APPLICATION LAYER

UNIT 5
DNS, DDNS, WWW, TELNET, EMAIL, FTP, HTTP, SNMP,
Bluetooth, Firewalls.
Network Security: Electronic mail, directory services and
network management, Basic concepts of Cryptography.
DNS
 DOMAIN NAME SYSTEM (DNS)

•Domain Name System Protocol is used to query

name servers and send the responses.
•The Internet needs to have a directory system that
can map a name to an address.
•The first is for mapping the name to an IP address;
the second is for transferring files.

26.3
 Purpose of DNS
A user wants to use a file transfer client to access the corresponding file transfer
server running on a remote host. The user knows only the file transfer server name,
such as afilesource.com. However, the TCP/IP suite needs the IP address of the file
transfer server to make the connection. The following six steps map the host name to
an IP address:
1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server. The DNS
client sends a message to a DNS server with a query that gives the file transfer server
name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.
5. The DNS server passes the IP address to the file transfer client.
6. The file transfer client now uses the received IP address to access the file transfer
server.

26.4
Name Space

26.5
 Domain name space

The names are defined in an inverted-tree structure

with the root at the top. The tree can have only 128
levels: level 0 (root) to level 127.

26.6
 Domain names and labels Each node in the tree has:
•Label: a string with a maximum of 63
characters. which is The root label is a
null string (empty string).

•domain name: A full domain name is a

sequence of labels separated by dots
(.). The domain names are from the
node up to the root. a full domain
name always ends in a null label,
which means the last character is a
dot.

26.7
DOMAIN NAME
• Each node in the tree has a domain name. A full domain
name is a sequence of labels separated by dots (.)
• The domain names are always read from the node up to
the root. The last label is the label of the root (null).
• This means that a full domain name always ends in a
null label, which means the last character is a dot
because the null string is nothing
• FQDN: If a label is terminated by a null string, it is
called a fully qualified domain name (FQDN). The name
must end with a null label, but because null means
nothing, the label ends with a dot.
• PQDN: If a label is not terminated by a null string, it is
called a partially qualified domain name (PQDN). A
PQDN starts from a node, but it does not reach the root.
26.8
 Domains

• domain is a subtree of the domain name space.

• The name of the domain is the name of the node at the top of
the subtree.
• The domain may itself be divided into domains.

26.9
Distribution of Name Space
• Each node in the tree has a domain name. A full domain
name is a sequence of labels separated by dots (.)
• The information contained in the domain name space
must be stored.
• However, it is very inefficient and also not reliable to
have just one computer store such a huge amount of
information.
• It is inefficient because responding to requests from all
over the world places a heavy load on the system.
• It is not reliable because any failure makes the data
inaccessible.

26.10
 Hierarchy of name servers

The information contained in the domain name space must be stored. It is

very inefficient to store it in one computer, because responding to requests
from all over the world places a heavy load on the system. Also, It is not
reliable because any failure makes the data inaccessible.

The solution: Hierarchy of Name Servers:

distribute the information among many computers called DNS servers
(How?)
•by dividing the whole space into many domains  we let the root and
create subtrees (first-level nodes) then domains can be divided further
into smaller domains (subdomains).
•Each server can be responsible (authoritative) for either a large or small
domain.  we have a hierarchy of servers in the same way that we have a
hierarchy of names.
26.11
 Zone
What a server is responsible for
or has authority over is called a
zone.
If a server does not divide
the domain into smaller
domains:
The “domain” and the “zone”
refer to the same thing.
The server makes a database called
a zone file and keeps all the
information for every node under
that domain.

If a server divides its

domain into subdomains
and delegates part of its
The information
authority about
to other the nodes in the subdomains is stored in the servers
servers,
at the lower
“domain” andlevels,
“zone”with thetooriginal server keeping some sort of reference
refer
to these lower-level
different things. servers.
Of course, the original server does not free itself from responsibility totally. It
still has a zone, but the detailed information is kept by the lower-level
servers.
26.12
Primary and Secondary Servers
DNS defines two types of servers: primary and secondary.
1.A primary server is a server that stores a file about the zone for which it is
an authority.
It is responsible for creating, maintaining, and updating the zone file. It
stores the zone file on a local disk.
1.A secondary server is a server that transfers the complete information
about a zone from another server (primary or secondary) and stores the file
on its local disk. The secondary server neither creates nor updates the zone
files.
If updating is required, it must be done by the primary server, which sends
the updated version to the secondary.
 DNS in the Internet

DNS is a protocol that can be used in different

platforms. In the Internet, the domain name space (tree)
was originally divided into three different sections:
generic domains, country domains, and the inverse
domains.
However, due to the rapid growth of the Internet, it
became extremely difficult to keep track of the inverse
domains, which could be used to find the name of a host
when given the IP address. The inverse domains are
now deprecated (see RFC 3425). We, therefore,
concentrate on the first two.
26.14
 Generic domains
The generic domains define registered hosts according to their
generic behavior. Each node in the tree defines a domain, which is
an index to the domain name space database
Looking at the tree, we see that the first level in the generic
domains section allows 14 possible labels. These labels describe
the organization types as listed in Table 26.12.

26.15
 Generic domain labels

26.16
 Country domains
The country domains section uses two-character country abbreviations (us for United
States).
Second labels can be organizational, or they can be more specific national
designations.

In the figure, the address uci.ca.us. can be translated to University of California in the
state of
California in the United States.

26.17
 Resolution

name-address resolution: Mapping a name to an

address.
DNS is designed as a client-server application. A host
that needs to map an address to a name or a name to
an address calls a DNS client named as a resolver.
The resolver accesses the closest DNS server with a
mapping request. If the server has the information, it
satisfies the resolver; otherwise, it either refers the
resolver to other servers or asks other servers to
provide the information.

26.18
 Recursive resolution

7
6
1 4
8

The Figure shows a simple example of a recursive resolution.

We assume that an application program running on a host named
some.anet.com needs to find the IP address of another host named
engineering.mcgraw-hill.com.

26.19
 Iterative resolution

2
1
8 4
5
6 7

In iterative resolution, each server that does not know the mapping sends the IP
address of the next server back to the one that requested it.
The messages shown by events 2, 4, and 6 contain the same query.
The message shown by event 3 contains the IP address of the top-level domain
server.
The message shown by event 5 contains the IP address of the McGraw-Hill local DNS
server.
The message shown by event 7 contains the IP address of the destination.

26.20
 Caching

Each time a server receives a query for a name that

is not in its domain, it needs to search its database
for a server IP address. Reduction of this search
time would increase efficiency. DNS handles this
with a mechanism called caching:
When a server asks for a mapping from
another server and receives the response,
it stores this information in its cache
memory before sending it to the client.

26.21
 Resource Records

The zone information associated with a server is

implemented as a set of resource records. In other
words, a name server stores a database of resource
records. A resource record is a 5-tuple structure, as
shown below:

The domain name field is what identifies the resource record.

The type defines how the value should be interpreted.
The class defines the type of network; we are only interested in
the class IN (Internet).
The TTL defines the number of seconds for which the
information is valid.
The value defines the information kept about the domain name.
Table 26.13 lists the common types and how the value is
interpreted for each type. 26.22
 DNS types

26.23
 DNS Messages

To retrieve information about hosts, DNS uses two

types of messages: query and response. Both types
have the same format as shown in Figure 26.38.

26.24
 DNS message

• Identification is used by the client to match the response with the query.
• Flag defines whether the message is a query or response.
• The next four fields in the header define the number of each record type in the
message.
• Question section consists of one or more question records in both query and
response messages.
• Answer section consists of one or more resource records only in response
messages.
• Authoritative section gives information (domain name) about one or more
authoritative servers for the query.
• Additional section provides additional information that may help the resolver.
26.25
nslookup
In UNIX and Windows, the nslookup utility can be used to
retrieve address/name mapping. The following shows how
we can retrieve an address when the domain name is given.

26.26
 Registrars

How are new domains added to DNS? This is done

through a registrar, a commercial entity accredited
by ICANN. A registrar first verifies that the
requested domain name is unique and then enters it
into the DNS database.

26.27
 DDNS

When the DNS was designed, no one predicted that

there would be so many address changes. In DNS,
when there is a change, such as adding a new host,
removing a host, or changing an IP address, the
change must be made to the DNS master file. These
types of changes involve a lot of manual updating. The
size of today’s Internet does not allow for this kind of
manual operation.

The DNS master file must be updated dynamically.

The Dynamic Domain Name System (DDNS)
therefore was devised to respond to this need.

26.28
 Security of DNS

DNS is one of the most important systems in

the Internet infrastructure; it provides crucial
services to Internet users. Applications such as
Web access or e-mail are heavily dependent
on the proper operation of DNS.

DNS can be attacked in several ways (how?). a

technology named DNS Security (DNSSEC)
protect DNS by providing message origin
authentication and message integrity using a
security service called digital signature.
26.29
 Security of DNS

1. The attacker may read the response of a DNS server to find the
nature or names of sites the user mostly accesses. (find the user’s
profile).

2. The attacker may intercept the response of a DNS server and change
it to a new response to direct the user to the site or domain the attacker
wishes the user to access.

3. The attacker may flood the DNS server to overwhelm it or eventually

crash it.

26.30