Domain Name System (RFC’s 1034, 1035, 1996, 2535, 3008, 3658,

3755, 3757, 3845, 3396, 3342)helps to resolve the host name to an

address. It uses a hierarchical naming scheme and distributed
database of IP addresses and associated names

Domain Name System Architecture

The Domain name system comprises of Domain Names, Domain
Name Space,Name Server that have been described below:
• In the Internet, the domain name space (tree) was
• originally divided into three different sections:
➢ generic domains,
➢ country domains, and
➢ the inverse domains.
• However, due to the rapid growth of the Internet, it
• became extremely difficult to keep track of the inverse
• domains, which could be used to find the name of a host
• when given the IP address.
• The inverse domains are now deprecated (RFC 3425)
 Domain Name Space: The domain name space refers a hierarchy in
the internet naming structure. This hierarchy has multiple levels (from
0 to 127), with a root at the top. The following diagram shows the
domain name
space hierarchy

In the above
diagram each
subtree
represents a
domain. Each domain can be partitioned into sub domains and these
can be further partitioned and so on.
FQDN- Fully Qualified domain name
• If label is terminated by a null string (dot)
PQDN-partially qualified domain name
• It does not reach the root.
• Resolver supplies the missing part called suffix to create FQDN

Resolution
• Mapping a name to an address is called name-address resolution.
• DNS is designed as a client-server application.
• A host that needs to map an address to a name or a name
• to an address calls a DNS client called a resolver.
• The resolver accesses the closest DNS server with a mapping request.
• If the server has the information, it satisfies the resolver; otherwise, it
either refers the resolver to other servers or asks other servers to
provide the information.
• A resolution can be either recursive or iterative
Recursive resolution - application program on the source host
calls DNS resolver (client) to find IP address of destination
host. The resolver does not know, sends the query to local
DNS server

Iterative resolution – takes place between two servers

Encapsulation
• DNS can use either UDP or TCP.
• In both cases the well-known port used by the server is port 53.
• UDP is used when the size of the response message is less than 512
bytes because most UDP packages have a 512-byte packet size limit.
• If the size of the response message is more than 512
• bytes, a TCP connection is used.
 DDNS-Dynamic Domain Name System
• When the DNS was designed, no one predicted that there would be
so many address changes.
• In DNS, when there is a change, such as adding a new host, removing
a host, or changing an IP address, the change must be made to the
DNS master file.
• These types of changes involve a lot of manuals updating. The size of
today’s Internet does not allow for this kind of manual operation.

Security of DNS
o DNS messages
o need to be confidential
o prevented using
o message origin authentication
o Provision against denial-of-service attack
o To protect DNS, DNS Security (DNSSEC) is devised that provides
message origin authentication and message integrity using digital
service
o However, DNSSEC does not provide confidentiality and specific
protection against denial-of-service attack.
Email
Electronic mail (or e-mail) allows users to exchange messages.
In the case of electronic mail, the implementation of client
server paradigm is different.
First, e-mail is considered a one-way transaction. When Alice sends an
e-mail to Bob, she may expect a response, but this is not a mandate.
If he responds, it is another one-way transaction
Users run only client programs when they want and the intermediate
servers apply client-server paradigm

User Agent-GUI based(icons, menu bars, windows which makes

services easier to access)
The first component of an electronic mail system is the user agent (UA).
It provides service to the user to make the process of sending and
receiving a message easier.
A user agent is a software package (program) that composes, reads,
replies to, and forwards messages.
It also handles local mailboxes on the user computers.
Egs- Eudora, Outlook
Format of an e-mail- sender user creates mail through UA-UA of
receiver user informs the user

E-mail address- User mailbox (or local part-mail received is stored for
retrieval by MAA)
-Mail Servers or Exchangers (domain name)

Separate message for each mail address is prepared and handed to

MTA

Protocols used in electronic mail

 Message Transfer Agent: SMTP (Simple Mail Transfer Protocol)
(RFC’s 2821, 2822)
• We refer to the first and the second as Message Transfer
• Agents (MTAs), the third as Message Access Agent (MAA).
• Protocol that defines MTA client and server is called SMTP
• SMTP is used two times
➢ Between sender and sender’s mail server
➢ Between two mail servers
SMTP commands-from client to server
SMTP responses 1

SMTP responses 2
EXAMPLE
Message Access Agent: POP3(Post Office Protocol) and IMAP4
(Internet Mail Access Protocol)
The first and second stages of mail delivery use SMTP.
However, SMTP is not involved in the third stage because SMTP is a
push protocol; it pushes the message from the
client to the server.
On the other hand, the third stage needs a pull protocol;
the client must pull messages from the server.
The third stage uses a message access agent.
POP3 (version 3)-client POP3 software installed at recipient
computer; server POP3 installed at mail server
Mail access starts with client when the user needs to download its
email from the mailbox on the mail server
Client opens a connection to the server on TCP port 110
 IMAP4 (Internet Mail Access Protocol, version 4) – TCP PORT
NUMBER 143
It has more features than POP3
It is more powerful and more complex
Extra functions
➢ User can check email header prior to downloading
➢ User can search contents of email for a specific string of characters
prior to downloading
➢ User can partially download email
➢ User can create, delete, rename mailboxes on mail
➢ server
➢ User can create a hierarchy of mailboxes in a folder for email storage

MIME (Multipurpose Internet Mail extensions) (RFC’s 2046,

2047, 2048, 2049)
• Electronic mail has a simple structure.
➢ It can send messages only in NVT (Universal character set called
Network Virtual Terminal characters) 7-bit ASCII format (only
English language)
➢ it cannot be used to send binary files or video or audio data.
• Multipurpose Internet Mail Extensions (MIME) is a supplementary
protocol that allows non-ASCII data to be sent through e-mail.
MIME header-added to original email header section to define the
transformation parameters

Data types and subtypes in MIME

Web-Based Mail
E-mail is such a common application that some websites today
provide this service to anyone who accesses the site using HTTP
Three common sites are Hotmail, Yahoo, and Google mail.
Web-based e-mail: cases I-Alice uses SMTP and Bob uses
HTTP server II
case II-both using web servers

E-Mail Security
The protocol does not provide any security provisions perse.
However, e-mail exchanges can be secured using two application-layer
securities designed in particular for e-mail systems.
Two of these protocols, Pretty Good Privacy (PGP) and
Secure/Multipurpose Internet Mail Extensions (S/MIME)
TELNET – TErminal NETwork (remote logging application)
(RFC’s 854, 855, 856, 1041, 1091, 1372, 1572)
A server program can provide a specific service to its corresponding
client program.
Although TELNET requires a logging name and password, it is
vulnerable to hacking because it sends all data including the password
in plaintext (not encrypted).
TELNET is replaced by SSH (Secure shell) but network administrators
often use TELNET for diagnostic and debugging purposes
Local versus remote logging

Examples of interface commands

Secure Shell (SSH) (RFC’s 4250, 4251, 4252, 4253, 4254,4344)
There are two versions of SSH: SSH-1 (now deprecated because of
security flaws in it) and SSH-2.
Components of SSH

Since TCP is not secured, SSH creates a secured channel on the top of
TCP
After secure channel is established, both server and client are
authenticated for each other
After authentication, SSH-CONN lets the client create multiple logical
channels over it

Applications
Although SSH is often thought of as a replacement for TELNET, SSH is,
in fact, a general-purpose protocol that provides a secure connection
between a client and server.
• SSH for Remote Logging
• SSH for File Transfer-Two applications
➢ SFTP (secure file transfer protocol)
➢ SCP (secure copy)
Port Forwarding- for securing FTP application
One of the interesting services provided by the SSH protocol is port
forwarding.
The SSH port forwarding mechanism creates a tunnel through which
the messages belonging to other protocols can travel. For this reason,
this mechanism is sometimes referred to as SSH tunnelling.

SSH packet format- 5 fields

Length-length of packet except padding

Padding-added to make attack on security provision more difficult
CRC (Cyclic Redundancy Check) -error detection
Type- type of packet used
Data- data to be transferred
 FTP –File Transfer Protocol (RFC’s 959, 2577, 2585)
File Transfer Protocol (FTP) is the standard protocol provided by
TCP/IP for copying a file from one host to another.
Although we can transfer files using HTTP, FTP is a better choice to
transfer large files or to transfer files using different formats.

FTP-client has three components & server has two components

-Separation of commands and data transfer makes FTP more efficient

-Transfer of files through data connection only

Lifetimes of Two Connections

• The two connections in FTP have different lifetimes.
• The control connection (uses simple rules of communication) remains
connected during the entire interactive FTP session.
➢ when a user starts an FTP session, the control connection opens.
• The data connection (uses complex rules due to variety of data types)
is opened and then closed for each file transfer activity.
➢ While the control connection is open, the data connection can be
opened and closed multiple times if several files are transferred.
➢ FTP uses two well-known TCP ports: port 21 is used for the
control connection, and port 20 is used for the data connection.
Some FTP commands 1

Some FTP commands 2

Communication over Data Connection
Client must define the type of file (ASCII, EBCDIC or image) to be
transferred, structure of data (file-stream of bytes, record or page),
transmission mode (stream mode, block mode, compressed mode)-
this resolves the problem of heterogeneity
Before sending the file through data connection, we prepare for
transmission through control connection

File Transfer- used for three things

Retrieving a file (from server to client)
Storing a file (from client to server)
Directory listing (from server to client)

Security for FTP

The FTP protocol was designed when security was not a big issue.
Although FTP requires a password, the password is sent in plaintext
(unencrypted), which means it can be intercepted and used by an
attacker.
The data transfer connection also transfers data in plaintext, which is
insecure.
To be secure, one can add a Secure Socket Layerbetween the FTP
application layer and the TCP layer. Inthis case FTP is called SSL-FTP.
Example