CHAPTER-4 APPLICATION LAYER

DOMAIN NAME SYSTEM (DNS)

INTRODUCTION:
• Since each computer connected to internet has IP address.
• So, when internet was developed then we need this address of computer to access any
information present on it.
• But human brain can remember names rather than numbers.
• So, each computer was given a unique name and user uses this name to access
information.
• But internally this name must be mapped to corresponding IP address and for this
mapping in early days of internet hosts.txt file was used which was having only two
columns that is names and IP addresses.
• We can imagine that this process is similar to phonebook (contact list) of mobile phone.
• This file was stored on every host connected to internet and periodically updated from
master host file which was stored at specific computer.
• Today however it is impossible to have one single host file to relate every address with
name and vice versa because of two reasons.
1. Size of file will be very large.
2. It is impossible to update changes in this file as this change must be broadcast to
each and every host.
• Better solution is to divide this huge amount of information into smaller parts and store
each part on different computer.
• Same parts are stored on multiple computers to provide fault tolerance.
• Host that needs mapping can contact to closest computer holding that information.
• This method is known as Domain Name System (DNS).
• It uses distributed database approach.
• It is an application layer protocol and uses UDP as transport layer protocol and port
number is 53.

NAME-SPACE:
• We must assign a unique name to each IP address so that mapping becomes possible.
• Set of all these unique names are assigned to IP addresses are called name space.
TYPES OF NAME-SPACE:
1.FLAT NAME-SPACE:

• As the name suggests there was no link between names and this was used in hosts.txt
file.
• But it is very difficult to manage in today’s internet as we need a central authority
which will manage all these names and guarantee their uniqueness.
2.HIERARCHICAL NAME-SPACE:

• Each name is made up of several parts.

• The first part can define nature of organization, second can define the name of
organization and third can define departments in the organization and so on.
• So, here central authority will be responsible for assigning only nature of organization
and name of organization and an organization itself can assign names to its departments
and computer inside department.
• So, central authority only assign part of name and not entire name for example nature
is commercial organization (.com) and name is Cisco.
• Now Cisco will give name to department like “sales” department and can have
computer name “abc”.
• Domain name of “abc” computer will be abc.sales.cisco.com.
• Also note that other organizations will also have “sales” department and can have
computer name “abc” but a whole domain name will be unique for example
abc.sales.cisco.com and abc.sales.tcs.com.
• This hierarchical name-space is used in DNS.

DOMAIN NAME-SPACE:
• To have hierarchical name-space in DNS, domain name-space was designed.
• In this design the names are defined in inverted tree structure with the root on the top.

• The tree can have 128 levels (0 to 127) and each node in a tree has a label which is a
string up to 63 characters.
• The root label is NULL or empty string.
• DNS requires that children of a node (siblings) have different labels which guarantee
uniqueness of domain names.
• A domain name is sequence of labels separated by dots.
• Domain names are always read from the node up to the root and maximum size can be
225 characters and these are case insensitive.
Domain names are of two types:
1. FULLY QUALIFIED DOMAIN NAME (FQDN):

• Domain name which ends with NULL string i.e. dot (.) is called fully qualified domain
name for e.g. “abc.sales.cisco.com.”.
• A FQDM is a domain name that contains the full name of a host.
• It contains all labels, from the most specific to the most general, that uniquely define
the name of the host.
• For example, the domain name “challenger.atc.fuda.edu.” is the FQDN of a computer
named challenger installed at the Advanced Technology Center (ATC) at DeAnza
Collage.
• A DNS server can only match an FODN to an address.
• Note that the name must end with a null label, because null means nothing, the label
ends with a dot (.).
2. PARTIALLY QUALIFIED DOMAIN NAME (PQDN):

• Domain name which does not end with NULL string is called partially qualified
domain name.
• A PQDN starts from a node, but it does not reach the root.
• It is used when the name to be resolved belongs to the same site as the client.
• Here the resolver (DNS client) can supply the missing part, called the suffix, to create
an FQDN.
• For example, if a user at the fhda.edu. site wants to get the IP address of the challenger
computer, he or she can define the partial name challenger.
• The DNS client adds the suffix atc.fhda.edu. before passing the address to DNS server.
• The DNS client normally holds a list of suffixes.
• The NULL suffix defines nothing. This suffix is added when the user defines an FDQN.
• Figure below shows some FQDNs and PQDNs.
 DNS IN INTERNET
In the internet, the domain name space (tree) is divided into three different sections:
1. Generic Domains
2. Country Domains
3. Inverse Domain

Note: Here arpa, org, com, in … all these are called as top-level domains.
1.GENERIC DOMAINS:

• The generic domains define registered hosts according to their generic behavior.
• The first level in the generic domains section allows 14 possible labels.

2.COUNTRY DOMAIN:

• The country domains section uses two-character country abbreviations (e.g. in for
India, us for United States).
• The address www.amazon.in can translated to organization in India.
3.INVERSE DOMAIN:

• The inverse domain is used to map an IP address to name.

• This may happen, for example, when a server has receiver a request from a client to do
a task.
• Although the server has a file that contains a list of authorized clients, only the IP
address of the client (extracted from the received IP packet) is listed.
• The server asks its resolver to send a query to DNS server to map an address to name
to determine if the client is on the authorized list.
• This type of query is called an inverse or pointer (PTR) query.
• To handle a pointer query, we have only one top level (first level) domain known as
arpa.
• It was the first domain in DNS. Originally it was called Advance Research Project
Agency but now it is called Address and Routing Parameter Area.
• At second level two domains are used for inverse mapping i.e. in-addr (for inverse
address) and ip6.
• in-addr is used for IPV4 and ip6 is used for IPV6.

DISTRIBUTION OF NAME-SPACE
• It means that how this huge amount of information is distributed over servers.
• Part of tree managed by server is called its zone and it is always contiguous part of
tree.
• We have not stored this entire information at one place to avoid single point of failure
and responding request from all over the world places heavy a load on system.
TYPES OF SERVERS:
1. Non-Authoritative
2. Authoritative
NON-AUTHORITATIVE:

• It has no DNS database i.e. it has no entry for IP address and name for any organization.
• It is known as cache only servers because to service any query they use their cache or
ask other servers about the same query or refer the DNS client to some other server.
• Example is root server and it is type of server whose zone is entire DNS tree. Actually,
it does not store any information about domain but is store the IP addresses of different
servers whose zone is top level domain. There are several root servers in the internet
and all stores same redundant information.
AUTHORITATIVE:

• It has DNS database and it is of two types: Primary & Secondary.

1)PRIMARY:

• It stores file for a zone for which it is responsible.

• It is responsible for generating maintaining and updating this zone file.
2)SECONDARY:

• It transfers the complete information about zone from any other server (primary or
secondary) and store the file on its disk.
• It neither creates nor update the zone file.
• If updation is required then it can be done only by primary server and it sent the updated
file to all the secondary servers.
• Also note that we can have only one primary server for a zone and many secondary
servers for the same zone.
• When the secondary downloads information from the primary, it is called zone transfer
and it is done by TCP.

WORKING OF DNS
• When we type URL in address bar of web browser like www.google.com it is partially
qualified domain name (as it does not end with a dot).
• It passes this address to a program called resolver (DNS client) and it first convert it
into FQDN that is www.google.com.
• Now it will first check in DNS cache that is temporary memory or buffer for the
mapping. If entry is present then corresponding IP address is given to web browser.
Entry is present if recently web browser has opened that page. This entry is timed out
after some time.
• If entry is absent then this resolver will send this query to local DNS server (address of
the server is present in TCP/IP setting and is updated by DHCP server when machine
is connected to the internet).
• Now this server will first check in its cache if mapping is present then it sends
corresponding address to resolver and resolver will sends to web browser.
• But if entry is not present then it will send this query to root server.
• Root server has IP addresses of all top-level domain servers only so it does not have IP
address of www.google.com.
• So, it will send IP address of server whose domain is .com that is partially solve the
query.
• Now local DNS will send this query to .com server and it will send IP address of DNS
server of google organization because .com server don’t store IP addresses of hosts of
Google organization.
• Now again local DNS server send query to this Google DNS server which IP address
of www, mail, plus etc. hosts of Google and it will send IP address of www.google.com
now it fully solved.
• Now query is resolved and local DNS server send reply to resolver and this resolver
replies to web browser.
 DNS QUERY
We have 3 types DNS queries:
1.REVERSE LOOKUP QUERY:

• It is used for reverse process i.e. IP to domain name.

2.RECURSIVE QUERY:

• When client do this query then server has to give definitive answer that is if name exists
then give IP address otherwise error message must be given.
• DNS server can’t refer client to any other DNS server.
• Generally recursive queries are sent by end device to local DNS server.
3.ITERATIVE QUERY:

• DNS client allows the DNS server to return best answer it may be definitive or not.
• So now DNS server can send IP address of another DNS server also and client request
the same query to it.
• This process is called walking the tree.
DNS ANSWER TYPES
There are 4 types of answer given by DNS server to DNS clients.
1.Negative Answer: It is the error message given by server if name does not exist.
2.Authoritative: If server gives definitive answer after searching from its own database.
3.Non-Authoritative: Reply to query is given by not searching its own database.
4. Referral Answer: Answer which gives IP address of other DNS servers.

REGISTRARS
• How can new domains are added to DNS? This is done through a registrar, a
commercial organization accredited by ICANN.
• A registrar first verifies that the requested domain name is unique and then enters it into
the DNS database and a fee is charged.
• To registrar, the organization needs to give the name of its server and the IP address of
the server.
• Example: GoDaddy.
DYNAMIC DOMAIN NAME SYSTEM (DDNS)
• When the DNS was designed, no one predicted that there would be so many address
changes.
• In DNS, when there is a change, such as adding a new host, removing a host, or
changing an IP address, the change must be made to the DNS master file.
• These types of changes involve a lot of manual updating.
• The size of today’s internet does not allows for this kind of manual operation.
• The DNS master file must be updated automatically.
• The Dynamis Domain Name System (DDNS) therefore was divided to respond to this
need.
SMTP COMMANDS
 FILE TRANSFER PROTOCOL
• FTP or File Transfer Protocol is said to be one of the earliest and also the most common
forms of transferring files on the internet.
• Located in the application layer of the OSI model, FTP is a basic system that helps in
transferring files between a client and a server.
• It is what makes the FTP unique that the system provides a reliable and efficient means
of transferring files from one system to another even if they have different file structures
and operating systems.
• Contrary to other protocols such as http that cover hypertexts and web resources in
general, ftp is dedicated to the management and the transfer of text, binary, or image
files.
• FTP is a standard communication protocol.
• There are various other protocols like HTTP which are used to transfer files between
computers, but they lack clarity and focus as compared to FTP.
• Moreover, the systems involved in connection are heterogeneous, i.e. they differ in
operating systems, directories, structures, character sets, etc. the FTP shields the user
from these differences and transfers data efficiently and reliably.
• FTP can transfer ASCII, EBCDIC, or image files. The ASCII is the default file share
format, in this, each character is encoded by NVT ASCII.
• In ASCII or EBCDIC the destination must be ready to accept files in this mode. The
image file format is the default format for transforming binary files.

TYPES OF FTP:
There are different ways through which a server and a client do a file transfer using FTP. Some
of them are mentioned below:
• Anonymous FTP: Anonymous FTP is enabled on some sites whose files are available
for public access. A user can access these files without having any username or
password. Instead, the username is set to anonymous, and the password is to the guest
by default. Here, user access is very limited. For example, the user can be allowed to
copy the files but not to navigate through directories.
• Password Protected FTP: This type of FTP is similar to the previous one, but the
change in it is the use of username and password.
 • FTP Secure (FTPS): It is also called as FTP Secure Sockets Layer (FTP SSL). It is a
more secure version of FTP data transfer. Whenever FTP connection is established,
Transport Layer Security (TLS) is enabled.
• FTP over Explicit SSL/TLS (FTPES): FTPES helps by upgrading FTP Connection
from port 21 to an encrypted connection.
• Secure FTP (SFTP): SFTP is not an FTP Protocol, but it is a subset of Secure Shell
Protocol, as it works on port 22.
USES OF FTP:
• Transferring Large Files: FTP can transfer large files in one shot; thus, applicable
when hosting websites, backing up servers, or sharing files in large quantities.
• Remote File Management: Files on a remote server can be uploaded, downloaded,
deleted, renamed, and copied according to the users’ choices.
• Automating File Transfers: FTP is a great protocol for the execution of file transfers
on predefined scripts and employments.
• Accessing Public Files: Anonymous FTP means that everybody irrespective of the
identity is allowed to download some files with no permissions needed.
HOW TO USE FTP:
• Connect to the FTP Server: One can connect to the server using the address,
username and password through an FTP client or a command line interface.
Anonymous Information may not need a username and password.
• Navigate Directories: Some commands include ls that is used to list directories and
cd that is used to change directories.
• Transfer Files: File transfer may be done by using the commands such as get for
downloading files, and put for uploading files.
• Manage Files: Make operations like deletion (Delete), renaming (Rename) as well as
copying (Copy) of files.
• Close the Connection: Once file transfer has been accomplished, terminate the
connection by giving the bye or quit command.
HOW FTP WORKS:
FTP is a client server protocol that has two communication channel, command channel for
conversation control and data channel for file content.
• A user has to log in to FTP Server first, there may be some servers where you can
access to content without login, known as anonymous FTP.
• Client can start a conversation with server, upon requesting to download a file.
• The user can start different functions like upload, delete, rename, copy files, etc.
on server.
TYPES OF CONNECTIONS IN FTP:
• Control Connection
• Data Connection
CONTROL CONNECTION:
• For sending control information like user identification, password, commands to
change the remote directory, commands to retrieve and store files, etc., FTP makes use
of a control connection.
• The control connection is initiated on port number 21.
DATA CONNECTION:
• For sending the actual file, FTP makes use of a data connection. A data connection is
initiated on port number 20.
• FTP sends the control information out-of-band as it uses a separate control connection.
• Some protocols send their request and response header lines and the data in the same
TCP connection.
• For this reason, they are said to send their control information in-band. HTTP
and SMTP are such examples.
Table 19.5 File transfer commands
 HYPER TEXT TRANSFER PROTOCOL
• Hyper text means clickable text in a webpage.
• HTTP is used to access webpage from web server.
• It is mainly used to access data on www (world wide web).

• HTTP is based on client-server model and uses TCP as transport layer protocol with
port number = 80.
• HTTP doesn’t have flow and error control mechanism so it depends on TCP for that.
• HTTP is “in-band” protocol i.e. there is no separate connection is made for commands
(from only one connection for both commands and data transferred).
• HTTP is “state-less” protocol i.e. it treats each request as an independent transaction
which is unrelated to any previous request so here communication consists of
independent pair of request and response.
• Server doesn’t maintain any info about clients i.e. when did clients were logged-in last
time, which pages they have visited etc. (millions of users may visit website so
maintaining information needs lots of memory).
• Problem: If server doesn’t maintain any information about client, then how it will
display data according to client’s interest.
• Solution: Server creates a special text file called “cookie” and drop it on client’s
computer. So, whenever client visit the same server then it shows the same cookie and
hence server shows the content related to you.
COOKIE:
• Cookie is small text file (not piece of code).
• It has certain life span and after that it is deleted automatically.
• It stores information about content viewed by client on website.
VERSIONS OF HTTP:
HTTP 1.0 (Non-Persistent Connection):
• Non-persistent connections are used i.e. if webpage has 4 objects, then to download
each object a separate TCP connection is opened and after downloading it is closed.
• Hence, if webpage has ‘n’ images the ‘(n+1)’ connections are established (1 for
webpage and ‘n’ for images).
• Simply remember, for each object 1 connection is required.
• These connections are established parallelly hence between same client and server, we
can have multiple connections.
• It is slow but load on server is less.
HTTP 1.1 (Persistent Connection):
• Persistent connection is used i.e. only one connection is established between client and
server which will fetch all the data.
• It is fast but load on server is high.

Client Site:
When a user clicks on a hyperlink, the browser carries out a series of steps in order to fetch the
page. Suppose that a user is browsing a web that points to ITU’s home page, which is
http://www.itu.org/home/index.html. Let us trace the steps that occurs when this link is
opened.
1. The browser determines the URL (by seeing what was selected).
2. The browser asks DNS for the IP address of www.itu.org.
3. DNS replies with 156.106.192.32.
4. The browser makes a TCP connection to port 80 on 156.106.192.32.
5. It then sends a request asking for file /home/index.html.
6. The www.itu.org server sends the file /home/index.html.
7. The TCP connection is released.
8. The browser displays all the text in /home/index.html.
9. The browser fetches and displays all images in this file.
Summary: Identify URL → DNS Query → TCP Connection → Webpage → Display.

Server Site:
1. Accept a TCP connection from a client (a browser).
2. Get the name of the file requested.
3. Get the file (from disk).
4. Return the file to the client.
5. Release the TCP connection.
 Properties of Application Layer Protocols

DNS HTTP SMTP POP FTP IMAP

Stateful/
Stateless Stateless Stateful Stateful Stateful Stateful
Stateless

Connectionless/
Connection- Connection- Connection Connection Connection Connection
Connection less less Oriented Oriented Oriented Oriented
Oriented

Transport
UDP/ TCP TCP TCP TCP TCP TCP
Protocol Used

HTTP 1.0 Control-

is Non- Connection
is Persistent
Persistent
Persistent/ Non- and
and Persistent Persistent Persistent
Non-Persistent Persistent Data-
HTTP 1.1 Connection
is is Non-
Persistent Persistent

20 for Data-
Connection
and
Port Number 53 80 25 110 21 for
143
Control-
Connection

In-Band/ Out- Out-of-

In-band In-band In-band In-band In-band
Band band
Port Numbers of Application Layer Protocols