Unit 5

Application Layer Protocols

Compiled By: N. A. Patel
Lecturer, K. D. Polytechnic
Patan

09-Oct-24 N. A. Patel 1
 Introduction
• The primary purpose of the application layer in the TCP/IP model is to provide protocols
and tools that allow users to access the network services. This layer serves as the
bridge between the user and the network, facilitating data transfer in an efficient,
reliable, and secure manner.
Common Application Layer Protocols in TCP/IP:
HTTP (Hypertext Transfer Protocol):
• Used for accessing and transferring web pages and content over the internet.
• It operates on top of TCP and uses port 80 by default.
HTTPS (Hypertext Transfer Protocol Secure):
• A secure version of HTTP that uses SSL/TLS to encrypt data for secure communication.
• Operates on port 443 and ensures data integrity and confidentiality.
FTP (File Transfer Protocol):
• Facilitates the transfer of files between clients and servers over the network.
• Uses two ports: one for control (port 21) and one for data transfer (port 20).
SMTP (Simple Mail Transfer Protocol):
• Used to send emails from a client to a server or between mail servers.
• Operates on port 25, using TCP for reliable transmission.

09-Oct-24 N. A. Patel 2
 Introduction
DNS (Domain Name System):
• Translates human-readable domain names (e.g., www.example.com) into IP addresses.
• Operates over UDP and port 53.

IMAP (Internet Message Access Protocol):

• Allows users to retrieve and manage email from a mail server. Multiple devices can
access the same mailbox, keeping the messages synced across them.
• Provides features like synchronization and multi-device access (port 143 for IMAP, port
993 for IMAP over SSL).

DHCP (Dynamic Host Configuration Protocol):

• Automatically assigns IP addresses and network configuration parameters to devices in
a network.
• Operates over UDP and port 67 (DHCP server) and 68 (DHCP Client).

Telnet:
• Allows users to remotely log into another machine to execute commands.
• Operates over TCP (port 23).
09-Oct-24 N. A. Patel 3
 WWW (World Wide Web)
• The idea of Web was first proposed by Tim Berners-Lee in 1989 at CERN†, the
European Organization for Nuclear Research, to allow several researchers at different
locations throughout Europe to access each others’ researches.
• The commercial Web started in the early 1990s.
• Today, The Web is a repository of information in which the documents, called web
pages, are distributed all over the world and related documents are linked together.
• Distribution allows the growth of the Web. Each web server in the world can add a
new web page to the repository and announce it to all Internet users without
overloading a few servers.
• Linking allows one web page to refer to another web page stored in another server
somewhere else in the world. The linking of web pages was achieved using a concept
called hypertext.
• Today, the term hypertext means linked text documents, has been changed to
hypermedia, to show that a web page can be a text document, an image, an audio
file, or a video file.
• Today, the Web is used to provide electronic shopping and gaming. One can use the
Web to listen to radio programs or view television programs.

09-Oct-24 N. A. Patel 4
 WWW - Architecture
• The WWW is a distributed client-server service, in which a client using a browser can
access a service using a server. However, the service provided is distributed over many
locations called sites.
• Each site holds one or more web pages. Each web page, however, can contain some links to
other web pages in the same or other sites. In other words, a web page can be simple or
composite. A simple web page has no links to other web pages; a composite web page has
one or more links to other web pages.
Web Client (Browser)
• Web client use web browsers that interpret and display web pages. Each browser usually
consists of three parts: a controller, client protocols, and interpreters.

• The controller receives input from keyboard or mouse and uses the client protocol to
access the document. After the document has been accessed, the controller uses one of the
interpreters to display the document on the screen.
• The client protocol can be one of the protocols described later, such as HTTP or FTP. The
interpreter
09-Oct-24
can be HTML, Java, or JavaScript, depending on the type of document.
N. A. Patel 5
• Browsers include Internet Explorer, Google Chrome, and Firefox.
 Web Server
• The web page is stored at the server. Each time a request arrives, the corresponding
document is sent to the client. Some popular web servers include Apache and Microsoft
Internet Information Server (IIS).

• Uniform Resource Locator (URL) : A web page or a file, needs to have a unique identifier to
distinguish it from other web pages. To define a web page, we need four identifiers:
protocol, host, port, and path. Example: https://www.google.com:80/filename
• Protocol: This specifies the method used to access the resource on the web. Common
protocols include HTTP, HTTPS, FTP, etc…
• Host: The host specifies the domain name (such as www.google.com) or the IP address of
the server where the web resource is located. It uniquely identifies the server or system on
the web.
• Port: The port number is optional in URLs, as each protocol typically has a default port. For
HTTP, it's 80, and for HTTPS, it's 443.
• Path: The path indicates the exact location of the resource (such as a file or webpage) on
the server. In the example, /filename refers to the specific file being accessed.

• To combine these four pieces together, the uniform resource locator (URL) has been
designed.
09-Oct-24 N. A. Patel 6
 Web Documents
• The documents in the WWW can be grouped into three broad categories: static, dynamic,
and active.
• Static Documents: Static documents are fixed-content documents that are created and
stored in a server. The client can get a copy of the document only.
• When a client accesses the document, a copy of the document is sent. The user can use a
browser to see the document. Static documents are prepared using one of several
languages: Hyper Text Markup Language (HTML), Extensible Markup Language (XML).
• Dynamic Documents: A dynamic document is created by a web server whenever a
browser requests the document. When a request arrives, the web server runs an
application program or a script that creates the dynamic document. The server returns the
result of the program or script as a response to the browser that requested the document.
• Example: A webpage displaying the current date and time or personalized content for
logged-in users.
• Active Documents : For many applications, we need a program or a script to be run at the
client site. These are called active documents.
• When a browser requests an active document, The server sends a document or script,
which is executed locally on the user's machine.
• Technologies like Java applets or JavaScript are used for creating active documents.
• Example: form validation scripts, or animations executed within the browser.
09-Oct-24 N. A. Patel 7
 HTTP
• The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on the
World Wide Web.
• HTTP uses the services of TCP on well-known port 80.
• It is similar to FTP because it transfers files and uses the services of TCP. However, it is
much simpler than FTP because it uses only one TCP connection. There is no separate
control connection; only data are transferred between the client and the server.
HTTP Transaction:
• HTTP itself is a stateless protocol, which means that the server does not keep information
about the client. The client initializes the transaction by sending a request. The server
replies by sending a response.

09-Oct-24 N. A. Patel 8
 HTTP
Request Line: The first line in a request message is
called a request line. There are three fields in this line
separated by some characters. The fields are called
methods, URL, and Version.
Header Lines: we can have zero or more request
header lines. Each header line has a header name, a
colon, a space, and a header value. For example, the
client can request that the document be sent in a
special format.
Body: It contains the comment to be sent.
Request Message
Status Line : The first line in a response message is called
the status line. The first field defines the version of HTTP
protocol, currently 1.1.
The status code field defines the status of the request.
the codes in the 200 range indicate a successful request.
the codes in the 400 range indicate an error at the client
site. Finally, the codes in the 500 range indicate an error
at the server site.
Header Lines: After the status line, we can have zero or
more response header lines. Each header line sends
additional information from the server to the client.
09-Oct-24 N. A. Patel 9
Body: It contains the document to be sent from the server to the client. Response Message
 FTP
• File Transfer Protocol (FTP) is the standard protocol provided by TCP/IP for
copying a file from one host to another.
• Although transferring files from one system to another seems simple and
straightforward but there may be several problems. For example, two systems
may use different file name conventions. Two systems may have different ways to
represent text and data. Two systems may have different directory structures. All
of these problems have been solved by FTP in a very simple way.
• FTP established two connections between the hosts (Client and Server). One
connection is used for data transfer, the other for control information
(commands and responses).
• FTP is more efficient because it separates control and data transfer. The control
connection follows simple communication rules, sending only one command or
response at a time.
• In contrast, the data connection requires more complex rules because it handles
different types of data.
• FTP uses two well-known TCP ports: Port 21 is used for the control connection,
and port 20 is used for the data connection.

09-Oct-24 N. A. Patel 10
 FTP

• The client has three components: user interface, client control process, and the
client data transfer process.
• The server has two components: the server control process and the server data
transfer process.
• The control connection is made between the control processes. The data
connection is made between the data transfer processes.
• The control connection stays open for the whole FTP session. The data
connection, however, opens and closes for each file transfer.
• It opens whenever a file needs to be transferred and closes once the transfer is
done.
09-Oct-24 N. A. Patel 11
 FTP - Connections
• The two FTP connections, control and data, work in different ways and use
separate port numbers.
Control Connection
• The control connection is set up like other application programs we've discussed.
It involves two steps:
– 1. The server issues a passive open on the well-known port 21 and waits for a client.
– 2. The client uses an ephemeral port and issues an active open.
• This connection stays open throughout the session. The IP protocol focuses on
reducing delay because this is an interactive session between a client (user) and
a server.
• The user types commands and expects to receive responses without significant
delay. Below diagram shows the initial connection between the server and the
client.

09-Oct-24 N. A. Patel 12
Data Connection
FTP - Connections
• The data connection uses the well-known port 20 at the server site. However, the creation
of a data connection is different from what we have seen so far. The following shows how
FTP creates a data connection:
– 1. The client, not the server, issues a passive open using an ephemeral port. This
must be done by the client because it is the client that issues the commands for
transferring files.
– 2. The client sends this port number to the server using the PORT command via
control connection.
– 3. The server receives the ephemeral port number and issues an active open using
the well-known port 20.
• The steps for creating the initial data connection are shown in Figure 21.3. Later we will
see that these steps are changed if the PASV command is used.

09-Oct-24 N. A. Patel 13
 Security for FTP
• The FTP protocol was created at a time when security wasn't a major concern.
Here are some key points about FTP security and ways to improve it:
• Plaintext Passwords: FTP sends passwords in plaintext, making them vulnerable
to interception by attackers.
• Unencrypted Data Transfer: Data transferred through FTP is also sent in plaintext,
which can be easily captured by malicious users.
• Adding SSL/TLS: To enhance security, you can use SSL (Secure Socket Layer) or TLS
(Transport Layer Security) with FTP. This encrypts both the passwords and the
data being transferred, making it much harder for attackers to intercept
information. When FTP uses SSL/TLS, it is referred to as SSL-FTP or FTPS.
• Using SFTP: An alternative to FTP is SFTP (Secure File Transfer Protocol), which
operates over SSH (Secure Shell). SFTP encrypts all data and commands, providing
a secure way to transfer files without the vulnerabilities present in traditional FTP.
• Regular Updates: Keeping FTP software and security protocols up to date is
crucial for protecting against known vulnerabilities and attacks.
• Firewalls and Security Measures: Using firewalls and other security measures can
help protect FTP servers and clients from unauthorized access and attacks.

09-Oct-24 N. A. Patel 14
 ELECTRONIC MAIL
• Electronic mail (or e-mail) allows users to exchange messages. In HTTP or FTP, the server
program is running all the time, waiting for a request from a client. When the request
arrives, the server provides the service. There is a request and there is a response.
Architecture

09-Oct-24 N. A. Patel 15
 ELECTRONIC MAIL

MTA client-server program is a push program: the client pushes the message to the
server. Bob needs a pull program. The client needs to pull the message from the
server.

09-Oct-24 N. A. Patel 16
 E-mail Architecture
• Here, the sender and the receiver of the e-mail, Alice and Bob are connected via
a LAN or a WAN to two mail servers. The administrator has created one mailbox
for each user where the received messages are stored.
• A mailbox is part of a server hard drive, a special file with permission restrictions.
Only the owner of the mailbox has access to it. The administrator has also created
a queue (spool) to store messages waiting to be sent.
• A simple e-mail from Alice to Bob takes nine different steps, as shown in the
figure. Alice and Bob use three different agents: a user agent (UA), a message
transfer agent (MTA), and a message access agent (MAA).
• When Alice needs to send a message to Bob, she runs a UA program to prepare
the message and send it to her mail server.
• The mail server at her site uses a queue (spool) to store messages waiting to be
sent. The message, however, needs to be sent through the Internet from Alice’s
site to Bob’s site using an MTA.
• Here, pair of message transfer agents (MTA) are needed: one client and one
server.
• The user agent at the Bob site allows Bob to read the received message. Bob later
uses an MAA client to retrieve the message from an MAA server running on the
09-Oct-24 N. A. Patel 17
second server.
 User Agent
• The first component of an electronic mail system is the user agent (UA). It provides service
to the user to make the process of sending and receiving a message easier. A user agent is
a software package (program) that composes, reads, replies to, and forwards messages.
• There are two types of user agents: command-driven and GUI-based. Modern user agents
are GUI-based. They contain graphical user interface (GUI) components that allow the user
to interact with the software by using both the keyboard and the mouse. They have
graphical components such as icons, menu bars, and windows that make the services easy
to access.
• Sending Mail: User can sent mail through UA which creates mail that looks very similar to
postal letter. It has an envelope and a message. The envelope usually contains the sender
address, the receiver address, and other information.
• The message contains the header and the body. The header of the message defines the
sender, the receiver, the subject of the message, and some other information. The body of
the message contains the actual information to be read by the recipient.
• Receiving Mail: If a user has mail, the UA informs the user with a notice. If the user is
ready to read the mail, a list is displayed in which each line contains a summary of the
information about a particular message in the mailbox. It includes the sender mail address,
the subject, and the time the mail was received.
• Addresses: To deliver mail, a mail handling system must use an addressing system with
unique addresses. In the Internet, the address consists of two parts: a local part and a
domain
09-Oct-24 name, separated by an @ sign. Example:
N. A. Patel [email protected] 18
 Message Transfer Agent (MTA): SMTP

• The actual mail transfer is done through message transfer agents (MTAs). To send mail, a
system must have the client MTA, and to receive mail, a system must have a server MTA.

• The protocol that defines the MTA client and server in the Internet is called Simple Mail
Transfer Protocol (SMTP). SMTP is used two times, between the sender and the sender’s
mail server and between the two mail servers.

Commands and Responses

• SMTP uses commands and responses to transfer messages between an MTA client and an
MTA server. The command is from an MTA client to an MTA server; the response is from
an MTA server to the MTA client.
09-Oct-24 N. A. Patel 19
 Message Access Agent (MAA): POP
• The first and second stages of mail delivery use SMTP. SMTP is a push protocol. It pushes
the message from the client to the server.
• The third stage needs a pull protocol; the client must pull messages from the server. The
direction of the bulk data is from the server to the client. The third stage uses a message
access agent.
• Currently two message access protocols are available: Post Office Protocol, version 3
(POP3) and Internet Mail Access Protocol, version 4 (IMAP4).
POP3
• Post Office Protocol, version 3 is simple but limited in functionality. Client POP3 software
is installed on the recipient computer; the server POP3 software is installed on the mail
server.
• The process starts with the client connecting to the server over TCP port 110, which is used
for the Post Office Protocol (POP3). The client then sends the username and password to
authenticate. Once authenticated, the client can list and retrieve emails from the mailbox
one at a time.

09-Oct-24 N. A. Patel 20
 Message Access Agent: IMAP4
• Another mail access protocol is Internet Mail Access Protocol, version 4 (IMAP4). IMAP4 is
similar to POP3, but it has more features; IMAP4 is more powerful and more complex.
• POP3 has some weaknesses. It does not allow the user to organize her mail on the server;
the user cannot have different folders on the server. In addition, POP3 does not allow the
user to partially check the contents of the mail before downloading.
IMAP4 provides the following extra functions:
• A user can check the e-mail header prior to downloading.
• A user can search the contents of the e-mail for a specific string of characters prior to
downloading.
• A user can partially download e-mail. This is especially useful if bandwidth is limited and
the e-mail contains multimedia with high bandwidth requirements.
• A user can create, delete, or rename mailboxes on the mail server.
• A user can create a hierarchy of mailboxes in a folder for e-mail storage.

09-Oct-24 N. A. Patel 21
 POP3 v/s IMAP4
POP3 (Post Office Protocol 3) IMAP4 (Internet Message Access Protocol 4)
Download emails from inbox to the device and Emails are stored on the server and accessed from
usually deletes from server. the device also.
TCP Port 110 TCP Port 143 (or 993 for secure IMAP/IMAPS)
The user can not organize mail in the mailbox of On the mail server, the user can directly arrange the
the mail server. email.
Requires an internet connection to access and
Offline access once emails are downloaded
manage emails

It is fast. It is slower as compared to POP3.

It does not allow a user to sync emails. It allows a user to sync their emails.

The user can not create, delete or rename email on The user can create, delete,e or rename an email on
the mail server. the mail server.

In POP3 the mail can only be accessed from a single

Messages can be accessed across multiple devices.
device at a time.

A user can not search the content of mail before A user can search the content of mail for a specific
downloading it to the local system. string before downloading.

09-Oct-24 N. A. Patel 22
 MIME
• Electronic mail has a simple structure. It can send messages only in NVT 7-bit ASCII format.
In other words, it has some limitations. It cannot be used for languages other than English
(such as French, German, and Japanese). Also, it cannot be used to send binary files or
video or audio data.
• Multipurpose Internet Mail Extensions (MIME) is a supplementary protocol that allows
non-ASCII data to be sent through e-mail. MIME transforms non-ASCII data at the sender
site to NVT ASCII data and delivers it to the client MTA to be sent through the Internet. The
message at the receiving site is transformed back to the original data.
• We can think of MIME as a set of software functions that transforms non-ASCII data to
ASCII data and vice versa, as shown in Figure

09-Oct-24 N. A. Patel 23
 Web Based Email (Webmail)
• Web-based email is a service that allows users to access their email accounts via a web
browser. Three common webmails are Hotmail, Yahoo, and Google. The idea is very simple.
Let us go through two cases:
Case I
• Here, Alice, the sender, uses a traditional mail server; Bob, the receiver, has an account on
a Web-based server.
• Mail transfer from Alice’s to her mail server is done through SMTP. The transfer of the
message from the sending mail server to the receiving mail server is still through SMTP.
• However, the message from the receiving server (the web server) to Bob’s browser is done
through HTTP. In other words, instead of using POP3 or IMAP4, HTTP is normally used.
• When Bob needs to retrieve his e-mails, he sends a request HTTP message to the website.
• The website sends a form to be filled in by Bob, which includes the log-in name and the
password. If the log-in name and password match, the list of e-mails is transferred from
the Web server to Bob’s browser in HTML format.

09-Oct-24 N. A. Patel 24
 Web Based Email
Case II
• Alice and Bob use web servers, but they may not use the same one. Alice sends a message
to Bob by first sending an HTTP request to her web server, including Bob's email address in
the URL.
• Alice's server then forwards the message using the SMTP protocol to Bob's mail server.
• When Bob checks his messages, he uses HTTP to retrieve it. The message between Alice's
and Bob's servers is still sent via the SMTP protocol.

E-Mail Security
• E-mail exchanges can be secured using two application-layer securities designed in
particular for e-mail systems. Two of these protocols, Pretty Good Privacy (PGP) and Secure
MIME (SMIME)

09-Oct-24 N. A. Patel 25
 DNS (Domain Name System)
• To identify devices on the Internet, TCP/IP uses IP addresses, but people prefer using
names. A system is needed to match names with IP addresses. Initially, a small file called a
host file was used for this, containing names and addresses.
• As the Internet grew, managing one large host file became difficult. Today, we use the
DNS, which splits the information across many computers. This allows each device to
contact the nearest DNS Server with the information it needs.
• Following steps describe that how DNS works?
1. User Enters a URL: Types a domain name (e.g., www.example.com) into their web browser.
2. Browser Checks Cache: The browser first checks its local DNS cache. If the IP is found, it
uses that without performing a DNS lookup.
3. Operating System Checks Cache: It checks the operating system’s DNS cache.
4. Query Sent to Recursive DNS Resolver: The browser sends a DNS query to the recursive
DNS resolver (Google’s public DNS at 8.8.8.8).
5. Recursive Resolver Checks Cache: If it is found then it return the IP address to the browser.
6. Query Sent to Root Name Server: If the resolver doesn’t have the answer, it queries one of
the root name servers (like .com, .net). The root server doesn’t know the IP address but
directs the resolver to the appropriate Top-Level Domain (TLD) name server based on the
domain extension.
7. Query Sent to TLD Name Server: The resolver queries the TLD name server (for example,
.com TLD server for www.example.com).
09-Oct-24 N. A. Patel 26
 DNS
8. Query Sent to Authoritative Name Server: The resolver now queries the authoritative
name server for the domain example.com. The authoritative name server returns the IP
address of the domain to the resolver.
9. Resolver Returns IP to Browser: resolver sends the IP address back to the browser.
10. Browser Connects to Web Server
11. Caching for Future Queries

• DNS (Domain Name System) is a protocol that translates human-readable domain names
(like example.com) into IP addresses (like 192.0.2.1) that computers use to communicate
with each other. In DNS, Names must be unique because the addresses are unique.
• Domain Name System helps to resolve the host name to an address and vice versa.
• A resolver is an application program that a maps a name to an IP address and vice versa.
The resolver sends a UDP packet to a local DNS server, which then looks up into the DNS
database and returns the IP address to the resolver.
• 2 branches
• Forward mapping
– hostnames → IP addresses
• Reverse mapping
– IP addresses → hostnames
• Once a domain assigned to an organization, it is reserved for the organization.
09-Oct-24 N. A. Patel 27
• No other organization will be assigned the same name suffix.
 NAME SPACE
• Namespace refers to the hierarchical structure used to organize and manage domain
names. It can be organized in two ways: flat or hierarchical.
• In a flat namespace, all names exist at the same level, and they must be globally unique.
The main problem is that flat name spaces need central control to avoid duplicates, making
them unsuitable for large systems like the Internet.
• In a hierarchical name space, names are organized in a tree structure where entities are
grouped into levels. Names are made of multiple parts. For example, one part can show
the organization type, another the organization's name, etc…. A central authority gives
the main name, but organizations can manage the rest, making names unique.

• DNS uses UDP through port 53.

• The system is like a tree that starts with
the root (.) and can have maximum 128
levels.
• Each node in the tree represents a
domain name.
• A full domain name is made up of labels
separated by dots, with a maximum of
63 characters.
• Domain names are always read from the
bottom
09-Oct-24
to the top. N. A. Patel 28
 DNS IN THE INTERNET
• In the Internet, the domain name space (tree) is divided into three different sections:
generic domains, country domains, and the inverse domain.

Generic Domain
- Generic domain defines registered host according to their generic behavior.
- Each node in the tree defines a domain
•com- commerical organization
•Edu – educational institutions
•Gov – government institutions
•Org – Non profit organization
09-Oct-24 N. A. Patel 29
 DNS IN THE INTERNET
Country Domain Inverse Domain
• Country domains use two-letter - It is used to map an address to a name.
abbreviations, like "us" for the United - Here the first level node called arpa and
States. second level is called in-addr.
• Second labels may represent - The rest of the domain defines IP address.
organizations or more specific national
identifiers, such as state abbreviations
in the U.S., like "ca.us" for California.

09-Oct-24 N. A. Patel 30
 Registrar
• A Registrar in DNS is an organization or company to manage the reservation of domain
names.
• Registrars provide services like registering, renewing, transferring, or modifying domain
names and ensuring that the domain name is correctly linked to the appropriate IP
addresses in DNS.
• Examples of registrars include GoDaddy, Namecheap, and Google Domains. A registrar first
verifies that the requested domain name is unique and then enters it into the DNS
database. A fee is charged.
• Domain name: ws.wonderful.com , IP address: 200.200.200.5

•
Resolution
Mapping a name to an address or an address to a name is called name-address resolution.
• A resolver is a DNS client that helps map an address to a name or vice versa.
It sends a request to the nearest DNS server, which either provides the information or
refers to other servers.
• Once the resolver gets the response, it checks if it's correct and then gives the result to the
requesting process.
Mapping Names to Addresses
• When a resolver needs to find an address for a domain name, it sends the name to the
DNS server. The server checks either the generic or country domains to find the matching
address. If the local DNS server can't resolve the query, it refers the resolver to other
servers
09-Oct-24 or asks them directly for the information.
N. A. Patel 31
 Recursive Resolution
• The client (resolver) can request a recursive answer from a name server. This means that
the resolver expects the server to supply the final answer.
• If the server is the authority for the domain name, it checks its database and responds.
• If the server is not the authority, it sends the request to another server (the parent usually)
and waits for the response.
• If the parent server has the answer, it responds; otherwise, it sends the query to yet
another server. When the query is finally resolved, the response travels back until it finally
reaches the requesting client.

09-Oct-24 N. A. Patel 32
 Iterative Resolution
• If the client doesn't request a recursive answer, the mapping is done iteratively.
• If the server is the authority for the name, it sends back the answer directly.
• If the server isn't the authority, it gives the client the IP address of another server that
might help.
• The client must then send the same query to this second server.
• If this new server can resolve the query, it provides the answer; if not, it gives another
server's IP address.
• The client continues this process, repeating the query to multiple servers until it finds a
resolution.

09-Oct-24 N. A. Patel 33
 Caching
• When a server gets a query for a name that is not in its domain, it needs to search its
database for other server's IP address. Reduction of this search time would increase
efficiency.
• To improve efficiency, DNS uses a mechanism called caching.
When a server receives a mapping from another server, it stores this information in its
cache memory before sending it to the client.
• If the same or another client ask for the same mapping, the server can quickly resolve it
from the cache.
• However, to inform the client that the response is coming from the cache memory and not
from an authoritative source, the server marks the response as unauthoritative.
• Caching speeds up resolution, but it can also lead to outdated information being sent.
To counter this, two techniques are used.
• First, the authoritative server always adds information to the mapping called time-to-live
(TTL). It defines the time in seconds that the receiving server can cache the information.
After that time, the mapping is invalid and any query must be sent again to the
authoritative server.
• Second, DNS Servers keep a TTL counter to regularly check and remove expired mappings
from their cache.

09-Oct-24 N. A. Patel 34
 DDNS
• When DNS was first created, no one expected so many address changes to happen.
• Whenever there's a change, like adding or removing a host or changing an IP address, the
DNS master file must be updated.
• Above process involves a lot of manual updates and the size of today’s Internet does not
allow for this kind of manual operation.
• The DNS master file must be updated dynamically. Dynamic Domain Name System
(DDNS) was developed for automatic updates.
• In DDNS, when a binding between a name and an address is determined, the information
is sent, usually by DHCP to a primary DNS server.
• The primary server updates the zone. The secondary servers are notified either actively or
passively.
• In active notification, the primary server informs secondary servers about the updates,
while in passive notification, the secondary servers periodically check for any changes.
• To ensure security and prevent unauthorized changes, DDNS can use an authentication
mechanism.

09-Oct-24 N. A. Patel 35
 DNS Security
• DNS is a most important part of the Internet, providing essential services for users.
Many applications, like web access and email, rely on DNS to function properly.
However, DNS can be attacked in various ways.
1. An attacker might read a DNS server's response to learn which websites a user
visits. This information can be used to build a user profile. To prevent this attack,
DNS message needs to be confidential.
2. An attacker may intercept and alter a DNS response or create a fake response to
misdirect the user. This type of attack can be prevented with message origin
authentication and message integrity.
3. An attacker could flood the DNS server with requests, overwhelming or crashing it.
To protect against such denial-of-service attacks, specific measures are necessary.
• To protect DNS, IETF has devised a technology named DNS Security (DNSSEC) that
provides the message origin authentication and message integrity using a security
service called digital signature.
• However, DNSSEC does not provide confidentiality for the DNS messages. There is no
specific protection against the denial-of-service attack

09-Oct-24 N. A. Patel 36