CS 210

Introduction to Computer Networks

application
transport
network
data link
physical

Application Layer – Advanced Topics

Some slides are adapted from “Computer Networking – a Top-Down Approach”
© 1996-2012 by J.F Kurose and K.W. Ross, All Rights Reserved

Questions
• WWH of DNS?
• What are the many types of name
servers?
• How does DNS name resolution work?
• What/How of DNS records?
• WWH of user-server states?
• WWH of Web caching?

1
 DNS: Domain Name System
people: many identifiers: Domain Name System:
– SSN, name, passport # • distributed database
Internet hosts, routers: implemented in hierarchy of
– IP address (32 bit) - many name servers
used for addressing • application-layer protocol:
datagrams hosts, name servers
– “name”, e.g., communicate to resolve names
www.yahoo.com - (address/name translation)
used by humans – note: core Internet function,
Q: how to map between IP implemented as application-
layer protocol
address and name, and
vice versa ? – complexity at network’s
“edge”

DNS: Services and Structure

DNS services why not centralize DNS?
• hostname to IP address • single point of failure
translation • traffic volume
• host aliasing • distant centralized database
– canonical, alias names • maintenance
• mail server aliasing
• load distribution A: doesn’t scale!
– replicated Web
servers: many IP
addresses correspond
to one name

2
 DNS: Distributed and Hierarchical
Database
Root DNS Servers

… …
com DNS servers org DNS servers edu DNS servers

pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers

client wants IP for www.amazon.com; 1st approximation:

• client queries root server to find .com DNS server
• client queries .com DNS server to get amazon.com DNS server
• client queries amazon.com DNS server to get IP address for
www.amazon.com

DNS: Root Name Servers

• contacted by local name server that can not resolve name
• root name server:
– contacts authoritative name server if name mapping not known
– gets mapping
– returns mapping to local name server

c. Cogent, Herndon, VA (5 other sites)

d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other sites)

e. NASA Mt View, CA m. WIDE Tokyo

f. Internet Software C. (5 other sites)
Palo Alto, CA (and 48 other
sites)

a. Verisign, Los Angeles CA

13 root name “servers”
(5 other sites) worldwide
b. USC-ISI Marina del Rey, CA
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)

3
 TLD and Authoritative Servers
top-level domain (TLD) servers:
– responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
– Network Solutions maintains servers for .com TLD
– Educause for .edu TLD
authoritative DNS servers:
– organization’s own DNS server(s), providing authoritative
hostname to IP mappings for organization’s named hosts
– can be maintained by organization or service provider

Local DNS Name Server

• does not strictly belong to hierarchy
• each ISP (residential ISP, company, university) has
one
– also called “default name server”
• when host makes DNS query, query is sent to its
local DNS server
– has local cache of recent name-to-address translation
pairs (but may be out of date!)
– acts as proxy, forwards query into hierarchy

4
 DNS Name root DNS server
Resolution Example
2
• host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5

local DNS server

iterated query: dns.poly.edu
❖ contacted server 7 6
replies with name of 1 8
server to contact
❖ “I don’t know this authoritative DNS server
dns.cs.umass.edu
name, but ask this requesting host
server” cis.poly.edu

gaia.cs.umass.edu

DNS Name root DNS server

Resolution Example
2 3
7
recursive query: 6
❖ puts burden of name TLD DNS
resolution on server
contacted name local DNS server
server dns.poly.edu 5 4
❖ heavy load at upper 1 8
levels of hierarchy?
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu

gaia.cs.umass.edu

10

10

5
 DNS: Caching and Updating Records
• once (any) name server learns mapping, it caches
mapping
– cache entries timeout (disappear) after some time (TTL)
– TLD servers typically cached in local name servers
▪ thus root name servers not often visited
• cached entries may be out-of-date (best effort
name-to-address translation!)
– if name host changes IP address, may not be known
Internet-wide until all TTLs expire
• update/notify mechanisms proposed IETF standard
– RFC 2136

11

11

DNS Records
DNS: distributed db storing resource records (RR)
RR format: (name, value, type, ttl)

type=A type=CNAME
▪ name is hostname ▪ name is alias name for some
▪ value is IP address “canonical” (the real) name
type=NS ▪ www.ibm.com is really
– name is domain (e.g., servereast.backup2.ibm.com
foo.com) ▪ value is canonical name
– value is hostname of
authoritative name type=MX
server for this domain ▪ value is name of mailserver
associated with name
12

12

6
 DNS Protocol and Messages
• query and reply messages, both with same
message format 2 bytes 2 bytes

msg header identification flags

❖ identification: 16 bit # # questions # answer RRs

for query, reply to query # authority RRs # additional RRs
uses same #
❖ flags: questions (variable # of questions)

▪ query or reply
▪ recursion desired answers (variable # of RRs)

▪ recursion available
authority (variable # of RRs)
▪ reply is authoritative
additional info (variable # of RRs)

13

13

DNS Protocol and Messages – cont’d

2 bytes 2 bytes

identification flags

# questions # answer RRs

# authority RRs # additional RRs

name, type fields questions (variable # of questions)

for a query
RRs in response answers (variable # of RRs)
to query
records for authority (variable # of RRs)
authoritative servers
additional “helpful” additional info (variable # of RRs)
info that may be used

14

14

7
 Inserting Records into DNS
• example: new startup “Network Utopia”
• register name networkuptopia.com at DNS registrar
(e.g., Network Solutions)
– provide names, IP addresses of authoritative name server
(primary and secondary)
– registrar inserts two RRs into .com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
• create authoritative server type A record for
www.networkuptopia.com; type MX record for
networkutopia.com

15

15

Attacking DNS
DDoS attacks Redirect attacks
• Bombard root servers • Man-in-middle
with traffic – Intercept queries
– Not successful to date • DNS poisoning
– Traffic Filtering – Send bogus replies to
– Local DNS servers DNS server, which
cache IPs of TLD caches
servers, allowing root Exploit DNS for DDoS
server bypass
• Send queries with
• Bombard TLD servers
spoofed source
– Potentially more
dangerous address: target IP
• Requires amplification
16

16

8
 User-Server State: cookies
example:
many Web sites use cookies • Susan always access Internet
four components: from PC
1) cookie header line of • visits specific e-commerce
HTTP response site for first time
message • when initial HTTP requests
2) cookie header line in arrives at site, site creates:
next HTTP request – unique ID
message – entry in backend
3) cookie file kept on database for ID
user’s host, managed
by user’s browser
4) back-end database at
Web site
17

17

Cookies: keeping “state”

client server

ebay 8734
usual http request msg Amazon server
cookie file creates ID
usual http response
set-cookie: 1678 1678 for user create backend
ebay 8734 entry database
amazon 1678
usual http request msg
cookie: 1678 cookie- access
specific
usual http response msg action

one week later:

access
ebay 8734 usual http request msg
amazon 1678 cookie: 1678 cookie-
specific
usual http response msg action
18

18

9
 Cookies – cont’d
aside
what cookies can be cookies and privacy:
used for: ❖ cookies permit sites to
• authorization learn a lot about you
• shopping carts ❖ you may supply name and
• recommendations e-mail to sites
• user session state (Web e-
mail)

how to keep “state”:

❖ protocol endpoints: maintain state at
sender/receiver over multiple
transactions
❖ cookies: http messages carry state

19

19

Web Caches (proxy server)

goal: satisfy client request without involving origin server
• user sets browser: Web
accesses via cache
• browser sends all HTTP proxy
requests to cache server
– object in cache: cache client
origin
returns object server
– else cache requests
object from origin
server, then returns
object to client
client origin
server

20

20

10
 More about Web caching
• cache acts as both why Web caching?
client and server • reduce response time for
– server for original client request
requesting client
– client to origin server • reduce traffic on an
• typically cache is institution’s access link
installed by ISP • Internet dense with
(university, company, caches: enables “poor”
residential ISP) content providers to
effectively deliver
content (so too does P2P
file sharing)

21

21

Caching Example
assumptions:
❖ avg object size: 100K bits origin
❖ avg request rate from servers
browsers to origin public
servers:15/sec Internet
❖ avg data rate to browsers: 1.50
Mbps
❖ RTT from institutional router 1.54 Mbps
to any origin server: 2 sec access link
❖ access link rate: 1.54 Mbps institutional
network
consequences: 1 Gbps LAN
❖ LAN utilization: 15% problem!
❖ access link utilization = 97.4%
❖ total delay = Internet delay +
access delay + LAN delay
= 2 sec + minutes + usecs
22

22

11
 Caching Example: Fatter Access Link
assumptions:
❖ avg object size: 100K bits
❖ avg request rate from browsers to origin
origin servers:15/sec servers
public
❖ avg data rate to browsers: 1.50 Mbps Internet
❖ RTT from institutional router to any
origin server: 2 sec
❖ access link rate: 1.54 Mbps 154 Mbps
consequences: 1.54 Mbps
154 Mbps
❖ LAN utilization: 15% access link
❖ access link utilization = 99% 0.99% institutional
❖ total delay = Internet delay + access network
delay + LAN delay 1 Gbps LAN
= 2 sec + minutes + usecs
msecs

Cost: increased access link speed, which is not cheap!

23

23

Caching Example: Local Cache

assumptions:
❖ avg object size: 100K bits
❖ avg request rate from browsers to origin
origin servers:15/sec servers
public
❖ avg data rate to browsers: 1.50 Mbps Internet
❖ RTT from institutional router to any
origin server: 2 sec
❖ access link rate: 1.54 Mbps
consequences: 1.54 Mbps
❖ LAN utilization: 15% access link
❖ access link utilization = 100%
? institutional
❖ total delay = Internet
? delay + access network
delay + LAN delay 1 Gbps LAN
=How
2 sec to compute
+ minutes link
+ usecs
utilization, delay? local web
cache

Cost: web cache (cheap!)

24

24

12
 Caching example: Local Cache – cont’d
Calculating access link
utilization, delay with origin
cache: servers
public
• suppose cache hit rate is 0.4 Internet
– 40% requests satisfied at cache,
60% requests satisfied at origin
❖ access link utilization:
▪ 60% of requests use access link 1.54 Mbps
❖ data rate to browsers over access link access link
= 0.6*1.50 Mbps = .9 Mbps
▪ utilization = 0.9/1.54 = .58 institutional
network
❖ total delay 1 Gbps LAN
▪ = 0.6 * (delay from origin servers) +0.4
* (delay when satisfied at cache) local web
▪ = 0.6 (2.01) + 0.4 (~msecs) cache
▪ = ~ 1.2 secs
▪ less than with 154 Mbps link (and
cheaper too!)
25

25

Conditional GET
client server
• Goal: don’t send object if
cache has up-to-date
cached version HTTP request msg
object
If-modified-since: <date>
– no object transmission not
delay modified
– lower link utilization HTTP response
before
HTTP/1.0
• cache: specify date of 304 Not Modified <date>
cached copy in HTTP
request
If-modified-since:
<date> HTTP request msg
• server: response contains If-modified-since: <date> object
modified
no object if cached copy is after
HTTP response
up-to-date: HTTP/1.0 200 OK <date>
HTTP/1.0 304 Not <data>
Modified 26

26

13
 Quote of The Day
27

27

14