227EA123>I<FFFC07FF0FC000F807
800070078000200780002007800020078000200780002007800020078000200780002007800020
078000200780002007800020078000200780002007800020078000200780002007800020078000
20078000200780002007800020078000200380004003C0004003C0004001C0008000E000800060
010000300600001C08000003F00020237EA125>I<FFF0007FC01F80001F000F00000C00078000
0C000780000800078000080003C000100003C000100003E000300001E000200001E000200000F0
00400000F000400000F000400000780080000078008000007C018000003C010000003C01000000
1E020000001E020000001F020000000F040000000F040000000F8C000000078800000007880000
0003D000000003D000000003F000000001E000000001E000000000C000000000C000000000C000
0022237FA125>I<FFF03FFC03FE1F8007E000F80F0003C000700F0003C000200F0003C0002007
8001E00040078001E00040078001E0004003C002F0008003C002F0008003C002F0008001E00478
010001E00478010001E00478010000F0083C020000F0083C020000F0083C020000F8183E060000
78101E04000078101E0400007C101E0400003C200F0800003C200F0800003C200F0800001E4007
9000001E40079000001E40079000000F8003E000000F8003E000000F8003E00000070001C00000
070001C00000070001C0000003000180000002000080002F237FA132>I<7FF807FF0007E001F8
0003C000E00003E000C00001E000800000F001000000F80300000078020000007C040000003E0C
0000001E080000001F100000000FB000000007A000000007C000000003E000000001E000000001
F000000003F80000000278000000047C0000000C3E000000081E000000101F000000300F800000
20078000004007C00000C003E000008001E000010001F000030000F000070000F8001F8001FC00
FFE007FFC022227FA125>I<FFF0007FC01F80001F000F80000C00078000080007C000180003E0
00100001E000200001F000200000F000400000F800C000007C008000003C010000003E01000000
1E020000001F040000000F84000000078800000007D800000003D000000003E000000001E00000
0001E000000001E000000001E000000001E000000001E000000001E000000001E000000001E000
000001E000000001E000000001E000000003E00000003FFF000022227FA125>I<7FFFFE7E003E
78003C7000786000784000F0C000F0C001E08003C08003C0800780000780000F00001F00001E00
003C00003C0000780000780000F00001F00001E00103C00103C0010780010780030F00031E0002
1E00023C00063C000E78001EF8007EFFFFFE18227DA11E>I<FEFEC0C0C0C0C0C0C0C0C0C0C0C0
C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0FEFE07317BA4
0E>I<0804100820102010402040208040804080408040B85CFC7EFC7E7C3E381C0F0F7AA218>I<
FEFE06060606060606060606060606060606060606060606060606060606060606060606060606
0606060606060606FEFE07317FA40E>I<0FE0001838003C0C003C0E0018070000070000070000
070000FF0007C7001E07003C0700780700700700F00708F00708F00708F00F087817083C23900F
C1E015157E9418>97 D<0E0000FE00001E00000E00000E00000E00000E00000E00000E00000E00
000E00000E00000E00000E00000E1F000E61C00E80600F00300E00380E003C0E001C0E001E0E00
1E0E001E0E001E0E001E0E001E0E001E0E001C0E003C0E00380F00700C80600C41C0083F001723
7FA21B>I<01FE000703000C07801C0780380300780000700000F00000F00000F00000F00000F0
0000F00000F000007000007800403800401C00800C010007060001F80012157E9416>I<0000E0
000FE00001E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E00000E0
01F8E00704E00C02E01C01E03800E07800E07000E0F000E0F000E0F000E0F000E0F000E0F000E0
F000E07000E07800E03800E01801E00C02E0070CF001F0FE17237EA21B>I<01FC000707000C03
801C01C03801C07801E07000E0F000E0FFFFE0F00000F00000F00000F00000F000007000007800
203800201C00400E008007030000FC0013157F9416>I<003C00C6018F038F030F070007000700
070007000700070007000700FFF807000700070007000700070007000700070007000700070007
000700070007000700070007807FF8102380A20F>I<00007001F198071E180E0E181C07001C07
003C07803C07803C07803C07801C07001C07000E0E000F1C0019F0001000001000001800001800
001FFE000FFFC00FFFE03800F0600030400018C00018C00018C000186000306000303800E00E03
8003FE0015217F9518>I<0E0000FE00001E00000E00000E00000E00000E00000E00000E00000E
00000E00000E00000E00000E00000E1F800E60C00E80E00F00700F00700E00700E00700E00700E
00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18
237FA21B>I<1C001E003E001E001C00000000000000000000000000000000000E00FE001E000E
000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E00FFC00A227FA1
0E>I<01C003E003E003E001C00000000000000000000000000000000001E00FE001E000E000E0
00E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000
E000E060E0F0C0F18061803E000B2C82A10F>I<0E0000FE00001E00000E00000E00000E00000E
00000E00000E00000E00000E00000E00000E00000E00000E03FC0E01F00E01C00E01800E02000E
04000E08000E10000E38000EF8000F1C000E1E000E0E000E07000E07800E03C00E01C00E01E00E
00F00E00F8FFE3FE17237FA21A>I<0E00FE001E000E000E000E000E000E000E000E000E000E00
0E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E000E
000E000E00FFE00B237FA20E>I<0E1FC07F00FE60E183801E807201C00F003C00E00F003C00E0
0E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800
E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E00E003800E0FFE3FF
8FFE27157F942A>I<0E1F80FE60C01E80E00F00700F00700E00700E00700E00700E00700E0070
0E00700E00700E00700E00700E00700E00700E00700E00700E00700E0070FFE7FF18157F941B>
I<01FC000707000C01801800C03800E0700070700070F00078F00078F00078F00078F00078F000
78F000787000707800F03800E01C01C00E038007070001FC0015157F9418>I<0E1F00FE61C00E
80600F00700E00380E003C0E001C0E001E0E001E0E001E0E001E0E001E0E001E0E001E0E003C0E
003C0E00380F00700E80E00E41C00E3F000E00000E00000E00000E00000E00000E00000E00000E
00000E0000FFE000171F7F941B>I<01F8200704600E02601C01603801E07800E07800E0F000E0
F000E0F000E0F000E0F000E0F000E0F000E07000E07800E03801E01C01E00C02E0070CE001F0E0
0000E00000E00000E00000E00000E00000E00000E00000E00000E0000FFE171F7E941A>I<0E3C
FE461E8F0F0F0F060F000E000E000E000E000E000E000E000E000E000E000E000E000E000F00FF
F010157F9413>I<0F8830786018C018C008C008E008F0007F803FE00FF001F8003C801C800C80
0CC00CC008E018D0308FC00E157E9413>I<02000200020002000600060006000E001E003E00FF
F80E000E000E000E000E000E000E000E000E000E000E000E040E040E040E040E040E0407080308
01F00E1F7F9E13>I<0E0070FE07F01E00F00E00700E00700E00700E00700E00700E00700E0070
0E00700E00700E00700E00700E00700E00700E00F00E00F006017003827800FC7F18157F941B>
I<FFC1FE1E00780E00300E00200E002007004007004003808003808003808001C10001C10000E2
0000E20000E20000740000740000380000380000380000100017157F941A>I<FF8FF8FF1E01E0
3C1C01C0180E01C0180E01E0100E01E01007026020070270200702702003843040038438400384
384001C8188001C81C8001C81C8000F00D0000F00F0000F00F0000600600006006000060060020
157F9423>I<FF83FE1F01F00E00C007008003810003830001C20000E400007800007800003800
003C00004E00008E000187000103800201C00401E00C00E03E01F0FF03FE17157F941A>I<FFC1
FE1E00780E00300E00200E002007004007004003808003808003808001C10001C10000E20000E2
0000E200007400007400003800003800003800001000001000002000002000002000004000F040
00F08000F180004300003C0000171F7F941A>I<3FFFC0380380300780200700600E00401C0040
3C0040380000700000E00001E00001C0000380400700400F00400E00C01C008038008078018070
0780FFFF8012157F9416>I<FFFFFE1701808C18>I<FFFFFFFFFFFF3001808C31>I<7070F8F8F8
F8F8F870700D057BA118>127 D E /Fp 14 118 df<F8F8F8F8F8383070706060E0050C7A8411>
44 D<F8F8F8F8F805057A8411>46 D<0000FF00000007FFC000001FFFE000007FFFF00000FF01
F80001FC00FC0003F0007E0007E0003E000FC01FBE001F807FFF001F00FFFF003E01FFFF003E03
F0FF007C07E07F807C07C03F807C0F801F80FC0F801F80F81F000F80F81F000F80F81F000F80F8
1F000F80F81F000F80F81F000F80F81F000F80F81F000F80FC0F801F007C0F801F007C07C03E00
7C07E07E003E03F0FC003E01FFF8001F00FFF0001F807FE0000FC01F800007E000000003F00000
0001FC000F8000FF007F00007FFFFE00001FFFF8000007FFE0000000FF0000212A7DA928>64
D<01FE000FFF803FFFC03FFFE03C03F03001F00001F80000F80000F80000F80000F80000F8007F
F807FFF81FFFF83FE0F87F00F8FC00F8F800F8F800F8F800F8FC01F87E07F87FFFF83FFFF81FFC
F80FE0F8151B7E9A1D>97 D<F80000F80000F80000F80000F80000F80000F80000F80000F80000
F80000F80000F80000F80000F80000F80000F83F00F9FFC0FBFFE0FFFFF0FF07F0FC01F8F800FC
F8007CF8007CF8007EF8003EF8003EF8003EF8003EF8003EF8003EF8003EF8007CF8007CF8007C
FC00F8FC01F8FF07F0FFFFE0FBFFC0F9FF80F87E00172A7BA91F>I<007FC001FFF007FFFC0FFF
FC1FC07C1F00083E00007C00007C00007C0000F80000F80000F80000F80000F80000F80000F800
007C00007C00007E00003E00001F000C1FC07C0FFFFC07FFFC01FFF0007F80161B7E9A1B>I<00
003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00
003E00003E00FC3E03FF3E07FFFE0FFFFE1FC1FE3F007E3E003E7C003E7C003EFC003EF8003EF8
003EF8003EF8003EF8003EF8003EF8003EFC003E7C003E7C003E3E007E3F00FE1FC1FE0FFFFE07
FFBE03FF3E00FC3E172A7EA91F>I<007E0003FF8007FFC00FFFE01F83F03F00F03E00787C0078
7C003878003CFFFFFCFFFFFCFFFFFCFFFFFCF80000F80000F800007800007C00007C00003E0000
3F000C1FC07C0FFFFC07FFFC01FFF0007F80161B7E9A1B>I<001FC0007FC000FFC001FFC003F0
0003E00007C00007C00007C00007C00007C00007C00007C00007C00007C000FFFE00FFFE00FFFE
0007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C0
0007C00007C00007C00007C00007C00007C00007C00007C00007C00007C00007C000122A7FA912
>I<F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F80000F8
0000F80000F80000F83F00F8FF80FBFFC0FFFFE0FF07E0FE03F0FC01F0FC01F0FC01F0F801F0F8
01F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F8
01F0F801F0F801F0F801F0142A7BA91F>104 D<F83F00F9FFC0FBFFE0FFFFF0FF07F0FC01F8F8
00FCF800FCF8007CF8007EF8003EF8003EF8003EF8003EF8003EF8003EF8003EF8007CF8007CF8
00FCFC00F8FC03F8FF07F0FFFFE0FBFFC0F9FF80F87E00F80000F80000F80000F80000F80000F8
0000F80000F80000F80000F80000F80000F8000017277B9A1F>112 D<F838F8F8F9F8FBF8FFC0
FF00FE00FE00FC00FC00F800F800F800F800F800F800F800F800F800F800F800F800F800F800F8
00F800F8000D1B7B9A14>114 D<03FC001FFF803FFFC07FFFC07C07C0F80080F80000F80000F8
0000FC00007F80007FF8003FFE001FFF0007FF8000FFC0000FE00007E00003E00003E04003E0E0
07E0FC0FC0FFFFC07FFF801FFE0003F800131B7E9A17>I<F801F0F801F0F801F0F801F0F801F0
F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0F801F0
F801F0F801F0F803F0F803F0FC0FF0FFFFF07FFDF03FF9F01FC1F0141B7B9A1F>117
D E /Fq 3 104 df<00380000380000380000380000380000380060380CF8103E7C107C1F11F0
0793C001D700007C00007C0001D7000793C01F11F07C107CF8103E60380C003800003800003800
003800003800003800171A7D9B1E>3 D<0000F80003C0000F00001E00003C0000780000780000
780000780000780000780000780000780000780000780000780000780000780000780000780000
780000780000780000780000780000F00000F00001E000078000FE0000FE000007800001E00000
F00000F00000780000780000780000780000780000780000780000780000780000780000780000
7800007800007800007800007800007800007800007800007800003C00001E00000F000003C000
00F8153C7CAC1E>102 D<F800000F000003C00001E00000F00000780000780000780000780000
780000780000780000780000780000780000780000780000780000780000780000780000780000
7800007800007800003C00003C00001E000007000001F80001F8000700001E00003C00003C0000
780000780000780000780000780000780000780000780000780000780000780000780000780000
780000780000780000780000780000780000780000F00001E00003C0000F0000F80000153C7CAC
1E>I E /Fr 38 122 df<78FCFCFEFE7A02020202040404081010204007127B8511>44
D<FFFEFFFEFFFE0F037F8E14>I<007F000001C1C0000780F0000F0078000E0038001C001C003C
001E003C001E003C001E0078000F0078000F0078000F0078000F00F8000F80F8000F80F8000F80
F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F80F8000F
80F8000F80F8000F8078000F0078000F0078000F0078000F003C001E003C001E003C001E001C00
1C000E0038000F0078000780F00001C1C000007F000019297EA71E>48 D<00100000700001F000
0FF000FEF000F0F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000
00F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F00000F000
00F00000F00000F00000F00000F00000F00000F00000F00001F8007FFFE07FFFE013287BA71E>
I<007F000003FFC0000701F0000C00F80010007C001C007C003E007E003E003E003E003E001E00
3E000C007E0000007C0000007C00000078000000F0000000E0000001C0000007000000FF000000
01E0000000F0000000780000003C0000003E0000001F0000001F0000001F8000001F8030001F80
78001F80FC001F80FC001F80FC001F00F8001F0040003F0040003E0030007C001800F8000F01F0
0003FFC000007F000019297EA71E>51 D<00006000000060000000E0000001E0000001E0000003
E0000003E0000005E0000009E0000009E0000011E0000021E0000021E0000041E0000081E00000
81E0000101E0000201E0000201E0000401E0000801E0000801E0001001E0003001E0002001E000
4001E000C001E000FFFFFF80FFFFFF800001E0000001E0000001E0000001E0000001E0000001E0
000001E0000001E0000003F000007FFF80007FFF8019287EA71E>I<20000000380000003FFFFF
803FFFFF803FFFFF007FFFFF006000020040000400400004004000080080001000800020000000
20000000400000008000000080000001000000030000000200000006000000060000000C000000
0C0000001C0000001C0000001C0000003800000038000000380000007800000078000000780000
0078000000F8000000F8000000F8000000F8000000F8000000F8000000F8000000F80000007000
00192A7DA81E>55 D<007F000001FFC0000381F000060078000C003C001C001C0018000E003800
0E0038000E0038000E003C000E003C000E003E001C001F8018001FC038000FF0600007F8C00003
FF800001FF0000007FC00000FFE000030FF8000603FC001C01FE0038007E0030003F0070000F00
70000780E0000780E0000380E0000380E0000380E0000380F0000300700007007800060038000C
001E0038000F80F00003FFE000007F000019297EA71E>I<007F000001FFC00007C1E0000F0070
001E0038001C003C003C001C0078001E0078001E00F8000F00F8000F00F8000F00F8000F00F800
0F80F8000F80F8000F80F8000F8078000F8078001F803C001F803C001F801C002F800E004F8007
00CF8003810F80007E0F8000000F0000000F0000000F0000001E0000001E0000001E0000003C00
1C003C003E0078003E0070003C00E0001801C0001C0780000FFE000003F8000019297EA71E>I<
00001800000000180000000018000000003C000000003C000000003C000000007E000000007E00
000000FF000000009F000000009F000000011F800000010F800000010F8000000207C000000207
C000000207C000000403E000000403E000000403E000000801F000000801F000001801F8000010
00F800001000F800002000FC000020007C00003FFFFC00007FFFFE000040003E000040003E0000
80001F000080001F000080001F000100000F800100000F800100000F8002000007C007000007C0
1F80000FE0FFF000FFFFFFF000FFFF282A7EA92D>65 D<0000FF00100007FFE030001FC0783000
3E000C7000F80006F001F00003F003E00001F007C00000F00F800000700F800000701F00000030
3F000000303E000000303E000000107E000000107E000000107C00000000FC00000000FC000000
00FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC000000007C0000
00007E000000007E000000103E000000103E000000103F000000101F000000200F800000200F80
00006007C000004003E000008001F000018000F8000300003E000E00001FC038000007FFE00000
00FF8000242B7DA92B>67 D<FFFFFFC000FFFFFFF80007E000FC0003E0003F0003E0000F8003E0
0007C003E00003E003E00001F003E00000F003E00000F803E000007C03E000007C03E000007C03
E000003E03E000003E03E000003E03E000003F03E000003F03E000003F03E000003F03E000003F
03E000003F03E000003F03E000003F03E000003F03E000003F03E000003E03E000003E03E00000
7E03E000007C03E000007C03E00000F803E00000F803E00001F003E00003E003E00007C003E000
0F8003E0001F0007E000FE00FFFFFFF800FFFFFFC00028297EA82E>I<FFFF80FFFF8007F00003
E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003
E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003E00003
E00003E00003E00003E00003E00003E00003E00003E00003E00007F000FFFF80FFFF8011297EA8
16>73 D<FFFFE000FFFFE00007F0000003E0000003E0000003E0000003E0000003E0000003E000
0003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0000003E0
000003E0000003E0000003E0000003E0000003E0000003E0000003E0000103E0000103E0000103
E0000103E0000203E0000203E0000203E0000203E0000603E0000603E0000E03E0001E03E0007C
07E001FCFFFFFFFCFFFFFFFC20297EA825>76 D<FFE0001FFFFFF0001FFF03F80001F002F80000
E0027C000040027E000040023E000040021F000040021F800040020F8000400207C000400207E0
00400203E000400201F000400201F800400200F8004002007C004002007E004002003E00400200
1F004002001F804002000F8040020007C040020003E040020003E040020001F040020000F84002
0000F8400200007C400200003E400200003E400200001F400200000FC00200000FC002000007C0
02000003C002000003C007000001C00F800000C0FFF80000C0FFF800004028297EA82D>78
D<0001FF0000000F01E000003C0078000078003C0000E0000E0001E0000F0003C0000780078000
03C00F800003E01F000001F01F000001F03E000000F83E000000F87E000000FC7E000000FC7C00
00007C7C0000007CFC0000007EFC0000007EFC0000007EFC0000007EFC0000007EFC0000007EFC
0000007EFC0000007EFC0000007E7C0000007C7E000000FC7E000000FC7E000000FC3E000000F8
3F000001F81F000001F01F000001F00F800003E007800003C007C00007C003E0000F8000F0001E
000078003C00003C007800000F01E0000001FF0000272B7DA92E>I<FFFFFF8000FFFFFFF00007
E000FC0003E0003E0003E0001F0003E0000F8003E0000FC003E00007C003E00007E003E00007E0
03E00007E003E00007E003E00007E003E00007E003E00007C003E0000FC003E0000F8003E0001F
0003E0003E0003E001F80003FFFFE00003E000000003E000000003E000000003E000000003E000
000003E000000003E000000003E000000003E000000003E000000003E000000003E000000003E0
00000003E000000003E000000003E000000003E000000007F0000000FFFF800000FFFF80000023
297EA829>I<00FE010003FF83000F81E3001E0037003C001F0038000F007800070070000700F0
000300F0000300F0000300F0000100F8000100F8000100FC0000007C0000007F0000003FE00000
1FFF00000FFFE00007FFF80003FFFC00007FFE000007FF0000007F0000001F8000000F80000007
C0000007C0800003C0800003C0800003C0800003C0C00003C0C0000380C0000380E0000780F000
0700F8000E00EE001C00C3C07800C1FFF000803FC0001A2B7DA921>83 D<7FFFFFFFF87FFFFFFF
F87C007C00F870007C003860007C001840007C000840007C0008C0007C000CC0007C000C80007C
000480007C000480007C000480007C000480007C000400007C000000007C000000007C00000000
7C000000007C000000007C000000007C000000007C000000007C000000007C000000007C000000
007C000000007C000000007C000000007C000000007C000000007C000000007C000000007C0000
00007C000000007C000000007C000000007C000000007C00000000FE000000FFFFFE0000FFFFFE
0026297EA82B>I<FFFF801FFFFFFF801FFF07F00001F003E00000E003E000004003E000004003
E000004003E000004003E000004003E000004003E000004003E000004003E000004003E0000040
03E000004003E000004003E000004003E000004003E000004003E000004003E000004003E00000
4003E000004003E000004003E000004003E000004003E000004003E000004003E000004003E000
004003E000004001E000008001F000008001F000008000F000010000780003000078000200003C
000C00001F0018000007C070000001FFE00000007F0000282A7EA82D>I<FFFE03FFF803FFC0FF
FE03FFF803FFC00FE0003F80007E0007C0001F0000180003E0001F0000180003E0000F80001000
03E0000F8000100001F0000F8000200001F0000FC000200001F0000FC000200000F8000FC00040
0000F80013E000400000F80013E000400000FC0013E000C000007C0033F0008000007C0021F000
8000007E0021F0008000003E0021F8010000003E0040F8010000003E0040F8010000001F0040F8
020000001F00807C020000001F00807C020000000F80807C040000000F81003E040000000F8100
3E0400000007C1003E0800000007C2001F0800000007C2001F0800000003E2001F1000000003E4
000F9000000003E4000F9000000001F4000FA000000001F80007E000000001F80007E000000000
F80007C000000000F00003C000000000F00003C000000000700003800000000060000180000000
0060000180000000006000018000003A2A7FA83D>87 D<01FC00000E0780001001C0003C00E000
3E00F0003E0078001C00780008007800000078000000780000007800007FF80003E078000F8078
001F0078003E0078007C00780078007820F8007820F8007820F8007820F800F8207C00F8203C01
3C401F063FC007F80F001B1A7E991E>97 D<07800000FF800000FF8000000F8000000780000007
800000078000000780000007800000078000000780000007800000078000000780000007800000
078000000783F000078C1C0007B0070007A0038007C003C0078001E0078001E0078000F0078000
F0078000F8078000F8078000F8078000F8078000F8078000F8078000F8078000F0078000F00780
01F0078001E0078001C007C003C00740078007200E0006181C000407E0001D2A7FA921>I<007F
8001C0700780080F003C1E007C3C007C3C00387C0010780000F80000F80000F80000F80000F800
00F80000F80000F800007800007C00003C00043C00041E00080F001007802001C0C0007F00161A
7E991B>I<00000F000001FF000001FF0000001F0000000F0000000F0000000F0000000F000000
0F0000000F0000000F0000000F0000000F0000000F0000000F0000000F00003F0F0001C0CF0003
802F000F001F001E001F001C000F003C000F007C000F0078000F0078000F00F8000F00F8000F00
F8000F00F8000F00F8000F00F8000F00F8000F0078000F0078000F003C000F003C000F001E001F
000E002F0007004F8001C18FF8007E0FF81D2A7EA921>I<007E0003C3800700E00E00F01C0070
3C00783C003878003C78003CF8003CF8003CFFFFFCF80000F80000F80000F80000F80000780000
7C00003C00043C00041E00080E001007002001C0C0007F00161A7E991B>I<001F000070C000E1
E001C3E003C3E00381C00780800780000780000780000780000780000780000780000780000780
00FFFE00FFFE000780000780000780000780000780000780000780000780000780000780000780
0007800007800007800007800007800007800007800007800007800007800007C000FFFE00FFFE
00132A7FA912>I<07000F801F801F800F80070000000000000000000000000000000000000007
807F807F800F800780078007800780078007800780078007800780078007800780078007800780
0780078007800780FFF8FFF80D297FA811>105 D<0781F800FC00FF860E030700FF98070C0380
0FA0079003C007A003D001E007C003E001E007C003E001E0078003C001E0078003C001E0078003
C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0
078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003C001E0078003
C001E0078003C001E0FFFC7FFE3FFFFFFC7FFE3FFF301A7F9933>109 D<0783F800FF8C1C00FF
900E000FA0070007A0078007C0078007C007800780078007800780078007800780078007800780
078007800780078007800780078007800780078007800780078007800780078007800780078007
800780078007800780FFFCFFFCFFFCFFFC1E1A7F9921>I<007F000001C1C000070070000E0038
001C001C003C001E003C001E0078000F0078000F00F8000F80F8000F80F8000F80F8000F80F800
0F80F8000F80F8000F80F8000F8078000F0078000F003C001E003C001E001E003C000E00380007
00700001C1C000007F0000191A7E991E>I<0783F000FF8C1C00FFB00F0007A0078007C003C007
8003E0078001E0078001F0078001F0078000F8078000F8078000F8078000F8078000F8078000F8
078000F8078000F0078001F0078001F0078001E0078003C007C003C007C0078007A00E0007983C
000787E00007800000078000000780000007800000078000000780000007800000078000000780
000007800000FFFC0000FFFC00001D267F9921>I<0787C0FF98E0FF91F00FA1F007C1F007C0E0
07C000078000078000078000078000078000078000078000078000078000078000078000078000
07800007800007800007800007C000FFFE00FFFE00141A7F9917>114 D<07F8401C06C03001C0
6000C06000C0E00040E00040F00040F800007E00007FF0003FFE000FFF0003FF80003FC00007C0
8001E08001E0C000E0C000E0C000E0E000C0F001C0F80180C4070083F800131A7E9918>I<0080
000080000080000080000180000180000180000380000380000780000F80001FFF80FFFF800780
000780000780000780000780000780000780000780000780000780000780000780000780000780
4007804007804007804007804007804007804003C08001C08000E100003E0012257FA417>I<07
800780FF80FF80FF80FF800F800F80078007800780078007800780078007800780078007800780
078007800780078007800780078007800780078007800780078007800780078007800780078007
8007800F8007800F800380178001C027C000E047FC003F87FC1E1A7F9921>I<FFF00FF8FFF00F
F80F8003C0078003800780010003C0020003C0020003E0020001E0040001E0040000F0080000F0
080000F818000078100000781000003C2000003C2000003E6000001E4000001E4000000F800000
0F8000000700000007000000070000000200001D1A7F9920>I<FFF00FF8FFF00FF80F8003C007
8003800780010003C0020003C0020003E0020001E0040001E0040000F0080000F0080000F81800
0078100000781000003C2000003C2000003E6000001E4000001E4000000F8000000F8000000700
00000700000007000000020000000200000004000000040000000400000008000070080000F810
0000F8100000F8200000F0400000608000001F0000001D267F9920>121
D E /Fs 22 118 df<00000FF03F000000780CE0800001E00FC3C00003801F87C00007003F07C0
000F003F03C0001E001E0100001E001E0000001E001E0000003C003C0000003C003C0000003C00
3C0000003C003C0000003C003C0000003C003C00000078007800000FFFFFFFF0000FFFFFFFF000
00780078000000780078000000780078000000F000F0000000F000F0000000F000F0000000F000
F0000000F000F0000000F000F0000001E001E0000001E001E0000001E001E0000001E001E00000
01E001E0000001E001E0000003C003C0000003C003C0000003C003C0000003C003C0000003C003
C0000003C003C0000007C007C000007FF87FFE0000FFF87FFE00002A2A7FA923>11
D<387C7EFC7C3807067B8511>46 D<00000FF00100007FFE030001FC07070007E0018E001F8000
5E003E00003E007C00003E00F800001E01F000001E03E000000C07C000000C07C000000C0F8000
000C1F8000000C1F0000000C3F000000083F000000007E000000007E000000007E000000007E00
000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC00000000FC
000000207C000000207C000000207C000000403E000000403E000000801E000000801F00000100
0F8000020007C000040003E000180001F0003000007E01E000003FFF80000007FC0000282B7AA9
2B>67 D<01FFFFFFFF03FFFFFFFF000FC0007F000F80000F000F800007000F800007000F800003
000F800003001F000003001F000003001F000001001F000001001F000801001F000801003E0010
00003E001000003E001000003E003000003E00F000003FFFF000007FFFE000007C00E000007C00
6000007C006000007C002000007C00200200F800400400F800400400F800000400F800000800F8
00000800F800001801F000001001F000003001F000003001F000007001F00000E001F00003E003
F0000FE0FFFFFFFFC0FFFFFFFFC028297EA829>69 D<01FFFF03FFFE03FFFF07FFFE000FC0001F
80000F80001F00000F80001F00000F80001F00000F80001F00000F80001F00001F00003E00001F
00003E00001F00003E00001F00003E00001F00003E00001F00003E00003E00007C00003E00007C
00003E00007C00003E00007C00003E00007C00003FFFFFFC00007FFFFFF800007C0000F800007C
0000F800007C0000F800007C0000F800007C0000F80000F80001F00000F80001F00000F80001F0
0000F80001F00000F80001F00000F80001F00001F00003E00001F00003E00001F00003E00001F0
0003E00001F00003E00001F00003E00003F00007E000FFFF81FFFF00FFFF81FFFF002F297EA82D
>72 D<01FFFF800003FFFF8000000FC00000000F800000000F800000000F800000000F80000000
0F800000001F000000001F000000001F000000001F000000001F000000001F000000003E000000
003E000000003E000000003E000000003E000000003E000000007C000000007C000000007C0000
00007C000000007C000000007C00002000F800004000F800004000F800004000F800008000F800
008000F800018001F000018001F000030001F000030001F000070001F0000E0001F0003E0003F0
01FE00FFFFFFFC00FFFFFFFC0023297EA825>76 D<0001FC020007FF06001E038E003800DC0070
007C00E0003C01E0001C03C0001C03C0001C0380000807800008078000080780000807C0000807
C0000007E0000003F0000003FE000001FFE00001FFFE0000FFFF00003FFF80000FFFC00000FFE0
00000FE0000003F0000001F0000001F0000001F0200000F0200000F0200000F0200000E0600001
E0600001E0700001C0700003C0780007807C000700E6001E00E3C07C00C1FFF000803FC0001F2B
7DA921>83 D<003FC00001C0F0000200380007803C0007C01E000F801E0007801E0002001E0000
001E0000001E0000001E00001FFC0001F83C0007C03C000F803C001E003C003E003C007C007820
F8007820F8007820F8007820F800F820F80178407C0278403E0C3F8007F01E001B1A7D991E>97
D<01E000003FE000003FE0000003C0000003C0000003C0000003C0000003C0000003C000000780
000007800000078000000780000007800000078000000F0000000F07E0000F1838000F600E000F
800F000F0007001F0007801E0007C01E0003C01E0003C01E0003C01E0003C03C0007C03C0007C0
3C0007C03C0007C03C0007803C000F8078000F8078000F0078001E0078001C0078003800740070
00E200E000C103800080FE00001A2A7AA921>I<001FF000700C01E00203801E07001F0F003E1E
001E3E00083C00007C00007C0000780000F80000F80000F80000F80000F80000F80000F8000078
00087800083C00101C00200E004007038001FC00181A7C991B>I<0000007800000FF800000FF8
000000F0000000F0000000F0000000F0000000F0000000F0000001E0000001E0000001E0000001
E0000001E0000001E0000003C0000FC3C0007833C001E00BC003800BC0070007C00F0007801E00
07803E0007803C0007807C0007807C00078078000F00F8000F00F8000F00F8000F00F8000F00F8
000F00F8001E00F8001E0078001E0078001E0038003E001C005E000E01BE0007063FE001F83FE0
1D2A7CA921>I<001F8000F0E001C03003803807003C0E001C1E001C3E001E3C001E7C001E7C00
1EFFFFFCF80000F80000F80000F80000F80000F80000F800007800087800083800101C00200E00
C007030001FC00171A7C991B>I<0000003C0007E0C2003C390E00701E0E00E01E0401E01E0003
E01F0003C01F0007C01F0007C01F0007C01F0007C01E0007C03E0007C03C0003C0780001C07000
02E1E000063F000004000000040000000C0000000C0000000E00000007FFF00003FFFC0003FFFE
000E001F0018000780380003807000038070000380E0000380E0000380E0000380E00007007000
0E0030001C001C0038000F01E00001FF00001F287F9A1E>103 D<000F000001FF000001FF0000
001E0000001E0000001E0000001E0000001E0000001E0000003C0000003C0000003C0000003C00
00003C0000003C00000078000000783F800078C1C0007900E0007A00F0007C00F000F800F000F8
00F000F000F000F000F000F000F000F000F001E001E001E001E001E001E001E001E001E001E001
E001E003C003C003C003C003C003C003C003C003C003C003C003C007C007C07FFC7FFCFFFCFFFC
1E2A7FA921>I<001C003E003E007E003E001C0000000000000000000000000000000000000078
07F807F800F800F800F000F000F000F000F000F001E001E001E001E001E001E003C003C003C003
C003C003C007C07FF8FFF80F297FA811>I<00783F800FF8C1C00FF900E000FA00F000FC00F000
F800F000F800F000F000F000F000F000F000F000F000F001E001E001E001E001E001E001E001E0
01E001E001E001E003C003C003C003C003C003C003C003C003C003C003C003C007C007C07FFC7F
FCFFFCFFFC1E1A7F9921>110 D<001FC0000070700001C01C0003800E0007000E000E000F001E
0007803C0007803C0007807C0007807C00078078000F80F8000F80F8000F80F8000F80F8000F80
F8001F00F8001F00F8001E0078003C0078003C00380078001C00F0000E01C0000707800001FC00
00191A7C991E>I<001E0FC00003FE30700003FEC03C00003F001E00001E001E00003E000F0000
3C000F80003C000F80003C000F80003C000F80003C000F800078000F800078000F800078000F80
0078000F800078000F000078001F0000F0001F0000F0003E0000F0003C0000F000780000F000F0
0000F800E00001E403C00001E207000001E1FC000001E000000001E000000001E000000003C000
000003C000000003C000000003C000000003C000000003C000000007C00000007FFC000000FFFC
0000002126819921>I<00787C0FF98E0FFA1F00FA1F00FC1E00F81E00F80000F80000F00000F0
0000F00001E00001E00001E00001E00001E00001E00003C00003C00003C00003C00003C00003C0
0007C0007FFE00FFFE00181A7F9917>114 D<003F8401C06C03001C06000C0E000C0C00081C00
081E00081F00001FC0000FFE0007FF8003FFC000FFE0000FF00001F02000F06000706000706000
706000707000607000C0E80180C6070081FC00161A7E9918>I<00200000200000200000600000
400000C00000C00001C00001C00003C0000780001FFF80FFFF800780000780000780000F00000F
00000F00000F00000F00000F00001E00001E00001E00001E00001E01001E01003C02003C02003C
02003C02003C04001C04001C08000E100003E00011257BA417>I<07800780FF80FF80FF80FF80
0F800F800F800F800F000F000F000F000F000F000F000F000F000F000F000F001E001E001E001E
001E001E001E001E001E001E001E001E003C003C003C003C003C003C003C007C003C007C003C00
BC001C017C000E067FC003F87FC01A1A7B9921>I E /Ft 22 122 df<0000007C000000000000
7C000000000000FE000000000000FE000000000000FE000000000001FF000000000001FF000000
000003FF800000000003FF800000000007FFC00000000007FFC00000000007FFC0000000000FFF
E0000000000F7FE0000000001F7FF0000000001E3FF0000000001E3FF0000000003E3FF8000000
003C1FF8000000007C1FFC00000000780FFC00000000780FFC00000000F80FFE00000000F007FE
00000001F007FF00000001E003FF00000001E003FF00000003E003FF80000003C001FF80000007
C001FFC00000078000FFC00000078000FFC000000FFFFFFFE000000FFFFFFFE000001FFFFFFFF0
00001E00003FF000001E00003FF000003C00003FF800003C00001FF800007C00001FFC00007800
000FFC00007800000FFC0000F0000007FE0000F0000007FE0001F0000007FF0003F8000003FF00
FFFFC001FFFFFEFFFFC001FFFFFEFFFFC001FFFFFE37317DB03E>65 D<FFFFFFFFF00000FFFFFF
FFFF0000FFFFFFFFFFC00000FFC000FFF00000FFC0000FFC0000FFC00007FE0000FFC00001FF00
00FFC00000FF8000FFC000007FC000FFC000003FE000FFC000003FE000FFC000001FF000FFC000
001FF000FFC000001FF800FFC000000FF800FFC000000FFC00FFC000000FFC00FFC000000FFC00
FFC000000FFC00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC00000
0FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FFC000000FFE00FF
C000000FFE00FFC000000FFC00FFC000000FFC00FFC000000FFC00FFC000000FFC00FFC000000F
F800FFC000001FF800FFC000001FF800FFC000001FF000FFC000003FE000FFC000003FE000FFC0
00007FC000FFC00000FF8000FFC00001FF0000FFC00003FE0000FFC0000FFC0000FFC0007FF000
FFFFFFFFFFE000FFFFFFFFFF0000FFFFFFFFF0000037317EB03F>68 D<FFFFC000007FFFF0FFFF
E000007FFFF0FFFFF000007FFFF000FFF8000000F80000FFFC000000700000FFFE000000700000
EFFF000000700000E7FF800000700000E3FF800000700000E1FFC00000700000E0FFE000007000
00E07FF00000700000E07FF80000700000E03FFC0000700000E01FFE0000700000E00FFF000070
0000E007FF8000700000E003FF8000700000E001FFC000700000E000FFE000700000E0007FF000
700000E0007FF800700000E0003FFC00700000E0001FFE00700000E0000FFF00700000E00007FF
80700000E00003FF80700000E00001FFC0700000E00000FFE0700000E000007FF0700000E00000
7FF8700000E000003FFC700000E000001FFE700000E000000FFF700000E0000007FFF00000E000
0003FFF00000E0000001FFF00000E0000000FFF00000E00000007FF00000E00000007FF00000E0
0000003FF00000E00000001FF00000E00000000FF00000E000000007F00000E000000003F00001
F000000001F000FFFFE0000000F000FFFFE00000007000FFFFE000000070003C317EB041>78
D<FFFFFFFFE000FFFFFFFFFE00FFFFFFFFFF8000FFC001FFE000FFC0003FF000FFC0001FF800FF
C0000FFC00FFC0000FFC00FFC00007FE00FFC00007FE00FFC00007FF00FFC00007FF00FFC00007
FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FF00FFC00007FE00FFC00007FE00FF
C0000FFC00FFC0000FFC00FFC0001FF800FFC0003FF000FFC001FFE000FFFFFFFF8000FFFFFFFE
0000FFFFFFE00000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FF
C000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC00000
0000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FFC000000000FF
C0000000FFFFFFC00000FFFFFFC00000FFFFFFC0000030317EB038>80 D<001FF0018000FFFF03
8003FFFFC78007F00FFF800F8001FF801F00007F803F00001F803E00000F807E00000F807E0000
0780FE00000780FE00000780FE00000380FF00000380FF00000380FF80000000FFE00000007FFC
0000007FFFE000007FFFFE00003FFFFFC0001FFFFFF0001FFFFFF8000FFFFFFC0003FFFFFE0001
FFFFFF00007FFFFF80001FFFFF800000FFFFC0000007FFC0000000FFE00000003FE00000003FE0
0000001FE06000001FE0E000000FE0E000000FE0E000000FE0E000000FC0F000000FC0F000000F
C0F800001F80FC00001F80FF00003F00FFC0007E00FFFC01FC00F1FFFFF800E03FFFE000C007FF
000023317BB02E>83 D<FFFFFE07FFFFF801FFFFFFFFFE07FFFFF801FFFFFFFFFE07FFFFF801FF
FF03FF00000FFC000007E003FF80000FFC000003C001FF80000FFE0000038001FF800007FE0000
038001FFC00007FE0000078000FFC00007FF0000070000FFE00003FF00000700007FE00003FF80
000E00007FE00003FF80000E00007FF00003FF80001E00003FF00007FFC0001C00003FF80007FF
C0001C00001FF80007FFE0003800001FF8000E7FE0003800001FFC000E7FE0007800000FFC001E
7FF0007000000FFC001C3FF00070000007FE001C3FF000E0000007FE00381FF800E0000007FF00
381FF801E0000003FF00781FFC01C0000003FF00700FFC01C0000003FF80700FFC03C0000001FF
80F00FFE0380000001FFC0E007FE0380000000FFC0E007FF0700000000FFC1C003FF0700000000
FFE1C003FF0F000000007FE3C003FF8E000000007FE38001FF8E000000003FF38001FF9C000000
003FF70000FFDC000000003FFF0000FFFC000000001FFF0000FFF8000000001FFE00007FF80000
00000FFE00007FF0000000000FFC00003FF0000000000FFC00003FF00000000007FC00003FE000
00000007F800001FE00000000007F800001FE00000000003F800001FC00000000003F000000FC0
0000000001F000000F800000000001E0000007800000000000E000000700000050317EB055>87
D<007FF8000003FFFF000007FFFFC0000FE01FE0001FF007F0001FF003F8001FF003FC001FF001
FE000FE001FE0007C001FE00010001FE00000001FE00000001FE000001FFFE00003FFFFE0001FF
F1FE0007FE01FE000FF001FE001FC001FE003F8001FE007F8001FE00FF0001FE00FF0001FE00FF
0001FE00FF0001FE00FF0003FE007F8003FE007FC00EFE003FF03CFF000FFFF87FF807FFF03FF8
00FF800FF825207E9F28>97 D<0007FF00007FFFE000FFFFF003FC03F807F007FC0FE007FC1FE0
07FC3FC007FC3FC003F87FC001F07F8000407F800000FF800000FF800000FF800000FF800000FF
800000FF800000FF800000FF8000007F8000007FC000007FC000003FC0000E3FE0000E1FE0001C
0FF0001C07F8007803FF01F000FFFFE0007FFF800007FC001F207D9F25>99
D<00000007E0000003FFE0000003FFE0000003FFE00000003FE00000001FE00000001FE0000000
1FE00000001FE00000001FE00000001FE00000001FE00000001FE00000001FE00000001FE00000
001FE00000001FE00000001FE0000FF81FE0007FFF1FE001FFFFDFE003FE03FFE007F800FFE00F
E0003FE01FE0001FE03FC0001FE03FC0001FE07F80001FE07F80001FE07F80001FE0FF80001FE0
FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE0FF80001FE07F80001F
E07F80001FE07F80001FE03FC0001FE03FC0001FE01FC0003FE00FE0007FE007F001FFE003FC07
DFF001FFFF9FFF007FFE1FFF000FF01FFF28327DB12E>I<0007FC0000003FFF800000FFFFE000
03FC07F00007F801F8000FE000FC001FE0007E003FC0007E003FC0003F007FC0003F007F80003F
007F80003F80FF80003F80FF80003F80FFFFFFFF80FFFFFFFF80FFFFFFFF80FF80000000FF8000
0000FF800000007F800000007F800000003FC00000003FC00003801FC00003801FE00007800FF0
000F0007F8001E0003FE00FC0000FFFFF800003FFFE0000003FF000021207E9F26>I<001FF007
E000FFFE3FF001FFFF7FF807F83FF1F80FE00FE1F80FE00FE0F01FC007F0601FC007F0003FC007
F8003FC007F8003FC007F8003FC007F8003FC007F8001FC007F0001FC007F0000FE00FE0000FE0
0FE00007F83FC00007FFFF000006FFFE00000E1FF000000E000000001E000000001E000000001F
000000001F800000001FFFFFC0000FFFFFF8000FFFFFFE0007FFFFFF0003FFFFFF8007FFFFFFC0
1FFFFFFFE03F00007FE07E00000FF0FC000007F0FC000003F0FC000003F0FC000003F0FC000003
F07E000007E03F00000FC01FC0003F800FF801FF0007FFFFFE0000FFFFF000001FFF8000252F7E
9F29>103 D<01F800000000FFF800000000FFF800000000FFF8000000000FF80000000007F800
00000007F80000000007F80000000007F80000000007F80000000007F80000000007F800000000
07F80000000007F80000000007F80000000007F80000000007F80000000007F80000000007F807
F8000007F83FFF000007F87FFF800007F8F03FC00007F9C01FE00007FB000FE00007FE000FF000
07FE000FF00007FC000FF00007FC000FF00007F8000FF00007F8000FF00007F8000FF00007F800
0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000
07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800
0FF00007F8000FF00007F8000FF000FFFFC1FFFF80FFFFC1FFFF80FFFFC1FFFF8029327DB12E>
I<03C0000FF0000FF0001FF8001FF8001FFC001FF8001FF8000FF0000FF00003C0000000000000
0000000000000000000000000000000000000001F800FFF800FFF800FFF8000FF80007F80007F8
0007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F8
0007F80007F80007F80007F80007F80007F80007F80007F80007F800FFFF80FFFF80FFFF801133
7DB217>I<01F8000000FFF8000000FFF8000000FFF80000000FF800000007F800000007F80000
0007F800000007F800000007F800000007F800000007F800000007F800000007F800000007F800
000007F800000007F800000007F800000007F8007FFC07F8007FFC07F8007FFC07F8001FC007F8
001F0007F8003E0007F800780007F801F00007F803E00007F807800007F81F000007F83E000007
F87C000007F9FE000007FBFF000007FFFF800007FF7FC00007FE3FE00007F81FE00007F01FF000
07F00FF80007F007FC0007F003FE0007F001FF0007F000FF0007F000FF8007F0007FC007F0003F
E007F0003FF0FFFF80FFFFFFFF80FFFFFFFF80FFFF28327EB12C>107 D<01F800FFF800FFF800
FFF8000FF80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800
07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800
07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007F800
07F80007F80007F80007F80007F800FFFFC0FFFFC0FFFFC012327DB117>I<03F007F8000FF000
FFF03FFF007FFE00FFF07FFF80FFFF00FFF0F03FC1E07F800FF1C01FE3803FC007F3000FE6001F
C007F6000FFC001FE007FE000FFC001FE007FC000FF8001FE007FC000FF8001FE007F8000FF000
1FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0
001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000F
F0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE007F800
0FF0001FE007F8000FF0001FE007F8000FF0001FE007F8000FF0001FE0FFFFC1FFFF83FFFFFFFF
C1FFFF83FFFFFFFFC1FFFF83FFFF40207D9F45>I<03F007F80000FFF03FFF0000FFF07FFF8000
FFF0F03FC0000FF1C01FE00007F3000FE00007F6000FF00007FE000FF00007FC000FF00007FC00
0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000
07F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F800
0FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF00007F8000FF000
FFFFC1FFFF80FFFFC1FFFF80FFFFC1FFFF8029207D9F2E>I<0007FE0000003FFFC00000FFFFF0
0003FC03FC0007F000FE000FE0007F001FC0003F803FC0003FC03FC0003FC07F80001FE07F8000
1FE07F80001FE0FF80001FF0FF80001FF0FF80001FF0FF80001FF0FF80001FF0FF80001FF0FF80
001FF0FF80001FF07F80001FE07F80001FE07F80001FE03FC0003FC03FC0003FC01FE0007F800F
E0007F0007F801FE0003FE07FC0001FFFFF800003FFFC0000007FE000024207E9F29>I<03F03F
00FFF07FC0FFF1FFE0FFF3C7F00FF38FF807F70FF807F60FF807FE0FF807FC07F007FC03E007FC
008007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007
F8000007F8000007F8000007F8000007F8000007F8000007F8000007F8000007F80000FFFFE000
FFFFE000FFFFE0001D207E9F22>114 D<00FF870007FFEF001FFFFF003F007F003C001F007800
0F00F8000700F8000700F8000700FC000700FF000000FFF800007FFFC0003FFFF0003FFFFC000F
FFFE0007FFFF0001FFFF80001FFF800000FFC000001FC060000FC0E00007C0E00007C0F00007C0
F8000780F8000F80FE000F00FF803E00FFFFFC00F3FFF800C07FC0001A207D9F21>I<00380000
380000380000380000380000780000780000780000F80000F80001F80003F80007F8001FF800FF
FFFEFFFFFEFFFFFE07F80007F80007F80007F80007F80007F80007F80007F80007F80007F80007
F80007F80007F80007F80007F80007F80007F80707F80707F80707F80707F80707F80707F80703
F80E03FC0E01FE1C00FFF8007FF0000FE0182E7EAD20>I<FFFF801FFEFFFF801FFEFFFF801FFE
07F80003E007F80001C007FC0003C003FC00038003FE00078001FE00070001FF000F0000FF000E
0000FF801E00007F801C00007FC03C00003FC03800003FE03800001FE07000001FE07000000FF0
E000000FF0E000000FF9E0000007F9C0000007FFC0000003FF80000003FF80000001FF00000001
FF00000000FE00000000FE000000007C000000007C000000003800000000380000000070000000
007000000000F000003C00E000007E01E00000FF01C00000FF03800000FF07800000FF0F000000
7A3E0000007FFC0000003FF80000000FC0000000272E7E9F2C>121 D E
end
%%EndProlog
%%BeginSetup
TeXDict begin

%%EndSetup
%%Page: 1 1
0 bop 232 75 a Ft(Addressing)26 b(W)-7 b(eaknesses)26 b(in)h(the)g(Domain)h
(Name)751 212 y(System)e(Proto)r(col)457 416 y Fs(Christoph)21
b(L.)f(Sc)n(h)n(uba)g(and)h(Eugene)e(H.)g(Spa\013ord)788 580
y Fr(CO)n(AST)i(Lab)r(oratory)601 692 y(Departmen)n(t)e(of)h(Computer)g
(Sciences)810 804 y(Purdue)h(Univ)n(ersit)n(y)647 916 y(W)-5
b(est)20 b(Lafa)n(y)n(ette,)g(IN)f(47907-1398)685 1028 y Fq(f)p
Fp(schuba,spaf)p Fq(g)p Fp(@cs.pu)o(rdue.e)o(du)p eop
%%Page: 2 2
1 bop 1922 -100 a Fo(ii)912 344 y(ABSTRA)o(CT)149 555 y(Sc)o(h)o(uba,)19
b(Christoph.)28 b(M.S.,)18 b(Purdue)g(Univ)o(ersit)o(y)l(,)e(August)j(1993.)
29 b(Addressing)18 b(W)l(eaknesses)149 615 y(in)e(the)g(Domain)g(Name)e
(System)h(Proto)q(col.)22 b(Ma)s(jor)16 b(Professor:)23 b(Eugene)16
b(H.)f(Spa\013ord.)223 766 y(The)i(Domain)g(Name)e(System)h(\(DNS\))h(is)g(a)
h(widely)e(implem)o(en)o(t)o(ed)f(distributed)h(database)149
856 y(system)e(used)h(throughout)i(the)e(In)o(ternet,)e(pro)o(viding)i(name)f
(resolution)h(b)q(et)o(w)o(een)f(host)h(names)149 946 y(and)i(In)o(ternet)e
(Proto)q(col)i(addresses.)223 1037 y(This)e(thesis)g(describ)q(es)f(problems)
g(with)h(the)g(DNS)g(and)g(one)h(of)f(its)g(implem)o(en)n(tations)e(that)149
1127 y(allo)o(w)21 b(the)g(abuse)g(of)g(name)f(based)i(authen)o(tication.)34
b(This)22 b(leads)e(to)i(situations)f(where)g(the)149 1217
y(name)16 b(resolution)g(pro)q(cess)h(cannot)f(b)q(e)h(trusted,)f(and)h
(securit)o(y)d(ma)o(y)h(b)q(e)h(compromised.)223 1307 y(This)h(thesis)f
(outlines)g(the)h(curren)o(t)f(design)h(and)g(implem)o(en)o(tati)o(on)e(of)i
(the)f(DNS.)h(It)f(states)149 1398 y(the)f(main)f(problem)f(b)q(oth)j(on)g(a)
f(high)h(lev)o(el)c(and)k(as)g(applied)e(to)i(the)e(DNS)h(in)g(a)h(more)d
(concrete)149 1488 y(fashion.)24 b(W)l(e)17 b(examine)d(the)j(w)o(eaknesses)g
(in)f(the)h(DNS)g(and)g(exploit)f(a)h(metho)q(d)f(to)h(abuse)h(the)149
1578 y(DNS)f(for)f(system)f(break{ins.)223 1669 y(W)l(e)21
b(demonstrate)g(these)g(w)o(eaknesses)h(b)o(y)f(describing)h(the)f(necessary)
h(mo)q(di\014cations)f(in)149 1759 y(authoritativ)o(e)16 b(DNS)g(data)h(and)g
(Domain)e(Name)g(System)f(co)q(de.)21 b(W)l(e)16 b(list)g(exp)q(eriences)e
(gained)149 1849 y(during)j(exp)q(erimen)o(ts)d(with)j(sev)o(eral)e(setups)i
(of)g(name)f(serv)o(ers)f(and)j(trusting)f(hosts)g(in)f(a)i(lo)q(cal)149
1939 y(area)f(net)o(w)o(ork.)223 2030 y(T)l(o)q(o)j(w)o(eak)f(assumptions)h
(during)f(the)h(authen)o(tication)e(pro)q(cesses)i(cause)g(man)o(y)e(securit)
o(y)149 2120 y(breac)o(hes.)28 b(W)l(e)18 b(state)h(the)f(securit)o(y)g
(considerations)g(in)h(the)f(o\016cial)g(design)g(do)q(cumen)o(ts)g(and)149
2210 y(analyze)12 b(the)g(algorithms)g(used)g(in)g(the)g(DNS)g(proto)q(col)h
(lo)q(oking)g(for)g(w)o(eak)f(assumptions.)20 b(Using)149 2301
y(a)g(wide)f(v)m(ariet)o(y)g(of)g(criteria,)g(w)o(e)g(discuss)h(sev)o(eral)e
(approac)o(hes)i(to)g(solv)o(e)f(the)g(main)f(problem)149 2391
y(in)g(the)g(Domain)f(Name)f(System)g(proto)q(col.)27 b(Tw)o(o)19
b(of)f(these)f(solutions,)i(hardening)f(the)g(name)149 2481
y(serv)o(er)g(and)i(using)f(cryptographic)g(metho)q(ds)f(for)h(strong)h
(authen)o(tication,)f(receiv)o(e)d(more)i(at-)149 2571 y(ten)o(tion)e(than)h
(the)f(other)g(solutions.)p eop
%%Page: 2 3
2 bop 794 1170 a Fo(DISCARD)16 b(THIS)f(P)l(A)o(GE)p eop
%%Page: 3 4
3 bop 1893 -100 a Fo(iii)777 342 y(T)l(ABLE)16 b(OF)g(CONTENTS)1847
516 y(P)o(age)149 687 y(ABSTRA)o(CT)45 b Fn(:)24 b(:)g(:)h(:)f(:)h(:)f(:)h(:)
f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)93 b Fo(ii)149 845 y(LIST)17
b(OF)f(T)l(ABLES)30 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)81 b Fo(vi)149 1002 y(LIST)17 b(OF)f(FIGURES)40 b Fn(:)25
b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)68 b Fo(vii)149
1160 y(1.)36 b(INTR)o(ODUCTION)j Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)96 b Fo(1)149 1318 y(2.)36 b(THE)16 b(DOMAIN)f(NAME)g(SYSTEM)27
b Fn(:)e(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)96 b Fo(5)223 1427 y(2.1)50 b(In)o(tro)q(duction)21
b Fn(:)k(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 b
Fo(5)335 1487 y(2.1.1)56 b(The)16 b(TCP/IP)h(Proto)q(col)g(Suite)31
b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)96 b Fo(6)335 1547 y(2.1.2)56 b(In)o(ternet)15 b(Services)44
b Fn(:)24 b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 b Fo(6)335 1608 y(2.1.3)56
b(P)o(ac)o(k)o(et)15 b(Routing)34 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96
b Fo(7)335 1668 y(2.1.4)56 b(Name)14 b(Resolution)37 b Fn(:)24
b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)96 b Fo(7)223 1728 y(2.2)50 b(Historical)15
b(Dev)o(elopmen)o(t)j Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)96 b
Fo(8)223 1788 y(2.3)50 b(Design)16 b(Goals)49 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)96 b Fo(9)335 1848 y(2.3.1)56 b(Data)17
b(Consistency)27 b Fn(:)d(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(10)335 1908
y(2.3.2)56 b(E\016ciency)41 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(10)335 1969 y(2.3.3)56 b(Distributed)16 b(Character)46
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)72 b Fo(11)335 2029 y(2.3.4)56 b(Generalit)o(y)24
b Fn(:)g(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(11)335 2089
y(2.3.5)56 b(Indep)q(endence)34 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(11)223 2149 y(2.4)50 b(DNS)16 b(En)o(tities)44 b Fn(:)24
b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(12)335 2209
y(2.4.1)56 b(Domain)15 b(Name)g(Space)33 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(12)335 2270 y(2.4.2)56 b(DNS)16 b(Messages)e Fn(:)24 b(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(14)335 2330 y(2.4.3)56 b(Resource)16 b(Records)26
b Fn(:)e(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(17)335 2390 y(2.4.4)56 b(Name)14
b(Serv)o(ers)33 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b
Fo(18)335 2450 y(2.4.5)56 b(Resolv)o(ers)48 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)72 b Fo(19)223 2510 y(2.5)50 b(F)l(orw)o(ard)16
b(and)h(In)o(v)o(erse)e(Mapping)h(T)l(ree)38 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f
(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(20)223
2571 y(2.6)50 b(Recursion)16 b(and)g(Iteration)d Fn(:)25 b(:)f(:)g(:)h(:)f(:)
h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)72 b Fo(22)223 2631 y(2.7)50 b(Filling)15 b(in)g(the)h(Blanks)42
b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(22)p eop
%%Page: 4 5
4 bop 1899 -100 a Fo(iv)1836 64 y(P)o(age)335 178 y(2.7.1)56
b(Role)16 b(of)g(Cac)o(hes)48 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(23)335 239 y(2.7.2)56 b(Role)16 b(of)g(Authorities)32
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(23)335 299 y(2.7.3)56 b(Occurrence)15
b(of)h(Errors)35 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(24)223 359 y(2.8)50
b(Example:)19 b(Name)c(Resolution)47 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(24)223 419 y(2.9)50 b(The)16 b(Domain)g(Name)e(System)h(Proto)q(col)g
Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)72 b Fo(26)335 479 y(2.9.1)56 b(Data)17 b(Structures)22
b Fn(:)j(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(26)335 540 y(2.9.2)56
b(Name)14 b(Serv)o(er)h(Algorithm)47 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(27)335
600 y(2.9.3)56 b(Resolv)o(er)15 b(Algorithm)24 b Fn(:)g(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(30)223 660 y(2.10)26 b(In)o(teraction)15 b(of)i(Name)d(Serv)o(er)h(and)i
(Resolv)o(er)35 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(31)335 720 y(2.10.1)32 b(Data)17 b(Flo)o(w)23
b Fn(:)h(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(32)335 780
y(2.10.2)32 b(Shared)16 b(Information)25 b Fn(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(33)149 889 y(3.)36 b(DESCRIPTION)16 b(AND)f(DEMONSTRA)l(TION)g(OF)h
(WEAKNESSES)j Fn(:)25 b(:)f(:)h(:)f(:)g(:)72 b Fo(35)223 998
y(3.1)50 b(Statemen)o(t)14 b(of)j(the)f(Problem)41 b Fn(:)24
b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)72 b Fo(35)223 1059 y(3.2)50 b(The)16 b(Problem)f(in)h(the)g
(DNS)k Fn(:)k(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(36)223 1119 y(3.3)50
b(W)l(eaknesses)42 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)
f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)
72 b Fo(38)335 1179 y(3.3.1)56 b(Assumptions)15 b(to)i(F)l(acilitate)e
(Break{ins)d Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)
72 b Fo(38)335 1239 y(3.3.2)56 b(Authen)o(tication)15 b(via)h(Host)g(Names)34
b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(39)335 1299 y(3.3.3)56 b(T)l(rusting)17 b(a)f(Not)g(T)l(rust)o(w)o(orth)
o(y)g(Source)34 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)72 b Fo(40)335 1359 y(3.3.4)56 b(Believing)14 b(Additional,)h(Not)h
(Authoritativ)o(e)f(Information)49 b Fn(:)24 b(:)h(:)f(:)g(:)72
b Fo(40)223 1420 y(3.4)50 b(Exploiting)16 b(the)g(Fla)o(ws)36
b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(41)335 1480
y(3.4.1)56 b(Regular)16 b(Access)40 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(41)335 1540 y(3.4.2)56 b(The)16 b(\\Database)i(Mo)q(di\014cation")f
(Approac)o(h)48 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(42)335 1600 y(3.4.3)56 b(The)16 b(\\Cac)o(he)g(P)o(oisoning")i(Approac)o
(h)26 b Fn(:)e(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(42)335 1660 y(3.4.4)56 b(The)16 b(\\Ask)g(Me!")21 b(Approac)o(h)40
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(43)223 1721 y(3.5)50 b(Implem)o(en)n(tation)14
b(and)j(Exp)q(erimen)o(ts)33 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(45)335 1781
y(3.5.1)56 b(Domain)15 b(and)i(Zone)g(Setup)35 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)
f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(45)335 1841 y(3.5.2)56 b(Name)14 b(Serv)o(er)h(and)i(Resolv)o(er)e
(Setup)47 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)72 b Fo(45)335 1901 y(3.5.3)56 b(T)l(rusting)17 b(Hosts)48
b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(46)335 1961 y(3.5.4)56
b(Authen)o(tication)15 b(in)h(Berk)o(eley)d(\\r{Commands")18
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(47)335
2022 y(3.5.5)56 b(Rev)o(erse)15 b(Lo)q(okup)i(T)l(ree)f(Manipulation)34
b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(48)335 2082 y(3.5.6)56 b(Cac)o(he)16 b(Corruption)22 b
Fn(:)i(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)
f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(48)223 2142 y(3.6)50 b(Exp)q(eriences)15
b(Gained)21 b Fn(:)k(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(50)335
2202 y(3.6.1)56 b(Acquiring)15 b(Information)39 b Fn(:)24 b(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(51)335 2262 y(3.6.2)56 b(Complexit)o(y)13 b(of)k(Mo)q(di\014cations)28
b Fn(:)d(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)72 b Fo(52)335 2323 y(3.6.3)56 b(Detecting)15 b(a)i(DNS)f(based)h
(Break{in)42 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)72 b Fo(53)149 2432 y(4.)36 b(SECURITY)15 b(ANAL)l(YSIS)g(AND)h
(SOLUTIONS)29 b Fn(:)c(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)
f(:)g(:)72 b Fo(55)223 2540 y(4.1)50 b(Securit)o(y)14 b(Considerations)k(in)d
(the)h(RF)o(C)g(1035)29 b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)72 b Fo(55)223 2601 y(4.2)50 b(Analysis)15
b(of)i(the)f(Name)e(Serv)o(er)i(Algorithm)21 b Fn(:)k(:)f(:)h(:)f(:)g(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(57)p eop
%%Page: 5 6
5 bop 1913 -100 a Fo(v)1836 64 y(P)o(age)223 178 y(4.3)50 b(Analysis)15
b(of)i(the)f(Resolv)o(er)f(Algorithm)37 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(58)223
239 y(4.4)50 b(Ev)m(aluation)17 b(Criteria)30 b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(60)223 299 y(4.5)50 b(The)16 b(Berk)o(eley)e(P)o(atc)o(h)
20 b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)
h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(61)223
359 y(4.6)50 b(Examining)15 b(Berk)o(eley)e(\\r{Commands")g
Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)72 b Fo(62)223 419 y(4.7)50 b(Restricting)15 b(Public)g(Information)h
(Access)f Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(64)223 479 y(4.8)50 b(Adjusting)16 b(DNS)g(Up)q(date)h(In)
o(terv)m(als)11 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(66)223 540 y(4.9)50
b(Abandoning)17 b(the)f(Domain)f(Name)g(System)28 b Fn(:)d(:)f(:)h(:)f(:)g(:)
h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(67)223
600 y(4.10)26 b(Hardening)16 b(Name)e(Serv)o(ers)29 b Fn(:)24
b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)72 b Fo(68)335 660 y(4.10.1)32 b(Problems)15
b(Not)h(Exploiting)g(Cac)o(he)g(P)o(oisoning)41 b Fn(:)24 b(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(68)335 720 y(4.10.2)32 b(Problems)15
b(Exploiting)h(Cac)o(he)g(P)o(oisoning)22 b Fn(:)i(:)g(:)h(:)f(:)h(:)f(:)h(:)
f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(69)335 780 y(4.10.3)32 b(Keeping)16
b(Additional)f(Information)24 b Fn(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)
f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(70)335 841 y(4.10.4)32 b(Prev)o(en)o(tion)15
b(of)h(Cac)o(he)g(P)o(oisoning)k Fn(:)k(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(70)335 901 y(4.10.5)32
b(Con)o(text)16 b(Cac)o(he)47 b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(71)335 961 y(4.10.6)32 b(Authorit)o(y)15 b(Cac)o(he)47
b Fn(:)24 b(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(72)335 1021 y(4.10.7)32
b(Conditional)16 b(Cac)o(he)g(Use)29 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b
Fo(72)335 1081 y(4.10.8)32 b(Discussion)26 b Fn(:)e(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(73)223 1142 y(4.11)26 b(Cryptographic)17
b(Metho)q(ds)f(for)h(Strong)g(Authen)o(tication)i Fn(:)24 b(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(73)335 1202 y(4.11.1)32 b(Data)17
b(In)o(tegrit)o(y)h Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b
Fo(74)335 1262 y(4.11.2)32 b(Originator)16 b(Authen)o(tication)35
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(75)335 1322 y(4.11.3)32 b(P)o(assing)17
b(Creden)o(tials)e(to)i(Pro)o(v)o(e)e(Authorit)o(y)23 b Fn(:)h(:)h(:)f(:)h(:)
f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(77)335 1382 y(4.11.4)32
b(Example)21 b Fn(:)k(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(78)335 1443 y(4.11.5)32 b(Discussion)26 b Fn(:)e(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)72 b Fo(81)149 1551 y(5.)36 b(CONCLUSIONS)15 b(AND)h(OUTLOOK)30
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)72 b Fo(83)149 1709 y(BIBLIOGRAPHY)44 b
Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(85)p eop
%%Page: 6 7
6 bop 1894 -100 a Fo(vi)847 342 y(LIST)16 b(OF)g(T)l(ABLES)149
516 y(T)l(able)1580 b(P)o(age)149 687 y(2.1)60 b(Subset)17
b(of)f(QTYPEs)21 b Fn(:)k(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(19)149 796 y(2.2)60 b(Example)15 b(steps)h(in)g(name)f(resolution)h
Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)72 b Fo(26)149 905 y(3.1)60 b(Regular)17 b(access)41
b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(41)149 1014 y(3.2)60 b(The)17 b(\\Database)h(Mo)q(di\014cation")f
(approac)o(h)50 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)72 b Fo(42)149 1123 y(3.3)60 b(The)17 b(\\Cac)o(he)f(P)o
(oisoning")h(approac)o(h)28 b Fn(:)c(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(43)149 1232
y(4.1)60 b(Example:)20 b(certi\014cate)15 b(v)m(alidation)41
b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(79)149 1341 y(4.2)60 b(Example:)20
b(legend)c(of)g(abbreviations)22 b Fn(:)i(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(79)p
eop
%%Page: 7 8
7 bop 1880 -100 a Fo(vii)833 342 y(LIST)17 b(OF)f(FIGURES)149
516 y(Figure)1560 b(P)o(age)149 687 y(2.1)60 b(Domain)16 b(purdue.edu)45
b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(12)149
796 y(2.2)60 b(Domain)16 b(vs.)21 b(zone)32 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h
(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(13)149 905 y(2.3)60 b(DNS)17
b(message)24 b Fn(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(14)149 1014 y(2.4)60 b(The)17 b(in-addr.arpa)g(domain)45
b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(21)149 1123 y(2.5)60
b(Degree)16 b(of)h(sp)q(eci\014cation)26 b Fn(:)f(:)f(:)h(:)f(:)g(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g
(:)72 b Fo(21)149 1232 y(2.6)60 b(Example)15 b(name)g(resolution)41
b Fn(:)25 b(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h
(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(25)149 1341 y(2.7)60
b(Name)15 b(serv)o(er)g(algorithm)j Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f
(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(28)149 1450 y(2.8)60 b(Resolv)o(er)15 b(algorithm)26 b
Fn(:)f(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)
h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(30)149
1559 y(2.9)60 b(Data)18 b(\015o)o(w)e(b)q(et)o(w)o(een)g(DNS)g(en)o(tities)e
Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h
(:)f(:)h(:)f(:)g(:)72 b Fo(32)149 1668 y(3.1)60 b(Exp)q(erimen)o(tal)14
b(setup)51 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)
h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(36)149 1777 y(3.2)60 b(Algorithm)15 b(of)h(the)g(Berk)o(eley)e(patc)o(h)
46 b Fn(:)24 b(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)
h(:)f(:)h(:)f(:)g(:)72 b Fo(49)149 1886 y(3.3)60 b(Additional)16
b(false)g(resource)g(record)22 b Fn(:)j(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(50)149
1995 y(3.4)60 b(Mo)q(di\014cations)17 b(in)f(name)f(serv)o(er)g(co)q(de)47
b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f
(:)h(:)f(:)g(:)72 b Fo(51)149 2104 y(4.1)60 b(Application)16
b(of)g(a)h(message)e(digest)h(algorithm)33 b Fn(:)25 b(:)f(:)h(:)f(:)g(:)h(:)
f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(74)149 2213
y(4.2)60 b(Digital)16 b(signature)h(generation)f(and)h(v)m(alidation)51
b Fn(:)24 b(:)h(:)f(:)g(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72
b Fo(76)149 2321 y(4.3)60 b(Example:)20 b(certi\014cate)15
b(v)m(alidation)41 b Fn(:)25 b(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)h(:)
f(:)h(:)f(:)h(:)f(:)h(:)f(:)h(:)f(:)g(:)72 b Fo(80)p eop
%%Page: 8 9
8 bop 1883 -100 a Fo(viii)776 342 y(A)o(CKNO)o(WLEDGMENTS)223
516 y(W)l(e)15 b(w)o(ould)h(lik)o(e)e(to)j(thank)f(the)f(German-American)e(F)
l(ulbrigh)o(t)i(Commission)f(for)i(a)h(sc)o(hol-)149 606 y(arship)25
b(that)f(made)f(this)h(w)o(ork)g(p)q(ossible.)45 b(Thanks)25
b(to)f(Stev)o(en)f(Bello)o(vin)f(whose)j(v)m(aluable)149 696
y(commen)o(ts)12 b(are)j(most)e(appreciated)i(and)g(Dan)g(T)l(rinkle)e(who)j
(sho)o(w)o(ed)e(us)h(ho)o(w)g(to)g(master)e(some)149 787 y(of)k(the)f(subtle)
g(di\016culties)e(of)j(the)f(DNS.)p eop
%%Page: 1 10
9 bop 1925 -100 a Fo(1)815 342 y(1.)33 b(INTR)o(ODUCTION)223
516 y(The)19 b(In)o(ternet)f(is)h(a)h(widespread)f(conglomeration)f(of)i(h)o
(undreds)f(of)h(thousands)h(of)e(in)o(ter-)149 606 y(connected)d
(heterogeneous)h(net)o(w)o(orks)f(and)h(hosts.)22 b(The)17
b(design)f(of)h(the)f(In)o(ternet)f(is)h(based)h(on)149 696
y(a)g(proto)q(col)g(hierarc)o(h)o(y)l(.)j(There)c(exist)f(m)o(ultiple)e
(implem)o(en)o(tations)h(of)i(these)g(proto)q(cols.)223 787
y(Computers)k(comm)o(unicate)e(with)j(eac)o(h)g(other)g(on)h(the)f(basis)h
(of)g(di\013eren)o(t)e(t)o(yp)q(es)h(of)h(ad-)149 877 y(dresses;)e(on)e(the)g
(ph)o(ysical)g(la)o(y)o(er)f(using)h(lo)o(w{lev)o(el)f(ph)o(ysical)g
(addresses)i(lik)o(e)e(Ethernet)1820 859 y Fm(1)1857 877 y
Fo(card)149 967 y(addresses,)25 b(on)f(the)e(data)i(link)e(to)h(presen)o
(tation)g(la)o(y)o(er)e(using)i(host)h(addresses)f(suc)o(h)g(as)h(IP)149
1057 y(addresses)347 1039 y Fm(2)368 1057 y Fo(,)15 b(and)h(on)g(the)f
(application)g(la)o(y)o(er)f(using)i(high{lev)o(el,)d(pronounceable)j(host)g
(names.)223 1148 y(One)j(of)h(the)g(managemen)o(t)e(tasks)i(in)g(the)f(In)o
(ternet)g(is)h(the)f(mapping)h(of)g(lo)o(w)o(er)f(lev)o(el)f(ad-)149
1238 y(dresses)e(to)h(host)f(names.)k(A)c(\014rst)g(naiv)o(e)f(approac)o(h)i
(is)e(to)i(collect)d(all)i(name{to{address)g(map-)149 1328
y(pings)g(in)g(a)g(single)f(\014le.)20 b(That)d(w)o(as)f(also)g(the)f
(\014rst)h(approac)o(h)h(tak)o(en)e(in)g(the)h(In)o(ternet.)j(The)d(\014le)
149 1419 y(\\HOSTS.TXT")f(con)o(tained)f(the)h(name{to{address)g(mapping)f
(for)h(ev)o(ery)e(host)i(connected)f(to)149 1509 y(the)i(ARP)l(ANET.)223
1599 y(The)i(task)h(of)g(naming)f(hosts)h(and)g(net)o(w)o(ork)f(domains)g(is)
h(addressed)g(b)o(y)f(creating)g(a)h(hier-)149 1689 y(arc)o(hical)h(relation)
g(b)q(et)o(w)o(een)f(domains,)h(with)h(hosts)g(as)g(the)f(furthest)g
(descendan)o(ts)h(from)e(an)149 1780 y(arti\014cial)h(ro)q(ot)h(domain.)32
b(By)20 b(app)q(ending)h(the)f(domain)f(lab)q(els)h(one)h(after)f(the)g
(other)g(to)h(the)149 1870 y(host)15 b(lab)q(els)f(on)g(the)g(path)g(up)g(to)
g(the)g(ro)q(ot)h(in)e(the)h(hierarc)o(hical)e(tree,)h(a)h(unique,)g(memoriz)
o(able,)149 1960 y(and)j(usually)f(pronounceable)h(iden)o(ti\014er)d(is)i
(created:)21 b(the)16 b(host)h(name.)223 2051 y(The)d(mapping,)g(or)h
(binding,)f(of)h(IP)g(addresses)g(to)g(host)g(names)f(b)q(ecame)f(a)i(ma)s
(jor)f(problem)149 2141 y(in)h(the)h(rapidly)e(gro)o(wing)i(In)o(ternet.)k
(This)15 b(thesis)g(do)q(es)i(not)e(deal)g(with)h(the)f(mapping)f(b)q(et)o(w)
o(een)149 2231 y(addresses)19 b(on)e(the)h(ph)o(ysical)e(la)o(y)o(er)g(and)i
(transp)q(ort)h(la)o(y)o(er,)d(whic)o(h)h(is)g(solv)o(ed)g(b)o(y)g(ARP)1787
2213 y Fm(3)1824 2231 y Fo(in)g(the)149 2322 y(UNIX)278 2303
y Fm(4)313 2322 y Fo(proto)q(col)g(suite,)e(but)h(with)h(the)f(mapping)f(b)q
(et)o(w)o(een)g(host)i(names)f(and)h(IP)f(addresses.)p 149
2365 720 2 v 206 2396 a Fl(1)224 2411 y Fk(Ethernet)g(is)e(a)f(registered)j
(trademark)d(of)g(Xero)o(x)h(Corp)q(oration)206 2446 y Fl(2)224
2461 y Fk(\\32-bit)f(addresses)j(assigned)e(to)g(hosts)g(that)g(w)o(an)o(t)g
(to)f(participate)h(in)g(a)f(TCP/IP)i(in)o(ternet")f([Com91)m(])206
2495 y Fl(3)224 2511 y Fk(\\Address)h(Resolution)e(Proto)q(col)h({)f(used)i
(to)e(dynamically)e(bind)i(a)h(high)f(lev)o(el)g(IP)h(address)h(to)f(a)f(lo)o
(w)g(lev)o(el)149 2560 y(ph)o(ysical)h(hardw)o(are)g(address")h([Com91)m(])
206 2595 y Fl(4)224 2610 y Fk(UNIX)f(is)g(a)g(trademark)f(of)g(A)m(T&T)h
(Bell)g(Lab)q(oratories)p eop
%%Page: 2 11
10 bop 1925 -100 a Fo(2)223 75 y(This)13 b(higher)f(lev)o(el)f(binding)i
(e\013ort)h(w)o(en)o(t)e(through)i(di\013eren)o(t)e(stages)i(of)f(dev)o
(elopmen)o(t)d(up)j(to)149 165 y(the)g(curren)o(tly)e(used)i(Domain)f(Name)f
(System.)19 b(The)12 b(Domain)g(Name)f(System,)h(with)g(its)h(Berk)o(e-)149
255 y(ley)19 b(UNIX)f(implem)o(en)o(tati)o(on)g(called)g(BIND)997
237 y Fm(5)1016 255 y Fo(,)h(is)h(a)g(distributed)f(naming)f(resolution)i
(system)149 346 y(used)d(b)o(y)f(most)g(net)o(w)o(ork)g(services)g(a)o(v)m
(ailable)g(throughout)i(the)f(In)o(ternet.)k(It)16 b(w)o(orks)h(transpar-)149
436 y(en)o(tly)j(for)h(the)f(user)h(who)g(sends)g(email,)e(accesses)i
(another)g(host)g(via)g(\\telnet")f(or)h(\\rlogin,")149 526
y(or)d(transfers)g(some)e(\014les)h(via)g(\\ftp")h(from)e(another)i(site)e
(to)i(his)f(o)o(wn)h(mac)o(hine.)k(The)17 b(Domain)149 616
y(Name)12 b(System)f(pro)o(vides)i(name)e(binding)i(in)g(b)q(oth)h
(directions:)19 b(giv)o(en)12 b(a)h(host)h(name,)e(it)g(returns)149
707 y(the)k(appropriate)h(IP)f(addresses,)h(and)g(vice)d(v)o(ersa.)223
797 y(Before)d(hosts)h(gran)o(t)h(net)o(w)o(ork)e(services)g(to)h(users,)h
(an)f(authen)o(tication)f(pro)q(cess)i(tak)o(es)f(place,)149
887 y(where)19 b(the)g(users')g(access)g(righ)o(ts,)g(and)h(the)f(iden)o(tit)
o(y)e(of)i(connecting)g(hosts)h(get)f(scrutinized,)149 978
y(according)c(to)g(pro)o(vider)e(p)q(olicies.)20 b(These)14
b(examinations)f(are)h(usually)g(based)h(up)q(on)g(iden)o(ti\014ca-)149
1068 y(tion)h(b)o(y)e(login)h(name,)f(passw)o(ord)i(and)g(host)g(name.)j(In)c
(some)f(cases)i(it)e(is)h(su\016cien)o(t)f(to)h(pro)o(vide)149
1158 y(the)h(righ)o(t)g(names,)f(and)i(access)f(is)g(gran)o(ted)h(without)f
(sp)q(ecifying)g(an)o(y)g(passw)o(ord)h(at)g(all.)223 1248
y(Some)h(Berk)o(eley)e(\\r{commands")i(o\013er)i(net)o(w)o(ork)e(services)g
(for)h(whic)o(h)g(it)g(is)f(su\016cien)o(t)g(to)149 1339 y(v)o(erify)d(user)i
(name)f(and)h(host)g(name)f(to)h(gran)o(t)g(complete)d(access.)23
b(As)16 b(the)h(remote)e(user)i(name)149 1429 y(is)g(sp)q(eci\014ed)f(b)o(y)f
(the)i(connecting)f(site,)f(the)h(authen)o(tication)g(is)g(based)h(up)q(on)h
(the)e(name)f(of)i(the)149 1519 y(connecting)j(mac)o(hine.)30
b(A)19 b(mac)o(hine)f(that)i(o\013ers)h(services)d(can)i(acquire)f
(information)g(ab)q(out)149 1610 y(the)g(so)q(c)o(k)o(et)g(that)h(is)f(used)g
(b)o(y)g(the)g(connecting)g(site.)29 b(A)19 b(so)q(c)o(k)o(et)f(is)h(a)h
(tuple)f(consisting)g(of)h(IP)149 1700 y(address,)g(p)q(ort,)g(and)g(proto)q
(col)g(used)f(b)o(y)g(the)f(remote)g(site.)29 b(T)l(o)19 b(v)o(erify)f(the)g
(host)i(name,)e(it)h(is)149 1790 y(the)e(task)g(of)h(the)e(Domain)g(Name)g
(System)f(to)i(map)f(the)h(IP)f(address)i(on)f(the)g(host)h(name.)k(W)l(e)149
1880 y(examine)14 b(this)j(case)f(more)f(closely)g(later)h(in)g(this)g
(thesis.)223 1971 y(Because)c(the)h(Domain)f(Name)g(System)f(is)i
(distributed)g(among)g(man)o(y)f(thousands)i(of)g(hosts,)149
2061 y(it)d(can)g(b)q(e)h(a)f(critical)f(mistak)o(e)f(to)i(blindly)f(trust)h
(the)g(resolv)o(ed)f(binding.)20 b(This)11 b(thesis)g(sho)o(ws)h(that)149
2151 y(under)f(some)f(assumptions)h(it)f(is)h(no)g(ma)s(jor)f(e\013ort)h(to)h
(falsify)e(the)g(host)i(name)d(and)j(authorization)149 2242
y(for)17 b(a)g(system.)223 2332 y(Although)j(this)f(problem)f(has)j(b)q(een)f
(kno)o(wn)f(for)i(some)d(y)o(ears)i(no)o(w,)g(not)g(man)o(y)f(publica-)149
2422 y(tions)i(deal)e(with)h(it.)32 b([Bel90b)o(])20 b(is)g(the)f(main)g(pap)
q(er)i(w)o(e)e(can)h(men)o(tion)f(as)h(related)f(w)o(ork.)33
b(It)149 2512 y(demonstrates)16 b(the)g(sub)o(v)o(ersion)f(of)h(system)f
(securit)o(y)g(using)h(the)g(Domain)f(Name)f(System)h(and)p
149 2556 720 2 v 206 2587 a Fl(5)224 2602 y Fk(Berk)o(eley)g(In)o(ternet)g
(Name)e(Domain)p eop
%%Page: 3 12
11 bop 1925 -100 a Fo(3)149 75 y(discusses)19 b(p)q(ossible)g(defenses)g
(against)h(the)f(attac)o(k)f(and)i(limitations)d(on)i(their)f(applicabilit)o
(y)l(.)149 165 y(An)h(earlier)e(pap)q(er)i(b)o(y)f(Stev)o(en)f(Bello)o(vin)f
(\([Bel89)o(]\))i(has)i(already)e(men)o(tioned)e(the)i(p)q(ossibilit)o(y)149
255 y(of)f(abuse)g(of)g(the)g(Domain)e(Name)g(System.)21 b(That)c(pap)q(er)g
(follo)o(ws)g(suggestions)g(from)f(P)o(aul)g(V.)149 346 y(Mo)q(c)o(k)m(ap)q
(etris,)g(the)g(designer)g(of)h(the)f(Domain)f(Name)g(System.)223
436 y(The)f(main)g(b)q(o)q(dy)h(of)g(this)g(thesis)f(consists)h(of)g(three)f
(c)o(hapters)g(follo)o(w)o(ed)g(b)o(y)g(a)h(\014nal)g(c)o(hapter)149
526 y(dra)o(wing)i(conclusions)f(and)h(giving)f(suggestions)i(for)e(future)g
(w)o(ork.)223 616 y(The)e(\014rst)h(of)g(these)g(three)f(c)o(hapters,)g
(Chapter)h(2,)g(describ)q(es)f(the)h(p)q(osition)g(and)g(role)g(of)g(the)149
707 y(Domain)h(Name)f(System)g(in)h(its)h(frame,)e(the)h(In)o(ternet.)21
b(It)16 b(giv)o(es)g(a)h(short)g(historical)f(sk)o(etc)o(h)f(of)149
797 y(the)h(In)o(ternet)e(and)i(describ)q(es)f(the)g(Domain)g(Name)f(System)g
(on)i(a)f(high)h(lev)o(el.)j(In)c(that)h(section)149 887 y(w)o(e)g(go)i(in)o
(to)e(as)h(m)o(uc)o(h)d(detail)i(as)h(necessary)f(to)h(build)f(up)h(the)f
(necessary)g(bac)o(kground)h(for)g(the)149 978 y(succeeding)g(c)o(hapters.)26
b(W)l(e)18 b(in)o(tro)q(duce)f(the)g(tec)o(hnical)f(terms)h(and)h(explain)f
(the)h(mec)o(hanism)o(s)149 1068 y(cen)o(tral)d(to)g(the)g(understanding)h
(of)g(the)f(Domain)f(Name)g(System)g(and)h(the)h(exploitation)e(of)i(its)149
1158 y(w)o(eaknesses.)21 b(W)l(e)14 b(giv)o(e)f(an)i(example)d(of)j(a)f(name)
f(resolution)i(and)f(the)g(description)g(of)h(the)f(data)149
1248 y(structures)j(and)f(algorithms)g(used)g(b)o(y)g(name)f(serv)o(ers)g
(and)i(resolv)o(ers.)223 1339 y(Chapter)h(3)h(states)g(precisely)e(the)h
(main)f(problem)g(w)o(e)h(are)g(addressing.)29 b(W)l(e)18 b(explain)g(the)149
1429 y(main)d(problem)g(in)h(sev)o(eral)f(stages,)h(giving)g(more)f(details)g
(from)g(section)h(to)g(section.)21 b(First)16 b(w)o(e)149 1519
y(describ)q(e)d(the)h(problem)e(at)i(a)g(high)g(lev)o(el.)k(Then)c(w)o(e)f
(sho)o(w)i(the)e(existence)f(of)i(the)f(problem)g(with)149
1610 y(the)i(Domain)f(Name)f(System.)19 b(W)l(e)c(express)g(the)f
(assumptions)h(and)g(examine)e(the)i(w)o(eaknesses)149 1700
y(in)c(the)g(Domain)f(Name)g(System)f(that)j(lead)e(to)i(the)f(p)q(ossibilit)
o(y)f(of)h(gaining)g(unauthorized)h(access)149 1790 y(to)20
b(a)g(certain)e(t)o(yp)q(e)h(of)h(remote)e(host.)31 b(In)19
b(Chapter)g(3)h(w)o(e)f(demonstrate)f(the)h(exploitation)g(of)149
1880 y(the)i(securit)o(y)f(\015a)o(ws)i(b)o(y)f(giving)g(details)f(of)i(an)f
(arti\014cial)g(setup)g(that)h(leads)f(step)o(wise)f(to)i(an)149
1971 y(unauthorized)e(login)g(on)h(another)f(host.)33 b(W)l(e)20
b(close)f(the)h(c)o(hapter)f(with)h(exp)q(eriences)e(gained)149
2061 y(during)f(our)g(exp)q(erimen)o(ts.)223 2151 y(Concluding)f(the)f(main)g
(b)q(o)q(dy)i(of)f(this)g(thesis,)g(Chapter)g(4)g(analyzes)g(the)g(curren)o
(t)f(securit)o(y)149 2242 y(features)20 b(in)f(the)g(Domain)g(Name)e(System)h
(and)i(presen)o(ts)f(solutions)h(to)g(the)f(giv)o(en)f(problem.)149
2332 y(The)d(\014rst)f(part)h(con)o(tains)g(the)f(securit)o(y)f
(considerations)h(in)g(the)h(RF)o(C)f(and)h(a)f(securit)o(y)f(analysis)149
2422 y(of)k(the)e(name)g(serv)o(er)f(and)j(resolv)o(er)d(algorithms.)21
b(Some)14 b(of)i(the)g(solutions)g(in)g(the)f(second)h(part)149
2512 y(are)i(already)e(impleme)o(n)o(ted)e(and)k(running)f(in)g(patc)o(hed)f
(v)o(ersions)h(of)g(system)f(soft)o(w)o(are,)h(or)g(are)149
2603 y(follo)o(w)o(ed)g(b)o(y)f(organizational)i(p)q(olicies;)f(others)g(are)
g(still)g(in)f(an)i(early)f(stage)g(of)h(dev)o(elopmen)o(t.)p
eop
%%Page: 4 13
12 bop 1925 -100 a Fo(4)149 75 y(Eac)o(h)22 b(of)f(the)g(solutions)h(presen)o
(ted)e(is)h(discussed)g(in)g(this)g(c)o(hapter)g(and)g(ev)m(aluated)g(using)h
(a)149 165 y(wide)16 b(v)m(ariet)o(y)f(of)i(criteria.)223 255
y(The)h(approac)o(h,)i(and)f(its)f(discussion,)h(of)g(com)o(bining)e(partial)
i(solutions)g(to)g(a)g(dense)f(net-)149 346 y(w)o(ork,)g(are)g(part)g(of)g
(the)g(concluding)f(c)o(hapter.)26 b(Ev)o(en)17 b(if)g(these)h(in)o(terw)o(o)
o(v)o(en)d(solutions)k(do)f(not)149 436 y(guaran)o(tee)f(the)f(securit)o(y)f
(of)h(a)h(system,)d(at)j(least)f(they)g(increase)f(the)h(con\014dence)g(in)g
(it.)p eop
%%Page: 5 14
13 bop 1925 -100 a Fo(5)655 342 y(2.)32 b(THE)16 b(DOMAIN)f(NAME)g(SYSTEM)223
516 y(This)j(c)o(hapter)h(describ)q(es)f(the)h(p)q(osition)g(and)g(role)g(of)
g(the)f(Domain)g(Name)f(System)g(in)i(its)149 606 y(frame,)14
b(the)g(In)o(ternet.)19 b(W)l(e)c(start)g(o\013)g(b)o(y)f(talking)g(ab)q(out)
i(the)f(In)o(ternet,)e(the)h(TCP/IP)i(proto)q(col)149 696 y(suite,)i(In)o
(ternet)e(services,)g(routing,)i(and)h(\014nally)e(the)g(need)g(for)h(name)f
(resolution.)25 b(It)18 b(follo)o(ws)149 787 y(an)23 b(outline)e(of)i(the)f
(historical)f(dev)o(elopmen)o(t)e(of)j(the)g(Domain)f(Name)g(System)f(that)j
(led)e(to)149 877 y(the)h(curren)o(t)e(system.)36 b(W)l(e)21
b(describ)q(e)g(the)g(design)h(goals)g(of)g(the)f(curren)o(t)g(system)f(for)i
(name)149 967 y(resolution)14 b(in)g(the)g(In)o(ternet)f(and)h(its)g(in)o
(teracting)f(en)o(tities.)19 b(W)l(e)14 b(also)g(talk)g(ab)q(out)h(forw)o
(ard)g(and)149 1057 y(rev)o(erse)d(mapping)g(trees,)g(and)i(recursiv)o(e)d
(and)i(iterativ)o(e)e(resolving)h(tec)o(hniques.)19 b(The)13
b(follo)o(wing)149 1148 y(section)18 b(con)o(tains)g(some)f(additional)g
(remarks)g(ab)q(out)i(topics)f(that)g(w)o(ere)f(already)h(men)o(tioned)149
1238 y(but)f(deserv)o(e)e(a)h(more)f(detailed)h(treatmen)o(t.)223
1328 y(Before)25 b(describing)g(the)h(concrete)g(data)h(structures)f(and)g
(algorithms)g(used)g(b)o(y)g(name)149 1419 y(serv)o(ers)16
b(and)h(resolv)o(ers)f(w)o(e)g(giv)o(e)g(an)h(example)d(of)j(a)g(name)e
(resolution.)22 b(This)17 b(example)d(should)149 1509 y(pro)o(vide)d(a)h(go)q
(o)q(d)i(understanding)e(of)g(the)g(algorithms)e(and)j(the)e(in)o(teraction)g
(of)h(all)f(participating)149 1599 y(en)o(tities)k(in)h(the)g(distributed)g
(Domain)f(Name)g(System.)223 1689 y(Wherev)o(er)h(it)h(is)h(necessary)f(to)h
(pro)o(vide)f(more)g(sp)q(eci\014c)g(descriptions)g(of)h(concepts)g(or)g(the)
149 1780 y(impleme)o(n)o(tation)9 b(of)k(the)f(Domain)f(Name)f(System,)h(w)o
(e)h(co)o(v)o(er)f(the)g(resp)q(ectiv)o(e)g(topics)h(in)f(greater)149
1870 y(detail.)149 2035 y(2.1)50 b(In)o(tro)q(duction)223 2175
y(T)l(o)17 b(understand)g(the)f(role)h(that)g(the)f(DNS)h(pla)o(ys,)e(w)o(e)i
(start)g(b)o(y)f(in)o(tro)q(ducing)g(the)h(In)o(ternet)149
2265 y(in)f(general)g(\(see)g([Com91,)g(Preface)f(and)i(c)o(hapter)f(1]\).)
223 2356 y(Data)g(comm)o(unic)o(ation)d(has)j(b)q(ecome)d(a)j(fundamen)o(tal)
e(part)h(of)h(computing.)j(Hosts)d(gather)149 2446 y(information)k(w)o
(orldwide)g(and)i(their)e(users)h(w)o(an)o(t)f(to)h(exc)o(hange)g(data)g(and)
g(use)g(remote)e(ser-)149 2536 y(vices)d(for)h(di\013eren)o(t)f(purp)q(oses.)
24 b(Common)16 b(in)o(terests,)f(shared)j(b)o(y)e(p)q(eople)h(that)g(liv)o(e)
e(and)i(w)o(ork)149 2626 y(thousands)j(of)f(miles)d(a)o(w)o(a)o(y)i(from)g
(eac)o(h)f(other,)i(created)f(the)g(need)g(for)h(e\016cien)o(t)d(and)j
(reliable)p eop
%%Page: 6 15
14 bop 1925 -100 a Fo(6)149 75 y(data)22 b(comm)o(unic)o(ation.)32
b(What)22 b(started)f(b)q(efore)f(1960)j(with)d(the)h(dev)o(elopmen)o(t)c(of)
k(informa-)149 165 y(tion)16 b(theory)l(,)f(the)h(sampling)e(theorem,)g(and)i
(the)f(\014eld)h(of)f(signal)h(pro)q(cessing,)g(b)q(ecame)e(around)149
255 y(the)19 b(mid)d(1960s)k(the)e(question)g(of)h(ho)o(w)g(to)g(transmit)e
(data)i(pac)o(k)o(ets)e(in)h(lo)q(cal)h(area)f(net)o(w)o(orks.)149
346 y(The)i(In)o(ternet)f(con)o(tains)h(and)g(pro)o(vides)f(ev)o(en)g(more:)
27 b(in)o(ternet)o(w)o(ork)18 b(tec)o(hnologies,)i(proto)q(col)149
436 y(la)o(y)o(ering)c(mo)q(dels,)f(and)j(datagram)f(and)g(stream)f(transp)q
(ort)i(services)e(b)q(et)o(w)o(een)g(hosts)i(on)f(p)q(os-)149
526 y(sibly)e(di\013eren)o(t)g(net)o(w)o(orks,)g(that)h(together)g
(constitute)f(an)h(in)o(terconnected)e(arc)o(hitecture)g(that)149
616 y(functions)j(as)g(a)f(single)g(uni\014ed)g(comm)o(unic)o(ation)e
(system.)149 776 y(2.1.1)49 b(The)17 b(TCP/IP)g(Proto)q(col)g(Suite)223
899 y(The)i(need)g(and)h(imp)q(ortance)f(of)h(in)o(ternet)e(tec)o(hnology)h
(w)o(as)h(recognized)f(b)o(y)g(go)o(v)o(ernmen)o(t)149 989
y(agencies,)k(whic)o(h)e(resulted)f(in)i(its)f(dev)o(elopmen)o(t)e(b)o(y)i(D)
o(ARP)l(A)1367 971 y Fm(1)1385 989 y Fo(.)h(The)f(D)o(ARP)l(A)g(tec)o
(hnology)149 1079 y(includes)14 b(net)o(w)o(ork)g(standards)i(that)f(sp)q
(ecify)f(details)g(and)h(con)o(v)o(en)o(tions)e(of)i(computer)e(comm)o(u-)149
1170 y(nication,)18 b(net)o(w)o(ork)g(in)o(terconnection,)f(and)h(tra\016c)g
(routing.)28 b(\\TCP/IP)1536 1152 y Fm(2)1557 1170 y Fo(,")18
b(an)h(abbreviation)149 1260 y(of)g(the)g(o\016cial)e(name)h(\\TCP/IP)i(In)o
(ternet)d(Proto)q(col)i(Suite,")g(can)g(b)q(e)f(used)h(to)g(set)g(up)f(com-)
149 1350 y(m)o(unication)h(b)q(et)o(w)o(een)h(an)o(y)h(set)f(of)h(in)o
(terconnected)e(hosts)j(or)f(net)o(w)o(orks.)34 b(It)20 b(is)h(notew)o(orth)o
(y)149 1441 y(that)h(TCP/IP)g(is)f(one)g(of)g(man)o(y)f(p)q(ossible)h(tec)o
(hnologies)g(that)g(could)g(b)q(e)g(used)h(to)f(comp)q(ose)149
1531 y(in)o(terconnected)15 b(net)o(w)o(orks;)g(one)i(that)f(has)h
(demonstrated)f(its)g(viabilit)o(y)e(on)j(a)f(large)h(scale.)149
1691 y(2.1.2)49 b(In)o(ternet)15 b(Services)223 1813 y(Users)j(are)h(usually)
f(not)h(in)o(terested)e(in)i(the)f(underlying)g(tec)o(hnologies)g(of)h(the)g
(In)o(ternet)e({)149 1904 y(their)j(in)o(terest)f(is)h(the)f(utilization)g
(of)i(net)o(w)o(ork)e(services.)32 b(The)20 b(la)o(y)o(ered)e(design)i(of)h
(TCP/IP)149 1994 y(pro)o(vides)c(the)h(necessary)f(means)f(for)i
(transparency)g(in)f(comm)o(unication)e(and)j(hiding)f(details)149
2084 y(from)j(the)g(high)g(lev)o(el)e(applications.)33 b(Services)19
b(can)h(b)q(e)h(partitioned)f(in)o(to)g(application)g(lev)o(el)149
2174 y(in)o(ternet)f(services)g(and)h(net)o(w)o(ork)f(lev)o(el)f(in)o(ternet)
h(services.)30 b(Examples)19 b(of)h(application)g(lev)o(el)149
2265 y(services)13 b(are)h(electronic)e(mail,)g(\014le)h(transfer,)h(and)g
(remote)e(login.)20 b(The)14 b(net)o(w)o(ork)f(lev)o(el)f(services)149
2355 y(\\connectionless)19 b(pac)o(k)o(et)f(deliv)o(ery)f(service")h(and)h
(\\reliable)f(stream)g(transp)q(ort)i(service")e(are)149 2445
y(used)c(b)o(y)f(the)h(net)o(w)o(ork)f(application)g(programmer)f(and)i
(remain)e(hidden)h(from)f(the)i(application)p 149 2489 720
2 v 206 2520 a Fl(1)224 2535 y Fk(Defense)h(Adv)n(anced)g(Researc)o(h)g(Pro)r
(jects)g(Agency)206 2569 y Fl(2)224 2585 y Fk(named)24 b(after)h(its)g(ma)r
(jor)e(standards)j(TCP)f(\(T)m(ransmission)e(Con)o(trol)h(Proto)q(col\))h
(and)g(IP)g(\(In)o(ternet)149 2634 y(Proto)q(col\))p eop
%%Page: 7 16
15 bop 1925 -100 a Fo(7)149 75 y(end)17 b(user.)23 b(These)17
b(t)o(w)o(o)f(services)g(are)h(based)g(on)g(the)g(transmission)f(of)h(data)h
(pac)o(k)o(ets,)d(units)i(of)149 165 y(data)i(sen)o(t)e(across)i(a)f(pac)o(k)
o(et)e(switc)o(hing)h(net)o(w)o(ork.)25 b(The)18 b(collection)e(of)i(pac)o(k)
o(ets)f(that)h(b)q(elongs)149 255 y(to)f(one)f(connection)g(comp)q(oses)g
(the)g(data)h(comm)o(unication.)149 415 y(2.1.3)49 b(P)o(ac)o(k)o(et)15
b(Routing)223 538 y(P)o(ac)o(k)o(ets)e(that)h(are)g(sen)o(t)g(from)f(one)h
(host)h(to)g(another)f(usually)g(ha)o(v)o(e)g(to)g(tra)o(v)o(erse)f(more)g
(than)149 628 y(one)i(ph)o(ysical)e(link)h(b)q(et)o(w)o(een)f(these)h(hosts.)
22 b(In)14 b(a)h(complex)d(net)o(w)o(ork)i(with)g(man)o(y)f(thousands)j(of)
149 718 y(mac)o(hines)f(it)g(is)i(not)f(a)h(trivial)e(task)h(to)h(direct)e(a)
i(pac)o(k)o(et)e(from)g(its)h(source)g(to)h(its)f(destination.)223
809 y(In)k(an)g(in)o(ternet)527 791 y Fm(3)566 809 y Fo(there)g(are)g(sp)q
(ecially)f(dedicated)h(mac)o(hines)e(that)j(attac)o(h)f(t)o(w)o(o)g(or)h
(more)149 899 y(net)o(w)o(orks)h(and)h(transmit)e(pac)o(k)o(ets)g(from)g(one)
h(to)g(the)g(other.)38 b(These)22 b(mac)o(hines)e(are)j(called)149
989 y(\\gatew)o(a)o(ys.")f(While)13 b(tra)o(v)o(ersing)h(the)f(net)o(w)o(ork)
h(from)f(source)h(to)h(destination)f(host,)h(a)f(message)149
1079 y(is)i(lik)o(ely)c(to)k(pass)g(through)h(one)e(or)h(more)e(gatew)o(a)o
(ys.)21 b(If)15 b(the)g(top)q(ology)i(of)f(the)f(net)o(w)o(ork)f(allo)o(ws)
149 1170 y(sev)o(eral)j(paths)i(for)f(the)g(message)f(to)i(reac)o(h)e(its)h
(destination,)g(these)g(gatew)o(a)o(ys)g(ha)o(v)o(e)f(to)h(mak)o(e)149
1260 y(decisions)e(ab)q(out)i(whic)o(h)d(route)i(to)f(c)o(ho)q(ose)h(for)g
(the)f(pac)o(k)o(et.)223 1350 y(In)d(a)h(TCP/IP)h(in)o(ternet)d(the)i(basic)f
(unit)h(of)g(data)g(transmission)f(is)h(the)f(IP)h(datagram.)20
b(The)149 1441 y(pro)q(cess)c(of)g(c)o(ho)q(osing)g(a)g(path)g(o)o(v)o(er)e
(whic)o(h)h(to)g(send)h(a)g(datagram)f(from)f(source)i(to)f(destination)149
1531 y(is)h(referred)g(to)g(as)h(routing;)f(an)o(y)h(computer)d(making)h(suc)
o(h)h(a)h(decision)f(is)g(called)f(a)h(router.)223 1621 y(Gatew)o(a)o(ys)f
(in)g(the)h(function)f(of)h(routers)g(comp)q(ose)f(a)g(co)q(op)q(erativ)o(e,)
g(in)o(terconnected)f(struc-)149 1711 y(ture.)21 b(Datagrams)c(originated)e
(at)h(the)g(source)g(are)f(passed)i(from)e(router)g(to)i(router)e(un)o(til)g
(they)149 1802 y(reac)o(h)h(a)h(gatew)o(a)o(y)f(that)h(can)f(deliv)o(er)e
(the)i(datagram)h(directly)d(to)j(its)f(destination.)149 1962
y(2.1.4)49 b(Name)15 b(Resolution)223 2084 y(Early)e(systems)f(supp)q(orted)i
(p)q(oin)o(t{to{p)q(oin)o(t)h(connections)e(b)q(et)o(w)o(een)f(computers)g
(and)i(used)149 2174 y(lo)o(w)g(lev)o(el)d(hardw)o(are)j(addresses)g(to)g(sp)
q(ecify)e(mac)o(hines.)19 b(In)o(ternet)o(w)o(orking)11 b(in)o(tro)q(duced)i
(univ)o(er-)149 2265 y(sal)18 b(addressing)g(as)h(w)o(ell)d(as)i(proto)q(col)
g(soft)o(w)o(are)g(to)g(map)f(univ)o(ersal)f(addresses)i(in)o(to)g(lo)o
(w-lev)o(el)149 2355 y(hardw)o(are)g(addresses.)24 b(There)17
b(is)g(also)h(the)f(notion)g(of)h(a)f(host)h(name)e(|)h(a)h(high)f(lev)o(el)e
(address)p 149 2399 720 2 v 206 2429 a Fl(3)224 2444 y Fk(\\Ph)o(ysically)m
(,)h(a)i(collection)f(of)f(pac)o(k)o(et)i(switc)o(hing)f(net)o(w)o(orks)h(in)
o(terconnected)i(b)o(y)d(gatew)o(a)o(ys)g(along)g(with)149
2494 y(proto)q(cols)h(that)f(allo)o(w)f(them)g(to)h(function)g(logically)e
(as)i(a)g(single,)g(large,)g(virtual)f(net)o(w)o(ork.)29 b(When)17
b(written)149 2544 y(in)g(upp)q(er)i(case,)g(In)o(ternet)g(refers)g(sp)q
(eci\014cally)e(to)h(the)g(connected)h(In)o(ternet)g(and)e(the)h(TCP/IP)g
(proto)q(cols)g(it)149 2594 y(uses."[Com91)n(])p eop
%%Page: 8 17
16 bop 1925 -100 a Fo(8)149 75 y(|)17 b(a)g(pronounceable)f(iden)o(ti\014er)f
(for)i(hosts.)23 b(The)16 b(univ)o(ersal)g(addresses)h(can)f(b)q(e)h(mapp)q
(ed)f(in)o(to)149 165 y(host)h(names.)223 255 y(Mapping)e(pro)q(cesses)g(can)
h(also)f(b)q(e)g(called)f(\\name)g(binding")i(or)f(\\name)f(resolution.")21
b(This)149 346 y(thesis)16 b(is)f(based)h(on)h(the)e(name)f(resolution)i(pro)
q(cess)g(b)q(et)o(w)o(een)f(high)h(lev)o(el)d(addresses,)j(the)g(host)149
436 y(names,)f(and)i(univ)o(ersally)e(assigned)i(lo)o(w)o(er)e(lev)o(el)f(IP)
i(addresses.)223 526 y(Name)c(resolution)j(is)f(a)h(general)f(concept.)20
b(The)15 b(curren)o(t)e(proto)q(col)j(in)e(the)g(TCP/IP)h(proto-)149
616 y(col)h(suite)g(dealing)g(with)h(this)f(concept)g(and)h(solving)f(the)g
(problems)f(that)i(arise)f(from)g(it)g(is)g(the)149 707 y(Domain)g(Name)f
(System.)149 872 y(2.2)50 b(Historical)15 b(Dev)o(elopmen)o(t)223
1012 y(Around)21 b(1970,)j(the)e(ARP)l(ANET)e(and)i(the)g(TYMNET)f(w)o(ere)f
(in)o(tro)q(duced.)37 b(They)21 b(w)o(ere)149 1102 y(the)h(\014rst)g
(large{scale,)g(general{purp)q(ose)h(data)f(net)o(w)o(orks)g(that)g
(connected)f(geographically)149 1192 y(distributed)16 b(computer)f(systems.)
223 1283 y(As)e(the)h(comm)o(unit)o(y)c(con)o(tained)k(only)g(a)g(few)g(h)o
(undred)g(hosts,)h(name)e(resolution)h(w)o(as)g(man-)149 1373
y(aged)g(using)g(a)g(single)f(text)f(\014le:)20 b(HOSTS.TXT.)12
b(This)h(\014le)g(con)o(tained)g(name{to{address)h(map-)149
1463 y(ping)e(for)g(ev)o(ery)e(connected)h(host.)21 b(The)11
b(administration,)g(main)o(tenance,)f(and)j(distribution)e(w)o(as)149
1553 y(done)17 b(b)o(y)f(the)g(SRI)499 1535 y Fm(4)518 1553
y Fo({)h(NIC)649 1535 y Fm(5)668 1553 y Fo(.)223 1644 y(Whenev)o(er)12
b(some)i(application)g(had)g(to)h(resolv)o(e)e(a)i(host)f(name)f(and)i(get)g
(the)e(corresp)q(onding)149 1734 y(IP)j(address,)h(or)g(vice)e(v)o(ersa,)g
(the)h(resolv)o(er)f(function)h(called)f(simply)f(lo)q(ok)o(ed)j(up)f(the)g
(name)f(\(or)149 1824 y(IP)d(address\))h(in)f(a)g(lo)q(cal)g(cop)o(y)g(of)g
(the)g(master)f(HOSTS.TXT)h(\014le)f(and)i(returned)f(the)f(asso)q(ciated)149
1915 y(v)m(alue.)223 2005 y(The)i(enormous)f(gro)o(wth)i(rate)e(of)i(the)e
(In)o(ternet)g(w)o(as)h(b)o(y)g(no)g(means)f(predictable.)19
b(Therefore)149 2095 y(it)d(to)q(ok)h(sev)o(eral)e(y)o(ears)h(un)o(til)g
(serious)g(problems)f(b)q(ecame)g(apparen)o(t:)222 2227 y Fj(\017)24
b Fo(System)13 b(administrators)h(used)g(to)h(e{mail)e(c)o(hanges)h(to)h(the)
f(NIC)g(and)h(p)q(erio)q(dically)e(con-)271 2317 y(tact)h(the)f(SRI-NIC)f(to)
i(obtain)g(the)f(latest)g(cop)o(y)g(of)g(HOSTS.TXT.)g(Net)o(w)o(ork)f
(tra\016c)h(and)271 2407 y(pro)q(cessor)18 b(load)e(b)q(ecame)f(unacceptably)
h(high)g(for)h(the)f(NIC.)p 149 2451 720 2 v 206 2482 a Fl(4)224
2497 y Fk(Stanford)e(Researc)o(h)h(Institute)g(in)e(Menlo)h(P)o(ark,)f
(California)206 2532 y Fl(5)224 2547 y Fk(Net)o(w)o(ork)h(Information)e(Cen)o
(ter)p eop
%%Page: 9 18
17 bop 1925 -100 a Fo(9)222 75 y Fj(\017)24 b Fo(Names)15 b(assigned)i(to)g
(hosts)g(ha)o(v)o(e)e(to)i(b)q(e)f(unique.)k(As)c(the)g(NIC)g(had)h(no)f
(authorit)o(y)g(o)o(v)o(er)271 165 y(host)h(name)e(assignmen)o(ts,)g(name)g
(collisions)h(b)q(ecame)f(a)h(problem.)222 297 y Fj(\017)24
b Fo(With)19 b(the)g(gro)o(wth)h(of)f(the)g(In)o(ternet)f(and)i(the)e
(irregularit)o(y)g(of)h(database)i(up)q(dates)f(the)271 387
y(consistency)c(of)h(the)f(name)f(space)h(w)o(as)h(no)f(longer)h(guaran)o
(teed.)149 519 y(All)e(of)i(these)f(problems)f(arose)i(b)q(ecause)f(the)g
(original)g(approac)o(h)h(scaled)f(p)q(o)q(orly)l(.)223 609
y(In)22 b(1984)h(the)f(net)o(w)o(ork)g(comm)o(unit)n(y)d(switc)o(hed)j(to)g
(the)g(Domain)g(Name)e(System.)38 b(P)o(aul)149 699 y(Mo)q(c)o(k)m(ap)q
(etris)22 b(w)o(as)g(resp)q(onsible)g(for)f(the)h(design)f(of)h(the)g(arc)o
(hitecture)e(of)h(the)h(new)f(system.)149 790 y(The)14 b(original)f(RF)o(Cs)
541 772 y Fm(6)573 790 y Fo(describing)g(the)g(Domain)f(Name)g(System)f(are)j
([Mo)q(c83a])f(and)h([Mo)q(c83b].)149 880 y(They)j(ha)o(v)o(e)f(b)q(een)g
(obsolete)h(since)f(the)g(release)g(of)h(the)f(curren)o(t)g(sp)q
(eci\014cations)h([Mo)q(c87a)q(])f(and)149 970 y([Mo)q(c87b)q(])g(in)g(No)o
(v)o(em)o(b)q(er)d(1987)18 b(\([LR93])e(and)h([BG92]\).)149
1136 y(2.3)50 b(Design)16 b(Goals)223 1275 y(The)k(e\013ort)h(of)f(designing)
h(the)f(Domain)f(Name)g(System)g(w)o(as)i(directed)e(to)o(w)o(ards)i(sev)o
(eral)149 1366 y(goals,)e(whic)o(h)e(had)i(the)e(main)g(in\015uence)f(on)j
(determining)c(the)j(curren)o(t)f(structure.)25 b(The)18 b(aim)149
1456 y(w)o(as)f(to)g(create)e(a)i(system)e(with)h(the)g(follo)o(wing)g(ob)s
(jectiv)o(es)e(in)i(mind:)222 1588 y Fj(\017)24 b Fo(Data)18
b(Consistency)222 1719 y Fj(\017)24 b Fo(E\016ciency)222 1851
y Fj(\017)g Fo(Distributed)16 b(Character)222 1983 y Fj(\017)24
b Fo(Generalit)o(y)222 2115 y Fj(\017)g Fo(Indep)q(endence)149
2247 y(P)l(.)12 b(Mo)q(c)o(k)m(ap)q(etris)g(states)h(in)e([Mo)q(c87a)q(])h
(the)g(design)g(ob)s(jectiv)o(es)e(that)j(led)e(to)h(the)g(curren)o(t)f
(system:)p 149 2293 720 2 v 206 2324 a Fl(6)224 2339 y Fk(RF)o(Cs)j(are)g(a)g
(series)h(of)e(tec)o(hnical)h(rep)q(orts)i(called)d(Requests)i(for)f(Commen)o
(ts)p eop
%%Page: 10 19
18 bop 1901 -100 a Fo(10)149 75 y(2.3.1)49 b(Data)18 b(Consistency)223
197 y(The)g(primary)f(goal)i(w)o(as)f(to)h(pro)o(vide)e(a)i(consisten)o(t)f
(name)f(space)h(to)h(b)q(e)g(used)f(to)h(refer)e(to)149 287
y(resources.)j(In)12 b(particular,)g(the)f(name)g(space)h(should)g(not)g(dep)
q(end)g(on)g(an)o(y)g(net)o(w)o(ork)f(iden)o(ti\014ers,)149
378 y(and)17 b(therefore)f(b)q(e)g(totally)g(indep)q(enden)o(t)f(of)i
(routing)g(information)e(or)i(net)o(w)o(ork)e(top)q(ology)l(.)149
538 y(2.3.2)49 b(E\016ciency)223 660 y(The)15 b(gro)o(wth)g(of)g(the)g(In)o
(ternet)f(in)g(n)o(um)o(b)q(er)f(of)i(mac)o(hines)e(and)j(subnet)o(w)o(orks)f
(called)f(for)h(the)149 750 y(in)o(tro)q(duction)i(of)h(a)f(naming)f
(resolution)h(system)f(that)h(could)g(handle)g(not)g(only)g(the)g(imme)o(nse)
149 841 y(v)o(olume)h(of)j(mac)o(hines)d(and)j(resolution)f(requests,)h(but)f
(could)g(also)h(resp)q(ond)g(e\016cien)o(tly)l(.)31 b(T)l(o)149
931 y(obtain)14 b(these)e(desired)g(e\013ects,)g(the)h(system)e(w)o(as)i
(built)f(in)g(a)h(hierarc)o(hical,)f(distributed)g(manner)149
1021 y(using)17 b(the)f(tec)o(hnology)g(of)g(cac)o(hing.)223
1112 y(In)j(an)i(in)o(ternet,)e(access)h(to)h(mac)o(hines)d(in)i(lo)q(cal)g
(net)o(w)o(orks)f(is)h(more)f(lik)o(ely)e(than)k(remote)149
1202 y(access)14 b(via)g(man)o(y)f(links.)19 b(Therefore,)14
b(far)g(more)f(name)f(resolution)i(requests)g(are)g(made)f(lo)q(cally)l(.)149
1292 y(The)18 b(kno)o(wledge)e(ab)q(out)i(the)f(requested)g(bindings)g(in)f
(the)h(lo)q(cal)g(net)o(w)o(ork)g(is)g(a)o(v)m(ailable)f(in)h(the)149
1382 y(form)h(of)i(the)f(lo)q(cal)g(database.)30 b(These)19
b(facts)h(suggests)g(the)f(use)g(of)g(the)g(hierarc)o(hical)e(organi-)149
1473 y(zational)j(format)e(in)h(whic)o(h)g(lo)q(cal)g(resolution)g(requests)g
(are)g(resolv)o(ed)g(e\016cien)o(tly)d(b)o(y)j(a)h(lo)q(cal)149
1563 y(en)o(tit)o(y)l(,)d(and)i(infrequen)o(t)e(resolution)h(requests)g(ab)q
(out)h(remote)e(mappings)h(are)g(dealt)g(with)g(b)o(y)149 1653
y(an)e(in)o(teraction)d(of)i(lo)q(cal)g(and)g(remote)e(en)o(tities.)19
b(The)c(clear)f(and)h(clean)f(structure)h(that)g(results)149
1744 y(in)h(seeing)g(the)g(name)f(space)i(as)g(a)f(tree)g(also)h(fa)o(v)o
(ors)f(this)g(approac)o(h.)223 1834 y(The)c(creation)g(of)h(host)g(names)f(b)
o(y)f(app)q(ending)j(no)q(de)f(lab)q(els)f(from)f(the)i(lea)o(v)o(es)e(to)h
(the)h(ro)q(ot)g(of)149 1924 y(this)h(tree)e(serv)o(ed)h(the)g(need)g(for)h
(pronounceable,)g(easily)e(remem)n(b)q(erable)f(names)h(for)i(mac)o(hines.)
149 2014 y(The)23 b(distributed)f(arrangemen)o(t)g(of)h(the)f(system)g(con)o
(tributes)g(to)h(cutting)f(the)h(h)o(uge)g(name)149 2105 y(space)c(in)o(to)g
(pieces)e(that)i(can)g(b)q(e)g(managed)f(e\016cien)o(tly)l(.)26
b(Cac)o(hing)19 b(information)e(lo)q(cally)h(that)149 2195
y(w)o(as)e(receiv)o(ed)e(from)g(remote)g(sites)h(is)g(another)i(mec)o(hanism)
12 b(to)k(obtain)g(e\016ciency)l(.)i(Because)d(of)149 2285
y(the)20 b(dynamics)e(of)i(the)f(system,)f(the)i(cac)o(hed)e(information)h
(is)g(quali\014ed)g(with)g(an)h(additional)149 2376 y(time)15
b(to)h(liv)o(e)f(\(TTL\))i(parameter)e(to)h(ensure)g(the)g(goal)h(of)g(data)g
(consistency)l(.)p eop
%%Page: 11 20
19 bop 1901 -100 a Fo(11)149 75 y(2.3.3)49 b(Distributed)16
b(Character)223 197 y(The)f(c)o(hoice)e(of)j(implem)o(en)n(ting)c(this)j
(large)g(scale)g(clien)o(t{serv)o(er)d(paradigm)j(in)f(a)i(geograph-)149
287 y(ically)f(distributed)h(set)g(of)h(mac)o(hines)d(w)o(as)j(supp)q(orted)h
(b)o(y)e(the)g(need)g(for)g(increased)g(reliabilit)o(y)149
378 y(through)f(the)f(existence)e(of)i(redundan)o(t)g(data)h(bases)f(in)g
(secondary)g(name)f(serv)o(ers.)19 b(In)14 b(the)f(case)149
468 y(of)20 b(an)o(y)f(kind)g(of)h(failure)e(in)h(one)h(of)f(the)h(name)e
(serv)o(ers)g(for)i(a)g(zone,)f(the)g(redundan)o(t)h(bac)o(kup)149
558 y(serv)o(ers)c(will)f(still)g(b)q(e)i(able)f(to)g(pro)o(vide)g(the)g
(mapping)g(service.)k(Therefore)15 b(the)i(o)q(ccurrence)e(of)149
649 y(a)i(failure)e(at)i(a)g(single)e(site)h(cannot)h(lead)f(to)h(the)f
(denial)f(of)i(the)f(resolution)g(service.)223 739 y(Lo)q(cal)e(authorities)g
(could)g(administer)e(their)h(o)o(wn)h(domains)g(and)g(zones,)g(k)o(eeping)f
(the)h(data)149 829 y(base)j(consisten)o(t,)e(pro)o(viding)g(autonomous)h
(con)o(trol)g(of)g(name)e(assignmen)o(t,)h(and)h(taking)g(a)o(w)o(a)o(y)149
919 y(the)11 b(load)g(from)f(cen)o(tral)g(authorities.)20 b(Authorit)o(y)9
b(passes)j(do)o(wn)g(the)e(edges)h(of)h(the)e(tree,)h(whereas)149
1010 y(information)19 b(\015o)o(ws)i(across)g(the)e(hierarc)o(hies)g(from)g
(one)h(host)h(to)f(another.)33 b(The)20 b(conceptual)149 1100
y(arrangemen)o(t)f(of)h(domain)f(name)g(serv)o(ers)g(in)h(a)g(tree)f(resem)o
(bling)e(the)j(name)f(structure)g(is)h(in)149 1190 y(fact)d(a)f(more)f
(realistic)g(arrangemen)o(t,)g(namely)f(a)j(shallo)o(w)f(tree.)149
1350 y(2.3.4)49 b(Generalit)o(y)223 1473 y(Pragmatic)15 b(reasons)i(called)e
(for)i(generalit)o(y)l(.)i(Impleme)o(n)o(tation)13 b(costs)k(and)g(the)f
(amoun)o(t)f(of)149 1563 y(administrativ)o(e)9 b(e\013ort)i(in)g(supp)q
(orting)h(the)f(system)f(dictated)g(a)i(general)f(usefulness.)19
b(Therefore)149 1653 y(the)j(system)e(do)q(es)i(not)g(con)o(tain)g(an)o(y)f
(unnecessary)h(restrictions)f(regarding)h(its)g(purp)q(ose)g(or)149
1744 y(applications.)30 b(This)19 b(goal)g(can)h(b)q(e)f(reform)o(ulated)e
(as)i(the)g(desire)f(to)h(allo)o(w)g(augmen)o(tation)f(of)149
1834 y(the)e(data)i(basis)e(b)o(y)g(new)g(data)h(structures.)149
1994 y(2.3.5)49 b(Indep)q(endence)223 2116 y(The)16 b(system)g(w)o(as)h
(designed)g(to)g(b)q(e)g(indep)q(enden)o(t)f(of)h(underlying)f(hardw)o(are,)h
(b)q(e)g(it)g(of)g(the)149 2207 y(lo)q(cal)24 b(mac)o(hine)d(or)j(the)f(net)o
(w)o(ork)g(in)o(terface.)42 b(F)l(urthermore,)23 b(the)g(transactions)h
(should)g(b)q(e)149 2297 y(indep)q(enden)o(t)17 b(of)g(the)g(comm)o(uni)o
(cation)d(system)i(that)h(carries)g(them.)k(Therefore,)c(all)f(p)q(ossible)
149 2387 y(kinds)23 b(of)f(pac)o(k)o(et)g(switc)o(hing)g(are)g(suitable,)h
(suc)o(h)f(as)i(store{and{forw)o(ard)g(switc)o(hing)e(using)149
2478 y(datagrams,)17 b(virtual)e(circuits,)g(or)h(p)q(ossibly)h(h)o(ybrid)e
(approac)o(hes.)p eop
%%Page: 12 21
20 bop 1901 -100 a Fo(12)149 75 y(2.4)50 b(DNS)16 b(En)o(tities)223
214 y(The)11 b(Domain)h(Name)e(System)g(consists)i(of)g(sev)o(eral)f(en)o
(tities:)17 b(resolv)o(ers,)12 b(name)e(serv)o(ers,)i(and)149
305 y(resource)i(records)g(\(RR\).)g(W)l(e)g(\014rst)g(describ)q(e)g(the)f
(domain)h(name)f(space)h(and)h(resource)e(records)149 395 y(that)k(are)e
(sections)h(in)f(DNS)h(messages.)21 b(They)15 b(serv)o(e)g(for)h(the)f(exc)o
(hange)g(of)h(data)h(b)q(et)o(w)o(een)e(the)149 485 y(in)o(teracting)k(name)g
(serv)o(ers)g(and)i(resolv)o(ers.)32 b(W)l(e)19 b(then)h(describ)q(e)f(purp)q
(oses)j(and)e(features)g(of)149 575 y(name)c(serv)o(ers)f(and)i(resolv)o
(ers.)149 735 y(2.4.1)49 b(Domain)16 b(Name)f(Space)223 858
y(The)d(Domain)f(Name)g(Space)h(is)f(the)h(sp)q(eci\014cation)g(of)h(a)f
(tree{structured)g(name)f(space.)19 b(The)149 948 y(ro)q(ot)i(of)f(the)f
(tree)f(is)i(the)f(ro)q(ot)h(domain)f(follo)o(w)o(ed)f(b)o(y)h(its)g(c)o
(hildren,)f(the)h(top{lev)o(el)f(domains,)149 1039 y(whic)o(h)i(can)h(con)o
(tain)g(sev)o(eral)e(lev)o(els)g(of)i(sub)q(domains.)35 b(Figure)20
b(2.1)h(sho)o(ws)g(the)g(structure)f(of)149 1129 y(suc)o(h)d(a)g(tree.)k
(Host)c(names)e(consist)i(of)g(a)f(concatenation)h(of)g(the)f(lab)q(els)h(of)
g(eac)o(h)f(no)q(de)h(on)g(the)149 1219 y(path)f(from)d(the)i(leaf)f(that)h
(represen)o(ts)f(the)h(actual)f(host)i(up)f(to)g(the)f(ro)q(ot.)22
b(Adjacen)o(t)14 b(lab)q(els)g(are)149 1309 y(separated)i(b)o(y)e(a)i(dot.)21
b(Domains)15 b(are)g(simply)e(subtrees)i(of)g(the)g(Domain)f(Name)f(Space.)21
b(In)15 b(our)149 1400 y(example)f(\\purdue.edu")j(is)f(a)h(domain)e(name.)
524 2188 y @beginspecial 0 @llx 0 @lly 239 @urx 134 @ury 2390
@rwi @setspecial
%%BeginDocument: pictures/dom_purd.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
 /DrawEllipse {
	/endangle exch def
	/startangle exch def
	/yrad exch def
	/xrad exch def
	/y exch def
	/x exch def
	/savematrix mtrx currentmatrix def
	x y translate xrad yrad scale 0 0 1 startangle endangle arc
	savematrix setmatrix
	} def

	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 139.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 74 114 70 40 0 360 DrawEllipse gs 0.95 setgray fill gr
gs col-1 s gr
n 189 14 m 189 44 l gs col-1 s gr
n 189 14 m 269 44 l gs col-1 s gr
n 189 14 m 109 44 l gs col-1 s gr
n 109 59 m 79 84 l gs col-1 s gr
n 79 99 m 109 124 l gs col-1 s gr
n 79 99 m 69 124 l gs col-1 s gr
n 79 99 m 29 124 l gs col-1 s gr
/Times-Bold findfont 12.00 scalefont setfont
99 54 m 
gs 1 -1 scale (edu) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
179 54 m 
gs 1 -1 scale (com) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
259 54 m 
gs 1 -1 scale (org) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
184 14 m 
gs 1 -1 scale (" ") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
59 94 m 
gs 1 -1 scale (purdue) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
19 134 m 
gs 1 -1 scale (cs) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
59 134 m 
gs 1 -1 scale (cc) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
99 134 m 
gs 1 -1 scale (ecn) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 714 2433 a(Figure)h(2.1)33 b(Domain)15 b(purdue.edu)p
eop
%%Page: 13 22
21 bop 1901 -100 a Fo(13)223 75 y(A)14 b(part)h(of)g(the)f(Domain)g(Name)f
(Space)i(that)g(is)f(con)o(trolled)g(completely)e(b)o(y)i(a)h(name)f(serv)o
(er)149 165 y(is)23 b(called)f(a)i(zone.)42 b(The)23 b(delicate)e
(di\013erence)h(b)q(et)o(w)o(een)h(a)g(domain)f(and)i(a)g(zone)f(is)g(that)g
(a)149 255 y(zone)16 b(con)o(tains)g(all)g(the)g(domain)f(names)g(and)i(data)
g(that)f(a)h(domain)e(con)o(tains,)g(except)g(for)i(the)149
346 y(domain)h(names)f(and)i(data)g(that)f(are)g(delegated)g(elsewhere)f
(\(see)h(Figure)f(2.2\).)28 b(Viewing)17 b(the)149 436 y(domains)f(\(no)q
(des\))g(and)g(hosts)h(\(lea)o(v)o(es\))d(as)j(the)e(conceptual)g(arrangemen)
o(t)g(yields)f(a)j(tree)e(with)149 526 y(greater)i(heigh)o(t)f(than)i
(viewing)e(the)g(zones)h(as)g(no)q(des.)24 b(The)16 b(latter)h(is)f(a)h(more)
f(realistic)f(la)o(y)o(out)149 616 y(of)i(the)f(tree)g(in)f(terms)g(of)i
(e\016ciency)l(.)223 707 y(An)e(example)e(for)i(the)g(di\013erence)f(b)q(et)o
(w)o(een)h(domain)f(and)i(zone)f(is)g(the)g(follo)o(wing)g(scenario.)149
797 y(A)i(lo)q(cal)h(authorit)o(y)f(manages)h(the)f(domain)f(\\alpha.dom".)25
b(\\alpha.dom")18 b(has)g(three)f(sub)q(do-)149 887 y(mains)e(\\phi,")g(\\c)o
(hi,")g(and)h(\\psi")h(that)e(con)o(tain)h(sev)o(eral)e(hosts,)i(but)g(no)g
(further)f(sub)q(domains.)149 978 y(If)g(the)g(authorit)o(y)g(for)g(sub)q
(domain)g(\\psi")h(is)f(transferred)g(to)h(\\psi.alpha.dom,")e(t)o(w)o(o)h
(zones)g(are)149 1068 y(the)j(result.)27 b(The)18 b(authorit)o(y)g(for)h
(\\alpha.dom")f(could)g(additionally)f(transfer)i(the)f(authorit)o(y)149
1158 y(for)k(\\c)o(hi")g(to)g(the)g(same)e(authorit)o(y)i(that)g(administers)
e(\\psi".)39 b(This)22 b(example)d(sho)o(ws)k(that)149 1248
y(zones)17 b(do)g(not)f(ha)o(v)o(e)g(to)g(b)q(e)h(connected)e(b)o(y)h(edges)g
(in)g(the)g(tree)g(structured)g(domain)f(tree.)524 2037 y @beginspecial
0 @llx 0 @lly 248 @urx 126 @ury 2480 @rwi @setspecial
%%BeginDocument: pictures/dom_zone.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
 /DrawEllipse {
	/endangle exch def
	/startangle exch def
	/yrad exch def
	/xrad exch def
	/y exch def
	/x exch def
	/savematrix mtrx currentmatrix def
	x y translate xrad yrad scale 0 0 1 startangle endangle arc
	savematrix setmatrix
	} def

 /DrawSplineSection {
	/y3 exch def
	/x3 exch def
	/y2 exch def
	/x2 exch def
	/y1 exch def
	/x1 exch def
	/xa x1 x2 x1 sub 0.666667 mul add def
	/ya y1 y2 y1 sub 0.666667 mul add def
	/xb x3 x2 x3 sub 0.666667 mul add def
	/yb y3 y2 y3 sub 0.666667 mul add def
	x1 y1 lineto
	xa ya xb yb x3 y3 curveto
	} def

	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 139.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 139 94 135 60 0 360 DrawEllipse gs col-1 s gr
n 219 14 m 219 34 l gs col-1 s gr
n 219 14 m 259 34 l gs col-1 s gr
	1 setlinecap [1 3.000000] 3.000000 setdash
n 259 34 m 279 44 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 3.000000] 3.000000 setdash
n 219 34 m 219 44 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 219 14 m 139 54 l gs col-1 s gr
n 139 54 m 79 94 l gs col-1 s gr
n 139 54 m 139 94 l gs col-1 s gr
n 139 54 m 199 94 l gs col-1 s gr
n 199 94 m 179 134 l gs col-1 s gr
n 199 94 m 199 134 l gs col-1 s gr
n 199 94 m 219 134 l gs col-1 s gr
n 139 94 m 119 134 l gs col-1 s gr
n 139 94 m 139 134 l gs col-1 s gr
n 139 94 m 159 134 l gs col-1 s gr
n 79 94 m 59 134 l gs col-1 s gr
n 79 94 m 79 134 l gs col-1 s gr
n 79 94 m 99 134 l gs col-1 s gr
	[4.000000] 0 setdash
n 49.000 104.000 m 49.000 89.000 l
	49.000 89.000 49.000 74.000 84.000 62.500 DrawSplineSection
	84.000 62.500 119.000 51.000 139.000 51.000 DrawSplineSection
	139.000 51.000 159.000 51.000 194.000 62.500 DrawSplineSection
	194.000 62.500 229.000 74.000 229.000 89.000 DrawSplineSection
	229.000 89.000 229.000 104.000 226.500 119.000 DrawSplineSection
	226.500 119.000 224.000 134.000 211.500 139.000 DrawSplineSection
	211.500 139.000 199.000 144.000 186.500 139.000 DrawSplineSection
	186.500 139.000 174.000 134.000 161.500 109.000 DrawSplineSection
	161.500 109.000 149.000 84.000 139.000 84.000 DrawSplineSection
	139.000 84.000 129.000 84.000 116.500 109.000 DrawSplineSection
	116.500 109.000 104.000 134.000 91.500 139.000 DrawSplineSection
	91.500 139.000 79.000 144.000 66.500 139.000 DrawSplineSection
	66.500 139.000 54.000 134.000 51.500 119.000 DrawSplineSection
	49.000 104.000 l gs col-1 s gr
	[] 0 setdash
/Times-Bold findfont 12.00 scalefont setfont
219 69 m 
gs 1 -1 scale (domain) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
59 89 m 
gs 1 -1 scale (zone) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 746 2281 a(Figure)h(2.2)32 b(Domain)16 b(vs.)21
b(zone)p eop
%%Page: 14 23
22 bop 1901 -100 a Fo(14)149 75 y(2.4.2)49 b(DNS)17 b(Messages)223
197 y(DNS)e(messages)h(are)f(the)h(data)g(units)g(that)g(are)g(transmitted)f
(b)q(et)o(w)o(een)f(name)h(serv)o(ers)g(and)149 287 y(resolv)o(ers.)22
b(A)16 b(DNS)g(message)g(consists)h(of)g(the)f(header)h(and)g(up)g(to)f(four)
h(sections)g(\(see)f(Figure)149 378 y(2.3\).)22 b(The)16 b(header)g(con)o
(tains)h(the)f(follo)o(wing)g(\014elds:)337 2219 y @beginspecial
0 @llx 0 @lly 333 @urx 387 @ury 3330 @rwi @setspecial
%%BeginDocument: pictures/dns_mesg.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 391.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 149 169 m 149 149 l  369 149 l  369 169 l gs col-1 s gr
n 149 189 m 369 189 l gs col-1 s gr
	1 setlinecap [1 4.000000] 4.000000 setdash
n 369 169 m 369 189 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.000000] 4.000000 setdash
n 149 169 m 149 189 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
/Courier-Bold findfont 12.00 scalefont setfont
154 164 m 
gs 1 -1 scale (QNAME) col-1 show gr
n 9 189 m 9 169 l  89 169 l  89 189 l gs col-1 s gr
n 9 269 m 89 269 l gs col-1 s gr
n 9 249 m 89 249 l gs col-1 s gr
n 9 229 m 89 229 l gs col-1 s gr
n 9 209 m 89 209 l gs col-1 s gr
n 9 189 m 89 189 l gs col-1 s gr
	1 setlinecap [1 3.000000] 3.000000 setdash
n 89 189 m 89 269 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 3.000000] 3.000000 setdash
n 9 189 m 9 269 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
/Courier-Bold findfont 12.00 scalefont setfont
14 184 m 
gs 1 -1 scale (HEADER) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
14 204 m 
gs 1 -1 scale (QUESTION) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
14 224 m 
gs 1 -1 scale (ANSWER) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
14 244 m 
gs 1 -1 scale (AUTHORITY) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
14 264 m 
gs 1 -1 scale (ADDITIONAL) col-1 show gr
n 369 129 m 369 9 l  149 9 l  149 129 l  clp gs col-1 s gr
n 149 29 m 369 29 l gs col-1 s gr
n 149 49 m 369 49 l gs col-1 s gr
n 149 69 m 369 69 l gs col-1 s gr
n 149 89 m 369 89 l gs col-1 s gr
n 149 109 m 369 109 l gs col-1 s gr
n 149 189 m 149 229 l  369 229 l  369 189 l gs col-1 s gr
n 149 209 m 369 209 l gs col-1 s gr
n 149 269 m 149 249 l  369 249 l  369 269 l gs col-1 s gr
n 149 289 m 369 289 l gs col-1 s gr
	1 setlinecap [1 4.000000] 4.000000 setdash
n 369 269 m 369 289 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.000000] 4.000000 setdash
n 149 269 m 149 289 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.000000] 4.000000 setdash
n 369 409 m 369 429 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.000000] 4.000000 setdash
n 149 409 m 149 429 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 149 289 m 149 409 l gs col-1 s gr
n 369 289 m 369 409 l gs col-1 s gr
n 149 429 m 369 429 l gs col-1 s gr
n 149 389 m 369 389 l gs col-1 s gr
n 149 369 m 369 369 l gs col-1 s gr
n 149 329 m 369 329 l gs col-1 s gr
n 149 309 m 369 309 l gs col-1 s gr
n 151 4 m 144 4 144 127 7 arcto 4 {pop} repeat 144 134 367 134 7 arcto 4 {pop} repeat 374 134 374 11 7 arcto 4 {pop} repeat 374 4 151 4 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 151 144 m 144 144 144 227 7 arcto 4 {pop} repeat 144 234 367 234 7 arcto 4 {pop} repeat 374 234 374 151 7 arcto 4 {pop} repeat 374 144 151 144 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 151 244 m 144 244 144 427 7 arcto 4 {pop} repeat 144 434 367 434 7 arcto 4 {pop} repeat 374 434 374 251 7 arcto 4 {pop} repeat 374 244 151 244 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 11 164 m 4 164 4 267 7 arcto 4 {pop} repeat 4 274 87 274 7 arcto 4 {pop} repeat 94 274 94 171 7 arcto 4 {pop} repeat 94 164 11 164 7 arcto 4 {pop} repeat clp gs col-1 s gr
1.000 setlinewidth
n 94 179 m 144 29 l gs col-1 s gr
n 135.146 42.914 m 144.000 29.000 l 142.735 45.444 l gs 2 setlinejoin col-1 s gr
n 94 199 m 144 169 l gs col-1 s gr
n 128.222 173.802 m 144.000 169.000 l 132.338 180.662 l gs 2 setlinejoin col-1 s gr
0.500 setlinewidth
n 94 209 m 99 214 l  99 234 l  104 239 l  99 244 l  99 264 l 
 94 269 l gs col-1 s gr
1.000 setlinewidth
n 104 239 m 144 269 l gs col-1 s gr
n 133.600 256.200 m 144.000 269.000 l 128.800 262.600 l gs 2 setlinejoin col-1 s gr
/Courier-Bold findfont 12.00 scalefont setfont
154 24 m 
gs 1 -1 scale (ID) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 44 m 
gs 1 -1 scale (QR/OPCODE/AA/TC/RD/RA/Z/RCODE) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 64 m 
gs 1 -1 scale (QDCOUNT) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 84 m 
gs 1 -1 scale (ANCOUNT) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 104 m 
gs 1 -1 scale (NSCOUNT) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 124 m 
gs 1 -1 scale (ARCOUNT) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 204 m 
gs 1 -1 scale (QTYPE) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 224 m 
gs 1 -1 scale (QCLASS) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 264 m 
gs 1 -1 scale (NAME) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 304 m 
gs 1 -1 scale (TYPE) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 324 m 
gs 1 -1 scale (CLASS) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 344 m 
gs 1 -1 scale (TTL) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 384 m 
gs 1 -1 scale (RDLENGTH) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
154 404 m 
gs 1 -1 scale (RDATA) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 781 2464 a(Figure)g(2.3)33 b(DNS)16 b(message)p
eop
%%Page: 15 24
23 bop 1901 -100 a Fo(15)222 75 y Fj(\017)24 b Fo(a)17 b(16)g(bit)f(iden)o
(ti\014er)f(is)h(assigned)g(b)o(y)g(the)g(program)g(that)h(generates)f(an)o
(y)g(kind)g(of)h(query)222 207 y Fj(\017)24 b Fo(the)18 b(\\QR")g(bit)g(sp)q
(eci\014es)f(whether)h(the)f(message)g(is)h(a)g(query)f(\(v)m(alue)g(0\))h
(or)h(a)f(resp)q(onse)271 297 y(\(v)m(alue)e(1\))222 429 y
Fj(\017)24 b Fo(the)12 b(\\OPCODE")i(is)d(a)i(four)f(bit)g(\014eld)f(that)i
(sp)q(eci\014es)e(the)h(kind)g(of)g(query)f(in)h(the)g(message.)271
519 y(It)k(can)h(con)o(tain)f(the)g(follo)o(wing)g(v)m(alues:)326
651 y Fi({)25 b Fo(0)16 b(for)h(a)f(standard)i(query)d(\(QUER)l(Y\))326
762 y Fi({)25 b Fo(1)16 b(for)h(an)g(in)o(v)o(erse)d(query)i(\(IQUER)l(Y\))
326 873 y Fi({)25 b Fo(2)16 b(for)h(a)f(serv)o(er)g(status)h(request)e(\(ST)l
(A)l(TUS\))326 984 y Fi({)25 b Fo(3)16 b(-)h(15)g(reserv)o(ed)e(for)h(future)
g(use)222 1116 y Fj(\017)24 b Fo(the)16 b(next)g(bit)f(\\AA")h(is)g(only)g(v)
m(alid)f(in)h(a)g(resp)q(onse)h(and)g(sp)q(eci\014es)e(that)i(the)e(resp)q
(onding)271 1206 y(name)g(serv)o(er)h(is)g(an)g(authorit)o(y)g(for)h(the)f
(domain)f(name)g(in)h(the)g(question)g(section)222 1338 y Fj(\017)24
b Fo(the)16 b(\\TC")i(bit)e(sp)q(eci\014es)g(if)f(a)i(message)e(w)o(as)i
(truncated)222 1469 y Fj(\017)24 b Fo(the)16 b(\\RD")i(bit)d(sp)q(eci\014es)h
(if)g(recursion)g(is)g(desired)g(b)o(y)f(a)i(query)222 1601
y Fj(\017)24 b Fo(the)16 b(\\RA")h(bit)f(sp)q(eci\014es)g(if)f(recursion)h
(is)g(a)o(v)m(ailable)222 1733 y Fj(\017)24 b Fo(the)16 b(follo)o(wing)g
(three)g(bits)g(in)g(the)g(\\Z")h(\014eld)e(are)i(reserv)o(ed)e(for)h(future)
g(use)222 1865 y Fj(\017)24 b Fo(the)c(last)f(four)h(bits)g(determine)d(the)i
(resp)q(onse)i(co)q(de)e(\\R)o(CODE".)h(P)o(ossible)g(v)m(alues)f(for)271
1955 y(the)d(resp)q(onse)h(co)q(de)g(are:)326 2087 y Fi({)25
b Fo(0)16 b(for)h(\\No)f(Error)h(Condition")326 2198 y Fi({)25
b Fo(1)16 b(to)h(indicate)e(a)i(\\F)l(ormat)f(Error")326 2309
y Fi({)25 b Fo(2)16 b(to)h(indicate)e(a)i(\\Serv)o(er)e(F)l(ailure")326
2420 y Fi({)25 b Fo(3)16 b(to)h(indicate)e(a)i(\\Name)e(Error")326
2531 y Fi({)25 b Fo(4)16 b(to)h(indicate)e(that)i(the)f(requested)f(feature)h
(is)g(\\Not)h(Implem)o(en)n(ted")p eop
%%Page: 16 25
24 bop 1901 -100 a Fo(16)326 75 y Fi({)25 b Fo(5)f(to)g(indicate)f(that)i
(the)e(name)g(serv)o(er)g(\\Refused")h(to)g(p)q(erform)f(the)h(sp)q
(eci\014ed)379 165 y(op)q(eration)326 276 y Fi({)h Fo(6)16
b(-)h(15)g(are)f(reserv)o(ed)f(for)i(future)f(use)222 408 y
Fj(\017)24 b Fo(The)17 b(follo)o(wing)f(four)g(unsigned)h(16)g(bit)f(in)o
(teger)f(v)m(alues)i(sp)q(ecify)e(the)h(n)o(um)o(b)q(er)f(of)i(en)o(tries)271
498 y(in)f(the)g(follo)o(wing)g(question,)g(answ)o(er,)g(authorit)o(y)l(,)f
(and)i(additional)g(sections.)223 642 y(The)i(con)o(ten)o(ts)g(of)g(these)g
(four)h(sections)f(serv)o(e)f(di\013eren)o(t)g(purp)q(oses.)32
b(The)19 b(order)g(of)h(these)149 733 y(section)f(is)g(alw)o(a)o(ys)g(the)g
(same.)30 b(Some)18 b(of)h(the)g(sections)g(can)h(b)q(e)f(empt)o(y)e(in)i(a)g
(DNS)h(message.)149 823 y(The)d(format)e(of)i(the)f(answ)o(er,)g(authorit)o
(y)g(and)h(additional)f(section)g(is)g(the)g(same.)223 913
y(The)e(question)g(section)g(carries)g(query)g(name,)f(query)h(t)o(yp)q(e)g
(and)h(query)f(class.)21 b(V)l(alid)13 b(query)149 1004 y(t)o(yp)q(es)g(are)g
(all)f(the)g(co)q(des)h(for)g(resource)f(record)h(t)o(yp)q(es,)g(whic)o(h)f
(w)o(e)g(will)f(explain)h(in)g(the)h(follo)o(wing)149 1094
y(Section)h(2.4.3,)h(and)g(some)f(more)f(general)h(ones)h(for)g(zone)g
(transfer,)f(mail)f(handling)i(tasks,)g(and)149 1184 y(wild{carding.)223
1274 y(The)h(follo)o(wing)g(class)g(mnemonics)d(and)k(v)m(alues)g(are)f
(curren)o(tly)e(de\014ned:)222 1406 y Fj(\017)24 b Fo(1)17
b(for)g(\\IN")f({)g(In)o(ternet)222 1538 y Fj(\017)24 b Fo(2)17
b(for)g(\\CS")g({)g(CSNET)222 1670 y Fj(\017)24 b Fo(3)17 b(for)g(\\CH")f({)h
(CHA)o(OS)222 1802 y Fj(\017)24 b Fo(4)17 b(for)g(\\HS")f({)h(Hesio)q(d)222
1933 y Fj(\017)24 b Fo(255)18 b(for)e(wild{carding)223 2065
y(The)k(answ)o(er)h(section)f(carries)g(resource)g(records)h(that)g(directly)
d(answ)o(er)j(the)f(query)l(,)h(the)149 2155 y(authorit)o(y)g(section)f
(carries)g(resource)g(records)h(that)f(describ)q(e)g(other)h(authoritativ)o
(e)f(serv)o(ers,)149 2246 y(and)g(the)e(additional)h(section)g(carries)f
(resource)g(records)h(that)g(are)g(not)g(explicitly)d(requested)149
2336 y(but)h(migh)o(t)d(b)q(e)j(helpful)e(in)h(using)h(the)f(resource)g
(records)g(in)g(the)g(other)g(sections.)223 2426 y(The)k(authoritativ)o(e)h
(section)f(con)o(tains)h(name)f(serv)o(er)f(data)j(in)e(the)h(follo)o(wing)f
(case:)31 b(if)20 b(a)149 2517 y(name)14 b(serv)o(er)g(tries)g(to)h(resolv)o
(e)f(a)h(name)e(and)j(he)e(kno)o(ws)h(of)g(an)h(authoritativ)o(e)e(name)f
(serv)o(er)h(for)149 2607 y(the)h(domain)g(in)g(whic)o(h)f(the)h(name)f(lies)
g(that)i(has)g(to)f(b)q(e)g(resolv)o(ed,)f(he)h(puts)h(the)f(name)f(serv)o
(er's)p eop
%%Page: 17 26
25 bop 1901 -100 a Fo(17)149 75 y(name)13 b(in)o(to)h(the)f(authorit)o(y)h
(section)g(of)g(the)f(reply)l(.)20 b(This)14 b(is)g(the)f(approac)o(h)i(in)e
(the)h(DNS)g(to)g(refer)149 165 y(clien)o(ts)h(to)i(others)f(serv)o(ers)g(in)
g(the)g(not)g(recursiv)o(e)f(mo)q(de.)223 255 y(The)g(additional)g(section)g
(pla)o(ys)g(an)g(imp)q(ortan)o(t)g(role)f(in)h(the)g(same)f(case.)21
b(If)15 b(a)h(name)e(serv)o(er)149 346 y(refers)19 b(a)h(resolv)o(er)e(to)i
(another)g(name)e(serv)o(er,)g(he)h(b)q(etter)g(also)h(pro)o(vides)f(the)g
(address)h(of)g(the)149 436 y(other)f(name)e(serv)o(er,)h(b)q(ecause)h(that)g
(is)f(the)g(next)h(information)e(the)h(resolv)o(er)g(needs)g(in)g(order)149
526 y(to)f(pro)q(ceed)e(with)h(his)f(queries.)20 b(Another)c(reason)g(to)g
(ha)o(v)o(e)f(the)h(additional)f(section)h(is)f(to)h(ha)o(v)o(e)149
616 y(space)j(for)f(extra,)g(not)g(requested)f(information.)26
b(If)17 b(a)i(resolv)o(er)e(receiv)o(es)f(additional)i(records,)149
707 y(and)25 b(cac)o(hes)e(them,)h(he)g(migh)o(t)e(b)q(e)i(able)g(to)g(use)g
(them)e(later.)44 b(That)25 b(w)o(ould)f(result)f(in)h(an)149
797 y(increased)14 b(p)q(erformance)f(of)h(the)g(system,)e(b)q(ecause)i(the)g
(resolution)g(of)g(data)h(that)f(is)g(already)g(in)149 887
y(the)k(lo)q(cal)g(cac)o(he)g(is)g(considerably)f(more)g(e\016cien)o(t)f
(than)j(a)f(remote)f(resolution)h(that)h(requires)149 978 y(net)o(w)o(ork)d
(tra\016c.)223 1068 y(These)g(three)f(t)o(yp)q(es)h(of)h(DNS)f(message)g
(sections)g(share)g(the)g(same)g(format.)k(They)c(ha)o(v)o(e:)222
1182 y Fj(\017)24 b Fo(a)17 b(name)222 1306 y Fj(\017)24 b
Fo(a)17 b(t)o(yp)q(e)f(as)h(in)f(a)g(query)222 1430 y Fj(\017)24
b Fo(a)17 b(class)f(as)h(in)f(a)h(query)222 1555 y Fj(\017)24
b Fo(a)17 b(32)g(bit)f(time)e(to)j(liv)o(e)d(\014eld)i(giv)o(en)f(in)h
(seconds)h(\(TTL\))222 1679 y Fj(\017)24 b Fo(an)15 b(unsigned)g(16)g(bit)f
(in)o(teger)g(that)h(sp)q(eci\014es)f(the)g(length)g(of)h(the)g(RD)o(A)l(T)l
(A)e(\014eld)h(in)g(b)o(ytes)222 1803 y Fj(\017)24 b Fo(a)17
b(v)m(ariable)f(length)g(string)g(of)h(b)o(ytes)f(that)g(describ)q(es)g(the)g
(resource.)149 1967 y(2.4.3)49 b(Resource)16 b(Records)223
2089 y(Data)g(that)h(is)e(asso)q(ciated)i(with)f(the)g(no)q(des)g(and)h(lea)o
(v)o(es)d(of)i(this)g(tree)f(is)h(exc)o(hanged)f(in)h(the)149
2180 y(RD)o(A)l(T)l(A)f(p)q(ortion)i(of)g(the)e(last)h(three)g(sections)g(in)
f(a)i(DNS)e(message.)21 b(These)16 b(resource)f(records)149
2270 y(are)i(tagged)g(according)g(to)f(the)g(t)o(yp)q(e)g(of)h(data)g(they)f
(con)o(tain.)21 b(W)l(e)16 b(men)o(tion)f(only)h(those)h(t)o(yp)q(es)149
2360 y(that)h(pro)o(vide)f(necessary)g(information)g(for)h(understanding)g
(this)f(thesis.)25 b(A)17 b(complete)e(list)i(of)149 2451 y(t)o(yp)q(es)f
(and)h(classes)g(can)f(b)q(e)g(found)h(in)f(RF)o(C)g(1035)i(\([Mo)q(c87b]\).)
222 2560 y Fj(\017)24 b Fo(an)16 b(\\A")f(record)g(con)o(tains)f(a)i(host)f
(address;)h(a)f(32-bit)h(In)o(ternet)d(address)j(when)f(the)f(class)271
2650 y(is)i(\\IN")p eop
%%Page: 18 27
26 bop 1901 -100 a Fo(18)222 75 y Fj(\017)24 b Fo(an)18 b(\\NS")f(record)f
(sp)q(eci\014es)g(a)h(host)h(whic)o(h)e(should)h(b)q(e)g(authoritativ)o(e)f
(for)h(the)f(sp)q(eci\014ed)271 165 y(class)h(and)g(domain)222
294 y Fj(\017)24 b Fo(an)18 b(\\SO)o(A")g(record)f(is)h(the)f(\014rst)h(en)o
(try)e(in)i(eac)o(h)f(of)h(the)f(database)i(\014les)e(and)h(sp)q(eci\014es)f
(a)271 385 y(serv)o(er)f(to)g(b)q(e)h(the)f(authoritativ)o(e)f(source)i(of)f
(information)f(within)h(the)g(domain)222 514 y Fj(\017)24 b
Fo(a)e(\\PTR")h(record)f(pro)o(vides)f(a)h(p)q(oin)o(ter)f(to)i(another)f(lo)
q(cation)g(in)f(the)h(domain)f(name)271 604 y(space)222 734
y Fj(\017)j Fo(an)d(\\HINF)o(O")d(record)i(iden)o(ti\014es)e(the)h(CPU)h(t)o
(yp)q(e)f(and)h(op)q(erating)h(system)d(t)o(yp)q(e)h(used)271
824 y(b)o(y)d(a)h(host)222 954 y Fj(\017)24 b Fo(a)14 b(\\CNAME")g(record)f
(sp)q(eci\014es)h(the)f(canonical)g(or)h(primary)e(name)h(for)h(the)f(o)o
(wner)h({)g(the)271 1044 y(o)o(wner)j(is)f(an)g(alias)222 1173
y Fj(\017)24 b Fo(a)17 b(\\MX")g(record)g(sp)q(eci\014es)f(a)h(host)g
(willing)f(to)h(act)g(as)g(a)g(mail)e(exc)o(hange)h(for)h(the)f(o)o(wner)271
1264 y(name)f(and)i(a)g(preference)e(giv)o(en)g(among)h(other)g(resource)g
(records)h(at)f(the)g(same)g(o)o(wner)222 1393 y Fj(\017)24
b Fo(an)18 b(\\X25")h(record)e(con)o(tains)h(a)f(c)o(haracter)g(string)h
(whic)o(h)f(iden)o(ti\014es)f(a)i(public)e(switc)o(hed)271
1483 y(data)h(net)o(w)o(ork)f(address)222 1613 y Fj(\017)24
b Fo(an)14 b(\\ISDN")g(record)f(con)o(tains)g(a)h(c)o(haracter)e(string)i
(whic)o(h)e(iden)o(ti\014es)g(an)i(ISDN)1756 1595 y Fm(7)1788
1613 y Fo(n)o(um)o(b)q(er)271 1703 y(of)j(the)f(o)o(wner)g(and)h(the)f(DDI)g
(\(Direct)g(Dial)g(In\),)f(if)h(an)o(y)149 1899 y(2.4.4)49
b(Name)15 b(Serv)o(ers)223 2021 y(The)k(whole)h(database)h(is)f(divided)f(in)
o(to)g(zones)h(that)g(are)g(distributed)f(among)h(the)g(name)149
2111 y(serv)o(ers.)34 b(The)20 b(essen)o(tial)g(task)g(of)h(a)g(name)e(serv)o
(er)h(is)g(to)h(answ)o(er)g(queries)e(using)i(data)h(in)e(its)149
2202 y(zone.)38 b(T)l(o)23 b(ensure)e(a)h(higher)g(degree)f(of)i(reliabilit)o
(y)c(of)j(the)f(system,)h(the)f(de\014nition)h(of)g(the)149
2292 y(Domain)17 b(Name)f(System)g(requires)g(that)i(at)g(least)f(t)o(w)o(o)h
(name)e(serv)o(ers)h(con)o(tain)g(authoritativ)o(e)149 2382
y(data)23 b(for)f(a)g(giv)o(en)f(zone.)37 b(Some)20 b(sites)i(run)g(more)e
(than)i(t)o(w)o(o)g(name)e(serv)o(ers:)31 b(one)22 b(of)g(them)149
2473 y(usually)d(outside)h(of)f(the)h(a\013ected)f(net)o(w)o(ork)g(to)g
(guaran)o(tee)h(name)e(service)g(if)h(the)g(net)o(w)o(ork)g(is)149
2563 y(unreac)o(hable)12 b(for)f(some)g(reason.)21 b(The)11
b(main)g(name)f(serv)o(er)h(is)g(called)g(the)g(primary)f(name)h(serv)o(er,)p
149 2604 720 2 v 206 2635 a Fl(7)224 2650 y Fk(In)o(tegrated)k(Services)g
(Digital)d(Net)o(w)o(ork)p eop
%%Page: 19 28
27 bop 1901 -100 a Fo(19)731 101 y(T)l(able)16 b(2.1)33 b(Subset)16
b(of)h(QTYPEs)452 232 y(QTYPE)p 662 259 2 91 v 60 w(v)m(alue)p
821 259 V 49 w(meaning)p 427 261 1246 2 v 452 324 a(A)p 662
351 2 91 v 199 w(1)p 821 351 V 135 w(a)g(host)g(address)452
414 y(NS)p 662 441 V 172 w(2)p 821 441 V 135 w(an)g(authoritativ)o(e)f(name)f
(serv)o(er)452 505 y(SO)o(A)p 662 532 V 135 w(6)p 821 532 V
135 w(start)i(of)f(authorit)o(y)452 595 y(PTR)p 662 622 V 132
w(12)p 821 622 V 111 w(a)h(domain)e(name)g(p)q(oin)o(ter)452
685 y(HINF)o(O)p 662 712 V 75 w(13)p 821 712 V 111 w(host)i(information)e
(CPU)i(and)f(OS)452 775 y(CNAME)p 662 802 V 49 w(14)p 821 802
V 111 w(canonical)g(name)f(\(alias\))452 866 y(MX)p 662 893
V 154 w(15)p 821 893 V 111 w(mail)g(exc)o(hange)452 956 y(X25)p
662 983 V 151 w(19)p 821 983 V 111 w(public)g(switc)o(hed)h(data)h(net)o(w)o
(ork)f(address)452 1046 y(ISDN)p 662 1073 V 117 w(20)p 821
1073 V 111 w(in)o(tegrated)g(services)f(digital)h(net)o(w)o(ork)149
1302 y(and)j(the)g(bac)o(kup)f(serv)o(ers)g(are)g(called)f(secondary)i(name)e
(serv)o(ers.)27 b(Secondary)19 b(authoritativ)o(e)149 1392
y(name)d(serv)o(ers)g(up)q(date)i(the)f(data)h(base)f(for)g(their)f(zone)h(p)
q(erio)q(dically)f(with)h(data)h(p)q(olled)f(from)149 1482
y(their)g(primary)e(serv)o(ers.)22 b(Primary)16 b(name)f(serv)o(ers)h(load)i
(the)e(database)j(\014les)d(pro)o(vided)g(b)o(y)h(the)149 1573
y(zone)f(administrator)e(and)i(main)o(tain)e(a)i(cac)o(he)f(of)g(data)i(that)
f(w)o(as)g(acquired)e(through)j(resource)149 1663 y(records.)39
b(Serv)o(ers)22 b(w)o(an)o(t)g(to)g(adapt)i(dynamically)19
b(to)k(c)o(hanges)f(in)g(the)g(setup)g(of)h(the)f(name)149
1753 y(space)f(of)g(other)g(authorities.)35 b(Therefore,)21
b(eac)o(h)f(resource)h(record)f(con)o(tains)h(a)g(time)e(to)i(liv)o(e)149
1843 y(\014eld)16 b(whic)o(h)g(ensures)g(that)h(name)e(serv)o(ers)g(do)i(not)
g(cac)o(he)e(data)i(without)g(time)d(b)q(ound.)223 1934 y(The)22
b(actual)g(algorithm)f(name)g(serv)o(ers)g(use)h(dep)q(ends)h(on)f(the)g(lo)q
(cal)g(op)q(erating)h(system)149 2024 y(and)c(data)g(structures)f(used)g(to)g
(store)g(resource)g(records.)26 b(A)18 b(basic)g(outline)f(can)h(b)q(e)g
(found)h(in)149 2114 y([Mo)q(c87a)q(,)d(section)g(4.3.2])g(and)h(in)f
(section)g(2.9.2)g(of)h(this)f(thesis.)149 2274 y(2.4.5)49
b(Resolv)o(ers)223 2397 y(The)16 b(in)o(terface)f(b)q(et)o(w)o(een)h(the)g
(Domain)g(Name)f(System)g(and)j(user)e(programs)h(is)f(the)h(name)149
2487 y(resolv)o(er.)29 b(In)19 b(the)g(simplest)e(case,)i(a)g(resolv)o(er)f
(receiv)o(es)f(a)j(request)e(from)g(a)i(user)f(program)g(in)149
2577 y(the)c(form)f(of)h(a)h(system)d(call)h(or)i(subroutine)f(call)f(and)i
(returns)f(the)f(desired)h(information.)k(The)p eop
%%Page: 20 29
28 bop 1901 -100 a Fo(20)149 75 y(resolv)o(er)12 b(is)g(lo)q(cated)h(on)g
(the)g(same)e(mac)o(hine)g(as)i(the)f(user)h(program,)g(but)f(con)o(tacts)h
(one)g(or)g(more)149 165 y(name)19 b(serv)o(ers)h(on)h(\(usually\))e(remote)g
(mac)o(hines)f(if)i(the)g(requested)f(data)j(is)e(not)g(obtainable)149
255 y(from)c(the)g(lo)q(cal)g(cac)o(he.)223 346 y(The)j(t)o(ypical)g(resolv)o
(er{clien)o(t)e(in)o(terface)h(has)i(a)g(triple)f(functionalit)o(y:)27
b(host)20 b(name)f(to)h(IP)149 436 y(address)j(translation,)g(IP)e(address)h
(to)g(host)g(name)f(translation,)i(and)f(a)g(lo)q(okup)g(of)g(general)149
526 y(information)f(sp)q(ecifying)h(query)f(name,)h(t)o(yp)q(e,)g(and)h
(class.)39 b(The)22 b(follo)o(wing)f(results)h(can)g(b)q(e)149
616 y(obtained)e(after)e(the)h(resolv)o(er)e(p)q(erformed)h(the)h(indicated)f
(function:)26 b(the)18 b(data)i(requested,)e(a)149 707 y(name)e(error)g(in)g
(case)g(the)g(referenced)f(name)g(do)q(es)i(not)f(exist,)f(or)i(a)g(data)g
(not)f(found)h(error.)223 797 y(T)l(o)i(obtain)f(higher)h(e\016ciency)l(,)d
(it)i(is)g(reasonable)h(to)f(ha)o(v)o(e)g(all)g(resolv)o(ers)f(on)i(one)g
(mac)o(hine)149 887 y(share)i(their)f(cac)o(he.)32 b(An)20
b(algorithm)g(outline)f(for)i(the)f(resolv)o(er)f(can)i(b)q(e)f(found)h(in)f
([Mo)q(c87a)q(,)149 978 y(section)c(5.3.3])g(and)h(in)f(section)g(2.9.3)g(of)
h(this)f(thesis.)149 1143 y(2.5)50 b(F)l(orw)o(ard)16 b(and)h(In)o(v)o(erse)e
(Mapping)h(T)l(ree)223 1283 y(The)d(Domain)f(Name)f(Space)i(consists)h(of)f
(a)h(hierarc)o(h)o(y)d(of)j(domain)e(names.)19 b(As)13 b(the)g(decimal)149
1373 y(n)o(um)o(b)q(ers)j(in)h(the)g(dotted)h(quad)f(notation)h(for)g(IP)f
(addresses)h(can)f(b)q(e)h(view)o(ed)e(as)i(names,)e(it)h(is)149
1463 y(only)j(one)f(step)h(to)g(construct)f(a)h(tree)f(that)h(consists)g(of)g
(these)f(n)o(um)o(b)q(ers)f(as)i(domain)f(names.)149 1553 y(This)g(in)o(v)o
(erse)e(mapping)g(tree)h(is)g(moun)o(ted)f(on)i(the)f(domain)g(in-addr.arpa.)
28 b(The)19 b(IP)f(address)149 1644 y(128.46.152.78)24 b(for)d(zo)q
(o.ecn.purdue.edu)e(has)j(the)e(corresp)q(onding)i(name)d(78.152.46.128.in-)
149 1734 y(addr.arpa)f(whic)o(h)d(maps)h(bac)o(k)g(to)g(zo)q
(o.ecn.purdue.edu)f(\(see)h(Figure)g(2.4\).)223 1824 y(The)j(reason)h(for)f
(the)g(n)o(um)o(b)q(ers)f(of)h(the)g(IP)g(address)h(app)q(earing)g(in)f(rev)o
(erse)f(order)h(in)g(the)149 1915 y(rev)o(erse)d(mapping)g(tree)g(is)g(the)h
(follo)o(wing:)22 b(Domain)16 b(names)f(read)i(from)f(left)g(to)h(righ)o(t)f
(get)h(less)149 2005 y(sp)q(eci\014c,)12 b(whereas)h(IP)f(addresses)h(get)f
(more)f(sp)q(eci\014c)h(from)f(left)g(to)i(righ)o(t)f(\(see)f(Figure)h
(2.5\).)20 b(The)149 2095 y(task)f(of)g(delegating)g(authorit)o(y)f(for)h
(in-addr.arpa)h(domains)e(to)h(zone)f(administrators)g(w)o(ould)149
2185 y(b)q(e)f(imp)q(ossible)d(if)i(the)g(en)o(tries)f(app)q(eared)i(in)f
(the)g(original)g(order.)223 2276 y(In)h(case)g(someone)g(w)o(an)o(ted)g(to)h
(index)e(an)i(arbitrary)g(piece)e(of)h(data)i(in)e(the)g(domain)f(space)149
2366 y(\(something)j(aside)h(from)f(IP)h(addresses)g(or)g(host)h(names\),)e
(an)i(additional)f(sub)q(domain)g(suc)o(h)149 2456 y(as)g(the)f(in-addr.arpa)
h(domain)f(is)f(necessary)l(.)30 b(A)19 b(so)h(called)e(in)o(v)o(erse)f(lo)q
(okup)j(\(an)g(exhaustiv)o(e)149 2547 y(searc)o(h)c(of)g(the)f(whole)h
(domain)f(name)f(space\),)i(is)f(also)h(p)q(ossible,)g(but)g(not)g(feasible)e
(for)i(regular)149 2637 y(usage.)21 b(An)o(y)13 b(one)g(name)f(serv)o(er)g
(only)h(kno)o(ws)g(ab)q(out)h(part)g(of)f(the)g(o)o(v)o(erall)f(domain)g
(name)g(space.)p eop
%%Page: 21 30
29 bop 1901 -100 a Fo(21)524 979 y @beginspecial 0 @llx 0 @lly
261 @urx 212 @ury 2610 @rwi @setspecial
%%BeginDocument: pictures/rev_tree.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 216.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 194 64 m 254 84 l gs col-1 s gr
n 194 64 m 244 84 l gs col-1 s gr
n 194 64 m 234 84 l gs col-1 s gr
n 194 64 m 224 84 l gs col-1 s gr
n 194 64 m 214 84 l gs col-1 s gr
n 194 64 m 204 84 l gs col-1 s gr
n 194 64 m 134 84 l gs col-1 s gr
n 194 64 m 144 84 l gs col-1 s gr
n 194 64 m 154 84 l gs col-1 s gr
n 194 64 m 164 84 l gs col-1 s gr
n 194 64 m 174 84 l gs col-1 s gr
n 194 64 m 184 84 l gs col-1 s gr
n 194 64 m 194 84 l gs col-1 s gr
n 194 104 m 254 124 l gs col-1 s gr
n 194 104 m 244 124 l gs col-1 s gr
n 194 104 m 234 124 l gs col-1 s gr
n 194 104 m 224 124 l gs col-1 s gr
n 194 104 m 214 124 l gs col-1 s gr
n 194 104 m 204 124 l gs col-1 s gr
n 194 104 m 134 124 l gs col-1 s gr
n 194 104 m 144 124 l gs col-1 s gr
n 194 104 m 154 124 l gs col-1 s gr
n 194 104 m 164 124 l gs col-1 s gr
n 194 104 m 174 124 l gs col-1 s gr
n 194 104 m 184 124 l gs col-1 s gr
n 194 104 m 194 124 l gs col-1 s gr
1.000 setlinewidth
n 194 104 m 114 144 l gs col-1 s gr
0.500 setlinewidth
n 114 144 m 174 164 l gs col-1 s gr
n 114 144 m 164 164 l gs col-1 s gr
n 114 144 m 154 164 l gs col-1 s gr
n 114 144 m 144 164 l gs col-1 s gr
n 114 144 m 134 164 l gs col-1 s gr
n 114 144 m 124 164 l gs col-1 s gr
n 114 144 m 54 164 l gs col-1 s gr
n 114 144 m 64 164 l gs col-1 s gr
n 114 144 m 74 164 l gs col-1 s gr
n 114 144 m 84 164 l gs col-1 s gr
n 114 144 m 94 164 l gs col-1 s gr
n 114 144 m 104 164 l gs col-1 s gr
n 114 144 m 114 164 l gs col-1 s gr
1.000 setlinewidth
n 114 144 m 154 184 l gs col-1 s gr
0.500 setlinewidth
n 154 184 m 214 204 l gs col-1 s gr
n 154 184 m 204 204 l gs col-1 s gr
n 154 184 m 194 204 l gs col-1 s gr
n 154 184 m 184 204 l gs col-1 s gr
n 154 184 m 174 204 l gs col-1 s gr
n 154 184 m 164 204 l gs col-1 s gr
n 154 184 m 94 204 l gs col-1 s gr
n 154 184 m 104 204 l gs col-1 s gr
n 154 184 m 114 204 l gs col-1 s gr
n 154 184 m 124 204 l gs col-1 s gr
n 154 184 m 134 204 l gs col-1 s gr
n 154 184 m 144 204 l gs col-1 s gr
n 154 184 m 154 204 l gs col-1 s gr
1.000 setlinewidth
n 154 184 m 114 224 l gs col-1 s gr
n 194 64 m 194 104 l gs col-1 s gr
0.500 setlinewidth
	1 setlinecap [1 3.000000] 3.000000 setdash
n 294 44 m 294 54 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 94 4 m 194 64 l gs col-1 s gr
n 94 4 m 94 44 l gs col-1 s gr
n 94 4 m 39 39 l gs col-1 s gr
	1 setlinecap [1 3.000000] 3.000000 setdash
n 39 39 m 4 59 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 3.000000] 3.000000 setdash
n 94 44 m 94 59 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
/Times-Bold findfont 12.00 scalefont setfont
199 99 m 
gs 1 -1 scale (128) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
154 179 m 
gs 1 -1 scale (152) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
134 219 m 
gs 1 -1 scale (78) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
139 144 m 
gs 1 -1 scale (46) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
64 239 m 
gs 1 -1 scale (zoo.ecn.purdue.edu) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
69 54 m 
gs 1 -1 scale (edu) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
189 54 m 
gs 1 -1 scale (in-addr.arpa) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
29 54 m 
gs 1 -1 scale (ca) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
139 19 m 
gs 1 -1 scale (IP address 128.46.152.78) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 657 1224 a(Figure)16 b(2.4)32 b(The)17 b(in-addr.arpa)g(domain)
787 1645 y @beginspecial 0 @llx 0 @lly 126 @urx 65 @ury 1260
@rwi @setspecial
%%BeginDocument: pictures/nameaddr.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
0.0 72.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 139 24 m -1 24 l gs col-1 s gr
n 7.000 26.000 m -1.000 24.000 l 7.000 22.000 l gs 2 setlinejoin col-1 s gr
n -1 64 m 139 64 l gs col-1 s gr
n 131.000 62.000 m 139.000 64.000 l 131.000 66.000 l gs 2 setlinejoin col-1 s gr
/Times-Bold findfont 16.00 scalefont setfont
-1 44 m 
gs 1 -1 scale  360.0 rotate (uther.cs.purdue.edu) col-1 show gr
/Times-Bold findfont 16.00 scalefont setfont
29 59 m 
gs 1 -1 scale  360.0 rotate (128.10.4.20) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
-1 19 m 
gs 1 -1 scale  360.0 rotate (more specific) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
74 79 m 
gs 1 -1 scale  360.0 rotate (more specific) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 686 1890 a(Figure)e(2.5)33 b(Degree)16 b(of)h(sp)q
(eci\014cation)149 2074 y(Therefore,)d(an)g(in)o(v)o(erse)f(query)g(is)h(nev)
o(er)e(guaran)o(teed)j(to)f(return)g(an)g(answ)o(er.)21 b(If)13
b(a)i(name)e(serv)o(er)149 2165 y(receiv)o(es)i(an)i(in)o(v)o(erse)e(query)g
(for)i(an)g(IP)g(address)g(it)f(kno)o(ws)h(nothing)g(ab)q(out,)g(it)f(cannot)
i(return)149 2255 y(an)f(answ)o(er;)f(but)h(it)f(also)h(do)q(es)g(not)g(kno)o
(w)f(if)g(the)g(IP)g(address)h(do)q(es)g(not)g(exist,)e(b)q(ecause)i(it)f
(has)149 2345 y(only)f(its)g(part)h(of)g(the)f(DNS)g(database)h(to)g(w)o(ork)
f(with.)21 b(Additionally)l(,)13 b(the)i(implem)o(en)o(tati)o(on)e(of)149
2435 y(in)o(v)o(erse)i(queries)g(is)h(optional)h(according)f(to)h(the)f(DNS)g
(sp)q(eci\014cation.)p eop
%%Page: 22 31
30 bop 1901 -100 a Fo(22)149 75 y(2.6)50 b(Recursion)15 b(and)i(Iteration)223
214 y(When)i(there)g(is)h(the)f(need)g(for)h(resolving)f(a)h(name)f(in)g(the)
g(Domain)g(Name)f(System,)h(the)149 305 y(follo)o(wing)i(steps)f(are)h(tak)o
(en.)33 b(Who)q(ev)o(er)20 b(w)o(an)o(ts)h(to)g(resolv)o(e)e(a)i(name)e(in)o
(v)o(ok)o(es)g(a)i(lo)q(cal)f(clien)o(t)149 395 y(program,)13
b(the)g(resolv)o(er.)19 b(The)12 b(resolv)o(er)g(form)o(ulates)f(a)i(query)f
(according)h(to)g(the)f(DNS)h(proto)q(col)149 485 y(and)k(con)o(tacts)g(its)f
(lo)q(cal)g(name)f(serv)o(er.)223 575 y(These)h(queries)f(can)h(come)f(in)h
(t)o(w)o(o)g(di\013eren)o(t)f(\015a)o(v)o(ors:)22 b(\\recursiv)o(e")15
b(and)i(\\iterativ)o(e".)223 666 y(In)g(recursiv)o(e)f(resolution,)h(a)h
(resolv)o(er)e(sends)i(a)g(recursiv)o(e)e(query)g(to)i(a)g(name)f(serv)o(er.)
23 b(The)149 756 y(queried)13 b(name)f(serv)o(er)h(then)g(has)i(the)e
(obligation)h(to)g(resp)q(ond)h(with)e(the)g(answ)o(er)h(to)g(that)g(query)
149 846 y(or)20 b(with)g(an)g(error)f(co)q(de.)31 b(The)20
b(name)e(serv)o(er)g(cannot)i(refer)f(the)g(resolv)o(er)g(to)h(another)g
(name)149 937 y(serv)o(er.)28 b(In)18 b(case)g(the)h(queried)e(name)g(serv)o
(er)h(is)g(not)h(authoritativ)o(e)f(for)h(the)f(requested)g(data,)149
1027 y(it)k(has)g(to)g(resolv)o(e)f(the)g(query)g(again;)k(recursiv)o(e)19
b(or)j(iterativ)o(e.)36 b(Curren)o(t)21 b(implem)o(en)o(tations)149
1117 y(resolv)o(e)16 b(the)g(query)f(iterativ)o(e)f(and)j(do)g(not)g(pass)g
(the)f(w)o(ork)g(to)h(another)g(serv)o(er.)223 1207 y(Iterativ)o(e)9
b(resolution)j(do)q(es)g(not)g(require)f(nearly)g(as)h(m)o(uc)o(h)d(w)o(ork)j
(on)g(the)f(part)h(of)g(the)g(queried)149 1298 y(name)k(serv)o(er.)23
b(In)17 b(iterativ)o(e)e(resolution)i(a)g(name)f(serv)o(er)g(simply)f
(returns)i(the)g(b)q(est)h(answ)o(er)f(it)149 1388 y(is)h(capable)g(of)h
(giving.)26 b(No)18 b(additional)g(querying)f(of)i(other)f(name)f(serv)o(ers)
g(is)h(required.)25 b(The)149 1478 y(queried)14 b(name)f(serv)o(er)g(only)h
(consults)g(its)g(lo)q(cal)h(data)g(lo)q(oking)g(for)f(the)g(data)h
(requested.)20 b(If)14 b(the)149 1569 y(data)k(is)e(not)h(there,)f(it)g(mak)o
(es)f(its)h(b)q(est)h(attempt)e(to)i(giv)o(e)f(the)g(querier)f(data)j(that)f
(will)e(help)h(it)149 1659 y(con)o(tin)o(ue)i(the)g(resolution)g(pro)q(cess.)
28 b(This)19 b(data)g(usually)f(con)o(tains)h(names)e(and)i(addresses)g(of)
149 1749 y(name)d(serv)o(ers)f(that)i(are)f(\\closer")g(to)h(the)f(data)h
(its)f(seeking.)223 1839 y(After)10 b(p)q(ossibly)j(man)o(y)d(referrals,)h
(the)h(lo)q(cal)g(name)e(serv)o(er)h(queries)g(the)g(authoritativ)o(e)h(name)
149 1930 y(serv)o(er,)j(whic)o(h)h(returns)g(an)h(answ)o(er)f(or)h(an)g
(error)f(co)q(de.)149 2095 y(2.7)50 b(Filling)14 b(in)i(the)g(Blanks)223
2235 y(This)h(section)g(con)o(tains)h(features)f(that)h(w)o(ere)e(brie\015y)h
(touc)o(hed)g(in)g(the)g(previous)g(sections,)149 2325 y(but)e(that)g(need)f
(further)g(explanations:)21 b(the)14 b(cen)o(tral)f(role)h(of)h(cac)o(hes)f
(for)h(system)e(p)q(erformance)149 2415 y(enhancemen)o(t,)h(the)i(role)f(of)h
(administrativ)o(e)e(authorities,)h(and)i(the)f(t)o(yp)q(es)f(of)i(errors)f
(that)g(can)149 2506 y(o)q(ccur)h(during)f(name)f(serv)o(er)h(op)q(eration.)p
eop
%%Page: 23 32
31 bop 1901 -100 a Fo(23)149 75 y(2.7.1)49 b(Role)16 b(of)h(Cac)o(hes)223
197 y(The)d(whole)h(resolution)f(pro)q(cess)h(ma)o(y)e(seem)g(con)o(v)o
(oluted)h(and)h(cum)o(b)q(ersome)d(compared)h(to)149 287 y(simple)h(seeks)h
(through)h(a)g(host)g(table)f(database.)22 b(Ho)o(w)o(ev)o(er,)14
b(it)h(is)g(fast,)h(sp)q(eeded)f(up)g(consider-)149 378 y(ably)h(b)o(y)g(cac)
o(hing.)223 468 y(As)11 b(our)h(example)d(in)i(Section)g(2.8)h(sho)o(ws,)h
(name)d(serv)o(ers)h(ma)o(y)f(need)h(sev)o(eral)g(DNS)g(messages)149
558 y(to)21 b(\014nd)f(the)f(answ)o(er)i(to)f(a)g(query)l(.)31
b(During)21 b(successiv)o(e)d(resolution)i(attempts)f(name)f(serv)o(ers)149
649 y(disco)o(v)o(er)f(information)g(ab)q(out)i(the)e(Domain)g(Name)f(Space.)
26 b(This)18 b(information)f(can)g(b)q(e)h(used)149 739 y(for)e(future)f
(resolutions.)21 b(If)15 b(a)g(name)f(serv)o(er)g(cac)o(hes)h(the)g(data,)h
(it)e(builds)h(up)h(a)f(data)h(base)g(that)149 829 y(helps)i(sp)q(eed)g(up)g
(the)f(pro)q(cessing)i(of)f(further)g(querying.)25 b(The)18
b(next)f(time)f(a)i(resolv)o(er)e(queries)149 919 y(the)21
b(name)e(serv)o(er)h(for)h(data)g(ab)q(out)h(a)f(domain)f(name)f(the)h(name)g
(serv)o(er)f(kno)o(ws)i(something)149 1010 y(ab)q(out,)16 b(the)d(pro)q(cess)
i(is)f(shortened)g(considerably)l(.)20 b(Ev)o(en)13 b(if)g(a)i(name)e(serv)o
(er)f(do)q(es)j(not)g(ha)o(v)o(e)e(the)149 1100 y(answ)o(er)f(to)f(the)g
(query)f(in)h(its)f(cac)o(he)h(it)f(migh)o(t)g(ha)o(v)o(e)g(learned)g(the)h
(iden)o(tities)e(of)i(the)g(authoritativ)o(e)149 1190 y(name)i(serv)o(ers)f
(for)i(the)f(zone)g(the)g(domain)g(name)f(is)h(in,)h(and)g(it)f(migh)o(t)e(b)
q(e)j(able)f(to)h(resolv)o(e)e(them)149 1281 y(directly)l(.)223
1371 y(It)19 b(is)h(di\016cult)f(to)h(determine)d(the)j(optimal)f(time)e(to)k
(liv)o(e)d(v)m(alue)i(for)g(data)h(that)f(is)g(to)g(b)q(e)149
1461 y(cac)o(hed.)i(There)16 b(is)h(a)g(trade-o\013)h(b)q(et)o(w)o(een)e
(enhanced)g(p)q(erformance)f(once)i(data)g(is)g(cac)o(hed)f(and)149
1551 y(the)g(p)q(ossibilit)o(y)g(that)g(the)g(cac)o(hed)g(data)h(migh)o(t)e
(b)q(e)h(out)h(of)f(date)h(b)o(y)e(the)h(time)e(it)i(is)g(used.)149
1711 y(2.7.2)49 b(Role)16 b(of)h(Authorities)223 1834 y(Manageabilit)o(y)f
(of)h(the)g(administration)f(of)h(the)g(Domain)g(Name)e(Space)i(is)g(an)g
(imp)q(ortan)o(t)149 1924 y(issue)g(b)q(ecause)g(of)g(the)g(large)f(n)o(um)o
(b)q(er)f(of)i(hosts)h(in)e(the)h(In)o(ternet.)k(The)c(k)o(ey)f(concept)g(to)
h(solv)o(e)149 2014 y(this)23 b(problem)f(is)h(the)g(delegation)f(of)i
(authorit)o(y)f(along)h(the)e(edges)i(of)f(the)g(Domain)f(Name)149
2105 y(Space)d(tree.)27 b(Lo)q(cal)19 b(authorities)g(administer)d(their)i(o)
o(wn)h(zones.)28 b(They)18 b(k)o(eep)f(the)i(data)g(base)149
2195 y(consisten)o(t)12 b(and)g(ha)o(v)o(e)f(autonomous)h(con)o(trol)g(of)g
(name)e(assignmen)o(ts.)19 b(This)12 b(delegation)g(sc)o(heme)149
2285 y(tak)o(es)k(a)o(w)o(a)o(y)g(the)g(load)h(from)e(cen)o(tral)g
(authorities.)223 2376 y(It)e(is)h(imp)q(ortan)o(t)f(to)h(understand)h(that)g
(the)e(organizational)i(to)q(ol)g(of)f(delegation)g(of)g(author-)149
2466 y(it)o(y)f(includes)g(the)g(resp)q(onsibilit)o(y)f(for)i(the)f
(delegated)g(en)o(tit)o(y)l(.)19 b(There)13 b(is)h(no)g(delegation)f(without)
149 2556 y(resp)q(onsibilit)o(y)l(.)p eop
%%Page: 24 33
32 bop 1901 -100 a Fo(24)149 75 y(2.7.3)49 b(Occurrence)15
b(of)i(Errors)223 197 y(Sev)o(eral)12 b(error)i(situations)g(can)g(o)q(ccur)g
(during)h(name)d(serv)o(er)h(and)h(resolv)o(er)f(op)q(eration.)21
b(The)149 287 y(header)13 b(section)g(of)g(ev)o(ery)f(DNS)h(message)f(con)o
(tains)h(the)g(\014eld)g(\\R)o(CODE,")g(a)h(4)f(bit)g(\014eld)f(that)i(is)149
378 y(part)h(of)f(a)h(resp)q(onse)g(\(see)f(section)f(2.4.2\).)21
b(The)14 b(con)o(ten)o(ts)g(of)g(the)g(\\R)o(CODE")h(\014eld)f(determines)149
468 y(whic)o(h)i(error)g(has)h(o)q(ccurred)f(while)g(pro)q(cessing)h(the)f
(query:)222 600 y Fj(\017)24 b Fo(if)16 b(a)h(name)e(serv)o(er)g(is)h(unable)
g(to)h(in)o(terpret)e(a)h(query)l(,)f(it)h(\015ags)h(a)g(\\F)l(ormat)f
(Error")222 732 y Fj(\017)24 b Fo(if)19 b(a)g(name)f(serv)o(er)g(is)h(unable)
g(to)h(pro)q(cess)f(a)h(query)e(b)q(ecause)i(of)f(a)h(problem)d(with)i(that)
271 822 y(serv)o(er,)c(it)h(\015ags)h(a)g(\\Serv)o(er)e(F)l(ailure")222
954 y Fj(\017)24 b Fo(if)16 b(an)g(authoritativ)o(e)f(name)f(serv)o(er)h(for)
h(a)g(zone)g(determines)d(that)j(the)f(referenced)g(name)271
1044 y(do)q(es)i(not)g(exist,)e(a)i(\\Name)e(Error")i(is)f(\015agged.)222
1176 y Fj(\017)24 b Fo(if)f(a)h(serv)o(er)e(do)q(es)i(not)g(supp)q(ort)g(the)
f(requested)f(kind)h(of)h(query)l(,)f(it)g(returns)g(a)h(\\Not)271
1266 y(Impleme)o(n)o(ted")13 b(error)222 1398 y Fj(\017)24
b Fo(if)17 b(a)h(name)e(serv)o(er)g(do)q(es)i(not)f(w)o(an)o(t)h(to)f(pro)o
(vide)f(the)h(information)g(a)g(resolv)o(er)f(ask)o(ed)h(for)271
1488 y(in)j(a)h(query)l(,)f(it)g(returns)g(the)g(\\Refused")h(co)q(de.)33
b(This)20 b(is)g(one)h(example)d(of)j(the)f(serv)o(er)271 1578
y(refusing)d(to)f(p)q(erform)f(a)i(sp)q(eci\014ed)f(op)q(eration)h(for)f(p)q
(olicy)g(reasons)149 1744 y(2.8)50 b(Example:)19 b(Name)c(Resolution)223
1883 y(This)h(section)h(con)o(tains)f(a)h(simple)e(example)f(for)j(a)g(name)e
(resolution)i(using)g(a)g(mec)o(hanism)149 1974 y(based)e(on)f(the)f(clien)o
(t{serv)o(er)e(paradigm.)20 b(A)13 b(generic)g(resolution)g(example)f(is)h
(sho)o(wn)i(in)e(Figure)149 2064 y(2.6)k(with)f(a)h(short)g(explanation)f(of)
g(the)g(steps)h(in)f(table)g(2.2.)223 2154 y(A)10 b(resolv)o(er)g(forms)g(a)h
(query)g(of)g(some)f(kind)g(and)i(w)o(an)o(ts)f(to)g(retriev)o(e)e(the)i
(resp)q(onse)h(con)o(taining)149 2245 y(the)i(answ)o(er)g(to)g(its)f(query)g
(from)f(the)i(name)e(serv)o(er)h(A.)f(This)i(name)e(serv)o(er)h(A)g(could)g
(b)q(e)h(running)149 2335 y(on)21 b(the)f(same)f(host)i(with)e(the)h(resolv)o
(er)f(soft)o(w)o(are,)i(on)f(a)h(host)f(in)g(the)g(lo)q(cal)g(net)o(w)o(ork)f
(of)i(the)149 2425 y(resolv)o(er,)h(on)g(a)g(host)g(somewhere)e(in)h(the)h
(net,)g(or)g(on)g(one)f(of)h(the)f(hosts)i(serving)e(the)g(ro)q(ot)149
2515 y(domains.)42 b(Assuming)22 b(that)i(A)f(do)q(es)h(not)g(kno)o(w)f(the)g
(requested)g(information,)h(it)e(tries)h(to)149 2606 y(retriev)o(e)16
b(it)i(from)e(other)i(name)f(serv)o(ers.)25 b(The)18 b(selection)f(of)h(whic)
o(h)f(name)f(serv)o(ers)h(to)i(con)o(tact)p eop
%%Page: 25 34
33 bop 1901 -100 a Fo(25)374 1345 y @beginspecial 0 @llx 0
@lly 309 @urx 294 @ury 3090 @rwi @setspecial
%%BeginDocument: pictures/res_expl.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
 /DrawEllipse {
	/endangle exch def
	/startangle exch def
	/yrad exch def
	/xrad exch def
	/y exch def
	/x exch def
	/savematrix mtrx currentmatrix def
	x y translate xrad yrad scale 0 0 1 startangle endangle arc
	savematrix setmatrix
	} def

	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-7.0 301.0 translate 0.900 -0.900 scale
1.000 setlinewidth
n 253.000 163.000 m 249.000 179.000 l 245.000 163.000 l gs 2 setlinejoin col-1 s gr
	[6.000000] 0 setdash
n 179.000 179.000 70.000 180.000 0.000 arc
gs col-1 s gr
	[] 0 setdash
n 39 179 32 32 0 360 DrawEllipse gs col-1 s gr
n 179 39 32 32 0 360 DrawEllipse gs col-1 s gr
n 179 179 32 32 0 360 DrawEllipse gs col-1 s gr
n 319 179 32 32 0 360 DrawEllipse gs col-1 s gr
n 149 184 m 69 184 l gs col-1 s gr
n 85.000 188.000 m 69.000 184.000 l 85.000 180.000 l gs 2 setlinejoin col-1 s gr
n 69 174 m 149 174 l gs col-1 s gr
n 133.000 170.000 m 149.000 174.000 l 133.000 178.000 l gs 2 setlinejoin col-1 s gr
n 209 174 m 289 174 l gs col-1 s gr
n 273.000 170.000 m 289.000 174.000 l 273.000 178.000 l gs 2 setlinejoin col-1 s gr
n 289 184 m 209 184 l gs col-1 s gr
n 225.000 188.000 m 209.000 184.000 l 225.000 180.000 l gs 2 setlinejoin col-1 s gr
n 174 284 m 174 209 l gs col-1 s gr
n 170.000 225.000 m 174.000 209.000 l 178.000 225.000 l gs 2 setlinejoin col-1 s gr
n 184 209 m 184 284 l gs col-1 s gr
n 188.000 268.000 m 184.000 284.000 l 180.000 268.000 l gs 2 setlinejoin col-1 s gr
n 174 149 m 174 69 l gs col-1 s gr
n 170.000 85.000 m 174.000 69.000 l 178.000 85.000 l gs 2 setlinejoin col-1 s gr
n 184 69 m 184 149 l gs col-1 s gr
n 188.000 133.000 m 184.000 149.000 l 180.000 133.000 l gs 2 setlinejoin col-1 s gr
n 146 284 m 139 284 139 327 7 arcto 4 {pop} repeat 139 334 212 334 7 arcto 4 {pop} repeat 219 334 219 291 7 arcto 4 {pop} repeat 219 284 146 284 7 arcto 4 {pop} repeat clp gs col-1 s gr
/Times-Bold findfont 12.00 scalefont setfont
174 169 m 
gs 1 -1 scale (A) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
174 29 m 
gs 1 -1 scale (C) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
314 169 m 
gs 1 -1 scale (D) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
34 169 m 
gs 1 -1 scale (B) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
24 199 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
24 184 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
164 199 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
164 184 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
304 199 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
304 184 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
164 59 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
164 44 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
154 314 m 
gs 1 -1 scale (resolver) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
139 249 m 
gs 1 -1 scale (query) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
189 249 m 
gs 1 -1 scale (answer) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
89 169 m 
gs 1 -1 scale (referral) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
144 104 m 
gs 1 -1 scale (query) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
214 169 m 
gs 1 -1 scale (query) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
189 104 m 
gs 1 -1 scale (referral) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
99 199 m 
gs 1 -1 scale (query) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
229 199 m 
gs 1 -1 scale (answer) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
79 199 m 
gs 1 -1 scale (2) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
134 169 m 
gs 1 -1 scale (3) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
159 84 m 
gs 1 -1 scale (4) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
274 169 m 
gs 1 -1 scale (6) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
194 279 m 
gs 1 -1 scale (8) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
194 144 m 
gs 1 -1 scale (5) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
219 199 m 
gs 1 -1 scale (7) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
159 224 m 
gs 1 -1 scale (1) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 654 1590 a(Figure)16 b(2.6)33 b(Example)15 b(name)g(resolution)
149 1774 y(dep)q(ends)i(on)g(the)f(name)g(to)g(b)q(e)h(resolv)o(ed.)k(The)16
b(decision)g(pro)q(cess)h(ab)q(out)h(this)e(c)o(hoice)f(is)h(giv)o(en)149
1864 y(in)f(sections)f(2.9.2)h(and)g(2.9.3)g(where)g(w)o(e)f(explain)f(the)i
(algorithms)f(used)g(b)o(y)h(name)e(serv)o(ers)h(and)149 1954
y(resolv)o(ers.)223 2045 y(The)f(con)o(tacted)g(name)g(serv)o(ers)g(return)g
(an)h(answ)o(er)g(to)g(the)f(query)g(to)h(the)g(requesting)f(name)149
2135 y(serv)o(er,)f(or)i(they)e(return)h(a)g(referral)f(to)h(another)h(name)e
(serv)o(er)f(that)j(is)e(more)g(lik)o(ely)e(to)k(kno)o(w)f(the)149
2225 y(answ)o(er.)27 b(W)l(e)17 b(neither)g(consider)h(the)f(o)q(ccurrence)g
(of)i(exceptions)e(or)h(errors)g(in)f(this)h(example,)149 2316
y(nor)g(cac)o(hing)f(issues.)26 b(P)o(ossible)17 b(return)g(co)q(des)h(in)f
(resp)q(onses)i(are)e(giv)o(en)g(in)g(section)g(2.4.2)h(and)149
2406 y(are)f(further)f(explained)f(in)h(section)g(2.7.3.)223
2496 y(As)e(so)q(on)j(as)e(one)g(of)g(the)g(con)o(tacted)f(name)g(serv)o(ers)
g(returns)h(an)g(answ)o(er)h(to)f(A,)f(A)g(resp)q(onds)149
2586 y(to)j(the)f(original)g(query)g(of)g(the)g(resolv)o(er)f(with)h(the)g
(retriev)o(ed)f(answ)o(er.)p eop
%%Page: 26 35
34 bop 1901 -100 a Fo(26)574 101 y(T)l(able)17 b(2.2)32 b(Example)15
b(steps)h(in)g(name)f(resolution)452 232 y(Step)p 571 259 2
91 v 49 w(Action)p 427 261 1246 2 v 452 324 a(1)p 571 351 2
91 v 120 w(Name)g(serv)o(er)g(A)h(receiv)o(es)e(a)j(query)e(from)g(the)h
(resolv)o(er)452 414 y(2)p 571 441 V 120 w(A)g(queries)f(B)452
505 y(3)p 571 532 V 120 w(B)h(refers)g(A)g(to)g(other)h(name)e(serv)o(ers,)g
(incl.)20 b(C)452 595 y(4)p 571 622 V 120 w(A)c(queries)f(C)452
685 y(5)p 571 712 V 120 w(C)i(refers)f(A)f(to)i(other)f(name)f(serv)o(ers,)g
(incl.)20 b(D)452 775 y(6)p 571 802 V 120 w(A)c(queries)f(D)452
866 y(7)p 571 893 V 120 w(D)i(answ)o(ers)452 956 y(8)p 571
983 V 120 w(D)g(returns)f(the)g(answ)o(er)h(to)f(the)g(resolv)o(er)149
1211 y(2.9)50 b(The)16 b(Domain)f(Name)g(System)g(Proto)q(col)223
1351 y(The)f(o\016cial)f(design)h(do)q(cumen)o(ts)f([Mo)q(c87a)q(])h(and)h
([Mo)q(c87b])f(state)g(and)h(describ)q(e)f(concepts)149 1441
y(and)23 b(facilities,)d(implem)o(en)o(tati)o(on)g(and)i(sp)q(eci\014cation.)
36 b(In)22 b(the)f(follo)o(wing)g(sections,)h(w)o(e)g(will)149
1532 y(discuss)c(topics)g(related)f(to)h(the)g(data)h(structures)e(and)i
(data)f(organization,)h(and)g(presen)o(t)e(the)149 1622 y(name)c(serv)o(er)g
(and)i(the)f(resolv)o(er)f(algorithm)g(on)h(a)h(fairly)e(high)h(lev)o(el.)19
b(W)l(e)14 b(get)g(in)o(to)f(more)g(detail)149 1712 y(where)j(it)g(is)g
(necessary)g(to)h(examine)d(the)i(w)o(eak)g(p)q(oin)o(ts)g(of)h(the)f(proto)q
(col.)223 1802 y(The)11 b(data)g(structures)g(and)h(the)e(algorithms)h(are)g
(the)f(basis)i(for)f(the)g(analysis)g(of)g(the)g(proto)q(col)149
1893 y(later)16 b(in)g(this)g(thesis.)149 2053 y(2.9.1)49 b(Data)18
b(Structures)223 2175 y(Tw)o(o)f(principal)e(kinds)h(of)h(data)g(app)q(ear)h
(in)e(the)g(Domain)g(Name)f(System:)20 b(zone)d(data)g(and)149
2265 y(cac)o(he)f(data.)223 2356 y(A)11 b(zone)i(con)o(tains)f(a)h(complete)d
(database)j(for)g(a)f(particular)g(pruned)h(subtree)f(of)g(the)g(domain)149
2446 y(name)19 b(space.)32 b(This)20 b(data)h(can)f(b)q(e)g(authoritativ)o(e)
f(if)g(it)h(is)f(the)h(original)g(database)h(managed)149 2536
y(for)16 b(this)g(particular)f(zone)h(b)o(y)f(a)h(primary)e(or)i(secondary)g
(name)f(serv)o(er.)20 b(Otherwise)15 b(it)g(is)g(non{)149 2627
y(authoritativ)o(e)i(data.)24 b(Secondary)17 b(serv)o(ers)f(main)o(tain)f
(zone)i(data)h(as)f(copies)g(from)f(the)h(master)p eop
%%Page: 27 36
35 bop 1901 -100 a Fo(27)149 75 y(\014les.)21 b(Name)13 b(serv)o(ers)g(c)o
(hec)o(k)g(p)q(erio)q(dically)h(for)h(c)o(hanges)g(\(for)g(a)g(c)o(hanged)f
(serial)g(n)o(um)o(b)q(er)f(in)i(the)149 165 y(SO)o(A)h(records\))g(and)h(up)
q(date)f(their)g(data)h(b)o(y)e(reading)i(the)f(master)f(\014les,)g(or)h(via)
g(zone)g(transfer)149 255 y(op)q(erations.)223 346 y(As)f(w)o(e)g(will)f
(describ)q(e)h(in)g(Section)g(2.3.2,)h(the)f(tec)o(hnology)g(of)h(cac)o(hing)
f(is)g(a)h(k)o(ey)f(concept)g(in)149 436 y(the)k(Domain)f(Name)f(System.)27
b(The)19 b(cac)o(hed)f(data)i(usually)e(represen)o(ts)g(only)h(an)g
(incomplete)149 526 y(view)d(of)h(zone)g(information.)k(It)16
b(impro)o(v)o(es)e(the)j(p)q(erformance)e(of)i(the)g(retriev)m(al)e(pro)q
(cess)i(when)149 616 y(non{lo)q(cal)e(data)f(is)f(rep)q(eatedly)g(accessed.)
20 b(Zone)13 b(data)i(is)e(ev)o(en)o(tually)e(discarded)i(b)o(y)g(a)h
(timeout)149 707 y(mec)o(hanism.)223 797 y(The)h(implem)o(en)n(tation)e(of)j
(the)f(Domain)f(Name)g(System)g(is)h(not)g(limited)e(to)i(a)h(certain)f(data)
149 887 y(structure,)i(but)g(is)f(free)g(to)h(c)o(ho)q(ose)h(an)o(y)e(in)o
(ternal)g(data)i(structure.)k(Ho)o(w)o(ev)o(er,)15 b(it)h(is)h(suggested)149
978 y(b)o(y)e(the)g(standard)i(that)f(a)f(separate)h(instance)f(of)h(the)f
(data)h(structure)f(b)q(e)g(used)h(for)f(eac)o(h)g(zone,)149
1068 y(a)20 b(data)g(structure)e(for)h(the)g(catalog,)h(and)f(one)h(for)f
(the)f(cac)o(hed)h(data.)30 b(It)18 b(is)h(imp)q(ortan)o(t)f(that)149
1158 y(resolv)o(er)g(and)h(name)f(serv)o(er)f(can)i(concurren)o(tly)f(access)
g(the)h(same)e(cac)o(he)h(when)h(they)f(are)h(on)149 1248 y(the)d(same)g(mac)
o(hine.)j(In)d(Section)f(2.10.1)i(w)o(e)f(go)h(in)o(to)f(more)f(detail)g(on)i
(this)f(p)q(oin)o(t.)149 1408 y(2.9.2)49 b(Name)15 b(Serv)o(er)g(Algorithm)
223 1531 y(The)k(impleme)o(n)o(tation)e(of)j(the)g(name)e(serv)o(er)h
(algorithm,)g(whic)o(h)g(is)h(giv)o(en)e(in)i(Figure)f(2.7)149
1621 y(dep)q(ends)g(on)g(the)f(lo)q(cal)g(op)q(erating)h(system)e(and)i(data)
g(structures)f(used)g(to)h(store)f(RRs.)27 b(The)149 1711 y(algorithms)14
b(of)i(the)e(name)g(serv)o(er)g(and)h(the)g(resolv)o(er)e(assume)h(an)i
(organization)f(of)h(the)e(data)i(as)149 1802 y(describ)q(ed)g(in)g(the)g
(previous)g(section:)21 b(sev)o(eral)15 b(tree)h(structures,)f(one)i(for)f
(eac)o(h)g(zone.)223 1892 y(In)c(the)h(follo)o(wing)g(presen)o(tation)f(of)i
(the)f(algorithm)e(w)o(e)i(sta)o(y)g(close)g(to)g(the)g(outline)f(sp)q
(eci\014ed)149 1982 y(in)k([Mo)q(c87a)q(].)209 2127 y(1.)24
b(Set)13 b(or)h(clear)e(the)h(RA)g(bit)g(in)g(the)g(resp)q(onse)h(dep)q
(ending)f(on)h(whether)f(the)g(name)f(serv)o(er)g(is)271 2217
y(willing)f(to)g(pro)o(vide)g(recursiv)o(e)e(service.)18 b(If)11
b(recursiv)o(e)f(service)g(is)h(a)o(v)m(ailable)f(and)i(requested)271
2307 y(via)k(the)g(RD)h(bit)f(in)f(the)h(query)l(,)f(branc)o(h)i(to)f(step)h
(5,)f(otherwise)g(step)g(2.)209 2439 y(2.)24 b(Searc)o(h)e(the)g(a)o(v)m
(ailable)f(zones)i(for)f(the)g(zone)g(whic)o(h)g(is)f(the)h(nearest)h
(ancestor)f(to)h(the)271 2529 y(queried)15 b(name.)20 b(If)c(suc)o(h)g(a)h
(zone)f(is)g(found,)g(branc)o(h)h(to)f(step)h(3,)f(otherwise)g(step)g(4.)p
eop
%%Page: 28 37
36 bop 1901 -100 a Fo(28)187 2020 y @beginspecial 0 @llx 0
@lly 378 @urx 436 @ury 3780 @rwi @setspecial
%%BeginDocument: pictures/ns_alg.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-18.0 454.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 194 149 m 209 149 l gs col-1 s gr
n 201.000 147.000 m 209.000 149.000 l 201.000 151.000 l gs 2 setlinejoin col-1 s gr
1.000 setlinewidth
n 19 39 m 379 39 l gs col-1 s gr
n 19 79 m 379 79 l gs col-1 s gr
n 19 119 m 379 119 l gs col-1 s gr
n 39 359 m 39 139 l  379 139 l gs col-1 s gr
n 39 199 m 379 199 l gs col-1 s gr
n 39 259 m 379 259 l gs col-1 s gr
n 19 359 m 379 359 l gs col-1 s gr
n 19 419 m 379 419 l gs col-1 s gr
n 19 459 m 379 459 l gs col-1 s gr
n 19 504 m 19 19 l  379 19 l  379 504 l  19 504 l gs col-1 s gr
n 19 499 m 379 499 l gs col-1 s gr
0.500 setlinewidth
n 369 169 m 399 169 l  399 44 l  379 44 l gs col-1 s gr
n 387.000 46.000 m 379.000 44.000 l 387.000 42.000 l gs 2 setlinejoin col-1 s gr
n 289 69 m 419 69 l  419 424 l  379 424 l gs col-1 s gr
n 387.000 426.000 m 379.000 424.000 l 387.000 422.000 l gs 2 setlinejoin col-1 s gr
n 24 34 m 24 44 l gs col-1 s gr
n 26.000 36.000 m 24.000 44.000 l 22.000 36.000 l gs 2 setlinejoin col-1 s gr
n 24 74 m 24 84 l gs col-1 s gr
n 26.000 76.000 m 24.000 84.000 l 22.000 76.000 l gs 2 setlinejoin col-1 s gr
n 24 114 m 24 124 l gs col-1 s gr
n 26.000 116.000 m 24.000 124.000 l 22.000 116.000 l gs 2 setlinejoin col-1 s gr
n 24 354 m 24 364 l gs col-1 s gr
n 26.000 356.000 m 24.000 364.000 l 22.000 356.000 l gs 2 setlinejoin col-1 s gr
n 24 454 m 24 464 l gs col-1 s gr
n 26.000 456.000 m 24.000 464.000 l 22.000 456.000 l gs 2 setlinejoin col-1 s gr
n 179 109 m 439 109 l  439 364 l  379 364 l gs col-1 s gr
n 387.000 366.000 m 379.000 364.000 l 387.000 362.000 l gs 2 setlinejoin col-1 s gr
n 349 189 m 399 189 l  399 464 l  379 464 l gs col-1 s gr
n 387.000 466.000 m 379.000 464.000 l 387.000 462.000 l gs 2 setlinejoin col-1 s gr
n 264 249 m 439 249 l gs col-1 s gr
n 431.000 247.000 m 439.000 249.000 l 431.000 251.000 l gs 2 setlinejoin col-1 s gr
n 209 349 m 399 349 l gs col-1 s gr
n 391.000 347.000 m 399.000 349.000 l 391.000 351.000 l gs 2 setlinejoin col-1 s gr
n 309 409 m 399 409 l gs col-1 s gr
n 391.000 407.000 m 399.000 409.000 l 391.000 411.000 l gs 2 setlinejoin col-1 s gr
n 259 209 m 274 209 l gs col-1 s gr
n 266.000 207.000 m 274.000 209.000 l 266.000 211.000 l gs 2 setlinejoin col-1 s gr
/Times-Roman findfont 12.00 scalefont setfont
24 54 m 
gs 1 -1 scale (1.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 54 m 
gs 1 -1 scale (set or clear recursion available flag) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 74 m 
gs 1 -1 scale (If recursive service available and requested, then ) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 94 m 
gs 1 -1 scale (2.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 114 m 
gs 1 -1 scale (If no such zone found, then) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 134 m 
gs 1 -1 scale (3.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 134 m 
gs 1 -1 scale (match down, label by label, in the zone. Termination of process:) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 154 m 
gs 1 -1 scale (whole QNAME is matched) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
214 154 m 
gs 1 -1 scale (node is found.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 174 m 
gs 1 -1 scale (If data in node is CNAME \(!= QTYPE\), expand QNAME and) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 214 m 
gs 1 -1 scale (match takes us out of authoritative data ) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
279 214 m 
gs 1 -1 scale (referral) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 234 m 
gs 1 -1 scale (copy RR of NS-record in authority section, and put available ) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 274 m 
gs 1 -1 scale (match is impossible. look for wildcard "*". If no "*" exists) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
64 294 m 
gs 1 -1 scale (then: If name is original QNAME, set authoritative name error) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
79 314 m 
gs 1 -1 scale (in the response and exit, otherwise just exit.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
64 334 m 
gs 1 -1 scale (else: match RRs at that node against QTYPE, copy matches) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
79 354 m 
gs 1 -1 scale (into answer section and) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 374 m 
gs 1 -1 scale (4.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 374 m 
gs 1 -1 scale (match down in the cache. If CNAME is found, copy all RRs into) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 394 m 
gs 1 -1 scale (answer section.  If there was no delegation from auth. data, put) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 414 m 
gs 1 -1 scale (best one from the cache into the authoritative section.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 434 m 
gs 1 -1 scale (5.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 434 m 
gs 1 -1 scale (use local resolver, or copy of the algorithm to answer query.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 454 m 
gs 1 -1 scale (Store the results \(incl. interm. CNAMEs\) in the answer section.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 474 m 
gs 1 -1 scale (6.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 474 m 
gs 1 -1 scale (use local data only, attempt to add other RRs which may be useful) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 494 m 
gs 1 -1 scale (to the additional section of the query. Exit.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
369 164 m 
gs 1 -1 scale (1) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
294 64 m 
gs 1 -1 scale (5) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
184 104 m 
gs 1 -1 scale (4) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
269 244 m 
gs 1 -1 scale (4) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
354 184 m 
gs 1 -1 scale (6) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
314 404 m 
gs 1 -1 scale (6) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 154 m 
gs 1 -1 scale ( a\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 214 m 
gs 1 -1 scale ( b\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 274 m 
gs 1 -1 scale ( c\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 34 m 
gs 1 -1 scale (0.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 34 m 
gs 1 -1 scale (incoming query) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 94 m 
gs 1 -1 scale (search available zones for zone that is nearest answer to QNAME) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 194 m 
gs 1 -1 scale (copy all RRs that match QTYPE into answer section and) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
214 344 m 
gs 1 -1 scale (6) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 254 m 
gs 1 -1 scale (addresses in the additional section, and) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 682 2265 a(Figure)16 b(2.7)32 b(Name)15 b(serv)o(er)g(algorithm)
209 2449 y(3.)24 b(Start)16 b(matc)o(hing)d(the)h(name)g(in)h(the)f(zone,)h
(lab)q(el)f(b)o(y)g(lab)q(el.)21 b(The)15 b(matc)o(hing)e(pro)q(cess)i(can)
271 2539 y(terminate)g(sev)o(eral)g(w)o(a)o(ys:)p eop
%%Page: 29 38
37 bop 1901 -100 a Fo(29)292 75 y(\(a\))25 b(If)15 b(the)h(whole)h(queried)e
(name)g(is)h(matc)o(hed,)e(w)o(e)i(ha)o(v)o(e)f(found)i(the)f(no)q(de.)379
186 y(If)21 b(the)h(data)g(at)h(the)e(no)q(de)i(is)e(a)i(canonical)e(name,)h
(and)g(the)g(queried)f(t)o(yp)q(e)g(w)o(as)379 277 y(not)f(CNAME,)f(cop)o(y)h
(the)g(canonical)g(name)f(resource)h(records)g(in)o(to)g(the)g(answ)o(er)379
367 y(section)14 b(of)h(the)g(resp)q(onse,)g(c)o(hange)g(the)f(queried)g
(name)f(to)i(the)g(canonical)f(name)g(in)379 457 y(the)i(CNAME)f(RR)h(and)h
(go)g(bac)o(k)f(to)h(step)f(1.)379 569 y(Otherwise)e(cop)o(y)g(all)g
(resource)g(records)g(whic)o(h)g(matc)o(h)f(the)h(queried)g(t)o(yp)q(e)g(in)o
(to)g(the)379 659 y(answ)o(er)i(section)g(and)h(go)g(to)g(step)f(6.)289
770 y(\(b\))25 b(If)15 b(a)g(matc)o(h)f(w)o(ould)i(tak)o(e)e(us)i(out)g(of)g
(the)f(authoritativ)o(e)g(data,)g(w)o(e)g(ha)o(v)o(e)g(a)h(referral.)379
861 y(This)d(happ)q(ens)h(when)e(w)o(e)h(encoun)o(ter)f(a)h(no)q(de)h(with)e
(name)g(serv)o(er)g(resource)g(records)379 951 y(marking)j(cuts)h(along)h
(the)f(b)q(ottom)g(of)h(a)f(zone.)379 1063 y(Cop)o(y)h(the)f(name)g(serv)o
(er)g(resource)g(records)h(for)g(the)g(subzone)g(in)o(to)f(the)h(authorit)o
(y)379 1153 y(section)h(of)i(the)f(reply)l(.)29 b(Put)19 b(whatev)o(er)g
(addresses)h(are)f(a)o(v)m(ailable)f(in)o(to)h(the)g(addi-)379
1243 y(tional)13 b(section,)h(using)g(glue)f(resource)g(records)h(if)f(the)g
(addresses)h(are)g(not)g(a)o(v)m(ailable)379 1334 y(from)h(authoritativ)o(e)g
(data)j(or)e(the)g(cac)o(he.)21 b(Go)c(to)f(step)g(4.)295 1445
y(\(c\))24 b(If)15 b(at)i(some)e(lab)q(el,)h(a)g(matc)o(h)f(is)h(imp)q
(ossible,)e(lo)q(ok)j(to)g(see)e(if)h(a)h(\\)p Fq(\003)p Fo(")g(lab)q(el)f
(exists.)379 1556 y(If)e(the)h(\\)p Fq(\003)p Fo(")h(lab)q(el)f(do)q(es)h
(not)f(exist,)g(c)o(hec)o(k)e(whether)i(the)g(name)f(w)o(e)g(are)i(lo)q
(oking)f(for)379 1647 y(is)i(the)h(original)g(name)e(in)i(the)g(query)l(,)e
(or)j(a)f(name)f(w)o(e)g(ha)o(v)o(e)g(follo)o(w)o(ed)g(b)q(ecause)h(of)379
1737 y(a)e(CNAME.)g(If)g(the)g(name)f(is)h(original,)g(set)g(an)h
(authoritativ)o(e)f(name)f(error)i(in)f(the)379 1827 y(resp)q(onse)h(and)g
(exit.)j(Otherwise)15 b(just)i(exit.)379 1939 y(If)i(the)h(\\)p
Fq(\003)p Fo(")g(lab)q(el)g(do)q(es)h(exist,)e(matc)o(h)g(resource)g(records)
h(at)h(that)f(no)q(de)g(against)379 2029 y(the)f(queried)g(t)o(yp)q(e.)31
b(If)20 b(an)o(y)f(matc)o(h,)g(cop)o(y)g(them)f(in)o(to)i(the)f(answ)o(er)h
(section,)g(but)379 2119 y(set)d(the)g(o)o(wner)g(of)h(the)f(resource)g
(record)g(to)h(b)q(e)f(the)g(queried)f(name,)g(and)i(not)g(the)379
2210 y(no)q(de)f(with)f(the)g(\\)p Fq(\003)p Fo(")h(lab)q(el.)j(Go)d(to)g
(step)f(6.)209 2342 y(4.)24 b(Start)e(matc)o(hing)f(do)o(wn)h(in)f(the)h(cac)
o(he.)36 b(If)22 b(the)f(name)g(is)g(found)h(in)g(the)f(cac)o(he,)h(cop)o(y)
271 2432 y(all)d(resource)f(records)h(attac)o(hed)g(to)g(it)g(that)g(matc)o
(h)e(the)i(query)f(t)o(yp)q(e)g(in)o(to)h(the)f(answ)o(er)271
2522 y(section.)30 b(If)19 b(there)g(w)o(as)h(no)f(delegation)g(from)g
(authoritativ)o(e)f(data,)j(lo)q(ok)f(for)f(the)g(b)q(est)271
2612 y(one)d(from)e(the)g(cac)o(he,)g(and)i(put)f(it)g(in)o(to)g(the)g
(authoritativ)o(e)f(section.)20 b(Branc)o(h)15 b(to)g(step)h(6.)p
eop
%%Page: 30 39
38 bop 1901 -100 a Fo(30)209 75 y(5.)24 b(Use)16 b(the)g(lo)q(cal)f(resolv)o
(er)g(or)h(a)h(cop)o(y)e(of)i(its)e(algorithm)g(to)h(answ)o(er)h(the)e(query)
l(.)21 b(Store)16 b(the)271 165 y(results,)21 b(including)e(an)o(y)h(in)o
(termediate)d(canonical)j(names,)g(in)g(the)g(answ)o(er)g(section)g(of)271
255 y(the)c(resp)q(onse.)209 387 y(6.)24 b(Use)15 b(lo)q(cal)f(data)i(only)l
(,)e(attempt)f(to)i(add)g(other)g(resource)f(records)h(whic)o(h)f(ma)o(y)f(b)
q(e)i(useful)271 477 y(to)i(the)f(additional)g(section)g(of)h(the)f(query)l
(.)k(Exit.)149 637 y(2.9.3)49 b(Resolv)o(er)16 b(Algorithm)187
1974 y @beginspecial 0 @llx 0 @lly 378 @urx 238 @ury 3780 @rwi
@setspecial
%%BeginDocument: pictures/res_alg.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-18.0 256.0 translate 0.900 -0.900 scale
1.000 setlinewidth
n 19 279 m 379 279 l gs col-1 s gr
n 39 199 m 379 199 l gs col-1 s gr
n 39 239 m 379 239 l gs col-1 s gr
n 39 159 m 379 159 l gs col-1 s gr
n 39 119 m 379 119 l gs col-1 s gr
n 19 99 m 379 99 l gs col-1 s gr
n 19 79 m 379 79 l gs col-1 s gr
n 19 59 m 379 59 l gs col-1 s gr
n 19 39 m 379 39 l gs col-1 s gr
n 19 19 m 19 284 l  379 284 l  379 19 l  19 19 l gs col-1 s gr
n 39 119 m 39 279 l gs col-1 s gr
0.500 setlinewidth
n 189 149 m 399 149 l  399 64 l  379 64 l gs col-1 s gr
n 387.000 66.000 m 379.000 64.000 l 387.000 62.000 l gs 2 setlinejoin col-1 s gr
n 329 229 m 419 229 l  419 44 l  379 44 l gs col-1 s gr
n 387.000 46.000 m 379.000 44.000 l 387.000 42.000 l gs 2 setlinejoin col-1 s gr
n 229 269 m 439 269 l  439 84 l  379 84 l gs col-1 s gr
n 387.000 86.000 m 379.000 84.000 l 387.000 82.000 l gs 2 setlinejoin col-1 s gr
n 24 34 m 24 44 l gs col-1 s gr
n 26.000 36.000 m 24.000 44.000 l 22.000 36.000 l gs 2 setlinejoin col-1 s gr
n 24 54 m 24 64 l gs col-1 s gr
n 26.000 56.000 m 24.000 64.000 l 22.000 56.000 l gs 2 setlinejoin col-1 s gr
n 24 74 m 24 84 l gs col-1 s gr
n 26.000 76.000 m 24.000 84.000 l 22.000 76.000 l gs 2 setlinejoin col-1 s gr
n 24 94 m 24 104 l gs col-1 s gr
n 26.000 96.000 m 24.000 104.000 l 22.000 96.000 l gs 2 setlinejoin col-1 s gr
/Times-Roman findfont 12.00 scalefont setfont
24 34 m 
gs 1 -1 scale (0.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 54 m 
gs 1 -1 scale (1.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 54 m 
gs 1 -1 scale (If the answer is in the local information, return it to the client) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 74 m 
gs 1 -1 scale (2.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 94 m 
gs 1 -1 scale (3.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 94 m 
gs 1 -1 scale (Send them queries until one returns a response.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 114 m 
gs 1 -1 scale (4.\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 114 m 
gs 1 -1 scale (Analyze the response:) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 134 m 
gs 1 -1 scale (if the response contains an answer or a name error, cache it) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 154 m 
gs 1 -1 scale (and return it to the client.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 174 m 
gs 1 -1 scale (if the response contains a better delegation to other servers,) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 194 m 
gs 1 -1 scale (cache the delegation, and) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 214 m 
gs 1 -1 scale (if the response shows a CNAME and that is not the answer ) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 234 m 
gs 1 -1 scale (itself, cache it, change SNAME to canonical name and ) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 254 m 
gs 1 -1 scale (if the response shows a servers failure or bizarre results,) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
54 274 m 
gs 1 -1 scale (delete the server from SLIST and) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
334 224 m 
gs 1 -1 scale (1) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
194 144 m 
gs 1 -1 scale (2) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
234 264 m 
gs 1 -1 scale (3) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 134 m 
gs 1 -1 scale ( a\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 174 m 
gs 1 -1 scale ( b\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 214 m 
gs 1 -1 scale ( c\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 254 m 
gs 1 -1 scale ( d\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 34 m 
gs 1 -1 scale (incoming query) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
39 74 m 
gs 1 -1 scale (Find the best servers to ask) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 724 2219 a(Figure)g(2.8)33 b(Resolv)o(er)15 b(algorithm)223
2434 y(The)k(resolv)o(er)g(acts)h(as)g(the)f(in)o(terface)g(b)q(et)o(w)o(een)
f(a)i(user)g(program)f(and)i(the)e(name)g(serv)o(er)149 2524
y(describ)q(ed)j(in)g(Figure)g(2.9)h(and)g(p)q(erforms)f(three)f(main)g
(actions)i(to)g(map)e(the)i(query)e(to)i(an)149 2614 y(answ)o(er.)f(The)17
b(algorithm)e(\(see)h(Figure)g(2.8)h(and)g(the)f(follo)o(wing)g(list)g(for)h
(details\))f(tries)f(to)i(\014nd)p eop
%%Page: 31 40
39 bop 1901 -100 a Fo(31)149 75 y(the)17 b(information)e(lo)q(cally)h
(\014rst.)23 b(If)16 b(that)h(do)q(es)g(not)g(succeed,)f(it)g(sends)h(the)f
(query)g(to)h(the)f(b)q(est)149 165 y(serv)o(er)d(to)h(ask.)20
b(As)14 b(so)q(on)h(as)f(a)g(reply)e(returns,)i(it)f(c)o(hec)o(ks)f(for)h
(answ)o(er,)h(name)f(error,)g(delegation,)149 255 y(canonical)j(name)e
(expansion,)h(or)h(failure)e(of)i(the)f(serv)o(er)f(and)i(reacts)f(prop)q
(erly)l(.)20 b(The)c(follo)o(wing)149 346 y(steps)h(describ)q(e)f(the)g
(algorithm)f(in)h(more)f(detail.)20 b(They)c(are)g(deriv)o(ed)f(from)g([Mo)q
(c87a)q(]:)209 486 y(1.)24 b(See)15 b(if)g(the)g(answ)o(er)h(to)f(the)h
(query)e(is)h(in)g(the)g(lo)q(cal)h(information,)e(and)i(if)e(so,)i(return)f
(it)g(to)271 576 y(the)h(clien)o(t.)209 707 y(2.)24 b(Find)16
b(the)g(b)q(est)h(serv)o(ers)e(to)i(ask.)209 838 y(3.)24 b(Send)17
b(them)d(queries)h(un)o(til)h(one)g(returns)g(a)h(resp)q(onse.)209
969 y(4.)24 b(Analyze)15 b(the)h(resp)q(onse:)292 1111 y(\(a\))25
b(if)18 b(the)h(resp)q(onse)g(answ)o(ers)h(the)e(question)h(or)g(con)o(tains)
g(a)h(name)d(error,)j(cac)o(he)e(the)379 1202 y(data)f(as)g(w)o(ell)e(as)h
(return)g(it)g(to)h(the)f(clien)o(t.)289 1312 y(\(b\))25 b(if)d(the)h(resp)q
(onse)g(con)o(tains)g(a)h(b)q(etter)e(delegation)h(to)g(other)g(serv)o(ers,)h
(cac)o(he)e(the)379 1402 y(delegation)16 b(information,)e(and)j(go)g(to)g
(step)f(2.)295 1512 y(\(c\))24 b(if)16 b(the)h(resp)q(onse)h(sho)o(ws)g(a)f
(CNAME)f(whic)o(h)h(is)f(not)i(the)f(answ)o(er)g(itself,)f(cac)o(he)g(the)379
1602 y(CNAME,)e(c)o(hange)i(the)f(queried)f(name)h(to)h(the)f(canonical)g
(name)g(in)g(the)g(CNAME)379 1693 y(RR)h(and)h(go)g(to)f(step)g(1.)289
1803 y(\(d\))25 b(if)16 b(the)h(resp)q(onse)g(sho)o(ws)h(a)g(serv)o(er)d
(failure)h(or)i(other)f(bizarre)f(con)o(ten)o(ts,)g(delete)g(the)379
1893 y(serv)o(er)f(from)g(the)h(serv)o(er)f(list)h(and)h(go)g(bac)o(k)e(to)i
(step)f(3.)149 2059 y(2.10)50 b(In)o(teraction)15 b(of)i(Name)d(Serv)o(er)h
(and)i(Resolv)o(er)223 2198 y(Name)e(serv)o(er)g(and)j(resolv)o(er)d(in)o
(teract)h(mainly)f(b)o(y)h(passing)i(data)g(bac)o(k)e(and)i(forth.)23
b(There)149 2289 y(is)16 b(at)g(most)e(indirect)g(con)o(trol)i(\015o)o(w)f
(at)h(step)g(\014v)o(e)e(in)i(the)f(name)f(serv)o(er)g(algorithm)h(\(see)g
(Section)149 2379 y(2.9.2\).)28 b(In)18 b(the)g(case)h(that)g(a)f(resolv)o
(er)g(requests)f(recursiv)o(e)g(name)g(resolution)i(and)g(the)f(name)149
2469 y(serv)o(er)h(pro)o(vides)g(this)g(service,)f(the)h(name)f(serv)o(er)h
(passes)h(the)f(query)g(to)h(the)f(lo)q(cal)g(resolv)o(er.)149
2560 y(This)f(can)f(b)q(e)g(seen)f(as)i(pure)f(data)h(\015o)o(w,)f(but)g(b)q
(ecause)g(the)g(execution)f(of)h(the)g(whole)f(query)h(is)149
2650 y(passed)g(to)g(the)f(resolv)o(er,)f(w)o(e)h(in)o(terpret)e(it)i(as)h
(con)o(trol)f(\015o)o(w.)p eop
%%Page: 32 41
40 bop 1901 -100 a Fo(32)149 75 y(2.10.1)50 b(Data)17 b(Flo)o(w)149
2152 y @beginspecial 0 @llx 0 @lly 432 @urx 416 @ury 4320 @rwi
@setspecial
%%BeginDocument: pictures/dns_flow.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
0.0 432.0 translate 0.900 -0.900 scale
1.000 setlinewidth
	[6.000000] 0 setdash
n 68.375 129.000 70.625 -97.628 97.628 arc
gs col-1 s gr
	[] 0 setdash
0.500 setlinewidth
n 196 99 m 189 99 189 152 7 arcto 4 {pop} repeat 189 159 282 159 7 arcto 4 {pop} repeat 289 159 289 106 7 arcto 4 {pop} repeat 289 99 196 99 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 99 119 m 189 119 l gs col-1 s gr
n 181.000 117.000 m 189.000 119.000 l 181.000 121.000 l gs 2 setlinejoin col-1 s gr
n 289 119 m 379 119 l gs col-1 s gr
n 371.000 117.000 m 379.000 119.000 l 371.000 121.000 l gs 2 setlinejoin col-1 s gr
n 379 139 m 289 139 l gs col-1 s gr
n 297.000 141.000 m 289.000 139.000 l 297.000 137.000 l gs 2 setlinejoin col-1 s gr
n 189 139 m 99 139 l gs col-1 s gr
n 107.000 141.000 m 99.000 139.000 l 107.000 137.000 l gs 2 setlinejoin col-1 s gr
n 196 199 m 189 199 189 252 7 arcto 4 {pop} repeat 189 259 282 259 7 arcto 4 {pop} repeat 289 259 289 206 7 arcto 4 {pop} repeat 289 199 196 199 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 386 299 m 379 299 379 352 7 arcto 4 {pop} repeat 379 359 472 359 7 arcto 4 {pop} repeat 479 359 479 306 7 arcto 4 {pop} repeat 479 299 386 299 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 6 299 m -1 299 -1 352 7 arcto 4 {pop} repeat -1 359 92 359 7 arcto 4 {pop} repeat 99 359 99 306 7 arcto 4 {pop} repeat 99 299 6 299 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 269 199 m 269 159 l gs col-1 s gr
n 267.000 167.000 m 269.000 159.000 l 271.000 167.000 l gs 2 setlinejoin col-1 s gr
n 269 259 m 269 299 l gs col-1 s gr
n 271.000 291.000 m 269.000 299.000 l 267.000 291.000 l gs 2 setlinejoin col-1 s gr
n 209 299 m 209 259 l gs col-1 s gr
n 207.000 267.000 m 209.000 259.000 l 211.000 267.000 l gs 2 setlinejoin col-1 s gr
n 209 159 m 209 199 l gs col-1 s gr
n 211.000 191.000 m 209.000 199.000 l 207.000 191.000 l gs 2 setlinejoin col-1 s gr
n 289 319 m 379 319 l gs col-1 s gr
n 371.000 317.000 m 379.000 319.000 l 371.000 321.000 l gs 2 setlinejoin col-1 s gr
n 379 339 m 289 339 l gs col-1 s gr
n 297.000 341.000 m 289.000 339.000 l 297.000 337.000 l gs 2 setlinejoin col-1 s gr
n 269 359 m 269 419 l  379 419 l gs col-1 s gr
n 371.000 417.000 m 379.000 419.000 l 371.000 421.000 l gs 2 setlinejoin col-1 s gr
n 379 439 m 209 439 l  209 359 l gs col-1 s gr
n 207.000 367.000 m 209.000 359.000 l 211.000 367.000 l gs 2 setlinejoin col-1 s gr
n 99 329 m 189 329 l gs col-1 s gr
n 181.000 327.000 m 189.000 329.000 l 181.000 331.000 l gs 2 setlinejoin col-1 s gr
n 11 304 m 4 304 4 347 7 arcto 4 {pop} repeat 4 354 87 354 7 arcto 4 {pop} repeat 94 354 94 311 7 arcto 4 {pop} repeat 94 304 11 304 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 201 204 m 194 204 194 247 7 arcto 4 {pop} repeat 194 254 277 254 7 arcto 4 {pop} repeat 284 254 284 211 7 arcto 4 {pop} repeat 284 204 201 204 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 6 99 m -1 99 -1 152 7 arcto 4 {pop} repeat -1 159 92 159 7 arcto 4 {pop} repeat 99 159 99 106 7 arcto 4 {pop} repeat 99 99 6 99 7 arcto 4 {pop} repeat clp gs col-1 s gr
1.000 setlinewidth
	[6.000000] 0 setdash
n 334 19 m 334 479 l gs col-1 s gr
	[] 0 setdash
0.500 setlinewidth
n 386 99 m 379 99 379 152 7 arcto 4 {pop} repeat 379 159 472 159 7 arcto 4 {pop} repeat 479 159 479 106 7 arcto 4 {pop} repeat 479 99 386 99 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
n 386 404 m 379 404 379 457 7 arcto 4 {pop} repeat 379 464 472 464 7 arcto 4 {pop} repeat 479 464 479 411 7 arcto 4 {pop} repeat 479 404 386 404 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
n 196 299 m 189 299 189 352 7 arcto 4 {pop} repeat 189 359 282 359 7 arcto 4 {pop} repeat 289 359 289 306 7 arcto 4 {pop} repeat 289 299 196 299 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
1.000 setlinewidth
n 34 44 m 159 44 l gs col-1 s gr
n 374 44 m 464 44 l gs col-1 s gr
	[6.000000] 0 setdash
n -1 59 m 59 59 l gs col-1 s gr
	[] 0 setdash
	[6.000000] 0 setdash
n -1 199 m 59 199 l gs col-1 s gr
	[] 0 setdash
	[6.000000] 0 setdash
n -1 229 m 334 229 l gs col-1 s gr
	[] 0 setdash
/Times-Bold findfont 24.00 scalefont setfont
39 39 m 
gs 1 -1 scale (Local Host) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
194 139 m 
gs 1 -1 scale (resolver) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
9 324 m 
gs 1 -1 scale (master) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
194 249 m 
gs 1 -1 scale (database) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
204 349 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
389 324 m 
gs 1 -1 scale (foreign) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
384 349 m 
gs 1 -1 scale (resolver) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
399 139 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
399 444 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
379 39 m 
gs 1 -1 scale (Foreign) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
104 154 m 
gs 1 -1 scale (user responses) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
274 184 m 
gs 1 -1 scale (references) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
124 184 m 
gs 1 -1 scale (cache additions) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
114 114 m 
gs 1 -1 scale (user queries) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
209 454 m 
gs 1 -1 scale (maintenance responses) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
274 284 m 
gs 1 -1 scale (references) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
394 459 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
394 154 m 
gs 1 -1 scale (server) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
389 119 m 
gs 1 -1 scale (foreign) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
389 424 m 
gs 1 -1 scale (foreign) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
209 324 m 
gs 1 -1 scale (name) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
204 224 m 
gs 1 -1 scale (shared) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
24 144 m 
gs 1 -1 scale (prg.) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
24 124 m 
gs 1 -1 scale (user) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
24 349 m 
gs 1 -1 scale (files) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
309 154 m 
gs 1 -1 scale (responses) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
314 114 m 
gs 1 -1 scale (queries) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
309 314 m 
gs 1 -1 scale (responses) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
314 354 m 
gs 1 -1 scale (queries) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
294 414 m 
gs 1 -1 scale (maintenance) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
309 434 m 
gs 1 -1 scale (queries) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
154 284 m 
gs 1 -1 scale (refreshes) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 584 2396 a(Figure)f(2.9)33 b(Data)17 b(\015o)o(w)g(b)q(et)o(w)o
(een)e(DNS)h(en)o(tities)p eop
%%Page: 33 42
41 bop 1901 -100 a Fo(33)223 75 y(The)21 b(data)i(\015o)o(w)f(b)q(et)o(w)o
(een)f(Domain)g(Name)f(System)h(en)o(tities)f(is)h(not)i(limited)c(to)j
(simple)149 165 y(queries)f(and)h(resp)q(onses,)i(illustrated)c(in)i(Figure)f
(2.9.)37 b(W)l(e)22 b(distinguish)f(among)h(four)g(parts)149
255 y(that)d(in)o(teract)e(with)h(eac)o(h)f(other:)25 b(the)18
b(user)g(program,)g(the)g(resolv)o(er,)f(the)h(name)f(serv)o(er,)g(and)149
346 y(an)g(unkno)o(wn)g(subnet)f(that)h(can)f(con)o(tain)g(foreign)h(name)e
(serv)o(ers)g(and)i(resolv)o(ers.)223 436 y(User)12 b(program)h(and)h(resolv)
o(er)e(exc)o(hange)g(user)i(queries)e(and)h(user)h(resp)q(onses.)21
b(In)13 b(the)f(BIND)149 526 y(impleme)o(n)o(tation)17 b(of)k(the)f(Domain)f
(Name)f(System,)h(this)h(exc)o(hange)g(is)g(done)g(b)o(y)f(calling)h(the)149
616 y(system)h(calls)g(\\gethostb)o(y)o(addr\(\)")i(and)f(\\gethostb)o
(yname\(\)".)37 b(As)22 b(can)f(b)q(e)h(seen)g(here,)g(the)149
707 y(usage)14 b(of)f(the)g(Domain)f(Name)f(System)h(is)g(completely)e
(transparen)o(t)j(to)h(the)e(user)h(who)h(requests)149 797
y(name)f(resolution.)20 b(The)14 b(same)f(system)f(call)h(in)o(terface)f(can)
i(b)q(e)g(used)g(when)g(the)f(Domain)g(Name)149 887 y(System)i(is)h(replaced)
g(b)o(y)f(another)i(mapping)f(mec)o(hanism)d(\(for)j(example)e(static)i
(mapping\).)223 978 y(Lo)q(cal)d(resolv)o(ers)f(comm)o(unic)o(ate)e(with)j
(foreign)f(name)g(serv)o(ers)g(via)g(the)g(exc)o(hange)h(of)f(queries)149
1068 y(and)22 b(resp)q(onses,)g(as)g(do)q(es)f(a)h(lo)q(cal)e(name)g(serv)o
(er)g(with)g(foreign)h(name)f(serv)o(ers)g(or)h(resolv)o(ers.)149
1158 y(Queries)i(are)g(alw)o(a)o(ys)g(sen)o(t)g(to)g(a)h(name)e(serv)o(er)g
(and)h(resp)q(onses)h(go)g(the)f(rev)o(erse)f(direction.)149
1248 y(When)d(name)f(serv)o(ers)g(comm)o(uni)o(cate,)e(they)i(exc)o(hange)g
(zone)h(data)h(or)f(main)o(tenance)d(queries)149 1339 y(and)h(resp)q(onses.)k
(Under)15 b(the)h(assumption)f(that)h(the)f(lo)q(cal)g(name)g(serv)o(er)f(is)
h(a)h(primary)e(serv)o(er,)149 1429 y(it)i(gets)h(its)f(primary)e(zone)i
(data)i(from)d(the)h(master)f(\014les.)223 1519 y(Both)j(name)f(serv)o(er)g
(and)h(resolv)o(er)f(usually)h(main)o(tain)f(a)h(cac)o(he.)26
b(It)18 b(is)g(not)g(un)o(usual)h(for)f(a)149 1610 y(name)e(serv)o(er)f(and)i
(a)f(resolv)o(er)f(that)i(run)f(on)h(a)g(single)f(host)g(to)h(share)g(this)f
(database.)149 1770 y(2.10.2)50 b(Shared)16 b(Information)223
1892 y(A)d(shared)i(cac)o(he)e(can)i(b)q(e)f(accessed)g(b)o(y)g(resolv)o(er)f
(and)i(name)e(serv)o(er.)19 b(Resolv)o(ers)13 b(pro)o(vide)h(as)149
1982 y(cac)o(he)k(additions)h(whatev)o(er)f(they)h(learn)f(from)g(the)g(resp)
q(onses)i(to)f(their)f(queries.)27 b(They)19 b(also)149 2073
y(consult)d(the)f(cac)o(he)g(and)h(retriev)o(e)d(data)k(from)d(it.)21
b(Name)14 b(serv)o(ers)g(also)i(reference)e(the)h(cac)o(he)g(to)149
2163 y(answ)o(er)i(queries)e(and)i(pro)o(vide)e(refreshes)h(from)f(lo)q(cal)h
(authoritativ)o(e)g(data.)223 2253 y(A)g(database)j(that)f(is)f(shared)h
(concurren)o(tly)d(b)o(y)i(man)o(y)f(pro)q(cesses)i(m)o(ust)e(b)q(e)h
(protected)g(b)o(y)149 2343 y(sync)o(hronization)c(mec)o(hanism)o(s.)18
b(The)12 b(additional)h(complexit)o(y)c(in)k(dealing)f(with)g(the)h(problems)
149 2434 y(a)g(shared)f(database)h(brings)f(with)f(it)g(is)h(amortized)e(b)o
(y)h(the)g(gain)i(in)e(p)q(erformance)f(and)j(e\016ciency)149
2524 y(of)21 b(the)f(system)f(in)h(total.)34 b(It)19 b(is)i(ob)o(vious)f
(that)h(successful)e(lo)q(okups)j(in)e(the)g(lo)q(cal)g(cac)o(he)f(are)149
2614 y(preferred)13 b(o)o(v)o(er)g(sending)h(queries)f(to)i(remote)d(mac)o
(hines)g(with)h(no)i(b)q(ounds)g(on)g(ho)o(w)f(long)g(it)g(will)p
eop
%%Page: 34 43
42 bop 1901 -100 a Fo(34)149 75 y(tak)o(e)16 b(them)e(to)i(reply)l(.)k(Main)o
(taining)c(a)g(larger)g(cac)o(he)f(shared)h(b)q(et)o(w)o(een)f(t)o(w)o(o)h
(en)o(tities)e(increases)149 165 y(the)i(probabilit)o(y)g(of)g(\014nding)h(a)
g(matc)o(h)d(in)i(the)g(cac)o(he.)p eop
%%Page: 35 44
43 bop 1901 -100 a Fo(35)323 342 y(3.)33 b(DESCRIPTION)16 b(AND)g(DEMONSTRA)l
(TION)e(OF)i(WEAKNESSES)223 516 y(This)22 b(c)o(hapter)f(concen)o(trates)g
(on)i(the)f(description)f(and)h(demonstration)g(of)g(the)f(cen)o(tral)149
606 y(problem)15 b(of)i(this)f(thesis.)223 696 y(W)l(e)22 b(\014rst)h(giv)o
(e)f(an)h(abstract)g(statemen)o(t)e(of)i(the)f(problem.)39
b(W)l(e)23 b(state)g(it)f(again)h(in)g(the)149 787 y(follo)o(wing)h(section,)
i(but)e(in)g(a)h(more)e(concrete)g(fashion)i(directly)e(related)g(to)i(the)f
(Domain)149 877 y(Name)14 b(System.)20 b(W)l(e)15 b(talk)g(ab)q(out)i(the)e
(general)g(features)h(in)f(the)g(Domain)g(Name)f(System)g(that)149
967 y(facilitate)h(the)h(exploitation)g(of)g(the)g(problem.)223
1057 y(The)i(follo)o(wing)h(section)f(giv)o(es)g(details)g(of)h(regular)f
(remote)f(mac)o(hine)g(access)h(and)i(sev)o(eral)149 1148 y(approac)o(hes)k
(of)f(ho)o(w)h(to)f(exploit)f(the)h(problem)e(to)j(gain)f(unauthorized)g
(access.)42 b(W)l(e)23 b(then)149 1238 y(talk)f(ab)q(out)h(our)f(implem)o(en)
o(tation)d(test)j(en)o(vironmen)o(t)d(and)j(describ)q(e)f(the)h(exp)q(erimen)
o(ts)d(w)o(e)149 1328 y(p)q(erformed)14 b(to)h(supp)q(ort)i(the)d(claim)f
(that)i(this)g(securit)o(y)e(\015a)o(w)j(is)e(exploitable.)20
b(The)15 b(concluding)149 1419 y(section)h(of)h(this)f(c)o(hapter)g(presen)o
(ts)g(the)g(exp)q(eriences)e(w)o(e)i(gained)h(from)e(our)h(exp)q(erimen)o
(ts.)223 1509 y(Figure)i(3.1)g(sho)o(ws)i(the)e(setup)g(of)h(mac)o(hines)d
(and)j(their)f(names.)27 b(It)18 b(serv)o(es)f(as)i(a)g(running)149
1599 y(example)11 b(in)i(this)g(c)o(hapter.)20 b(A)12 b(detailed)g
(description)h(of)g(this)g(setup)g(is)g(giv)o(en)f(in)h(Section)f(3.5.1.)149
1765 y(3.1)50 b(Statemen)o(t)14 b(of)i(the)g(Problem)223 1904
y(Authen)o(ticit)o(y)11 b(is)j(based)h(on)g(the)f(iden)o(tit)o(y)f(of)h(some)
g(en)o(tit)o(y)l(.)k(This)d(en)o(tit)o(y)e(has)i(to)f(pro)o(v)o(e)g(that)149
1994 y(it)19 b(is)g(gen)o(uine.)30 b(In)19 b(man)o(y)f(net)o(w)o(ork)h
(applications)g(the)g(iden)o(tit)o(y)e(of)j(participating)f(en)o(tities)f(is)
149 2085 y(simply)f(determined)f(b)o(y)j(their)f(names)f(or)j(addresses.)29
b(High)18 b(lev)o(el)f(applications)i(use)f(mainly)149 2175
y(names)f(for)h(authen)o(tication)f(purp)q(oses,)i(b)q(ecause)e(address)i
(lists)e(are)g(m)o(uc)o(h)f(harder)i(to)g(create,)149 2265
y(understand,)f(and)g(main)o(tain)d(than)j(name)e(lists.)223
2356 y(Assuming)f(an)i(en)o(tit)o(y)e(w)o(an)o(ts)i(to)f(sp)q(o)q(of)j(the)d
(iden)o(tit)o(y)e(of)j(some)f(other)g(en)o(tit)o(y)l(,)f(it)h(is)g(in)g(some)
149 2446 y(cases)j(enough)f(to)g(c)o(hange)g(the)g(mapping)f(b)q(et)o(w)o
(een)g(its)h(lo)o(w)f(lev)o(el)f(address)j(and)f(its)g(high)g(lev)o(el)149
2536 y(name.)j(That)d(means)e(that)i(an)f(attac)o(k)o(er)f(can)i(fak)o(e)e
(the)h(name)f(of)h(someone)f(b)o(y)h(mo)q(difying)f(the)149
2626 y(asso)q(ciation)j(of)e(his)h(address)g(from)e(his)h(o)o(wn)g(name)g(to)
g(the)g(name)f(he)h(w)o(an)o(ts)h(to)f(imp)q(ersonate.)p eop
%%Page: 36 45
44 bop 1901 -100 a Fo(36)224 1204 y @beginspecial 0 @llx 0
@lly 378 @urx 265 @ury 3780 @rwi @setspecial
%%BeginDocument: pictures/d_z_setup.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-9.0 270.0 translate 0.900 -0.900 scale
1.000 setlinewidth
	[6.000000] 0 setdash
n 379 19 m 419 19 l gs col-1 s gr
	[] 0 setdash
	[6.000000] 0 setdash
n 379 299 m 419 299 l gs col-1 s gr
	[] 0 setdash
n 99 19 m 99 39 l gs col-1 s gr
n 99 279 m 99 299 l gs col-1 s gr
n 339 19 m 339 39 l gs col-1 s gr
n 339 279 m 339 299 l gs col-1 s gr
0.500 setlinewidth
n 159 59 m 279 59 l gs col-1 s gr
n 271.000 57.000 m 279.000 59.000 l 271.000 61.000 l gs 2 setlinejoin col-1 s gr
n 77.000 107.000 m 79.000 99.000 l 81.000 107.000 l gs 2 setlinejoin col-1 s gr
n 79 99 m 79 219 l gs col-1 s gr
n 81.000 211.000 m 79.000 219.000 l 77.000 211.000 l gs 2 setlinejoin col-1 s gr
n 46 39 m 39 39 39 92 7 arcto 4 {pop} repeat 39 99 152 99 7 arcto 4 {pop} repeat 159 99 159 46 7 arcto 4 {pop} repeat 159 39 46 39 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
n 286 39 m 279 39 279 92 7 arcto 4 {pop} repeat 279 99 392 99 7 arcto 4 {pop} repeat 399 99 399 46 7 arcto 4 {pop} repeat 399 39 286 39 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
n 286 219 m 279 219 279 272 7 arcto 4 {pop} repeat 279 279 392 279 7 arcto 4 {pop} repeat 399 279 399 226 7 arcto 4 {pop} repeat 399 219 286 219 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
n 46 219 m 39 219 39 272 7 arcto 4 {pop} repeat 39 279 152 279 7 arcto 4 {pop} repeat 159 279 159 226 7 arcto 4 {pop} repeat 159 219 46 219 7 arcto 4 {pop} repeat clp gs 0.95 setgray fill gr
gs col-1 s gr
1.000 setlinewidth
n 379 19 m 39 19 l gs col-1 s gr
n 19 39 m 19 279 l gs col-1 s gr
n 39 299 m 379 299 l gs col-1 s gr
0.500 setlinewidth
	[3.000000] 0 setdash
n 9 189 m 429 189 l gs col-1 s gr
	[] 0 setdash
1.000 setlinewidth
n 19 279 m
	20.353 287.853 21.603 291.603 24 294 curveto
	26.397 296.397 30.147 297.647 39 299 curveto
gs col-1 s gr
n 39 19 m
	30.147 20.353 26.397 21.603 24 24 curveto
	21.603 26.397 20.353 30.147 19 39 curveto
gs col-1 s gr
	1 setlinecap [1 6.000000] 6.000000 setdash
n 319 219 m
	322.096 196.474 322.096 186.474 319 179 curveto
	316.081 171.953 306.047 161.919 299 159 curveto
	259.136 142.488 178.864 175.512 139 159 curveto
	131.953 156.081 121.919 146.047 119 139 curveto
	115.904 131.526 115.904 121.526 119 99 curveto
gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 112.859 114.306 m 119.000 99.000 l 120.784 115.396 l gs 2 setlinejoin col-1 s gr
/Times-Roman findfont 24.00 scalefont setfont
79 74 m 
gs 1 -1 scale (NS) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
109 79 m 
gs 1 -1 scale (A) col-1 show gr
/Times-Roman findfont 24.00 scalefont setfont
329 74 m 
gs 1 -1 scale (H) col-1 show gr
/Times-Roman findfont 24.00 scalefont setfont
329 254 m 
gs 1 -1 scale (H) col-1 show gr
/Times-Roman findfont 24.00 scalefont setfont
79 254 m 
gs 1 -1 scale (NS) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
349 79 m 
gs 1 -1 scale (A) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
109 259 m 
gs 1 -1 scale (B) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
349 259 m 
gs 1 -1 scale (B) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
139 14 m 
gs 1 -1 scale (Ethernet) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
339 179 m 
gs 1 -1 scale (attacked side) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
339 209 m 
gs 1 -1 scale (attacking side) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
44 94 m 
gs 1 -1 scale (name server) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
284 94 m 
gs 1 -1 scale (host) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
44 274 m 
gs 1 -1 scale (name server) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
284 274 m 
gs 1 -1 scale (host) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
84 184 m 
gs 1 -1 scale (exchange of DNS packets) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
144 149 m 
gs 1 -1 scale (Hi! I am Bob from H) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
179 54 m 
gs 1 -1 scale (Alice trusts Bob) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
44 54 m 
gs 1 -1 scale (user: Alice) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
284 54 m 
gs 1 -1 scale (user: Bob) col-1 show gr
/Times-Roman findfont 8.00 scalefont setfont
244 154 m 
gs 1 -1 scale (A) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 717 1449 a(Figure)15 b(3.1)33 b(Exp)q(erimen)o(tal)14
b(setup)223 1633 y(Once)k(an)i(attac)o(k)o(er)e(has)i(done)g(that,)g(an)f
(authen)o(ticator)h(can)f(no)h(longer)f(distinguish)g(b)q(e-)149
1723 y(t)o(w)o(een)d(the)g(true)g(and)g(the)g(fak)o(ed)g(en)o(tit)o(y)l(.)223
1813 y(This)23 b(describ)q(es)f(the)h(fundamen)o(tal)e(problem)h(on)h(whic)o
(h)f(this)h(thesis)g(is)g(based.)41 b(If)23 b(the)149 1904
y(binding)f(pro)q(cess)f(b)q(et)o(w)o(een)g(names)f(and)i(addresses)g(cannot)
g(b)q(e)f(trusted)g(fully)l(,)g(no)h(one)f(can)149 1994 y(rely)16
b(on)g(an)h(authen)o(tication)f(pro)q(cess)h(on)g(a)f(high)h(lev)o(el.)149
2159 y(3.2)50 b(The)16 b(Problem)f(in)g(the)h(DNS)223 2299
y(Man)o(y)i(securit)o(y)f(problems)h(of)h(the)g(TCP/IP)g(proto)q(col)h(suite)
e(rely)g(on)i(the)e(abilit)o(y)g(of)h(the)149 2389 y(attac)o(k)o(er)g(to)i
(sp)q(o)q(of)g(the)f(IP)g(address)g(of)h(a)f(trusted)g(mac)o(hine,)e(as)j
(describ)q(ed)e(in)h([Bel89)o(].)32 b(As)149 2479 y(hosts)19
b(trust)f(eac)o(h)f(other,)h(usually)f(on)i(the)e(basis)h(of)g(host)h(names,)
e(an)h(attac)o(k)o(er)f(can)h(tak)o(e)f(the)149 2570 y(easier)f(approac)o(h)h
(and)g(sp)q(o)q(of)h(a)f(host's)f(name)f(instead)i(of)f(its)g(IP)g(address.)p
eop
%%Page: 37 46
45 bop 1901 -100 a Fo(37)223 75 y(If)22 b(a)i(host)g(named)e(H)640
82 y Fm(A)691 75 y Fo(accesses)h(another)g(host)h(named)e(NS)1409
82 y Fm(A)1437 75 y Fo(,)j(host)f(NS)1652 82 y Fm(A)1704 75
y Fo(accepts)f(the)149 165 y(connection)e(and)g(retriev)o(es)e(address)j
(information)e(ab)q(out)i(the)e(connecting)h(host)g(H)1773
172 y Fm(A)1801 165 y Fo(.)35 b(Host)149 255 y(NS)213 262 y
Fm(A)260 255 y Fo(reads)19 b(host)h(H)536 262 y Fm(A)564 255
y Fo('s)e(IP)h(address)g(and)g(con)o(v)o(erts)f(it)g(in)o(to)h(a)g(regular)g
(host)g(name.)27 b(T)l(o)20 b(bind)149 346 y(the)d(righ)o(t)g(name)e(to)j
(the)e(IP)h(address,)g(host)h(NS)1055 353 y Fm(A)1100 346 y
Fo(starts)g(a)f(Domain)f(Name)f(System)h(query)g(in)149 436
y(the)g(rev)o(erse)f(lo)q(okup)i(tree.)223 526 y(F)l(or)j(a)g(pair)h(of)f
(mac)o(hines)e(NS)800 533 y Fm(B)847 526 y Fo(and)j(H)983 533
y Fm(B)1030 526 y Fo(under)f(the)g(p)q(o)o(w)o(er)g(of)g(an)h(attac)o(k)o
(er,)f(with)g(NS)1922 533 y Fm(B)149 616 y Fo(running)14 b(a)f(primary)e
(name)h(serv)o(er)g(for)h(a)g(certain)f(zone,)h(and)h(H)1330
623 y Fm(B)1369 616 y Fo(trying)f(to)g(fak)o(e)f(H)1702 623
y Fm(A)1730 616 y Fo('s)h(iden)o(tit)o(y)l(,)149 707 y(it)20
b(is)f(easy)h(to)g(mak)o(e)d(NS)622 714 y Fm(A)670 707 y Fo(b)q(eliev)o(e)h
(H)872 714 y Fm(B)918 707 y Fo(w)o(as)i(H)1052 714 y Fm(A)1080
707 y Fo(.)32 b(H)1163 714 y Fm(B)1209 707 y Fo(connects)20
b(to)g(NS)1537 714 y Fm(A)1585 707 y Fo(and)h(claims)c(to)j(b)q(e)149
797 y(H)186 804 y Fm(A)215 797 y Fo(,)d(NS)310 804 y Fm(A)356
797 y Fo(retriev)o(es)f(H)590 804 y Fm(B)616 797 y Fo('s)i(IP)f(address)i
(111.22.33.4)g(and)g(queries)d(the)i(name)e(4.33.22.111.in-)149
887 y(addr.arpa)24 b(from)e(the)g(Domain)g(Name)f(System.)39
b(One)22 b(single)h(en)o(try)e(in)i(the)f(authoritativ)o(e)149
978 y(data)i(for)g(the)e(rev)o(erse)g(lo)q(okup)i(tree)e(for)h(NS)1025
985 y Fm(B)1052 978 y Fo('s)g(zone)g(sp)q(eci\014es)f(the)h(IP)g
(address{to{name)149 1068 y(mapping)17 b(b)q(et)o(w)o(een)f
(4.33.22.111.in-addr.arpa)k(and)e(H)1203 1075 y Fm(B)1229 1068
y Fo(.)25 b(If)16 b(the)h(attac)o(k)o(er)g(replaces)f(this)i(line)149
1158 y(b)o(y)j(a)h(mapping)f(b)q(et)o(w)o(een)f(4.33.22.111.in-addr.arpa)k
(and)e(H)1338 1165 y Fm(A)1366 1158 y Fo(,)g(NS)1466 1165 y
Fm(A)1494 1158 y Fo('s)f(resolution)h(attempt)149 1248 y(will)16
b(\014nally)f(gran)o(t)i(H)555 1255 y Fm(B)598 1248 y Fo(access)f(to)h(NS)865
1255 y Fm(A)894 1248 y Fo(.)223 1339 y(This)d(sho)o(ws)i(the)e(simplicit)o(y)
d(of)k(an)g(attac)o(k)g(that)g(is)f(based)h(up)q(on)h(trust)f(placed)f(in)g
(the)h(data)149 1429 y(pro)o(vided)h(b)o(y)f(DNS.)g(It)h(is)g(based)g(on)g(a)
h(w)o(eakness)e(in)h(the)g(DNS,)f(not)h(an)h(easily)e(\014xable)g(bug)i(in)
149 1519 y(the)f(impleme)o(n)o(tation)e(of)i(a)h(particular)f(net)o(w)o(ork)f
(service.)223 1610 y(One)k(widely)g(accepted)h(w)o(a)o(y)f(of)i(dealing)e
(with)h(this)g(problem)f(is)g(the)h(Berk)o(eley)d(soft)o(w)o(are)149
1700 y(patc)o(h)e(describ)q(ed)g(in)g(section)f(4.5.)22 b(Ho)o(w)o(ev)o(er,)
13 b(adding)i(an)h(additional)f(Domain)g(Name)e(System)149
1790 y(query)19 b(of)g(the)g(determined)e(host)j(name)e(to)h(the)g(serv)o(er)
f(co)q(de)i(and)g(comparing)e(the)h(returned)149 1880 y(IP)f(addresses)g
(against)g(the)f(original)h(IP)f(address)h(for)g(a)g(matc)o(h)e(only)h(adds)h
(to)g(the)f(qualit)o(y)f(of)149 1971 y(securit)o(y;)e(it)g(do)q(es)h(not)g
(pro)o(vide)e(complete)g(securit)o(y)l(.)19 b(An)14 b(attac)o(k)o(er)g(can)g
(piggybac)o(k)g(additional)149 2061 y(resource)e(records)g(to)g(the)g(answ)o
(er)g(pac)o(k)o(et)f(to)i(the)e(\014rst)i(query)l(.)19 b(Doing)12
b(so,)h(the)f(attac)o(k)o(er)f(p)q(oisons)149 2151 y(the)21
b(victim')o(s)d(cac)o(he)i(with)g(false)g(information,)g(suc)o(h)g(that)h
(the)f(forw)o(ard)h(lo)q(okup)h(w)o(ould)e(not)149 2242 y(disclose)g(the)g
(attac)o(k.)33 b(In)20 b(Section)f(3.5.6)i(w)o(e)f(go)h(in)o(to)e(more)g
(detail)h(on)h(this)f(issue)g(when)g(w)o(e)149 2332 y(describ)q(e)c(our)h
(concrete)e(approac)o(h)i(of)g(cac)o(he)e(corruption.)p eop
%%Page: 38 47
46 bop 1901 -100 a Fo(38)149 75 y(3.3)50 b(W)l(eaknesses)223
214 y(In)15 b(this)h(section)g(w)o(e)f(describ)q(e)h(the)f(conditions)h(that)
h(m)o(ust)d(hold)j(to)f(facilitate)f(a)h(break{in.)149 305
y(The)k(Domain)f(Name)f(System)f(is)j(w)o(eak)f(in)g(sev)o(eral)g(places.)30
b(W)l(e)19 b(examine)f(the)h(problems)f(of)149 395 y(name{based)h(authen)o
(tication)g(pro)q(cesses,)h(trusting)f(information)f(that)i(comes)d(from)h
(an)i(un-)149 485 y(trust)o(w)o(orth)o(y)e(authorit)o(y)l(,)f(and)h
(accepting)f(additional,)g(p)q(ossibly)h(incorrect)f(information)f(that)149
575 y(w)o(as)h(not)g(requested,)e(but)h(that)h(seems)e(to)h(pro)o(vide)g(adv)
m(an)o(tages)h(for)g(run)o(time)d(p)q(erformance.)149 735 y(3.3.1)49
b(Assumptions)16 b(to)g(F)l(acilitate)f(Break{ins)223 858 y(In)g(our)g(setup)
h(w)o(e)f(assume)f(that)i(the)f(attac)o(k)o(er)f(has)i(complete)d(con)o(trol)
i(o)o(v)o(er)g(mac)o(hine)e(NS)1922 865 y Fm(B)149 948 y Fo(running)19
b(a)g(legitimate)c(primary)i(name)g(serv)o(er)g(for)i(a)g(DNS)f(zone.)27
b(This)18 b(strong)i(assumption)149 1039 y(do)q(es)g(not)f(alw)o(a)o(ys)g
(need)f(to)h(b)q(e)g(satis\014ed.)30 b(It)18 b(is)h(simply)d(the)j(easiest)f
(w)o(a)o(y)h(for)g(an)g(attac)o(k)o(er)f(if)149 1129 y(he)e(con)o(trols)f(a)h
(primary)e(name)g(serv)o(er,)g(b)q(ecause)i(of)g(its)f(capabilities)g(and)h
(the)f(fact)g(that)h(other)149 1219 y(mac)o(hines)f(b)q(eliev)o(e)f(name)h
(serv)o(ers.)223 1309 y(Dep)q(ending)g(on)g(the)g(top)q(ology)i(of)e(a)g
(real)g(net)o(w)o(ork)f(it)h(is)g(su\016cien)o(t)e(if)i(an)g(attac)o(k)o(er)g
(con)o(trols)149 1400 y(one)i(of)f(the)g(authoritativ)o(e)f(name)g(serv)o
(ers)g(for)h(the)g(particular)f(zone;)h(the)f(one)i(that)f(is)g(queried)149
1490 y(\014rst)e(b)o(y)f(the)g(remote)e(resolv)o(er.)19 b(It)13
b(is)g(not)h(m)o(uc)o(h)d(easier)i(for)g(an)h(attac)o(k)o(er)e(to)i(satisfy)f
(this)g(second)149 1580 y(assumption)j(than)h(the)f(\014rst)h(one.)223
1671 y(The)c(con)o(trol)f(m)o(ust)g(include)g(the)h(asso)q(ciated)h(in)o(v)o
(erse)d(mapping)h(tree.)20 b(The)13 b(attac)o(k)o(er)f(migh)o(t)149
1761 y(ha)o(v)o(e)j(successfully)g(sub)o(v)o(erted)g(suc)o(h)g(a)h(mac)o
(hine)e(or)i(simply)e(b)q(e)h(a)i(renegade)e(system)g(adminis-)149
1851 y(trator.)22 b(Both)17 b(ha)o(v)o(e)e(happ)q(ened)i(in)f(the)g(past)h
(\(i.e.)j([Sto89,)c(Mad92)q(]\).)223 1941 y(W)l(e)f(can)h(relax)f(this)h
(assumption)g(further.)k(If)c(an)g(attac)o(king)g(mac)o(hine)d(manages)j(to)g
(some-)149 2032 y(ho)o(w)k(obtain)g(the)g(ID)f(n)o(um)o(b)q(er)f(of)i(a)g
(curren)o(t)f(DNS)g(query)g(to)h(a)g(legitimate)d(name)h(serv)o(er,)h(it)149
2122 y(could)h(run)g(some)e(co)q(de)i(\(e.g.)31 b(a)20 b(to)q(ol)g(that)g
(constructs)g(the)f(resp)q(onse)h(pac)o(k)o(et)f(and)h(uses)g(the)149
2212 y(source)e(route)f(option)g(to)h(send)f(it)g(to)g(the)g(originator)h(of)
f(a)h(query\))e(to)h(answ)o(er)h(the)f(query)f(and)149 2303
y(supply)j(additional)g(records)g(to)h(p)q(oison)g(the)f(cac)o(he.)28
b(The)19 b(ID)g(n)o(um)o(b)q(er)e(prediction)h(could)h(b)q(e)149
2393 y(based)h(on)f(previously)g(receiv)o(ed)d(queries)i(and)i(kno)o(wledge)e
(on)i(ho)o(w)f(a)h(resolv)o(er)e(mo)q(di\014es)g(the)149 2483
y(iden)o(ti\014er.)i(An)15 b(attac)o(k)h(based)g(on)h(TCP)f(sequence)f(n)o
(um)o(b)q(er)f(prediction)h(to)i(construct)f(a)g(TCP)149 2573
y(pac)o(k)o(et)h(sequence)f(that)h(allo)o(ws)h(an)f(attac)o(k)o(er)g(to)g(sp)
q(o)q(of)i(a)f(trusted)f(host's)h(iden)o(tit)o(y)d(on)j(a)g(lo)q(cal)p
eop
%%Page: 39 48
47 bop 1901 -100 a Fo(39)149 75 y(net)o(w)o(ork)17 b(w)o(as)h(describ)q(ed)e
(in)h([Mor85)q(].)23 b(This)18 b(example)d(sho)o(ws)j(the)f(feasibilit)o(y)e
(of)i(ID)g(n)o(um)o(b)q(er)149 165 y(prediction.)223 255 y(In)e(the)g(follo)o
(wing)h(discussion)g(w)o(e)f(will)f(assume)h(that)i(the)e(attac)o(k)o(er)g
(has)h(indeed)f(sup)q(eruser)149 346 y(access)22 b(to)f(a)h(primary)e(name)g
(serv)o(er.)35 b(With)21 b(that)h(assumption)f(in)g(place)g(w)o(e)g(decrease)
g(the)149 436 y(complexit)o(y)13 b(of)k(the)f(follo)o(wing)g(discussions.)149
596 y(3.3.2)49 b(Authen)o(tication)15 b(via)h(Host)h(Names)223
718 y(W)l(e)c(explained)g(in)g(the)h(in)o(tro)q(duction)f(that)h(users)g(ha)o
(v)o(e)f(to)h(b)q(e)g(authorized)g(b)o(y)f(net)o(w)o(ork)g(ser-)149
809 y(vice)k(pro)o(viders)h(b)q(efore)g(they)g(can)g(use)g(the)g(service.)26
b(This)18 b(authen)o(tication)g(is)g(usually)g(based)149 899
y(on)h(the)f(v)o(eri\014cation)f(of)h(the)g(user's)g(login)g(name)f(along)i
(with)f(the)g(asso)q(ciated)h(passw)o(ord)h(and)149 989 y(the)e(host)h(name)e
(of)i(the)f(mac)o(hine)e(on)i(whic)o(h)g(the)g(user)g(starts)h(his)f
(requests.)27 b(Net)o(w)o(orks)17 b(ma)o(y)149 1079 y(b)q(e)d(classi\014ed)f
(in)o(to)g(di\013eren)o(t)f(partitions)905 1061 y Fm(1)925
1079 y Fo(:)20 b(Closed)14 b(Net)o(w)o(orks,)e(Op)q(en)i(Net)o(w)o(orks,)e
(and)i(T)l(rusted)149 1170 y(Net)o(w)o(orks)k([PL91)q(].)26
b(Closed)19 b(Net)o(w)o(orks)e(can)h(b)q(e)h(accessed)f(only)g(within)f
(certain)h(b)q(oundaries.)149 1260 y(Sessions)f(are)g(con)o(trolled)e(and)i
(secured)f(in)g(accordance)g(with)g(the)g(rules)g(implied)d(b)o(y)j(an)h
(orga-)149 1350 y(nization's)i(business)h(goals.)31 b(In)19
b(a)h(Closed)g(Net)o(w)o(ork,)e(the)h(lo)q(cation)h(of)g(all)e(resources)i
(is)f(w)o(ell)149 1441 y(kno)o(wn)e(and)g(sp)q(eci\014ed.)223
1531 y(Op)q(en)e(Net)o(w)o(orks)f(are)h(regions)h(separated)g(b)o(y)e(b)q
(oundaries)j(from)d(their)g(surroundings,)i(but)149 1621 y(the)f(transfer)g
(of)f(information)g(across)i(these)e(b)q(oundaries)h(is)g(admitted.)k(They)14
b(are)h(augmen)o(ted)149 1711 y(b)o(y)g(publicly)f(accessible)g(parts)i(or)g
(connections)f(to)h(net)o(w)o(orks)f(o)o(wned)h(b)o(y)e(other)i(companies)e
(or)149 1802 y(organizations.)22 b(These)13 b(t)o(w)o(o)h(extensions)f(mak)o
(e)f(this)h(t)o(yp)q(e)g(of)h(net)o(w)o(ork)f(vulnerable)f(to)i(external)149
1892 y(threats.)223 1982 y(T)l(rusted)j(Net)o(w)o(orks)g(in)o(tro)q(duce)g
(the)g(concept)h(that)f(net)o(w)o(ork)g(access)h(is)f(con)o(trolled)g(at)h
(the)149 2073 y(en)o(try)k(no)q(de.)40 b(In)22 b(the)h(case)f(of)h(large)f
(in)o(ternational)g(net)o(w)o(orks,)h(main)o(tainabilit)o(y)c(and)k(con-)149
2163 y(trollabilit)o(y)17 b(are)h(imp)q(ortan)o(t)g(issues.)27
b(Adopting)19 b(the)f(T)l(rusted)g(Net)o(w)o(ork)f(concept)h(allo)o(ws)h(the)
149 2253 y(decomp)q(osition)13 b(of)g(a)h(large)f(net)o(w)o(ork,)g(gro)o
(wing)h(to)o(w)o(ards)g(an)g(unmanageable)f(complexit)o(y)-5
b(,)11 b(in)o(to)149 2343 y(relativ)o(ely)h(small)h(national)h(or)h(regional)
f(net)o(w)o(orks,)g(eac)o(h)g(supp)q(orted)h(b)o(y)f(lo)q(cal)g(sta\013,)h
(and)g(eac)o(h)149 2434 y(pro)o(vided)h(with)g(its)g(o)o(wn)g(net)o(w)o(ork)g
(access)g(con)o(trol.)21 b(The)16 b(adv)m(an)o(tages)i(are)e(increased)g(con)
o(trol-)149 2524 y(labilit)o(y)l(,)e(main)o(tainabilit)o(y)l(,)e
(manageabilit)o(y)l(,)i(and)i(simpli\014cation)e(of)i(c)o(hange)g(managemen)o
(t.)j(A)p 149 2568 720 2 v 206 2598 a Fl(1)224 2613 y Fk(A)14
b(v)o(ery)g(similar)e(classi\014cation)h(is)h(applicable)f(to)h(systems)g(in)
f(general.)p eop
%%Page: 40 49
48 bop 1901 -100 a Fo(40)149 75 y(T)l(rusted)12 b(Net)o(w)o(ork)f(can)h(b)q
(e)g(regarded)g(globally)g(as)g(a)g(single)g(Closed)g(Net)o(w)o(ork,)f(but)h
(from)e(a)j(lo)q(cal)149 165 y(p)q(oin)o(t)j(of)g(view,)f(the)h(in)o
(terconnected)e(net)o(w)o(orks)h(stand)i(widely)d(op)q(en)j(with)f(all)f(the)
g(applicable)149 255 y(securit)o(y)g(threats.)223 346 y(The)f(In)o(ternet)f
(is)i(a)g(system)e(of)i(T)l(rusted)g(Net)o(w)o(orks)e(within)h(Op)q(en)h(Net)
o(w)o(orks.)20 b(This)14 b(allo)o(ws)149 436 y(the)20 b(danger)f(that)h(once)
f(someone)g(has)h(falsely)e(gained)i(access)f(to)h(one)f(mac)o(hine,)f(it)h
(is)g(m)o(uc)o(h)149 526 y(simpler)12 b(to)i(sub)o(v)o(ert)e(others.)21
b(Within)13 b(T)l(rusted)h(Net)o(w)o(orks)f(users)h(are)f(authen)o(ticated)g
(solely)g(b)o(y)149 616 y(their)j(login)h(name)e(and)i(connecting)f(host)h
(name.)k(The)c(login)f(name)g(is)g(sp)q(eci\014ed)g(b)o(y)g(the)g(con-)149
707 y(necting)h(site,)e(and)j(therefore)e(can)g(b)q(e)h(falsi\014ed,)f(suc)o
(h)h(that)g(the)f(only)h(\\reliable")f(information)149 797
y(left)c(for)h(the)g(addressed)g(mac)o(hine)d(is)j(the)f(connecting)g(mac)o
(hine's)f(IP)h(address)22 b(that)13 b(is)f(pro)o(vided)149
887 y(b)o(y)17 b(an)h(op)q(erating)g(system)e(call.)24 b(The)17
b(addressed)h(mac)o(hine)d(then)i(maps)g(the)g(IP)g(address)h(in)o(to)149
978 y(a)e(host)g(name)e(using)i(the)f(Domain)f(Name)g(System.)19
b(If)c(an)g(attac)o(k)o(er)g(manages)g(to)g(sub)o(v)o(ert)g(this)149
1068 y(name)g(binding)h(call,)f(he)h(can)g(falsify)g(the)f(name)g(of)i(a)f
(mac)o(hine)e(within)i(the)f(T)l(rusted)i(Net)o(w)o(ork)149
1158 y(and)g(therefore)f(succeed)f(in)h(his)g(attac)o(k.)149
1318 y(3.3.3)49 b(T)l(rusting)17 b(a)g(Not)f(T)l(rust)o(w)o(orth)o(y)g
(Source)223 1441 y(Using)i(the)g(Domain)g(Name)f(System)g(to)i(map)e(the)i
(IP)f(address)h(pro)o(vided)f(b)o(y)g(lo)o(w)o(er)g(lev)o(el)149
1531 y(proto)q(col)i(la)o(y)o(ers)d(in)o(to)h(the)g(applicable)f(host)i
(name,)f(the)g(addressed)h(host)g(blindly)e(trusts)i(the)149
1621 y(information)e(that)h(is)f(pro)o(vided)g(b)o(y)g(the)g(Domain)g(Name)e
(System.)23 b(Information)17 b(that)h(comes)149 1711 y(from)f(sources)g
(outside)h(of)f(the)g(trusted)g(area)h(is)f(trusted.)25 b(That)18
b(is)f(a)g(sev)o(ere)f(violation)h(of)h(the)149 1802 y(partitioning)f
(concept.)k(Only)15 b(truly)h(authoritativ)o(e)f(information)h(should)g(b)q
(e)h(trusted.)149 1962 y(3.3.4)49 b(Believing)15 b(Additional,)g(Not)h
(Authoritativ)o(e)f(Information)223 2084 y(E\016ciency)i(is)i(one)h(of)f(the)
g(stated)h(goals)g(of)g(the)f(Domain)g(Name)e(System,)h(as)i(w)o(e)f(sa)o(w)h
(in)149 2174 y(Section)13 b(2.3.2.)20 b(The)13 b(DNS)g(pac)o(k)o(et)f(con)o
(tains)h(an)h(additional)f(answ)o(er)g(section)g(\(see)f(Figure)h(2.3\),)149
2265 y(where)19 b(name)f(serv)o(ers)g(can)h(pro)o(vide)f(resource)h(records)g
(con)o(taining)f(information)g(that)i(could)149 2355 y(come)c(in)h(handy)h
(in)f(future)g(requests,)g(but)h(that)g(w)o(ere)e(not)i(explicitly)d
(requested.)23 b(There)17 b(are)149 2445 y(situations)f(where)g(these)f
(additional)g(records)h(yield)e(in)h(system)f(e\016ciency)l(,)f(for)j
(example)e(after)149 2536 y(the)h(lo)q(okup)h(of)g(\\NS")f(records)g(when)h
(\\A")f(records)g(sp)q(ecifying)g(the)g(addresses)g(of)h(the)f(queried)149
2626 y(name)k(serv)o(ers)f(are)i(found)g(in)f(the)g(additional)h(answ)o(er)f
(section.)31 b(That)20 b(sa)o(v)o(es)f(the)g(lo)q(okup)h(of)p
eop
%%Page: 41 50
49 bop 1901 -100 a Fo(41)149 75 y(the)18 b(IP)g(addresses,)g(once)f(the)h
(name)f(of)h(the)f(applicable)g(name)g(serv)o(er)f(is)i(found.)26
b(Additional)149 165 y(resource)16 b(records)h(are)f(cac)o(hed)f(for)i
(future)f(use.)223 255 y(As)j(w)o(e)g(rely)f(on)i(the)f(correctness)g(of)h
(these)f(additional)h(records)f(once)g(w)o(e)g(use)h(them,)e(w)o(e)149
346 y(trust)23 b(information)e(that)h(comes)f(from)g(a)h(source)g(p)q
(ossibly)g(outside)g(of)h(the)e(trusted)h(scop)q(e.)149 436
y(That)17 b(is)f(another)h(violation)f(of)h(the)f(partitioning)g(concept.)149
601 y(3.4)50 b(Exploiting)15 b(the)h(Fla)o(ws)223 741 y(The)21
b(follo)o(wing)h(sections)f(are)h(the)g(most)f(concrete)g(description)g(of)h
(ho)o(w)g(to)g(exploit)f(the)149 831 y(securit)o(y)f(\015a)o(w)g(in)h(the)f
(Domain)g(Name)f(System.)32 b(In)20 b(this)h(c)o(hapter)f(w)o(e)g(concen)o
(trate)g(on)h(the)149 921 y(\\rlogin")16 b(command)e(of)h(Berk)o(eley)e
(UNIX.)g(W)l(e)i(do)g(not)h(explain)f(the)g(whole)g(\\rlogin")h(proto)q(col)
149 1012 y(in)g(detail,)f(but)i(only)f(state)g(the)g(parts)h(and)g(commands)e
(that)h(are)g(related)g(to)h(our)f(in)o(terest.)149 1172 y(3.4.1)49
b(Regular)17 b(Access)780 1414 y(T)l(able)f(3.1)33 b(Regular)16
b(access)451 1491 y(host)h(NS)621 1498 y Fm(A)665 1491 y Fo(\()p
Fh(rlogind)p Fo(\))p 1223 1518 2 91 v 408 w(Bob@H)1409 1498
y Fm(A)p 426 1520 1247 2 v 1223 1610 2 91 v 1248 1583 a Fg(rlogin)f
Fo(NS)1450 1590 y Fm(A)1495 1583 y Fg(-l)g(Alice)451 1673 y
Ff(getpeernam)o(e\(\))c Fj(!)k Fo(IP)917 1680 y Fm(H)943 1686
y Fe(A)p 1223 1701 V 451 1764 a Ff(gethostbya)o(ddr)o(\()p
Fo(I)o(P)861 1771 y Fm(H)887 1777 y Fe(A)913 1764 y Ff(\))g
Fj(!)g Fo(H)1058 1771 y Fm(A)p 1223 1791 V 451 1854 a Fo(\014nd)g(en)o(try)g
(H)713 1861 y Fm(A)767 1854 y Ff(Bob)f Fo(in)h Fh(~Alice/.rhosts)p
1223 1881 V 451 1944 a Fo(gran)o(t)h(access)p 1223 1971 V 223
2230 a(T)l(able)g(3.1)h(giv)o(es)f(the)h(pro)q(cedure)g(follo)o(w)o(ed)e
(during)i(a)g(regular)g(remote)e(login.)26 b(Time)16 b(pro-)149
2321 y(ceeds)j(from)e(top)i(to)g(b)q(ottom)g(of)g(the)f(table.)28
b(User)19 b(Bob)f(on)i(mac)o(hine)c(H)1536 2328 y Fm(A)1583
2321 y Fo(w)o(an)o(ts)j(to)g(log)g(in)o(to)149 2411 y(mac)o(hine)g(NS)409
2418 y Fm(A)437 2411 y Fo(.)36 b(The)21 b(underlying)f(proto)q(cols)i(create)
f(a)g(connection)g(b)q(et)o(w)o(een)f(the)h(\\rlogin")149 2501
y(program)d(and)h(the)e(\\rlogind")i(daemon.)26 b(During)18
b(the)f(authen)o(tication)h(pro)q(cess)g(the)g(daemon)149 2592
y(retriev)o(es)f(the)g(IP)h(address)h(of)f(the)g(connecting)g(mac)o(hine:)k
(IP)1330 2599 y Fm(H)1356 2605 y Fe(A)1383 2592 y Fo(.)27 b(It)17
b(then)h(uses)g(the)g(Domain)p eop
%%Page: 42 51
50 bop 1901 -100 a Fo(42)149 75 y(Name)12 b(System)f(to)j(map)e(this)h
(address)g(to)h(a)f(host)h(name.)19 b(The)13 b(call)f(of)i(\\gethostb)o(y)o
(addr\(IP)1853 82 y Fm(H)1879 88 y Fe(A)1906 75 y Fo(\)")149
165 y(do)q(es)j(that)g(and)g(returns)f(H)665 172 y Fm(A)693
165 y Fo(.)223 255 y(The)21 b(daemon)f(then)h(c)o(hec)o(ks)f(whether)h(the)f
(user)i(from)e(the)h(mac)o(hine)d(with)j(name)f(H)1867 262
y Fm(A)1917 255 y Fo(is)149 346 y(allo)o(w)o(ed)k(access)g(b)o(y)g(scanning)h
(the)f(en)o(tries)f(in)i(the)f(\\.rhosts")h(\014le)f(of)h(user)f(Alice.)44
b(If)24 b(the)149 436 y(appropriate)19 b(en)o(try)d(is)i(found,)g(access)f
(is)g(gran)o(ted.)26 b(If)17 b(the)g(system)f(administrator)h(of)h(system)149
526 y(NS)213 533 y Fm(A)258 526 y Fo(has)f(installed)f(the)g
(\\/etc/hosts.equiv")g(\014le)g(and)h(en)o(tered)e(the)i(name)e(of)h(host)i
(H)1797 533 y Fm(A)1825 526 y Fo(,)e(then)149 616 y(access)h(is)f(gran)o(ted)
g(ev)o(en)f(without)i(a)f(user)h(main)o(tained)d(en)o(try)h(in)h(\014le)g
(\\.rhosts.")149 778 y(3.4.2)49 b(The)17 b(\\Database)h(Mo)q(di\014cation")f
(Approac)o(h)514 1014 y(T)l(able)g(3.2)32 b(The)17 b(\\Database)h(Mo)q
(di\014cation")f(approac)o(h)451 1091 y(host)g(NS)621 1098
y Fm(A)665 1091 y Fo(\()p Fh(rlogind)p Fo(\))p 1223 1118 2
91 v 408 w(Bob@H)1409 1098 y Fm(B)p 426 1120 1247 2 v 1223
1210 2 91 v 1248 1183 a Fg(rlogin)f Fo(NS)1450 1190 y Fm(A)1495
1183 y Fg(-l)g(Alice)451 1273 y Ff(getpeernam)o(e\(\))c Fj(!)k
Fo(IP)917 1280 y Fm(H)943 1286 y Fe(B)p 1223 1301 V 451 1364
a Ff(gethostbya)o(ddr)o(\()p Fo(I)o(P)861 1371 y Fm(H)887 1377
y Fe(B)912 1364 y Ff(\))g Fj(!)g Fo(H)1057 1371 y Fm(A)p 1223
1391 V 451 1454 a Fo(\014nd)g(en)o(try)g(H)713 1461 y Fm(A)767
1454 y Ff(Bob)f Fo(in)h Fh(~Alice/.rhosts)p 1223 1481 V 451
1544 a Fo(gran)o(t)h(access)p 1223 1571 V 223 1824 a(This)f(is)h(the)f
(\014rst)h(example)d(of)j(ho)o(w)g(an)h(attac)o(k)o(er)d(can)i(sp)q(o)q(of)h
(someone)e(else's)g(host)h(name.)149 1914 y(Host)22 b(H)307
1921 y Fm(B)355 1914 y Fo(b)q(eha)o(v)o(es)e(as)i(if)f(it)g(w)o(ere)f(host)i
(H)975 1921 y Fm(A)1003 1914 y Fo(.)36 b(The)21 b(access)h(pattern)f(is)g(v)o
(ery)f(similar)f(to)j(the)149 2005 y(previous,)g(regular)f(one,)h(except)e
(that)h(the)g(call)f(of)h(\\getp)q(eername\(\)")g(no)o(w)g(returns)g(the)g
(IP)149 2095 y(address)i(of)f(host)h(H)539 2102 y Fm(B)566
2095 y Fo(.)38 b(If)21 b(the)h(DNS)g(database)h(is)f(mo)q(di\014ed)e(b)o(y)i
(the)f(attac)o(k)o(er,)h(the)g(call)f(of)149 2185 y(\\gethostb)o(y)o
(addr\(\)")g(do)q(es)f(not)f(return)g(the)g(name)f(H)1169 2192
y Fm(B)1215 2185 y Fo(as)h(it)g(w)o(ould)g(with)g(a)h(database)g(in)f(an)149
2276 y(unimpaired)c(state,)h(but)g(the)g(name)f(H)880 2283
y Fm(A)908 2276 y Fo(.)22 b(Bob@H)1105 2283 y Fm(B)1148 2276
y Fo(\014nally)15 b(gets)i(access)f(to)h(NS)1663 2283 y Fm(A)1692
2276 y Fo(.)149 2437 y(3.4.3)49 b(The)17 b(\\Cac)o(he)f(P)o(oisoning")h
(Approac)o(h)223 2560 y(In)j(this)h(approac)o(h)g(the)g(\\rlogind")g(daemon)f
(tries)h(to)g(enhance)f(securit)o(y)f(b)o(y)i(calling)f(the)149
2650 y(function)g(\\gethostb)o(yname\(\)")f(to)g(v)o(erify)f(the)h(mapping)g
(from)f(IP)1431 2657 y Fm(H)1457 2663 y Fe(B)1502 2650 y Fo(to)h(H)1601
2657 y Fm(A)1630 2650 y Fo(.)30 b(The)19 b(attac)o(k)o(er)p
eop
%%Page: 43 52
51 bop 1901 -100 a Fo(43)580 101 y(T)l(able)16 b(3.3)33 b(The)16
b(\\Cac)o(he)h(P)o(oisoning")g(approac)o(h)451 178 y(host)g(NS)621
185 y Fm(A)665 178 y Fo(\()p Fh(rlogind)p Fo(\))p 1223 205
2 91 v 408 w(Bob@H)1409 185 y Fm(B)p 426 207 1247 2 v 1223
297 2 91 v 1248 270 a Fg(rlogin)f Fo(NS)1450 277 y Fm(A)1495
270 y Fg(-l)g(Alice)451 360 y Ff(getpeernam)o(e\(\))c Fj(!)k
Fo(IP)917 367 y Fm(H)943 373 y Fe(B)p 1223 387 V 451 451 a
Ff(gethostbya)o(ddr)o(\()p Fo(I)o(P)861 458 y Fm(H)887 464
y Fe(B)912 451 y Ff(\))g Fj(!)g Fo(H)1057 458 y Fm(A)p 1223
478 V 516 541 a Fo(and)h(H)648 548 y Fm(A)692 541 y Fj(!)f
Fo(IP)809 548 y Fm(H)835 554 y Fe(B)877 541 y Fo(mapping)p
1223 568 V 451 631 a Ff(gethostbyn)o(ame)o(\()p Fo(H)849 638
y Fm(A)875 631 y Ff(\))g Fj(!)g Fo(IP)1034 638 y Fm(H)1060
644 y Fe(B)p 1223 658 V 451 721 a Fo(\014nd)g(en)o(try)g(H)713
728 y Fm(A)767 721 y Ff(Bob)f Fo(in)h Fh(~Alice/.rhosts)p 1223
749 V 451 812 a Fo(gran)o(t)h(access)p 1223 839 V 149 1067
a(ho)o(w)o(ev)o(er)i(has)i(a)g(w)o(a)o(y)f(of)h(sub)o(v)o(erting)e(this)h
(additional)h(securit)o(y)d(feature.)33 b(He)20 b(can)g(send)h(the)149
1157 y(additional)d(mapping)e(of)i(H)676 1164 y Fm(A)721 1157
y Fo(to)f(IP)832 1164 y Fm(H)858 1170 y Fe(B)901 1157 y Fo(along)h(with)f
(the)g(answ)o(er)g(to)h(the)f(query)f(for)i(IP)1799 1164 y
Fm(H)1825 1170 y Fe(B)1851 1157 y Fo(.)24 b(By)149 1248 y(the)17
b(time)d(the)i(daemon)g(calls)g(\\gethostb)o(yname\(\),")f(it)h(already)h
(has)g(the)f(necessary)g(mapping)149 1338 y(information)g(in)g(its)g(cac)o
(he.)22 b(The)16 b(daemon)g(b)q(eliev)o(es)f(the)h(cac)o(hed)g(data)h(and)g
(again)g(gran)o(ts)h(the)149 1428 y(attac)o(k)o(er)e(access.)149
1588 y(3.4.4)49 b(The)17 b(\\Ask)f(Me!")21 b(Approac)o(h)223
1711 y(In)16 b(the)g(previous)g(sections)h(w)o(e)f(exploited)f(the)h(securit)
o(y)f(w)o(eakness)h(of)h(the)f(Domain)g(Name)149 1801 y(System)f(according)i
(to)f(S.)g(Bello)o(vin's)e(suggestions.)223 1891 y(W)l(e)i(though)o(t)h(of)g
(another)h(w)o(a)o(y)e(to)h(exploit)f(the)g(w)o(eakness.)23
b(If)16 b(some)g(en)o(tit)o(y)f(sen)o(t)h(a)h(source)149 1982
y(routed)e(datagram,)f(con)o(taining)g(a)h(DNS)f(message)f(with)h(false)g
(additional)g(resource)g(records)g(to)149 2072 y(a)i(name)e(serv)o(er,)g(w)o
(ould)h(that)h(name)e(serv)o(er)g(accept)h(the)g(data?)22 b(The)15
b(idea)g(here)g(is)g(to)h(p)q(oison)g(a)149 2162 y(name)h(serv)o(er's)f(cac)o
(he)g(with)i(all)f(necessary)g(information)f(\(for)i(rev)o(erse)e(and)i(forw)
o(ard)g(lo)q(okup\))149 2252 y(b)q(efore)f(the)f(\\rlogin")h(attac)o(k)f(is)g
(launc)o(hed.)223 2343 y(W)l(e)21 b(will)f(explain)g(in)h(Section)g(4.1)h(wh)
o(y)f(this)g(cannot)h(w)o(ork)f(using)h(source)f(routed)h(DNS)149
2433 y(messages)14 b(directly)l(.)19 b(This)c(depriv)o(es)e(us)i(of)g(the)f
(c)o(hance)g(of)h(eliminating)d(the)i(basic)h(assumption)149
2523 y(of)g(the)f(attac)o(k)o(er)f(ha)o(ving)h(sup)q(eruser)h(priorit)o(y)e
(on)i(a)f(primary)f(name)g(serv)o(er)g(in)h(order)g(to)h(launc)o(h)149
2614 y(an)i(attac)o(k.)p eop
%%Page: 44 53
52 bop 1901 -100 a Fo(44)223 75 y(Nev)o(ertheless,)13 b(the)j(idea)g(can)h(b)
q(e)f(exploited)f(in)h(another)h(w)o(a)o(y)l(,)e(on)i(a)g(higher)f(lev)o(el,)
d(and)k(far)149 165 y(more)c(elegan)o(tly)f(than)i(creating)g(and)g(sending)g
(datagrams)g(man)o(ually)l(.)k(Imagine)12 b(the)i(follo)o(wing)149
255 y(scenario:)223 346 y(The)j(attac)o(k)o(er)f(on)i(name)e(serv)o(er)g(NS)
918 353 y Fm(B)963 346 y Fo(whishes)h(to)g(giv)o(e)g(NS)1368
353 y Fm(A)1414 346 y Fo(wrong)h(information)e(ab)q(out)149
436 y(the)g(mappings)222 568 y Fj(\017)24 b Fo(IP)322 575 y
Fm(H)348 581 y Fe(B)390 568 y Fj(!)16 b Fo(H)493 575 y Fm(B)520
568 y Fo(.sub.domain.dom)149 699 y(and)222 831 y Fj(\017)24
b Fo(H)308 838 y Fm(B)335 831 y Fo(.sub.domain.dom)14 b Fj(!)i
Fo(IP)831 838 y Fm(H)857 844 y Fe(B)883 831 y Fo(.)149 963
y(NS)213 970 y Fm(B)256 963 y Fo(w)o(an)o(ts)h(NS)459 970 y
Fm(A)503 963 y Fo(to)g(b)q(eliev)o(e)d(the)i(mappings)222 1095
y Fj(\017)24 b Fo(IP)322 1102 y Fm(H)348 1108 y Fe(B)390 1095
y Fj(!)16 b Fo(H)493 1102 y Fm(A)521 1095 y Fo(.domain.dom)149
1227 y(and)222 1358 y Fj(\017)24 b Fo(H)308 1365 y Fm(A)336
1358 y Fo(.domain.dom)14 b Fj(!)i Fo(IP)746 1365 y Fm(H)772
1371 y Fe(B)798 1358 y Fo(.)223 1490 y(As)21 b(NS)363 1497
y Fm(B)412 1490 y Fo(cannot)g(simply)f(send)h(the)g(false)g(information)f(to)
i(NS)1455 1497 y Fm(A)1513 1490 y Fo(it)f(could)g(ask)h(NS)1856
1497 y Fm(A)1906 1490 y Fo(to)149 1581 y(resolv)o(e)14 b(a)h(mapping)f(that)h
(only)f(NS)819 1588 y Fm(B)861 1581 y Fo(can)h(resolv)o(e.)k(NS)1191
1588 y Fm(B)1232 1581 y Fo(w)o(ould)c(then)g(app)q(end)g(the)f(additional)149
1671 y(incorrect)j(information)g(to)i(the)f(resp)q(onse)h(to)f(NS)1092
1678 y Fm(A)1120 1671 y Fo('s)g(query)l(.)26 b(Doing)18 b(so,)h(NS)1611
1678 y Fm(A)1639 1671 y Fo('s)f(cac)o(he)f(w)o(ould)149 1761
y(b)q(e)h(p)q(oisoned)h(with)e(the)g(necessary)h(information)e(to)i(allo)o(w)
f(H)1326 1768 y Fm(B)1371 1761 y Fo(to)h(imp)q(ersonate)e(H)1745
1768 y Fm(A)1791 1761 y Fo(and)i(log)149 1851 y(in)o(to)e(NS)312
1858 y Fm(A)341 1851 y Fo(.)223 1942 y(W)l(e)i(call)g(this)h(the)g(\\Ask)g
(Me!")29 b(approac)o(h,)20 b(b)q(ecause)f(name)f(serv)o(er)g(NS)1596
1949 y Fm(B)1642 1942 y Fo(implici)o(tly)d(tells)149 2032 y(name)21
b(serv)o(er)f(NS)495 2039 y Fm(A)545 2032 y Fo(to)i(send)g(a)g(query)f(to)h
(NS)1043 2039 y Fm(B)1070 2032 y Fo(.)37 b(NS)1185 2039 y Fm(B)1234
2032 y Fo(therefore)21 b(tells)f(NS)1616 2039 y Fm(A)1666 2032
y Fo(to)i(ask)g(him)e(a)149 2122 y(question.)223 2213 y(W)l(e)15
b(did)h(not)h(implem)o(e)o(n)o(t)c(this)j(attac)o(k.)21 b(Using)16
b(the)f(standard)j(to)q(ol)e(\\nslo)q(okup,")i(NS)1833 2220
y Fm(B)1876 2213 y Fo(can)149 2303 y(force)i(NS)335 2310 y
Fm(A)383 2303 y Fo(to)h(create)e(a)i(query)l(,)f(and)g(using)h(the)f(name)f
(serv)o(er)g(mo)q(di\014cations)g(describ)q(ed)h(in)149 2393
y(3.5.6,)c(NS)343 2400 y Fm(B)386 2393 y Fo(can)g(app)q(end)h(the)f(t)o(w)o
(o)g(false)g(resource)f(records)h(to)h(the)f(additional)g(section)f(of)i(the)
149 2483 y(resp)q(onse)g(to)g(the)f(query)l(.)p eop
%%Page: 45 54
53 bop 1901 -100 a Fo(45)149 75 y(3.5)50 b(Implem)o(e)o(n)o(tation)14
b(and)j(Exp)q(erimen)o(ts)223 214 y(This)24 b(section)g(describ)q(es)f(our)i
(main)e(exp)q(erimen)o(t)e(step)j(b)o(y)f(step.)45 b(W)l(e)24
b(start)h(with)f(the)149 305 y(description)12 b(of)g(the)f(setup)h(of)g(our)g
(test)g(zones)g(and)g(the)f(mac)o(hines)f(used.)20 b(W)l(e)12
b(con)o(tin)o(ue)e(with)i(the)149 395 y(name)k(serv)o(er)f(and)i(resolv)o(er)
e(setups.)21 b(The)16 b(UNIX)f(concept)h(of)g(trusted)h(hosts)g(is)f
(fundamen)o(tal)149 485 y(in)j(exploiting)f(this)h(\015a)o(w.)30
b(W)l(e)19 b(explain)f(this)h(particular)g(instance)f(of)i(the)e(T)l(rusted)i
(Net)o(w)o(ork)149 575 y(concept)h(follo)o(w)o(ed)g(b)o(y)g(the)g(authen)o
(tication)g(pro)q(cess)h(using)g(the)f(Berk)o(eley)e(\\r{commands.")149
666 y(Then)j(w)o(e)e(describ)q(e)h(the)g(manipulation)f(in)g(the)h
(authoritativ)o(e)g(data)h(of)f(the)g(name)f(serv)o(er's)149
756 y(rev)o(erse)14 b(lo)q(okup)i(tree.)k(W)l(e)15 b(also)h(describ)q(e)e
(the)h(\014nal)g(step,)g(the)g(cac)o(he)g(corruption,)g(in)g(the)f(case)149
846 y(that)j(the)f(Berk)o(eley)e(patc)o(h)i(is)g(already)g(installed.)149
1006 y(3.5.1)49 b(Domain)16 b(and)h(Zone)f(Setup)223 1129 y(The)i(setup)h(of)
g(our)h(exp)q(erimen)o(tal)15 b(\014eld)k(consisted)f(of)h(t)o(w)o(o)g(zones)
g(\(see)f(Figure)h(3.1\).)29 b(All)149 1219 y(mac)o(hines,)21
b(the)h(attac)o(k)o(ed)f(mac)o(hine)f(NS)933 1226 y Fm(A)961
1219 y Fo(,)j(the)f(imitated)d(mac)o(hine)h(H)1522 1226 y Fm(A)1550
1219 y Fo(,)j(and)g(the)e(attac)o(k)o(er)149 1309 y(mac)o(hines)13
b(NS)422 1316 y Fm(B)463 1309 y Fo(and)i(H)593 1316 y Fm(B)620
1309 y Fo(,)f(w)o(ere)g(part)h(of)g(the)f(domain)g(sub.domain.dom.)19
b(Ho)o(w)o(ev)o(er,)12 b(NS)1828 1316 y Fm(A)1871 1309 y Fo(and)149
1400 y(H)186 1407 y Fm(A)231 1400 y Fo(con)o(tacted)k(another)g(name)g(serv)o
(er)f(\(NS)984 1407 y Fm(A)1013 1400 y Fo(\))h(than)h(NS)1226
1407 y Fm(B)1269 1400 y Fo(and)g(H)1401 1407 y Fm(B)1444 1400
y Fo(\(NS)1526 1407 y Fm(B)1553 1400 y Fo(\).)223 1490 y(In)g(realit)o(y)g
(the)h(attac)o(k)o(er)f(and)i(attac)o(k)o(ed)e(hosts)i(w)o(ould)f(not)h
(reside)e(in)h(the)g(same)f(domain,)149 1580 y(but)25 b(b)q(ecause)f(w)o(e)f
(are)h(solely)f(observing)h(the)g(Domain)f(Name)f(System)h(proto)q(col)h(b)q
(et)o(w)o(een)149 1671 y(name)15 b(serv)o(ers,)g(it)g(did)g(not)i(mak)o(e)d
(a)i(di\013erence)e(as)j(long)f(as)g(the)g(authoritativ)o(e)f(data)i(that)f
(had)149 1761 y(to)j(b)q(e)f(corrupted)h(remained)d(in)i(the)g(attac)o(king)g
(name)f(serv)o(er's)g(zone,)h(outside)g(the)g(attac)o(k)o(ed)149
1851 y(mac)o(hine's)c(zone.)149 2011 y(3.5.2)49 b(Name)15 b(Serv)o(er)g(and)i
(Resolv)o(er)e(Setup)223 2134 y(Name)i(serv)o(er)h(NS)573 2141
y Fm(A)621 2134 y Fo(w)o(as)h(set)g(up)h(to)f(con)o(tain)g(primary)f
(information)g(ab)q(out)i(the)f(domain)149 2224 y(domain.dom,)k(whereas)h
(name)e(serv)o(er)g(NS)992 2231 y Fm(B)1043 2224 y Fo(con)o(tained)h(primary)
f(information)g(ab)q(out)j(the)149 2314 y(domain)e(sub.domain.dom.)41
b(The)24 b(resolv)o(ers)f(of)g(NS)1177 2321 y Fm(A)1229 2314
y Fo(and)h(NS)1395 2321 y Fm(B)1446 2314 y Fo(w)o(ere)e(set)i(up)g(to)g(con)o
(tact)149 2404 y(the)19 b(name)f(serv)o(ers)h(running)g(on)h(the)f(lo)q(cal)g
(hosts)h(exclusiv)o(ely)l(.)27 b(This)19 b(k)o(ept)g(the)g(information)149
2495 y(requests)d(on)h(con)o(trollable,)e(w)o(ell{kno)o(wn)g(paths.)p
eop
%%Page: 46 55
54 bop 1901 -100 a Fo(46)149 75 y(3.5.3)49 b(T)l(rusting)17
b(Hosts)223 197 y(In)f(Berk)o(eley)e(UNIX)h(and)i(deriv)m(ativ)o(es,)d
(system)i(administrators)g(and)h(users)g(ha)o(v)o(e)e(the)i(op-)149
287 y(tion)i(to)g(trust)g(other)f(systems,)f(or)i(to)g(trust)g(certain)f
(user)g(accoun)o(ts)h(on)g(remote)e(systems)g(b)o(y)149 378
y(pro)o(viding)11 b(a)h(\\remote)e(authen)o(tication")i(database.)21
b(W)l(e)11 b(in)o(tro)q(duced)g(\\trust")h(in)g(section)f(3.3.2.)149
468 y(The)20 b(\\/etc/hosts.equiv")g(\014le)f(applies)g(to)h(the)g(en)o(tire)
e(system,)g(while)h(individual)f(users)i(can)149 558 y(main)o(tain)15
b(their)h(o)o(wn)g(\\.rhosts")i(\014les)d(in)h(their)g(home)f(directories.)
223 649 y(The)h(\014le)g(\\/etc/hosts.equiv")g(is)g(main)o(tainable)e(only)j
(b)o(y)e(the)h(sup)q(eruser.)22 b(It)16 b(can)h(con)o(tain)149
739 y(host)j(names)f(from)f(whic)o(h)g(users)i(can)f(remotely)e(access)i(lo)q
(cal)g(accoun)o(ts)g(without)h(ha)o(ving)f(to)149 829 y(pro)o(vide)h(a)g
(passw)o(ord)i(for)e(authen)o(tication.)32 b(The)20 b(user)h(has)f(to)h(ha)o
(v)o(e)e(the)h(same)f(login)h(id)g(on)149 919 y(b)q(oth)g(mac)o(hines.)27
b(Access)18 b(is)g(gran)o(ted)h(on)g(basis)h(of)f(the)f(login)h(name)e(and)j
(the)e(host)i(name)d(of)149 1010 y(the)f(connecting)g(mac)o(hine.)223
1100 y(Eac)o(h)h(user)g(can)h(create)e(a)i(\014le)f(named)f(\\.rhosts")i(in)f
(his)g(home)g(directory)l(.)23 b(In)17 b(this)g(\014le)g(he)149
1190 y(can)g(sp)q(ecify)f(trusted)g(users)h(on)g(other)g(mac)o(hines.)j(It)c
(is)g(also)i(p)q(ossible)e(to)h(force)f(remote)f(users)149
1281 y(to)k(alw)o(a)o(ys)f(supply)g(a)h(passw)o(ord)g(when)g(using)f(the)g
(\\r{commands,")g(b)o(y)g(pre\014xing)g(en)o(tries)f(in)149
1371 y(\\.rhosts")h(b)o(y)e(a)g(dash.)271 1515 y(These)d(\014les)g(b)o(ypass)
g(the)f(standard)i(passw)o(ord-based)h(user)e(authen)o(tication)g(mec)o(h-)
271 1605 y(anism.)25 b(T)l(o)19 b(main)o(tain)d(system)g(securit)o(y)l(,)h
(care)g(m)o(ust)g(b)q(e)g(tak)o(en)h(in)f(creating)h(and)271
1696 y(main)o(taining)d(these)h(\014les.)21 b([Sun91,)16 b(HOSTS.EQUIV\(5\)])
223 1840 y(These)22 b(features)g(ha)o(v)o(e)f(caused)i(man)o(y)d(securit)o(y)
h(breac)o(hes)h(in)g(the)g(past,)i(but)e(still)f(most)149 1930
y(system)13 b(administrators)h(do)g(not)h(disable)e(them.)19
b(T)l(rust)c(in)e(net)o(w)o(orks)h(is)g(a)g(transitiv)o(e)f(relation,)149
2021 y(in)19 b(the)g(sense)g(that)h(if)f(A)f(trusts)i(B,)e(and)i(B)f(trusts)g
(C,)g(then)g(A)g(trusts)h(C.)f(This)g(relationship)149 2111
y(can)j(do)h(great)f(harm.)37 b(Once)21 b(an)i(in)o(truder)d(has)j
(successfully)d(sub)o(v)o(erted)h(one)h(mac)o(hine,)f(he)149
2201 y(can)15 b(hop)g(to)g(other)g(mac)o(hines,)e(exploiting)g(trust.)21
b(Examining)13 b(the)i(trade{o\013)h(b)q(et)o(w)o(een)d(con)o(v)o(e-)149
2291 y(nience)i(and)i(p)q(ossibly)f(unauthorized)g(access,)f(most)h(system)e
(administrators)h(decide)g(in)h(fa)o(v)o(or)149 2382 y(of)h(con)o(v)o
(enience.)223 2472 y(In)g(our)h(setup,)g(host)h(NS)690 2479
y Fm(A)737 2472 y Fo(trusts)f(host)h(H)1022 2479 y Fm(A)1067
2472 y Fo(via)f(the)f(\014le)h(\\/etc/hosts.equiv")g(con)o(taining)149
2562 y(host)f(H)292 2569 y Fm(A)320 2562 y Fo('s)g(host)f(name.)p
eop
%%Page: 47 56
55 bop 1901 -100 a Fo(47)149 75 y(3.5.4)49 b(Authen)o(tication)15
b(in)h(Berk)o(eley)e(\\r{Commands")223 197 y(The)20 b(main)g(t)o(w)o(o)h
(\\r{command")f(applications)g(w)o(e)h(deal)f(with)h(are)g(\\rlogin")g(and)h
(\\rsh,")149 287 y(b)q(oth)i(of)f(whic)o(h)f(consist)g(of)h(a)g(clien)o(t)e
(and)i(a)g(serv)o(er)f(side.)39 b([Ste90,)24 b(Chapter)f(14])g(giv)o(es)f(an)
149 378 y(o)o(v)o(erview)c(of)h(remote)f(command)f(execution)h(under)h(UNIX)f
(and)i([Ste90,)f(Chapter)h(15])f(giv)o(es)149 468 y(man)o(y)c(details)h(ab)q
(out)h(the)f(remote)f(login)h(pro)q(cedure.)223 558 y(Examining)f(the)h
(source)h(co)q(de)f(for)h(the)f(clien)o(t)f(\\rlogin")i(and)h(the)e(serv)o
(er)f(\\rlogind")j(yields)149 649 y(the)e(follo)o(wing)g(securit)o(y)f(c)o
(hec)o(k)g(pro)q(cedure:)209 793 y(1.)24 b(Chec)o(k)16 b(if)f(the)h(clien)o
(t)f(uses)h(a)h(reserv)o(ed)e(TCP)i(p)q(ort.)22 b(Ab)q(ort)16
b(if)g(not.)209 925 y(2.)24 b(Chec)o(k)13 b(for)g(a)h(passw)o(ord)g(\014le)f
(en)o(try)f(on)i(the)f(serv)o(er)f(for)i(the)f(sp)q(eci\014ed)f(serv)o
(er{user{name.)271 1015 y(Ab)q(ort)17 b(if)f(not.)209 1147
y(3.)24 b(If)16 b(not)h(ro)q(ot)g(login:)k(Chec)o(k)16 b(the)g
(\\/etc/hosts.equiv")g(\014le)g(for)g(the)g(clien)o(t's)e(system.)209
1279 y(4.)24 b(If)15 b(not)h(ro)q(ot)h(login:)k(Chec)o(k)14
b(the)h(\\.rhosts")i(\014le)e(in)g(the)g(home)f(directory)h(of)h(serv)o
(er{user{)271 1369 y(name)f(for)i(the)f(clien)o(t's)e(system.)209
1501 y(5.)24 b(If)16 b(ro)q(ot)h(login:)22 b(Chec)o(k)15 b(the)h(\\/.rhosts")
i(\014le)d(for)i(the)f(clien)o(t's)e(system.)209 1632 y(6.)24
b(Prompt)16 b(user)g(for)h(his)f(passw)o(ord)h(if)f(none)h(of)f(the)g(tests)g
(3-5)i(passed.)223 1777 y(It)23 b(ma)o(y)f(seem)g(that)i(a)g(system)f(is)g(m)
o(uc)o(h)f(safer)i(if)f(only)g(\\.rhosts")i(\014les)e(exist)g(with)h(no)149
1867 y(\\/etc/hosts.equiv")d(\014le,)e(b)q(ecause)h(\\.rhosts")i(\014les)d
(create)g(the)h(additional)g(constrain)o(t)g(that)149 1957
y(user)g(login)f(names)f(ha)o(v)o(e)h(to)g(matc)o(h:)26 b(the)19
b(user)g(name)g(on)g(the)g(attac)o(king)g(host)h(and)g(the)f(one)149
2048 y(on)k(the)e(attac)o(k)o(ed)g(host.)38 b(That)22 b(is)g(not)g(the)f
(case.)37 b(In)22 b(Section)f(3.6.1)h(w)o(e)f(will)f(discuss)i(ho)o(w)149
2138 y(to)16 b(acquire)f(information)g(ab)q(out)h(whic)o(h)f(host)i(name)d
(and)i(whic)o(h)f(user)h(name)e(to)i(imp)q(ersonate.)149 2228
y(Once)d(w)o(e)g(ha)o(v)o(e)f(that)i(information,)e(it)h(mak)o(es)e(no)j
(di\013erence)e(at)i(all.)19 b(In)13 b(the)g(\\rlogin")h(proto)q(col,)149
2318 y(the)f(clien)o(t)f(connects)g(to)i(p)q(ort)g(IPPOR)l(T)p
906 2318 15 2 v 17 w(LOGINSER)-5 b(VER)1278 2300 y Fm(2)1310
2318 y Fo(of)14 b(the)f(remote)e(host)j(and)g(sends)f(a)149
2409 y(pac)o(k)o(et)f(consisting)g(of)h Fn(<)p Fo(lo)q(cal{user{name)p
Fn(>)p Fo(,)f Fn(<)p Fo(remote{user{name)p Fn(>)p Fo(,)e(and)j
Fn(<)p Fo(command)p Fn(>)d Fo(to)149 2499 y(the)j(serv)o(er.)20
b(Because)12 b(the)h(clien)o(t)e(is)i(under)h(full)e(con)o(trol)h(of)g(the)g
(attac)o(k)o(er,)g(it)g(is)g(not)g(di\016cult)f(for)p 149 2543
720 2 v 206 2573 a Fl(2)224 2588 y Fk(in)i(\\netinet/in.h")f(curren)o(tly)i
(sp)q(eci\014ed)g(as)f(TCP)g(p)q(ort)g(513)p eop
%%Page: 48 57
56 bop 1901 -100 a Fo(48)149 75 y(the)12 b(attac)o(k)o(er)e(to)i(mo)q(dify)f
(the)g(\\rlogin")h(co)q(de,)h(suc)o(h)e(that)h(lo)q(cal{user{name)f(and)h
(remote{user{)149 165 y(name)17 b(con)o(tain)h(the)g(appropriate)h(v)m
(alues.)26 b(The)18 b(attac)o(k)o(er)f(can)i(then)f(recompile)d(the)j
(\\rlogin")149 255 y(co)q(de)f(and)g(use)f(the)g(mo)q(di\014ed)f(v)o(ersion)h
(instead)g(of)h(the)f(original)g(one.)149 415 y(3.5.5)49 b(Rev)o(erse)15
b(Lo)q(okup)j(T)l(ree)e(Manipulation)223 538 y(Because)f(the)h(attac)o(k)o
(er)f(con)o(trols)h(the)g(primary)e(domain)h(sub.domain.dom,)f(he)h(can)i(mo)
q(d-)149 628 y(ify)i(the)f(data)i(of)f(the)g(rev)o(erse)e(lo)q(okup)j(tree)e
(of)i(his)e(domain.)29 b(In)18 b(the)h(\\rlogin")h(proto)q(col,)g(the)149
718 y(serv)o(er)d(retriev)o(es)f(the)i(IP)g(address)h(of)f(the)g(connecting)f
(site)h(with)g(the)f(system)g(call)g(\\getp)q(eer-)149 809
y(name\(\)".)25 b(The)18 b(serv)o(er)f(then)g(maps)g(the)h(IP)f(address)i(in)
o(to)e(the)h(host)g(name)f(with)g(the)h(system)149 899 y(call)f(\\gethostb)o
(y)o(addr\(\)".)27 b(In)18 b(Section)f(2.5)h(w)o(e)f(explained)g(that)h(the)g
(IP)f(address)i(111.22.33.4)149 989 y(gets)g(con)o(v)o(erted)f(in)o(to)g(the)
g(name)g(4.33.22.111.in-addr.arpa,)j(whic)o(h)d(is)g(then)h(queried)e(in)i
(the)149 1079 y(rev)o(erse)e(lo)q(okup)i(tree)e(via)g(the)h(Domain)f(Name)g
(System)f(proto)q(col.)27 b(In)18 b(an)g(unimpaired)e(state)149
1170 y(of)j(the)g(database,)h(the)e(lo)q(okup)h(returns)g(the)f(name)f(of)i
(the)g(attac)o(k)o(er)e(H)1523 1177 y Fm(B)1550 1170 y Fo(.)28
b(But)18 b(if)g(one)h(single)149 1260 y(record)d(in)g(the)g(rev)o(erse)f(lo)q
(okup)i(tree)f(is)g(c)o(hanged)g(from)284 1350 y(4.33.22.111.in-addr.arpa)153
b(IN)c(PTR)i(H)1443 1357 y Fm(B)1470 1350 y Fo(.sub.domain.dom)149
1441 y(to)284 1531 y(4.33.22.111.in-addr.arpa)i(IN)c(PTR)i(H)1443
1538 y Fm(A)1471 1531 y Fo(.sub.domain.dom)149 1621 y(the)16
b(query)g(yields)f(the)h(name)f(of)i(H)813 1628 y Fm(A)857
1621 y Fo(after)f(the)g(zones)g(are)h(reloaded)f(in)o(to)g(the)g(name)f(serv)
o(er.)149 1781 y(3.5.6)49 b(Cac)o(he)16 b(Corruption)223 1904
y(Section)21 b(3.1)i(already)f(men)o(tioned)f(the)h(Berk)o(eley)d(soft)o(w)o
(are)k(patc)o(h)f(that)h(adds)g(a)g(higher)149 1994 y(degree)d(of)g(securit)o
(y)f(to)h(the)g(remote)e(login)j(pro)q(cedure.)32 b(The)20
b(patc)o(h)g(w)o(orks)g(as)h(follo)o(ws:)29 b(the)149 2084
y(system)22 b(call)g(\\gethostb)o(y)o(addr\(\)")i(in)f(\\rlogind")g(and)h
(\\rshd")g(is)f(implem)o(e)o(n)o(ted)d(b)o(y)i(a)i(DNS)149
2174 y(request)16 b(for)h(a)g(PTR)g(record.)23 b(The)16 b(serv)o(er)g(that)h
(supplies)f(the)g(PTR)h(record)g(is)f(under)h(con)o(trol)149
2265 y(of)f(the)g(attac)o(k)o(er)f(and)h(can)g(return)g(a)g(falsi\014ed)f
(record.)21 b(The)16 b(system)e(call)h(\\gethostb)o(yname\(\)")149
2355 y(requests)i(A)g(records)g(from)f(the)h(name,)e(serv)o(er)h(whic)o(h)g
(is)h(not)h(con)o(trolled)e(b)o(y)g(the)h(attac)o(k)o(er.)23
b(If)149 2445 y(the)e(comparison)e(of)i(the)f(retriev)o(ed)e(IP)j(addresses)g
(and)g(the)f(original)g(IP)g(address)h(fails,)g(the)149 2536
y(patc)o(h)d(has)h(succeeded)d(in)i(detecting)f(an)h(attempted)e(imp)q
(ersonation.)26 b(Figure)17 b(3.2)h(sho)o(ws)h(an)149 2626
y(o)o(v)o(erview)c(of)i(the)f(algorithm)f(used)h(in)g(the)g(patc)o(h.)p
eop
%%Page: 49 58
57 bop 1901 -100 a Fo(49)449 754 y @beginspecial 0 @llx 0 @lly
288 @urx 148 @ury 2880 @rwi @setspecial
%%BeginDocument: pictures/patch_alg.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
0.0 148.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n -1 19 m -1 19 l  319 19 l gs col-1 s gr
n -1 39 m 319 39 l gs col-1 s gr
n 19 59 m 319 59 l gs col-1 s gr
n 19 59 m 169 89 l  319 59 l gs col-1 s gr
n 19 89 m 319 89 l gs col-1 s gr
n -1 109 m 319 109 l gs col-1 s gr
n 169 89 m 169 109 l gs col-1 s gr
n 19 59 m 19 109 l gs col-1 s gr
n -1 109 m 159 139 l  319 109 l gs col-1 s gr
n -1 139 m 319 139 l gs col-1 s gr
n -1 -1 m -1 164 l  319 164 l  319 -1 l  -1 -1 l gs col-1 s gr
n -1 159 m 319 159 l gs col-1 s gr
n 159 139 m 159 159 l gs col-1 s gr
/Times-Roman findfont 12.00 scalefont setfont
4 14 m 
gs 1 -1 scale (call gethostbyaddr\(\) with IP addr, get host name) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 34 m 
gs 1 -1 scale (call gethostbyname\(\) with host name, get list of IP addresses) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 54 m 
gs 1 -1 scale (for each A of these IP addresses do) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
129 74 m 
gs 1 -1 scale (if \(IP addr == A\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 104 m 
gs 1 -1 scale (then host ok. and break) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
84 124 m 
gs 1 -1 scale (if \(no A has matched IP addr\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 154 m 
gs 1 -1 scale (syslog impersonation attempt) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
29 79 m 
gs 1 -1 scale (Y) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
299 79 m 
gs 1 -1 scale (N) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
9 129 m 
gs 1 -1 scale (Y) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
299 129 m 
gs 1 -1 scale (N) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
234 154 m 
gs 1 -1 scale (. /.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
239 104 m 
gs 1 -1 scale (. /.) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 580 999 a(Figure)16 b(3.2)33 b(Algorithm)14 b(of)j(the)f(Berk)o
(eley)d(patc)o(h)223 1183 y(In)h(the)h(case)f(that)i(the)e(attac)o(k)o(ed)g
(site)g(has)i(the)e(patc)o(h)h(in)f(place,)g(the)h(attac)o(k)o(er)f(has)h(to)
g(use)g(a)149 1273 y(more)d(sophisticated)h(approac)o(h)g(to)g(succeed)f
(with)h(his)f(in)o(trusion)h(attempt.)19 b(The)12 b(second)h(query)149
1363 y(go)q(es)21 b(to)f(the)g(lo)q(cal)f(mac)o(hine's)e(name)i(serv)o(er)f
(\014rst.)32 b(This)20 b(name)e(serv)o(er)h(has)h(a)g(cac)o(he)f(whic)o(h)149
1454 y(can)h(b)q(e)f(p)q(oisoned)h(b)o(y)e(the)h(attac)o(k)o(er)f(b)o(y)g
(adding)i(a)f(false)g(\\A")g(record)g(to)h(the)e(DNS)h(message)149
1544 y(con)o(taining)14 b(the)f(PTR)h(record.)20 b(This)14
b(additional)g(\\A")g(record)f(mak)o(es)f(the)h(remote)f(site)h(b)q(eliev)o
(e)149 1634 y(the)j(rev)o(erse)f(lo)q(okup)i(w)o(as)g(correct.)223
1724 y(In)j(our)h(setup,)g(w)o(e)f(mo)q(di\014ed)g(the)g(name)f(serv)o(er)h
(co)q(de)g(of)h(the)g(attac)o(king)f(mac)o(hine.)32 b(W)l(e)149
1815 y(added)22 b(statemen)o(ts)d(to)i(determine)e(when)i(the)f(rev)o(erse)g
(lo)q(okup)h(query)f(for)h(the)g(mapping)f(of)149 1905 y
(4.33.22.111.in-addr.arpa)26 b(w)o(as)e(issued.)43 b(T)l(o)24
b(the)f(resp)q(onse)i(to)e(that)h(query)f(w)o(e)g(added)h(an)149
1995 y(additional)c(record)f(pro)o(viding)g(a)g(fak)o(ed)g(forw)o(ard)h
(mapping)e(from)g(111.22.33.4)j(to)f(H)1788 2002 y Fm(A)1835
1995 y Fo({)g(not)149 2086 y(H)186 2093 y Fm(B)213 2086 y Fo(.)38
b(Figure)21 b(3.3)h(sho)o(ws)h(the)e(con)o(ten)o(ts)h(of)g(the)f(additional)h
(record.)38 b(It)21 b(w)o(as)h(imp)q(ortan)o(t)f(to)149 2176
y(piggybac)o(k)12 b(the)g(unrequested)g(record)g(on)h(an)f(otherwise)g(v)m
(alid)g(pac)o(k)o(et,)f(b)q(ecause)i(a)g(name)e(serv)o(er)149
2266 y(examines)i(receiv)o(ed)g(pac)o(k)o(ets)h(for)h(their)f(id)g(n)o(um)o
(b)q(er)f(and)j(other)e(criteria)g(b)q(efore)h(it)f(accepts)h(the)149
2356 y(pac)o(k)o(ets)h(at)i(all)e(\(w)o(e)g(will)g(examine)e(these)j
(criteria)e(in)i(Section)f(4.1.)23 b(F)l(or)17 b(no)o(w)h(it)e(is)h(enough)g
(to)149 2447 y(kno)o(w)d(that)h(although)g(a)f(name)f(serv)o(er)f(do)q(es)j
(not)f(blindly)f(accept)g(an)o(ything,)h(it)g(is)f(nev)o(ertheless)149
2537 y(easy)j(to)g(fo)q(ol\).)21 b(T)l(o)c(camou\015age)e(the)g(attac)o(k,)g
(w)o(e)g(supplied)g(a)h(short)g(time)e(to)i(liv)o(e)d(v)m(alue)j(in)f(the)149
2627 y(resource)f(record.)21 b(Ho)o(w)o(ev)o(er,)12 b(the)i(BIND)f(co)q(de)h
(con)o(tains)g(a)h(hard{co)q(ded)g(constan)o(t)f(that)h(limits)p
eop
%%Page: 50 59
58 bop 1901 -100 a Fo(50)562 1054 y @beginspecial 0 @llx 0
@lly 239 @urx 229 @ury 2390 @rwi @setspecial
%%BeginDocument: pictures/add_rec_high.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 234.0 translate 0.900 -0.900 scale
1.000 setlinewidth
	1 setlinecap [1 4.500000] 4.500000 setdash
n 89 104 m 124 104 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 89 84 m 124 84 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 89 64 m 124 64 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 89 44 m 124 44 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 89 124 m 124 124 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 84 114 m 204 114 l gs col-1 s gr
n 84 74 m 204 74 l gs col-1 s gr
n 84 54 m 204 54 l gs col-1 s gr
n 84 94 m 204 94 l gs col-1 s gr
	[6.000000] 0 setdash
n 84 134 m 204 134 l gs col-1 s gr
	[] 0 setdash
0.500 setlinewidth
	[4.000000] 0 setdash
n 84 174 m 204 174 l gs col-1 s gr
	[] 0 setdash
	[4.000000] 0 setdash
n 84 194 m 204 194 l gs col-1 s gr
	[] 0 setdash
	[4.000000] 0 setdash
n 84 214 m 204 214 l gs col-1 s gr
	[] 0 setdash
	[4.000000] 0 setdash
n 84 234 m 204 234 l gs col-1 s gr
	[] 0 setdash
1.000 setlinewidth
n 91 34 m 84 34 84 247 7 arcto 4 {pop} repeat 84 254 197 254 7 arcto 4 {pop} repeat 204 254 204 41 7 arcto 4 {pop} repeat 204 34 91 34 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 86 29 m 79 29 79 252 7 arcto 4 {pop} repeat 79 259 202 259 7 arcto 4 {pop} repeat 209 259 209 36 7 arcto 4 {pop} repeat 209 29 86 29 7 arcto 4 {pop} repeat clp gs col-1 s gr
0.500 setlinewidth
	[4.000000] 0 setdash
n 84 154 m 204 154 l gs col-1 s gr
	[] 0 setdash
/Courier-Bold findfont 12.00 scalefont setfont
4 89 m 
gs 1 -1 scale (ANSWER) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
4 49 m 
gs 1 -1 scale (HEADER) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
4 69 m 
gs 1 -1 scale (QUESTION) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
4 109 m 
gs 1 -1 scale (AUTHORITY) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
4 129 m 
gs 1 -1 scale (ADDITIONAL) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
4 14 m 
gs 1 -1 scale (Sections) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
84 14 m 
gs 1 -1 scale (Packet contents) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
204 14 m 
gs 1 -1 scale (Fields) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
89 189 m 
gs 1 -1 scale (IN = Internet) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
89 209 m 
gs 1 -1 scale (5 seconds) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
89 229 m 
gs 1 -1 scale (4 Bytes) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
89 249 m 
gs 1 -1 scale (111.22.33.4) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
214 149 m 
gs 1 -1 scale (NAME) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
214 169 m 
gs 1 -1 scale (TYPE) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
214 189 m 
gs 1 -1 scale (CLASS) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
214 209 m 
gs 1 -1 scale (TTL) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
214 229 m 
gs 1 -1 scale (RDLENGTH) col-1 show gr
/Courier-Bold findfont 12.00 scalefont setfont
214 249 m 
gs 1 -1 scale (RDATA) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
89 149 m 
gs 1 -1 scale (H  sub.domain.edu) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
89 169 m 
gs 1 -1 scale (A = address record) col-1 show gr
/Times-Roman findfont 8.00 scalefont setfont
99 154 m 
gs 1 -1 scale (A) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 588 1299 a(Figure)15 b(3.3)33 b(Additional)16
b(false)g(resource)g(record)149 1483 y(the)21 b(minim)n(um)c(time)i(to)j(liv)
o(e)d(v)m(alue)i(to)g(\\min)p 1041 1483 15 2 v 16 w(cac)o(he)p
1173 1483 V 17 w(ttl")1263 1465 y Fm(3)1283 1483 y Fo(.)36
b(In)20 b(case)h(the)g(remote)f(site)g(NS)1921 1490 y Fm(A)149
1573 y Fo(con)o(tacts)e(the)g(attac)o(king)f(name)g(serv)o(er)g(NS)981
1580 y Fm(B)1026 1573 y Fo(again)i(within)e(these)h(\014v)o(e)e(min)o(utes,)g
(NS)1791 1580 y Fm(B)1836 1573 y Fo(could)149 1663 y(o)o(v)o(erwrite)f(the)h
(fak)o(ed)g(records)g(b)o(y)g(supplying)g(new)g(ones)h(with)f(the)g(correct)g
(information.)223 1754 y(W)l(e)g(included)g(the)h(feature)g(that)g(the)g
(name)f(serv)o(er)g(can)h(understand)h(an)f(additional)g(user)149
1844 y(issued)f(signal.)22 b(Using)15 b(this)h(toggle)g(signal,)g(the)g
(attac)o(k)o(er)f(can)h(switc)o(h)f(on)i(the)e(malicious)f(co)q(de)149
1934 y(b)q(efore)h(the)g(attac)o(k)g(starts,)g(and)h(switc)o(h)e(o\013)i(the)
f(distribution)f(of)h(the)g(malicious)e(records)i(righ)o(t)149
2024 y(after)22 b(access)f(w)o(as)g(gran)o(ted)h(b)o(y)f(the)g(attac)o(k)o
(ed)f(site.)36 b(This)21 b(ensures)g(a)h(directed)e(attac)o(k)h(and)149
2115 y(minim)o(um)12 b(p)q(ossible)k(un)o(w)o(an)o(ted)g(auditing.)149
2280 y(3.6)50 b(Exp)q(eriences)15 b(Gained)223 2420 y(This)k(section)h
(states)g(the)g(pieces)e(of)i(information)f(necessary)h(to)g(launc)o(h)f(an)h
(attac)o(k)g(and)149 2510 y(describ)q(es)c(the)g(exp)q(eriences)f(gained)h
(while)g(w)o(orking)g(with)g(the)g(test)g(en)o(vironmen)o(t.)p
149 2554 720 2 v 206 2584 a Fl(3)224 2599 y Fk(in)e(BIND)g(v)o(ersion)g
(4.8.3)e(\(5*60\))h(seconds)i(=)f(\014v)o(e)h(min)o(utes)p
eop
%%Page: 51 60
59 bop 1901 -100 a Fo(51)262 1129 y @beginspecial 0 @llx 0
@lly 378 @urx 256 @ury 3780 @rwi @setspecial
%%BeginDocument: pictures/ns_req_mod.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
0.0 256.0 translate 0.900 -0.900 scale
0.500 setlinewidth
n 19 79 m 219 109 l  419 79 l gs col-1 s gr
n -1 59 m 419 59 l gs col-1 s gr
n -1 39 m 419 39 l gs col-1 s gr
n -1 19 m 419 19 l gs col-1 s gr
n 419 109 m 19 109 l gs col-1 s gr
n 419 79 m 19 79 l gs col-1 s gr
n 19 79 m 19 149 l gs col-1 s gr
n 419 129 m 19 129 l gs col-1 s gr
n -1 169 m 209 199 l  419 169 l gs col-1 s gr
n -1 149 m 419 149 l gs col-1 s gr
n -1 199 m 419 199 l gs col-1 s gr
n -1 239 m 419 239 l gs col-1 s gr
n -1 259 m 419 259 l gs col-1 s gr
n -1 279 m 419 279 l gs col-1 s gr
n -1 169 m 419 169 l gs col-1 s gr
n 419 284 m 419 -1 l  -1 -1 l  -1 284 l  clp gs col-1 s gr
n 209 199 m 209 239 l gs col-1 s gr
n -1 219 m 209 219 l gs col-1 s gr
n 219 109 m 219 129 l gs col-1 s gr
/Times-Roman findfont 12.00 scalefont setfont
4 74 m 
gs 1 -1 scale (case QUERY:) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
129 94 m 
gs 1 -1 scale (if query is 4.33.22.111.in-addr.arpa) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 144 m 
gs 1 -1 scale (...) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 164 m 
gs 1 -1 scale (...) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 214 m 
gs 1 -1 scale (add bogus record to additional section) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 234 m 
gs 1 -1 scale (increase HEADER.ARCOUNT) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 254 m 
gs 1 -1 scale (send packet to socket) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 34 m 
gs 1 -1 scale ({ ...) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 274 m 
gs 1 -1 scale (... }) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 14 m 
gs 1 -1 scale (... ns_req\(...\)) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
29 99 m 
gs 1 -1 scale (Y) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
399 99 m 
gs 1 -1 scale (N) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
9 189 m 
gs 1 -1 scale (Y) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
399 189 m 
gs 1 -1 scale (N) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
224 124 m 
gs 1 -1 scale (. /.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
214 234 m 
gs 1 -1 scale (. /.) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
4 54 m 
gs 1 -1 scale (declare flag Eureka = false) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
24 124 m 
gs 1 -1 scale (set flag Eureka = true) col-1 show gr
/Times-Roman findfont 12.00 scalefont setfont
164 184 m 
gs 1 -1 scale (if \(Eureka == true\)) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 561 1374 a(Figure)16 b(3.4)33 b(Mo)q(di\014cations)16
b(in)g(name)f(serv)o(er)h(co)q(de)149 1558 y(3.6.1)49 b(Acquiring)15
b(Information)223 1680 y(An)20 b(attac)o(k)o(er)g(needs)h(to)g(ha)o(v)o(e)f
(three)g(pieces)g(of)h(information)f(b)q(efore)h(he)g(can)g(launc)o(h)f(an)
149 1770 y(attac)o(k:)222 1902 y Fj(\017)k Fo(target)17 b(host)g(name)e(NS)
715 1909 y Fm(A)222 2034 y Fj(\017)24 b Fo(user)17 b(name\(s\))e(on)i(hosts)g
(NS)818 2041 y Fm(A)863 2034 y Fo(and)g(H)995 2041 y Fm(A)1039
2034 y Fo(to)g(imp)q(ersonate)222 2166 y Fj(\017)24 b Fo(host)17
b(name)e(H)544 2173 y Fm(A)589 2166 y Fo(trusted)h(b)o(y)g(target)g(host)223
2298 y(In)d(some)f(en)o(vironmen)o(ts,)f(the)i(lo)q(cal)g(and)h(remote)e
(login)h(names)g(for)g(one)h(user)f(are)h(iden)o(tical.)149
2388 y(A)h(user)g(has)g(the)g(p)q(ossibilit)o(y)f(to)h(sp)q(ecify)f(other)h
(user)g(names)f(as)i(trusted)f(users)g(of)g(his)g(accoun)o(t.)149
2478 y(In)h(that)h(case,)f(the)g(login)g(names)f(are)i(most)e(lik)o(ely)f
(di\013eren)o(t.)p eop
%%Page: 52 61
60 bop 1901 -100 a Fo(52)223 75 y(In)12 b(our)h(setup,)g(w)o(e)f(w)o(ere)f
(not)i(in)f(need)h(of)f(acquiring)g(host)h(name)f(pairs)h(and)g(the)f
(appropriate)149 165 y(login)17 b(names.)23 b(Section)16 b(4.7)h(pro)o(vides)
f(metho)q(ds)h(to)g(obtain)g(this)g(information,)f(follo)o(w)o(ed)g(b)o(y)g
(a)149 255 y(discussion.)149 415 y(3.6.2)49 b(Complexit)o(y)14
b(of)j(Mo)q(di\014cations)223 538 y(Most)d(of)g(the)g(w)o(ork)f(that)i(w)o
(as)f(done)g(during)g(the)g(exp)q(erimen)o(ts)d(w)o(en)o(t)i(in)o(to)h(the)g
(setup)g(of)g(the)149 628 y(zones)h(for)g(the)f(name)g(serv)o(ers,)g(the)g
(source)h(co)q(de)f(mo)q(di\014cations)h(of)g(the)f(remote)f(login)h(and)i
(the)149 718 y(name)i(serv)o(er,)g(and)h(some)f(shell)g(scripts)h(to)g
(automatize)f(the)g(break{in.)29 b(The)19 b(mo)q(di\014cations)149
809 y(to)i(facilitate)e(a)i(break{in)f(are)h(minim)o(al)c(in)j(the)g(simpler)
f(case)h(that)h(the)f(Berk)o(eley)d(patc)o(h)k(is)149 899 y(not)f(installed.)
29 b(Only)18 b(one)i(record)f(in)f(the)h(database)i(for)e(the)g(rev)o(erse)e
(lo)q(okup)j(tree)f(m)o(ust)e(b)q(e)149 989 y(c)o(hanged.)223
1079 y(If,)d(ho)o(w)o(ev)o(er,)f(the)h(patc)o(h)h(is)f(installed,)g(the)g
(name)f(serv)o(er)h(co)q(de)h(m)o(ust)e(b)q(e)i(c)o(hanged)f(to)h(en)o(ter)
149 1170 y(the)k(false)g(resource)f(record)h(in)o(to)g(the)f(additional)h
(answ)o(er)g(section.)29 b(These)19 b(c)o(hanges)g(are)g(not)149
1260 y(di\016cult,)12 b(but)h(they)f(require)f(a)i(go)q(o)q(d)i
(understanding)e(of)g(the)g(Domain)f(Name)f(System)g(proto)q(col)149
1350 y(and)17 b(the)f(name)f(serv)o(er)h(source)g(co)q(de.)223
1441 y(F)l(urthermore,)h(there)i(are)g(some)f(c)o(hanges)h(to)g(the)g
(\\rlogin")h(program.)29 b(In)19 b(the)g(case)g(that)149 1531
y(user)g(Alice)e(on)i(host)g(NS)622 1538 y Fm(A)669 1531 y
Fo(trusts)g(user)g(Bob)g(on)g(host)g(H)1236 1538 y Fm(A)1264
1531 y Fo(,)g(the)f(attac)o(king)g(host)h(w)o(ould)g(need)149
1621 y(a)e(legitimate)d(user)i(Bob)g(that)h(logs)g(in)o(to)f(NS)989
1628 y Fm(A)1018 1621 y Fo(.)21 b(But)16 b(that)h(w)o(ould)f(require)f
(adding)i(a)f(new)g(user)149 1711 y(id)i(to)g(the)g(attac)o(king)g(system)e
(ev)o(ery)g(time)g(the)i(attac)o(k)o(er)f(w)o(an)o(ts)h(to)g(imp)q(ersonate)f
(a)h(di\013eren)o(t)149 1802 y(user)i(name,)e(regardless)h(of)h(the)f(view)o
(able)f(c)o(hanges)h(in)g(the)g(passw)o(ord)h(\014le.)30 b(A)19
b(m)o(uc)o(h)e(neater)149 1892 y(approac)o(h)23 b(requires)e(few)h(c)o
(hanges)g(in)f(the)h(\\rlogin")g(co)q(de.)39 b(F)l(or)22 b(the)f(target)h
(host)h(it)e(is)h(not)149 1982 y(imp)q(ortan)o(t)c(that)g(the)g(remote)e
(user)j(Bob)f(exists;)g(it)f(is)h(su\016cien)o(t)f(to)i(pass)g(Bob's)f(login)
g(name)149 2073 y(in)f(the)g(\014rst)g(pac)o(k)o(et)f(\(see)g(section)h
(3.5.4\))g(from)f(the)g(\\rlogin")i(clien)o(t)d(to)i(the)g(\\rlogind")h(serv)
o(er)149 2163 y(to)f(mak)o(e)d(the)i(target)h(host)g(b)q(eliev)o(e)d(Bob)i
(is)h(\\real".)223 2253 y(Ov)o(erall,)c(the)j(attac)o(k)f(requires)g(only)g
(a)h(few)g(c)o(hanges)g(and)g(can)g(b)q(e)g(ac)o(hiev)o(ed)e(easily)l(.)20
b(What)149 2343 y(mak)o(es)11 b(the)h(break{in)f(di\016cult)g(is)h(obtaining)
g(the)g(necessary)g(information)f(ab)q(out)i(remote)d(users)149
2434 y(and)20 b(mac)o(hine)e(names,)g(ha)o(ving)i(sup)q(eruser)f(privileges)f
(on)i(a)g(system)e(with)h(a)h(primary)e(name)149 2524 y(serv)o(er,)13
b(and)i(ha)o(ving)f(the)g(pro\014ciency)f(of)i(making)d(the)i(c)o(hanges)h
(in)e(the)h(name)f(serv)o(er)g(database)149 2614 y(and)k(co)q(de.)p
eop
%%Page: 53 62
61 bop 1901 -100 a Fo(53)149 75 y(3.6.3)49 b(Detecting)16 b(a)h(DNS)f(based)h
(Break{in)223 197 y(During)j(an)g(attac)o(k,)f(an)h(attac)o(k)o(er)f(usually)
g(w)o(an)o(ts)h(to)g(op)q(erate)g(as)g(furtiv)o(ely)e(as)i(p)q(ossible.)149
287 y(After)14 b(an)h(attac)o(k,)g(an)g(attac)o(k)o(er)e(w)o(an)o(ts)i(to)g
(lea)o(v)o(e)e(b)q(ehind)i(as)g(few)g(clues)e(as)j(p)q(ossible)f(that)g
(could)149 378 y(p)q(oin)o(t)i(to)f(him)f(or)i(his)f(actions.)223
468 y(W)l(e)j(distinguish)h(b)q(et)o(w)o(een)f(where)h(the)f(attac)o(k)o
(er's)g(presence)g(or)h(his)g(actions)g(can)g(b)q(e)g(de-)149
558 y(tected)c(or)g(observ)o(ed:)21 b(On)16 b(the)g(attac)o(k)o(ed)g(mac)o
(hine)e(and)j(on)g(the)f(attac)o(k)o(er's)f(mac)o(hine.)223
649 y(In)e(the)h(follo)o(wing)g(w)o(e)f(assume)h(that)g(the)g(attac)o(k)o(er)
f(has)i(not)f(\(y)o(et\))f(done)h(an)o(y)g(ob)o(vious)g(harm)149
739 y(to)f(the)f(attac)o(k)o(ed)f(system.)19 b(In)12 b(our)g(examination)f(w)
o(e)h(only)g(treat)g(the)g(detection)f(of)i(the)f(break-in)149
829 y(directly)l(,)h(not)i(of)g(its)f(consequences,)g(once)g(an)h(attac)o(k)o
(er)f(has)h(gained)g(access.)21 b(The)14 b(false)h(record)149
919 y(in)k(the)g(cac)o(he)g(has)g(a)h(minim)n(um)15 b(lifetime)h(of)j(curren)
o(tly)f(\014v)o(e)g(min)o(utes)f(and)j(can)f(b)q(e)h(detected)149
1010 y(only)15 b(in)f(that)i(short)f(p)q(erio)q(d)g(of)g(time.)k(The)c(false)
f(mapping)g(could)h(b)q(e)f(detected)g(b)o(y)g(examining)149
1100 y(a)j(cac)o(he)f(dump)f(of)i(the)f(name)f(serv)o(er,)g(or)i(in)f(case)h
(a)g(user)f(tried)g(to)h(resolv)o(e)e(one)h(of)h(the)f(names)149
1190 y(in)o(v)o(olv)o(ed)e(in)i(the)g(tamp)q(ering.)223 1281
y(The)11 b(simple)e(fact)i(that)h(the)f(attac)o(k)o(er)f(is)h(logged)h(in)f
(could)g(b)q(e)g(observ)o(ed.)20 b(In)10 b(an)i(en)o(vironmen)o(t)149
1371 y(where)19 b(man)o(y)f(users)h(access)g(a)g(system)e(at)j(the)f(same)e
(time,)g(this)i(seems)f(unlik)o(ely)l(.)27 b(Ho)o(w)o(ev)o(er,)149
1461 y(if)19 b(the)g(compromised)d(mac)o(hine)h(is)i(w)o(atc)o(hed)f(closely)
g(b)o(y)h(a)g(system)f(administrator)g(or)i(users,)149 1551
y(the)e(c)o(hance)g(of)h(detecting)e(the)h(login)g(is)g(higher.)27
b(If)18 b(the)g(attac)o(k)o(er)f(logs)i(in)f(as)h(sup)q(eruser,)g(the)149
1642 y(c)o(hances)i(of)h(detection)f(are)g(ev)o(en)f(higher,)i(b)q(ecause)g
(logins)f(of)h(privileged)e(users)i(are)f(logged)149 1732 y(separately)l(.)
223 1822 y(It)c(is)h(also)h(p)q(ossible)f(to)h(mo)q(dify)e(the)h
(\\rlogin"{co)q(de)h(to)f(log)h(all)f(remote)e(logins)i(to)h(gather)149
1913 y(more)c(information)h(ab)q(out)h(connections)f(in)o(v)o(olving)f(the)h
(o)o(wn)h(host.)223 2003 y(On)e(the)h(attac)o(k)o(er's)f(mac)o(hine,)e(w)o(e)
i(ha)o(v)o(e)g(to)h(distinguish)g(b)q(et)o(w)o(een)f(the)g(p)q(ossible)h
(iden)o(tities)149 2093 y(of)21 b(an)g(attac)o(k)o(er.)33 b(If)20
b(he)h(is)f(a)h(rogue)g(system)e(administrator)h(and)h(has)g(no)g(higher)g
(authorit)o(y)149 2183 y(ab)q(o)o(v)o(e)c(him)d(in)j(his)f(organization,)h
(there)e(is)i(hardly)f(an)o(y)g(c)o(hance)g(that)h(an)o(y)o(one)f(on)h(his)f
(system)149 2274 y(could)h(detect)e(his)h(malicious)e(deeds.)223
2364 y(If)i(he)g(has)i(sub)o(v)o(erted)d(the)i(system)e(and)i(has)g(gained)g
(the)g(necessary)f(sup)q(eruser)h(privileges)149 2454 y(on)e(the)f(attac)o
(king)g(mac)o(hine,)e(the)i(c)o(hances)f(of)i(detecting)e(him)f(are)i(b)q
(etter,)g(though)h(still)e(prett)o(y)149 2545 y(small.)27 b(Because)18
b(the)h(attac)o(k)o(er)e(has)j(sub)o(v)o(erted)d(the)i(attac)o(king)f(mac)o
(hine)f(in)h(the)h(\014rst)g(place,)p eop
%%Page: 54 63
62 bop 1901 -100 a Fo(54)149 75 y(ev)o(erything)17 b(w)o(e)g(said)h(ab)q(out)
h(the)f(p)q(ossibilities)f(of)h(detecting)f(an)o(ything)h(on)g(an)g(attac)o
(k)o(ed)f(ma-)149 165 y(c)o(hine)f(is)g(applicable)g(here)h(as)g(w)o(ell.)k
(W)l(e)c(could)f(also)i(observ)o(e)e(the)g(mo)q(di\014ed)g(executable)f
(\014les,)149 255 y(that)j(are)g(necessary)f(for)g(the)h(\\rlogin")g(and)g
(the)f(mo)q(di\014ed)f(name)g(serv)o(er)g(op)q(eration.)26
b(But)17 b(all)149 346 y(c)o(hanges)j(in)f(binaries)f(can)i(b)q(e)f(made)f
(using)i(lo)q(cal)f(copies)f(of)i(the)f(source)g(co)q(de)g(that)h(is)f(read-)
149 436 y(ily)g(a)o(v)m(ailable.)31 b(Some)19 b(sites)g(run)h(monitors)f
(that)h(detect)f(on)h(a)g(daily)f(basis)i(if)e(binaries)g(w)o(ere)149
526 y(c)o(hanged)c(or)g(touc)o(hed.)20 b(Using)14 b(lo)q(cal)h(copies)f(a)o
(v)o(oids)g(detection)g(b)o(y)g(this)g(t)o(yp)q(e)g(of)h(monitor.)k(The)149
616 y(executables)c(can)h(ev)o(en)f(b)q(e)h(started)g(from)f(lo)q(cal)h
(directories,)f(w)o(ell{hidden)f(from)h(others.)21 b(The)149
707 y(name)15 b(serv)o(er)g(that)i(is)f(already)g(running)g(has)h(to)f(b)q(e)
g(replaced)f(b)o(y)h(the)g(lo)q(cal)g(cop)o(y)l(,)f(but)h(that)h(is)149
797 y(a)g(job)g(that)f(tak)o(es)g(less)g(than)h(a)g(second.)223
887 y(T)l(amp)q(ering)h(with)g(the)h(log)g(\014les)f(also)h(aids)g(the)g
(attac)o(k)o(er)f(in)g(sta)o(ying)h(undetected.)28 b(With)149
978 y(the)16 b(mo)q(di\014ed)e(\\rlogin")i(v)o(ersion,)f(there)g(are)h(no)g
(additional)f(passw)o(ord)i(\014le)e(en)o(tries)f(necessary)l(,)149
1068 y(whic)o(h)i(otherwise)g(could)g(b)q(e)g(observ)o(ed.)223
1158 y(Ov)o(erall,)k(the)g(attac)o(k)o(er)g(has)i(v)o(ery)e(go)q(o)q(d)j(c)o
(hances)d(of)h(hiding)g(his)g(activities)e(completely)l(.)149
1248 y(Most)h(of)g(these)g(metho)q(ds)f(of)h(getting)f(a)h(glimpse)e(of)i
(his)f(doing)h(seem)e(farfetc)o(hed)h(to)h(us)g(and)149 1339
y(their)14 b(o)q(dds)i(of)f(success)g(are)f(quite)g(small.)19
b(The)c(highest)f(c)o(hances)g(of)h(detecting)f(the)g(tamp)q(ering)149
1429 y(is)d(b)o(y)g(catc)o(hing)f(the)h(false)g(record)g(during)g(its)g
(short)h(lifetime)7 b(or)12 b(b)o(y)e(simply)f(\014nding)j(the)e(attac)o(k)o
(er)149 1519 y(logged)17 b(in.)p eop
%%Page: 55 64
63 bop 1901 -100 a Fo(55)540 342 y(4.)33 b(SECURITY)16 b(ANAL)l(YSIS)e(AND)i
(SOLUTIONS)223 516 y(Most)e(of)g(the)g(prop)q(osed)i(\\solutions")f(in)f
(this)g(c)o(hapter)f(are)h(not)h(complete)d(solutions)i(to)h(the)149
606 y(problem.)27 b(Some)18 b(of)h(them)e(are)h(v)m(alid)g(under)h
(additional)g(assumptions)f(that)h(cannot)h(alw)o(a)o(ys)149
696 y(b)q(e)d(met;)d(others)j(are)f(applicable)f(to)i(parts)g(of)f(the)g
(problem.)223 787 y(Because)e(man)o(y)g(factors)i(con)o(tribute)e(to)i(the)f
(securit)o(y)f(breac)o(h)g(encoun)o(tered)h(in)g(this)g(thesis)149
877 y(and)k(all)e(of)g(them)f(are)i(necessary)l(,)f(it)g(is)g(su\016cien)o(t)
g(to)g(eliminate)e(one)j(of)g(them.)23 b(That)18 b(sounds)149
967 y(easy)j(to)f(accomplish,)f(but)h(is)g(a)h(di\016cult)d(task)j(in)f
(practice,)f(b)q(ecause)i(eliminating)c(an)o(y)j(one)149 1057
y(of)f(the)e(factors)h(brings)g(a)h(trade{o\013)g(with)e(functionalit)o(y)l
(,)g(e\016ciency)l(,)e(or)j(simply)e(con)o(v)o(enience)149
1148 y(with)h(it.)223 1238 y(W)l(e)h(presen)o(t)h(for)g(eac)o(h)f(of)i(our)f
(solutions)g(the)g(necessary)g(bac)o(kground,)h(if)e(it)g(w)o(as)i(not)f(al-)
149 1328 y(ready)j(giv)o(en)f(in)g(one)h(of)g(the)g(previous)f(c)o(hapters,)i
(follo)o(w)o(ed)e(b)o(y)g(a)h(description)f(of)h(the)g(idea)149
1419 y(of)d(the)g(solution.)29 b(The)19 b(solution)g(is)f(then)h(examined)e
(and)i(discussed)g(using)g(criteria)e(suc)o(h)i(as)149 1509
y(feasibilit)o(y)c(of)j(its)e(implem)o(en)o(tation,)e(qualit)o(y)i(of)h(the)g
(solution,)g(complexit)o(y)c(of)18 b(the)e(idea,)h(and)149
1599 y(compatibilit)o(y)d(with)i(the)g(original)g(design)g(goals.)223
1689 y(It)10 b(is)h(imp)q(ortan)o(t)f(to)h(view)f(these)h(solutions)g(as)h
(not)f(stand)h(alone.)19 b(In)11 b(di\013eren)o(t)f(com)o(binations)149
1780 y(they)i(ac)o(hiev)o(e)f(sev)o(eral)g(degrees)h(of)h(securit)o(y)l(.)19
b(The)12 b(concluding)g(c)o(hapter)g(of)h(this)f(thesis)g(con)o(tains)149
1870 y(a)k(high)f(lev)o(el)d(discussion)j(ab)q(out)i(com)o(binations)c(of)i
(our)h(solutions,)f(to)g(obtain,)g(if)g(not)g(absolute)149
1960 y(securit)o(y)l(,)c(at)h(least)f(a)h(high)g(lev)o(el)e(of)i
(con\014dence)f(in)g(the)g(securit)o(y)f(of)i(the)g(Domain)f(Name)f(System.)
149 2126 y(4.1)50 b(Securit)o(y)14 b(Considerations)j(in)f(the)g(RF)o(C)g
(1035)223 2265 y(In)h(the)g(design)g(of)h(the)f(Domain)g(Name)e(System,)h
(securit)o(y)g(considerations)i(w)o(ere)e(not)i(for-)149 2356
y(gotten,)i(and)f(the)f(RF)o(Cs)h(sho)o(w)g(that)g(the)g(in)o(tegrit)o(y)e
(of)i(the)f(cac)o(he)g(w)o(as)h(an)g(imp)q(ortan)o(t)f(issue.)149
2446 y(The)g(eagerness)h(to)f(impro)o(v)o(e)d(p)q(erformance)i(led)g(to)h
(the)g(nast)o(y)g(logic)g(b)q(om)o(b)f(of)h(adding)h(unau-)149
2536 y(thorized)d(records)g(to)g(the)g(additional)g(section)g(and)g(|)g(in)g
(absence)g(of)g(strong)h(authen)o(tication)149 2626 y(|)f(b)q(elieving)f
(their)h(correctness.)p eop
%%Page: 56 65
64 bop 1901 -100 a Fo(56)223 75 y(Before)22 b(resp)q(onses)j(are)e(further)g
(pro)q(cessed,)i(a)f(n)o(um)o(b)q(er)e(of)h(prepro)q(cessing)h(steps)g(tak)o
(es)149 165 y(place.)34 b(These)21 b(include)e(a)j(c)o(hec)o(k)c(for)j(the)g
(plausibilit)o(y)d(of)j(the)g(header)g(\(id)f(n)o(um)o(b)q(er)f(c)o(hec)o
(k\),)149 255 y(the)i(correctness)g(of)g(the)g(resource)g(records')g(format,)
g(and)h(time)d(to)i(liv)o(e)f(v)m(alues.)35 b(If)21 b(a)h(time)149
346 y(to)e(liv)o(e)e(v)m(alue)i(exceeds)e(one)i(w)o(eek,)f(the)g(sp)q
(eci\014cation)h(allo)o(ws)f(the)h(implem)o(en)n(tor)d(to)j(discard)149
436 y(this)g(record,)g(or)g(limit)c(its)k(lifetime)c(to)k(one)f(w)o(eek.)31
b(The)19 b(id)g(in)h(the)f(header)h(of)f(the)h(resp)q(onse)149
526 y(m)o(ust)h(matc)o(h)f(the)h(id)g(of)h(the)f(query)l(.)37
b(A)21 b(name)f(serv)o(er)h(exp)q(ects)g(the)g(reply)g(from)f(the)h(same)149
616 y(IP)e(address)h(where)e(he)h(sen)o(t)g(the)f(query)l(.)29
b(This)19 b(can)g(cause)g(some)f(confusion)h(if)f(replies)g(come)149
707 y(from)13 b(m)o(ultihome)o(d)e(hosts)j(that)g(use)g(other)g(p)q(orts)g
(for)g(sending)g(the)f(resp)q(onse,)i(b)q(ecause)f(of)g(lo)q(cal)149
797 y(routing)j(information.)j(This)d(w)o(as)f(a)h(common)d(bug)j(in)f(name)f
(serv)o(ers.)223 887 y(The)j(standard)i(states)f(sev)o(eral)f(situations)h
(in)f(whic)o(h)g(data)h(should)h(not)f(b)q(e)f(cac)o(hed.)28
b(If)18 b(a)149 978 y(pac)o(k)o(et)e(is)g(truncated)h(\(TC)g(\015ag)g(in)f
(the)g(header)h(is)f(set\),)g(its)h(resource)f(records)g(should)h(not)g(b)q
(e)149 1068 y(cac)o(hed,)i(although)h(they)f(can)g(b)q(e)g(used)g(for)h(the)e
(curren)o(t)h(mapping.)28 b(The)20 b(reason)f(for)h(this)f(is)149
1158 y(that)e(a)g(cac)o(he)f(should)g(not)h(con)o(tain)f(incomplete)e
(information.)21 b(The)16 b(information)f(in)h(a)h(cac)o(he)149
1248 y(migh)o(t)12 b(b)q(e)i(out)h(of)f(date)g(whic)o(h)f(will)f(ev)o(en)o
(tually)g(b)q(e)i(corrected;)f(but)h(the)f(cac)o(he)g(sta)o(ys)h(alw)o(a)o
(ys)g(in)149 1339 y(a)19 b(consisten)o(t)f(state,)h(b)q(ecause)f(incomplete)e
(mappings)i(are)g(nev)o(er)f(en)o(tered.)27 b(A)17 b(cac)o(he)h(should)149
1429 y(nev)o(er)c(prefer)f(cac)o(he)h(data)h(o)o(v)o(er)f(authoritativ)o(e)g
(data.)21 b(Resp)q(onses)16 b(to)e(in)o(v)o(erse)f(queries)g(are)i(also)149
1519 y(tab)q(o)q(o)21 b(b)q(ecause)d(of)h(their)f(incomplete)d(information)j
(c)o(haracter.)26 b(Name)17 b(serv)o(ers)h(or)g(resolv)o(ers)149
1610 y(ha)o(v)o(e)g(to)h(do)f(all)g(correctness)g(c)o(hec)o(ks)f(b)q(efore)h
(they)g(can)g(cac)o(he)g(data.)28 b(Resp)q(onses)19 b(of)g(dubious)149
1700 y(reliabilit)o(y)f(ha)o(v)o(e)i(to)i(b)q(e)f(examined)d(carefully)l(.)33
b(It)21 b(is)f(ho)o(w)o(ev)o(er)g(not)h(easy)g(to)g(decide)f(criteria)149
1790 y(suc)o(h)c(as)h(\\dubious)h(origin,")e(or)g(\\reliable)f(source.")223
1880 y(Before)i(cac)o(hing)g(a)i(newly)e(receiv)o(ed)e(record,)j(the)g(name)f
(serv)o(er)g(should)h(c)o(hec)o(k)e(for)i(an)h(ex-)149 1971
y(isting)h(record)f(in)g(the)g(cac)o(he.)29 b(Dep)q(ending)20
b(on)g(the)f(circumstances,)e(either)i(the)g(data)h(in)f(the)149
2061 y(resp)q(onse,)k(or)e(the)f(cac)o(he)g(is)h(preferred,)f(but)h(the)g(t)o
(w)o(o)f(should)h(nev)o(er)f(b)q(e)h(com)o(bined.)32 b(If)21
b(the)149 2151 y(data)c(in)f(the)g(resp)q(onse)h(is)f(mark)o(ed)e(as)j
(authoritativ)o(e)f(data)h(in)f(the)g(answ)o(er)g(section,)f(it)h(should)149
2242 y(alw)o(a)o(ys)h(b)q(e)f(preferred.)p eop
%%Page: 57 66
65 bop 1901 -100 a Fo(57)149 75 y(4.2)50 b(Analysis)15 b(of)i(the)f(Name)e
(Serv)o(er)h(Algorithm)223 214 y(In)k(this)g(section)h(w)o(e)f(review)f(the)i
(name)e(serv)o(er)h(algorithm)f(stated)i(in)g(section)f(2.9.2)h(and)149
305 y(analyze)d(it)f(step)h(b)o(y)f(step.)24 b(W)l(e)16 b(are)h(esp)q
(ecially)e(lo)q(oking)j(for)f(w)o(eak)f(assumptions)h(that)h(do)f(not)149
395 y(alw)o(a)o(ys)g(hold.)k(These)16 b(assumptions)g(could)g(b)q(e)h
(exploited)e(b)o(y)g(attac)o(k)o(ers.)209 539 y(1.)24 b(In)14
b(step)h(one)f(the)g(algorithm)f(determines)f(if)i(a)g(recursiv)o(e)f(name)g
(resolution)h(is)g(requested)271 629 y(and)k(a)o(v)m(ailable.)j(If)c(so,)g
(it)f(branc)o(hes)g(to)i(step)e(\014v)o(e,)g(where)g(a)h(cop)o(y)f(of)h(the)g
(resolv)o(er)e(algo-)271 720 y(rithm)e(or)h(the)g(lo)q(cal)g(resolv)o(er)f
(is)h(in)o(v)o(ok)o(ed.)19 b(When)14 b(the)g(resolv)o(er)f(returns)i(an)f
(answ)o(er,)h(the)271 810 y(name)f(serv)o(er)g(algorithm)g(b)q(eliev)o(es)f
(this)h(answ)o(er)h(to)g(b)q(e)g(correct)g(and)g(copies)f(it)h(as)g(is)g(in)o
(to)271 900 y(the)g(according)g(answ)o(er)g(sections)f(of)h(the)g(o)o(wn)g
(reply)l(.)20 b(This)15 b(answ)o(er)g(could)f(con)o(tain)h(false)271
991 y(records)i(not)g(only)g(in)f(the)g(additional)h(section,)f(but)h(also)g
(in)f(the)g(answ)o(er)h(or)g(authorita-)271 1081 y(tiv)o(e)h(section.)31
b(This)19 b(is)h(a)f(w)o(eak)h(assumption)f(b)q(ecause)g(the)h(resp)q(onse)g
(of)f(an)h(arbitrary)271 1171 y(name)15 b(serv)o(er)h(cannot)g(alw)o(a)o(ys)h
(b)q(e)f(trusted.)209 1303 y(2.)24 b(In)12 b(step)g(t)o(w)o(o)g(the)g(name)f
(serv)o(er)g(searc)o(hes)h(the)g(a)o(v)m(ailable)f(zones)h(for)h(the)e
(nearest)h(ancestor.)271 1393 y(It)k(assumes)f(that)h(its)f(zone)h(data)g(is)
g(accurate.)k(This)c(should)g(usually)g(b)q(e)f(the)h(case.)21
b(But)271 1484 y(there)14 b(is)g(a)h(p)q(ossibilit)o(y)e(that)h(its)g(data)h
(base)g(is)f(not)h(consisten)o(t.)20 b(This)14 b(inconsistency)f(can)271
1574 y(lead)20 b(to)g(malfunction)d(as)k(it)e(has)h(in)f(the)g(past,)i(and)f
(in)f(the)h(w)o(orst)g(case)f(to)h(a)g(securit)o(y)271 1664
y(threat.)209 1796 y(3.)k(In)17 b(step)h(three)e(the)h(serv)o(er)g(tries)f
(to)i(matc)o(h)e(the)h(query)f(in)h(its)g(o)o(wn)h(authoritativ)o(e)f(data)
271 1886 y(base.)22 b(In)16 b(principle)e(the)i(same)g(problem)e(as)j(in)f
(the)g(previous)g(step)g(exists.)209 2018 y(4.)24 b(Step)18
b(four)g(is)f(resp)q(onsible)h(for)f(\014nding)h(data)h(in)e(the)g(cac)o(he)g
(once)h(the)f(matc)o(hing)f(phase)271 2108 y(in)k(step)g(three)g(is)f(not)i
(successful.)32 b(If)20 b(the)f(QNAME)h(is)f(found)i(in)f(one)g(of)g(the)g
(cac)o(hed)271 2199 y(records,)c(all)e(resource)i(records)f(matc)o(hing)f
(the)h(QTYPE)h(of)f(the)h(query)e(are)i(copied)f(in)o(to)271
2289 y(the)21 b(answ)o(er)g(section.)35 b(If)20 b(there)g(is)h(no)g
(delegation)g(found)h(in)e(its)h(authoritativ)o(e)f(data,)271
2379 y(the)f(algorithm)g(puts)g(the)g(b)q(est)h(referral)f(found)g(in)g(the)h
(cac)o(he)e(in)o(to)h(the)g(authoritativ)o(e)271 2469 y(section.)30
b(In)19 b(these)g(cases,)h(the)f(algorithm)g(b)q(eliev)o(es)e(the)i(data)h
(that)g(it)f(retriev)o(es)f(from)271 2560 y(the)e(cac)o(he)g(to)g(b)q(e)h
(unimpaired.)i(As)d(w)o(e)g(sho)o(w)o(ed,)g(this)g(do)q(es)h(not)g
(necessarily)e(hold.)p eop
%%Page: 58 67
66 bop 1901 -100 a Fo(58)209 75 y(5.)24 b(Step)17 b(\014v)o(e)e(is)i(the)f
(call)f(to)i(another)g(resolv)o(er.)k(The)c(problem)d(here)i(is)h(that)f(the)
h(resp)q(onse)271 165 y(is)f(blindly)f(b)q(eliev)o(ed,)f(cac)o(hed)i(and)h
(used.)209 297 y(6.)24 b(Step)d(six)e(do)q(es)j(not)e(con)o(tain)h(a)f(\015a)
o(w)h(itself,)f(but)g(it)g(demonstrates)g(ho)o(w)h(easy)f(it)g(is)g(to)271
387 y(add)h(records)f(to)h(the)f(reply)l(,)f(and)i(that)g(a)f(name)f(serv)o
(er)g(accepts)h(that)g(without)h(man)o(y)271 477 y(constrain)o(ts.)149
643 y(4.3)50 b(Analysis)15 b(of)i(the)f(Resolv)o(er)f(Algorithm)223
782 y(In)e(this)g(section)g(w)o(e)f(review)h(the)g(resolv)o(er)f(algorithm)g
(stated)i(in)f(section)f(2.9.3)i(and)g(analyze)149 873 y(it)k(step)g(b)o(y)g
(step.)26 b(W)l(e)18 b(are)g(esp)q(ecially)f(lo)q(oking)h(for)g(w)o(eak)g
(assumptions)g(that)h(do)f(not)h(alw)o(a)o(ys)149 963 y(hold.)j(These)16
b(assumptions)g(could)g(b)q(e)h(exploited)e(b)o(y)g(attac)o(k)o(ers.)209
1107 y(1.)24 b(Step)17 b(one)f(in)g(the)h(resolv)o(er's)e(algorithm)g(sho)o
(ws)j(one)e(of)h(the)f(securit)o(y)f(\015a)o(ws)i(in)f(the)h(pro-)271
1197 y(to)q(col.)33 b(The)20 b(resolv)o(er)f(searc)o(hes)h(the)f(cac)o(he)g
(for)i(the)e(desired)h(data.)33 b(If)19 b(the)h(data)h(is)f(in)271
1288 y(the)g(cac)o(he,)f(the)g(resolv)o(er)f(\\assumes")i(it)f(to)h(b)q(e)f
(go)q(o)q(d)j(enough)e(for)g(regular)f(use.)31 b(This)271 1378
y(assumption)15 b(can)g(lead)f(to)i(the)e(use)h(of)g(false)g(records)g(and)g
(aid)g(an)g(attac)o(k)o(er)f(in)h(his)g(unau-)271 1468 y(thorized)h(attempt)f
(to)i(access)f(another)h(mac)o(hine.)271 1579 y(Some)k(resolv)o(ers)g
(o\013er)i(the)f(option)g(at)h(the)f(user)g(in)o(terface)e(to)j(force)e(the)h
(resolv)o(er)f(to)271 1670 y(ignore)e(cac)o(hed)f(data)h(and)h(alw)o(a)o(ys)e
(consult)h(an)g(authoritativ)o(e)f(serv)o(er.)27 b(Although)19
b(this)271 1760 y(approac)o(h)c(w)o(ould)e(solv)o(e)g(the)g(problem,)f(it)h
(is)h(not)g(recomme)o(nded)d(as)j(the)f(default,)g(as)i(this)271
1850 y(is)h(v)o(ery)f(ine\016cien)o(t.)209 1982 y(2.)24 b(In)19
b(step)g(t)o(w)o(o)h(the)e(resolv)o(er)h(lo)q(oks)g(for)h(a)f(name)f(serv)o
(er)h(to)g(ask)h(for)f(the)g(required)f(data.)271 2072 y(The)13
b(general)e(strategy)i(is)f(to)g(lo)q(ok)h(for)f(lo)q(cally)g(a)o(v)m
(ailable)f(name)g(serv)o(er)g(resource)h(records,)271 2163
y(starting)k(at)g(SNAME,)f(to)o(w)o(ards)h(the)f(ro)q(ot.)22
b(The)16 b(resolv)o(er)e(has)i(man)o(y)e(c)o(hoices)h(here)g(and)271
2253 y(dep)q(ending)k(on)g(whic)o(h)e(c)o(hoice)g(it)h(mak)o(es)f(it)h(can)g
(con)o(tact)g(sound)h(name)f(serv)o(ers)f(or)i(the)271 2343
y(attac)o(k)o(er's)14 b(name)g(serv)o(er.)20 b(Ho)o(w)o(ev)o(er,)13
b(if)i(w)o(e)f(assume,)h(that)g(the)g(attac)o(k)o(er)f(has)i(set)f(up)h(his)
271 2433 y(zones)c(suc)o(h)g(that)g(his)f(name)g(serv)o(er)g(is)g(the)h(only)
f(one)h(with)g(the)f(necessary)g(information)g(to)271 2524
y(answ)o(er)16 b(the)f(attac)o(k)o(ed)g(mac)o(hine's)e(query)l(,)h(the)i
(resolv)o(er)e(has)i(certainly)e(no)i(other)g(c)o(hoice)271
2614 y(than)h(\014nally)f(con)o(tacting)g(him.)p eop
%%Page: 59 68
67 bop 1901 -100 a Fo(59)209 75 y(3.)24 b(Step)d(three)g(sends)g(out)h
(queries)e(un)o(til)g(a)h(resp)q(onse)h(is)f(receiv)o(ed.)33
b(The)21 b(strategy)g(is)g(to)271 165 y(cycle)c(around)h(all)g(of)g(the)g
(addresses)g(for)g(all)g(of)g(the)f(serv)o(ers)g(with)h(a)g(timeout)e(b)q(et)
o(w)o(een)271 255 y(eac)o(h)g(transmission.)209 387 y(4.)24
b(In)17 b(step)h(four)f(the)g(resolv)o(er)f(accepts)i(answ)o(er)f(pac)o(k)o
(ets)f(from)h(name)f(serv)o(ers)g(it)h(has)h(con-)271 477 y(tacted.)33
b(These)20 b(pac)o(k)o(ets)f(can)h(con)o(tain)g(records)g(in)f(the)h
(additional)g(section.)33 b(The)20 b(re-)271 568 y(solv)o(er)15
b(p)q(erforms)g(some)g(prepro)q(cessing)h(on)g(these)g(pac)o(k)o(ets)e(and)j
(the)e(con)o(tained)g(records)271 658 y(\(see)h(4.1)g(for)g(detailed)f
(description\),)f(but)i(v)o(ery)f(lik)o(ely)e(accepts)i(them)g(and)h(cac)o
(hes)f(their)271 748 y(con)o(ten)o(ts.)41 b(Cac)o(hing)23 b(unrequested)f
(data)i(pro)o(vided)e(b)o(y)g(some)g(unkno)o(wn)h(source)g(can)271
839 y(lead)18 b(to)g(a)f(ma)s(jor)g(problem)f(but)i(is)f(also)h(necessary)f
(to)h(obtain)g(a)g(go)q(o)q(d)i(o)o(v)o(erall)c(system)271
929 y(p)q(erformance.)223 1073 y(If)g(the)h(resolv)o(er)f(has)i(direct)e
(access)h(to)h(a)f(name)f(serv)o(er's)g(zone,)h(it)g(should)g(c)o(hec)o(k)f
(to)h(see)g(if)149 1163 y(the)e(desired)e(data)i(is)f(presen)o(t)g(in)g
(authoritativ)o(e)g(form,)f(and)i(if)f(so,)g(use)h(the)f(authoritativ)o(e)g
(data)149 1254 y(in)i(preference)f(to)i(the)f(cac)o(he.)223
1344 y(One)k(could)h(ask)g(where)g(exactly)e(the)i(problem)e(lies:)30
b(in)21 b(b)q(elieving)e(the)i(cac)o(hed)f(data)i(in)149 1434
y(step)e(one,)g(or)g(earlier)f(in)g(blindly)f(cac)o(hing)h(additional)h
(information)f(throughout)i(step)f(four.)149 1524 y(Ob)o(viously)l(,)12
b(the)h(data)h(should)f(b)q(e)g(correct)g(b)q(efore)g(it)f(is)h(en)o(tered)e
(in)o(to)i(the)g(cac)o(he.)19 b(That)13 b(ensures)149 1615
y(the)20 b(in)o(tegrit)o(y)d(of)j(the)f(in)o(ternal)f(data)i(structures,)g
(whic)o(h)f(is)g(an)g(imp)q(ortan)o(t)g(precondition)g(in)149
1705 y(most)d(systems.)223 1795 y(But)h(this)g(answ)o(er)h(only)f(shifts)h
(the)f(question)h(to)f(the)h(origin)f(of)h(these)f(records.)26
b(Where)17 b(is)149 1886 y(the)g(righ)o(t)g(p)q(oin)o(t)g(to)g(ensure)g(the)g
(in)o(tegrit)o(y)e(of)j(transmitted)d(resource)i(records?)24
b(In)17 b(the)g(name)149 1976 y(serv)o(er)h(that)h(writes)g(the)f(records)h
(in)o(to)f(the)h(additional)g(section?)29 b(That)19 b(can)g(b)q(e)g(violated)
f(b)o(y)149 2066 y(an)e(attac)o(k)o(er,)e(as)i(w)o(e)f(ha)o(v)o(e)f(pro)o(v)o
(ed)g(in)h(our)h(exp)q(erimen)o(ts.)i(Or)d(in)g(the)g(name)f(serv)o(er)g(or)i
(resolv)o(er)149 2156 y(that)i(accepts)e(the)h(resource)g(records,)f(b)q
(efore)h(they)f(are)h(added)h(to)f(the)f(cac)o(he?)23 b(The)17
b(problem)149 2247 y(here)e(is)g(that)g(the)g(receiving)e(en)o(tit)o(y)h(has)
i(no)f(w)o(a)o(y)g(of)g(deciding)f(what)i(is)f(reasonable)h(to)f(b)q(eliev)o
(e,)149 2337 y(and)i(what)g(can)g(lead)f(to)g(trouble.)223
2427 y(Neither)d(of)i(the)f(approac)o(hes)h(is)g(feasible)f({)h(the)f(cen)o
(tral)g(dilemm)o(a)e(in)i(the)g(curren)o(t)g(Domain)149 2518
y(Name)h(System)g(design.)p eop
%%Page: 60 69
68 bop 1901 -100 a Fo(60)149 75 y(4.4)50 b(Ev)m(aluation)16
b(Criteria)223 214 y(The)j(follo)o(wing)g(sections)h(presen)o(t)f(solutions)h
(that)f(address)i(the)e(stated)h(problem.)29 b(Most)149 305
y(of)17 b(the)f(solutions)h(are)f(based)h(on)g(the)f(Domain)g(Name)e(System)h
(and)i(are)f(not)h(solutions)g(to)g(the)149 395 y(abstract)g(problem.)223
485 y(As)g(w)o(e)h(ha)o(v)o(e)f(already)h(men)o(tioned,)e(the)i(presen)o(ted)
f(approac)o(hes)i(are)f(not)g(complete)e(solu-)149 575 y(tions)g(to)g(the)g
(problem.)j(Most)d(of)g(them)e(w)o(ork)h(only)h(under)f(certain)g(additional)
h(assumptions,)149 666 y(but)j(then)g(reliably)l(.)27 b(A)19
b(go)q(o)q(d)i(approac)o(h)e(is)g(probably)g(to)g(not)g(limit)d(a)j(system)f
(to)h(the)g(appli-)149 756 y(cation)f(of)h(one)f(solution,)g(but)g(to)g
(impleme)o(n)o(t)d(a)j(reasonable)h(v)m(ariet)o(y)e(of)h(them.)24
b(This)18 b(v)m(ariet)o(y)149 846 y(should)k(co)o(v)o(er)d(as)j(man)o(y)d
(cases)i(as)g(p)q(ossible,)h(with)e(few)h(o)o(v)o(erlaps.)34
b(Some)20 b(of)h(the)f(presen)o(ted)149 937 y(solutions)d(are)f(already)g(in)
f(use)h(in)g(some)f(systems,)f(while)h(others)h(are)g(in)g(their)f(early)g
(stages)i(of)149 1027 y(design)g(or)f(dev)o(elopmen)o(t.)223
1117 y(Our)e(presen)o(tation)h(of)g(eac)o(h)f(solution)h(con)o(tains)g(a)g
(description)f(and)h(a)g(discussion.)21 b(W)l(e)14 b(use)149
1207 y(sev)o(eral)i(criteria)f(that)h(are)h(imp)q(ortan)o(t)e(in)h(an)h(ev)m
(aluation)f(of)g(solutions)h(to)g(our)g(problem:)222 1352 y
Fj(\017)24 b Fo(The)16 b(\\qualit)o(y")f(of)i(the)e(solution)h(is)g(a)g
(measuremen)o(t)d(of)j(the)f(radius)h(of)g(applicabilit)o(y)e(of)271
1442 y(the)g(solution.)21 b(This)13 b(v)m(alue)h(cannot)g(easily)f(b)q(e)h
(sp)q(eci\014ed,)f(b)q(ecause)h(the)g(set)f(of)h(applicable)271
1532 y(cases)g(is)e(not)i(precisely)d(giv)o(en.)19 b(W)l(e)13
b(men)o(tion)e(the)i(cases)g(that)h(are)f(co)o(v)o(ered)e(b)o(y)i(a)g
(solution)271 1623 y(and)k(try)f(to)h(deriv)o(e)d(from)i(that)g(a)h(judgemen)
o(t)d(ab)q(out)k(the)e(qualit)o(y)f(of)h(the)g(solution.)222
1754 y Fj(\017)24 b Fo(The)12 b(\\feasibilit)o(y)e(of)i(the)f(implem)o(en)o
(t)o(ation")f(of)i(a)g(solution)g(determines)d(ho)o(w)j(m)o(uc)o(h)d
(e\013ort)271 1845 y(is)19 b(needed)f(to)i(apply)e(the)h(solution)g(to)h(an)f
(unmo)q(di\014ed)f(v)o(ersion)g(of)i(a)f(state)g(of)g(the)g(art)271
1935 y(name)c(serv)o(er.)222 2067 y Fj(\017)24 b Fo(The)19
b(\\complexit)o(y)d(of)j(its)g(implem)o(e)o(n)o(tation")e(measures)g(if)i(mo)
q(di\014cations)f(in)g(di\013eren)o(t)271 2157 y(areas)c(are)f(in)o(v)o(olv)o
(ed)d(and)k(ho)o(w)f(complicated)d(their)i(in)o(teraction)g(is.)20
b(A)12 b(solution)h(can)g(ha)o(v)o(e)271 2247 y(a)h(v)o(ery)f(lo)o(w)g
(degree)g(of)h(complexit)o(y)-5 b(,)11 b(but)j(require)e(considerable)h
(implem)o(en)o(tati)o(on)e(e\013ort.)271 2338 y(A)16 b(complex)e(implem)o(en)
o(tation)f(do)q(es)k(not)g(has)g(to)g(result)f(in)f(a)i(large)f(amoun)o(t)g
(of)g(co)q(ding.)222 2469 y Fj(\017)24 b Fo(In)18 b(solving)f(the)g(problem)f
(w)o(e)h(are)h(striving)f(for)h(\\compatibilit)o(y)c(with)k(the)f(original)g
(de-)271 2560 y(sign.")22 b(A)16 b(solution)g(that)h(do)q(es)g(not)f(require)
f(c)o(hanges)i(to)f(the)g(DNS)g(proto)q(col)h(is)f(usually)271
2650 y(preferred)g(o)o(v)o(er)f(one)h(that)h(do)q(es)g({)g(ev)o(en)e(if)h
(this)g(conformit)o(y)e(has)j(other)f(disadv)m(an)o(tages.)p
eop
%%Page: 61 70
69 bop 1901 -100 a Fo(61)222 75 y Fj(\017)24 b Fo(The)d(Domain)f(Name)f
(System)g(is)i(a)g(system)e(that)i(resolv)o(es)f(mappings)g(on{line.)34
b(The)271 165 y(e\016ciency)14 b(of)j(the)e(system)g(and)i(its)f(p)q
(erformance)f(are)h(imp)q(ortan)o(t)f(factors)i(of)f(in\015uence.)271
255 y(The)g(compliance)d(of)j(the)f(solution's)h(\\e\016ciency")e(with)h
(that)h(of)g(the)f(system)f(is)i(equally)271 346 y(imp)q(ortan)o(t.)222
477 y Fj(\017)24 b Fo(Some)f(of)g(the)g(solutions)h(in)o(v)o(olv)o(e)d(users)
j(in)f(general.)42 b(F)l(or)23 b(example)e(if)i(the)g(solution)271
568 y(requires)12 b(a)i(c)o(hange)f(in)f(the)h(user)g(in)o(terface,)f(or)h
(in)g(an)g(organization's)h(p)q(olicy)e(of)h(handling)271 658
y(trust.)21 b(The)15 b(user)f(has)h(to)g(learn)f(to)h(handle)f(the)g(c)o
(hanges,)g(and)h(his)g(appro)o(v)m(al)g(is)f(a)h(crucial)271
748 y(p)q(oin)o(t.)22 b(W)l(e)16 b(com)o(bine)e(these)i(asp)q(ects)h(in)e
(the)h(term)f(\\acceptabilit)o(y)g(b)o(y)g(the)h(user.")222
880 y Fj(\017)24 b Fo(Solutions)15 b(migh)o(t)e(not)i(b)q(e)g(applicable)f
(in)g(ev)o(ery)f(organizational)i(en)o(vironmen)o(t.)j(W)l(e)c(call)271
970 y(this)i(criterion)g(\\applicabilit)o(y)e(in)i(an)h(organization.")222
1102 y Fj(\017)24 b Fo(An)15 b(imp)q(ortan)o(t)e(p)q(oin)o(t)i(in)f(the)h(in)
o(tro)q(duction)f(of)h(c)o(hanges)g(to)g(systems)e(is)h(the)h(\\transition)
271 1192 y(pro)q(cess")f(from)e(the)h(original)f(state)h(\(b)q(efore)g(the)g
(solution)g(is)g(applied\))f(to)h(the)g(new)g(state.)271 1283
y(In)18 b(case)g(of)g(minor)e(c)o(hanges)i(this)f(transition)h(p)q(erio)q(d)h
(can)f(b)q(e)f(v)o(ery)g(short)h({)g(sometimes)271 1373 y(hardly)h
(noticeable.)27 b(If)18 b(c)o(hanges)h(of)f(considerable)g(degree)g(are)h(in)
o(v)o(olv)o(ed,)d(this)j(pro)q(cess)271 1463 y(pla)o(ys)d(a)h(ma)s(jor)e
(role)h(in)g(the)g(c)o(hange)g(managemen)o(t.)222 1595 y Fj(\017)24
b Fo(The)16 b(\\transparency)g(of)g(the)f(solution")h(in)o(v)o(olv)o(es)d
(the)j(user)f(in)o(terface)f(and)i(the)f(soft)o(w)o(are)271
1685 y(in)o(terface)e(to)i(the)f(system.)19 b(This)c(p)q(oin)o(t)f(examines)f
(another)i(notion)g(than)f(the)h(\\compat-)271 1776 y(ibilit)o(y)h(with)i
(the)g(original)f(design,")i(whic)o(h)e(only)h(in)o(v)o(olv)o(es)e(the)i
(proto)q(col)g(issue)g(|)g(not)271 1866 y(the)e(user.)149 2031
y(4.5)50 b(The)16 b(Berk)o(eley)d(P)o(atc)o(h)223 2171 y(W)l(e)i(already)h
(men)o(tioned)d(the)j(Berk)o(eley)d(soft)o(w)o(are)j(patc)o(h)f(in)h(some)e
(sections)i(of)g(this)g(thesis)149 2261 y(and)h(explained)e(it)h(in)g(detail)
g(in)f(Section)h(3.5.6.)223 2351 y(This)11 b(\014rst)h(attempted)e(defense,)i
(dev)o(elop)q(ed)f(at)h(the)f(Univ)o(ersit)o(y)e(of)j(Berk)o(eley)l(,)d(CA)j
(,)f(consists)149 2442 y(of)16 b(mo)q(di\014cations)e(of)h(the)g(\\rlogind")h
(and)g(\\rshd")g(co)q(de.)21 b(The)15 b(idea)g(is)f(to)i(v)m(alidate)e(the)h
(in)o(v)o(erse)149 2532 y(mapping)h(tree)g(b)o(y)f(lo)q(oking)i(at)g(the)f
(corresp)q(onding)h(no)q(de)g(on)g(the)f(forw)o(ard)h(mapping)e(tree.)21
b(S.)149 2622 y(Bello)o(vin)e(describ)q(es)h(the)g(metho)q(d)g(used)h(b)o(y)f
(the)g(patc)o(h)h(in)f([Bel92)o(])g(as)h(follo)o(ws:)30 b(\\T)l(o)21
b(detect)p eop
%%Page: 62 71
70 bop 1901 -100 a Fo(62)149 75 y(this,)19 b(w)o(e)f(p)q(erform)g(a)h
(cross{c)o(hec)o(k;)f(using)h(the)f(returned)g(name,)g(w)o(e)g(do)h(a)g(forw)
o(ard)g(c)o(hec)o(k)e(to)149 165 y(learn)e(the)g(legal)g(address)h(for)f
(that)h(host.)21 b(If)15 b(that)h(name)e(is)h(not)g(listed,)f(or)i(if)e(the)h
(addresses)h(do)149 255 y(not)h(matc)o(h,)d(alarms,)h(gongs,)j(and)f(to)q
(csins)f(are)h(sounded.")223 346 y(Refer)e(to)i(the)f(description)f(of)i(the)
f(algorithm)f(in)h(Section)g(3.5.6)g(and)h(Figure)f(3.2.)223
436 y(The)c(\014x)g(is)g(easily)f(installed)h(and)h(not)f(v)o(ery)f(complex.)
18 b(Its)12 b(compatibilit)o(y)d(with)j(the)g(existing)149
526 y(Domain)i(Name)e(System)h(proto)q(col)h(is)g(another)h(adv)m(an)o(tage.)
21 b(The)14 b(transition)h(pro)q(cess)f(to)h(mo)o(v)o(e)149
616 y(to)k(a)g(name)e(serv)o(er)g(that)i(con)o(tains)f(the)h(patc)o(h)f(is)g
(not)h(di\016cult)e(or)h(complex.)26 b(A)18 b(few)g(lines)f(of)149
707 y(co)q(de)i(ha)o(v)o(e)f(to)h(b)q(e)g(inserted)e(in)o(to)i(the)f(name)f
(serv)o(er)h(co)q(de,)h(and)g(the)f(name)g(serv)o(er)f(has)i(to)g(b)q(e)149
797 y(recompiled)14 b(and)j(started.)223 887 y(Although)22
b(w)o(e)g(regard)h(this)f(patc)o(h)g(as)h(an)g(obligatory)g(mo)q
(di\014cation)e(to)i(\\rlogind")g(and)149 978 y(\\rshd,")15
b(it)e(is)g(limited)d(in)j(its)g(scop)q(e.)21 b(It)13 b(can)g(easily)g(b)q(e)
g(coun)o(tered)g(using)g(the)h(metho)q(ds)e(demon-)149 1068
y(strated)j(throughout)h(Section)e(3.5.6.)21 b(Because)14 b(a)h(name)e(serv)o
(er)h(alw)o(a)o(ys)g(prefers)g(authoritativ)o(e)149 1158 y(data)i(o)o(v)o(er)
d(non{authoritativ)o(e)i(records,)g(it)f(is)g(imp)q(ossible)f(to)i(p)q(oison)
g(the)g(cac)o(he)e(of)i(a)g(primary)149 1248 y(or)h(secondary)f(serv)o(er)g
(for)g(a)h(zone.)k(Th)o(us,)c(an)f(additional)g(false)g(A)g(record)g(cannot)h
(b)q(e)f(inserted)149 1339 y(in)o(to)h(the)g(cac)o(he,)f(and)i(the)f(cross{c)
o(hec)o(k)f(will)h(detect)f(the)h(tamp)q(ering.)223 1429 y(Ov)o(erall,)22
b(the)h(patc)o(h)f(is)h(a)g(true)g(solution)g(if)f(trust)h(can)g(b)q(e)g
(extended)f(only)g(within)h(the)149 1519 y(scop)q(e)c(of)f(authoritativ)o(e)f
(data,)h(and)h(if)e(the)g(attac)o(k)o(er)g(do)q(es)i(not)f(use)g(the)f(more)g
(sophisticated)149 1610 y(attac)o(king)h(metho)q(d.)26 b(In)18
b(case)g(the)f(attac)o(k)o(er)g(supplies)h(the)g(additional)g(\\A")g(record)g
(with)g(the)149 1700 y(answ)o(er)13 b(to)g(the)f(rev)o(erse)g(lo)q(okup,)h
(and)g(trust)g(is)f(extended)g(to)h(p)q(ossibly)g(un)o(trust)o(w)o(orth)o(y)f
(sources,)149 1790 y(this)17 b(metho)q(d)e(will)g(fail.)149
1956 y(4.6)50 b(Examining)14 b(Berk)o(eley)g(\\r{Commands")223
2095 y(The)19 b(Berk)o(eley)e(r{commands)i(extensiv)o(ely)e(use)i(the)h
(\\.rhosts")h(and)f(\\/etc/hosts.equiv")149 2185 y(\014les)14
b(to)g(increase)f(con)o(v)o(enien)o(t)f(net)o(w)o(ork)i(access.)20
b(In)14 b(Section)f(3.5.3,)h(w)o(e)g(discussed)g(the)f(T)l(rusted)149
2276 y(Net)o(w)o(ork)j(concept.)21 b(R{commands)15 b(suc)o(h)h(as)h(remote)e
(login)i(and)g(remote)d(shell)i(o\013er)h(the)f(p)q(os-)149
2366 y(sibilit)o(y)c(to)j(extend)e(trust)h(to)g(other)g(mac)o(hines.)19
b(Users)14 b(and)g(system)f(administrators)g(can)h(build)149
2456 y(individual)j(net)o(w)o(orks)h(of)h(trust.)27 b(What)18
b(lo)q(oks)h(lik)o(e)e(a)h(go)q(o)q(d)i(idea)e(at)h(the)f(\014rst)g(glance)g
(pro)o(v)o(es)149 2547 y(v)o(ery)d(dangerous)j(in)e(some)f(cases.)p
eop
%%Page: 63 72
71 bop 1901 -100 a Fo(63)223 75 y(The)15 b(existence)e(of)i(these)g
(structures)g(of)g(trust)g(is)g(necessary)g(for)g(the)g(break{in)g(to)g(happ)
q(en.)149 165 y(Ob)o(viously)l(,)e(the)h(break{in)g(is)g(prev)o(en)o(ted)f
(if)g(w)o(e)h(prohibit)g(the)f(usage)i(of)g(trusted)f(hosts)h(or)f(users)149
255 y(completely)l(.)37 b(It)22 b(is)g(tec)o(hnically)e(p)q(ossible)i(to)h
(disallo)o(w)f(the)g(usage)h(of)g(\\trust")g(in)f(Berk)o(eley)149
346 y(commands.)29 b(The)19 b(c)o(hoice)f(can)h(b)q(e)h(made)e(b)o(y)g(the)h
(system)f(administrator)h(at)g(compile)e(time.)149 436 y(Ho)o(w)o(ev)o(er,)f
(b)q(eing)h(able)g(to)h(access)f(other)g(mac)o(hines)f(without)h(passw)o
(ords)i(mak)o(es)d(the)h(w)o(ork)g(in)149 526 y(a)j(net)o(w)o(orking)f(en)o
(vironmen)o(t)e(easier.)31 b(Once)19 b(used)g(to)h(the)g(comfort,)e(not)i
(man)o(y)f(users)g(agree)149 616 y(to)f(sacri\014ce)f(their)g(con)o(v)o
(enience)e(for)j(the)f(prev)o(en)o(tion)f(of)i(\\h)o(yp)q(othetical")f
(securit)o(y)f(concerns.)149 707 y(The)21 b(trade{o\013)g(hereb)o(y)f(w)o
(ould)g(con)o(tain)g(the)g(loss)h(of)f(v)o(ery)f(con)o(v)o(enien)o(t)g(and)h
(in)g(man)o(y)f(cases)149 797 y(necessary)d(to)q(ols)i(for)e(trouble)g(free)g
(connection)f(to)i(hosts)g(that)g(are)f(accessed)g(frequen)o(tly)l(.)223
887 y(A)i(less)h(\\safe")i(solution)e(w)o(ould)g(b)q(e)h(to)f(limit)e(trust)i
(to)h(lo)q(cally)e(administered)g(zones,)h(i.e.)149 978 y(authoritativ)o(e)i
(zones,)g(where)f(the)h(Berk)o(eley)d(patc)o(h)i(w)o(orks)h(reliably)l(.)33
b(As)20 b(w)o(e)h(disco)o(v)o(ered)e(in)149 1068 y(Section)k(4.5,)h(limiting)
d(trust)i(to)g(certain)g(zones)g(\014xes)g(the)f(\015a)o(w.)42
b(An)23 b(organization)h(could)149 1158 y(issue)c(the)f(p)q(olicy)g(that)g
(only)h(lo)q(cal)f(trust)h(is)f(allo)o(w)o(ed.)30 b(In)19 b(some)f
(organizations)i(this)g(can)f(b)q(e)149 1248 y(considered)13
b(a)h(reasonable)h(approac)o(h)f(if)f(hardly)g(an)o(y)h(remote)e(accesses)h
(are)h(originated)f(outside)149 1339 y(of)i(the)g(\\o)o(wn")h(zone)e(to)h
(the)g(\\o)o(wn")h(zone.)k(Additional)14 b(to)q(ols)i(w)o(ould)f(b)q(e)g
(necessary)f(to)h(enforce)149 1429 y(the)d(p)q(olicy)l(,)f(suc)o(h)h(as)g(a)g
(script)f(that)i(p)q(erio)q(dically)d(c)o(hec)o(ks)g(en)o(tries)h(in)g
(\\.rhosts")i(\014les.)20 b(If)11 b(p)q(erio)q(dic)149 1519
y(c)o(hec)o(ks)i(are)h(still)f(to)q(o)i(w)o(eak,)e(the)h(r{command)e(implem)o
(en)o(tati)o(ons)g(could)i(b)q(e)g(c)o(hanged)g(in)f(a)i(w)o(a)o(y)149
1610 y(that)h(users)f(cannot)g(directly)f(mo)q(dify)f(their)h(database)i(of)g
(trusted)e(mac)o(hines)f(\(\\.rhosts"\),)j(but)149 1700 y(ha)o(v)o(e)h(to)h
(use)f(a)h(sp)q(ecial)f(program)g(to)h(manage)f(trust{en)o(tries.)24
b(The)18 b(data)g(m)o(ust)e(b)q(e)h(k)o(ept)g(in)g(a)149 1790
y(protected)i(data)h(area)f(of)g(the)g(op)q(erating)g(system)f(managed)g(b)o
(y)h(the)f(k)o(ernel.)28 b(This)19 b(program)149 1880 y(could)e(\014lter)g
(out{of{zone)h(en)o(tries)e(at)h(the)g(time)e(the)i(user)g(w)o(an)o(ted)f(to)
i(en)o(ter)e(them.)22 b(It)16 b(w)o(ould)149 1971 y(also)c(con)o(tain)f(the)f
(p)q(ossibilit)o(y)g(of)h(managing)g(setup)g(c)o(hanges)g(cen)o(trally)l(.)18
b(This)11 b(solution)g(actually)149 2061 y(prop)q(oses)18 b(an)f(automatized)
e(pro)q(cedure)h(to)h(implem)o(en)n(t)d(an)i(organization's)h(p)q(olicy)l(.)
223 2151 y(If)g(the)g(nature)g(of)h(connections)f(allo)o(ws)h(a)g(p)q(olicy)e
(suc)o(h)i(as)g(describ)q(ed)e(ab)q(o)o(v)o(e,)i(implem)o(e)o(n)o(t-)149
2242 y(ing)k(it)e(is)h(a)h(ma)s(jor)e(e\013ort.)36 b(Some)20
b(system)g(scripts)h(ha)o(v)o(e)f(to)i(b)q(e)f(written)f(to)i(ensure)f(prop)q
(er)149 2332 y(usage,)j(op)q(erating)f(system)d(co)q(de)i(and)g(r{command)e
(co)q(de)i(m)o(ust)e(b)q(e)i(mo)q(di\014ed,)g(and)g(a)g(new)149
2422 y(user)17 b(in)o(terface)f(has)h(to)g(b)q(e)g(dev)o(elop)q(ed.)22
b(Users)17 b(shall)f(b)q(e)h(trained)g(ho)o(w)g(to)g(apply)g(the)f(c)o
(hanged)149 2512 y(facilit)o(y)e(and)i(ha)o(v)o(e)f(to)i(b)q(e)e(made)g
(familiar)f(with)h(the)h(new)f(p)q(olicy)h(and)g(the)f(new)h(user)g(in)o
(terface)149 2603 y(\(whic)o(h)h(could)g(easily)f(impro)o(v)o(e)e(the)j
(existing)g(one\).)24 b(Adv)m(an)o(tages)17 b(of)g(this)g(new)h(approac)o(h)f
(are)p eop
%%Page: 64 73
72 bop 1901 -100 a Fo(64)149 75 y(the)21 b(compatibilit)o(y)d(with)k(the)e
(existing)h(Domain)f(Name)g(System)g(proto)q(col)i(and)f(additional)149
165 y(b)q(ene\014ts)c(in)f(further)g(securit)o(y)f(related)g(issues.)223
255 y(Ov)o(erall,)f(a)j(v)o(ery)f(w)o(eak)g(p)q(oin)o(t)h(in)f(the)h(Berk)o
(eley)c(deriv)o(ed)j(UNIX)e(systems)i(is)g(the)h(usage)g(of)149
346 y(trust.)27 b(This)18 b(thesis)f(exploits)h(only)f(one)h(of)h(sev)o(eral)
d(kno)o(wn)i(\015a)o(ws)h(based)f(up)q(on)h(trust.)27 b(Using)149
436 y(trust{based)c(mec)o(hanism)o(s)c(requires)h(thinking)h(ab)q(out)h(a)g
(c)o(hange)f(in)g(individual)f(p)q(olicies)g(in)149 526 y(dealing)e(with)g
(gran)o(ting)g(trust)h(to)f(others.)27 b(W)l(e)17 b(can)h(conclude,)g(b)o(y)f
(citing)g(S.)h(Bello)o(vin:)k(\\If)c(a)149 616 y(host)i(trusts)g(another)f
(host)h(not)f(named)f(in)h(a)g(lo)q(cal)g(zone,)g(its)f(name)g(serv)o(er)g
(cannot)i(protect)149 707 y(it.")i(\([Bel90b)o(]\))223 797
y(Although)e(w)o(e)f(concen)o(trate)h(on)g(the)g(Berk)o(eley)d(\\r{commands")
j(in)f(this)h(section,)g(w)o(e)g(do)149 887 y(not)d(forget)f(that)h(there)e
(are)h(other)g(w)o(a)o(ys)g(in)g(exploiting)f(the)h(\015a)o(w.)21
b(F)l(or)16 b(example)e(in)o(tercepting)149 978 y(electronic)f(mail)f(is)i(a)
g(target)h(of)f(attac)o(k)o(ers;)g(esp)q(ecially)e(electronic)h(mail)f(that)i
(is)g(exc)o(hanged)g(b)o(y)149 1068 y(securit)o(y)h(agencies)h(and)h(securit)
o(y)e(related)g(organizations.)149 1233 y(4.7)50 b(Restricting)15
b(Public)g(Information)g(Access)223 1373 y(What)j(mak)o(es)d(the)i(break{in)h
(p)q(ossible)f(in)g(the)h(\014rst)f(place)g(is)g(gathering)h(necessary)f
(infor-)149 1463 y(mation)g(ab)q(out)i(host)g(names)d(of)i(trusting)g(mac)o
(hines)e(and)i(user)g(names)f(on)h(di\013eren)o(t)f(systems)149
1553 y(trusting)h(eac)o(h)f(other.)26 b(This)18 b(section)f(discusses)g(ho)o
(w)h(to)g(obtain)g(the)g(names)e(and)j(whether)e(it)149 1644
y(is)f(feasible)g(or)g(reasonable)h(to)g(restrict)e(access)h(to)h(this)f
(information.)223 1734 y(W)l(e)i(are)h(not)g(discussing)f(random)h(patterns)g
(of)g(trust)g(that)g(migh)o(t)d(exist)i(b)q(et)o(w)o(een)g(hosts,)149
1824 y(but)h(t)o(w)o(o)f(common)e(patterns)j(using)f(a)h(systematic)d
(approac)o(h.)28 b(The)18 b(follo)o(wing)g(discussion)h(is)149
1915 y(based)f(on)g(section)f(3)g(in)g([Bel90b)o(].)24 b(In)17
b(a)h(cluster)e(of)i(time{sharing)e(mac)o(hines,)f(eac)o(h)i(mac)o(hine)149
2005 y(is)22 b(lik)o(ely)d(to)j(extend)f(trust)g(to)h(all)f(its)h(p)q(eers.)
37 b(This)21 b(pattern)h(is)f(not)h(common)e(to)i(the)f(gen-)149
2095 y(eral)g(user)f(p)q(opulation,)j(but)d(it)h(is)f(applicable)g(to)h
(systems)e(programming)g(and)j(op)q(erational)149 2185 y(sta\013.)g(Another)
16 b(t)o(ypical)e(pattern)h(is)g(the)h(o)q(ccurrence)e(of)i(\014le)f(serv)o
(ers)f(that)i(trust)g(their)e(clien)o(ts,)149 2276 y(who)20
b(serv)o(e)e(as)i(a)g(source)f(of)g(extra)g(CPU)g(cycles.)29
b(\\Dataless")20 b(clien)o(ts)e(will)g(frequen)o(tly)f(trust)149
2366 y(administrativ)o(e)d(mac)o(hines)g(to)j(p)q(ermit)e(soft)o(w)o(are)h
(main)o(tenance.)223 2456 y(There)h(are)h(sev)o(eral)f(net)o(w)o(orking)h
(utilities)e(that)i(are)g(generally)f(a)o(v)m(ailable)h(to)g(all)g(users)g
(on)149 2547 y(a)f(system)e(to)h(sp)o(y)g(out)h(the)f(w)o(an)o(ted)g
(information.)p eop
%%Page: 65 74
73 bop 1901 -100 a Fo(65)223 75 y(A)22 b(com)o(bined)f(usage)i(of)g
(\\snmpnetstat")g(and)g(\\\014nger")h(can)f(do)g(the)g(job.)41
b(One)22 b(migh)o(t)149 165 y(ob)s(ject)e(that)g(\\snmpnetstat")g(is)g(not)g
(alw)o(a)o(ys)g(a)o(v)m(ailable)f(and)i(that)f(some)f(sites)h(also)g
(restrict)149 255 y(the)c(usage)g(of)g(the)f(\014nger)h(daemon)f(on)h(their)f
(mac)o(hines.)k(But)c(there)g(are)h(more)e(common)g(to)q(ols)149
346 y(that)j(can)g(b)q(e)f(abused.)223 436 y(Examination)e(of)h(mail)e(or)j
(news)f(headers)g(giv)o(es)f(us)i(information)e(ab)q(out)i(where)f(mail)e
(orig-)149 526 y(inated)23 b(and)h(whic)o(h)e(path)i(it)f(to)q(ok.)42
b(The)23 b(\\Receiv)o(ed:")34 b(\014elds)23 b(con)o(tain)f(a)i(complete)d
(trace)149 616 y(of)g(the)f(route.)34 b(Sometimes)18 b(this)i(route)g(con)o
(tains)h(w)o(orkstation)g(-)g(serv)o(er)e(names)g(that)i(trust)149
707 y(eac)o(h)g(other.)37 b(A)21 b(similar)f(tric)o(k)g(is)h(p)q(ossible)h
(using)f(\\traceroute")h(once)g(w)o(e)f(kno)o(w)g(a)h(remote)149
797 y(w)o(orkstation)17 b(name.)223 887 y(W)l(e)g(can)h(also)g(gain)g(m)o(uc)
o(h)d(insigh)o(t)i(using)h(the)f(Domain)g(Name)f(System)g(itself.)24
b(The)17 b(SO)o(A)149 978 y(records)j(con)o(tain)f(a)g(mac)o(hine)e(name)h
(and)i(a)g(host)f(address)h(of)g(a)f(privileged)f(user.)30
b(With)19 b(the)149 1068 y(host)c(name)e(w)o(e)h(can)g(retriev)o(e)e(the)i
(IP)g(address)h(and)f(then)g(with)g(a)h(zone)f(transfer)g(obtain)g(names)149
1158 y(of)21 b(other)f(mac)o(hines)e(in)i(the)g(net)o(w)o(ork)g(lo)q(cal)g
(to)h(that)f(mac)o(hine.)31 b(Ev)o(en)20 b(if)f(the)h(zone)g(transfer)149
1248 y(is)h(disabled,)g(w)o(e)f(could)h(issue)g(254)g(rev)o(erse)f(lo)q
(okups)h(to)h(collect)d(the)h(names)g(w)o(e)g(seek.)34 b(The)149
1339 y(HINF)o(O)15 b(records)h(giv)o(e)f(additional)i(information.)223
1429 y(F)l(urther)c(\\help")h(is)g(pro)o(vided)f(b)o(y)h(\\ftp")g(\(some)f
(serv)o(ers)g(o\013er)i(the)e(service,)g(only)g(few)h(w)o(ork-)149
1519 y(stations)23 b(do\),)f(\\sm)o(tp")f(\(mac)o(hines)e(that)j(run)g(mail)d
(serv)o(ers\),)i(and)h(Sun's)g(\\rp)q(cinfo")g(\(what)149 1610
y(services)f(are)g(running?\))38 b(Published)21 b(material)e(is)i(a)o(v)m
(ailable)g(from)f(some)h(univ)o(ersities)e(that)149 1700 y(describ)q(es)d
(the)g(setup)h(of)f(their)g(net)o(w)o(orks)g(on)g(a)h(high)f(lev)o(el.)223
1790 y(Some)j(systems)h(still)f(use)i(the)g(same)e(\\/etc/hosts.equiv")i
(\014les)g(on)g(man)o(y)e(hosts)j(just)f(to)149 1880 y(simplify)14
b(systems)h(administration.)223 1971 y(The)23 b(men)o(tioned)e(collection)h
(of)h(to)q(ols)i(sho)o(ws)f(that)f(it)g(is)g(a)h(di\016cult)e(task)h(to)h
(limit)d(in-)149 2061 y(formation)i(access)g(without)g(sacri\014cing)g(the)g
(legitimate)d(utilization)i(of)i(net)o(w)o(ork)e(services.)149
2151 y(Prev)o(en)o(ting)d(someone)g(from)f(gathering)i(the)g(necessary)f
(information)g(is)g(nearly)h(imp)q(ossible.)149 2242 y(T)l(o)q(o)c(man)o(y)e
(services)f(rely)h(on)h(address)g(information,)f(and)h(most)f(p)q(eople)h(w)o
(ould)f(complain)g(ter-)149 2332 y(ribly)f(if)h(they)g(w)o(ere)f(depriv)o(ed)
g(of)h(useful)g(to)q(ols)h(suc)o(h)f(as)g(\014nger,)h(email,)d(and)i(news.)21
b(The)14 b(idea)g(of)149 2422 y(op)q(en)20 b(systems)d(requires)h(op)q(en)h
(access)f(to)h(information)f(services)f(and)j(address)f(information.)149
2512 y(Therefore,)13 b(most)f(system)f(administrators)g(ha)o(v)o(e)h(decided)
g(that)g(the)h(b)q(ene\014ts)f(of)h(these)f(utilities)149 2603
y(out)o(w)o(eigh)k(the)g(risks.)p eop
%%Page: 66 75
74 bop 1901 -100 a Fo(66)223 75 y(Ov)o(erall,)11 b(w)o(e)i(think)f(that)h(sh)
o(utting)g(do)o(wn)h(w)o(ell{kno)o(wn)e(and)h(widely)f(used)h(services)f(is)h
(not)g(a)149 165 y(go)q(o)q(d)k(idea.)k(The)14 b(lac)o(k)g(of)h(these)f
(services)g(w)o(ould)h(h)o(urt)f(functionalit)o(y)f(and)j(the)e(purp)q(ose)i
(of)f(the)149 255 y(In)o(ternet)h(to)i(a)f(considerable)f(degree.)24
b(There)16 b(are)h(to)q(o)h(man)o(y)e(w)o(a)o(ys)h(to)g(gather)h(the)f
(necessary)149 346 y(information;)e(it)h(w)o(ould)g(b)q(e)h(a)f(hop)q(eless)h
(job)f(to)h(protect)f(the)g(In)o(ternet)f(against)i(abuse.)149
511 y(4.8)50 b(Adjusting)16 b(DNS)g(Up)q(date)g(In)o(terv)m(als)223
651 y(Some)d(sites)h(ha)o(v)o(e)f(connections)h(c)o(hie\015y)f(with)h(mac)o
(hines)e(outside)i(of)h(their)e(zones)i(that)f(sta)o(y)149
741 y(stable)20 b(in)f(the)g(sense)g(that)h(host)g(name)e(to)i(IP)f(address)h
(mapping)f(will)f(sta)o(y)h(the)g(same)f(for)i(a)149 831 y(long)15
b(time.)k(The)14 b(idea)g(is)g(to)g(en)o(ter)g(long)g(TTL)i(v)m(alues)e(in)o
(to)g(the)g(resource)g(records,)g(v)m(alues)g(that)149 921
y(exceed)h(the)h(curren)o(tly)f(implem)o(en)n(ted)e(threshold)j(of)h(1)g(w)o
(eek.)j(Limits)14 b(could)i(b)q(e)h(increased)e(up)149 1012
y(to)k(6,)g(12)g(mon)o(ths,)e(or)i(ev)o(en)e(longer,)i(dep)q(ending)f(on)h
(the)f(situation.)27 b(If)18 b(this)g(data)i(is)e(en)o(tered)149
1102 y(with)j(great)g(care)f(to)h(ensure)g(correctness)f(of)h(the)f
(mappings,)h(the)f(DNS)h(based)g(break{in)g(is)149 1192 y(prev)o(en)o(ted.)
223 1283 y(This)g(approac)o(h)h(is)f(limited)e(b)o(y)h(its)i(scop)q(e)f(of)h
(applicabilit)o(y)l(,)e(but)h(it)g(is)g(a)h(solution)g(with)149
1373 y(man)o(y)17 b(adv)m(an)o(tages.)27 b(It)18 b(go)q(es)g(with)g(the)g
(curren)o(t)f(Domain)g(Name)f(System)g(proto)q(col)j(and)f(can)149
1463 y(b)q(e)c(implem)o(en)n(ted)c(without)k(m)o(uc)o(h)d(e\013ort,)i(b)o(y)g
(simply)e(c)o(hanging)j(the)f(constan)o(t)g(max)p 1732 1463
15 2 v 17 w(cac)o(he)p 1865 1463 V 16 w(ttl)1930 1445 y Fm(1)149
1553 y Fo(in)h(the)g(name)e(serv)o(er)h(co)q(de)h(and)g(recompiling)e(the)h
(system.)19 b(As)14 b(all)f(necessary)h(en)o(tries)e(are)i(k)o(ept)149
1644 y(in)19 b(the)f(lo)q(cal)g(cac)o(he,)g(the)h(system)e(pro)o(vides)h(v)o
(ery)f(quic)o(k)g(replies)g(to)i(queries.)27 b(It)18 b(hardly)h(ev)o(er)149
1734 y(uses)e(the)f(net)o(w)o(ork)g(and)g(therefore)g(sa)o(v)o(es)g
(bandwidth)h(on)f(the)g(medium)d(for)k(other)f(tasks.)223 1824
y(This)11 b(approac)o(h)i(has)f(the)f(problem)f(of)i(v)m(alidating)g(the)f
(host)h(name)e(to)i(IP)g(address)g(mappings)149 1915 y(b)q(efore)17
b(they)g(are)g(cac)o(hed.)23 b(Ho)o(w)16 b(can)i(it)e(b)q(e)h(ensured)g(that)
h(the)e(mappings)h(are)g(correct)f(in)h(the)149 2005 y(\014rst)k(place?)34
b(Certainly)l(,)20 b(a)h(false)f(en)o(try)f(w)o(ould)i(sta)o(y)f(for)h(a)g
(long)g(time,)d(and)j(the)g(attac)o(k)o(er's)149 2095 y(address)e(w)o(ould)e
(b)q(e)g(\014nally)g(noted.)25 b(But)17 b(do)q(es)h(that)g(really)e(help,)h
(once)g(misc)o(hief)d(is)k(done?)25 b(It)149 2185 y(migh)o(t)15
b(aid)h(in)g(prosecution)h(e\013orts,)f(but)h(only)f(little)e(in)i(prev)o(en)
o(tion.)223 2276 y(One)d(of)h(the)g(original)f(reasons)i(to)f(in)o(tro)q
(duce)g(the)f(Domain)g(Name)f(System)g(w)o(as)j(to)f(manage)149
2366 y(the)21 b(dynamic)f(b)q(eha)o(vior)h(of)h(c)o(hanges)f(in)g(the)g(data)
h(base.)37 b(This)21 b(approac)o(h)h(\014xes)f(mappings)149
2456 y(for)d(a)h(long)f(time)d(and)k(uses)f(a)g(p)q(o)o(w)o(erful)f
(distributed)g(database)i(system)d(for)i(an)h(infrequen)o(tly)149
2547 y(happ)q(ening)h(up)q(date)g(pro)q(cess.)29 b(Although)19
b(w)o(e)g(are)g(not)g(talking)g(ab)q(out)h(a)f(static)g(mapping)f(in)p
149 2590 720 2 v 206 2621 a Fl(1)224 2636 y Fk(in)c(BIND)g(v)o(ersion)g
(4.8.3)e(\(7*24*60*60\))g(seconds)j(=)f(one)g(w)o(eek)p eop
%%Page: 67 76
75 bop 1901 -100 a Fo(67)149 75 y(this)14 b(section,)f(a)h(w)o(ell{main)o
(tained)d(HOSTS.TXT)i(\014le)g(w)o(ould)g(do)i(the)e(job)h(with)f(less)h(o)o
(v)o(erhead.)149 165 y(W)l(e)24 b(will)f(presen)o(t)g(the)h(discussion)g(ab)q
(out)h(abandoning)h(the)d(Domain)g(Name)g(System)f(and)149
255 y(returning)17 b(to)f(the)g(previous)g(system)f(in)h(Section)g(4.9.)223
346 y(Ov)o(erall,)10 b(the)h(approac)o(h)g(of)h(extending)e(TTL)i(v)m(alues)f
(to)h(a)f(long)g(p)q(erio)q(d)h(of)f(time)e(is)i(a)h(safe)f(and)149
436 y(feasible)19 b(metho)q(d)g(in)g(en)o(vironmen)o(ts)e(where)i(the)g
(additional)h(condition)f(of)h(static)f(mappings)149 526 y(with)12
b(long)g(lifetimes)d(is)j(giv)o(en.)19 b(Ho)o(w)o(ev)o(er,)10
b(in)i(this)f(case)h(not)h(the)e(Domain)h(Name)e(System)g(seems)149
616 y(to)k(b)q(e)f(the)g(righ)o(t)f(approac)o(h,)i(but)f(a)h(lo)q(cally)e(w)o
(ell{administered)e(static)i(mapping)h(mec)o(hanism)o(.)149
782 y(4.9)50 b(Abandoning)17 b(the)f(Domain)f(Name)g(System)223
921 y(It)c(could)g(b)q(e)h(suggested)g(to)g(abandon)h(the)e(DNS)h(and)g
(either)e(return)h(to)h(the)g(previous)f(system)149 1012 y(with)k(a)h(static)
f(host)h(table,)e(or)i(mo)o(v)o(e)d(on)j(to)f(another)h(system,)d(that)j(has)
g(y)o(et)e(to)i(b)q(e)f(dev)o(elop)q(ed.)149 1102 y(W)l(e)21
b(are)g(not)h(going)g(to)f(talk)g(ab)q(out)h(p)q(ossible)f(future)g(dev)o
(elopmen)o(t)d(of)j(the)g(Domain)f(Name)149 1192 y(System)d(here,)g(but)h(ab)
q(out)i(returning)e(to)g(the)g(previous)g(system.)25 b(Abandoning)18
b(the)g(Domain)149 1283 y(Name)d(System)g(is)h(not)g(an)h(extreme)c(scenario)
k(of)f(what)h(w)o(e)f(describ)q(ed)g(in)f(Section)h(4.8,)g(as)h(our)149
1373 y(solution)g(there)f(only)g(assumed)f(slo)o(w)i(dynamic)d(b)q(eha)o
(vior.)223 1463 y(This)j(section)h(suggests)h(an)f(again)g(cen)o(tralized)e
(managemen)o(t)f(of)j(the)g(mapping)e(data.)27 b(In)149 1553
y(this)18 b(approac)o(h,)h(mappings)f(can)g(c)o(hange)g(frequen)o(tly)l(,)e
(but)j(c)o(hanges)f(ha)o(v)o(e)f(to)i(b)q(e)f(rep)q(orted)g(to)149
1644 y(a)h(cen)o(tral)e(authorit)o(y)h(that)g(manages)g(the)g(whole)g(Domain)
g(Name)e(Space)i(in)g(con)o(trast)g(to)h(the)149 1734 y(Domain)f(Name)e
(System)g(approac)o(h)j(of)f(managing)f(zones)h(through)h(delegated)f(lo)q
(cal)f(author-)149 1824 y(ities.)30 b(This)20 b(w)o(ould)g(not)g(solv)o(e)e
(the)i(problem,)e(b)q(ecause)i(the)f(problem)f(is)h(not)h(the)f(DNS,)g(but)
149 1915 y(inadequate)d(metho)q(ds)g(of)h(host)g(authen)o(tication.)223
2005 y(IP)22 b(addresses)i(of)f(trusted)g(mac)o(hines)e(could)h(still)g(b)q
(e)h(imitated.)39 b(This)23 b(is)g(a)g(somewhat)149 2095 y(harder)15
b(task,)g(but)g(the)f(kno)o(w-ho)o(w)h(has)g(b)q(een)g(published)f(for)h
(quite)e(some)h(time)e(\(see)i([Mor85]\).)223 2185 y(W)l(ould)h(it)f(b)q(e)h
(safer)g(to)g(transmit)f(up)q(dates)h(to)g(a)h(cen)o(tral)d(site?)21
b(Email,)13 b(telephone)h(calls,)g(or)149 2276 y(con)o(v)o(en)o(tional)d(pap)
q(er)i(are)f(not)g(necessarily)f(a)i(reliable)d(w)o(a)o(y)i(to)g(transmit)f
(mapping)h(information)149 2366 y(up)q(dates.)28 b(The)18 b(long)g(time)e
(dela)o(y)h(un)o(til)g(cen)o(trally)g(made)g(c)o(hanges)h(are)g(propagated)h
(through)149 2456 y(the)g(net)o(w)o(ork)f(w)o(ould)h(condemn)e(the)i
(database)g(to)h(b)q(e)e(in)h(an)g(inheren)o(tly)e(inconsisten)o(t)h(state.)
149 2547 y(The)c(system)f(w)o(ould)h(again)h(con)o(tain)f(all)f(the)h(disadv)
m(an)o(tages)h(describ)q(ed)f(in)f(Section)h(2.2,)g(whic)o(h)149
2637 y(w)o(ere)i(the)g(reasons)h(for)g(dev)o(eloping)e(the)h(curren)o(t)f
(Domain)h(Name)e(System.)p eop
%%Page: 68 77
76 bop 1901 -100 a Fo(68)223 75 y(But)11 b(b)q(esides)i(these)f(ob)o(vious,)g
(tec)o(hnical,)f(and)i(w)o(ell{kno)o(wn)f(reasons,)h(there)f(is)g(a)h
(signi\014can)o(t)149 165 y(argumen)o(t)g(wh)o(y)g(no)i(one)e(can)h(p)q
(ossibly)g(b)q(e)g(in)f(fa)o(v)o(or)h(of)g(reinstalling)e(the)i(previous)f
(system:)19 b(the)149 255 y(sheer)g(size)f(of)i(the)f(In)o(ternet.)28
b(HOSTS.TXT)19 b(w)o(as)g(abandoned)i(b)q(ecause)e(200,000)i(hosts)f(w)o(as)
149 346 y(to)q(o)k(m)o(uc)o(h)c(to)i(b)q(e)h(managed.)38 b(Are)22
b(curren)o(tly)e(ab)q(out)k(1.5)e(million)e(\(see)i([Lot93)q(]\))f(easier)h
(to)149 436 y(handle?)g(Certainly)15 b(not.)223 526 y(Ov)o(erall,)i
(abandoning)k(the)d(Domain)g(Name)f(System)h(w)o(ould)h(drag)g(the)g(name)f
(resolution)149 616 y(task)h(in)e(the)h(In)o(ternet)e(out)j(of)f(a)g
(functioning)g(state)g(with)g(a)g(not)g(easily)f(exploitable)g(securit)o(y)
149 707 y(breac)o(h,)j(in)o(to)f(an)h(unmanageable,)g(not)g(w)o(orking)g
(state)f(of)h(prehistoric)f(system)f(design.)32 b(W)l(e)149
797 y(think)16 b(that)h(w)o(ould)f(do)h(more)e(harm)g(than)i(doing)g(nothing)
g(at)f(all.)149 962 y(4.10)50 b(Hardening)16 b(Name)f(Serv)o(ers)223
1102 y(This)h(section)h(con)o(tains)f(a)i(n)o(um)o(b)q(er)c(of)j(problems)f
(that)h(w)o(e)f(classify)g(in)o(to)g(t)o(w)o(o)h(groups)h(and)149
1192 y(a)f(collection)e(of)i(p)q(ossible)g(mo)q(di\014cations)f(to)h(the)f
(name)f(serv)o(er)h(to)h(pro)o(vide)e(\(at)i(least)g(partial\))149
1283 y(solutions)g(to)g(these)f(problems.)223 1373 y(W)l(e)i(though)o(t)i(ab)
q(out)g(organizing)g(this)f(section)f(in)h(a)g(w)o(a)o(y)g(that)h(solutions)f
(are)g(stated)h(di-)149 1463 y(rectly)g(in)h(eac)o(h)g(section)g(describing)f
(a)i(problem.)35 b(But)20 b(then)i(w)o(e)e(disco)o(v)o(ered)g(that)i(most)e
(of)149 1553 y(the)g(prop)q(osed)i(solutions)f(in)f(hardening)g(the)h(name)e
(serv)o(er)g(are)h(applicable)g(to)g(a)h(v)m(ariet)o(y)e(of)149
1644 y(problems.)27 b(In)18 b(the)g(same)f(time,)f(it)i(is)g(necessary)g(to)h
(not)g(only)f(concen)o(trate)f(on)i(ho)o(w)g(to)g(deal)149
1734 y(with)i(certain)f(problems,)h(but)g(with)f(all)h(of)g(them)e(sim)o
(ultaneously)l(.)33 b(W)l(e)20 b(therefore)h(decided)149 1824
y(that)c(a)f(more)e(general)i(approac)o(h)g(is)f(to)i(state)e(a)i(list)e(of)h
(problems)e(next)h(to)h(a)g(list)f(of)h(solutions.)149 1915
y(This)h(w)o(a)o(y)f(w)o(e)g(can)g(relate)f(problems)g(to)i(solutions)g(and)g
(vice)d(v)o(ersa.)223 2005 y(The)19 b(follo)o(wing)f(t)o(w)o(o)h(sections)g
(are)g(descriptions)f(of)i(the)e(problems,)g(group)q(ed)i(dep)q(ending)149
2095 y(on)d(whether)f(a)h(giv)o(en)e(problem)g(exploits)g(cac)o(he)h(p)q
(oisoning,)h(or)f(not.)149 2255 y(4.10.1)50 b(Problems)15 b(Not)h(Exploiting)
g(Cac)o(he)g(P)o(oisoning)223 2378 y(In)j(Section)f(3.4.2)i(w)o(e)f(sa)o(w)h
(a)f(\014rst)h(example)d(of)i(ho)o(w)h(to)g(exploit)e(the)h(w)o(eaknesses)g
(of)h(the)149 2468 y(DNS.)e(Simple)e(c)o(hanges)j(in)e(the)h(database)i(en)o
(tries)d(of)i(a)f(mac)o(hine)e(that)j(is)f(trusted,)g(can)h(lead)149
2558 y(to)h(a)g(break{in.)29 b(As)19 b(w)o(e)g(sho)o(w)o(ed)g(in)g(this)g
(thesis,)g(it)g(is)g(not)h(di\016cult)e(to)h(coun)o(ter)g(the)g(attac)o(k)149
2648 y(based)e(on)g(database)g(mo)q(di\014cation.)p eop
%%Page: 69 78
77 bop 1901 -100 a Fo(69)223 75 y(There)18 b(are)h(t)o(w)o(o)f(more)g
(problems,)f(that)i(are)g(related)f(in)g(their)g(nature.)29
b(In)18 b(the)h(\014rst)g(one,)149 165 y(an)c(attac)o(k)o(er)f(in)o(tercepts)
f(a)h(query)g(to)h(another)g(name)e(serv)o(er)g(and)i(pro)o(vides)f(the)g
(reply)f(himself.)149 255 y(If)23 b(the)g(reply)f(con)o(tains)h(a)h(referral)
e(to)h(some)f(host)i(that)g(is)e(under)h(the)g(attac)o(k)o(er's)f(con)o
(trol,)149 346 y(the)f(originator)h(of)g(the)f(query)f(will)h(\014nally)f
(ask)i(that)g(name)e(serv)o(er)g(and)i(b)q(eliev)o(e)d(whatev)o(er)149
436 y(is)h(returned.)30 b(If)19 b(the)g(time)f(to)i(liv)o(e)d(v)m(alues)j
(for)f(records)h(supplied)f(in)g(that)h(answ)o(er)g(are)f(zero,)149
526 y(the)i(originator)g(will)f(not)h(cac)o(he)f(the)h(information,)f(but)h
(use)g(it)f(for)h(the)g(curren)o(t)f(resolution)149 616 y(pro)q(cess.)30
b(The)19 b(name)e(serv)o(er)h(that)h(w)o(as)h(originally)e(addressed,)h(or)h
(its)e(net)o(w)o(ork)g(connection,)149 707 y(can)g(b)q(e)f(manipulated)f(b)o
(y)h(the)g(attac)o(k)o(er)f(in)h(a)g(w)o(a)o(y)g(that)h(they)e(either)h(not)g
(receiv)o(e)e(an)o(y)i(query)149 797 y(at)g(all,)e(or)i(that)g(their)e(resp)q
(onse)i(gets)g(lost)f(\(see)g([Mor85])g(for)h(an)f(example\).)223
887 y(A)k(similar)e(attac)o(k)j(is)f(based)h(on)g(the)g(fact)f(that)h(the)g
(standard)h(for)f(the)f(DNS)h(implici)o(tly)149 978 y(determines)14
b(that)i(the)f(\014rst)h(answ)o(er)f(a)h(resolv)o(er)f(receiv)o(es)e(to)j(a)g
(query)f(is)g(returned)g(to)h(the)f(user)149 1068 y(program.)21
b(The)15 b(standard)h(states)g(in)e([Mo)q(c87a)q(])h(:)20 b(\\Get)c(the)e
(answ)o(er)h(as)h(quic)o(kly)d(as)i(p)q(ossible".)149 1158
y(If)21 b(a)g(query)g(is)f(answ)o(ered)i(b)o(y)e(more)g(than)h(one)h(host)f
(\(and)h(one)f(of)g(the)g(hosts)h(supplying)f(an)149 1248 y(answ)o(er)j(can)f
(b)q(e)g(the)g(attac)o(k)o(er)f(who)i(has)g(in)o(tercepted)d(the)i(query)l(,)
h(lik)o(e)d(in)i(the)f(previously)149 1339 y(describ)q(ed)c(problem\))e(the)h
(fastest)h(answ)o(er)g(wins.)25 b(This)18 b(answ)o(er)g(can)g(again)g(refer)f
(to)h(another)149 1429 y(name)e(serv)o(er)f(under)h(the)g(con)o(trol)g(of)g
(the)g(attac)o(k)o(er.)149 1589 y(4.10.2)50 b(Problems)15 b(Exploiting)h(Cac)
o(he)g(P)o(oisoning)223 1711 y(In)j(the)g(Sections)h(3.4.3)g(and)g(3.4.4)g(w)
o(e)f(describ)q(ed)g(t)o(w)o(o)h(problems)e(that)i(exploit)f(the)h(fact)149
1802 y(that)d(the)f(cac)o(he)f(of)i(a)f(name)f(serv)o(er)g(can)h(b)q(e)h(p)q
(oisoned.)22 b(W)l(e)16 b(describ)q(e)f(t)o(w)o(o)h(more)f(problems)g(in)149
1892 y(this)i(section.)223 1982 y(Imagine)10 b(again)j(the)f(scenario)h(w)o
(e)f(describ)q(ed)f(in)h(the)g(previous)h(section,)f(where)g(the)g(origina-)
149 2073 y(tor)j(of)f(a)g(query)f(receiv)o(es)f(more)g(than)i(one)g(resp)q
(onse)h(and)f(one)g(of)g(the)g(resp)q(onses)h(con)o(tains)f(false)149
2163 y(information)19 b(supplied)g(b)o(y)h(an)g(attac)o(k)o(er.)31
b(The)20 b(standard)h(states)f(in)g([Mo)q(c87b,)g(7.4])g(\\When)149
2253 y(sev)o(eral)c(RRs)h(of)g(the)f(same)g(t)o(yp)q(e)g(are)h(a)o(v)m
(ailable)f(for)h(a)g(particular)f(o)o(wner)h(name,)e(the)i(resolv)o(er)149
2343 y(should)h(either)e(cac)o(he)g(them)f(all)h(or)h(none)h(at)f(all.")23
b(The)17 b(fact)g(that)g(the)f(resp)q(onses)i(come)e(from)149
2434 y(di\013eren)o(t)i(IP)f(addresses,)i(do)q(es)g(not)f(matter)f(to)h(the)g
(originator.)27 b(In)17 b([Mo)q(c87b)q(])g(the)h(standard)149
2524 y(deals)e(with)f(the)h(fact)f(that)h(name)f(serv)o(ers)f(are)i
(sometimes)d(m)o(ulti{home)o(d)g(hosts)j(and)h(resp)q(ond)149
2614 y(to)k(queries)e(using)i(another)f(net)o(w)o(ork)g(in)o(terface)e(than)j
(where)f(the)g(query)f(arriv)o(ed.)32 b(W)l(e)20 b(cite:)p
eop
%%Page: 70 79
78 bop 1901 -100 a Fo(70)149 75 y(\\That)23 b(is,)f(a)g(resolv)o(er)f(cannot)
h(rely)f(that)h(a)g(resp)q(onse)g(will)e(come)g(from)h(the)g(same)g(address)
149 165 y(whic)o(h)16 b(it)g(sen)o(t)g(the)g(corresp)q(onding)h(query)e
(to."\([Mo)q(c87b)q(]\))223 255 y(Under)h(certain)g(additional)g(assumptions)
h(it)f(is)h(p)q(ossible)g(to)g(p)q(oison)h(some)d(name)h(serv)o(er's)149
346 y(cac)o(he)24 b(b)o(y)f(simply)f(sending)i(it)f(a)i(query)e(that)h(con)o
(tains)g(the)g(corrupt)g(information)f(in)h(the)149 436 y(additional)17
b(section.)k(This)16 b(should)h(w)o(ork)f(in)g(the)g(follo)o(wing)g(setup:)
222 568 y Fj(\017)24 b Fo(an)16 b(A)o(ttac)o(k)o(er)d(on)j(host)g(NS)772
575 y Fm(B)814 568 y Fo(sends)g(a)g(query)e(along)i(with)g(the)f(false)g
(additional)g(RR)g(to)h(a)271 658 y(name)f(serv)o(er)h(B)f(it)h(w)o(an)o(ts)h
(to)f(compromise,)d(requesting)j(recursiv)o(e)f(resolution)222
790 y Fj(\017)24 b Fo(the)14 b(name)g(serv)o(er)f(on)i(host)g(NS)854
797 y Fm(A)897 790 y Fo(do)q(es)g(not)g(cac)o(he)f(incoming)e(information)i
(according)g(to)271 880 y(the)i(RF)o(C,)g(but)g(it)g(shares)h(its)f(cac)o(he)
f(with)h(the)g(lo)q(cal)h(resolv)o(er)e(on)h(the)g(same)g(mac)o(hine)222
1012 y Fj(\017)24 b Fo(if)12 b(the)g(name)f(serv)o(er)g(on)i(host)g(NS)885
1019 y Fm(A)925 1012 y Fo(in)o(v)o(ok)o(es)e(its)h(lo)q(cal)g(resolv)o(er)f
(that)i(will)e(\014nally)h(get)g(bac)o(k)271 1102 y(an)k(answ)o(er)g(from)e
(somewhere,)g(this)h(resolv)o(er)f(on)i(host)g(NS)1381 1109
y Fm(A)1425 1102 y Fo(will)e(cac)o(he)h(whatev)o(er)g(data)271
1192 y(is)g(pro)o(vided)f(according)h(to)g(the)f(rules)g({)i(including)d(the)
i(additional)g(record)f(pro)o(vided)g(b)o(y)271 1283 y(the)i(attac)o(k)o(er.)
223 1414 y(The)g(name)f(serv)o(er)g(on)i(host)g(NS)831 1421
y Fm(A)876 1414 y Fo(inherits)f(the)g(w)o(eakness)g(of)g(its)g(o)o(wn)h
(resolv)o(er.)149 1574 y(4.10.3)50 b(Keeping)16 b(Additional)f(Information)
223 1697 y(A)f(\014rst)i(idea)f(is)g(to)g(log)h(\\rlogin")f(attempts)g(with)g
(IP)g(address)g(and)h(lo)q(cal)f(and)h(remote)d(user)149 1787
y(names.)28 b(Or)19 b(ev)o(en)e(more:)25 b(to)19 b(tag)g(cac)o(he)f(en)o
(tries)g(with)g(their)g(origin.)29 b(The)18 b(latter)g(is)h(another)149
1878 y(easily)f(ac)o(hiev)o(ed)f(mo)q(di\014cation)g(that)i(costs)g
(additional)f(memory)e(space)i(in)g(the)h(cac)o(he.)26 b(This)149
1968 y(metho)q(d)18 b(mak)o(es)f(it)h(easier)f(to)i(trac)o(k,)f(for)g
(example,)f(a)h(false)g(\\A")h(record)f(for)h(the)f(purp)q(ose)h(of)149
2058 y(debugging)e(wrong)h(zone)e(data)h(or)g(in)o(v)o(estigating)e(a)h(DNS)h
(based)f(break{in.)149 2218 y(4.10.4)50 b(Prev)o(en)o(tion)15
b(of)h(Cac)o(he)g(P)o(oisoning)223 2341 y(Prev)o(en)o(ting)d(the)h(cac)o(he)g
(from)g(con)o(tamination)f(is)h(probably)h(not)g(feasible)f(from)g(within)g
(the)149 2431 y(name)j(serv)o(er)g(co)q(de,)h(as)g(there)g(is)f(no)i(w)o(a)o
(y)e(of)h(a)g(priori)g(determining)d(if)j(an)o(y)f(giv)o(en)g(additional)149
2521 y(record)h(is)f(trust)o(w)o(orth)o(y)h(or)f(not.)26 b(W)l(e)18
b(could)f(start)h(treating)g(sp)q(ecial)f(cases)h(of)g(when)g(to)g(allo)o(w)
149 2611 y(or)f(disallo)o(w)f(additional)g(information.)p eop
%%Page: 71 80
79 bop 1901 -100 a Fo(71)223 75 y(The)17 b(default)g(safe)g(b)q(eha)o(vior)g
(w)o(ould)g(b)q(e)g(to)h(disallo)o(w)f(the)g(cac)o(hing)f(of)i(unrequested)e
(infor-)149 165 y(mation,)k(and)g(to)g(allo)o(w)g(it)f(only)h(in)g(cases)g
(where)f(the)h(information)f(is)g(necessary)l(,)h(and)h(then)149
255 y(only)16 b(for)h(the)f(curren)o(t)f(resolution.)149 415
y(4.10.5)50 b(Con)o(text)16 b(Cac)o(he)223 538 y(But)i(there)g(are)h(other,)h
(more)d(sophisticated)i(approac)o(hes)g(p)q(ossible:)27 b(If)19
b(some)e(additional)149 628 y(or)f(authoritativ)o(e)f(records)g(are)h
(returned)e(together)i(with)f(a)h(resource)f(record,)g(they)g(should)g(b)q(e)
149 718 y(in)o(terpreted)j(only)g(in)g(the)h(con)o(text)f(of)h(that)g
(resource)f(record.)29 b(The)18 b(di\013erence)g(b)q(et)o(w)o(een)g(the)149
809 y(default)13 b(safe)f(b)q(eha)o(vior)g(approac)o(h)i(and)f(this)f(one)g
(is)h(that)f(in)g(the)h(\014rst)f(one)h(resource)f(records)g(are)149
899 y(only)17 b(cac)o(hed,)e(when)h(they)g(w)o(ere)g(requested)f(or)i
(necessary)f(additional)g(information,)f(whereas)149 989 y(in)21
b(the)g(second)g(approac)o(h)g(the)g(new)g(en)o(tries)f(get)h(cac)o(hed,)g
(but)g(can)g(b)q(e)g(retriev)o(ed)e(from)h(the)149 1079 y(cac)o(he)g(only)h
(in)f(the)g(same)g(con)o(text)f(in)i(whic)o(h)e(they)i(w)o(ere)e(en)o(tered.)
33 b(F)l(or)21 b(example,)e(an)i(\\A")149 1170 y(record)15
b(in)g(the)g(additional)h(section)f(of)g(a)h(resp)q(onse)g(to)f(an)h(\\MX")f
(record)g(request)g(should)h(only)149 1260 y(b)q(e)g(used)f(for)h(deliv)o
(ering)d(mail.)19 b(The)c(information)f(w)o(ould)h(not)h(b)q(e)f(acceptable)g
(for)g(an)h(\\rlogin")149 1350 y(to)h(another)g(host,)f(or)h(generally)e
(usable)i(for)f(other)g(services.)223 1441 y(A)21 b(glue)h(\\A")g(record)g
(coming)f(along)i(with)e(an)i(\\NS")f(record)g(w)o(ould)g(only)g(b)q(e)g
(used)g(for)149 1531 y(domain)16 b(hopping,)g(b)q(ecause)h(that)g(is)f(the)g
(con)o(text)f(in)h(whic)o(h)f(it)h(w)o(as)h(supplied.)223 1621
y(\\A")h(records)f(along)i(with)e(\\PTR")i(records)f(should)g(nev)o(er)e(b)q
(e)i(cac)o(hed,)f(b)q(ecause)h(there)f(is)149 1711 y(no)g(legal)f(con)o(text)
f(in)h(whic)o(h)g(they)g(ha)o(v)o(e)f(to)i(b)q(e)f(returned)g(in)g(a)g
(single)g(resp)q(onse.)223 1802 y(This)23 b(whole)g(approac)o(h)h(leads)g(to)
f(the)g(question)g(of)h(whether)f(w)o(e)g(still)f(need)h(the)g(addi-)149
1892 y(tional)18 b(section)g(at)g(all.)26 b(If)17 b(only)h(certain)f(com)o
(binations)g(of)h(resource)g(records)g(are)g(allo)o(w)o(ed)f(as)149
1982 y(a)j(resp)q(onse)h(to)e(a)h(query)l(,)f(wh)o(y)h(not)g(consequen)o(tly)
e(eliminate)e(the)k(idea)f(of)h(additional)f(unre-)149 2073
y(quested)j(information)f(completely)l(,)f(and)j(adapt)g(the)f(proto)q(col)h
(to)f(accommo)q(date)f(the)g(new)149 2163 y(ideas,)16 b(namely)f(a)h(certain)
g(limited)d(n)o(um)o(b)q(er)i(of)h(t)o(yp)q(es)g(of)h(asso)q(ciations?)223
2253 y(First)h(of)h(all,)f(that)h(w)o(ould)g(require)f(a)h(proto)q(col)g(c)o
(hange,)g(whic)o(h)f(is)h(something)e(w)o(e)i(try)f(to)149
2343 y(a)o(v)o(oid.)j(Some)13 b(of)i(the)f(original)h(design)g(goals)g(of)g
(the)g(Domain)f(Name)f(System)g(also)i(imply)d(that)149 2434
y(eliminating)i(the)h(additional)h(section)g(w)o(ould)g(not)g(b)q(e)g(a)g(go)
q(o)q(d)i(approac)o(h.)k(The)16 b(system)e(w)o(ould)149 2524
y(lose)k(some)f(of)i(its)f(generalit)o(y)l(,)e(b)q(ecause)i(the)g(additional)
g(section)g(migh)o(t)e(b)q(ecome)h(v)o(ery)g(useful)149 2614
y(in)h(future)g(applications)g(of)g(the)f(Domain)h(Name)e(System)g(without)i
(con)o(taining)g(an)o(y)g(securit)o(y)p eop
%%Page: 72 81
80 bop 1901 -100 a Fo(72)149 75 y(threats.)24 b(The)17 b(system)f(w)o(ould)h
(certainly)e(lose)i(e\016ciency)l(.)k(Here)16 b(w)o(e)h(see)f(again)i(an)f
(imp)q(ortan)o(t)149 165 y(trade-o\013)k(that)f(w)o(e)g(ha)o(v)o(e)e(already)
i(men)o(tioned)d(in)j(sev)o(eral)e(earlier)h(sections:)28 b(an)20
b(increase)f(in)149 255 y(systems)e(securit)o(y)f(and)i(a)g(decline)e(in)h
(system)f(p)q(erformance)h(vs.)25 b(go)q(o)q(d)19 b(system)e(p)q(erformance)
149 346 y(and)g(a)g(p)q(ossible)f(lac)o(k)g(of)g(securit)o(y)l(.)223
436 y(It)j(is)h(therefore)f(justi\014able)g(to)i(tak)o(e)e(the)h(approac)o(h)
g(of)h(hardening)f(the)f(name)g(serv)o(er)g(b)o(y)149 526 y(treating)j(more)e
(sp)q(ecial)h(cases,)h(and)g(b)o(y)f(increasing)g(the)g(complexit)o(y)d(of)j
(the)g(in)o(ternal)g(data)149 616 y(bases,)j(instead)e(of)h(hardening)f(it)g
(b)o(y)f(impleme)o(n)o(ti)o(ng)f(the)i(same)f(ideas)h(accepting)g(proto)q
(col)149 707 y(c)o(hanges.)149 867 y(4.10.6)50 b(Authorit)o(y)15
b(Cac)o(he)223 989 y(A)f(further)g(approac)o(h)h(w)o(ould)g(b)q(e)f(to)h(cac)
o(he)f(data)h(only)f(if)g(the)g(source)h(of)g(a)g(record)f(is)g(kno)o(wn)149
1079 y(to)h(b)q(e)g(authoritativ)o(e)f(for)h(that)g(zone.)21
b(W)l(e)14 b(giv)o(e)g(an)h(example)d(for)j(that:)21 b(If)14
b(a)h(name)f(serv)o(er)f(NS)1921 1086 y Fm(A)149 1170 y Fo(receiv)o(es)18
b(a)h(\\PTR")i(record)e(from)f(some)h(host)h(NS)1117 1177 y
Fm(B)1144 1170 y Fo(,)f(and)h(the)f(DNS)h(message)e(also)i(con)o(tains)149
1260 y(an)k(\\A")f(record)g(in)f(its)h(additional)g(section,)h(then)e(the)h
(name)f(serv)o(er)g(NS)1604 1267 y Fm(A)1656 1260 y Fo(w)o(ould)g(b)q(eliev)o
(e)149 1350 y(and)17 b(cac)o(he)e(this)h(information)e(only)i(if)f(it)h
(already)f(kno)o(ws)i(that)f(the)f(source)h(name)f(serv)o(er)g(NS)1922
1357 y Fm(B)149 1441 y Fo(is)i(authoritativ)o(e)g(for)g(the)g(according)g
(zone.)23 b(A)17 b(name)f(serv)o(er)g(follo)o(wing)g(this)h(strategy)g(w)o
(ould)149 1531 y(create)11 b(its)h(o)o(wn)g(tree)f(of)h(authoritativ)o(e)f
(name)g(serv)o(ers.)18 b(This)12 b(tree)f(w)o(ould)h(ha)o(v)o(e)f(to)h(lose)f
(subtrees)149 1621 y(according)17 b(to)g(the)f(expiration)f(of)i(the)f
(lifetime)d(of)j(some)f(no)q(de)i(\(name)e(serv)o(er\).)149
1781 y(4.10.7)50 b(Conditional)16 b(Cac)o(he)g(Use)223 1904
y(The)f(Berk)o(eley)d(patc)o(h)k(\(see)e(Section)h(4.5\))h(can)f(fail)g(in)g
(the)g(case)g(that)h(the)f(cac)o(he)g(is)g(already)149 1994
y(p)q(oisoned.)30 b(An)18 b(idea)h(to)g(strengthen)g(the)f(Berk)o(eley)e
(patc)o(h)j(is)f(to)h(pro)o(vide)f(the)g(p)q(ossibilit)o(y)g(to)149
2084 y(resolv)o(e)f(queries)g(without)g(using)h(the)g(cac)o(he.)24
b(That)19 b(could)e(b)q(e)h(used)g(b)o(y)f(the)g(Berk)o(eley)e(patc)o(h.)149
2174 y(The)f(system)e(call)h(executing)g(the)g(forw)o(ard)h(lo)q(okup)g(w)o
(ould)g(for)g(example)d(set)j(a)g(\015ag)g(to)g(indicate)149
2265 y(that)i(the)f(cac)o(he)f(con)o(ten)o(ts)h(should)g(not)h(b)q(e)f(used)g
(for)h(the)e(follo)o(wing)h(resolution.)21 b(This)15 b(metho)q(d)149
2355 y(again)e(hits)e(the)g(e\016ciency)f(of)h(the)h(system,)e(but)i(it)f
(prev)o(en)o(ts)f(the)h(exploitation)g(of)h(the)f(w)o(eakness.)149
2445 y(One)18 b(could)h(also)f(think)g(of)h(a)g(system)d(call)i(to)g(\015ush)
h(the)f(cac)o(he)g(follo)o(w)o(ed)f(b)o(y)h(a)h(reload)f(of)h(the)149
2536 y(database,)e(similar)d(to)i(the)f(signal)h(SIGHUP)f(that)h(a)g(system)e
(administrator)h(can)h(send)g(to)g(the)149 2626 y(BIND)g(implem)o(e)o(n)o
(tation)e(of)i(the)g(name)f(serv)o(er)h(to)g(ac)o(hiev)o(e)f(the)h(same.)p
eop
%%Page: 73 82
81 bop 1901 -100 a Fo(73)149 75 y(4.10.8)50 b(Discussion)223
197 y(A)12 b(v)o(ery)h(thorough)h(analysis)g(of)f(the)g(proto)q(col)i(is)e
(needed)f(to)i(determine)d(the)i(cases)g(in)g(whic)o(h)149
287 y(additional)19 b(resource)f(records)h(are)f(legal)g(and)i(cannot)f(do)g
(an)o(y)f(harm,)g(or)h(ha)o(v)o(e)f(to)g(b)q(e)h(stored)149
378 y(in)d(di\013eren)o(t)g(con)o(texts.)223 468 y(Hardening)h(the)h(system)e
(w)o(ould)i(require)f(careful)g(design,)h(implem)o(en)o(tation,)d(and)k
(testing)149 558 y(and)k(w)o(ould)e(lead)g(to)h(a)g(higher)f(complexit)o(y)d
(of)k(the)f(co)q(de)h(and)g(the)f(system.)36 b(Our)21 b(analysis)149
649 y(has)e(to)f(stress)g(the)g(higher)f(complexit)o(y)l(,)e(b)q(ecause)j
(design,)g(implem)o(e)o(n)o(tation)d(and)k(testing)e(are)149
739 y(a)e(pro)q(cess)g(that)g(will)e(b)q(e)i(done)g(at)g(some)e(p)q(oin)o(t,)
h(but)h(the)f(complexit)o(y)d(of)k(a)g(system)e(is)h(a)h(feature)149
829 y(that)k(sta)o(ys)g(with)f(it.)26 b(Higher)18 b(complexit)o(y)d(usually)j
(go)q(es)h(along)g(with)f(greater)h(insecurit)o(y)l(.)25 b(It)149
919 y(is)16 b(therefore)g(imp)q(ortan)o(t)f(to)i(k)o(eep)e(the)h(complexit)o
(y)d(in)j(a)h(manageable)e(scop)q(e.)223 1010 y(A)20 b(decline)g(in)h(system)
f(p)q(erformance)g(w)o(ould)h(result)g(from)f(the)h(fact)g(that)h(name)e
(serv)o(ers)149 1100 y(w)o(ould)d(b)q(eliev)o(e)d(and)j(therefore)e(cac)o(he)
h(less)g(data)h(|)f(data)h(that)g(migh)o(t)d(b)q(e)j(needed)e(later.)223
1190 y(Ov)o(erall,)i(hardening)j(name)e(serv)o(ers)g(consists)h(of)h(sev)o
(eral)e(p)q(ossible)h(mo)q(di\014cations,)f(some)149 1281 y(of)h(whic)o(h)f
(seem)f(promising,)h(ev)o(en)f(though)j(their)d(application)i(decreases)f
(the)g(system's)f(p)q(er-)149 1371 y(formance)e(and)i(increases)f(its)g
(complexit)o(y)l(,)c(whic)o(h)k(migh)o(t)f(lead)h(to)g(further)g(insecurit)o
(y)l(.)149 1536 y(4.11)50 b(Cryptographic)17 b(Metho)q(ds)g(for)f(Strong)h
(Authen)o(tication)223 1676 y(In)j(this)h(section)g(w)o(e)g(describ)q(e)f(an)
i(arc)o(hitecture)d(for)j(an)f(authen)o(ticated)g(Domain)f(Name)149
1766 y(System.)g(The)c(outline)f(for)i(the)f(approac)o(h)g(describ)q(ed)g(b)q
(elo)o(w)g(is)g(only)g(one)g(of)g(sev)o(eral)f(p)q(ossible)149
1856 y(scenarios.)26 b(There)17 b(are)g(systems)g(that)g(pro)o(vide)g(access)
g(authen)o(tication)h(in)f(distributed)f(en)o(vi-)149 1947
y(ronmen)o(ts.)23 b(Some)16 b(examples)f(of)j(systems)e(that)i(use)f(tic)o(k)
o(ets)e(or)j(securit)o(y)d(certi\014cates)h(are)i(the)149 2037
y(Kerb)q(eros)e(authen)o(tication)f(service)g(\([SNS88]\))g(and)h(pro)s(ject)
f(SESAME)g(\([P)o(ar91)q(]\).)20 b(They)15 b(are)149 2127 y(not)i(directly)e
(applicable)g(to)i(our)f(problem.)223 2218 y(Our)e(approac)o(h)i(con)o(tains)
f(three)f(ma)s(jor)g(features)h(that)g(are)g(necessary)g(to)g(ensure)f(the)h
(kind)149 2308 y(of)i(securit)o(y)e(w)o(e)h(are)g(trying)g(to)g(obtain:)209
2452 y(1.)24 b(data)17 b(in)o(tegrit)o(y)e(of)h(a)h(message)209
2584 y(2.)24 b(originator)17 b(authen)o(tication)p eop
%%Page: 74 83
82 bop 1901 -100 a Fo(74)209 75 y(3.)24 b(originator's)h(pro)q(of)f(of)g(b)q
(eing)g(an)h(authoritativ)o(e)e(source)h(b)o(y)f(presen)o(ting)g(creden)o
(tials)271 165 y(signed)17 b(b)o(y)e(the)h(paren)o(t)h(domain)223
309 y(In)g(the)g(follo)o(wing)f(w)o(e)h(will)f(elab)q(orate)i(on)g(these)f
(three)f(features)i(and)f(presen)o(t)g(tec)o(hniques)149 400
y(and)g(ideas)f(for)h(their)f(p)q(ossible)g(implem)o(en)o(tati)o(on.)149
560 y(4.11.1)50 b(Data)17 b(In)o(tegrit)o(y)262 1071 y @beginspecial
0 @llx 0 @lly 369 @urx 54 @ury 3690 @rwi @setspecial
%%BeginDocument: pictures/mesg_digest.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 63.0 translate 0.900 -0.900 scale
1.000 setlinewidth
n 16 29 m 9 29 9 42 7 arcto 4 {pop} repeat 9 49 87 49 7 arcto 4 {pop} repeat 94 49 94 36 7 arcto 4 {pop} repeat 94 29 16 29 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 11 24 m 4 24 4 47 7 arcto 4 {pop} repeat 4 54 92 54 7 arcto 4 {pop} repeat 99 54 99 31 7 arcto 4 {pop} repeat 99 24 11 24 7 arcto 4 {pop} repeat clp gs col-1 s gr
/Times-Bold findfont 12.00 scalefont setfont
14 44 m 
gs 1 -1 scale (DNS message) col-1 show gr
n 279 69 m 279 9 l  134 9 l  134 69 l  clp gs col-1 s gr
n 321 29 m 314 29 314 42 7 arcto 4 {pop} repeat 314 49 407 49 7 arcto 4 {pop} repeat 414 49 414 36 7 arcto 4 {pop} repeat 414 29 321 29 7 arcto 4 {pop} repeat clp gs col-1 s gr
n 99 39 m 134 39 l gs col-1 s gr
n 118.000 35.000 m 134.000 39.000 l 118.000 43.000 l gs 2 setlinejoin col-1 s gr
n 279 39 m 314 39 l gs col-1 s gr
n 298.000 35.000 m 314.000 39.000 l 298.000 43.000 l gs 2 setlinejoin col-1 s gr
/Times-Bold findfont 12.00 scalefont setfont
139 44 m 
gs 1 -1 scale (message digest algorithm) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
159 24 m 
gs 1 -1 scale (MD2, MD4, MD5) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
189 64 m 
gs 1 -1 scale (Snefru) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
324 44 m 
gs 1 -1 scale (message digest) col-1 show gr
0.500 setlinewidth
n 139 49 m 274 49 l gs col-1 s gr
$F2psEnd
%%EndDocument
 @endspecial 478 1316 a(Figure)e(4.1)33 b(Application)15 b(of)i(a)g(message)e
(digest)h(algorithm)223 1531 y(In)o(tegrit)o(y)10 b(service)g(means)h(that)h
(a)g(recipien)o(t)d(is)j(pro)o(vided)f(with)g(assurance)i(that)f(the)f(con)o
(ten)o(t)149 1621 y(of)19 b(a)f(receiv)o(ed)e(message)h(is)h(iden)o(tical)e
(to)j(the)e(con)o(ten)o(t)h(of)g(a)g(message)g(\(including)f(its)h(header\))
149 1711 y(sen)o(t)e(b)o(y)g(its)g(originator)h(\(see)f([Ken93a]\).)223
1802 y(In)f(our)h(case,)f(w)o(e)g(w)o(an)o(t)g(to)h(ensure)f(the)h(in)o
(tegrit)o(y)d(of)j(transmitted)e(DNS)h(messages.)21 b(There)149
1892 y(are)15 b(sev)o(eral)f(approac)o(hes)h(to)g(protect)f(a)h(message)f
(against)i(unauthorized)f(c)o(hange:)20 b(prev)o(en)o(tion)149
1982 y(tec)o(hniques,)e(a)o(v)o(oidance)h(tec)o(hniques,)e(and)j(detection)e
(and)i(reco)o(v)o(ery)d(tec)o(hniques.)28 b(All)18 b(these)149
2072 y(tec)o(hniques)h(ha)o(v)o(e)h(inheren)o(t)f(adv)m(an)o(tages)j(and)f
(disadv)m(an)o(tages.)35 b(W)l(e)20 b(will)g(not)g(discuss)h(them)149
2163 y(here,)f(but)f(concen)o(trate)g(on)h(a)g(certain)f(tec)o(hnique)f(to)i
(detect)e(unauthorized)i(message)f(alter-)149 2253 y(ation.)36
b(W)l(e)21 b(stress)g(this)g(approac)o(h,)h(b)q(ecause)f(it)g(is)f(e\016cien)
o(t)f(and)j(considerably)e(secure.)35 b(In)149 2343 y(case)14
b(of)g(alteration)g(detection,)e(reco)o(v)o(ery)g(actions)i(could)g(b)q(e)f
(to)h(ignore)g(the)f(DNS)h(message)f(and)149 2434 y(issue)20
b(an)h(additional)f(query)l(.)31 b(Our)20 b(approac)o(h)h(is)f(based)g(up)q
(on)i(message)d(digest)h(algorithms.)149 2524 y(They)15 b(are)g(one-w)o(a)o
(y)g(hash)g(functions)g(that)g(compute)e(a)j(c)o(hec)o(ksum)11
b(of)16 b(some)d(data)j(\(in)e(our)h(case)149 2614 y(the)h(DNS)h(message)e(|)
h(see)g(Figure)g(4.1\).)21 b(They)16 b(ha)o(v)o(e)g(the)g(follo)o(wing)g
(features:)p eop
%%Page: 75 84
83 bop 1901 -100 a Fo(75)222 75 y Fj(\017)24 b Fo(they)17 b(are)g(easy)h(to)f
(compute)f(\(examples)g(are)h(the)g(MD2,)g(MD4,)h(and)g(MD5)f(algorithms)271
165 y(in)f([Kal92,)g(Riv92a)q(,)f(Riv92b])h(and)h(the)f(Snefru)g(algorithm)f
(in)h([Mer89]\))222 289 y Fj(\017)24 b Fo(the)16 b(signature)h(\(message)e
(digest)i(or)f(\014ngerprin)o(t\))g(is)g(only)g(a)h(few)f(b)o(ytes)f(p)q(er)i
(message)222 412 y Fj(\017)24 b Fo(they)16 b(are)g(computationally)f(hard)i
(to)g(in)o(v)o(ert)222 536 y Fj(\017)24 b Fo(they)16 b(usually)g(require)f(a)
i(certain)e(size)h(of)g(input)g(data)149 648 y(An)23 b(originator)h(w)o(ould)
f(calculate)f(the)h(message)f(digest)h(of)g(a)h(DNS)f(message)f(imme)o
(diately)149 738 y(b)q(efore)15 b(it)f(is)g(sen)o(t)g(out.)21
b(The)14 b(recipien)o(t)e(w)o(ould)j(recalculate)e(the)h(message)f(digest)i
(and)g(compare)149 828 y(the)h(resulting)g(v)m(alue)g(with)g(the)g(one)h
(calculated)e(b)o(y)h(the)g(originator.)22 b(In)16 b(case)g(of)g(a)h(mismatc)
o(h,)149 919 y(the)e(originator)g(w)o(ould)g(conclude)f(that)h(he)f(did)h
(not)g(receiv)o(e)d(an)j(unaltered)g(DNS)f(message.)20 b(He)149
1009 y(w)o(ould)d(disp)q(ose)g(of)f(it.)223 1099 y(Ho)o(w)c(do)q(es)i(the)f
(message)f(digest)h(calculated)f(b)o(y)h(the)f(originator)i(get)f(to)g(the)g
(receiv)o(er)e(unim-)149 1190 y(paired?)35 b(The)21 b(message)f(digest)h
(algorithms)f(are)h(publicly)e(kno)o(wn)i(and)g(an)o(y)o(one)f(tamp)q(ering)
149 1280 y(with)h(a)g(message)f(could)h(easily)f(mo)q(dify)f(the)h(asso)q
(ciated)i(message)e(digest)h(accordingly)l(.)34 b(T)l(o)149
1370 y(sho)o(w)21 b(ho)o(w)f(this)g(can)g(b)q(e)g(prev)o(en)o(ted)e(w)o(e)h
(discuss)h(a)g(metho)q(d)f(for)h(originator)h(authen)o(tication)149
1460 y(in)h(the)g(follo)o(wing)g(section.)38 b(A)21 b(message)h(digest)g
(together)g(with)g(an)g(authorization)h(service)149 1551 y(guaran)o(tee)17
b(the)f(in)o(tegrit)o(y)e(of)j(transmitted)e(data.)149 1715
y(4.11.2)50 b(Originator)16 b(Authen)o(tication)223 1837 y(Originator)k
(authen)o(tication)g(service)g(p)q(ermits)f(the)h(recipien)o(t)e(of)j(a)g
(message)f(to)h(reliably)149 1928 y(determine)14 b(the)i(iden)o(tit)o(y)e(of)
j(the)f(originator)h(of)f(a)h(message.)223 2018 y(W)l(e)22
b(demonstrate)h(a)g(pro)q(cedure)g(that)g(guaran)o(tees)h(the)f(originator's)
g(authen)o(ticit)o(y)l(.)40 b(In)149 2108 y(an)20 b(asymmetri)o(c)c(\(i.e.)27
b(public)18 b(k)o(ey\))g(cryptoalgorithm)f(a)i(pair)g(of)g(distinct,)f(but)h
(mathemati-)149 2198 y(cally)g(related,)h(k)o(eys)e(are)i(used)g(for)g
(encryption)f(and)h(decryption.)31 b(One)19 b(k)o(ey)g(is)g(priv)m(ate)h(and)
149 2289 y(k)o(ept)f(secret)f(b)o(y)g(the)h(sender,)g(the)g(other)g(one)g(is)
f(publicly)g(kno)o(wn.)29 b(Data)20 b(encrypted)e(with)h(a)149
2379 y(sender's)i(priv)m(ate)f(k)o(ey)g(can)h(b)q(e)g(decrypted)f(using)i
(his)e(public)g(k)o(ey)l(,)h(and)g(vice)f(v)o(ersa.)35 b(These)149
2469 y(k)o(eys)15 b(are)g(usually)g(large)g(in)o(teger)f(n)o(um)o(b)q(ers,)g
(sev)o(eral)g(h)o(undred)h(decimal)e(digits)i(long)h(with)f(sp)q(e-)149
2560 y(cial,)j(mathematical)d(prop)q(erties.)28 b(\(ex.)f([Den82]\).)g
(\\RSA")19 b(is)f(an)h(example)d(of)i(a)h(public)f(k)o(ey)149
2650 y(encryption)e(algorithm)f(\([RSA78]\).)p eop
%%Page: 76 85
84 bop 1901 -100 a Fo(76)299 970 y @beginspecial 0 @llx 0 @lly
350 @urx 206 @ury 3500 @rwi @setspecial
%%BeginDocument: pictures/dig_sig_val.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-4.0 211.0 translate 0.900 -0.900 scale
1.000 setlinewidth
	1 setlinecap [1 3.000000] 3.000000 setdash
n 159 229 m 239 229 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 231.000 227.000 m 239.000 229.000 l 231.000 231.000 l gs 2 setlinejoin col-1 s gr
	1 setlinecap [1 3.000000] 3.000000 setdash
n 159 29 m 239 29 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 231.000 27.000 m 239.000 29.000 l 231.000 31.000 l gs 2 setlinejoin col-1 s gr
n 319 39 m 319 59 l gs col-1 s gr
n 321.000 51.000 m 319.000 59.000 l 317.000 51.000 l gs 2 setlinejoin col-1 s gr
n 319 79 m 319 99 l gs col-1 s gr
n 321.000 91.000 m 319.000 99.000 l 317.000 91.000 l gs 2 setlinejoin col-1 s gr
n 319 179 m 319 159 l gs col-1 s gr
n 317.000 167.000 m 319.000 159.000 l 321.000 167.000 l gs 2 setlinejoin col-1 s gr
n 319 219 m 319 199 l gs col-1 s gr
n 317.000 207.000 m 319.000 199.000 l 321.000 207.000 l gs 2 setlinejoin col-1 s gr
n 79 39 m 79 59 l gs col-1 s gr
n 81.000 51.000 m 79.000 59.000 l 77.000 51.000 l gs 2 setlinejoin col-1 s gr
n 79 79 m 79 99 l gs col-1 s gr
n 81.000 91.000 m 79.000 99.000 l 77.000 91.000 l gs 2 setlinejoin col-1 s gr
n 79 119 m 79 179 l gs col-1 s gr
n 81.000 171.000 m 79.000 179.000 l 77.000 171.000 l gs 2 setlinejoin col-1 s gr
n 79 199 m 79 219 l gs col-1 s gr
n 81.000 211.000 m 79.000 219.000 l 77.000 211.000 l gs 2 setlinejoin col-1 s gr
n 279 19 m 359 19 l gs col-1 s gr
n 39 19 m 119 19 l gs col-1 s gr
0.500 setlinewidth
n 274 159 m 284 184 l gs col-1 s gr
n 282.886 175.829 m 284.000 184.000 l 279.172 177.315 l gs 2 setlinejoin col-1 s gr
n 108 159 m 98 184 l gs col-1 s gr
n 102.828 177.315 m 98.000 184.000 l 99.114 175.829 l gs 2 setlinejoin col-1 s gr
/Times-Bold findfont 12.00 scalefont setfont
59 14 m 
gs 1 -1 scale (Sender:) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
19 34 m 
gs 1 -1 scale (\(data before signature\)) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
39 74 m 
gs 1 -1 scale (hash algorithm) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
54 114 m 
gs 1 -1 scale (hash value) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
4 194 m 
gs 1 -1 scale (asymmetric cryptoalgorithm) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
39 234 m 
gs 1 -1 scale (digital signature) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
294 14 m 
gs 1 -1 scale (Receiver:) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
279 34 m 
gs 1 -1 scale (\(received data\)) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
279 74 m 
gs 1 -1 scale (hash algorithm) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
294 114 m 
gs 1 -1 scale (hash value) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
294 154 m 
gs 1 -1 scale (hash value) col-1 show gr
/Times-Bold findfont 24.00 scalefont setfont
309 139 m 
gs 1 -1 scale (=?) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
244 194 m 
gs 1 -1 scale (asymmetric cryptoalgorithm) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
254 234 m 
gs 1 -1 scale (received digital signature) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
119 154 m 
gs 1 -1 scale (sender's ) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
114 169 m 
gs 1 -1 scale (private key) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
224 154 m 
gs 1 -1 scale (sender's ) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
219 169 m 
gs 1 -1 scale (public key) col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 467 1215 a(Figure)15 b(4.2)33 b(Digital)16 b(signature)h
(generation)f(and)h(v)m(alidation)223 1399 y(The)f(follo)o(wing)g(pro)q
(cedure)h(and)g(Figure)f(4.2)g(outline)g(ho)o(w)h(w)o(e)f(w)o(ould)g(use)h
(the)f(public)g(k)o(ey)149 1489 y(cryptoalgorithm)f(to)i(ensure)f(originator)
h(authen)o(tication.)223 1579 y(The)f(pro)q(cedure)g(could)g(w)o(ork)g(as)h
(follo)o(ws:)222 1711 y Fj(\017)24 b Fo(The)17 b(sending)f(name)f(serv)o(er)g
(creates)h(the)g(digital)g(signature)h(of)f(the)g(DNS)g(message)g
Fn(m)p Fo(:)271 1802 y Fn(s)e Fo(=)g Fn(hash)p Fo(\()p Fn(m)p
Fo(\))222 1933 y Fj(\017)24 b Fo(The)13 b(sending)h(name)e(serv)o(er)g(signs)
h(the)g(message)f(digest)h(\(the)g(digital)g(signature\))g
Fn(s)g Fo(using)271 2024 y(its)j(priv)m(ate)g(k)o(ey)f Fn(K)636
2006 y Fd(S)r(ender)632 2036 y(pr)q(iv)767 2024 y Fo(:)22 b
Fn(s)826 2006 y Fc(0)851 2024 y Fo(=)14 b Fn(E)939 2035 y Fd(K)971
2024 y Fb(S)q(ender)969 2047 y(pr)q(iv)1075 2024 y Fo(\()p
Fn(s)p Fo(\))222 2155 y Fj(\017)24 b Fo(The)17 b(sending)f(name)f(serv)o(er)g
(transmits)h(\()p Fn(m;)8 b(s)1144 2137 y Fc(0)1155 2155 y
Fo(\))222 2287 y Fj(\017)24 b Fo(The)f(resolv)o(er)e(decrypts)h
Fn(s)789 2269 y Fc(0)822 2287 y Fo(b)o(y)g(applying)g(the)g(name)g(serv)o
(er's)f(public)g(k)o(ey)g Fn(K)1799 2269 y Fd(S)r(ender)1795
2300 y(pub)1936 2287 y Fo(:)271 2378 y Fn(s)294 2359 y Fc(00)329
2378 y Fo(=)14 b Fn(D)421 2389 y Fd(K)453 2378 y Fb(S)q(ender)451
2402 y(pub)558 2378 y Fo(\()p Fn(s)600 2359 y Fc(0)611 2378
y Fo(\))222 2509 y Fj(\017)24 b Fo(The)17 b(resolv)o(er)e(recomputes)f(the)i
(message)g(digest)g Fn(s)e Fo(=)g Fn(hash)p Fo(\()p Fn(m)p
Fo(\))p eop
%%Page: 77 86
85 bop 1901 -100 a Fo(77)222 75 y Fj(\017)24 b Fo(If)19 b(\()p
Fn(s)g Fo(=)g Fn(s)464 57 y Fc(00)486 75 y Fo(\))g(then)g(the)g(resolv)o(er)f
(has)i(v)m(alidated)f(the)h(in)o(tegrit)o(y)d(and)j(the)f(originator)h(of)271
165 y(the)c(DNS)h(message)223 290 y(Wh)o(y)j(do)h(w)o(e)g(calculate)f(a)h
(message)f(digest)h(at)g(all)g(and)g(not)g(simply)e(encrypt)h(and)i(then)149
380 y(transmit)h(the)g(whole)g(message?)43 b(The)24 b(main)e(p)q(oin)o(t)h
(here)g(is)h(the)f(di\013erence)f(b)q(et)o(w)o(een)h(the)149
470 y(run)o(time)16 b(costs)i(of)h(creating)e(a)i(message)e(digest)h(and)g
(encrypting)f(a)i(message,)e(dep)q(ending)h(on)149 560 y(the)e(length)g(of)h
(the)f(original)g(message.)223 651 y(Run)o(time)g(costs)k(for)f(public)f(k)o
(ey)g(encryption)g(are)h(rather)g(high.)29 b(Man)o(y)19 b(CPU)g(cycles)e(are)
149 741 y(needed.)j(Therefore)11 b(w)o(e)h(w)o(an)o(t)g(to)h(\014x)f(the)f
(size)h(of)g(the)g(data)h(p)q(ortion)g(that)f(has)h(to)g(b)q(e)f(encrypted:)
149 831 y(in)k(our)h(case)f(the)g(\014ngerprin)o(t,)g(the)g(output)h(of)f
(the)g(message)g(digest)g(algorithm.)223 922 y(Run)o(time)11
b(costs)k(for)g(the)f(hash)h(functions)f(are)g(rather)h(small)d(compared)i
(to)g(those)h(of)f(public)149 1012 y(k)o(ey)k(encryption.)29
b(It)19 b(is)f(therefore)h(imp)q(ortan)o(t)f(to)h(note,)h(that)f(it)g(is)f
(more)g(e\016cien)o(t)f(to)i(pad)h(a)149 1102 y(short)f(DNS)e(message,)f
(calculate)h(its)g(\014ngerprin)o(t,)g(and)h(then)f(encrypt)g(the)g
(\014ngerprin)o(t,)g(than)149 1193 y(simply)22 b(to)i(encrypt)f(the)g(whole)h
(DNS)f(message.)43 b(Message)24 b(digest)f(lengths)h(are)g(t)o(ypically)149
1283 y(shorter)17 b(than)g(the)f(t)o(ypical)f(DNS)h(message.)149
1444 y(4.11.3)50 b(P)o(assing)17 b(Creden)o(tials)e(to)i(Pro)o(v)o(e)e
(Authorit)o(y)223 1566 y(The)e(name)f(serv)o(er)g(sending)h(the)g(DNS)g
(message)f(has)i(to)f(pro)o(vide)f(creden)o(tials)g(signed)h(b)o(y)g(its)149
1657 y(paren)o(t)18 b(domain,)f(to)i(con)o(vince)d(the)i(recipien)o(t)e(of)i
(its)f(authorit)o(y)h(o)o(v)o(er)f(the)h(domain)f(for)h(whic)o(h)149
1747 y(it)e(just)h(resolv)o(ed)e(a)i(mapping.)223 1837 y(The)d(use)g(of)g
(suc)o(h)g(a)h(certi\014cate)e(transforms)h(the)f(problem)g(of)h
(establishing)g(the)g(credibilit)o(y)149 1928 y(of)23 b(one)g(en)o(tit)o(y)e
(in)o(to)i(the)f(problem)f(of)i(establishing)g(the)f(credibilit)o(y)e(of)j
(the)f(en)o(tit)o(y)f(issuing)149 2018 y(the)g(certi\014cate.)32
b(This)20 b(problem)f(is)h(v)o(ery)g(closely)f(related)g(to)i(the)f(problem)f
(of)i(distributing)149 2108 y(public)14 b(k)o(ey)g(certi\014cates.)19
b(The)c(CCITT)g(recommendation)d(X.509)j(sho)o(ws)g(a)g(w)o(a)o(y)g(to)g
(solv)o(e)f(this)149 2198 y(problem.)20 b(In)15 b(X.509,)g(a)g(certi\014cate)
f(binds)h(a)h(public)e(k)o(ey)g(to)h(a)h(directory)e(name)g(and)i(iden)o
(ti\014es)149 2289 y(a)h(part)o(y)f(that)h(v)o(ouc)o(hes)e(for)i(the)f
(binding.)223 2379 y(W)l(e)f(can)h(adopt)h(this)f(mec)o(hanism,)c(suc)o(h)k
(that)h(a)f(certi\014cate)f(binds)h(all)f(name)g(serv)o(ers)g(that)149
2469 y(are)j(authoritativ)o(e)g(for)g(a)g(certain)f(zone)h(to)g(this)g(zone)g
(of)g(authorit)o(y)g(and)g(iden)o(ti\014es)f(the)h(zone)149
2560 y(that)c(v)o(ouc)o(hes)d(for)i(the)g(binding.)20 b(X.509)12
b(imp)q(oses)g(no)h(constrain)o(ts)g(on)g(the)g(seman)o(tic)d(or)j(syn)o
(tac-)149 2650 y(tic)i(relationship)g(b)q(et)o(w)o(een)f(a)i(certi\014cate)e
(issuer)h(and)g(a)h(sub)s(ject.)k(Ho)o(w)o(ev)o(er,)14 b(in)g(our)i(approac)o
(h,)p eop
%%Page: 78 87
86 bop 1901 -100 a Fo(78)149 75 y(the)17 b(certi\014cation)f(system)f(tak)o
(es)i(the)f(form)g(of)h(a)g(single)f(ro)q(oted)i(tree.)k(Eac)o(h)17
b(no)q(de)g(represen)o(ts)149 165 y(a)g(zone.)22 b(Sev)o(eral)15
b(name)h(serv)o(ers)f(serv)o(e)h(as)h(certi\014cation)e(authorities)i(for)f
(eac)o(h)g(zone,)g(b)q(ecause)149 255 y(all)g(serv)o(ers)e(that)j(w)o(ere)d
(in)o(tro)q(duced)i(to)g(increase)f(the)g(reliabilit)o(y)e(of)j(the)f
(database)i(system)d(are)149 346 y(capable)j(of)f(v)m(alid)g(referrals.)223
436 y(A)e(certi\014cate)g(for)h(a)g(zone)g(\(for)g(example)e
(sub.domain.dom\))g(consists)i(of)h(all)e(IP)h(addresses)149
526 y(of)i(authoritativ)o(e)g(name)e(serv)o(ers)h(for)h(that)g(zone,)f
(signed)h(with)g(the)f(priv)m(ate)h(k)o(ey)e(of)i(the)g(name)149
616 y(serv)o(ers)e(for)h(the)g(paren)o(t)g(domain)f(\(domain.dom\).)j(An)o(y)
d(resolv)o(er)g(that)h(receiv)o(es)e(a)i(DNS)g(mes-)149 707
y(sage)24 b(receiv)o(es)c(as)j(part)g(of)g(it)f(this)h(certi\014cate.)39
b(After)21 b(obtaining)i(the)g(public)e(k)o(ey)h(for)h(the)149
797 y(paren)o(t)16 b(zone)f(of)h(the)f(queried)g(zone,)g(the)g(resolv)o(er)g
(can)g(then)h(v)o(erify)d(the)j(v)m(alidit)o(y)e(of)i(the)f(refer-)149
887 y(ral.)24 b(But)17 b(to)g(v)o(erify)f(the)g(authorit)o(y)h(of)h(the)f
(paren)o(t)f(zone,)h(the)g(resolv)o(er)f(has)i(to)f(ask)h(this)f(zone)149
978 y(for)g(creden)o(tials.)223 1068 y(This)f(v)m(alidation)g(pro)q(cess)i
(for)e(certi\014cates)f(is)i(done)f(recursiv)o(ely)e(up)j(the)f(tree,)f
(starting)i(at)149 1158 y(the)f(name)f(serv)o(er)g(that)i(pro)o(vides)e(the)h
(queried)f(mapping.)20 b(The)d(recursion)e(will)g(stop)i(at)f(some)149
1248 y(p)q(oin)o(t,)f(either)f(at)h(the)g(ro)q(ot,)g(or)h(at)f(some)e(in)o
(termediate)f(no)q(de)k(that)f(w)o(as)g(certi\014ed)f(b)q(efore.)20
b(The)149 1339 y(certi\014cates)f(that)h(a)f(name)g(serv)o(er)f(holds)i(are)f
(sub)s(ject)g(to)h(timeouts,)e(just)i(lik)o(e)e(the)h(resource)149
1429 y(records)g(that)g(sp)q(ecify)f(bindings)h(of)g(this)f(name)g(serv)o
(er.)27 b(The)19 b(certi\014cate)e(for)i(the)f(ro)q(ot)i(m)o(ust)149
1519 y(b)q(e)25 b(transmitted)d(b)o(y)i(some)f(trusted,)j(out-of-band)g(mec)o
(hanism)o(.)42 b(F)l(or)24 b(example,)g(the)f(ro)q(ot)149 1610
y(certi\014cate)15 b(could)h(b)q(e)h(published)f(in)f(a)i(national)g(newspap)
q(er.)223 1700 y(Ev)o(en)h(if)h(an)g(attac)o(k)o(er)f(manages)h(to)h(get)f(a)
g(v)m(alid)g(certi\014cate)f(of)h(a)h(name)e(serv)o(er)g(it)g(w)o(an)o(ts)149
1790 y(to)e(imp)q(ersonate,)e(and)i(has)g(the)g(capabilit)o(y)e(to)h(also)h
(sp)q(o)q(of)h(this)f(name)e(serv)o(er's)g(IP)h(address,)h(it)149
1880 y(is)j(still)e(not)i(p)q(ossible)g(for)f(the)h(attac)o(k)o(er)e(to)i
(imp)q(ersonate)f(another)h(host.)28 b(As)19 b(w)o(e)f(sa)o(w)h(in)f(the)149
1971 y(previous)g(Section)e(4.11.2,)i(a)g(DNS)f(message)g(is)g(encrypted)f
(with)h(the)h(name)e(serv)o(er's)g(priv)m(ate)149 2061 y(k)o(ey)c(b)q(efore)g
(it)g(is)g(sen)o(t)g(out.)21 b(The)12 b(creden)o(tials)f(are)h(part)h(of)g
(the)f(message)g(and)h(are)f(therefore)g(also)149 2151 y(encrypted.)29
b(An)18 b(attac)o(k)o(er)g(cannot)i(construct)f(the)g(correctly)e(enciphered)
h(message)g(without)149 2242 y(breaking)f(the)f(public)f(k)o(ey)g(system)g
(used.)149 2402 y(4.11.4)50 b(Example)223 2524 y(W)l(e)19 b(presen)o(t)h(an)g
(example)e(to)i(sho)o(w)h(ho)o(w)f(certi\014cates)f(are)h(used)g(in)f(our)i
(approac)o(h.)33 b(W)l(e)149 2614 y(assume)18 b(that)g(all)g(hosts)h(already)
f(ha)o(v)o(e)g(the)g(public)f(k)o(eys)g(of)h(the)g(mac)o(hines)f(that)h
(participate)p eop
%%Page: 79 88
87 bop 1901 -100 a Fo(79)149 75 y(in)22 b(this)f(example.)35
b(Host)22 b(\\host.aim.")37 b(w)o(an)o(ts)22 b(to)g(resolv)o(e)e(the)h
(name{to{address)i(binding)149 165 y(for)e(the)f(name)g(\\host.domain.dom.".)
32 b(The)21 b(example)d(is)i(not)h(complete)d(in)i(the)h(sense)f(that)149
255 y(all)d(p)q(ossibilities)g(are)g(not)h(co)o(v)o(ered,)d(or)j(else)e
(reasons)j(are)e(giv)o(en)f(wh)o(y)h(a)h(name)e(serv)o(er)g(returns)149
346 y(a)k(certain)e(referral)g(and)i(not)f(another)h(one.)30
b(But)18 b(it)h(describ)q(es)g(the)f(o)o(v)o(erall)g(in)o(teraction)g(and)149
436 y(stresses)f(the)f(use)g(of)h(certi\014cates.)223 526 y(T)l(able)e(4.1)g
(con)o(tains)g(a)h(summary)c(of)k(the)f(zones)g(in)g(Figure)f(4.3,)h(and)h(T)
l(able)f(4.2)h(in)o(terprets)149 616 y(the)g(abbreviations)h(used)f
(through<out)h(the)f(description)g(of)h(the)f(resolution)g(pro)q(cess.)607
824 y(T)l(able)g(4.1)33 b(Example:)19 b(certi\014cate)c(v)m(alidation)513
955 y(Zone)h(Name)p 800 982 2 91 v 68 w(Domain)g(Name\(s\))p
1213 982 V 48 w(Name)f(Serv)o(er\(s\))p 488 984 1124 2 v 488
994 V 513 1057 a(.)p 800 1084 2 91 v 298 w(.)p 1213 1084 V
400 w(ns)p 800 1174 V 825 1147 a(dom)p 1213 1174 V 321 w(ns)p
488 1176 1124 2 v 513 1239 a(domain.dom)p 800 1266 2 91 v 47
w(domain.dom)p 1213 1266 V 149 w(ns1.domain.dom)p 800 1357
V 1213 1357 V 1239 1330 a(ns2.domain.dom)p 488 1358 1124 2
v 513 1421 a(aim)p 800 1449 2 91 v 232 w(aim)p 1213 1449 V
334 w(ns.aim)p 488 1450 1124 2 v 577 1824 a(T)l(able)i(4.2)32
b(Example:)20 b(legend)c(of)g(abbreviations)489 1955 y(Name)p
692 1982 2 91 v 104 w(Meaning)p 464 1984 1172 2 v 489 2047
a Fn(M)5 b(D)q Fo(\()p Fn(m)p Fo(\))p 692 2074 2 91 v 55 w(message)16
b(digest)g(\(\014ngerprin)o(t\))f(of)i(message)f Fn(m)489 2137
y(K)534 2119 y Fd(ow)q(ner)530 2151 y(pub=pr)q(iv)p 692 2164
V 718 2137 a Fo(k)o(ey)f(of)i(o)o(wner)f({)h(public/priv)m(ate)489
2228 y Fn(E)525 2235 y Fd(K)559 2228 y Fo(\()p Fn(s)p Fo(\))p
692 2255 V 98 w Fn(s)f Fo(encrypted)g(with)g(k)o(ey)f Fn(K)489
2318 y(D)529 2325 y Fd(K)563 2318 y Fo(\()p Fn(s)p Fo(\))p
692 2345 V 94 w Fn(s)h Fo(decrypted)g(with)g(k)o(ey)f Fn(K)222
2650 y Fj(\017)24 b Fo(\\host.aim")11 b(queries)f(\\ns.aim")g(for)h
(name{to{address)g(resolution)g(of)g(\\host.domain.dom".)p
eop
%%Page: 80 89
88 bop 1901 -100 a Fo(80)262 979 y @beginspecial 0 @llx 0 @lly
360 @urx 202 @ury 3600 @rwi @setspecial
%%BeginDocument: pictures/expl_setup.ps
/$F2psDict 200 dict def 
$F2psDict begin
$F2psDict /mtrx matrix put
/l {lineto} bind def
/m {moveto} bind def
/s {stroke} bind def
/n {newpath} bind def
/gs {gsave} bind def
/gr {grestore} bind def
/clp {closepath} bind def
/graycol {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
4 -2 roll mul setrgbcolor} bind def
/col-1 {} def
/col0 {0 0 0 setrgbcolor} bind def
/col1 {0 0 1 setrgbcolor} bind def
/col2 {0 1 0 setrgbcolor} bind def
/col3 {0 1 1 setrgbcolor} bind def
/col4 {1 0 0 setrgbcolor} bind def
/col5 {1 0 1 setrgbcolor} bind def
/col6 {1 1 0 setrgbcolor} bind def
/col7 {1 1 1 setrgbcolor} bind def
 /DrawEllipse {
	/endangle exch def
	/startangle exch def
	/yrad exch def
	/xrad exch def
	/y exch def
	/x exch def
	/savematrix mtrx currentmatrix def
	x y translate xrad yrad scale 0 0 1 startangle endangle arc
	savematrix setmatrix
	} def

	end
/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
/$F2psEnd {$F2psEnteredState restore end} def

$F2psBegin
0 setlinecap 0 setlinejoin
-9.0 211.0 translate 0.900 -0.900 scale
1.000 setlinewidth
n 219 44 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 337 102 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 99 104 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 79 164 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 279 164 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 259 104 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 159 164 2 2 0 360 DrawEllipse gs 0.00 setgray fill gr
gs col-1 s gr
n 339 104 70 50 0 360 DrawEllipse gs col-1 s gr
n 159 74 90 65 0 360 DrawEllipse gs col-1 s gr
n 79 184 70 50 0 360 DrawEllipse gs col-1 s gr
n 219 44 m 339 104 l gs col-1 s gr
n 219 44 m 99 104 l gs col-1 s gr
n 99 104 m 79 164 l gs col-1 s gr
n 219 44 m 219 64 l gs col-1 s gr
n 339 104 m 349 124 l gs col-1 s gr
n 339 104 m 329 124 l gs col-1 s gr
n 79 164 m 99 184 l gs col-1 s gr
n 79 164 m 79 184 l gs col-1 s gr
n 79 164 m 59 184 l gs col-1 s gr
	1 setlinecap [1 4.500000] 4.500000 setdash
n 339 104 m 359 124 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 219 44 m 259 104 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 99 104 m 159 164 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
	1 setlinecap [1 4.500000] 4.500000 setdash
n 339 104 m 279 164 l gs col-1 s gr
	[] 0 setdash 0 setlinecap
n 334 134 m 334 124 l  324 124 l  324 134 l  clp gs col-1 s gr
n 369 134 m 369 124 l  359 124 l  359 134 l  clp gs col-1 s gr
n 104 194 m 104 184 l  94 184 l  94 194 l  clp gs col-1 s gr
n 224 74 m 214 74 l  214 64 l  224 64 l  clp gs 0.00 setgray fill gr
gs col-1 s gr
n 354 134 m 344 134 l  344 124 l  354 124 l  clp gs 0.00 setgray fill gr
gs col-1 s gr
n 64 194 m 54 194 l  54 184 l  64 184 l  clp gs 0.00 setgray fill gr
gs col-1 s gr
n 84 194 m 74 194 l  74 184 l  84 184 l  clp gs 0.00 setgray fill gr
gs col-1 s gr
0.500 setlinewidth
n 279 19 m 219 44 l gs col-1 s gr
n 227.154 42.769 m 219.000 44.000 l 225.615 39.077 l gs 2 setlinejoin col-1 s gr
/Times-Bold findfont 12.00 scalefont setfont
204 39 m 
gs 1 -1 scale (".") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
79 99 m 
gs 1 -1 scale ("dom") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
344 99 m 
gs 1 -1 scale ("aim") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
29 159 m 
gs 1 -1 scale ("domain") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
49 209 m 
gs 1 -1 scale (ns1) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
74 209 m 
gs 1 -1 scale (ns2) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
104 209 m 
gs 1 -1 scale (host) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
309 149 m 
gs 1 -1 scale (host) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
344 149 m 
gs 1 -1 scale (ns) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
209 89 m 
gs 1 -1 scale (ns) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
39 24 m 
gs 1 -1 scale (zone ".") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
284 24 m 
gs 1 -1 scale (root) col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
149 219 m 
gs 1 -1 scale (zone "domain.dom") col-1 show gr
/Times-Bold findfont 12.00 scalefont setfont
304 49 m 
gs 1 -1 scale (zone "aim") col-1 show gr
$F2psEnd
%%EndDocument
 @endspecial 597 1224 a(Figure)16 b(4.3)33 b(Example:)19 b(certi\014cate)c(v)
m(alidation)222 1408 y Fj(\017)24 b Fo(\\ns.aim")16 b(replies)f(with)h(a)h
(referral)e(to)i(\\ns2.domain.dom")222 1540 y Fj(\017)24 b
Fo(\\host.aim")16 b(queries)f(\\ns2.domain.dom")h(for)g(name{to{address)h
(resolution)271 1630 y(of)g(\\host.domain.dom".)222 1762 y
Fj(\017)24 b Fo(\\ns2.domain.dom")16 b(replies)f(with)h(\()p
Fn(m)p Fo(,)p Fn(c)p Fo(,)p Fn(s)p Fo(\),)e(where)271 1852
y Fn(m)38 b Fo(=)21 b(mapping)16 b(information)f(\\host.domain.dom")g
Fj(!)h Fo(IP)1424 1859 y Fm(host)p Fd(:)p Fm(domain)o Fd(:)p
Fm(do)o(m)271 1942 y Fn(c)60 b Fo(=)21 b(creden)o(tials)15
b(from)g(\\ns2.domain.dom"'s)g(paren)o(t)h(zone's)g(name)f(serv)o(er)g(\\ns")
352 2032 y(=)21 b Fn(E)447 2039 y Fd(K)479 2028 y Fb(ns)477
2052 y(pr)q(iv)556 2032 y Fo(\(list)16 b(of)g(all)g(IP)g(addresses)h(of)g
(authoritativ)o(e)e(name)g(serv)o(ers)411 2123 y(for)i(zone)f
(\\domain.dom"\))271 2213 y Fn(s)58 b Fo(=)21 b(encrypted)15
b(message)h(digest)g(of)h Fn(m)f Fo(concatenated)g(with)g Fn(c)352
2303 y Fo(=)21 b Fn(E)447 2315 y Fd(K)479 2303 y Fb(ns)p Fe(2)p
Fb(:domain:dom)477 2327 y(pr)q(iv)715 2303 y Fo(\()p Fn(M)5
b(D)q Fo(\()p Fn(m)p Fj(j)p Fn(c)p Fo(\)\))222 2435 y Fj(\017)24
b Fo(\\host.aim")16 b(receiv)o(es)e(\()p Fn(m)p Fo(,)p Fn(c)p
Fo(,)p Fn(s)p Fo(\),)h(and)i(then)p eop
%%Page: 81 90
89 bop 1901 -100 a Fo(81)326 75 y Fi({)25 b Fo(v)m(alidates)18
b Fn(s)p Fo(,)g(b)o(y)f(calculating)h Fn(s)979 57 y Fc(0)1007
75 y Fo(=)f Fn(M)5 b(D)q Fo(\()p Fn(c)p Fj(j)p Fn(s)p Fo(\))19
b(and)g Fn(s)1390 57 y Fc(00)1428 75 y Fo(=)e Fn(D)1523 86
y Fd(K)1555 75 y Fb(ns)p Fe(2)p Fb(:domain:dom)1553 99 y(pub)1792
75 y Fo(\()p Fn(s)p Fo(\))h(and)379 165 y(comparing)d(them.)379
255 y(If)g(they)h(are)g(equal)g Fj(!)g Fo(ok!)326 366 y Fi({)25
b Fo(v)m(alidates)16 b Fn(c)p Fo(,)g(b)o(y)f(calculating)h
Fn(L)e Fo(=)g Fn(D)1085 373 y Fd(K)1117 362 y Fb(ns)1115 386
y(pub)1167 366 y Fo(\()p Fn(c)p Fo(\))i(and)h(c)o(hec)o(king)379
457 y(if)e(IP)474 464 y Fm(ns2)p Fd(:)p Fm(domain)p Fd(:)p
Fm(d)o(om)741 457 y Fj(2)f Fn(L)p Fo(.)379 547 y(If)h(so)i
Fj(!)f Fo(ok!)326 658 y Fi({)25 b Fo(c)o(hec)o(ks)14 b(if)i(\\ns")h(is)f
(already)h(v)m(alidated)f(\(previously)l(,)e(or)j(ro)q(ot)g(name)e(serv)o
(er\).)379 748 y(If)g(\\ns")i(w)o(ere)e(not)i(a)f(ro)q(ot)h(name)e(serv)o
(er,)f(\\host.aim")i(w)o(ould)g(request)f(creden)o(tials)379
839 y(from)g(\\ns"'s)i(paren)o(t)f(zone)g(and)h(v)m(alidate)f(them)f(the)h
(same)f(w)o(a)o(y)149 999 y(4.11.5)50 b(Discussion)223 1121
y(The)16 b(v)m(alidation)f(of)i(in)o(tegrit)o(y)d(and)i(originator)h(of)f
(the)g(message,)e(and)j(its)f(underlying)f(pat-)149 1211 y(tern)20
b(of)g(certi\014cations)f(stating)h(trust)g(are)g(the)f(features)h(that)g
(mak)o(e)e(this)h(approac)o(h)i(secure.)149 1302 y(The)e(follo)o(wing)f
(discussion)g(sho)o(ws)h(its)f(disadv)m(an)o(tages.)28 b(Some)17
b(of)i(them)d(are)i(serious)h(enough)149 1392 y(to)e(blo)q(c)o(k)f(an)h
(implem)o(e)o(n)o(tation)d(of)i(this)g(approac)o(h)h(at)g(the)f(curren)o(t)f
(time.)223 1482 y(The)g(whole)g(pro)q(cedure)h(is)f(v)o(ery)f(time)f(and)j
(space)g(consuming.)k(Man)o(y)15 b(rather)h(long)f(public)149
1572 y(k)o(eys)k(ha)o(v)o(e)f(to)h(b)q(e)h(stored)f(\(ab)q(out)i(200)f
(decimal)d(digits)i(long)g(eac)o(h)g(to)g(mak)o(e)f(the)g(public)h(k)o(ey)149
1663 y(encryption)i(reasonably)h(strong\).)38 b(Obtaining)21
b(memory)e(for)j(them,)e(as)i(w)o(ell)e(as)i(additional)149
1753 y(cac)o(he)17 b(memory)e(for)j(larger)g(resource)f(records,)g(is)h(not)g
(a)g(problem)e(in)i(curren)o(t)e(arc)o(hitectures.)149 1843
y(The)f(k)o(eys)f(ha)o(v)o(e)g(to)h(b)q(e)g(obtained)g(b)q(efore)g(they)g
(can)g(b)q(e)f(used.)21 b(S.)15 b(Ken)o(t)f(describ)q(es)g(in)h([Ken93b])149
1934 y(certi\014cate)e(based)i(k)o(ey)d(managemen)o(t;)g(X.509)j(is)e(the)h
(equiv)m(alen)o(t)f(in)g(the)h(OSI)1604 1915 y Fm(2)1623 1934
y Fo(-w)o(orld.)21 b(W)l(e)14 b(will)149 2024 y(not)19 b(go)g(in)o(to)f
(detail)g(regarding)h(the)f(k)o(ey)f(distribution)h(pro)q(cess.)28
b(The)18 b(registering)g(pro)q(cess)h(is)149 2114 y(rather)h(cum)o(b)q
(ersome.)29 b(The)20 b(calculations)f(to)i(encrypt)e(and)h(decrypt)f(message)
g(digests)h(ma)o(y)149 2204 y(tak)o(e)h(to)q(o)h(long)g(to)g(supp)q(ort)g
(the)f(goal)h(of)f(the)g(Domain)g(Name)f(System)f(of)j(e\016ciency)l(.)33
b(The)149 2295 y(additional)14 b(data)h(that)f(has)h(to)f(b)q(e)g
(transmitted)f(w)o(ould)h(not)g(degrade)g(p)q(erformance)f(to)q(o)i(badly)l
(,)149 2385 y(esp)q(ecially)f(if)g(faster)h(transmission)f(media)f(b)q
(ecomes)h(broadly)h(a)o(v)m(ailable,)f(but)h(the)f(calculation)149
2475 y(o)o(v)o(erhead)i(for)h(encryption)e(and)i(decryption)e(cannot)i
(easily)f(b)q(e)g(amortized.)p 149 2519 720 2 v 206 2550 a
Fl(2)224 2565 y Fk(\\Op)q(en)h(Systems)e(In)o(terconnection)j({)d(A)h
(reference)j(to)c(proto)q(cols,)h(sp)q(eci\014cally)g(ISO)h(standards,)f(for)
g(the)149 2614 y(in)o(terconnection)f(of)f(co)q(op)q(erativ)o(e)g(computer)g
(systems."[Com91)m(])p eop
%%Page: 82 91
90 bop 1901 -100 a Fo(82)223 75 y(The)21 b(implem)o(en)n(tation)e(of)i(suc)o
(h)g(a)h(solution)f(is)g(a)g(ma)s(jor)g(e\013ort.)36 b(The)21
b(whole)g(k)o(ey)f(man-)149 165 y(agemen)o(t)i(problem)g(is)i(complex)d(and)j
(it)f(also)h(requires)f(additional)g(administrativ)o(e)e(e\013ort.)149
255 y(Resolv)o(er)14 b(routines)i(and)f(name)f(serv)o(er)g(routines)i(ha)o(v)
o(e)e(to)h(b)q(e)h(mo)q(di\014ed,)e(along)i(with)f(the)g(DNS)149
346 y(proto)q(col.)30 b(The)18 b(implem)o(en)o(tation)e(is)i(feasible,)g
(though)i(v)o(ery)d(complex.)26 b(Another)19 b(dra)o(wbac)o(k)149
436 y(is)d(the)g(transition)h(phase)g(that)f(is)g(necessary)g(b)q(ecause)h
(of)f(proto)q(col)h(c)o(hanges.)223 526 y(Ov)o(erall,)10 b(the)i(metho)q(d)f
(seems)f(to)i(b)q(e)g(hardly)g(feasible,)f(b)q(ecause)h(of)g(its)g(large)f
(computational)149 616 y(o)o(v)o(erhead.)21 b(F)l(urther)16
b(dra)o(wbac)o(ks)g(are)g(the)g(necessary)g(proto)q(col)h(c)o(hanges)f(and)h
(the)f(complexit)o(y)149 707 y(of)h(prop)q(er)g(k)o(ey)e(and)i(certi\014cate)
e(managemen)o(t.)p eop
%%Page: 83 92
91 bop 1901 -100 a Fo(83)637 342 y(5.)32 b(CONCLUSIONS)16 b(AND)f(OUTLOOK)223
516 y(The)20 b(Domain)g(Name)e(System)h(is)h(the)g(w)o(orld's)g(most)g
(distributed)f(database,)k(managing)149 606 y(name)15 b(resolution)h(for)g
(ab)q(out)h(1.5)f(million)e(hosts.)22 b(In)15 b(this)h(thesis)f(w)o(e)h
(outlined)f(and)i(explained)149 696 y(the)f(curren)o(t)g(implem)o(en)n
(tation)e(of)j(the)f(Domain)f(Name)g(System.)223 787 y(W)l(e)i(stated)i(the)f
(main)f(problem)f(w)o(e)i(are)g(dealing)g(with)g(in)f(this)h(thesis:)25
b(name)17 b(based)i(au-)149 877 y(then)o(tication,)f(where)f(the)h(name)f
(resolution)h(pro)q(cess)h(cannot)f(b)q(e)h(trusted.)26 b(W)l(e)18
b(examined)e(a)149 967 y(metho)q(d)k(to)g(abuse)g(the)g(Domain)f(Name)f
(System)g(for)i(system)f(break{ins)h(and)g(sho)o(w)o(ed)g(that)149
1057 y(this)g(metho)q(d)e(exploits)g(sev)o(eral)g(w)o(eaknesses.)30
b(All)18 b(these)h(w)o(eaknesses)g(are)g(necessary)g(b)q(efore)149
1148 y(the)d(break{in)g(is)g(p)q(ossible.)21 b(W)l(e)16 b(demonstrated)f(the)
h(feasibilit)o(y)e(of)j(the)e(break{in)h(b)o(y)g(describ-)149
1238 y(ing)j(our)g(implem)o(en)n(tation)d(in)i(an)h(exp)q(erimen)o(tal)d(net)
o(w)o(ork,)h(set)i(up)f(to)h(satisfy)g(the)f(necessary)149
1328 y(assumptions)f(that)f(matc)o(h)f(the)h(real)g(w)o(orld)g(situation)g
(in)g(the)g(crucial)g(p)q(oin)o(ts.)223 1419 y(W)l(e)21 b(pro)o(vided)f(the)h
(securit)o(y)f(considerations)h(found)h(in)f(the)g(o\016cial)f(design)i(do)q
(cumen)o(ts)149 1509 y(and)e(analyzed)f(name)e(serv)o(er)h(and)i(resolv)o(er)
e(algorithms)g(with)h(resp)q(ect)g(to)g(securit)o(y)e(\015a)o(ws)j(or)149
1599 y(w)o(eak)c(assumptions.)21 b(Most)15 b(of)h(the)f(solutions)h(presen)o
(ted)f(are)h(not)g(complete)d(solutions)j(to)g(the)149 1689
y(problem)11 b(in)h(the)g(sense)g(that)g(they)g(cannot)g(prev)o(en)o(t)f(the)
h(break{in)g(unconditionally)l(.)19 b(Ho)o(w)o(ev)o(er,)149
1780 y(a)c(com)o(bination)e(of)i(some)e(of)i(the)f(prop)q(osed)i(solutions)f
(increases)f(the)g(securit)o(y)f(of)i(the)f(Domain)149 1870
y(Name)j(System)f(and)i(giv)o(es)f(a)i(high)f(con\014dence)f(in)h(securit)o
(y)l(,)e(although)j(complete)c(securit)o(y)i(is)149 1960 y(not)g(ac)o(hiev)o
(ed.)223 2051 y(W)l(e)i(consider)h(the)g(Berk)o(eley)d(patc)o(h)j(to)h(b)q(e)
f(mandatory)l(.)32 b(The)20 b(curren)o(t)f(impleme)o(n)o(tation)149
2141 y(of)h(the)e(T)l(rusted)h(Net)o(w)o(ork)f(concept)g(in)g(UNIX)f(is)i
(far)g(from)f(b)q(eing)h(optimal)e(from)h(a)h(securit)o(y)149
2231 y(p)q(oin)o(t)e(of)h(view.)k(W)l(e)17 b(prop)q(ose)h(ma)s(jor)e(impro)o
(v)o(em)o(en)n(ts)e(in)j(its)g(design,)f(whic)o(h)h(w)o(ould)g(also)g(tak)o
(e)149 2322 y(care)f(of)h(other)f(shortcomings)g(in)g(the)g(securit)o(y)f(of)
h(systems.)223 2412 y(F)l(uture)e(w)o(ork)h(could)g(implem)o(en)n(t)d(some)i
(of)h(the)g(solutions)g(w)o(e)g(ga)o(v)o(e)f(in)h(the)g(previous)f(c)o(hap-)
149 2502 y(ter.)29 b(Exp)q(erience)17 b(with)i(the)g(implem)o(e)o(n)o(tation)
d(of)j(p)q(olicy)g(based)g(solutions)g(w)o(ould)g(giv)o(e)f(deep)149
2592 y(insigh)o(t)e(in)o(to)g(the)g(applicabilit)o(y)e(of)j(these)f(approac)o
(hes.)p eop
%%Page: 84 93
92 bop 1901 -100 a Fo(84)223 75 y(An)18 b(implem)o(en)n(tation)e(of)j(the)f
(solution)h(presen)o(ted)f(in)g(Section)g(4.11)h(\(Digital)f(Signatures)149
165 y(and)f(Public)d(Key)h(Encryption\))h(w)o(ould)f(pro)o(vide)g(a)h(test)f
(en)o(vironmen)o(t)e(to)j(determine)d(run)o(time)149 255 y(costs)20
b(of)g(that)g(approac)o(h.)32 b(These)20 b(results)f(in)g(connection)g(with)h
(results)f(of)h(the)f(exp)q(eriences)149 346 y(gained)d(with)g(the)f(PEM)h
(system)e(could)h(lead)h(to)g(surprising)f(conclusions.)21
b(Despite)16 b(the)f(man)o(y)149 436 y(disadv)m(an)o(tages)i(w)o(e)d(found,)i
(w)o(e)f(still)f(consider)g(this)h(solution)h(w)o(orth)f(some)f(more)g
(though)o(t)i(and)149 526 y(examination.)p eop
%%Page: 84 94
93 bop 855 1170 a Fo(BIBLIOGRAPHY)p eop
%%Page: 85 95
94 bop 1901 -100 a Fo(85)855 342 y(BIBLIOGRAPHY)202 598 y([AL92])24
b(P)o(aul)14 b(Albitz)e(and)i(Cric)o(k)o(et)e(Liu.)21 b Fa(DNS)16
b(and)f(BIND)p Fo(.)20 b(O'Reilley)11 b(&)j(Asso)q(ciates,)h(Inc.)369
658 y(Sebastop)q(ol,)i(CA.,)e(1992.)199 760 y([Bel89])23 b(Stev)o(en)h(M.)h
(Bello)o(vin.)45 b Fa(Se)n(curity)26 b(Pr)n(oblems)g(in)g(the)g(TCP/IP)f(Pr)n
(oto)n(c)n(ol)g(Suite)p Fo(.)369 820 y(A)l(T&T)16 b(Bell)f(Lab)q(oratories,)i
(Murra)o(y)f(Hill,)e(New)i(Jersey)l(,)f(April)g(1989.)174 922
y([Bel90a])24 b(Stev)o(en)c(M.)h(Bello)o(vin.)35 b(Pseudo-Net)o(w)o(ork)22
b(Driv)o(ers)e(and)j(Virtual)d(Net)o(w)o(orks.)37 b(In)369
982 y Fa(Pr)n(o)n(c.)27 b(Winter)h(USENIX)h(Confer)n(enc)n(e)p
Fo(,)i(pages)d(229{244,)33 b(W)l(ashington,)e(D.C.,)369 1042
y(1990.)172 1144 y([Bel90b])23 b(Stev)o(en)c(M.)h(Bello)o(vin.)31
b Fa(Using)22 b(the)f(Domain)g(Name)h(System)f(for)g(System)g(Br)n(e)n(ak-)
369 1204 y(ins)p Fo(.)f(A)l(T&T)12 b(Bell)e(Lab)q(oratories,)k(Murra)o(y)e
(Hill,)e(New)i(Jersey)l(,)g(1990.)21 b(\(unpublished)369 1264
y(tec)o(hnical)14 b(rep)q(ort\).)199 1366 y([Bel92])23 b(Stev)o(en)16
b(M.)g(Bello)o(vin.)21 b(There)16 b(Be)h(Dragons.)25 b(In)16
b Fa(UNIX)j(Se)n(curity)f(Symp)n(osium)f(III)369 1426 y(Pr)n(o)n(c)n(e)n(e)n
(dings)p Fo(,)e(pages)i(1{16,)g(Baltimore,)c(MD,)j(1992.)196
1528 y([BG92])24 b(Dimitri)c(Bertsek)m(as)j(and)g(Rob)q(ert)h(Gallager.)41
b Fa(Data)23 b(Networks)p Fo(.)42 b(Pren)o(tice-Hall,)369 1588
y(Englew)o(o)q(o)q(d)18 b(Cli\013s,)d(New)h(Jersey)l(,)f(second)i(edition,)e
(1992.)196 1690 y([CD88])25 b(George)19 b(F.)g(Coulouris)h(and)g(Jean)f
(Dollimore.)28 b Fa(Distribute)n(d)20 b(Systems)p Fo(.)30 b(Addison-)369
1750 y(W)l(esley)15 b(Publishing)h(Compan)o(y)l(,)f(Inc.,)g(1988.)168
1852 y([Com91])24 b(Douglas)d(E.)e(Comer.)29 b Fa(Internetworking)23
b(with)e(TCP/IP)p Fo(.)30 b(Pren)o(tice-Hall,)17 b(Engle-)369
1912 y(w)o(o)q(o)q(d)h(Cli\013s,)d(New)h(Jersey)l(,)f(second)i(edition,)e
(1991.)183 2014 y([Den82])24 b(Doroth)o(y)e(E.)f(Denning.)36
b Fa(Crypto)n(gr)n(aphy)19 b(and)j(Data)g(Se)n(curity)p Fo(.)36
b(Addison-W)l(esley)369 2074 y(Publishing)16 b(Compan)o(y)l(,)f(Inc.,)g
(1982.)193 2176 y([DK84])25 b(Kevin)19 b(J.)g(Dunlap)i(and)f(Mic)o(hael)e(J.)
i(Karels.)31 b Fa(Name)22 b(Server)f(Op)n(er)n(ations)f(Guide)369
2236 y(for)d(BIND,)g(R)n(ele)n(ase)h(4.8)p Fo(.)j(Univ)o(ersit)o(y)13
b(of)k(California,)f(Berk)o(eley)l(,)d(CA,)i(Ma)o(y)h(1984.)156
2337 y([DOK92])24 b(P)o(eter)11 b(B.)g(Danzig,)i(Katia)f(Obraczk)m(a,)g(and)h
(Anan)o(t)e(Kumar.)19 b(An)11 b(Analysis)h(of)g(Wide-)369 2398
y(Area)k(Name)f(Serv)o(er)g(T)l(ra\016c.)21 b Fa(Computer)d(Communic)n
(ations)g(R)n(eview)p Fo(,)e(22\(4\):281{)369 2458 y(92,)g(Octob)q(er)h
(1992.)203 2560 y([GS91])25 b(Simson)16 b(Gar\014nk)o(el)h(and)i(Gene)e
(Spa\013ord.)26 b Fa(Pr)n(actic)n(al)19 b(UNIX)g(Se)n(curity)p
Fo(.)25 b(O'Reilley)369 2620 y(&)16 b(Asso)q(ciates,)g(Inc.)f(Sebastop)q(ol,)
i(CA.,)f(1991.)p eop
%%Page: 86 96
95 bop 1901 -100 a Fo(86)178 75 y([Hun92])24 b(Craig)e(Hun)o(t.)37
b Fa(TCP/IP)22 b(Network)i(A)n(dministr)n(ation)p Fo(.)37 b(O'Reilley)19
b(&)j(Asso)q(ciates,)369 135 y(Inc.)15 b(Sebastop)q(ol,)i(CA.,)e(1992.)193
237 y([Kal92])24 b(Burton)19 b(S.)g(Kaliski.)28 b Fa(RF)o(C-1319)19
b(The)h(MD2)g(Message-Digest)h(A)o(lgorithm)p Fo(.)30 b(Net-)369
297 y(w)o(ork)16 b(W)l(orking)h(Group,)f(April)f(1992.)158
399 y([Ken93a])24 b(Stephen)d(T.)f(Ken)o(t.)34 b(In)o(ternet)20
b(Priv)m(acy)g(Enhanced)i(Mail.)34 b Fa(Communic)n(ations)22
b(of)369 459 y(the)c(A)o(CM)p Fo(,)d(36\(8\):48{59,)k(Ma)o(y)c(1993.)155
560 y([Ken93b])24 b(Stephen)15 b(T.)g(Ken)o(t.)20 b Fa(RF)o(C-1422)15
b(Privacy)i(Enhanc)n(ement)h(for)e(Internet)i(Ele)n(ctr)n(onic)369
621 y(Mail:)42 b(Part)27 b(II:)g(Certi\014c)n(ate-Base)n(d)i(Key)f
(Management)p Fo(.)55 b(Net)o(w)o(ork)26 b(W)l(orking)369 681
y(Group,)17 b(F)l(ebruary)e(1993.)195 782 y([KR88])24 b(Brian)19
b(W.)g(Kernighan)h(and)g(Dennis)g(M.)f(Ritc)o(hie.)29 b Fa(Pr)n(o)n(gr)n
(ammier)n(en)18 b(in)j(C)p Fo(.)31 b(Carl)369 843 y(Hanser)16
b(V)l(erlag)g(M)q(\177)-26 b(unc)o(hen)16 b(Wien,)f(second)i(edition,)e
(1988.)195 944 y([Lot93])25 b(Mark)20 b(Lottor.)34 b(In)o(ternet)19
b(Domain)g(Surv)o(ey)g(Apr)h(93.)34 b(SRI)20 b(In)o(ternational,)g(April)369
1005 y(1993.)202 1106 y([LR93])25 b(Daniel)k(C.)g(Lync)o(h)h(and)g(Marshall)f
(T.)h(Rose.)61 b Fa(Internet)31 b(System)f(Handb)n(o)n(ok)p
Fo(.)369 1166 y(Addison-W)l(esley)15 b(Publishing)h(Compan)o(y)l(,)f(Inc.,)g
(1993.)172 1268 y([Mad92])25 b(J\034rgen)d(Bo)f(Madsen.)36
b(The)21 b(greatest)g(crac)o(k)o(er-case)f(in)h(Denmark:)30
b(The)21 b(detect-)369 1328 y(ing,)16 b(tracing)h(and)g(arresting)g(of)g(t)o
(w)o(o)f(in)o(ternational)g(crac)o(k)o(ers.)21 b(In)16 b Fa(UNIX)i(Se)n
(curity)369 1389 y(Symp)n(osium)e(III)h(Pr)n(o)n(c)n(e)n(e)n(dings)p
Fo(,)e(pages)i(17{40,)h(Baltimore,)13 b(MD,)j(1992.)183 1490
y([Mer89])24 b(Ralph)16 b(C.)g(Merkle.)k(Snefru.)h(Xero)o(x)15
b(Corp)q(oration,)j(P)o(alo)e(Alto,)f(CA,)h(1989.)152 1592
y([Mo)q(c83a])25 b(P)o(aul)f(Mo)q(c)o(k)m(ap)q(etris.)44 b
Fa(RF)o(C-882)24 b(Domain)g(Names)h(-)g(Conc)n(epts)g(and)g(F)l(acilities)p
Fo(.)369 1652 y(Net)o(w)o(ork)15 b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q
(er)c(1983.)149 1754 y([Mo)q(c83b])25 b(P)o(aul)17 b(Mo)q(c)o(k)m(ap)q
(etris.)25 b Fa(RF)o(C-883)18 b(Domain)g(Names)h(-)g(Implementation)h(and)f
(Sp)n(e)n(ci-)369 1814 y(\014c)n(ation)p Fo(.)j(Net)o(w)o(ork)15
b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q(er)c(1983.)152 1916
y([Mo)q(c87a])25 b(P)o(aul)c(Mo)q(c)o(k)m(ap)q(etris.)37 b
Fa(RF)o(C-1034)21 b(Domain)h(Names)g(-)h(Conc)n(epts)f(and)h(F)l(acilities)p
Fo(.)369 1976 y(Net)o(w)o(ork)15 b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q
(er)c(1987.)149 2078 y([Mo)q(c87b])25 b(P)o(aul)16 b(Mo)q(c)o(k)m(ap)q
(etris.)22 b Fa(RF)o(C-1035)17 b(Domain)g(Names)h(-)g(Implementation)h(and)f
(Sp)n(e)n(c-)369 2138 y(i\014c)n(ation)p Fo(.)k(Net)o(w)o(ork)15
b(W)l(orking)h(Group,)h(No)o(v)o(em)o(b)q(er)c(1987.)177 2240
y([Mo)q(c89])24 b(P)o(aul)18 b(Mo)q(c)o(k)m(ap)q(etris.)27
b Fa(RF)o(C-1123)18 b(R)n(e)n(quir)n(ements)h(for)g(Internet)h(Hosts)g({)f
(Applic)n(a-)369 2300 y(tion)f(and)f(Supp)n(ort)p Fo(.)k(Net)o(w)o(ork)15
b(W)l(orking)i(Group,)f(1989.)181 2401 y([Mor85])24 b(R.)16
b(T.)h(Morris.)23 b(A)16 b(W)l(eakness)h(in)g(the)f(4.2BSD)h(UNIX)e(TCP/IP)j
(Soft)o(w)o(are.)23 b(Com-)369 2462 y(puting)13 b(Science)d(T)l(ec)o(hnical)h
(Rep)q(ort)i(No.)f(117,)i(A)l(T&T)f(Bell)d(Lab)q(oratories,)15
b(Murra)o(y)369 2522 y(Hill,)f(New)i(Jersey)l(,)f(F)l(ebruary)h(1985.)p
eop
%%Page: 87 97
96 bop 1901 -100 a Fo(87)193 75 y([P)o(ar91])25 b(T.)18 b(A.)g(P)o(ark)o(er.)
28 b(A)19 b(Secure)f(System)f(for)i(Applications)f(in)g(a)h(Multi-v)o(endor)f
(En)o(vi-)369 135 y(ronmen)o(t)f(\(The)i(SESAME)f(pro)s(ject\).)28
b(In)18 b(14)1230 117 y Fd(th)1286 135 y Fa(NCSC)i(Confer)n(enc)n(e)g(Pr)n(o)
n(c)n(e)n(e)n(dings)p Fo(,)369 195 y(1991.)j(V)l(ol.)15 b(I)q(I.)205
297 y([PL91])25 b(R.)19 b(P)o(aans)h(and)g(H.)f(de)g(Lange.)31
b(Auditing)19 b(the)g(SNA/SNI)f(En)o(vironmen)o(t.)28 b Fa(Com-)369
357 y(puter)18 b(&)f(Se)n(curity)p Fo(,)f(10\(3\):251{61,)j(Ma)o(y)d(1991.)
169 459 y([Riv92a])24 b(Ronald)c(L.)g(Riv)o(est.)31 b Fa(RF)o(C-1320)19
b(The)i(MD4)f(Message-Digest)j(A)o(lgorithm)p Fo(.)32 b(Net-)369
519 y(w)o(ork)16 b(W)l(orking)h(Group,)f(April)f(1992.)166
621 y([Riv92b])24 b(Ronald)c(L.)g(Riv)o(est.)31 b Fa(RF)o(C-1321)19
b(The)i(MD5)f(Message-Digest)j(A)o(lgorithm)p Fo(.)32 b(Net-)369
681 y(w)o(ork)16 b(W)l(orking)h(Group,)f(April)f(1992.)169
782 y([RSA78])24 b(R.)18 b(Riv)o(est,)g(A.)g(Shamir,)g(and)i(L.)f(Adleman.)28
b(A)18 b(Metho)q(d)h(for)h(Obtaining)f(Digital)369 843 y(Signatures)e(and)g
(Public)f(Key)g(Cryptosystems.)21 b Fa(Communic)n(ations)d(of)g(the)g(A)o(CM)
p Fo(,)369 903 y(21\(2\):120{6,)g(F)l(ebruary)e(1978.)178 1005
y([SNS88])24 b(J.G.)18 b(Steiner,)f(C.)h(Neuman,)f(and)h(J.I.)f(Sc)o(hiller.)
25 b(Kerb)q(eros:)h(An)18 b(Authen)o(tication)369 1065 y(Service)c(for)h(Op)q
(en)h(Net)o(w)o(ork)e(Systems.)19 b(In)c Fa(Pr)n(o)n(c)n(e)n(e)n(dings,)h
(Winter)g(USENIX)p Fo(,)g(Dal-)369 1125 y(las,)g(T)l(exas,)g(1988.)190
1227 y([Spa88])25 b(Eugene)14 b(H.)f(Spa\013ord.)21 b(The)14
b(In)o(ternet)e(W)l(orm)h(Program:)20 b(An)13 b(Analysis.)20
b(T)l(ec)o(hnical)369 1287 y(Rep)q(ort)d(CSD-TR-823,)h(Purdue)e(Univ)o(ersit)
o(y)l(,)d(W)l(est)j(Lafa)o(y)o(ette,)g(IN,)f(1988.)201 1389
y([Ste90])24 b(Ric)o(hard)17 b(W.)h(Stev)o(ens.)26 b Fa(UNIX)19
b(Network)h(Pr)n(o)n(gr)n(amming)p Fo(.)25 b(Pren)o(tice-Hall,)16
b(Engle-)369 1449 y(w)o(o)q(o)q(d)i(Cli\013s,)d(New)h(Jersey)l(,)f(1990.)198
1550 y([Sto89])25 b(Cli\013ord)19 b(P)l(.)f(Stoll.)28 b Fa(The)20
b(Cucko)n(o's)f(Egg:)28 b(T)l(r)n(acing)20 b(a)f(Spy)h(Thr)n(ough)f(the)h
(Maze)g(of)369 1611 y(Computer)d(Espionage)p Fo(.)22 b(Doubleda)o(y)l(,)16
b(1989.)187 1712 y([Sun91])25 b(Sun)16 b(Microsystems.)k Fa(manual)e(p)n
(ages)p Fo(,)e(4.1)g(edition,)f(Jan)o(uary)i(1991.)186 1814
y([T)l(an92])25 b(Andrew)16 b(S.)g(T)l(anen)o(baum.)22 b Fa(Mo)n(dern)17
b(Op)n(er)n(ating)h(Systems)p Fo(.)k(Pren)o(tice-Hall,)14 b(Engle-)369
1874 y(w)o(o)q(o)q(d)k(Cli\013s,)d(New)h(Jersey)l(,)f(1992.)182
1976 y([Tho84])25 b(Ken)c(Thompson.)37 b(Re\015ections)20 b(on)i(T)l(rusting)
g(T)l(rust.)37 b Fa(Communic)n(ations)22 b(of)g(the)369 2036
y(A)o(CM)p Fo(,)15 b(27\(8\):761{3,)k(August)d(1984.)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF