Domain Name System (DNS)

Domain Name System (DNS)

Stands for Domain Name System (or Service or Server), an Internet

service that translates domain name into IP addresses. Because

domain names are alphabetic, they're easier to remember.

The Internet however, is really based on IP addresses. Every time

You use a domain name, therefore, a DNS service must translate the

name into the corresponding IP address.

More about DNS

For example, the domain name www.itch.hu.edu.af might be

translated to 182.50.190.26.

Two Zomes in DNS Server!

Forward Lookup:Name to IP

Reverse Lookup:IP to Name

Requests and responses are normally sent in UDP packets, port 53

Occasionally uses TCP, port 53

DNS is Hierarchical

DNS is Hierarchical

Domain name space hierarchy

domain name hierarchy

DNS Hierarchy

There are several high level domain each group allow to

choose between geographical or organization .

Com = Commercial organizations

Mil = Military groups

Net = Major network support centres

Int = International organizations

Arpa = Temporary ARPANET domain

DNS Hierarchy

Every person or every organization can register a second level

domain on that high level domain by referring to the responsible

of that high level domain and with less price.

For Example:

The edu and gov are educational and governmental Every one can

register a second level domain in these high level domains.

When registering a domain the responsible can register any number

of sub domains or hosts on that domain without any limitation.

Name server

A name server translates domain name into IP addresses.

This makes it possible for a user to access a website by

typing in the domain name instead of the websites actual IP.

name server is big and active database system.

DNS server

The Domain Name System

DNS is a distributed database for holding name to IP address (and

other) information

Distributed:

– Shares the Administration

– Shares the Load

Robustness and improved performance achieved through

– replication

– and caching

Uses a client-server architecture

And is the critical piece of the Internet's infrastructure

Types of Queries

recursive query

Host at cis.poly.edu wants IP

address for gaia.cs.umass.edu

recursive query:

Ask for name resolution from

nearby name server.

heavy load! Why?

Iterated query:

Iterated querry

contacted server replies with

name of server to contact

“I don’t know this name, but

ask this server”

There are three roles involved in DNS

Three roles involved in DNS

RESOLVER

– Takes request from application, formats it into UDP packet, sends to cache

CACHING NAMESERVER

– Returns the answer if already known

– Otherwise searches for an authoritative server which has the information

– Caches the result for future queries

– Also known as RECURSIVE nameserver

AUTHORITATIVE NAMESERVER

– Contains the actual information put into the DNS by the domain owner

ROLE 1: THE RESOLVER

A piece of software which formats a DNS request into a UDP

packet, sends it to a cache, and decodes the answer

Usually a shared library (e.g. libresolv.so under Unix) because so

many applications need it

EVERY host needs a resolver

- e.g. every Windows workstation has one

How does the resolver find a caching nameserver?

It has to be explicitly configured (statically, or via DHCP, etc)

Must be configured with the IP ADDRESS of a cache

why not name?

(As#3: Part A)

Good idea to configure more than one cache

(As#3: Part B)

How do you choose which cache(s) to configure?

Must have PERMISSION to use it

– e.g. cache at your ISP, or your own

Prefer a nearby cache

– Minimises round-trip time and packet loss

– Can reduce traffic on your external link, since often the

cache can answer without contacting other servers

Prefer a reliable cache

– Perhaps our own!?

Example: Unix/Linux resolver configuration

/etc/resolv.conf

domain itch.hu.edu.af

nameserver 172.16.1.236

nameserver 172.16.0.252

That's all you need to configure a resolver

The old solution: HOSTS.TXT

A centrally-maintained file, distributed to all hosts on the Internet

SPARKY                       128.4.13.9

UCB-MAILGATE        4.98.133.7

FTPHOST                     200.10.194.33

... etc

This feature still exists:

 /etc/hosts (UNIX)

 c:\windows\hosts

hosts.txt does not scale

- Huge file (traffic and load)

- Name collisions (name uniqueness)

- Consistency

- Always out of date

- Single point of Administration

- Did not scale well

Testing DNS with "dig"

"dig" is a program which just makes DNS queries and displays the results

dig itch.hu.edu.af.

-- defaults to query type "A"

dig itch.hu.edu.af. mx

-- specified query type

dig @8.8.8.8 itch.hu.edu.af. mx

-- send to particular cache (overrides

/etc/resolv.conf)

Commonly seen Resource Records (RRs)

A (address): map hostname to IPv4 address

AAAA (quad A): map a hostname to IPv6 address

PTR (pointer): map IP address to hostname

MX (mail exchanger): where to deliver mail for user@domain

CNAME (canonical name): map alternative hostname to real

hostname

TXT (text): any descriptive text

NS (name server)

SOA (start of authority): used for delegation and management of the

DNS itself

A Simple Query Example

● Query:              www.itch.hu.edu.af.

● Query type:     A

● Result:

www.itch.hu.edu.af.   22725    IN   A       182.50.190.26

In this case a single RR is found, but in general, multiple RRs

may be returned.

(IN is the "class" for INTERNET use of the DNS)

A Simple Query Example

Understanding output from dig

Answer section (RRs requested)

– Each record has a Time To Live (TTL)

– Says how long the cache will keep it

Authority section

– Which nameservers are authoritative for this domain

Additional section

– More RRs (typically IP addresses for the authoritative nameservers)

Total query time

Check which server gave the response!

– If you make a typing error, the query may go to a default server

DNS records

DNS: distributed db storing resource records (RR)

DNS records

DNS protocol, messages

DNS protocol : query and reply messages, both with same message

format

msg header

DNS protocol, messages

identification: 16 bit # for

query, reply to query uses

same # of bit

flags:

 query or reply

 recursion desired

 recursion available

 reply is authoritative

DNS protocol, messages

Hostname, Host, and Nslookup

Hostname utility

– Provides client’s host name

• Administrator may change the name if needed

Nslookup

– Query DNS database from any network computer

• Find the device host name by specifying its IP address

– Verify host configured correctly

(troubleshoot DNS resolution problems)

Whois

Query DNS registration database

– Obtain domain information

Troubleshoot network problems

Syntax on Linux or Unix

– whois xxx.yy

• xxx.yy is second-level domain name

Windows system

– Requires additional utilities

Web sites provide simple, Web-based interfaces

Dynamic Host Configuration Protocol (DHCP)

DHCP

Stands for “Dynamic Host Configuration Protocol”

Allows host/client to dynamically obtain its IP address from network server

when it joins network

– Client can renew its lease on address in use

– Allows reuse of addresses (only hold address while connected and “on”)

– Support for mobile users who want to join network

– Automated and centralized configuration of network

– Ports:

UDP 67 (request)

UDP 68 (response)

When we want to join/connect to a network we might:

- Request the network administrator to set/give us a static IP address

- Simply connect to the network and wait for DHCP server to do it!

DHCP

DHCP overview:

A host/client in order to get an IP from a dhcp server,

Should pass the following dialogue:

– Host/client broadcasts “DHCP discover” message

– DHCP server responds with “DHCP offer” message

– host requests IP address: “DHCP request” message

– DHCP server sends address: “DHCP ack” message

IP address leasing

IP address leasing 

– DHCPDISCOVER

● Client broadcasts to discover dhcp

server in the network

– DHCPOFFER

● Server sends uni-cast to DHCP client

(suggest. IP, subnet, gateway, etc.)

– DHCPREQUEST

● Client sends broadcast to all DHCP

servers ! Why? and includes

server identifier to choose from offers

– DHCPACK

● Server sends uni-cast to client

(IP, subnet, gateway, etc.)

DHCP DORA

DHCP DORA 

DHCP Services

DHCP server assigns (at least) the following information:

- Client IP address and subnet mask

- Default gateway (default route)

- Name server (for name resolution)

- NTP server (for synchrony internal time setting)

Allocation Modes

DHCP server can assign IP addresses to the requested clients in

different ways:

Manual mode:

- Static mapping table for MAC and IP address

- Only hosts with listed MAC address receives IP address

- Allocation on undefined time

- Mostly used for servers ( static mapping, port forwarding)

Automatic static mode:

- Defined range of IP address for allocation

- Automated mapping of MAC and IP addresses

- Allocation on undefined time

Automatic dynamic mode:

- Defined range of IP address for allocation

- Automated mapping of MAC addresses and IP addresses

- Provides re-use of IP address

DHCP server leases IP address for a defined time period

Client renews lease time or release its IP address

DHCP commands

DHCPDISCOVER: Client broadcasts for DHCP server discovery

DHCPOFFER: DHCP servers answer on DHCPDISCOVER including their

specific values and parameters

DHCPREQUEST: Client broadcasts DHCP request including server

identifier to choose one of the DHCP server that has respond on

DHCPDISCOVER

DHCPACK: related DHCP server gives acknowledgment to the client's

related DHCPREQUEST

DHCPNAK: related DHCP server gives negative acknowledgment to the

client's related DHCPREQUEST (because of concurrent requests, etc.)

DHCPDECLINE: Client declines offer because of the IP is already used

in the network (checked with ARP)

DHCPRELEASE: Client releases it's actual configuration (for example if

network interface is set down) – that configuration than can be used

by other clients

 DHCPINFORM: only request for information / parameter excluding the

IP address

(for example if IP is configured in a static way for this client)

DHCP commands Analysis

DHCP Discover

DHCP Discover 

DHCP Offer

DHCP offer

DHCP Request

DHCP Request

DHCP Ack

DHCP Ack

DHCP Decline

DHCP Decline

Sample DHCP Configuration

#this is test DHCP server

ddns-update-style none;

option domain-name-servers 192.168.2.1;

default-lease-time 86400;

max-lease-time 604800;

authoritative;

subnet 192.168.1.0 netmask 255.255.255.0 {

range 192.168.1.100 192.168.1.155;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.1.255;

option routers 192.168.1.1;

DHCP Security

What happens if an unauthorized DHCP server connects

to a network?

DHCP Security

Scenario: Client requests for a bank website

CCNA tutorials 

But before that, client has obtained IP address with offer of

a fake DHCP server !

DHCP CCNA tutorials

As DHCP provides DNS server to the client who requested the IP,

Client will be cheated with fake and wrong DNS server as well !

fake client on DHCP 

Download Windows 8 ISO file with serial number

Download Windows 8 ISO file with serial number

To download Windows 8 ISO simply click on the link below and download the file

Download Windows 8 with serial number

And to learn how to install it on your PC watch the video:

 

Have fun

Principles of Application Layer Protocols (FTP)

FTP

FTP (File Transfer Protocol) is a protocol for transferring a file

from one host to another host.

ftp

- Allows a user to copy files to/from remote hosts

- Client program connects to FTP server

- Provides a login id and password

- Allows the user to explore the directories and download and

upload files with the server

HTTP and FTP are both file transfer protocols and have many common characteristics.

Example:

Both run on top of TCP, the Internet's connection-oriented, transport-layer,

reliable data transfer protocol.

But FTP uses two parallel TCP connections to transfer a file, a control connection

and a data connection.

The control connection is used for sending control information between the two hosts.

information such as user identification, password, commands to change remote

directory, and commands to "put" and "get" files.

The data connection is used to actually send a file.

As FTP uses a separate control connection, FTP is said to send its control

information out-of-band which avoids requiring the user to log in again ! Why?

TCP control connection 

When a user starts an FTP session with a remote host, FTP first sets up

a control TCP connection on server port number 21.

The client side of FTP sends the user identification and password over

this control connection.

The client side of FTP also sends, over the control connection,

commands to change the remote directory.

When the user requests a file transfer (either to, or from, the remote

host), FTP opens a TCP data connection on server port number 20.

FTP sends exactly one file over the data connection and then closes

the data connection.

If, during the same session, the user wants to transfer another file, FTP opens

another data TCP connection.

Thus, with FTP, the control connection remains open throughout the duration

of the user session, but a new data connection is created for each file

transferred within a session.

- FTP maintains state and therefor is stateful.

FTP Commands

The commands, from client to server, and replies, from server to client,

are sent across the control TCP connection in 7-bit ASCII format.

Common cmds:

Authentication

– USER: specify the user name to log in as

– PASS: specify the user’s password

Exploring the files

– LIST: list the files for the given file specification

– CWD: change to the given directory

Downloading and uploading files

– TYPE: set type to ASCII (A) or binary image (I)

– RETR: retrieve the given file

– STOR: upload the given file

Closing the connection

– QUIT: close the FTP connection

FTP Respond

There is typically a one-to-one correspondence between the command that the user

issues and the FTP command sent across the control connection.

Each command is followed by a reply, sent from server to client. The replies are threedigit

numbers, with an optional message following the number.

Eg:

331 Username OK, password required

125 Data connection already open; transfer starting

425 Can't open data connection

Server Response Codes

1xx: positive preliminary reply

– The action is being started, but expect another reply before sending the next

command.

2xx: positive completion reply

– The action succeeded and a new command can be sent.

3xx: positive intermediate reply

– The command was accepted but another command is now required.

4xx: transient negative completion reply

– The command failed and should be retried later.

5xx: permanent negative completion reply

– The command failed and should not be retried.