Chapter 1 – part #2

Domain Name System

(DNS)
•The domain name system (DNS) is a naming database
in which internet domain names are located and
translated into Internet Protocol (IP) addresses.
•The domain name system maps the name people use to
locate a website to the IP address that a computer uses
to locate that website.
 Establishment of ICANN

• Internet
Internet Corporation
CorporationforforAssigned
AssignedNames
Namesand Numbers
and Numbers (ICANNICANN
) is a nonprofit
private organization, created on September 18, 1998 and incorporated on
September 30, 1998 to oversee a number of tasks previously performed directly
on behalf of the U.S. government by other organizations, notably the Internet
Assigned Numbers Authority (IANA) which ICANN now operates.
 ICANN’s Role
• ICANN is responsible for the coordination of the
global internet’s unique identifiers.
• to ensure the secure and stable operation of these
systems.
• ICANN staff does not create policy; they support
and provide resources to the worldwide community,
who determine Internet policy in a “bottom-up”
manner.
• ICANN mandate is to make competition and choice
available in a safe, secure operating environment.
| 4
DNS: Contracts – ICANN Funding

| 5
 ICANN Structure
+ Supporting Organizations (SOs)
• Address Supporting Organization (ASO)
• Country Code Names Supporting Organization - 155 members (ccNSO)
• Generic Names Supporting Organization (GNSO)
+ Board of Directors‘Advisory Committees (ACs)
• Governmental Advisory Committee (GAC)
• At-Large Advisory Committee (ALAC)
• DNS Root Server System Advisory Committee (RSSAC)
• Security & Stability Advisory Committee (SSAC)
+ Technical Advisory Bodies
• Technical Liaison Group, made up of the European Telecommunications Standards Institute
(ETSI), the ITU-T, the World Wide Web Consortium (W3C), and the Internet Architecture
Board (IAB).
• Internet Engineering Task Force

| 6
Fully qualified domain name (FQDN)
 Hosts and LMHosts files
• There are two files in the %systemroot%\system32\drivers\etc
directory that can be used for name resolution.
• The Hosts file, used for DNS name resolution, and the LMHosts.sam
file used for NetBIOS name resolution.
• In an age where DNS dominates your network both locally and
throughout the Internet, these two files are seldom ever used, but they
can be very useful in a few situations.
• Both are simple text files that match names to IP addresses, and are
very easy to create and implement.
• Most people are familiar with these files, but are often unsatisfied
when they do not work as expected.
• This is usually due to the fact that they have some very simple, but
specific requirements, for them to work at all.
 TCP and UDP
• The two most common Transport layer protocols are TCP/IP protocol suite are Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP).
• TCP/IP can be used to provide remote login over the network for interactive file transfer to
deliver email, to deliver webpages over the network, and to remotely access a server host's
file system.
• User Datagram Protocol (UDP) is a simple, connectionless protocol.
• In other words, UDP offers no assurance that packets will be received in the correct sequence.
– It can be useful in situations in which a great volume of data must be transferred quickly,
such as live audio or video transmissions over the Internet.
– It has the advantage of providing for low overhead data delivery.
– The pieces of communication in UDP are called datagrams.
– These datagrams are sent as "best effort" by this Transport layer protocol.
• Applications that use UDP include:
– Domain Name System (DNS)
– Video Streaming
– Voice over IP (VoIP)
11
 TCP and UDP
• Transmission Control Protocol (TCP)
– TCP is a connection-oriented protocol.
– TCP incurs additional overhead to gain functions.
– Additional functions specified by TCP are the same order
delivery, reliable delivery, and flow control.
– Each TCP segment has 20 bytes of overhead in the
header encapsulating the Application layer data, whereas
each UDP segment only has 8 bytes of overhead.
• Applications that use TCP are:
– Web Browsers
– E-mail
– File Transfers
12
 Port Addressing
• The TCP and UDP based services keep track of the
various applications that are communicating.
• To differentiate the segments and datagrams for each
application, both TCP and UDP have header fields that
can uniquely identify these applications.
• These unique identifiers are called port numbers.
• In the header of each segment or datagram, there is a
source and destination port.
• The source port number is the number for this
communication associated with the originating
application on the local host.
• The destination port number is the number for this
communication associated with the destination
application on the remote host. 13
 Port Addressing
• Port numbers are assigned in various ways, depending on
whether the message is a request or a response.
• While server processes have static port numbers assigned to
them, clients dynamically choose a port number for each
conversation.
• The destination port contained in the header is the port number
that is assigned to the service inspiring running on the remote
host.
• It is configured, either by default or manually.
• The source port in a segment or datagram header of a client
request is randomly generated from port numbers greater than
1023.
• Acts like a return address for the requesting application.
• The requesting application port number is used as the destination
port number in the response coming back from the server. 14
15
 Port Addressing
• The combination of the Transport layer port number and the
Network layer IP address assigned to the host uniquely
identifies a particular process running on a specific host
device.
• This combination is called a socket.
• A socket pair, consisting of the source and destination IP
addresses and port numbers, is also unique and identifies the
conversation between the two hosts.
• For example, an HTTP web page request being sent to a web
server (port 80) running on a host with a Layer 3 IPv4 address
of 192.168.1.20 would be destined to socket 192.168.1.20:80.
• If the web browser requesting the web page is running on host
192.168.100.48 and the Dynamic port number assigned to the
web browser is 49152, the socket for the web page would be
192.168.100.48:49152.
16
 Port Addressing
• There are different types of port numbers:
• Well Known Ports (Numbers 0 to 1023)
• These numbers are reserved for services and applications.
• They are commonly used for applications such as HTTP (web
server) POP3/SMTP (e-mail server) and Telnet.
• Registered Ports (Numbers 1024 to 49151)
• And also these port numbers are assigned to user processes or
applications.
• Dynamic or Private Ports (Numbers 49152 to 65535)
• Also known as Ephemeral Ports, these are usually assigned
dynamically to client applications when initiating a connection.
• Some applications may use both TCP and UDP.
• For example, the low overhead of UDP enables DNS to serve
many client requests very quickly.
• The well known port number of 53 is used by both protocols.17
 1028 23 23 1028

Notice the difference in how source and destination port

numbers are used with clients and servers:
Client (initiating Telnet service):
• Destination Port = 23 (telnet)
• Source Port = 1028 (dynamically assigned)
Server (responding to Telnet service):
• Destination Port = 1028 (source port of client)
• Source Port = 23 (telnet) 18
 Sockets
• A socket is a special type of file handle, which is used by a process to
request network services from the operating system.
• A socket address is the triple: <protocol, local-address, local port>
• For example, in the TCP/IP (version 4) suite:
<tcp, 192.168.14.234, 8080>
Port + IP address = socket. E.g. 192.168.2.12:80
• A conversation is the communication link between two processes.
• An association is the 5-tuple that completely specifies the two
processes that comprise a connection:
<protocol, local-address, local-port, foreign-address, foreign-port>
In the TCP/IP (version 4) suite, the following could be a valid
association:
19
<tcp, 192.168.14.234, 1500, 192.168.44, 2280>
Segmentation and Reassembly
• Dividing application data into pieces both ensures that data
is transmitted within the limits of the media and that data
from different applications can be multiplexed on to the
media.
• TCP and UDP Handle Segmentation Differently.
• In TCP, each segment header contains a sequence number
which allows the Transport layer functions on the
destination host to reassemble segments in the order in
which they were transmitted.
• This ensures that the destination application has the data in
the exact form the sender intended.

20
 Segmentation and Reassembly
• UDP is not concerned with the order in which the
information was transmitted, or in maintaining a connection.
• There is no sequence number in the UDP header.
• UDP is a simpler design and generates less overhead than
TCP, resulting in a faster transfer of data.
• Information may arrive in a different order than it was
transmitted because different packets may take different
paths through the network.
• An application that uses UDP must tolerate the fact that data
may not arrive in the order in which it was sent.

21
 The TCP Protocol - Communicating
with Reliability
• The key difference between TCP and UDP is reliability.
• The reliability of TCP communication is performed using
connection-oriented sessions.
• A complete TCP conversation requires the establishment of
a session between the hosts in both directions.
• After a session has been established, the destination sends
acknowledgements to the source for the segments that it
receives.
• These acknowledgements form the basis of reliability within
the TCP session.
22
 The TCP Protocol - Communicating
with Reliability
• As the source receives an acknowledgement, it knows that the
data has been successfully delivered.
• If the source does not receive an acknowledgement within a
predetermined amount of time, it retransmits that data to the
destination.
• Part of the additional overhead of using TCP is the network
traffic generated by acknowledgements and retransmissions.
• The establishment of the sessions creates overhead in the form of
additional segments being exchanged.

23
 The UDP Protocol
• UDP - Low Overhead vs. Reliability
• UDP is a simple protocol that provides the basic Transport layer
functions.
• It has much lower overhead than TCP, since it is not connection-
oriented and does not provide the sophisticated retransmission,
sequencing, and flow control mechanisms.
• key Application layer protocols that use UDP include:
– Domain Name System (DNS)
– Simple Network Management Protocol (SNMP)
– Dynamic Host Configuration Protocol (DHCP)
– Routing Information Protocol (RIP)
• The low overhead of UDP makes it very desirable for such
applications.
24
 UDP Datagram Reassembly
• Because UDP is connectionless, sessions are not established before
communication takes place as they are with TCP.
• UDP is said to be transaction-based.
• In other words, when an application has data to send, it simply
sends the data.
• The UDP PDU is referred to as a datagram.
• When multiple datagrams are sent to a destination, they may take
different paths and arrive in the wrong order.
• UDP does not keep track of sequence numbers the way TCP does.
• UDP has no way to reorder the datagrams into their transmission
order.
• Therefore, UDP simply reassembles the data in the order that it was
25
received and forwards it to the application.
 UDP Server Processes and Requests
• Like TCP-based applications, UDP-based server
applications are assigned Well Known or Registered
port numbers.
• When these applications or processes are running,
they will accept the data matched with the assigned
port number.
• When UDP receives a datagram destined for one of
these ports, it forwards the application data to the
appropriate application based on its port number.

26
 UDP Client Processes
• The UDP client process randomly selects a port number from the
dynamic range of port numbers and uses this as the source port for the
conversation.
• The destination port will usually be the Well Known or Registered
port number assigned to the server process.
• Because there is no session to be created with UDP, as soon as the
data is ready to be sent and the ports are identified.
• UDP can form the datagram and pass it to the Network layer to be
addressed and sent on the network.
• Once a client has chosen the source and destination ports, the same
pair of ports is used in the header of all datagrams used in the
transaction.
• For the data returning to the client from the server, the source and
27
destination port numbers in the datagram header are reversed.
 Comparison of TCP and UDP
• Both TCP and UDP use port numbers
• Both split up application data if necessary
• TCP sets up a connection
• TCP uses acknowledgements and re-sends
• TCP uses flow control
• TCP can re-assemble segments in the right order if
they arrive out of sequence
• UDP has less overhead so is faster.

28
 Comparison of TCP and UDP
UDP
• Connectionless
• Message based, data is sent in
discrete packages
• Unreliable, best effort delivery
without acknowledgements
• Retransmission is not performed
• No flow control mechanism
• Overhead is very low
• Transmission speed is very high
• Used where data delivery speed
matters more than completeness
• Applications & protocols like
multimedia data, DNS, BOOTP,
DHCP, TFTP, SNMP, RIP, etc.
TCP
• Connection oriented
• Stream based, data is sent with no
particular structure
• Reliable delivery of messages; all
data is acknowledged
• Lost data is retransmitted
automatically.
• Flow control using sliding window
• Low but higher than UDP
• High, but not as high as UDP
• Used where data completeness and
reliability matters most
• Applications & protocols like FTP,
Telnet, SMTP, DNS, HTTP, POP,
BGP(Border Gateway Protocol) 29
etc.
• BOOTP, Bootstrap Protocol, is used to configure the host and
get the host address along with bootstrap info.
• DHCP, Dynamic Host Configuration Protocol Server is an
extended version of BOOTP and is used to configure the hosts
dynamically.
• Today, BOOTP has been largely superseded and is rarely used.
You may find it in some older devices, on some antiquated
network printers, or some legacy diskless hosts. It was
originally defined in RFC 951, a standard that has been
obsoleted several times.

30
What is APIPA (Automatic Private
IP Addressing)?

• Automatic Private IP Addressing (APIPA) is a feature in

operating systems (such as Windows) that enables computers
to automatically self-configure an IP address and subnet mask
when their DHCP server isn’t reachable. The IP address range
for APIPA is 169.254.0.1-169.254.255.254, with the subnet
mask of 255.255.0.0.
• When a DHCP client boots up, it looks for a DHCP server in
order to obtain network parameters. If the client can’t
communicate with the DHCP server, it uses APIPA to configure
itself with an IP address from the APIPA range

31
 Connections
• Layers can offer connection-oriented or
connectionless services.
• Connection-oriented like telephone system.
• Connectionless like postal system.
• Each service has an associated Quality-of-
service (e.g. reliable or unreliable).
 Reliability
• Reliable services never lose/corrupt data.
• Reliable service costs more.
• Typical application for reliable service is file
transfer.
• Typical application not needing reliable service
is voice traffic.
• Not all applications need connections.
 7-Layer OSI Model
Layer 7 Application Layer • Layers 1-4 relate to
Layer 6 Presentation Layer
communications technology.
• Layers 5-7 relate to user
Layer 5 Session Layer
applications.
Layer 4 Transport Layer The Open Systems
Layer 3 Network Layer Interconnection (OSI) model
describes seven layers that
Layer 2 Data Link Layer computer systems use to
Layer 1 Physical Layer communicate over a network.

Communications subnet boundary

 Internet Protocols vs OSI
Application • Explicit Presentation
and session layers
Presentation Application missing in Internet
Session Protocols
• Data Link and
Transport TCP
Network Layers
IP
Network redesigned
Data Link Network Interface

Physical Hardware
An exchange using the OSI model

2.36
 Layer 7: Application Layer
• Level at which applications access network
services.
– Represents services that directly support software
applications for file transfers, database access, and
electronic mail etc.
Application layer

The application layer is responsible for

providing services to the user.

2.38
 Layer 6: Presentation Layer
• Related to representation of transmitted data
– Translates different data representations from the
Application layer into uniform standard format
• Providing services for secure efficient data
transmission
– e.g. data encryption, and data compression.
Presentation layer

The presentation layer is responsible for translation,

compression, and encryption.

2.40
 Layer 5: Session Layer
• Allows two applications on different computers to
establish, use, and end a session.
– e.g. file transfer, remote login
• Establishes dialog control
– Regulates which side transmits, plus when and how long it
transmits.
• Performs token management and synchronization.
Session layer

The session layer is responsible for dialog

control and synchronization.
2.42
 Layer 4: Transport Layer
• Manages transmission packets
– Repackages long messages when necessary into
small packets for transmission
– Reassembles packets in correct order to get the
original message.
• Handles error recognition and recovery.
– Transport layer at receiving acknowledges packet
delivery.
– Resends missing packets
Transport layer

The transport layer is responsible for the delivery

of a message from one process to another.

2.44
 Layer 3: Network Layer
• Manages addressing/routing of data within the
subnet
– Addresses messages and translates logical addresses and
names into physical addresses.
– Determines the route from the source to the destination
computer
– Manages traffic problems, such as switching, routing, and
controlling the congestion of data packets.
• Routing can be:
– Based on static tables
– determined at start of each session
– Individually determined for each packet, reflecting the
current network load.
Network layer

The network layer is responsible for the

delivery of individual packets from
the source host to the destination host.
2.46
 Layer 2: Data Link Layer
• Packages raw bits from the Physical layer into frames
(logical, structured packets for data).
• Provides reliable transmission of frames
• It waits for an acknowledgment from the receiving
computer.
• Retransmits frames for which acknowledgement not
received

The data link layer is responsible for moving

frames from one hop (node) to the next.
 Layer 1: Physical Layer
• Transmits bits from one computer to another
• Regulates the transmission of a stream of bits over a
physical medium.
• Defines how the cable is attached to the network
adapter and what transmission technique is used to
send data over the cable. Deals with issues like
– The definition of 0 and 1, e.g. how many volts represents a
1, and how long a bit lasts?
– Whether the channel is simplex or duplex?
– How many pins a connector has, and what the function of
each pin is?
 Summary of layers

2.49
What simple utility is used to test for an active
TCP IP device?
• The below-mentioned commands are some of the most useful
commands required to troubleshoot network problems and configure
network settings.

✓ NETSTAT
✓ IPCONFIG. ...
✓ NSLOOKUP. ...
✓ HOSTNAME. ...
✓ PING. ...
✓ TRACERT. ...
✓ ARP(Address Resolution Protocol) ...
✓ SYSTEM INFO

50
 What are frames in the OSI model?
• In the OSI model of computer networking, a frame is the
protocol data unit at the data link layer.
• Frames are the result of the final layer of encapsulation before
the data is transmitted over the physical layer.
• In networking, there exist two types of frames: fixed-
length and variable-length frames.
• In fixed-length framing, the size of the frame works as
the delimiter.
• Hence there is no need to set a boundary for the frame.
In variable-length framing, it's difficult to determine the
start and end of a frame.
51
Cont,…
❑ The netstat command generates displays that show network status
and protocol statistics, You can display the status of TCP and UDP
endpoints in a table format, routing table information, and interface
information.

❑ IPCONFIG. A number of useful switches can be used with

IPCONFIG. IPCONFIG /all reports your computer's domain and
domain server address, physical (also known as media access
control—or MAC—layer, hardware, or Ethernet) address, IP address,
and your default gateway.
❑ A ping (Packet Internet or Inter-Network Groper) is a basic Internet
program that allows a user to test and verify if a particular
destination IP address exists and can accept requests in computer
network administration.

52
TRACERT
❑ TRACERT (Trace Route) - This command will show how long each
link in a route takes, as well as show links that fail to pass packets
to the next link.
• Successful transfers of data will report the total time to the
destination
❑ nbtstat - The name of this utility is NetBIOS over TCP/IP
Statistics. Not very enlightening.
-You need to know that your computer will typically hold the names
and IP addresses of several devices in memory.
-Sometimes those devices go offline, and others come online.
-This may make it desirable to check what is in memory.

53
NSLOOKUP
• NSLOOKUP - This can be used to report the IP address of a DNS
name.
• It does not send a ping to the named server.
• The example in the text shows that the command will result in two
responses in the format: Server: server name
Address: IP address
Name: DNS name
Address: IP address
•The first pair of responses are about the DNS server on your network.
The second pair are about the DNS name you are looking up.
•When I tried this with nslookup microsoft.com, I received two IP
addresses in the line about Microsoft's server. Not unexpected, since a
busy network will have more than one server responding to requests.
•hostname - This command will respond with the name of your device
in your domain.
54
Explosion of New Internet Appliances
Do We Really Need a Larger Address Space?
 IP Address Allocation History
1981 - IPv4 protocol published 100.00%
90.00%
1985 ~ 1/16 of total space 80.00%

1990 ~ 1/8 of total space 70.00%

60.00%
1995 ~ 1/3 of total space 50.00%
40.00%
2000 ~ 1/2 of total space 30.00%
20.00%
2002.5 ~ 2/3 of total space 10.00%
0.00%
1980 1985 1990 1995 2000 2005 2010

• This despite increasingly intense conservation efforts

– PPP / DHCP address sharing NAT (network address translation)
– CIDR (classless inter-domain routing) plus some address reclamation
• Theoretical limit of 32-bit space: ~4 billion devices
Practical limit of 32-bit space: ~250 million devices (RFC 3194)
Main IPv6 Benefits
• Expanded addressing capabilities
• Structured hierarchy to manage routing table
growth
• Serverless autoconfiguration and reconfiguration
• Streamlined header format and flow identification
• Improved support for options / extensions

57
 IPv6 Advanced Features
• Security - Built-in, strong IP-layer encryption and
authentication
• Mobility - More efficient and robust mechanisms
• Quality of Service
• Privacy Extensions for Stateless Address
Autoconfiguration (RFC 3041)
• Source address selection

58
Cont,…
• The IP address 127.0. 0.1 is called a loopback address.
Packets sent to this address never reach the network but
are looped through the network interface card only.
• This can be used for diagnostic purposes to verify that
the internal path through the TCP/IP protocols is
working.
• The IP address range 127.0. 0.0 – 127.255. 255.255
is reserved for loopback, i.e. a Host's self-address, also
known as localhost address. This loopback IP address is
managed entirely by and within the operating system.

59