Network Applications: DNS Y. Richard Yang 2/1/2016.

Slides:



Advertisements
Similar presentations
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
Advertisements

2: Application Layer1 FTP, SMTP and DNS. 2: Application Layer2 FTP: separate control, data connections r FTP client contacts FTP server at port 21, specifying.
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts, routers: –IP address (32 bit) - used for addressing datagrams –“name”, e.g., gaia.cs.umass.edu.
2: Application Layer1 Chapter 2 Application Layer Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July 2007.
Application Layer session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.
1 An Overview of Applications Xin Liu ECS 152A Ref: slides by J. Kurose and K. Ross.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.
Electronic Mail Three major components: SMTP user agents mail servers
Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
CS 4396 Computer Networks Lab
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)
Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 9
Lecturer: Maxim Podlesny Sep CSE 473 File Transfer and Electronic in Internet.
DNS,SMTP,MIME.
Network Applications: DNS, UDP Socket Y. Richard Yang 9/12/2013.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
DNS: Domain Name System
1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.
1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.
1 9/18/2009 Network Applications and Network Programming: + DNS.
Network Applications: Overview, Y. Richard Yang 9/10/2013.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
CPSC 441: DNS 1. DNS: Domain Name System Internet hosts: m IP address (32 bit) - used for addressing datagrams m “name”, e.g., - used by.
Configuring Name Resolution and Additional Services Lesson 12.
EE 122: Lecture 20 (Domain Name Server - DNS) Ion Stoica Nov 15, 2001 (* based on the some on-line slides of J. Kurose & K. Rose and of Raj Jain)
CS 3830 Day 9 Introduction 1-1. Announcements r Quiz #2 this Friday r Demo prog1 and prog2 together starting this Wednesday 2: Application Layer 2.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Network Applications 9/14/ Outline  Recap r ISO/OSI Layering and Internet Layering r Application layer overview r Examples.
Network Applications 9/14/ Outline  Recap r ISO/OSI Layering and Internet Layering r Application layer overview r Examples.
Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College How’s it going??
Network Applications: DNS, UDP Socket 1/24/ Outline  Recap r DNS r Network application programming: UDP.
Lecture 5: Web Continued 2-1. Outline  Network basics:  HTTP protocols  Studies on HTTP performance from different views:  Browser types [NSDI 2014]
Net 221D:Computer Networks Fundamentals
CS470 Computer Networking Protocols
2: Application Layer 1 Chapter 2: Application layer r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail  SMTP,
1. Internet hosts:  IP address (32 bit) - used for addressing datagrams  “name”, e.g., ww.yahoo.com - used by humans DNS: provides translation between.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
COMP 431 Internet Services & Protocols
Network Applications: Overview, Y. Richard Yang 1/27/2016.
Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.
1 Chapter 10: Application Layer Reference: Chapter 7 - “Computer Networks”, Andrew S. Tanenbaum, 4th Edition, Prentice Hall, 2003.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
COMPUTER NETWORKS Hwajung Lee. Image Source:
@Yuan Xue A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their.
@Yuan Xue A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their.
Application Layer instructors at St. Clair College in Windsor, Ontario for their slides. Special thanks to instructors at St. Clair College in Windsor,
Chapter 9: Domain Name Servers
Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 9
Network Applications: Security, DNS
Subject Name: Computer Communication Networks Subject Code: 10EC71
Packet Switching To improve the efficiency of transferring information over a shared communication line, messages are divided into fixed-sized, numbered.
DNS: Domain Name System
The Application Layer: Sockets, DNS
FTP, SMTP and DNS 2: Application Layer.
Network Applications: Security, DNS
Chapter 2 Application Layer
Presentation transcript:

Network Applications: DNS Y. Richard Yang 2/1/2016

2 Outline  Admin and recap r DNS

3 Admin r 72 discretionary late hours for assignments across the semester

4 Recap: The Big Picture of the Internet r Hosts and routers: m ~ 1 bill. hosts (2015) m organized into ~50K networks m backbone links 100 Gbps r Software: m datagram switching with virtual circuit support m layered network architecture use end-to-end arguments to determine the services provided by each layer m the hourglass architecture of the Internet IP EthernetCable/DSLWireless TCP UDP Telnet FTPWWW SSL

5 Protocol Formats

6 Multiplexing/Demultiplexing

7 Recap: Client-Server Paradigm application transport network data link physical application transport network data link physical request reply r The basic paradigm of network applications is the client-server (C-S) paradigm r Some key design questions to ask about a C-S application: m extensibility m scalability m robustness m security

8 Recap: App mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP POP3 or IMAP SMTP Some nice protocol extensibility design features separate protocols for different functions simple/basic (smtp) requests to implement basic control; fine- grain control through ASCII header and message body status code in response makes message easy to parse

9 Challenge r A large percentage of spam/phish Source:

10 Recap: Spam Detection Methods by GMail r Known phishing scams r Message from unconfirmed sender identity r Message you sent to Spam/similarity to suspicious messages r Administrator-set policies r Empty message content

11 Current Authentication Approaches Sender Policy Frame (SPF) DomainKeys Identified Mail (DKIM)

12 Sender Policy Framework (SPF RFC7208) MUA MTA Border Outbound MTA m Border Inbound MTA MUA smtp/submission smtp pop/imap neighbor MTA validating MTA Is my neighbor m a permitted sender for the domain?

SPF Exercise r Test 1 m Send real by gmail m POP retr r Test 2 m Send using telnet m POP retr 13

Key Remaining Question for SPF? r How does SPF know if its neighbor MTA is a permitted sender of the domain? 14

15 DomainKeys Identified Mail (DKIM; RFC 5585) r A domain-level digital signature authentication framework for , using public key crypto m E.g., gmail.com signs that the message is sent by gmail server r Basic idea of public key signature m Owner has both public and private keys m Owner uses private key to sign a message to generate a signature m Others with public key can verify signature

Example: RSA 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e < n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d).

RSA: Signing/Verification 0. Given (n,e) and (n,d) as computed above 1. To sign message, m, compute h = hash(m), then sign with private key s = h mod n d (i.e., remainder when h is divided by n) d 2. To verify signature s, compute h’ = s mod n e (i.e., remainder when s is divided by n) e h = (h mod n) d mod n e Magic happens! The magic is a simple application of Euler’s generalization of Fermat’s little theorem

18 DomainKeys Identified Mail (DKIM) MUA Signing MTA MTA Verifying MTA MUA smtp/submission smtp pop/imap ? Is the message signed by the private key of the signing domain?

Key Remaining Question about DKIM? r How does DKIM retrieve the public key of the author domain? 19

20 Summary: Client-Server Paradigm application transport network data link physical application transport network data link physical request reply r The basic paradigm of network applications is the client-server (C-S) paradigm r Some key design questions to ask about a C-S application: extensibility m scalability m robustness security

Scalability/Robustness r High scalability and robustness fundamentally require that multiple servers serve the same address 21 client need an server’s IP address mail server mail server mail server yale.edu mapping

22 Mapping Functions Design Alternatives r Map from an address server name to IP address of server mapping name (e.g., yale.edu) 1 IP mapping multiple IPs mapping multiple IPs name (e.g., yale.edu)

23 Mapping Functions Design Alternatives load balancer (routing) switch mapping name (e.g., yale.edu) 1 IP mapping name (e.g., yale.edu) 1 IP

Summary: Some Key Remaining Issues about r Basic: How to find the server of a domain? r Scalability/robustness: how to find multiple servers for the domain? r Security m SPF: How does SPF know if its neighbor MTA is a permitted sender of the domain? m DKIM: How does DKIM retrieve the public key of the author domain?

Outline r Recap r security (authentication)  DNS 25

26 DNS: Domain Name System r Function m map between (domain name, service) to value, e.g., ( Addr) -> (cs.yale.edu, ) -> netra.cs.yale.edu routers DNS Hostname, Service Address servers clients

27 DNS Records DNS: stores resource records (RR) r Type=NS  name is domain (e.g. yale.edu)  value is the name of the authoritative name server for this domain RR format: (name, type, value, ttl) r Type=A  name is hostname  value is IP address r Type=CNAME  name is an alias name for some “canonical” (the real) name  value is canonical name r Type=MX  value is hostname of mail server associated with name r Type=SRV m general extension for services r Type=TXT m general txt parameters/dns-parameters.xhtml

28 Try DNS: Examples r dig m type=MX gmail.com m type=A m type=TXT gmail.com _domainkey.gmail.com

29 DNS Design: Dummy Design r DNS itself can be considered as a client-server system as well r How about a dummy design: introducing one super Internet DNS server? THE DNS server of the Internet register resolve OK/used already IP address

30 Problems of a Single DNS Server r Scalability and robustness bottleneck r Administrative bottleneck

31 DNS: Distributed Management of the Domain Name Space r A distributed database managed by authoritative name servers m divided into zones, where each zone is a sub-tree of the global tree m each zone has its own authoritative name servers m an authoritative name server of a zone may delegate a subset (i.e. a sub-tree) of its zone to another name server called a zone

32 Architecture + DNS mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP POP3 or IMAP SMTP DNS

33 Root Zone and Root Servers r The root zone is managed by the root name servers m 13 root name servers worldwide See for more detailshttp://root-servers.org/

34 Linking the Name Servers r Each name server knows the addresses of the root servers r Each name server knows the addresses of its immediate children (i.e., those it delegates) Top level domain (TLD) Q: how to query a hierarchy?

35 DNS Message Flow: Two Types of Queries Recursive query:  The contacted name server resolves the name completely Iterated query: r Contacted server replies with name of server to contact m “I don’t know this name, but ask this server”

36 Two Extreme DNS Message Flows client cicada.cs.yale.edu root name server authoritative name server 5 6 TLD name server 4 client cicada.cs.yale.edu root name server authoritative name server 4 3 TLD name server 5 Issues of the two approaches?

37 Typical DNS Message Flow: The Hybrid Case requesting host cyndra.cs.yale.edu gaia.cs.umass.edu root name server authoritative name server dns.cs.umass.edu 5 6 TLD name server 7 8 iterated query local name server Host knows only local name server Local name server is learned from DHCP, or configured, e.g. /etc/resolv.conf Local DNS server helps clients resolve DNS names

38 Typical DNS Message Flow: The Hybrid Case requesting host cyndra.cs.yale.edu gaia.cs.umass.edu root name server authoritative name server dns.cs.umass.edu 5 6 TLD name server 7 8 iterated query local name server Host knows only local name server Local name server is learned from DHCP, or configured, e.g. /etc/resolv.conf Local DNS server helps clients resolve DNS names Benefits of local name servers simplifies client Caches/reuses results

Outline r Recap r security (authentication)  DNS  High-level design  Details 39

IP EthernetCable/DSLWireless TCP UDP DNS IP EthernetCable/DSLWireless TCP UDP DNS DNS Message Format?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.