Application Layer
2024-02-02
/etc/hosts
DNS replaced the local domain name tables in the config file /etc/hosts
, which until then had been used for managing the domain names/IP addresses mappings. This file can still be used to override results retrieved by the DNS.
The domain namespace consists of a tree of domain names
A complete domain name consists of the concatenation of all labels of a path
The last period is usually omitted, but from a formal perspective, a complete domain name – Fully Qualified Domain-Name (FQDN) ends with a period
Examples for a complete domain name are www.riot-os.org.
and teaching.dahahm.de.
Domain Name Label Rules
-
) are allowedhttp://www.root-servers.org (January 2024)
A
to M
) publish the DNS root zone
letter.root-servers.net
Name | IPv4 address | IPv6 address | Sites | Operator |
---|---|---|---|---|
A |
198.41.0.4 | 2001:503:ba3e::2:30 | 59 | Verisign, Inc. |
B |
170.247.170.2 | 2801:1b8:10::b | 6 | Information Sciences Institute |
C |
192.33.4.12 | 2001:500:2::c | 12 | Cogent Communications |
D |
199.7.91.13 | 2001:500:2d::d | 209 | University of Maryland |
E |
192.203.230.10 | 2001:500:a8::e | 328 | NASA Ames Research Center |
F |
192.5.5.241 | 2001:500:2f::f | 346 | Internet Systems Consortium (ISC), Inc. |
G |
192.112.36.4 | 2001:500:12::d0d | 6 | Defense Information Systems Agency |
H |
198.97.190.53 | 2001:500:1::53 | 12 | U.S. Army Research Lab |
I |
192.36.148.17 | 2001:7fe::53 | 81 | Netnod |
J |
192.58.128.30 | 2001:503:c27::2:30 | 154 | Verisign, Inc. |
K |
193.0.14.129 | 2001:7fd::1 | 115 | RIPE NCC |
L |
199.7.83.42 | 2001:500:9f::42 | 195 | ICANN |
M |
202.12.27.33 | 2001:dc3::35 | 16 | WIDE Project |
<Name, Value, Type, Class, TTL>
Type | Description | ||||
---|---|---|---|---|---|
NS |
Specifies the name server which is responsible for the zone | ||||
A |
Specifies the IPv4 address of a host | ||||
AAAA |
Specifies the IPv6 address of a host | ||||
SOA |
Contains information for the management of the zone, such as the | ||||
name and email address of the administrator | |||||
CNAME |
Specifies an alias (canonical) name for a specific host | ||||
MX |
Assigns the responsible mail server to a name.1 | ||||
PTR |
Provides the domain name associated with an IP address (for DNS reverse lookups). |
www.frankfurt-university.de.
is resolved with the command line tool dig
dig +trace +additional -t A www.frankfurt-university.de.
-t A
\(\Longrightarrow\) request the A
resource record (the IPv4 address)+trace
\(\Longrightarrow\) print the individual replies on the path through the name server hierarchy+additional
\(\Longrightarrow\) name servers sometimes store for delegations not only the NS
resource records, but also their IP addresses in form of A
or AAAA
RRs. Print them, if they are deliveredThe output of dig
on the following slides contains several DNSSEC Resource Records (RR). DNSSEC provides authenticity and integrity of DNS data
RRSIG
= Signature Resource Record = Digital signature of a DNS Resource Record SetNSEC3
= Hashed next secure entry within the zone (chain-of-trust)DS
= Delegation Signer = Used to concatenate DNSSEC-signed zones. This way, several DNS zones are combined into a chain-of-trust and can be validated with a single public key$ dig +trace +additional -t A www.frankfurt-university.de.
; <<>> DiG 9.16.23 <<>> +trace +additional -t A www.frankfurt-university.de.
;; global options: +cmd
. 499597 IN NS a.root-servers.net.
. 499597 IN NS c.root-servers.net.
. 499597 IN NS j.root-servers.net.
. 499597 IN NS g.root-servers.net.
. 499597 IN NS b.root-servers.net.
. 499597 IN NS f.root-servers.net.
. 499597 IN NS m.root-servers.net.
. 499597 IN NS k.root-servers.net.
. 499597 IN NS i.root-servers.net.
. 499597 IN NS h.root-servers.net.
. 499597 IN NS l.root-servers.net.
. 499597 IN NS d.root-servers.net.
. 499597 IN NS e.root-servers.net.
. 503019 IN RRSIG NS 8 0 518400 20220202050000 20220120...
...
;; Received 1125 bytes from 10.2.0.1#53(10.2.0.1) in 3 ms
de. 172800 IN NS a.nic.de.
de. 172800 IN NS f.nic.de.
de. 172800 IN NS l.de.net.
de. 172800 IN NS n.de.net.
de. 172800 IN NS s.de.net.
de. 172800 IN NS z.nic.de.
de. 86400 IN DS 26755 8 2 F341357809A5954311CCB82ADE114C6C...
de. 86400 IN RRSIG DS 8 1 86400 20220202050000 2022012004...
a.nic.de. 172800 IN A 194.0.0.53
f.nic.de. 172800 IN A 81.91.164.5
l.de.net. 172800 IN A 77.67.63.105
n.de.net. 172800 IN A 194.146.107.6
s.de.net. 172800 IN A 195.243.137.26
z.nic.de. 172800 IN A 194.246.96.1
a.nic.de. 172800 IN AAAA 2001:678:2::53
f.nic.de. 172800 IN AAAA 2a02:568:0:2::53
l.de.net. 172800 IN AAAA 2001:668:1f:11::105
n.de.net. 172800 IN AAAA 2001:67c:1011:1::53
s.de.net. 172800 IN AAAA 2003:8:14::53
z.nic.de. 172800 IN AAAA 2a02:568:fe02::de
;; Received 761 bytes from 198.97.190.53#53(h.root-servers.net) in 123 ms
h.root-servers.net
was randomly chosen, to send it the request for www.frankfurt-university.de.
.de.
to choose fromfrankfurt-university.de. 86400 IN NS deneb.dfn.de.
frankfurt-university.de. 86400 IN NS medusa.fh-frankfurt.de.
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A TJLF... NS SOA RRSIG DNSKEY NSEC3PARAM
7blnr7smbefem25dg5q217hsnrlb5gg0.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A 7BLP... A RRSIG
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN RRSIG NSEC3 8 2 7200 20220203123110 2022...
7blnr7smbefem25dg5q217hsnrlb5gg0.de. 7200 IN RRSIG NSEC3 8 2 7200 20220203123110 2022...
medusa.fh-frankfurt.de. 86400 IN A 192.109.234.209
;; Received 629 bytes from 81.91.164.5#53(f.nic.de) in 13 ms
f.nic.de
has been randomly chosen, to send it the request for www.frankfurt-university.de.
.frankfurt-university.
to choose fromwww.frankfurt-university.de. 86400 IN A 192.109.234.218
frankfurt-university.de. 86400 IN NS medusa.fh-frankfurt.de.
frankfurt-university.de. 86400 IN NS deneb.dfn.de.
;; Received 162 bytes from 192.76.176.9#53(deneb.dfn.de) in 16 ms
deneb.dfn.de
has been randomly chosen, to send it the request for www.frankfurt-university.de.
The DNS protocol
telnet> open localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Debian GNU/Linux bookworm/sid
murdock login: user
Password:
Features
Request | Description |
---|---|
PUT |
Upload a new resource to the web server |
GET |
Request a resource from the web server |
POST |
Upload data to the web server in order to generate resources |
DELETE |
Erase a resource on the web server |
HEAD |
Request the header of a resource from the web server, but not the body |
TRACE |
Returns the request back, as the web server has received it. |
Helpful for troubleshooting purposes | |
OPTIONS |
Request the list of supported HTTP methods from the web server |
CONNECT |
Establish a SSL tunnel with a proxy |
HTTP is a stateless protocol. But via cookies in the header information, applications can be implemented which require state or session information because they assign user information or shopping carts to clients.
Status code | Meaning | Description |
---|---|---|
1xx |
Informational | Request received, continuing process |
2xx |
Success operation | Action received, understood, |
accepted, and processed successfully | ||
3xx |
Redirection | Additional action must be taken by |
the client to complete the request | ||
4xx |
Client error | Request of the client caused an |
error situation | ||
5xx |
Server error | Server failed to fulfill a valid request |
\(\Longrightarrow\) error was caused by server |
Status code | Meaning | Description |
---|---|---|
200 |
OK |
Request processed successfully. Result is transmitted in the response |
202 |
Accepted |
Request accepted, but will be executed at a later point in time |
204 |
No Content |
Request executed successfully. Response intentionally contains no data |
301 |
Moved Permanently |
The old address is no longer valid |
307 |
Temporary Redirect |
Resource moved. The old address remains valid |
400 |
Bad Request |
Request cannot be fulfilled due to bad syntax |
401 |
Unauthorized |
Request can not be executed without a valid authentication |
403 |
Forbidden |
Request is executed because of clients lack of privileges |
404 |
Not Found |
Server could not find the requested resource |
500 |
Internal Server Error |
Unexpected server error |
See also http.cat
http://example.teaching.dahahm.de/index.html
, the request for the resource /index.html
is transmitted to the computer with hostname example.teaching.dahahm.de
GET
request is transmitted via TCP to port 80, where the web server usually operatesGET /index.html HTTP/1.1
Host: example.teaching.dahahm.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
...
Virtual Hosts (vhosts)
One server handles typically more than one domain, i.e., the same web server application may deliver multiple web pages at the same IP address for different domain names.
The HTTP response of the web server consists of a message header and the message body with the actual message
index.html
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 28 Jan 2022 18:05:47 GMT
Content-Type: text/html
Content-Length: 274
Last-Modified: Fri, 28 Jan 2022 17:55:45 GMT
Connection: keep-alive
ETag: "61f42e21-112"
Accept-Ranges: bytes
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Example Page for teaching computer networks</title>
</head>
<body>
<p>Happy networking!</p>
</body>
</html>
HTTP/1.1
Encoding
The body may contain ASCII encoded plain text or text in different encodings and other content following the MIME (Multipurpose Internet Mail Extensions) specification. It is considered good practise to send text in ASCII only.
Many issues with email arose over time…
Source: https://artandlogic.com
Command | Function |
---|---|
HELO |
Start SMTP session and identify client |
MAIL FROM:<...> |
Enter email address of the sender |
RCPT TO:<...> |
Enter email address of the receiver |
DATA |
Enter Content of the email |
RSET |
Abort to enter an email |
NOOP |
No operation. Keeps the connection alive (avoids timeouts) |
QUIT |
Log out from the SMTP server |
Status code | Meaning | Description |
---|---|---|
2xx |
Success | Command executed successfully |
4xx |
Temporary failure | Executing the command may be successful in the future |
5xx |
Permanent failure | Command can not be executed |
MTA Software
Popular SMTP servers are among others Postfix, qmail, Exim, IBM Lotus Domino, or MS Exchange. The first important implementation was Sendmail.
$ nc sea-02.cit.frankfurt-university.de 25
220 sea-02.cit.frankfurt-university.de Fra-Uas Mail System
HELO applecore
250 sea-02.cit.frankfurt-university.de
MAIL FROM: <oliver.hahm@riot-os.org>
250 2.1.0 Ok
RCPT TO: <oliver.hahm@fb2.fra-uas.de>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: <oliver.hahm@riot-os.org>
To: <oliver.hahm@fb2.fra-uas.de>
Subject: Testmail
Date: Fri, 28 Jan 2022 16:02:05 +0100
Hello!
And goodbye.
.
250 2.0.0 Ok: queued as 02496DF41D_1F54EBDF
QUIT
221 2.0.0 Bye
With encryption (TLS):
openssl s_client -starttls smtp -connect <server>:587
With encryption (SSL): openssl s_client -connect <server>:465
Return-path: <oliver.hahm@riot-os.org>
Envelope-to: oliver.hahm@fb2.fra-uas.de
Delivery-date: Mon, 31 Jan 2022 13:17:36 +0100
Received: from smart-mail02.cit.frankfurt-university.de ([194.95.81.233])
by klopfer.dv.fh-frankfurt.de with esmtps
(envelope-from <oliver.hahm@riot-os.org>)
for oliver.hahm@fb2.fra-uas.de; Mon, 31 Jan 2022 13:17:36 +0100
Received: from sea-02.cit.frankfurt-university.de ([194.95.81.231])
by smart-mail02.cit.frankfurt-university.de with esmtps (TLS1.2) tls...
Received: from mail.stillroot.org (mail.stillroot.org [176.9.132.253]) ...
for <oliver.hahm@fb2.fra-uas.de>; Mon, 31 Jan 2022 12:17:34 +0000
(GMT) ...
X-Virus-Scanned: Debian amavisd-new at ba.stillroot.org ...
Received: from applecore.local.domain (unknown [194.95.83.45])
by mail.stillroot.org (Postfix) with ESMTPSA id 75FEB40363
for <oliver.hahm@fb2.fra-uas.de>; Mon, 31 Jan 2022 13:17:28 +0100
(CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=riot-os.org; ...
Date: Mon, 31 Jan 2022 13:07:12 +0100
From: Oliver Hahm <oliver.hahm@riot-os.org>
To: oliver.hahm@fb2.fra-uas.de
Subject: Testmail
Message-ID: <YffQ8JklzFLaCJN6@applecore.local.domain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/2.1.5 (31b18ae9) (2021-12-30)
Message Types
You should now be able to answer the following questions:
Computer Networks - Application Layer - WS 23/24