5_ICS343-Chapter_26_Client-Server Protocols - Part3.pptx

Full Transcript

Chapter 26
Standard
Client-
Server
Protocols

Client-Server: 26-1
Chapter 26: Standard Client-
Server Protocols
 Introduction
 26.1 World-Wide Web (WWW) and HTTP
 26.2 FTP
 26.3 Electronic Mail
 26.5 Secure Shell (SSH)
 26.6 Domain Name System (DNS

Client-Server: 26-2
TELNET
 TErminal NETwork
 A remote logging protocol
 Provides a generic Client/Server pair for remote logging
applications
 Requires a logging name and a password
 TELNET is not a secure communication protocol

Client-Server: 26-3
SECURE SHELL (SSH)
 Secure Shell (SSH) is a secure application program that can
be used today for several purposes such as remote logging
and file transfer.
 It was originally designed to replace TELNET.
 It has three components.

Client-Server: 26-4
Applications
 SSH for Remote Logging
 SSH for File Transfer
 Port Forwarding

Client-Server: 26-5
Domain Name System (DNS)
 People use many identifiers that are easy to memorize: ID,
name, website, passport #, etc
 Internet has hosts and routers which are identified using IP
addresses (32 bit, 128 bit) - used for addressing datagrams
 The Internet needs to have a directory system (phonebook)
that can map names to IP addresses

Client-Server: 26-6
Domain Name System (DNS)
 Consists of three components:
A “nam espace”
DNS servers making that namespace available
Resolvers (clients) that query the servers about the name
space

Client-Server: 26-7
Domain Name Space
 The name space is the structure of the DNS database.
 Organized as an inverted tree with the root node at the top.
 The namespace needs to be made hierarchical to be able to
scale.
 Each node has a label
 The root node has a null label, written as “”
“.” Root Domain

… ….com DNS servers.org DNS servers.edu DNS servers Top Level Domains
… … … …
yahoo.com amazon.com pbs.org nyu.edu umass.edu
DNS servers
Second-level Domains
DNS servers DNS servers DNS servers DNS servers

Client-Server: 26-8
Domain Name Space
 Each node in the tree has a domain name.
 A full domain name is a sequence of labels separated by dots
(.).
 Domain names are always read from the node up to the
root., e.g. google.com, kfupm.edu.sa
“.” Root Domain
… ….com DNS servers.org DNS servers.edu DNS servers Top Level Domains
… … … …
yahoo amazon pbs nyu umass
DNS servers
Second-level Domains
DNS servers DNS servers DNS servers DNS servers

Client-Server: 26-9
Domain names and labels

Client-Server: 26-10
Hierarchy of Name Servers
 A domain is a subtree of the
domain name space.
 The information contained in
the domain name space
must be stored in a
database.
 However, having just one
computer store such a huge
amount of information is
inefficient and unreliable.

Client-Server: 26-11
Hierarchy of Name Servers
 The solution to these problems is to distribute the
information among many computers called DNS servers.
 We have a hierarchy of servers in the same way that we
have a hierarchy of names.

Client-Server: 26-12
Zones
 Name servers store information about the name space in
units called “zones”

Client-Server: 26-13
DNS on the Internet
 On the Internet, the domain name space (tree) can be
divided into two sections:
Generic domains
Country domains

Client-Server: 26-14
Generic Domains
 The generic domains define registered hosts according to
their generic behavior.

Client-Server: 26-15
Generic Domain Labels

Client-Server: 26-16
Country Domains
 The country domains section uses two-character country
abbreviations (e.g., “sa” for Saudi Arabia).

Client-Server: 26-17
Resolvers
 A resolver is a host that needs to map a domain name to an
address.
 A resolution can be either:
Recursive or
Iterative

Client-Server: 26-18
Recursive Resolution

Recursive query:
 puts burden of
name resolution on
contacted name
server
 heavy load at upper
levels of hierarchy? Client-Server: 26-19
 Iterative Resolution

Iterative query:
 contacted server
replies with name of
server to contact
 “I don’t know this
name, but ask this
server” Client-Server: 26-20
Caching
 Each time a server receives a query for a name that is not in
its domain, it needs to search its database for a server IP
address.
 Reduction of this search time would increase efficiency.
 DNS handles this with a mechanism called caching.
 When a server asks for a mapping from another server and
receives the response, it stores this information in its cache
memory before sending it to the client
cache entries timeout (disappear) after some time (TTL)
TLD servers typically cached in local name servers (bypass the root
DNS)

Client-Server: 26-21
 DNS message

message header:
 identification: 16 bit # for
query (like ID), reply to
query uses same #
 flags:
query or reply
recursion desired
recursion available
reply is authoritative

Client-Server: 26-22
DNS protocol messages

Application Layer: 2-23
Example 26.13
 In UNIX and Windows, the nslookup utility can be used to
retrieve address/name mapping.
 The following shows how we can retrieve an address when
the domain name is given.

 You may also visit one of many Web sites that allow you to
remotely employ nslookup (to find DNS records), e.g.
https://www.nslookup.io/ , and https://who.is/

Client-Server: 26-24
Registrars
 How are new domains added to DNS?
 This is done through a registrar, a commercial entity
registered in ICANN (The Internet Corporation for Assigned
Names and Numbers ).
 A registrar first verifies that the requested domain name is
unique and then enters it into the DNS database.

Client-Server: 26-25
Example: Getting your info into the DNS
(Reading)
example: new startup “Network Utopia”
 register name networkuptopia.com at DNS registrar (e.g.,
Network Solutions)
provide names, IP addresses of authoritative name server (primary
and secondary)
registrar inserts NS, A RRs into.com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
 create authoritative server locally with IP address 212.212.212.1
type A record for www.networkuptopia.com
type MX record for networkutopia.com (email server alias)

Client-Server: 26-26
Security of DNS
 DNS can be attacked in several ways including:
The attacker may read the response of a DNS server to find the
nature or names of sites the user mostly accesses. This type of
information can be used to find the user’s profile.
The attacker may intercept the response of a DNS server and change
it or create a totally new response to redirect the user to the site or
domain the attacker wishes the user to access.
The attacker may flood the DNS server to overwhelm it or eventually
crash it.
 DNS Security (DNSSEC) technology provides message origin
authentication and message integrity using a digital signature.
 There is no specific protection against the denial-of-service
(DoS) attack in the specification of DNSSEC.
Client-Server: 26-27
End of Chapter 26
 Introduction
 26.1 World-Wide Web (WWW) and HTTP
 26.2 FTP
 26.3 Electronic Mail
 26.5 Secure Shell (SSH)
 26.6 Domain Name System (DNS)

Important to do at home :
- Read chapter 26 of the
textbook
Client-Server: 26-28