csit 220 (blum)1 passive ftp. csit 220 (blum)2 passive ftp passive ftp is a more secure form of data...
TRANSCRIPT
CSIT 220 (Blum) 1
Passive FTP
CSIT 220 (Blum) 2
Passive FTP
• Passive FTP is a more secure form of data transfer in which the flow of data is set up and initiated by the File Transfer Program (FTP) client rather than by the FTP server program.
• FTP client programs sometimes allow the user to select passive FTP.
• Most Web browsers (which act as FTP clients) use passive FTP by default.
CSIT 220 (Blum) 3
Passive FTP
CSIT 220 (Blum) 4
Passive FTP
• Recall FTP consists of two connections, in normal FTP the client initiates the control connection, but the server establishes the data connection.
• Some networks have firewalls that only allows connections that were initiated from within, this would rule out the data connection of a normal FTP session.
CSIT 220 (Blum) 5
“Normal” vs Passive FTP
• Normal: Client initiates control and gives a port number to server which then initiates data connection.
• Passive: Client initiates control and asks server to return over the control connection which port it intends to use (for data), then the client initiates a data connection using the port number supplied by the server.
CSIT 220 (Blum) 6
TFTP
• Trivial File Transfer Protocol, a simple version of FTP, but TFTP uses the User Datagram Protocol (UDP) instead of TCP. – It is simpler, faster, requires less code. – But is less capable and less secure.
• It is used where user authentication and directory visibility are not required.
• It is often used by servers to boot diskless workstations, X-terminals, and routers. – Diskless workstations need operating systems too.
CSIT 220 (Blum) 7
Domain Name System
Based on Computer Networks and Internets, Comer
CSIT 220 (Blum) 8
IP Addresses
• Delivery at the Internet Layer of the TCP/IP is based on an IP address.
• In IP(v4) it is a 32-bit number – E.g. 10001011010101000000101011111010
• To make an IP address somewhat more comprehensible, one can use the dotted decimal notation in which the IP is expressed as 4 decimal numbers between 0 and 255 separated by periods. – E.g. 139.84.10.250
CSIT 220 (Blum) 9
Domain names• In order to make network communication more
user friendly, we use domain names in place of IP addresses. (The details necessary for the Internet Layer can be hidden from the user.)
• The domain name is a symbolic string of characters that is easier to remember than an IP address. – E.g. alpha.lasalle.edu instead of 139.84.10.250– If we used 8 bits to represent each character in
alpha.lasalle.edu its would require 136 = 17*8, even more than IP(v6)
• This scheme is known as the Domain Name System (DNS).
CSIT 220 (Blum) 10
URL• The domain name is familiar to you as part of the
URL. • A Uniform Resource Locator is a file’s address on
the Internet. • In addition to the domain name, a URL has an
indication of the protocol being used (http, ftp, etc.) as well as the location (directory) and name of the file and perhaps an anchor indicating a specific part of the file.
• http://www.lasalle.edu/lsu-site/it/notes.htm#attach
CSIT 220 (Blum) 11
URL (Cont.)
• The HTTP server can be set up to access a default file or a default directory if none is indicated.– http://www.lasalle.edu
• Most URLs use the default port, another part of the URL is the port number. – http://www.lasalle.edu:1234/it/fake.htm#attach – Sometimes used to test sights before making them
available to the public
CSIT 220 (Blum) 12
Domain names are used in other services such as telnet
CSIT 220 (Blum) 13
Resolution/Translation• The domain name must be translated (a.k.a.
resolved) into the equivalent IP address before it is used.
• The basic mechanism is a lookup table, but because of the vastness of the Internet, the data is “distributed.” – “Distributed" is when programming and/or data are
spread out over more than one computer.• Finally the resolved IP address (binary form, of
course) is added to the IP datagram at the Network (Internet) Layer.
CSIT 220 (Blum) 14
CSIT 220 (Blum) 15
Domain Name Server
• The name resolution database is distributed over a large set of computers located at different sites across the Internet.
• If a host needs an address resolved, it becomes a client of a “domain name server” or DNS server.
• The client sends a request with a domain name to the domain name server which responds with the corresponding IP address.
CSIT 220 (Blum) 16
RFC 1034
CSIT 220 (Blum) 17
Client Server
Client DNS Serverrequest
alpha.lasalle.edu
Clientreply
139.84.10.250DNS Server
CSIT 220 (Blum) 18
Server Hierarchy
• If the first DNS server does not have a listing for the domain name, it the sends a request to the next DNS server, and so on, until the name is resolved. The first DNS server becomes a client to the second.
Client DNS Server/ Client
DNS Server
CSIT 220 (Blum) 19
Naming Hierarchy• Having the database distributed makes it easier to
update. A given network administrator will be in charge of the name database for his or her network.
• A central database would take autonomy away from the local administrator and complicate changes that would have to be sent to a central authority.
• On the other hand, some aspect of the scheme must be centralized to enable address resolution beyond the local network.
• ICANN (Internet Corporation for Assigned Names and Numbers) is the top-level authority.
CSIT 220 (Blum) 20
Naming Structure
• Domain names are hierarchical with the “most significant” or “top-level” part on the right.– There are a fixed number of these top level domains
(TLDs)• The left-most (“least significant”) segment of the
name identifies an individual computer.• The intermediate segments in the name identify the
group that owns the name.• ICANN does not specify the number of segments in
a name, that is left for the organization using the name.
CSIT 220 (Blum) 21
TLDs
• ICANN is in charge of the TLDs (top-level domains).
• The TLDs indicate the type of group the name corresponds to – .com for business – .edu for school
• A couple years ago ICANN accepted a new set of TLDs.
CSIT 220 (Blum) 22
Old set of TLDs
CSIT 220 (Blum) 23
Country Codes
CSIT 220 (Blum) 24
ICANN website
CSIT 220 (Blum) 25
Newer TLD’s
CSIT 220 (Blum) 26
Newer TLD’s (Cont.)
CSIT 220 (Blum) 27
DNS Names
• Organizations apply for a name under one of the TLDs.
• ICANN or one of their approved brokers will approve the request and assign the IP address that is associated with the name. The suffix used for the name must be unique within the TLD.– www.lasalle.edu
– www.lasalle.com
CSIT 220 (Blum) 28
Location + Organization
• DNS allows organizations to use a geographic registration.
• Some countries have adopted a combination of geographic and organizational domain names, such as ac.uk, where – ac is academic – uk is United Kingdom
CSIT 220 (Blum) 29
Organizational Domain Names
• After a name is assigned to a group, they can decide to add other hierarchical structure to the naming.
• They may add a– computer.division.location.name.domain depending on
how far they wish to extend the naming hierarchy.– Location is usually for several areas in the same group.– Division is usually for several divisions within the same
area.– Computer is for a specific computer or server in a
division within an area. • Any of these parts may be eliminated.
CSIT 220 (Blum) 30
Name hierarchy
Top level domain
Name assigned to group
Additional hierarchy
CSIT 220 (Blum) 31
DNS Client-Server Model• DNS allows each organization to assign names to
computers or to change those names without informing the central authority.
• The organization controls all names with a particular suffix.
• Most organizations have an Internet connection which runs a DNS. The server contains information about links to other domain name servers.
• If an organization does not have a DNS server, it uses a service provided by its ISP.
CSIT 220 (Blum) 32
Name Translation• To translate a name to an IP address, the application
sends a request to the local DNS server.• If the local DNS cannot supply the IP address, it
sends a request to another server until the request is successfully processed.
• DNS servers are arranged in a hierarchy similar to the name authority. A root server occupies the top of the hierarchy and is the authority for the top-level domain.
• The root server contains information to reach the other name servers.
CSIT 220 (Blum) 33
DNS Server Hierarchy
• Although the naming hierarchy helps to develop the connections between the DNS servers, the structure of each server is different.
• The structure depends on the format used by the organization responsible for maintaining the name.
• The organization may run one server or several servers depending on the organization level in the hierarchy.
CSIT 220 (Blum) 34
DNS Server Hierarchy
• De-centralizing the name database by using several DNS servers allows the organizations responsible for generating the names to easily administer the database.
• Multiple servers allow quicker name resolution.• Centralized DNS databases may not be able to
handle all the requests or database maintenance.
CSIT 220 (Blum) 35
Root system server
• Each TLD has a server at the top of the hierarchy. It is known as the root system server.
• On a daily basis, this list is replicated to 12 other geographically dispersed file servers that are maintained by an assortment of agencies. The Internet routing system uses the nearest root server list to update routing tables.
CSIT 220 (Blum) 36
Multiple Servers
• An organization can have one or several DNS servers.
• The motivation for having multiple DNS servers is similar to that for having multiple segments (connected by bridges) or subnetworks connected by routers, it divides the traffic into local and non-local. (It balances the load.)
• The DNS servers must be organized in a tree-like structure, each responsible for a “zone.”
CSIT 220 (Blum) 37
CSIT 220 (Blum) 38
Server Links• A single name server is responsible for a zone , i.e.
all computers in a given suffix.• Servers in the domain name system are linked
together, making it possible to find the correct server by following the links.
• Each server is configured to know the locations of servers that branch off from it (lower in the hierarchy).
• Each server is configured to know the location of the server it branches off from (higher in the hierarchy).
CSIT 220 (Blum) 39
Name Resolution• Translation of a symbolic name to the IP
address is called resolution.
• If a server cannot answer a translation request directly, it sends the request to the root-server for the name. The root-server directs the request to the correct name server.– The eventual response is a translation or an
indication that the address cannot be translated.
CSIT 220 (Blum) 40
Optimizing DNS Performance• Replication
– Each root server is duplicated. There are many copies around the world. When a request is made, the server will receive the response from whichever root server is most responsive at a given time. Usually the closest geographical server is best.
• Caching– Each server maintains a cache of names. The server places a
copy of the binding in its cache. Before contracting another server to request a binding, it checks the cache. If the binding exists in the cache, the server uses the cached answer to generate a reply.
– Hosts also cache.
CSIT 220 (Blum) 41
Replication
• There is probably a DNS server within close geographic proximity to your access provider that maps the domain names in your Internet requests or forwards them to other servers in the Internet.
• Replication leads to a distinction between primary, secondary and master DNS servers.
CSIT 220 (Blum) 42
Primary, secondary and master• Primary name server: server gets information for a zone
from a local file • Secondary name server: receives its information from
other servers (have copy of database but cannot update it)– Transferring information is known as “zone transfer” – Replication provides fault tolerance– Replication can prevent frequent transfer of information over
slow connection– Replication can provide load balancing
• Master zone: where the secondary zone gets its info (not necessarily primary)
CSIT 220 (Blum) 43
DNS Entry Types
• There are different types of queries and different table listings.
• It is possible to find a resolution (domain name/IP pair) for one type of query but not for another.
• Using the same name for different types may inhibit some applications from working with a specific type. An email type name will not respond to ping or tracert message.
CSIT 220 (Blum) 44
DNS Entry Types• Type A
– address type– Most common binding used for FTP, ping or WWW
• MX (Mail eXchanger)– computer name found in the email address
• Aliases-CNAME– symbolic links in a file — the entry provides an alias for
another DNS entry.– Convenient because it permits organizations to change a
computer that is used for a particular service without changing the name or address. You only need to change the server CNAME record.
CSIT 220 (Blum) 45
Same host/Different names
CSIT 220 (Blum) 46
Multiple DNS Types and Names
• Allows a manager to use a single name for multiple purposes.
• The type system that the DNS uses can produce unexpected results because some applications are able to work with multiple types.
• Resolvers are programmed to handle abbreviated addresses by trying a set of suffixes. Abbreviations allowed on one system may not work on another.
CSIT 220 (Blum) 47
Local shortened version
Our DNS server is programmed to try adding .lasalle.edu to a domain
CSIT 220 (Blum) 48
Reverse DNS lookup
• Reverse DNS lookup is using an Internet IP address to find a domain name.
• You may see a URL in which the domain name part is expressed as an IP address (in dotted decimal notation) and want to know to its domain name.
• An Internet facility that lets you do either forward or reverse DNS lookup yourself is called nslookup.
CSIT 220 (Blum) 49
nslookup
• nslookup is the name of a program that lets one enter a host name and find out the corresponding IP address.
• nslookup will also let one enter an IP address and find out the corresponding domain name
• nslookup sends a domain name query packet to a DNS server.
CSIT 220 (Blum) 50
nslookup
ping also works
CSIT 220 (Blum) 51
Reverse DNS lookup
CSIT 220 (Blum) 52
Dynamic DNS
• You can have a changing (dynamic) IP address but a static domain name. In such a case you would need a “dynamic DNS service”
• When a user registers with a DNS service and connects to the Internet with a dynamic IP address, the user's computer contacts the DNS service and lets them know what dynamic IP address it has been assigned from the pool; the service works with the DNS server to forward the correct address to the requesting computer.
CSIT 220 (Blum) 53
ipconfig
CSIT 220 (Blum) 54
DNS
CSIT 220 (Blum) 55
DNS
CSIT 220 (Blum) 56
DNS
CSIT 220 (Blum) 57
DNS
CSIT 220 (Blum) 58
DNS
CSIT 220 (Blum) 59
Other References
• http://www.webopedia.com
• http://www.whatis.com
• MCSE TCP/IP for Dummies, Brandon