NETWORKING

Computer Network
 A computer network is a system in which multiple computers are connected to each
other to share information and resources.
 The physical connection between networked computing devices is established using
either cable media or wireless media.
 The best-known computer network is the Internet.
Advantages of networking
• Connectivity and Communication
• Data Sharing
• Hardware Sharing
• Internet Access
• Internet Access Sharing
• Data Security and Management
• Performance Enhancement and Balancing
• Entertainment
Disadvantages of Networking

• Network Hardware, Software and Setup Costs

• Hardware and Software Management and Administration Costs
• Lack of data security and privacy
• Presence of computer viruses and malware
• Lack of Robustness
HISTORY
 HISTORY
• History (Development) of Computer Networks
Each of the past three centuries has been
dominated by a single technology. The 18th
century was the era of the great mechanical
systems accompanying the Industrial
Revolution. The 19th century was the age' of
the steam engine. During the 20th century, the
key technology was information gathering,
processing, and distribution.
What is the ARPANET?

• The first workable prototype of the Internet came in the late 1960s with the
creation of ARPANET, or the Advanced Research Projects Agency
Network. Originally funded by the U.S. Department of
Defense, ARPANET used packet switching to allow multiple computers to
communicate on a single network.
What is the Internet?

• The Internet is a global network of billions of computers and other electronic

devices. With the Internet, it's possible to access almost any information,
communicate with anyone else in the world, and do much more.
• You can do all of this by connecting a computer to the Internet, which is also
called going online. When someone says a computer is online, it's just another way
of saying it's connected to the Internet.
SubmarineCableMap

https://www.submarinecablemap.com/
#/
What is the Web?

• The World Wide Web—usually called the Web for short—is a collection
of different websites you can access through the Internet. A website is
made up of related text, images, and other resources. Websites can resemble
other forms of media—like newspaper articles or television programs—or
they can be interactive in a way that's unique to computers.
What is the Telnet?
A terminal emulation that enables a user to connect to a remote host or device using a
telnet client, usually over port 23. For example, typing telnet hostname would
connect a user to a hostname named hostname. Telnet enables a user to manage an
account or device remotely. For example, a user may telnet into a computer that hosts
their website to manage his or her files remotey. In the image is an example of a
telnet session. As shown, a telnet session is a command line.
NETWORK TOPOLOGY
 NETWORK TOPOLOGY
• The pattern of interconnection of nodes in a network is called the TOPOLOGY. The
selection of a topology for a network cannot be done in isolation as it affects the choice of
media and the access method used.

• Types of Topology::
 Mesh Topology
In mesh topology each device is connected to every other device on the
network through a dedicated point-to-point link. When we say dedicated it means
that the link only carries data for the two connected devices only. Lets say we have
n devices in the network then each device must be connected with (n-1) devices of
the network. Number of links in a mesh topology of n devices would be n(n-1)/2.
Advantages of Mesh Topology
 No data traffic issues as there is a dedicated link between two devices
which means the link is only available for those two devices.
 Mesh topology is reliable and robust as failure of one link doesn’t affect
other links and the communication between other devices on the network.
 Mesh topology is secure because there is a point to point link thus
unauthorized access is not possible.
 Fault detection is easy.

Disadvantages of Mesh topology

 Amount of wires required to connected each system is tedious and
headache.
 Since each device needs to be connected with other devices, number of I/O
ports required must be huge.
 Scalability issues because a device cannot be connected with large number
of devices with a dedicated point to point link.
 Star Topology
 In star topology each device in the network is connected to a central device called hub. Unlike Mesh topology,
star topology doesn’t allow direct communication between devices, a device must have to communicate
through hub. If one device wants to send data to other device, it has to first send the data to hub and then the
hub transmit that data to the designated device.
Advantages of Star topology
 Less expensive because each device only need one I/O port and
needs to be connected with hub with one link.
 Easier to install
 Less amount of cables required because each device needs to be
connected with the hub only.
 Robust, if one link fails, other links will work just fine.
 Easy fault detection because the link can be easily identified.

Disadvantages of Star topology

 If hub goes down everything goes down, none of the devices can
work without hub.
 Hub requires more resources and regular regular maintenance
because it is the central system of star topology.Bus Topology
BUS TOPOLOGY
 In bus topology there is a main cable and all the devices are connected to this main
cable through drop lines. There is a device called tap that connects the drop line to
the main cable. Since all the data is transmitted over the main cable, there is a limit
of drop lines and the distance a main cable can have.
Advantages of bus topology
 Easy installation, each cable needs to be connected with
backbone cable.
 Less cables required than Mesh and star topology

Disadvantages of bus topology

 Difficultly in fault detection.
 Not scalable as there is a limit of how many nodes you
can connect with backbone cable.
Ring Topology
• In ring topology each device is connected with the two devices on either side of it.
There are two dedicated point to point links a device has with the devices on the
either side of it. This structure forms a ring thus it is known as ring topology. If a
device wants to send data to another device then it sends the data in one direction,
each device in ring topology has a repeater, if the received data is intended for other
device then repeater forwards this data until the intended device receives it.
Advantages of Ring Topology
 Easy to install.
 Managing is easier as to add or remove a device from the
topology only two links are required to be changed.

Disadvantages of Ring Topology

 A link failure can fail the entire network as the signal
will not travel forward due to failure.
 Data traffic issues, since all the data is circulating in a
ring.
 Hybrid topology
• A combination of two or more topology is known as hybrid topology. For example
a combination of star and mesh topology is known as hybrid topology.
Advantages of Hybrid topology
We can choose the topology based on the requirement for example,
scalability is our concern then we can use star topology instead of bus
technology.
Scalable as we can further connect other computer networks with the
existing networks with different topologies.

Disadvantages of Hybrid topology

Fault detection is difficult.
Installation is difficult.
Design is complex so maintenance is high thus expensive
NETWORK Ty p e s
How are n/w’s organized?
Networks r organized based on there geographic location.

TYPES OF NETWORKS
•Local areanetwork, or LAN.
•Wide areanetwork, or WAN.
•Metropolitan areanetwork, or MAN.
•Wireless Local areanetwork, or WLAN.
•Personal areanetwork, or PAN.
•Campus area network, or CAM.
•Storage area network, or SAN
•Enterprise private network, or EPN
•Virtual private network, or VPN
NETWORK MODELS
 NETWORK MODELS
In computer networks, reference models give a conceptual
framework that standardizes communication between
heterogeneous networks.

The two popular reference models are −

 OSI Model
 TCP/IP Protocol Suite
 Introduction OSI
• The Open System Interconnection Reference Model (OSI
Reference Model or OSI Model) is an abstract description for
layered communications and computer network protocol
design.

• It divides network architecture into seven layers which, from

top to bottom, are the Application, Presentation, Session,
Transport, Network, Data Link, and Physical Layers. It is
therefore often referred to as the OSI Seven Layer Model.
OSI History
• In 1978, the International Standars Organization (ISO) began
to develop its OSI framework architecture.
• OSI has two major components: an abstract model of
networking, called the Basic Reference Model or seven-layer
model, and a set of specific protocols.
• The concept of a 7 layer model was provided by the work of
Charles Bachman, then of Honeywell.
• Various aspects of OSI design evolved from experiences with
the Advanced Research Projects Agency Network (ARPANET)
and the fledgling Internet.
OSI Groups

Application Layer

Presentation Layer Application Group

Session Layer

Transportation Layer Transportation Layer

Network Layer

Data-Link Layer Network Layer

Physical Layer
Layer1: Physical Layer
• The Physical Layer defines the electrical and physical specifications for
devices. In particular, it defines the relationship between a device and a
physical medium.
• This includes the layout of pin, voltages, cable specification, hubs,
repeaters, network adapters, host bus adapters, and more.

Physical Layer Physical Layer

Layer1: Physical Layer

• The major functions and services performed by the Physical Layer are:
– Establishment and termination of a connection to a communication medium.
– Participation in the process whereby the communication resources are
effectively shared among multiple users. For example, flow control.
– Modulation, or conversion between the representation of digital data in user
equipment and the corresponding signals transmitted over a communications
channel. These are signals operating over the physical cabling (such as copper
and optical fiber) or over a radio link.
Layer 2: Data Link Layer

• The Data Link Layer provides the functional and procedural means to transfer data
between network entities and to detect and possibly correct errors that may occur in
the Physical Layer.
• Originally, this layer was intended for point-to-point and point-to-multipoint media,
characteristic of wide area media in the telephone system.
• The data link layer is divided into two sub-layers by IEEE.

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 2: Data Link Layer
• One is Media Access Control (MAC) and another is
Logical Link Control (LLC).
• Mac is lower sub-layer, and it defines the way about the
media access transfer, such as CSMA/CD/CA(Carrier
Sense Multiple Access/Collision Detection/Collision
Avoidance)
• LLC provides data transmission method in different
network. It will re-package date and add a new header.
Layer 3: Network Layer

• The Network Layer provides the functional and procedural means of transferring
variable length data sequences from a source to a destination via one or more
networks, while maintaining the quality of service requested by the Transport Layer.

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 3: Network Layer

• The Network Layer performs

– network routing functions,
– perform fragmentation and reassembly,
– report delivery errors.
• Routers operate at this layer—sending data
throughout the extended network and making
the Internet possible.
 Layer 4: Transport Layer
• The Transport Layer provides transparent transfer of data between end users,
providing reliable data transfer services to the upper layers.
• The Transport Layer controls the reliability of a given link through flow control,
segmentation/desegmentation, and error control.
• In this layer use of TCP & UDP (User Datagram Protocol.

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 5: Session Layer
• The Session Layer controls the dialogues (connections) between computers.
• It establishes, manages and terminates the connections between the local and remote
application.
• It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing,
adjournment, termination, and restart procedures.

Session Layer Session Layer

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 5: Session Layer

• The OSI model made this layer responsible for graceful close of sessions, which is
a property of the Transmission Control Protocol, and also for session check
pointing and recovery, which is not usually used in the Internet Protocol Suite. The
Session Layer is commonly implemented explicitly in application environments
that use remote procedure calls.

• In this layer uses of POP, TCP/IP protocols.

• The session layer decides when to turn communication on and off between two
computer- it provides the mechanisms that control the data exchange process and
coordinates the interaction between them.
Layer 6: Presentation Layer

• The Presentation Layer establishes a context between

Application Layer entities, in which the higher-layer entities
can use different syntax and semantics, as long as the
presentation service understands both and the mapping
between them.
• This layer provides independence from differences in data
representation (e.g., encryption) by translating from
application to network format, and vice versa.
• This layer formats and encrypts data to be sent across a
network, providing freedom from compatibility problems.
• It is sometimes called the syntax layer.
 Layer 6: Presentation Layer

• This layer can in some ways be considered the function

of the operating system.
Presentation Layer Presentation Layer

Session Layer Session Layer

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 7: Application Layer
• The application layer is the OSI layer closest to the end user, which means
that both the OSI application layer and the user interact directly with the
software application.
• Application layer functions typically include:
– identifying communication partners,
– determining resource availability,
– synchronizing communication.
• Identifying communication partners
– Determines the identity and availability of communication partners for an
application with data to transmit.
• Determining resource availability
– Decide whether sufficient network or the requested communication exist.
• Synchronizing communication
– All communication between applications requires cooperation that is
managed by the application layer.
Layer 7: Application Layer

• A Application Layer Application Layer

Presentation Layer Presentation Layer

Session Layer Session Layer

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 7: Application Layer

• Some examples of application layer

implementations include
– Hypertext Transfer Protocol (HTTP)
– File Transfer Protocol (FTP)
– Simple Mail Transfer Protocol (SMTP)
The TCP/IP Reference Model

• The Internet Protocol Suite (commonly known as TCP/IP) is

the set of communications protocols used for the Internet and
other similar networks.
• It is named from two of the most important protocols in it:
– the Transmission Control Protocol (TCP) and
– the Internet Protocol (IP), which were the first two
networking protocols defined in this standard.
TCP/IP Encapsulation
 TCP/IP Layers
OSI TCP/IP
Application Layer
Application Layer
Presentation Layer TELNET,FTP,SMTP,POP3,SNMP,
NNTP,DNS,NIS,NFS,HTTP,...
Session Layer

Transport Layer Transport Layer

TCP ,UDP, ...

Network Layer Internet Layer

IP , ICMP, ARP, RARP, ...

Data Link Layer Link Layer

Physical Layer FDDI, Ethernet, ISDN, X.25,...
A Comparison of the OSI and TCPI / IP Reference Models

The OSI and TCP/IP reference models have much in common. Both are based on the
concept of a stack of independent protocols. Also, the functionality of the layers is
roughly similar. For example, in both models the layers up through and including
the transport layer are there to provide an endto-end, network-independent transport
service to processes wishing to communicate. These layers form the transport
provider.

Again in both models, the layers above transport are application-oriented users of the
transport service. Despite these fundamental similarities, the two models also have
many differences. In this section we will focus on the key differences between the
two reference models. It is important to note that we are comparing the reference
models here, not the corresponding protocol stacks. The protocols themselves will
be discussed later. Three concepts are central to the OSI model:
1. Services.
2. Interfaces.
3. Protocols.
OSI vs TCP/IP
NETWORK ADDRESS
 NETWORK ADDRESS
• PHYSICAL ADDRESS
– When referring to computers in general or computer memory,
the physical address is the computer memory address of a
physical hardware device.

– When referring to a network address, physical address is

sometimes used to describe the MAC address.

– This is specified by the manufacture company of the card.

– This address is used by data link layer.

MAC address:
A “MAC” address is the physical address of the device. It is 48 bits (6 bytes)
long and is made up of two parts: the organizational unique identifier (OUI) and the
vendor-assigned address, as illustrated in below diagram.

Model is divided into two sub-layers

1. Logical Link Control (LLC) layer
2. Media Access Control (MAC) layer

• The MAC layer interfaces directly with the network medium. Consequently, each different
type of network medium requires a different MAC layer.
• The chance to see the MAC address is very difficult for any of your equipment.
MAC
• A MAC address is a unique character string, and since it identifies a specific physical device -
one individual NIC -- the MAC address, by convention, never changes for the life of the NIC.
Two NICs never have the same MAC address (unless some manufacturer screws up royally
[which has happened]). Because your NIC's MAC address is permanent, it's often referred to
as the "real" or physical address of a computer.

• If you'd like to see the MAC address and logical address used by the Internet Protocol (IP)
for your Windows computer, you can run a small program that Microsoft provides.
• Go to the "Start" menu, click on "Run," and in the window that appears, type WINIPCFG
(IPCONFIG/ALL for Windows 2000/XP).
• When the gray window appears, click on "More Info" and you'll get information.
Physical Address
LOGICAL ADDRESS

• An IP address of the system is called logical address.

• This address is the combination of Net ID and Host ID.
• This address is used by network layer to identify a particular
network (source to destination) among the networks.
• This address can be changed by changing the host position on
the network. So it is called logical address.
• The IP address is the logical address assigned to your
connection by your ISP or network administrator.
• The logical address is what the network uses to pass
information along to your computer.
Class A Public Address
• Class A addresses are for networks with large number of total hosts. Class
A allows for 126 networks by using the first octet for the network ID. The
first bit in this octet, is always set and fixed to zero. And next seven bits in
the octet is all set to one, which then complete network ID. The 24 bits in
the remaining octets represent the hosts ID, allowing 126 networks and
approximately 17 million hosts per network. Class A network number
values begin at 1 and end at 127.
• IP Range: 1.0.0.0 to 126.0.0.0

• First octet value range from 1 to 127

• Subnet Mask: 255.0.0.0 (8 bits)

• Number of Networks: 126

• Number of Hosts per Network: 16,777,214

Class B Public Address
• Class B addresses are for medium to large sized networks. Class B allows
for 16,384 networks by using the first two octets for the network ID. The
two bits in the first octet are always set and fixed to 1 0. The remaining 6
bits, together with the next octet, complete network ID. The 16 bits in the
third and fourth octet represent host ID, allowing for approximately 65,000
hosts per network. Class B network number values begin at 128 and end at
191.
• Range: 128.0.0.0 to 191.255.0.0
• First octet value range from 128 to 191
• Subnet Mask: 255.255.0.0 (16 bits)
• Number of Networks: 16,382
• Number of Hosts per Network: 65,534
Class C Public Address
• Class C addresses are used in small local area networks (LANs). Class C
allows for approximately 2 million networks by using the first three octets
for the network ID. In class C address three bits are always set and fixed to
1 1 0. And in the first three octets 21 bits complete the total network ID.
The 8 bits of the last octet represent the host ID allowing for 254 hosts per
one network. Class C network number values begin at 192 and end at 223.
• Range: 192.0.0.0 to 223.255.255.0

• First octet value range from 192 to 223

• Subnet Mask: 255.255.255.0 (24 bits)

• Number of Networks: 2,097,150

• Number of Hosts per Network: 254

Class D Address Class
• Classes D are not allocated to hosts and are used for multicasting.
• Range: 224.0.0.0 to 239.255.255.255
• First octet value range from 224 to 239
• Number of Networks: N/A
• Number of Hosts per Network: Multicasting

Class E Address Class

• Classes E are not allocated to hosts and are not available for general use. They
are reserved for research purposes.
• Range: 240.0.0.0 to 255.255.255.255
• First octet value range from 240 to 255
• Number of Networks: N/A
• Number of Hosts per Network: Research/Reserved/Experimental
Private Addresses
• Within each network class, there are designated IP address that is reserved
specifically for private/internal use only. This IP address cannot be used
on Internet-facing devices as that are non-routable. For example, web
servers and FTP servers must use non-private IP addresses. However,
within your own home or business network, private IP addresses are
assigned to your devices (such as workstations, printers, and file servers).
1. Class A Private Range: 10.0.0.0 to 10.255.255.255
2. Class B Private APIPA Range: 169.254.0.0 to 169.254.255.255
3. Automatic Private IP Addressing (APIPA) is a feature on Microsoft Windows-
based computers to automatically assign itself an IP address within this
range if a Dynamic Host Configuration Protocol (DHCP) server is not
available. A DHCP server is a device on a network that is responsible for
assigning IP address to devices on the network.
4. Class B Private Range: 172.16.0.0 to 171.31.255.255
5. Class C Private Range: 192.168.0.0 to 192.168.255.255
Special Addresses

• IP Range: 127.0.0.1 to 127.255.255.255 are

network testing addresses (also referred to as
loop-back addresses)
IP (Internet Protocol)
• The core of the TCP/IP protocol suite
• Two versions co-exist
– v4 – the widely used IP protocol
– v6 – has been standardized in 1996, but still not widely
deployed
• IP (v4) header minimum 20 octets (160 bits)

64
IPV4
• The IPv4 address is a 32-bit number that uniquely identifies a
network interface on a machine. An IPv4 address is typically written
in decimal digits, formatted as four 8-bit fields that are separated by
periods. Each 8-bit field represents a byte of the IPv4 address.
Ex: 192.168.1.1

IPV6
• An IPv6 address is represented as eight groups of four hexadecimal
digits, each group representing 16 bits (two octets, a group
sometimes also called a hextet). The groups are separated by colons
(:). An example of an IPv6 address is:
Ex: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Difference between IPV4 and IPV6
PROTOCOL
 PROTOCOL
• In networking, a protocol is a set of rules for
formatting and processing data. Network
protocols are like a common language for
computers. The computers within a network
may use vastly different software and
hardware; however, the use of protocols
enables them to communicate with each other
regardless.
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP)
• Address Resolution Protocol (ARP) is a procedure for mapping a dynamic Internet
Protocol address (IP address) to a permanent physical machine address in a local
area network (LAN). The physical machine address is also known as a Media
Access Control or MAC address.

• The job of the ARP is essentially to translate 32-bit addresses to 48-bit addresses
and vice-versa. This is necessary because in IP Version 4 (IPv4), the most common
level of Internet Protocol (IP) in use today, an IP address is 32-bits long, but MAC
addresses are 48-bits long.

• ARP can also be used for IP over other LAN technologies, such as token ring, fiber
distributed data interface (FDDI) and IP over ATM.

• In IPv6, which uses 128-bit addresses, ARP has been replaced by the Neighbor
Discovery protocol.
How ARP works
TCP Features
• Connection-oriented • Full duplex
• Byte-stream • Flow control: keep sender
– app writes bytes from overrunning receiver
– TCP sends segments
– app reads bytes
• Congestion control: keep
• Reliable data transfer
sender from overrunning
network

Application process Application process

Write Read
…

…
bytes bytes

TCP TCP
Send buffer Receive buffer

Segment …
Segment Segment
Transmit segments
Segment Format

0 4 10 16 31
SrcPort DstPort

SequenceNum

Acknowledgment

HdrLen 0 Flags AdvertisedWindow

Checksum UrgPtr

Options (variable)

Data
Segment Format (cont)
• Each connection identified with 4-tuple:
– (SrcPort, SrcIPAddr, DsrPort, DstIPAddr)
• Sliding window + flow control
– acknowledgment, SequenceNum, AdvertisedWinow

Data(SequenceNum)

Sender Receiver

Acknowledgment +
AdvertisedWindow
• Flags
– SYN, FIN, RESET, PUSH, URG, ACK
• Checksum is the same as UDP
– pseudo header + TCP header + data
Connection Termination

Active participant Passive participant

(server) (client)

Three-way Handshake
What is DHCP?

• Dynamic Host Configuration

Protocol

• It is a method for assigning Internet

Protocol (IP) addresses permanently
or to individual computers in an
organization’s network

• DHCP lets a network administrator

supervise and distribute IP addresses
from a central point and
automatically sends a new IP address
when a computer is plugged into a
different place in the network
How does it work?
(1) IP scope (0)
DHCP discover
MAC address
DHCP
CLIENT DHCP offer
IP#, lease time
DHCP DHCP
(2) SERVER DATABASE
DHCP request
IP#, MAC address
DHCP MAC address, IP#,
CLIENT DHCP ack
lease time
IP#, lease time

• - a range of IP addresses
• - the IP# is assigned temporarily
• - servers are assigned fixed IP addresses
Why is DHCP Important?
• Important when it comes to adding a machine to a network
• When computer requests an address, the administrator would
have to manually configure the machine
– Mistakes are easily made
– Causes difficulty for both administrator as well as
neighbors on the network
• DHCP solves all the hassle of manually adding a machine to a
network
Advantages of DHCP
• DHCP minimizes the administrative burden

• By using DHCP there is no chance to conflict IP address

• By using DHCP relay agent you provide IP address to another network

Disadvantages of DHCP
• When DHCP server is unavailable, client is unable to access enterprises
network

• Your machine name does not change when you get a new IP address
DHCP and IPCONFIG

• IPCONFIG/ALL
FQDN, servers (DNS, WINS), node type, etc
NIC description, MAC address, IP address, gateway, subnet
mask
• To handle leases
IP CONFIG/RENEW [adapter]
IP CONFIG/RELEASE [adapter]
if no adapter name is specified, then the IP leases for all
adapters bound to TCP/IP will be released or renewed.
Security problem
• DHCP is an unauthenticated protocol
When connecting to a network, the user is not required to
provide credentials in order to obtain a lease
Malicious users with physical access to the DHCP-enabled
network can instigate a denial-of-service attack on DHCP
servers by requesting many leases from the server, thereby
depleting the number of leases that are available to other
DHCP clients
DNS
 DNS
What is DNS?
• The Domain Name System (DNS) is the phonebook of the Internet.
Humans access information online through domain names, like
nytimes.com or espn.com. Web browsers interact through Internet Protocol
(IP) addresses. DNS translates domain names to IP address so browsers can
load Internet resources.

• Each device connected to the Internet has a unique IP address which other
machines use to find the device. DNS servers eliminate the need for
humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more
complex newer alphanumeric IP addresses such as
2400:cb00:2048:1::c629:d7a2 (in IPv6).
How does DNS work?
There are 4 DNS servers involved in loading a webpage:
 DNS recursor - The recursor can be thought of as a librarian who is asked to go find a
particular book somewhere in a library. The DNS recursor is a server designed to receive
queries from client machines through applications such as web browsers. Typically the
recursor is then responsible for making additional requests in order to satisfy the client’s DNS
query.

 Root nameserver - The root server is the first step in translating (resolving) human readable
host names into IP addresses. It can be thought of like an index in a library that points to
different racks of books - typically it serves as a reference to other more specific locations.

 TLD Nameserver - The top level domain server (TLD) can be thought of as a specific rack of
books in a library. This nameserver is the next step in the search for a specific IP address, and
it hosts the last portion of a hostname (In example.com, the TLD server is “com”).

 Authoritative Nameserver - This final nameserver can be thought of as a dictionary on a

rack of books, in which a specific name can be translated into its definition. The authoritative
nameserver is the last stop in the nameserver query. If the authoritative name server has access
to the requested record, it will return the IP address for the requested hostname back to the
DNS Recursor (the librarian) that made the initial request.
The DNS Process
 Whenever a computer needs to connect to a server (such as the
www.yahoo.com web server) it has to look up the server’s IP
address using the DNS system.
 Each computer on the Internet has a list of the IP address of a
local DNS server.
 So when a computer needs to look up an IP address, it asks its
local DNS server for it.
Step 1 Root DNS

Yahoo’s DNS
Local DNS

www.yahoo.com
Web Server
PC

Step 1: If the PC does not already have the address for www.yahoo.com in
its own DNS cache, it asks its local DNS server for the IP address
information.
Step 2 Root DNS

Yahoo’s DNS
Local DNS

www.yahoo.com
Web Server
PC

Step 2: If the local DNS server does not already have the address for
www.yahoo.com in its own DNS cache, it asks the root DNS servers for the
IP address of Yahoo’s DNS server.
Step 3 Root DNS

Yahoo’s DNS
Local DNS

www.yahoo.com
Web Server
PC

Step 3: The root DNS server returns the IP address of Yahoo’s DNS server
to the local DNS server.
Step 4 Root DNS

Yahoo’s DNS
Local DNS

www.yahoo.com
Web Server
PC

Step 4: The local DNS server connects to Yahoo’s DNS server and asks for
www.yahoo.com’s IP address.
Step 5 Root DNS

Yahoo’s DNS
Local DNS

5) Yahoo’s DNS returns IP info for www.yahoo.com

www.yahoo.com
Web Server
PC

Step 5: Yahoo’s DNS server returns the IP address information of

www.yahoo.com to the local DNS server.
Step 5 Root DNS

Yahoo’s DNS
Local DNS

5) Yahoo’s DNS returns IP info for www.yahoo.com

www.yahoo.com
Web Server
PC

Step 5: Yahoo’s DNS server returns the IP address information of

www.yahoo.com to the local DNS server.
Step 6 Root DNS

Yahoo’s DNS
Local DNS

5) Yahoo’s DNS returns IP info for www.yahoo.com

www.yahoo.com
Web Server
PC

Step 6: The local DNS adds www.yahoo.com’s IP address to its cache and
then returns the IP address info to the PC.
Step 7 Root DNS

Yahoo’s DNS
Local DNS

5) Yahoo’s DNS returns IP info for www.yahoo.com

www.yahoo.com
Web Server
PC 7) PC Connects to www.yahoo.com’s IP

Step 7: The PC adds the IP address info to its local cache and can then
connect to www.yahoo.com using that IP address.
Some DNS records are
• A record -- to Map domain name with IP address will store in A record (version 4)

• AAAA record -- An AAAA record maps a domain name to the IPaddress (Version 6)

• Cname -- Maps an alias name to the canonical name, used to map the subdomain name to the
domain hosting that subdomain.

• MX Record -- Used to identify mail servers, mx record is used by the SMTP protocol to route email
to the proper host.

• NS record -- It is used to Identify the name servers for a particular zone

• SOA(Start Of Authority) Record -- It stores information about the name of the server that supplied
the data for zone. Information like Administrator of the zone, No of seconds a secondary name server
should wait before checking for updates, No of seconds a secondary name server should wait before
retrying a failed zone transfer.

• TXT Record -- Allows any text to be inserted into a DNS record

Zone types

• DNS Zones provide us a way to maintain these records on one or more

servers.
Primary Zone:
This is the main zone and has a read/write copy of the zone data. All
changes to the zone are made in the primary zone and are replicated to the
other zones. It is master copy of zone data
Secondary Zone:
A secondary Zone is a read-only copy of the primary zone. This zone
cannot process updates and can only retrieve updates from the primary
zone. This zone can answer DNS name resolution queries from clients
nodes, this helps reduce the workload on the primary zone.
Zone Types

• Stub Zone:
Stub zones are like a secondary zone but only stores partial zone
data. These zones are useful to help reduce zone transfers by
passing the requests to authoritative servers. These zones only
contain the SOA, NS and A records.
• Forward lookup zone:
forward lookup zone provides hostname to IP address resolution.
When you access a system or website by its hostname such as
mcirosoft.com DNS checks the forward lookup zone for the IP
information related to the hostname.
Zone Transfers

• A Zone transfer is where the master DNS servers transfer zone

data from the master to secondary.

• If DNS server is misconfigured then attacker pretend to be

slave and ask the master for a copy of the zone records and
gets list of domain names registered for that particular zone.
Then the attacker gathers information about all domains and
try to attack any of the domain if it is vulnerable.