2. MODULE 1
Application Layer
• Principles of Network Applications
• The Web and HTTP
• File Transfer: FTP
• Electronic Mail in the Internet
• DNS—The Internet’s Directory Service
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
3. Application Layer
• Principles of Network Applications
– Network Application Architectures
– Processes Communicating
– Transport Services Available to Applications
– Transport Services Provided by the Internet
– Application-Layer Protocols
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
4. Principles of Network Applications
• Communication for a network application takes placebetween end systems at the application layer
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
6. Client Server Architecture
• Server
– Always on host
– Permanent IP Address
• clients:
– communicate with server
– may be intermittently connected
– may have dynamic IP addresses
– do not communicate directly with each other
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
7. P2P architecture
• P2P architecture,
• there is minimal (or no) reliance on dedicated.
• Application exploits direct communication between pairs of
intermittently connected hosts, called peers.
• The peers are not owned by the service provider, but are instead
desktops and laptops controlled by users, with most of the peers
residing in homes, universities, and offices. B
• peers communicate without passing through a dedicated server, the
architecture is called peer-to-peer.
• Many of today’s most popular and traffic-intensive applications are
based on P2P architectures.
• These applications include file sharing (e.g., BitTorrent), peer-
assisted download acceleration (e.g., Xunlei), Internet Telephony
(e.g., Skype), and IPTV (e.g., Kankan and PPstream).
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
8. Processes Communicating
• A process can be thought of as a program that is
running within an end system.
• When processes are running on the same end
system, they can communicate with each other
with interprocess communication, using rules
that are governed by the end system’s operating
system.
• how processes running on different hosts (with
potentially different operating systems)
communicate ?
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
9. Processes Communicating
• Processes on two different end systems
communicate with each other by exchanging
messages across the computer network.
• A sending process creates and sends
messages into the network;
• a receiving process receives these messages
and possibly responds by sending messages
back.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
10. Processes Communicating
• In the context of a communication session
between a pair of processes, the process that
initiates the communication is labelled as the
client.
• The process that waits to be contacted to
begin the session is the server
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
11. Processes Communicating
• The Interface Between the Process and the
Computer Network
• Socket :
– A process sends messages into, and receives
messages from, the network through a software
interface called a socket
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
13. Processes Communicating
• Addressing Processes
• in order for a process running on one host to send
packets to a process running on another host, the
receiving process needs to have an address.
• To identify the receiving process, two pieces of
information need to be specified:
• (1) the address of the host and
– the host is identified by its IP address
• (2) an identifier that specifies the receiving process in
the destination host.
– A destination port number serves this purpose
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
14. Transport Services Available to
Applications
• Reliable data transfer
– If a protocol provides a guaranteed data delivery service, it is said to
provide Reliable data transfer
– One important service that a transport-layer protocol can potentially
provide to an application is process-to-process reliable data transfer
– TCP-Transmission control protocol
• Unreliable Data transfer
- Transport-layer protocol doesn’t provide reliable data transfer,
some of the data sent by the sending process may never arrive at
the receiving process.
• This may be acceptable for loss-tolerant applications, most notably
multimedia applications
• UDP-User datagram protocol
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
15. Reliable data transfer
• Make sure that data is not
lost.
• some apps (e.g., file transfer,
web transactions) require
100% reliable data transfer
• other apps (e.g., audio) can
tolerate some loss
timing
• It provides timing
guarantees.
• Application such as
internet telephony,
Teleconference etc.
throughput
It is the rate at which the
sending process can
deliver bits to the
receiving process.
Two types of application
1.Bandwidth sensitive
application
2.Elastic Application
security
encryption, data integrity,
…
Transport Services Available to Applications
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
16. Transport Services Provided by the
Internet
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
17. Transport Services Provided by the
Internet
• TCP Services
– The TCP service model includes a connection-oriented service
– and a reliable data transfer service.
• Connection-oriented service.
– TCP has the client and server exchange transport layer control
information with each other before the application-level messages
begin to flow.
• This so-called handshaking procedure alerts the client and server,
allowing them to prepare for an exchange of packets.
• After the handshaking phase, a TCP connection is said to exist
between the sockets of the two processes.
• The connection is a full-duplex connection in that the two processes
can send messages to each other over the connection at the same
time.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
18. Transport Services Provided by the
Internet
• UDP Services
• UDP is a no-frills, lightweight transport protocol,
providing minimal services.
• UDP is connectionless, so there is no handshaking
before the two processes start to communicate.
• UDP provides an unreliable data transfer service—
– that is, when a process sends a message into a UDP socket,
UDP provides no guarantee that the message will ever
reach the receiving process.
– Furthermore, messages that do arrive at the receiving
process may arrive out of order.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
19. Transport Services Provided by the
Internet
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
20. application-layer protocol
• application-layer protocol defines:
– The types of messages exchanged, for example,
request messages and response messages
– The syntax of the various message types, such as
the fields in the message and
– The semantics of the fields, that is, the meaning of
the information in the fields
– Rules for determining when and how a process
sends messages and responds to messages
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
21. Network Applications protocols
• The Web and HTTP
• File Transfer: FTP
• Electronic Mail in the Internet
• DNS—The Internet’s Directory Service
• Peer-to-Peer Applications
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
22. The Web and HTTP
• Overview of HTTP
• The Hyper Text Transfer Protocol (HTTP), the
Web’s application-layer protocol, is at the heart
of the Web.
• The client program and server program,
executing on different end systems, talk to each
other by exchanging HTTP messages.
• HTTP defines the structure of these messages
and how the client and server exchange the
messages
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
23. The Web and HTTP
• AWeb page (also called a document) consists
of objects.
• An object is simply a file—
– such as an HTML file,
– a JPEG image,
– a Java applet, or
– a video clip—
• that is addressable by a single URL
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
24. The Web and HTTP
• HTTP defines
– how Web clients request Web pages from Web
servers and
– How servers transfer Web pages to clients
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
25. Non-Persistent and Persistent
Connections
• non-persistent connections
– each request/response pair be sent over a
separate TCP connection, or
• persistent connections
– should all of the requests and their corresponding
responses be sent over the same TCP connection
In the former approach,
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
26. HTTP with Non-Persistent
Connections
• Further suppose the URL for the base HTML
file is
• http://www.someSchool.edu/someDepartme
nt/home.index
• Assume above link contains reference text and
reference to 10 jpeg images
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
27. HTTP with Non-Persistent Connections
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
28. The Web and HTTP - RTT
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
29. The Web and HTTP
• Round-trip time (RTT)
– which is the time it takes for a packet to travel
from client to server and then back to the client.
– The RTT includes packet-propagation delays,
packet queuing delays in intermediate routers and
switches, and packet-processing delays.
– Response time=2RTT+Transmission time
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
30. HTTP with Persistent Connections
• server leaves connection open after sending
response
• subsequent HTTP messages between same
client/server sent over open connection
• client sends requests as soon as it encounters
a referenced object
• as little as one RTT for all the referenced
objects
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
31. HTTP messages
• There are two types of HTTP messages,
– request messages
– response messages
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
32. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
HTTP request message
• two types of HTTP messages: request, response
• HTTP request message:
– ASCII (human-readable format)
request line
(GET, POST,
HEAD commands)
header
lines
carriage return,
line feed at start
of line indicates
end of header lines
GET /index.html HTTP/1.1rn
Host: www-net.cs.umass.edurn
User-Agent: Firefox/3.6.10rn
Accept-lang: engrn
Connection: keep-alivern
rn
carriage return character
line-feed character
34. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
HTTP response message
status line
(protocol
status code
status phrase)
header
lines
data, e.g.,
requested
HTML file
HTTP/1.1 200 OKrn
Date: Sun, 26 Sep 2010 20:09:20 GMTrn
Server: Apache/2.0.52 (CentOS)rn
Last-Modified: Tue, 30 Oct 2007 17:00:02
GMTrn
Content-Length: 2652rn
Connection: closern
Content-Type: text/html rn
rn
data data data data data ...
35. HTTP messages
• Some common status code and phrase
400 Bad Request
404 Not Found
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
36. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
User-server state: cookies
many Web sites use cookies
four components:
1) cookie header line of
HTTP response
message
2) cookie header line in
next HTTP request
message
3) cookie file kept on
user’s host, managed
by user’s browser
4) back-end database at
Web site
38. Web Caching
• A Web cache—
– also called a proxy server—
– is a network entity that satisfies HTTP requests on the behalf of an origin Web server
• As an example, suppose a browser is requesting the object
http://www.someschool.edu/campus.gif.
• Here is what happens:
– The browser establishes a TCP connection to the Web cache and sends an HTTP request for
the object to the Web cache.
– The Web cache checks to see if it has a copy of the object stored locally. If it does, the Web
cache returns the object within an HTTP response message to the client browser.
– If the Web cache does not have the object, the Web cache opens a TCP connection to the
origin server, that is, to www.someschool.edu. The Web cache then sends an HTTP request for
the object into the cache-to-server TCP connection. After receiving this request, the origin
server sends the object within an HTTP response to the Web cache
– When the Web cache receives the object, it stores a copy in its local storage and sends a copy,
within an HTTP response message, to the client browser (over the existing TCP connection
between the client browser and the Web cache).
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
39. Conditional GET
• The object housed in the Web server may have been modified
since the copy was cached at the client.
• HTTP has a mechanism that allows a cache to verify that its
objects are up to date. This mechanism is called the
conditional GET
• Before we display the object our cache sends a conditional
HTTP get message to the server.
• The server send back the cached information again only it has
changed. To make a Get message conditional the header
section must include a If-Modified-Since: header line
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
41. File Transfer: FTP
• FTP is used by the local host to transfer the files to or from a remote-host
over the network.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
42. FTP uses 2 parallel TCP connections
1)Control connection
The control information is used for sending control
information between local and remote –hosts.
It includes
-user identification
-passwords
-commands to change directory
-Commands to get and put files
2)Data connection
The data connection is used to transfer the files.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
44. Working of FTP
1) When session starts, the client initiates a control connection
with the server on port 21.
2) The client sends user - identity and password over the control
connection.
3) Then, the server initiates data - connection to the client on
port 20.
4) FTP sends exactly one file over the data -connection and then
closes the data connection.
5) Usually, the control -connection remains open throughout the
duration of the user session.
6) But, a new data –connect ion is created for each file
transferred within a session.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
45. FTP Commands & Replies
• The commands are sent from client to server.
• The replies are sent from server to client.
• The commands and replies are sent across the
control - connection in 7 - bit ASCII format
• Each command consists of 4 - uppercase ASCII
characters followed by optional arguments.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
47. FTP Replies Examples
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Each reply consists of 3 - digit numbers followed by
optional message
48. Electronic Mail in the Internet
• e- mail is an asynchronous communication medium
in which people send and read the messages.
• It is fast, easy to distribute and inexpensive.
Three major components:
• user agents
• mail servers
• simple mail transfer protocol: SMTP
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
49. Electronic Mail in the Internet
User Agent
• composing, editing,
reading mail messages
• e.g., Outlook,
Thunderbird, iPhone
mail client
mail servers:
• It contains mailboxes for
users- incoming
messages
• Sender’s mail-server
sends the message to the
receiver's mail server.
• If the sender’s server
cannot deliver mail to
receivers' server, the
sender server
-holds the message in queue
-attempts to transfer later
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
50. • SMTP protocol is an application layer protocol used for email.
port 25
• It uses TCP to transfer mail from the sender’s mail servers to
the recipient's mail server.
– client: sending mail server
– “server”: receiving mail server
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
SMTP protocol
51. SMTP
• Direct transfer: sending server to receiving
server
• three phases of transfer
– handshaking (greeting)
– transfer of messages
– closure
• command/response interaction (like HTTP, FTP)
– commands: ASCII text
– response: status code and phrase
• Messages body must be in 7-bit ASCII code only.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
54. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Sample SMTP interaction
S: 220 hamburger.edu
C: HELO crepes.fr
S: 250 Hello crepes.fr, pleased to meet you
C: MAIL FROM: <alice@crepes.fr>
S: 250 alice@crepes.fr... Sender ok
C: RCPT TO: <bob@hamburger.edu>
S: 250 bob@hamburger.edu ... Recipient ok
C: DATA
S: 354 Enter mail, end with "." on a line by itself
C: Do you like ketchup?
C: How about pickles?
C: .
S: 250 Message accepted for delivery
C: QUIT
S: 221 hamburger.edu closing connection
55. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Comparison of SMTP AND HTTP
comparison with HTTP:
1 HTTP: pull
SMTP: push
2 SMTP message body must be seven bit ASCII
format. No such restriction in HTTP.
3 HTTP: each object encapsulated in its own
response message.SMTP: multiple objects
sent in one messages
4 HTTP transfers files between client and
server.But SMTP between two servers.
56. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Mail message format
SMTP: protocol for
exchanging email msgs
RFC 822: standard for text
message format:
• header lines, e.g.,
– To:
– From:
– Subject:
• Body: the “message”
– ASCII characters only
header
body
blank
line
57. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Mail access protocols
• SMTP: delivery/storage to receiver’s server
• mail access protocol: retrieval from server
– POP: Post Office Protocol [RFC 1939]: authorization, download
– IMAP: Internet Mail Access Protocol [RFC 1730]: more
features, including manipulation of stored msgs on server
– HTTP: gmail, Hotmail, Yahoo! Mail, etc.
sender’s mail
server
HTTP/FTP SMTP
mail access
protocol
receiver’s mail
server
(e.g., POP,
IMAP)
user
agent
user
agent
58. POP protocol
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
POP is an extremely simple mail access protocol.
POP begins when the user agent (the client) opens a TCP connection to
the mail server (the server) on port 110.
Here is how it works:
The user-agent at client's computer opens a TCP connection to the main
server. POP then progresses through three phases:
1) Authentication -The user-agent sends a user name and password to
authenticate the user.
2) Transaction - The user-agent retrieves messages. Also, the user-agent
can mark messages for deletion, remove deletion marks & obtain mail
statistics. The user-agent issues commands, and the server responds to
each command with a reply. There are two responses: i) +OK: used by
the server to indicate that the previous command was fine. ii) –ERR: used
by the server to indicate that something is wrong.
3) Update -After user issues a quit command, the mail-server removes all
messages marked for deletion.
59. limitations
• If a user accesses her email from two different
locations, her office and her home then POP has
some limitations.
• If POP uses download and delete mode any
messages accessed at home have been deleted and
cannot be accessed from the office.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
60. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
IMAP
IMAP
• keeps all messages in one
place: at server
• allows user to organize
messages in folders
• keeps user state across
sessions:
– names of folders and
mappings between
message IDs and folder
name
61. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
DNS: domain name system
people: many identifiers:
– USN, name, passport #
– For ex: The domain-name - www.google.com might translate to IP
address - 198.105.232.4. Because domain-names are alphabetic,
they are easier to remember for human being. But, domain names
can consist of variable length alphanumeric characters, they would
be difficult to process by routers. For these reasons domain names
should translate as IP address.
– DNS is an internet service that translates domain-
names into IP addresses.
62. DNS: domain name system
• It is a distributed database implemented in a hierarchy of DNS
servers.
• An application-layer protocol that allows hosts to query the
distributed database.
• DNS servers are often UNIX machines running the BIND
software[Berkeley Internet Name Domain ].
• The DNS protocol runs over UDP and uses port 53.
• DNS is used by application-layer protocols such as HTTP, SMTP,
and FTP.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
63. Services Provided by DNS
1. DNS is an internet service that translates domain-names into IP
addresses.
2. Host aliasing: A host with a complicated hostname can have one or more
alias names. For example, a hostname such as relay1.west-coast.enter-
prise.com could have, say, two aliases such as enterprise.com and
www.relay1.com . In this case, the hostname relay1.west-
coast.enterprise.com is said to be a canonical hostname
3. Mail server aliasing: For obvious reasons, it is highly desirable that e-mail
addresses be mnemonic.
4. Load distribution: DNS is also used to perform load distribution among
replicated servers. Busy sites, replicated over multiple servers, with each
server running on a different end system and each having a different IP
address
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
64. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
poly.edu
DNS servers
umass.edu
DNS servers
yahoo.com
DNS servers
amazon.com
DNS servers
pbs.org
DNS servers
DNS: a distributed, hierarchical database
client wants IP for www.amazon.com; 1st approx:
• Client contacts local name server then queries root server to find
com DNS server
• client queries .com DNS server to get amazon.com DNS server
• client queries amazon.com DNS server to get IP address for
www.amazon.com
… …
65. DNS: a distributed, hierarchical
database
• Root DNS servers: In the Internet there are 13
root DNS most of which are located in North America.
Root DNS servers contacted by local name server that
can not resolve name. The root name server contacts
authoritative name server if name mapping not
known and gets mapping and returns mapping to
local name server.
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
66. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
TLD, authoritative servers
top-level domain (TLD) servers:
– These servers are responsible for top-level domains such
as com, org, net, edu, and gov, and all of the country top-
level domains such as uk, fr, ca, etc. The TLD server
returns the IP address of an Authoritative server to local
name server.
Authoritative DNS servers:
– organization’s own DNS server(s), providing
authoritative hostname to IP mappings for
organization’s named hosts(DNS records)
– can be maintained by organization or service provider
– Eg:- amazon.com, yahoo.in
67. Local DNS server
• A local DNS server does not strictly belong to the hierarchy of
servers .
• Each ISP—such as a university, an academic department, an
employee’s company or a residential ISP—has a local DNS
server (also called a default name server).
• When a host connects to an ISP, the ISP provides the host with
the IP addresses of one or more of its local DNS servers.
• A host’s local DNS server is typically “close to” the host..
When a host makes a DNS query, the query is sent to the local
DNS server, which acts a proxy, forwarding the query into the
DNS server hierarchy
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
68. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
requesting host
cis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS server
dns.poly.edu
1
2
3
4
5
6
authoritative DNS server
dns.cs.umass.edu
7
8
TLD DNS server
DNS name
resolution example
• host at cis.poly.edu
wants IP address for
gaia.cs.umass.edu
iterative query:
2,4,6 are iterative. This is
because all replies are
directly returned to
dns.poly.edu
Recursive query:
The query 1 is recursive
.It asks dns.poly.edu to
obtain the mapping on it’s
behalf.
69. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
DNS records
• DNS distributed db storing resource records (RR).
• RRs provides hostname-to-IP address mappings.
• Each DNS reply message carries one or more
resource-records.
• A RR is a 4-tuple that contains the following fields.
70. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
DNS records
.
type=NS
– name is domain (e.g.,
foo.com)
– value is hostname of
authoritative name server for
this domain(dns.foo.com)
RR format: (name, value, type, ttl)
type=A
name is hostname
value is IP address
type=CNAME
name is alias name for some
“canonical” (the real) name
www.ibm.com is really
servereast.backup2.ibm.com
value is canonical name
type=MX
value is name of mailserver
associated with name
71. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
DNS protocol, messages
• query and reply messages, both with same message format
msg header
identification: 16 bit # for
query, reply to query uses
same #
flags:3 bit
Query(0) or reply(1)
reply is authoritative
recursion desired
identification flags
# questions
questions (variable # of questions)
# additional RRs
# authority RRs
# answer RRs
answers (variable # of RRs)
authority (variable # of RRs)
additional info (variable # of RRs)
2 bytes 2 bytes
72. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
name, type fields
for a query
RRs in response
to query
records for
authoritative servers
additional “helpful”
info that may be used
identification flags
# questions
questions (variable # of questions)
# additional RRs
# authority RRs
# answer RRs
answers (variable # of RRs)
authority (variable # of RRs)
additional info (variable # of RRs)
DNS protocol, messages
2 bytes 2 bytes
73. Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
Inserting records into DNS
• example: new startup “Network Utopia”
• register name networkuptopia.com at DNS
registrar (e.g., Network Solutions)
– provide names, IP addresses of authoritative name
server (primary and secondary)
– registrar inserts two RRs into .com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
• create authoritative server type A record for
www.networkuptopia.com; type MX record for
networkutopia.com
74. Attacking DNS
DDoS attacks
• Bombard root servers
with traffic
– Not successful to date
– Traffic Filtering
– Local DNS servers cache IPs
of TLD servers, allowing
root server bypass
• Bombard TLD servers
– Potentially more
dangerous
Redirect attacks
• Man-in-middle
– Intercept queries
• DNS poisoning
– Send bogus relies to DNS
server, which caches
Exploit DNS for DDoS
• Send queries with
spoofed source address:
target IP
• Requires amplification
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru
75. • Distribute (key, value) pairs over millions of peers
– pairs are evenly distributed over peers
• Any peer can query database with a key
– database returns value for the key
– To resolve query, small number of messages
exchanged among peers
• Each peer only knows about a small number of
other peers
Distributed Hash Table (DHT)
Mrs. Snitha Shetty, Asst. Professor, Dept. of
CSE, AJIET, Mangaluru