slides20 Flashcards
TLD arpa
if you want to do the reverse lookup
DNS is capable of doing:
- A address: name to IP address
- PTR pointer: IP address to name (IPv6 uses the ip6.arpa branch)
- AAAA address: name to IPv6 address
- SOA start of authority: name to responsible name server
- MX mail server: name to a mail server for that domain. bath.ac.uk has mail server 138.38.32.14
how can you have a Web server spread about anywhere in the world
by using the DNS feature that One name can have several IP addresses associated
IPv6 gethostbyname()
The gethostbyname() function returns a structure of type hostent for the given host name. Here name is either a hostname, or an IPv4 address in standard dot notation (as for inet_addr(3)), or an IPv6 address in colon (and possibly dot) notation.
dns requests are usually udp, but what if the datagrm size exceeds the limit
if the reply is more than 512 bytes, the server sends a reply with a “truncated” flag set, and the client resends the request but using TCP
what is a security threat by DNS
no authentication
solution:
A solution exists in Secure DNS (DNSSec), which uses cryptography to authenticate DNS lookups
there is also DNS over HTTPS
ISP wanting you to use their DNS
You might get faster service.
You might get more reliable service.
You can watch content that’s blocked in your region. Or trick censors.
(similar to vpn but no encryption)
CNAME
If you want to change the host names in the assigned subnet they must be notified to the authority for that Class C address. Generally, this is unacceptable since such requests may encounter indifference, cost or questions. It is most desirable that responsibility for reverse mapping be delegated when the IP address subnet is assigned though this does require support and co-operation with the currently delegated reverse map authority (ISP or other organization).
The technique defined in RFC 2317 provides for such delegation to take place using CNAME Resource Records (rather than the more normal PTR Resource Records) in an expanded IN-ADDR.ARPA name space.
A Canonical Name record (abbreviated as CNAME record) is a type of resource record in the Domain Name System (DNS) which maps one domain name to another, referred to as the Canonical Name.
This can prove convenient when running multiple services (like an FTP server and a webserver; each running on different ports) from a single IP address. One can, for example, point ftp.example.com and www.example.com to the DNS entry for example.com, which in turn has an A record which points to the IP address. Then, if the IP address ever changes, one only has to record the change in one place within the network: in the DNS A record for example.com.
DNS over SMS
Sometimes you are on the go but just need a DNS answer, stat. Luckily, 1.1.1.1 supports DNS over SMS.
Send a text message to +1(833)672-1001 or +44(0)1807391001. You can send a domain name, which will return the AAAA answer by default.
Example SMS:
example.com
Response:
2606: 2800:220:1:248:1893:25c8:1946
1. 1.1.1 is a partnership between Cloudflare and APNIC.
what are the most important protocols of the transport layer
TCP and UDP
what’s the use of ports
many services serverside to differentiate between
many apps on client to receive the right thing in the right place
where is the port in the data you send
in UDP and TCP connections
can you use the same port in UDP and TCP to address different things
yes (double the number of ports), because the OS labels the port with the type of connection, so a UDP port 80 and a TCP port 80 are regarded, say, as U80 and T80, i.e. different things
ephemeral ports
Source ports are usually chosen afresh “at random” (usually: just increment by 1 for each time) for each new connection and are called ephemeral ports as they only live for the duration of the connection
what do you need to define a connection
source address
source port
destination address
destination port
