Application Layer

Domain Name System, Case Study : FTP-HTTP-SMTP-SNMP

Internet Directory Service: DNS
• The Domain Name System (DNS) is a directory lookup service that provides a
mapping between the name of a host on the Internet and its numerical address.
• Four elements comprise the DNS
• Domain name space: DNS uses a tree-structured name space to identify
resources on the Internet.
• DNS database: Conceptually, each node and leaf in the name space tree
structure names a set of information (e.g., IP address, type of resource) that is
contained in a resource record (RR). The collection of all RRs is organized into
a distributed database.
• Name servers: These are server programs that hold information about a
portion of the domain name tree structure and the associated RRs.
• Resolvers: These are programs that extract information from name servers in
response to client requests. A typical client request is for an IP address
corresponding to a given domain name
Domain Names
• The IP address provides a way of uniquely identifying devices
attached to the Internet.
• This address is interpreted as having two components: a network
number, which identifies a network on the Internet, and a host
address, which identifies a unique host on that network.
• Problems:
• If each router needed to keep a master table that listed every network
and the preferred path to that network, the management of the tables
would be cumbersome and time consuming. (grouping)
• The 32-bit IPv4 address is usually written as four decimal numbers,
corresponding to the four octets of the address. This number scheme is
effective for computer processing but is not convenient for users, who
can more easily remember names than numerical addresses.
• These problems are addressed by the concept of domain.
• In general terms, a domain refers to a group of hosts that are under
the administrative control of a single entity, such as a company or
government agency.
• Domains are organized hierarchically, so that a given domain may
consist of a number of subordinate domains.
• Names are assigned to domains and reflect this hierarchical
organization.
Portion of Internet Domain Tree
• Each subordinate level is named by prefixing a subordinate name to
the name at the next highest level. For example,
• edu is the domain of college-level U.S. educational institutions.
• mit.edu is the domain for MIT (Massachusetts Institute of
Technology)
• csail.mit.edu is the domain for the MIT Computer Science and
Artificial intelligence Laboratory.
• At a top level, the creation of new top-level names and the
assignment of names and addresses are administered by the Internet
Corporation for Assigned Names and Numbers (ICANN).
The DNS Database
• DNS is based on a hierarchical database containing resource records
(RRs) that include the name, IP address, and other information about
hosts.
• Variable-depth hierarchy for names: DNS allows essentially unlimited levels
and uses the period (.) as the level delimiter in printed names.
• Distributed database: The database resides in DNS servers scattered
throughout the Internet and private intranets.
• Distribution controlled by the database: The DNS database is divided into
thousands of separately managed zones, which are managed by separate
administrators. The database software controls distribution and update of
records.
• Using this database, DNS servers provide a name-to-address directory
service for network applications that need to locate specific servers.
• For example, every time an e-mail message is sent or a Web page is
accessed, there must be a DNS name lookup to determine the IP
address of the e-mail server or Web server

DNS Resource Record Format

DNS Operation
1. A user program requests an IP address for a domain name.
2. A resolver module in the local host or local ISP queries a local name
server in the same domain as the resolver.
3. The local name server checks to see if the name is in its local
database or cache, and, if so, returns the IP address to the requestor.
Otherwise, the name server queries other available name servers, if
necessary going to the root server, as explained subsequently.
4. When a response is received at the local name server, it stores the
name/address mapping in its local cache and may maintain this entry
for the amount of time specified in the time to live field of the
retrieved RR.
5. The user program is given the IP address or an error message.
• Consider a query by a program on a user host for watson.ibm.com.
This query is sent to the local server and the following steps occur:
1. If the local server already has the IP address for watson.ibm.com
in its local cache, it returns the IP address.
2. If the name is not in the local name server’s cache, it sends the
query to a root server. The root server in turn forwards the request
to a server with an NS record for ibm.com. If this server has the
information for watson.ibm.com, it returns the IP address.
3. If there is a delegated name server just for watson.ibm.com, then
the ibm.com name server forwards the request to the
watson.ibm.com name server, which returns the IP address.
Typically, single queries are carried over UDP. Queries for a group of
names are carried over TCP
• There are two methods by which queries are forwarded and results
returned. Suppose a resolver issues a request to local name server
(A).
• If A has the name/ address in its local cache or local database, it can
return the IP address to the resolver.
• If not, then A can do either of the following:
1. Query another name server for the desired result and then send the result
back to A. This is known as a recursive technique.
2. Return to A the address of the next server (C) to whom the request should be
sent. A then sends out a new DNS request to C. This is known as the iterative
technique
Electronic Mail—SMTP
• Electronic mail is a facility that allows users at workstations and
terminals to compose and exchange messages.
• The messages need never exist on paper unless the user (sender or
recipient) desires a paper copy of the message.
• Some e-mail systems only serve users on a single computer; others
provide service across a network of computers
Internet Mail Architecture
• RFC 5598 (Internet Mail Architecture).
• Internet mail architecture consists of a user world, in the form of
Message User Agents (MUA), and the transfer world, in the form of
the Message Handling Service (MHS), which is composed of Message
Transfer Agents (MTA).
• The MHS accepts a message from one user and delivers it to one or
more other users, creating a virtual MUA-to-MUA exchange
environment
Key components
• Message User Agent (MUA): Works on behalf of user actors and user
applications.
• It is their representative within the e-mail service.
• Typically, this function is housed in the user’s computer and is
referred to as a client e-mail program or a local network e-mail server.
• The MUA formats a message and performs initial submission into the
MHS via an MSA.
• Mail Submission Agent (MSA): Accepts the message submitted by an
MUA and enforces the policies of the hosting domain and the
requirements of Internet standards.
• This function may be located together with the MUA or as a separate
functional model.
• In the latter case, the Simple Mail Transfer Protocol (SMTP) is used
between the MUA and the MSA.
• Message Transfer Agent (MTA): Relays mail for one application-level
hop.
• It is like a packet switch or IP router in that its job is to make routing
assessments and to move the message closer to the recipients.
• Relaying is performed by a sequence of MTAs until the message
reaches a destination MDA.
• An MTA also adds trace information to the message header.
• SMTP is used between MTAs and between an MTA and an MSA or
MDA
• Mail Delivery Agent (MDA): Responsible for transferring the message
from the MHS to the MS.
• Message Store (MS): An MUA can employ a long-term MS. An MS can
be located on a remote server or on the same machine as the MUA.
• Typically, an MUA retrieves messages from a remote server using POP
(Post Office Protocol) or IMAP (Internet Message Access Protocol).
Simple Mail Transfer Protocol (SMTP)
• SMTP is the standard protocol for transferring mail between hosts in
the TCP/IP suite; it is defined in RFC 821.

• To begin, mail is created by a user agent program in

response to user input.
• Each created message consists of a header that includes the
recipient’s e-mail address and other information, and a body
containing the message to be sent.
• These messages are then queued in some fashion and
provided as input to an SMTP sender program, which is
typically an always-present server program on the host.
• Although the structure of the outgoing mail queue will differ
depending on the host’s operating system, each queued message
conceptually has two parts:
1. The message text, consisting of
• The RFC 822 header: This constitutes the message envelope and includes an
indication of the intended recipient or recipients.
• The body of the message, composed by the user.
2. A list of mail destinations.
• SMTP sender
• Takes messages from the outgoing mail queue and transmits them to the
proper destination host via SMTP transactions over one or more
• TCP connections to port 25 on the target hosts.
• The SMTP sender must deal with a variety of errors.
• The destination host may be unreachable, out of operation, or the TCP
connection may fail while mail is being transferred.
• A common error is a faulty destination address, which can occur due to user
input error or because the intended destination user has a new address on a
different host.
• SMTP receiver
• Accepts each arriving message and either places it in the appropriate
user mailbox or copies it to the local outgoing mail queue if
forwarding is required.
• The SMTP receiver must be able to verify local mail destinations and
deal with errors, including transmission errors and lack of storage
capacity.
Hypertext Transfer Protocol
• Hypertext Transfer Protocol is the foundation protocol of the World
Wide Web and can be used in any client/server application involving
hypertext.
• The data transferred by the protocol can be plaintext, hypertext,
audio, images, or any Internet-accessible information
• The most typical use of HTTP is between a Web browser and a Web
server.
• To provide reliability, HTTP makes use of TCP. Nevertheless, HTTP is a
stateless protocol: Each transaction is treated independently.
• HTTP uses the services of TCP on well-known port 80.
Web
• Client (Browser)
• Each browser usually consists of three parts: a controller, client protocol, and
interpreters.
• client protocol - FTP or HTTP/HTTPs
• interpreter can be HTML, Java, or JavaScript
• Server - The Web page is stored at the server. Each time a client
request arrives, the corresponding document is sent to the client.
Uniform Resource Locator
• A client that wants to access a Web page needs the address.
• To facilitate the access of documents distributed throughout the
world, HTTP uses locators.
• The uniform resource locator (URL) is a standard for specifying any
kind of information on the Internet.
• The URL defines four things: protocol, host computer, port, and path
• protocol (method) is the client/server program used to retrieve the document
(ftp, http)
• host is the computer on which the information is located (web pages)
• URL can optionally contain the port number of the server
• Path is the pathname of the file where the information is located
HTTP transaction
Request message
 Example
• This example retrieves a document. We use
the GET method to retrieve an image with
the path /usr/bin/image1.
• The request line shows the method (GET),
the URL, and the HTTP version (1.1).
• The header has two lines that show that the
client can accept images in GIF and JPEG
format.
• The request does not have a body. The
response message contains the status line
and four lines of header.
• The header lines define the date, server,
MIME version, and length of the document.
• The body of the document follows the
header
 Example
• This example retrieves information about a
document.
• We use the HEAD method to retrieve
information about an HTML document.
• The request line shows the method (HEAD),
URL, and HTTP version (1.1).
• The header is one line showing that the client
can accept the document in any format (wild
card).
• The request does not have a body.
• The response message contains the status
line and five lines of header.
• The header lines define the date, server,
MIME version, type of document, and length
of the document
 FTP

FTP uses the services of TCP.

It needs two TCP connections.
The well-known port 21 is used
for the control connection
and the well-known
port 20 for the data connection.
FTP
Connections: The control connection
The Data Connection
• Uses Server’s well-known port 20
1. Client issues a passive open on an ephemeral port,
say x.
2. Client uses PORT command to tell the server about
the port number x.
3. Server issues an active open from port 20 to port x.
4. Server creates a child server/ephemeral port
number to serve the client
 Creating
the data
connection
 Communication
Using the control connection
 NVT

FTP FTP

NVT uses the 7-bit United

States ASCII (USASCII) character set. Each
character is encoded using one 8-bit byte
Using the data connection