Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Applications: DNS Y. Richard Yang 2/1/2016.

Published bySharleen McBride Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Applications: DNS Y. Richard Yang 2/1/2016."— Presentation transcript:

1 Network Applications: DNS Y. Richard Yang http://zoo.cs.yale.edu/classes/cs433/ 2/1/2016

2 2 Outline  Admin and recap r DNS

3 3 Admin r 72 discretionary late hours for assignments across the semester

4 4 Recap: The Big Picture of the Internet r Hosts and routers: m ~ 1 bill. hosts (2015) m organized into ~50K networks m backbone links 100 Gbps r Software: m datagram switching with virtual circuit support m layered network architecture use end-to-end arguments to determine the services provided by each layer m the hourglass architecture of the Internet IP EthernetCable/DSLWireless TCP UDP Telnet Email FTPWWW SSL

5 5 Protocol Formats

6 6 Multiplexing/Demultiplexing

7 7 Recap: Client-Server Paradigm application transport network data link physical application transport network data link physical request reply r The basic paradigm of network applications is the client-server (C-S) paradigm r Some key design questions to ask about a C-S application: m extensibility m scalability m robustness m security

8 8 Recap: Email App mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP POP3 or IMAP SMTP Some nice protocol extensibility design features separate protocols for different functions simple/basic (smtp) requests to implement basic control; fine- grain control through ASCII header and message body status code in response makes message easy to parse

9 9 Email: Challenge r A large percentage of spam/phish Source: http://www.statista.com/statistics/420400/spam-email-traffic-share-annual/

10 10 Recap: Spam Detection Methods by GMail r Known phishing scams r Message from unconfirmed sender identity r Message you sent to Spam/similarity to suspicious messages r Administrator-set policies r Empty message content https://support.google.com/mail/answer/1366858?hl=en

11 11 Current Email Authentication Approaches Sender Policy Frame (SPF) DomainKeys Identified Mail (DKIM)

12 12 Sender Policy Framework (SPF RFC7208) MUA MTA Border Outbound MTA m Border Inbound MTA MUA smtp/submission smtp pop/imap neighbor MTA validating MTA Is my neighbor m a permitted sender for the domain? https://tools.ietf.org/html/rfc7208

13 SPF Exercise r Test 1 m Send real email by gmail m POP retr r Test 2 m Send using telnet m POP retr 13

14 Key Remaining Question for SPF? r How does SPF know if its neighbor MTA is a permitted sender of the domain? 14

15 15 DomainKeys Identified Mail (DKIM; RFC 5585) r A domain-level digital signature authentication framework for email, using public key crypto m E.g., gmail.com signs that the message is sent by gmail server r Basic idea of public key signature m Owner has both public and private keys m Owner uses private key to sign a message to generate a signature m Others with public key can verify signature

16 Example: RSA 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e < n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d).

17 RSA: Signing/Verification 0. Given (n,e) and (n,d) as computed above 1. To sign message, m, compute h = hash(m), then sign with private key s = h mod n d (i.e., remainder when h is divided by n) d 2. To verify signature s, compute h’ = s mod n e (i.e., remainder when s is divided by n) e h = (h mod n) d mod n e Magic happens! The magic is a simple application of Euler’s generalization of Fermat’s little theorem

18 18 DomainKeys Identified Mail (DKIM) MUA Signing MTA MTA Verifying MTA MUA smtp/submission smtp pop/imap ? Is the message signed by the private key of the signing domain?

19 Key Remaining Question about DKIM? r How does DKIM retrieve the public key of the author domain? 19

20 20 Summary: Client-Server Paradigm application transport network data link physical application transport network data link physical request reply r The basic paradigm of network applications is the client-server (C-S) paradigm r Some key design questions to ask about a C-S application: extensibility m scalability m robustness security

21 Scalability/Robustness r High scalability and robustness fundamentally require that multiple email servers serve the same email address 21 client need an email server’s IP address mail server mail server mail server yale.edu 130.132.50.7 130.132.50.8130.132.50.9 mapping

22 22 Mapping Functions Design Alternatives r Map from an email address server name to IP address of email server mapping name (e.g., yale.edu) 1 IP mapping multiple IPs mapping multiple IPs name (e.g., yale.edu)

23 23 Mapping Functions Design Alternatives load balancer (routing) switch mapping name (e.g., yale.edu) 1 IP mapping name (e.g., yale.edu) 1 IP

24 Summary: Some Key Remaining Issues about Email r Basic: How to find the email server of a domain? r Scalability/robustness: how to find multiple servers for the email domain? r Security m SPF: How does SPF know if its neighbor MTA is a permitted sender of the domain? m DKIM: How does DKIM retrieve the public key of the author domain?

25 Outline r Recap r Email security (authentication)  DNS 25

26 26 DNS: Domain Name System r Function m map between (domain name, service) to value, e.g., (www.cs.yale.edu, Addr) -> 128.36.229.30 (cs.yale.edu, Email) -> netra.cs.yale.edu routers DNS Hostname, Service Address servers clients

27 27 DNS Records DNS: stores resource records (RR) r Type=NS  name is domain (e.g. yale.edu)  value is the name of the authoritative name server for this domain RR format: (name, type, value, ttl) r Type=A  name is hostname  value is IP address r Type=CNAME  name is an alias name for some “canonical” (the real) name  value is canonical name r Type=MX  value is hostname of mail server associated with name r Type=SRV m general extension for services r Type=TXT m general txt http://www.iana.org/assignments/dns- parameters/dns-parameters.xhtml

28 28 Try DNS: Examples r dig m type=MX gmail.com m type=A m type=TXT gmail.com 20120113._domainkey.gmail.com

29 29 DNS Design: Dummy Design r DNS itself can be considered as a client-server system as well r How about a dummy design: introducing one super Internet DNS server? THE DNS server of the Internet register resolve OK/used already IP address

30 30 Problems of a Single DNS Server r Scalability and robustness bottleneck r Administrative bottleneck

31 31 DNS: Distributed Management of the Domain Name Space r A distributed database managed by authoritative name servers m divided into zones, where each zone is a sub-tree of the global tree m each zone has its own authoritative name servers m an authoritative name server of a zone may delegate a subset (i.e. a sub-tree) of its zone to another name server called a zone

32 32 Email Architecture + DNS mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP POP3 or IMAP SMTP DNS

33 33 Root Zone and Root Servers r The root zone is managed by the root name servers m 13 root name servers worldwide See http://root-servers.org/ for more detailshttp://root-servers.org/

34 34 Linking the Name Servers r Each name server knows the addresses of the root servers r Each name server knows the addresses of its immediate children (i.e., those it delegates) Top level domain (TLD) Q: how to query a hierarchy?

35 35 DNS Message Flow: Two Types of Queries Recursive query:  The contacted name server resolves the name completely Iterated query: r Contacted server replies with name of server to contact m “I don’t know this name, but ask this server”

36 36 Two Extreme DNS Message Flows client cicada.cs.yale.edu root name server 1 2 3 authoritative name server 5 6 TLD name server 4 client cicada.cs.yale.edu root name server 1 6 2 authoritative name server 4 3 TLD name server 5 Issues of the two approaches?

37 37 Typical DNS Message Flow: The Hybrid Case requesting host cyndra.cs.yale.edu gaia.cs.umass.edu root name server 1 2 3 4 authoritative name server dns.cs.umass.edu 5 6 TLD name server 7 8 iterated query local name server 130.132.1.9 Host knows only local name server Local name server is learned from DHCP, or configured, e.g. /etc/resolv.conf Local DNS server helps clients resolve DNS names

38 38 Typical DNS Message Flow: The Hybrid Case requesting host cyndra.cs.yale.edu gaia.cs.umass.edu root name server 1 2 3 4 authoritative name server dns.cs.umass.edu 5 6 TLD name server 7 8 iterated query local name server 130.132.1.9 Host knows only local name server Local name server is learned from DHCP, or configured, e.g. /etc/resolv.conf Local DNS server helps clients resolve DNS names Benefits of local name servers simplifies client Caches/reuses results

39 Outline r Recap r Email security (authentication)  DNS  High-level design  Details 39

40 IP EthernetCable/DSLWireless TCP UDP DNS IP EthernetCable/DSLWireless TCP UDP DNS DNS Message Format?

Download ppt "Network Applications: DNS Y. Richard Yang 2/1/2016."

Similar presentations

Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.

Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
2: Application Layer1 FTP, SMTP and DNS. 2: Application Layer2 FTP: separate control, data connections r FTP client contacts FTP server at port 21, specifying.

2: Application Layer1 FTP, SMTP and DNS. 2: Application Layer2 FTP: separate control, data connections r FTP client contacts FTP server at port 21, specifying.
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts, routers: –IP address (32 bit) - used for addressing datagrams –“name”, e.g., gaia.cs.umass.edu.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts, routers: –IP address (32 bit) - used for addressing datagrams –“name”, e.g., gaia.cs.umass.edu.
2: Application Layer1 Chapter 2 Application Layer Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July 2007.

2: Application Layer1 Chapter 2 Application Layer Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July 2007.
Application Layer12-1 2010 session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.

Application Layer session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.
1 An Overview of Applications Xin Liu ECS 152A Ref: slides by J. Kurose and K. Ross.

1 An Overview of Applications Xin Liu ECS 152A Ref: slides by J. Kurose and K. Ross.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT 745 Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.

Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.
Electronic Mail Three major components: SMTP user agents mail servers

Electronic Mail Three major components: SMTP user agents mail servers
Introduction 1-1 Chapter 2 FTP & Email Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
CS 4396 Computer Networks Lab

CS 4396 Computer Networks Lab
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g., www.yahoo.com.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)

Domain Name System (DNS)

Similar presentations

Ads by Google