Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 5565 Network Architecture and Protocols

Published byAmelia Lawson Modified over 6 years ago

Similar presentations

Presentation on theme: "CS 5565 Network Architecture and Protocols"— Presentation transcript:

1 CS 5565 Network Architecture and Protocols
Lecture 8 Godmar Back

2 Announcements Problem Set 1 due Feb 18 Project 1A due Feb 19
Problem Set 2 due Mar 18 Submission website open – test it! Next week: guest lectures: Monday: Dr. Butt on Distributed Storage Wednesday: Dr. Feng on High-Perf Networking Required Reading: research paper, see website CS 5565 Spring 2009 6/12/2018

3 Application Protocols
Part 2: DNS

4 DNS: Summary so far Performs core network function, but implemented at application layer Not just name resolution, but generic database Example of distributed system: Partitions database hierarchically using domain suffixes; authoritative servers for each level Uses caching via local name servers Simple request/response protocol Only 1 message type for either query/reply CS 5565 Spring 2009 6/12/2018

5 Recursive vs. Iterative Queries
root DNS server a.root-servers.net 2 TLD DNS server a3.nstld.com 3 Host at gback.cs.vt.edu wants IP address for godmar.stanford.edu Sends recursive query to voodoo Voodoo performs iterative queries 4 5 local DNS server voodoo.slo.cs.vt.edu 7 6 1 8 authoritative DNS server Argus.stanford.edu requesting host gback.cs.vt.edu godmar.stanford.edu CS 5565 Spring 2009 6/12/2018

6 RR format: (name, value, class, type, ttl)
DNS Resource Records DNS: distributed DB storing resource records (RR) Example (dig output format) RR format: (name, value, class, type, ttl) a.root-servers.net IN A name ttl in secs class IN=Internet type value CS 5565 Spring 2009 6/12/2018

7 DNS Message Header DNS protocol : query and reply messages, both with same message format msg header identification: 16 bit # for query, reply to query uses same # flags: query or reply recursion desired recursion available reply is authoritative status code CS 5565 Spring 2009 6/12/2018

8 DNS Message Body Name, type fields for a query RRs in response
to query records for authoritative servers additional “helpful” info that may be used CS 5565 Spring 2009 6/12/2018

9 The dig Command CS 5565 Spring 2009 6/12/2018 $ dig cs.vt.edu mx
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1535 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;cs.vt.edu IN MX ;; ANSWER SECTION: cs.vt.edu IN MX stinger.cs.vt.edu. cs.vt.edu IN MX infernus.cs.vt.edu. ;; ADDITIONAL SECTION: stinger.cs.vt.edu IN A infernus.cs.vt.edu IN A ;; Query time: 1 msec ;; SERVER: #53( ) ;; WHEN: Mon Feb 7 10:59: ;; MSG SIZE rcvd: 108 CS 5565 Spring 2009 6/12/2018

10 dig (2) $ dig @nomen.cns.vt.edu cs.vt.edu ns
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27887 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cs.vt.edu IN NS ;; AUTHORITY SECTION: vt.edu IN SOA lacewing.cns.vt.edu. hostmaster.vt.edu ;; Query time: 2 msec ;; SERVER: #53(nomen.cns.vt.edu) ;; WHEN: Mon Feb 7 15:24: ;; MSG SIZE rcvd: 87 CS 5565 Spring 2009 6/12/2018

11 dig vt.edu ns (1) CS 5565 Spring 2009 6/12/2018 $ dig vt.edu ns
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59631 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5 ;; ANSWER SECTION: vt.edu IN NS nomen.cns.vt.edu. vt.edu IN NS milo.cns.vt.edu. vt.edu IN NS ns1-auth.sprintlink.net. vt.edu IN NS ns2-auth.sprintlink.net. vt.edu IN NS ns3-auth.sprintlink.net. ;; ADDITIONAL SECTION: nomen.cns.vt.edu IN A milo.cns.vt.edu IN A ns1-auth.sprintlink.net IN A ns2-auth.sprintlink.net IN A ns3-auth.sprintlink.net IN A CS 5565 Spring 2009 6/12/2018

12 dig vt.edu ns (2) CS 5565 Spring 2009 6/12/2018 $ dig vt.edu ns
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20014 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5 ;; ANSWER SECTION: vt.edu IN NS milo.cns.vt.edu. vt.edu IN NS ns1-auth.sprintlink.net. vt.edu IN NS ns2-auth.sprintlink.net. vt.edu IN NS ns3-auth.sprintlink.net. vt.edu IN NS nomen.cns.vt.edu. ;; ADDITIONAL SECTION: milo.cns.vt.edu IN A ns1-auth.sprintlink.net IN A ns2-auth.sprintlink.net IN A ns3-auth.sprintlink.net IN A nomen.cns.vt.edu IN A CS 5565 Spring 2009 6/12/2018

13 dig vt.edu ns (3) CS 5565 Spring 2009 6/12/2018 $ dig vt.edu ns
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54899 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5 ;; ANSWER SECTION: vt.edu IN NS ns1-auth.sprintlink.net. vt.edu IN NS ns2-auth.sprintlink.net. vt.edu IN NS ns3-auth.sprintlink.net. vt.edu IN NS nomen.cns.vt.edu. vt.edu IN NS milo.cns.vt.edu. ;; ADDITIONAL SECTION: ns1-auth.sprintlink.net IN A ns2-auth.sprintlink.net IN A ns3-auth.sprintlink.net IN A nomen.cns.vt.edu IN A milo.cns.vt.edu IN A CS 5565 Spring 2009 6/12/2018

14 Security in DNS Discussion Why is DNS not secure?
What vulnerabilities can you identify? CS 5565 Spring 2009 6/12/2018

15 DNS Poisoning Actual DNS entry (in 2005)
$ bad.ketil.froyn.name ns ; <<>> DiG bad.ketil.froyn.name ns ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23382 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;bad.ketil.froyn.name IN NS ;; AUTHORITY SECTION: bad.ketil.froyn.name IN NS ;; ADDITIONAL SECTION: IN A ;; Query time: 128 msec ;; SERVER: #53(b.ns.ketil.froyn.name) CS 5565 Spring 2009 6/12/2018

16 Security in DNS No authentication of content (-> DNSSEC) Questions:
When should you trust additional information sent? in- vs. out-of-bailiwick information: Trust vt.edu nameserver only for hosts that end in vt.edu How does client know reply comes from server? attacker must also know port number client used to send request to send answer id must match (theoretically: 1 in chance, but in practice had BIND implementations that were subject to “birthday attacks” [LURHQ]) CS 5565 Spring 2009 6/12/2018

17 Protocols & Security Many Internet protocols were designed assuming cooperating peers Guard only against implementation bugs Defense against security-related attacks often afterthought See also Clark’s 2006 article “The Internet Is Broken” Led to NSF-financed effort to “reinvent the Internet,” see, among others: CS 5565 Spring 2009 6/12/2018

18 Updating Records Currently done outside the protocol
Manually or using server-specific or organization-specific facilities Update/notify mechanisms under design by IETF RFC 2136 See DNS Extensions working group dnsext ( CS 5565 Spring 2009 6/12/2018

19 DNS Redirection for CDNs
Coral P2P Content Distribution Network Use DNS Redirection to find closest peer willing to serve request See [Freedman 2004]. Try out Notice that -> CNAME’d to Redirection is also used by akamai.net CS 5565 Spring 2009 6/12/2018

20 Coral Example Source: [Freedman 2004]. CS 5565 Spring 2009 6/12/2018

21 CS 5565 Spring 2009 6/12/2018

22 Application Protocols
Part 3: XMPP Slides by John Linford & Rahul Agarwal

23 XMPP Extensible Messaging and Presence Protocol
A protocol for streaming XML elements in close to real time between any two network endpoints Provides a generalized, extensible framework for exchanging XML data Mainly used in instant messaging and presence applications (Jabber) RFC 3920: XMPP Core. CS 5565 Spring 2009 6/12/2018

24 openXMPP A modular, multi-platform standards-compliant XMPP library
Provides required functionality listed in RFC 3920 and RFC 3921: XML streams XML stanzas TLS stream encryption SASL authentication Resource binding Roster and subscription management Internationalization (*) Conversation threads (*) Directed presence information (*) New account registration (*) Library: 3601 lines, 1379 statements Project: 5825 lines, 2304 statements C1----S1---S2---C3 | C G1===FN1===FC1 * Optional RFC functionality CS 5565 Spring 2009 6/12/2018

25 XMPP session establishment
Offline Connected StartingTLS Connected StartingSASL StartingSession LoggedIn Client Server <stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> <required/> </starttls> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>DIGEST-MD5</mechanism> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> <required/> </starttls> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>DIGEST-MD5</mechanism> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN"> amNsLm9wZW5YTVBQQGdtYWlsLmNvbQBqY2wu b3BlblhNUFAAT3BFblhtUHA= </auth> <iq type="set" id="openXMPP_luxqnoei1"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"> <resource>openXMPP</resource> </bind> </iq> <iq id="openXMPP_luxqnoei1" type="result" xmlns="jabber:client"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"> </bind> </iq> <iq type="set" id="openXMPP_luxqnoei2"> <session xmlns="urn:ietf:params:xml:ns:xmpp-session" /> </iq> <?xml version='1.0'?> <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream=' version='1.0'> <?xml version='1.0'?> <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream=' version='1.0'> <?xml version='1.0'?> <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream=' version='1.0'> <?xml version='1.0'?> <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream=' version='1.0'> <?xml version='1.0'?> <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream=' version='1.0'> <?xml version='1.0'?> <stream:stream to='example.com' xmlns='jabber:client' xmlns:stream=' version='1.0'> <iq type="result" id="openXMPP_luxqnoei2" xmlns="jabber:client" /> <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" /> CS 5565 Spring 2009 6/12/2018

26 State Diagram CS 5565 Spring 2009 6/12/2018

27 XMPP Subsequently exchange XML stanzas See Problem Set 2
For presence management For roster management For sending messages See Problem Set 2 CS 5565 Spring 2009 6/12/2018

28 Summary Application Protocols
Request/Reply pattern pervasive Persistent vs. Nonpersistent Connections Simplicity! Few states, if any Stateless protocols are used where possible Human-readable message formats often preferred (despite overhead) Recent protocols sometimes use XML CS 5565 Spring 2009 6/12/2018

Download ppt "CS 5565 Network Architecture and Protocols"

Similar presentations

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.

Jabber and Extensible Messaging and Presence Protocol (XMPP) Presenter: Michael Smith Cisc 856 Dec. 6, 2005.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
20101 The Application Layer Domain Name System Chapter 7.

20101 The Application Layer Domain Name System Chapter 7.
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts, routers: –IP address (32 bit) - used for addressing datagrams –“name”, e.g., gaia.cs.umass.edu.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts, routers: –IP address (32 bit) - used for addressing datagrams –“name”, e.g., gaia.cs.umass.edu.
Application Layer12-1 2010 session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.

Application Layer session 1 TELE3118: Network Technologies Week 12: DNS Some slides have been taken from: r Computer Networking: A Top Down Approach.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT 745 Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Presented by Neeta Jain CISC 856 TCP/IP and Upper Layer Protocols RFC 1034 & RFC 1035.

Presented by Neeta Jain CISC 856 TCP/IP and Upper Layer Protocols RFC 1034 & RFC 1035.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
Tony Kombol ITIS 3110. www.teacherstalk.com Who knows this? Who controls this? DNS!

Tony Kombol ITIS Who knows this? Who controls this? DNS!
CS 4396 Computer Networks Lab

CS 4396 Computer Networks Lab
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g., www.yahoo.com.

1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)

Domain Name System (DNS)
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
DNS: Domain Name System

DNS: Domain Name System
1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.

1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.

Similar presentations

Ads by Google