CS 408

Computer Networks

Week 8-1 TCP/IP Applications

HTTP - DNS

Kürşat Çağıltay, [email protected]

1
Happy 31st Birthday Turkish Internet
Did you watch the video?

2
HTTP vs HTTPS
• HTTP does not provide any encryption or security measures, any
data transmitted over HTTP can be intercepted and viewed by
third parties
• HTTPS is a secure version of HTTP that uses SSL (Secure Sockets
Layer) or TLS (Transport Layer Security) encryption to protect
data in transit. (RFC 2818 and others)
• HTTP port: 80 HTTPS port: 443

3
Cookie vs Proxy
• Cookies: to remember user preferences, login credentials, and
other information related to the user's activity on a website
• Proxy server: an intermediary server between a user's computer
and the internet.
—For caching content to improve performance,
—filtering content to block unwanted traffic, and
—accessing resources that may be blocked in certain geographic locations.

4
 Hypertext Transfer Protocol
HTTP

• Underlying protocol of the World Wide Web

• Can transfer plain text, audio, images, etc.
— actually you can transfer any type of file using HTTP
• HTTP 1.1 – RFC 2616
• HTTP/2 (2015 – RFC 7540)
• Newest HTTP/3 (2022 – RFC 9114)
 Web caches (proxy servers)
Goal: satisfy client request without involving origin server

 browser is pointed to a Web proxy

cache server
client
 browser sends all HTTP origin
requests to cache server

• if object in cache: cache

returns object to client
• else cache requests object
from origin server, caches client
origin
received object, then server
returns object to client
 Web caches (proxy servers)
 Web cache acts as Why Web caching?
both client and server  reduce response time for
• server for original client request
requesting client • cache is closer to client
• client to origin server
 reduce traffic on an
 typically cache is institution’s access link
installed by ISP
(university, company,  Internet is dense with caches
residential ISP) • enables “poor” content
providers to more effectively
deliver content
Caching example
Scenario:
 access link rate: 1.54 Mbps origin
 RTT from institutional router to server: 2 sec servers
 Web object size: 100K bits public
Internet
 Average request rate from browsers to origin
servers: 15reqs/sec
 average data rate to browsers: 1.50 Mbps
1.54 Mbps
Performance: problem: large
access link

 LAN utilization: .0015 delays at high institutional

network
 access link utilization = .97 utilization! 1 Gbps LAN

 end-end delay = Internet delay +

access link delay + LAN delay
= 2 sec + minutes + usecs
Application Layer: 2-8
Caching example: buy a faster
access link
Scenario: 154 Mbps
 access link rate: 1.54 Mbps origin
 RTT from institutional router to server: 2 sec servers
 Web object size: 100K bits public
Internet
 Avg request rate from browsers to origin
servers: 15/sec
 avg data rate to browsers: 1.50 Mbps 154 Mbps
1.54 Mbps
Performance: access link

 LAN utilization: .0015 institutional

network
1 Gbps LAN
 access link utilization = .97 .0097
 end-end delay = Internet delay +
access link delay + LAN delay
= 2 sec + minutes + usecs
Cost: faster access link (expensive!) msecs
Application Layer: 2-9
Caching example: install a web
cache
Scenario:
 access link rate: 1.54 Mbps origin
 RTT from institutional router to server: 2 sec servers
 Web object size: 100K bits public
Internet
 Avg request rate from browsers to origin
servers: 15/sec
 avg data rate to browsers: 1.50 Mbps
1.54 Mbps
Performance: access link

 LAN utilization: .? institutional

network
1 Gbps LAN
 access link utilization = ?
 average end-end delay = ?
Cost: web cache (cheap!) local web cache

Application Layer: 2-10

Content Delivery Network

11
12
Comparision of CDN providers: https://www.werockyourweb.com/best-cdn/
13
HTTP/2
Key goal: decreased delay in multi-object HTTP requests

HTTP1.1: introduced multiple, pipelined GETs over single

TCP connection
 server responds in-order (FCFS: first-come-first-served
scheduling) to GET requests
 with FCFS, small object may have to wait for transmission
(head-of-line (HOL) blocking) behind large object(s)
HTTP/2
Key goal: decreased delay in multi-object HTTP requests

HTTP/2: [RFC 7540, 2015] increased flexibility at server in

sending objects to client:
 methods, status codes, most header fields unchanged from
HTTP 1.1
 transmission order of requested objects based on client-
specified object priority (not necessarily FCFS)
 divide objects into frames, schedule frames to mitigate HOL
blocking
HTTP/2: mitigating HOL blocking
HTTP 1.1: client requests 1 large object (e.g., video file) and 3
smaller objects server

GET O4 GET O
3 GET O2
GET O1
object data requested
client

O1

O2
O1
O2 O3
O3
O4
O4

objects delivered in order requested: O2, O3, O4 wait behind O1

 HTTP/2: mitigating HOL blocking
HTTP/2: objects divided into frames, frame transmission interleaved
server

GET O4 GET O
3 GET O2
object data requested
GET O1
client
O2
O4
O3 O1

O2
O3
O1 O4

O2, O3, O4 delivered quickly, O1 slightly delayed

HTTP/3–RFC9114
• It uses UDP and QUIC
(Quick UDP Internet
Connections)
• enhance the
performance and
security of web
communication,
especially in scenarios
with high latency or
unreliable network
conditions (in 2022)
18
• https://blog.cloudflare.com/http3-usage-one-year-on 19
 Protocol Suites

TCP/IP Protocol Suite : Now DNS

• An open standard
protocol suite: freely
available to the public
and can be used by any
vendor
• Endorsed by the
networking industry and
approved by a standards
organization to ensure
interoperability
• IETF, ISOC, ITU
Phonebook
• Do you remember numbers?
• Or names?

• Does your phone use names to make

a call?

21
In the past we had to memorize the numbers
(or write to notebooks)

22
In the past we had to
write to hosts.txt

23
Internet Directory Services DNS
• Domain Name System
— a directory lookup service – The Internet’s phonebook
— Provides mapping between host name and IP address
— www.sabanciuniv.edu  159.20.64.126
— A “must” for proper to functioning of Internet
• In Arpanet times, hosts.txt file was used ( Example 27 May 1983)
— managed centrally, downloaded by all hosts daily – RFC 810
— become insufficient in time
— Still OSs have it Check: WindowsSystem32driversetc
• DNS - RFCs 1034 (concepts) and 1035 (implementation)
— 1987 - total 110 pages
— Updated by many other RFCs
Internet Directory Services DNS
• Four important elements of DNS
—Domain name space
• Tree-structured
—DNS database (distributed)
• The info about each node in name space tree structure is contained in
a Resource Record (RR).
• The collection of RRs is organized as a distributed database
—Name servers
• Servers that hold and process information about portion of tree and
corresponding RRs
—Name Resolvers
• Programs that help clients to extract information from name servers
Domain Names: e.g www.sabanciuniv.edu  159.20.64.126

• 32-bit IPv4 addresses uniquely identify devices

—Routers route based on network numbers
• People tend to memorize names, not numbers
—a naming mechanism is needed
• Naming problem is addressed by the concept of domain
—Group of hosts that have common naming elements
• .com domain, .edu.tr domain, sabanciuniv.edu domain
—Organized hierarchically
—Names are assigned to reflect hierarchical organization
• .tr .edu.tr .metu.edu.tr .ceng.metu.edu.tr hsbc.com.tr
• ox.ac.uk hsbc.co.uk
• Akamai DNS servers alone: 2.2T DNS queries per day
 DNS: a distributed, hierarchical database
Root
Top level
domains
tr

Authoritative

• over 200 TLDs (including later added ones, e.g. .biz .pro .info) Full List from IANA
• hierarchy helps uniqueness
• Char length limits – 63 individual, 253 total length
•Naming follows organizational boundaries, not physical ones
• https://www.trabis.gov.tr/
28
Domain Names and Example
• Variable-depth unlimited levels hierarchy for names (labels)
—Delimited by period (.)
• edu is college-level educational institutions
• yale.edu is domain for Yale University in US
• cs.yale.edu is Computer Science department at Yale
• Eventually get to leaf nodes
—Identify specific hosts
—Hosts are assigned Internet (IP) addresses
 DNS Database
• Each TLD and subordinate nodes manage uniqueness of the
names that they assign
• Management of subordinate domains may be delegated
—down the hierarchy
—In this way, zones are created
• Distributed database
—Millions of zones – decentralized
—each of these zones are separately managed by different name
servers, so distributed database
• Billions of records
—Every Internet transaction interacts with DNS
Zones

tr

• Each non-leaf node may or may not manage its childs

— cs.yale.edu would like to run its own name server, but eng.yale.edu not
Root Name Servers https://root-servers.org
• 13 servers for TLDs
• local server starts with a
root server if it does not
know anything about the
domain to be resolved
— listed in configuration files of
the name servers
2015 DNS attacks

33
Typical DNS Operation
• User program requests IP address for a domain name
• Resolver module in local host formulates query for local name server
— In same domain as resolver
• Local name server checks for name in local database and cache
— If so, returns IP address to requestor
— Otherwise, query other available name servers
• Starting down from root of DNS tree
• Local name server caches the reply
— and maintain it for TTL seconds
• At the end, user program is given IP address or error message
DNS Name Resolution

local
 DNS name resolution: iterated query
root DNS server
Example: host at
host1.sabanciuniv.edu wants IP 2
address for www.mit.edu 3
TLD DNS server
4
Iterated query: 1

 contacted server 8 5
replies with name of requesting host at local DNS server
server to contact Host1.sabanciuniv.edu dns.sabanciuniv.edu
www.mit.edu
 “I don’t know this 7 6

name, but ask this

server” authoritative DNS server
dns.mit.edu
 Root servers use it
DNS name resolution: recursive query
root DNS server
Example: host at
host1.sabanciuniv.edu wants IP 3
2
address for www.mit.edu
7 6
1 TLD DNS server
Recursive query:
8
 puts burden of name
requesting host at local DNS server 4
resolution on Host1.sabanciuniv.edu dns.sabanciuniv.edu 5
www.mit.edu
contacted name
server
 heavy load at upper authoritative DNS server
dns.mit.edu
levels of hierarchy,
ISPs use it
Iterative vs. Recursive Queries
• Recursive
— If one name server does not know the queried host, it acts like a DNS client
and asks to next name server in the zone hierarchy.
— Then sends the result back recursively
• Iterative
— If the name server does not know the host, then returns the address of the
next server in the zone hierarchy, but does not ask that server.
• The name servers learns about the next one in the hierarchy using
the glue records.
• Remark: Queries and responses are sent over UDP (mostly)
 Caching, Updating DNS Records
 once (any) name server learns mapping, it caches
mapping
• cache entries timeout (disappear) after some time (TTL)
• TLD servers typically cached in local name servers
• thus root name servers not often visited
 cached entries may be out-of-date (best-effort name-to-
address translation!)
• if name host changes IP address, may not be known Internet-
wide until all TTLs expire!
 Try this (on windows): ipconfig /displaydns
RR-Resource Records :A portion of a possible DNS database
Content of Database: Resource Record - 1
• Records in a DNS database are called Resource Records (RRs)
—info about hosts
—there are different types of RRs
• Fields of one RR
DomainName TTL Class Type Value
—Domain name
• Series of labels of alphanumeric characters or hyphens
• Labels are separated by period (“.”)
—Time to live (TTL)
• How long to hold the result in local cache
• Zero means don’t cache

e.g. virtual2.sabanciuniv.edu. 300 IN A 159.20.64.46

Resource Record - 2
• RR Fields (cont’d)
—Class
• Potentially DNS can be used for naming in several other systems
• Usually IN, for Internet
—Type
• of the RR. There are 16 types We will see now
—Value (Rdata)
• Resource data
• For each RR type interpretation is different
– For A type, Rdata is 32-bit IP address

e.g. virtual2.sabanciuniv.edu. 300 IN A 159.20.64.46

Resource Record Types - 1
• A
— Address type. Value of A type RRs is an IP v4 address
• AAAA
— Address type for IPv6 addresses
• SOA
— Start of Authority
— Parameters (mostly to sync with other servers) and info about this zone
• MX
— Mail Exchange
— Value field is the name of the receiving SMTP agent for the Domain_Name
— may be more than one MX RRs for one domain
• Mostly for load balancing for the domains that receive high volume of emails
Resource Record Types - 2
• CNAME
—Canonical Name
—used to create aliases
—Value field is the canonical host name (for the alias, which is given as
Domain_Name)
• NS
—Name Server
—Value field is the name of the server who knows the IP addresses of the
hosts that belong to the domain given in the Domain_Name field.
—can be used to specify the names of the name servers in both current
domain or in subordinate domains (for delegation purposes)
• There might be several DNS servers for each domain for fault tolerance
Resource Record Types - 3
• PTR
—Pointer type: used for reverse lookups (IP to Name)
—Domain_Name field is an IP address (but in a differently formatted way);
Value is the hostname
• HINFO
—Host Info.
—OS and processor type of information about the zone’s server and hosts
• TXT
—Textual comments
$TTL 3600 ; default TTL value for all records
; Start of Authority (SOA) record - primary authoritative NS for the zone
Sample DNS
example.com. IN SOA ns1.example.com. hostmaster.example.com. ( database
2022041901 ; serial number
7200 ; refresh
3600 ; retry
1209600 ; expire
Try:
3600 ; minimum TTL ) whatsmydns.net
; NS records - specify the authoritative name servers for the zone
example.com. IN NS ns1.example.com.
/dns-lookup/
example.com. IN NS ns2.example.com.
; Address (A) records - map hostnames to IPv4 addresses
www.example.com. IN A 192.0.2.1
mail.example.com. IN A 192.0.2.2
; Mail Exchange (MX) records - specify the mail servers for the domain
example.com. IN MX 10 mail.example.com.

; Canonical Name (CNAME) records - specify aliases for hostnames

ftp.example.com. IN CNAME www.example.com.
46
How to delegate a subzone to top
level?
• Add the following RRs to database for cs.vu.nl
—one is for the name server of the subzone and the
other is for that nameserver’s IP address.

ai.cs.vu.nl. 86400 IN NS dns.ai.cs.vu.nl. Cs.vu.nl

dns.ai.cs.vu.nl. 86400 IN A 130.37.56.350

• These two RRs are together called “glue record” ai.Cs.vu.nl

Pc1.ai.cs. Pc2.ai.cs.
vu.nl vu.nl
An Example of SOA RR
anynet.com IN SOA dns.anynet.com. admin.anynet.com
( 2018091401 ; Serial
3600 ; Refresh
300 ; Retry Admin’s
360000 ; Expire email
address;
86400) ; Minimum ) first dot is
actually @

Host name of the

primary name server
of the zone
nslookup -type=soa sabanciuniv.edu

49
The mystery behind different IPs for the
same host
• For load balancing
—Works in round-robin fashion

example.com. 60 IN A 192.1.1.1
example.com. 60 IN A 192.1.1.2
example.com. 60 IN A 192.1.1.3

• First query returns 192.1.1.1, second query returns

192.1.1.2, third returns 192.1.1.3, forth 192.1.1.1, ...
• Or one query returns all IP addresses, but in different
order in every other query
 Reverse DNS Lookup/PTR record
144.122.145.140  frigya.general.services.metu.edu.tr

• Useful when you know the IP address and want to know the
corresponding host name (mainly for authentication)
• Suppose you would like to know the host name for IP address
144.122.145.140
—you have to query the DNS servers for the PTR entry
140.145.122.144.in-addr.arpa.
—Be careful! numbers are in reverse order
—In order to find the host name, the host’s name server should have an entry
140.145.122.144.in-addr.arpa. PTR frigya.general.services.metu.edu.tr
Check with an e-mail

52
• Also check with : https://dnschecker.org/

53
• DNS – Ekşisözlük – Kürşat Çağıltay 

54
55