Chapter 5

Domain name system:

 Standard technology for managing public names of Web sites and other Internet
domains.
 DNS technology allows you to translate domain names automatically to Ip address on
the Internet. A key element of the DNS is a worldwide collection of DNS servers
 DNS server is any computer registered to join the Domain Name System.

Domain Name Systems (DNS) is mechanisms that assign easy to remember names to IP address.
Domain is a large group of computers on the Internet. Under this scheme each computer has an IP
address and a domain name. Domains have been made on the base of organization type or geographical
locations, e.g., the domain name google.com (where, com indicates that Google is a commercial
organization).

The Domain Name System (DNS) associates various information with domain names; most importantly,
it serves as the "phone book" for the Internet by translating human-readable computer hostnames,
e.g. www.ecomputernotes.com, into IP addresses, e.g. 208.77.188.166, which networking equipment
needs to deliver information.

It also stores other information such as the list of mail servers that accept email for a given domain. In
providing a worldwide keyword-based redirection service, the Domain Name System is an essential
component of contemporary Internet use.

DNS makes it possible to assign Internet names to organizations independent of the physical routing
hierarchy represented by the numerical IP address. Because of this, hyperlinks and Internet contact
information can remain the same, whatever the current IP routing arrangements may be, and can take a
human-readable form, which is easier to remember than the IP address 208.77.188.166.

The Domain Name System distributes the responsibility for assigning domain names and mapping them
to IP networks by allowing an authoritative name server for each domain to keep track of its own
changes, avoiding the need for a central register to be continually consulted and updated.

The Domain Name System consists of a hierarchical set of DNS servers. Each domain or sub domain has
one or more authoritative DNS servers that publish information about that domain and the name
servers of any domains "beneath" it. The hierarchy of authoritative DNS servers matches the hierarchy
of domains. At the top of the hierarchy stand the root name servers: the servers to query when looking
up a top-level domain name.

A domain name usually consists of two or more parts which is conventionally written separated by dots,
such as e computer notes. com. The rightmost label conveys the top-level domain for example, the
address www.ecomputernotes.com has the top-level domain com. Each label to the left specifies a sub

1
domain of the domain above it. For example: ecomputernotes.com comprises a sub domain of the com
domain, and www. Ecomputernotes.com comprises a sub domain of the domain ecomputernotes.com.

A hostname refers to a domain name that has one or more associated IP addresses; i.e.: the 'www.
ecomputernotes.com' and ' ecomputernotes.com' domains are both hostnames, however, the 'com'
domain is not.

DNS Root Servers:

DNS servers communicate with each other using private network protocols. All DNS servers are
organized in a hierarchy. At the top level of the hierarchy, so-called root servers store a complete
database of Internet domain names and their corresponding IP.

DNS IN THE INTERNET:

DNS is a protocol that can be used in different platforms. In the Internet, the domain name space (tree)
is divided into three different sections: generic domains, country domains, and the inverse domain.

Top-level domains

The top-level domains (TLDs) are the highest level of domain names of the Internet. They form the DNS
root zone of the hierarchical Domain Name System. Every domain name ends in a top-level or first-
level domain label.

2
 Generic domain: Registered hosts according to the generic behavior. Generic top-level
domains (gTLDs) are one of the categories of top-level domains (TLDs) maintained by
the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of
the Internet. A top-level domain is the last label of every fully qualified domain name. It allows
possible three character level. It is also called as Non-geographical domains. Some of the generic
domain is given below

domai
Intended use
n

com Mainly for commercial entities, but unrestricted

Originally for organizations not clearly falling

org
within the other gTLDs, now unrestricted

Originally for network infrastructures, now

net
unrestricted

Educational use, but now primarily for US third

edu
level colleges and universities

Governmental use, but now primarily for US

gov
governmental entities and agencies

mil Military use, but now primarily for US military onl

Country domain: it is also called as geographical based top level domains use two-letter country
designations. Examples of geographical domains or country domain are listed below:

AD = Andorra

AE = United Arab Emirates

AF = Afghanistan

AG = Antigua and Barbuda

AI = Anguilla

AL = Albania

3
AM = Armenia

ET= Ethiopia

IN= India

Inverse domain: The inverse domain finds a domain name for a given IP address. This is called address-
to-name resolution.

DNS Hierarchy:

How DNS works:

DNS networking is based on the client / server architecture. Your Web browser functions as a DNS client
(also called DNS resolver) and issues requests to your Internet provider's DNS servers when navigating
between Web sites.

When a DNS server receives a request not in its database, it temporarily transforms from a server to a
DNS client. The server automatically passes that request to another DNS server or up to the next higher
level in the DNS hierarchy as needed.

4
Eventually the request arrives at a server that has the matching name and IP address in its database (all
the way to the root level if necessary), and the response flows back through the chain of DNS servers to
your client

Configuring a DNS:

In the DNS service configuration, you can set up a DNS server to translate domain names with different
types of resource records, which are basic data elements in the Domain Name System. Packet Tracer
currently supports four different types of resource records: Address (A), Canonical
Name (CNAME), SOA (Start of Authority), and NS (Name Server). An Address (A) record is the most
common type of resource record where its core functionality is to map a hostname to an IPv4 address.

To add a resource record, enter the Name of the resource record, select Address for A Record, then
enter all required fields pertaining to the resource record and then click Add. To modify an existing
resource record, select the resource record from the list, edit the fields you want to change, and then
click Save when you are done. If you want to remove a resource record, just select the resource record
from the list and click Remove.

: Set the static IP Address for the DNS Server on the FastEthernet0 Interface.

5
Step 6: Set the static Gateway and DNS Address for the DHCP Server on the Global Settings.

Client Configuration

: On the 3 Client PC’s set the IP Configuration to DHCP on the FastEathernet0 Interface. The 3
PC’s should be able to obtain an IP Address from the DHCP Server.

6
: On the 3 Client PC’s perform ping command to both the DNS and DCHP Server using the
Command Prompt Interface on the Desktop Tab.

7
You can either ping the IP Address or the Server Names. A successful reply should be received
on all the 3 Client PC’s

WEB SERVER:

 A web server is a computer that runs websites. It's a computer program that distributes
web pages as they are requisitioned. The basic objective of the web server is to store,
process and deliver web pages to the users. This intercommunication is done using
Hypertext Transfer Protocol (HTTP). These web pages are mostly static content that
includes HTML documents, images, style sheets, test etc. Apart from HTTP, a web server
also supports SMTP (Simple Mail transfer Protocol) and FTP (File Transfer Protocol)
protocol for emailing and for file transfer and storage.
 The main job of a web server is to display the website content. If a web server is not
exposed to the public and is used internally, then it is called Intranet Server. When
anyone requests for a website by adding the URL or web address on a web browser's
(like Chrome or Firefox) address bar (like www.economictimes.com), the browser sends
a request to the Internet for viewing the corresponding web page for that address. A
Domain Name Server (DNS) converts this URL to an IP Address.

8
  The Web Server is requested to present the content website to the user's browser. All
websites on the Internet have a unique identifier in terms of an IP address. This Internet
Protocol address is used to communicate between different servers across the Internet.
These days, Apache server is the most common web server available in the market.
Apache is open source software that handles almost 70 percent of all websites available
today. Most of the web-based applications use Apache as their default Web Server
environment. Another web server that is generally available is Internet Information
Service (IIS). IIS is owned by Microsoft.

 The basic objective of the web server is to store, process and deliver WebPages to the
user. This intercommunication is done by using hypertext transfer protocol.

 These WebPages are mostly static context that include HTML,Document, images and
style sheet.

 HTTP and TCP/IP are two main protocol used with web server.

 The most frequently method used in http is GET which request file from the web server.

• A wide variety of Web servers are available, many of which you can download for free.
• Some popular Web servers include the following:
– Apache Web Server
– Microsoft Internet Information Services (IIS)
– Border Manager
– Netscape Enterprise Server (NES)

Access control:

• Based on the user’s IP address or user ID, access control allows the Web server to limit to which
files a user can read or write. User Ids are associated with passwords to verify a user’s identity.

• Another method of access control is changing the port at which a server is listening.

• Port 80 is the default port for Web servers.

• Apache Web Server controls access to its resources via a process known as authentication,
which requires a user to enter a valid user ID and password to access a Web site.

9
Encrypting Protocols:

• A secure protocol used by Web servers is SSL (Secure Sockets Layer).

• When you see a URL with https: at the beginning instead of http:, you know that this Web server
is using the SSL protocol for security.

WEBSERVER TECHNOLOGIES:

Chroot Mode:

• Chroot mode restricts the portion of the file system that the server occupies.

 Running in chroot mode offers security because all private files can be kept outside of the server
area.

Server Side Scripting:

• A script is a short list of instructions that certain software can perform.

• The instructions must be written in a format called a scripting language.

• Popular scripting languages include Perl, VBScript, and JavaScript.

10
 Standard CGI-Based Scripts:

• Common Gateway Interface (CGI) is the set of specifications that defines how a Web server
passes a Web user’s input to an application program running on the server, receives a response,
and passes data back to the user.

• One advantage of CGI scripts is that they are consistent among operating systems.

Database Interfaces:

• Before selecting a Web server or a virtual hosting service, find out what databases the server
supports and what tools can exchange information with the database.

 Popular databases are MS Access, MySQL, Oracle, and SQL Server

WEB SECURITY CONCERN:

Sharing information and conducting business via the World Wide Web has become a critical
requirement for most organizations. However, a web server that allows an organization to share
information and conduct business could potentially be exploited to cause unauthorized modification or
destruction of that information and other system resources. Through various attacks, such as buffer
overflow attacks, a malicious user could gain control of a web server process. Since web servers often
run with enhanced privileges, the user who gains control of the web server process possesses enhanced
privileges that can be used to cause damage to the system. Even if a malicious user cannot gain control
of the web server process, scripts potentially allow users to direct the web server to perform a malicious
action. A Common Gateway Interface3 (CGI) script accepts user input and submits it to the server for
processing. For example, electronic purchasing forms and web site guest books are typically
implemented through CGI scripts. Unfortunately, it is possible for a malicious user to enter executable
code as input into a form or guest book. If the server executes that code, the server could cause damage
to the system. Another type of script is a Server Side Include (SSI). An SSI is a file that can be parsed by
the web server to supply dynamic information for a web page, such as the current time and date.
Executable shell commands or an interface to CGI scripts can be included in an SSI. For example, an SSI
could include a statement such as <!--#execcgi="runme.cgi"-->. The web server would execute runme.cgi
when it parsed the SSI. If runme.cgi contained malicious code, the web server could cause damage when
running the code.

Approaches to Reducing Risk:

Method of reducing risk is to tighten the configuration of the web server and either restrict or turn off
functionality. For instance, the web server could be configured to deny the use of SSI's or user-
developed CGI scripts. This eliminates vulnerabilities but also eliminates functionality. It also requires

11
the system However, they all suffer from administrative overhead and provide no defense against ‘root
exploit’ attacks that lead to unwanted access. None of them deal with vulnerabilities in the base server
or in other services running on that server. They also focus on controlling access of a process to a file,
but do not address access of one process to another.

Security-Enhanced Linux:

A general security policy configuration is included with Security-Enhanced Linux. This general policy
contains Type Enforcement4 and Role-Based Access Control (RBAC) components. With Type
Enforcement, types are associated with processes and files, and the policy defines allowed interaction
between types5. For example, the policy could state that a process of type y_t is allowed to write to a
file of type x_t. A security configuration uses Role Based Access Control by defining a set of roles, and
associating a list of types with each role. A process executing with a particular role must always be
executing with one of the associated types; the security server will not permit it to transition to any
other type.

Apache web server:

Apache is a full-featured, open source web server that is packaged with Red Hat Linux. Apache's primary
role is to display web pages to users requesting the web pages. To properly display these web pages,
Apache handles many of popular web technologies such as CGI scripts and SSI. The high-level policy we
stated for Apache is:

The Apache server is allowed to:

- accept user requests for web pages,

- read web pages,

- execute scripts,

- check password protection on web pages and scripts, and

- display web pages back to the user.

12
The system boot process is allowed to start the Apache server. The web administrator is allowed to

- create and modify system web pages,

- modify and execute system scripts
- specify password protection on system web pages and scripts

User is allowed to:

- send requests for web pages to the Apache server,

- modify user web pages,

- Modify and execute user scripts,- specify password protection on their web pages and scripts.

- specify which files can be accessed by user scripts.

Apache to provide its functionality, we determined that Apache requires access to various files and
modified the high-level policy to allow the Apache server to do the following:

 send and receive messages to and from the network

 bind to port 80
 read web configuration files located in /etc/httpd/conf
 read and append to web log files located in /var/log/httpd
 execute system libraries and Apache specific libraries.

Run and Install apache server in a Linux

To install apache server:

$ sudo apt –get update

$ sudo apt-get install apache2

To check whether apache server is working or not then open web browser and then type one of the
following:

(a) by using local host

(b) 127.0.0.1
(c) By using the ip address

To check the port status:

$netstat –a | more [ www – listen ]

$netstat –an | more [ port 80 – listen]

13
To start, stop and restart the apache server you have to use the following command:

$ sudo /etc/init.d/apache2/stop

$ sudo /etc/init.d/apache2/start

$ sudo /etc/init.d/apache2/restart

Find and modify the WebPages in the apache server:

$cd /var/www

Cd/var/www#ls

Index.html web page will be available

Cd /var/www# sudo nano index.html then modified

Press ctrl+c to save and exit.

ROUTER:

 Router are most sophisticated networking devices .They have access to network layer address
and contain software that enables them to determine the best path for particular transmission
 A router is a networking device that forwards data packets between computer networks.
Routers perform the traffic directing functions on the Internet. A data packet is
typically forwarded from one router to another router through the networks that constitute
an internetwork until it reaches its destination node.
 A router is connected to two or more data lines from different networks.[b] When a data packet
comes in on one of the lines, the router reads the network address information in the packet to
determine the ultimate destination. Then, using information in its routing table or routing policy,
it directs the packet to the next network on its journey.
 The most familiar type of routers are home and small office routers that simply pass IP
packets between the home computers and the Internet. An example of a router would be the
owner's cable or DSL router, which connects to the Internet through an Internet service
provider (ISP). More sophisticated routers, such as enterprise routers, connect large business or
ISP networks up to the powerful core routers that forward data at high speed along the optical
fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices,
software-based routers also exist.
 Router act as gateway
 Router is a intelligent device
 Router relay packet among multiple interconnected network.

14
ROUTER IN A INTERNET:

ROUTING COCNEPT:

The job of the router is forward packets through set of network. When there are multiple option the
router choose the best path.

Routing is the process of transferring data across an internetwork from a source host to a destination
host. Routing can be understood in terms of two processes: host routing and router routing .

Host routing occurs when the sending host forwards a packet. Based on the destination network
address, the sending host must decide whether to forward the packet to the destination or to a router.
In Figure 1.2, the Source Host forwards the packet destined for the Destination Host to Router 1.

Router routing occurs when a router receives a packet that is to be forwarded. The packet is forwarded
between routers (when the destination network is not directly attached to the router) or between a
router and the destination host (when the destination network is directly attached). In Figure 1.2, Router
1 forwards the packet to Router 2. Router 2 forwards the packet to the Destination Host.

The Routing Process

15
Least cost routing:

 Least cost routing is based on efficiency: which of the available path is the cheapest
 Which path is shortest: shortest is the combination of many factor including shortest, cheapest,
fastest, most reliable and soon.
 Shortest means the smallest number of hope count
 Hope count means the number of nodes along the route.

Classification of routing:

(a) Non-Adaptive routing: the router sends all packets for that destination along that one route. It
will follow the following below point:
a. Fixed routing, static routing.
b. Do not take current state of the network (e.g., load, topology).
Routes are computed in advance, off-line, and downloaded to routers when booted.

(b)Adaptive routing: Router may select new route in response to change in condition and
topology. it will follow the following point
– Routes change dynamically as function of current state of network.
– Algorithms vary on how they get routing information, metrics used, and when they
change routes.

Packet life time:

As the time-to-live field is generated, each packet is marked with a lifetime,

usually the number of hops that are allowed before a packet is considered lost and
accordingly, destroyed. The time-to-live determines the lifetime of a packet.
As the time-to-live field is generated, each packet is marked with a lifetime,
usually the number of hops that are allowed before a packet is considered lost and accordingly,
destroyed. The time-to-live determines the lifetime of a packet.

Routing algorithm:

Distance vector routing:

Each router periodically share its knowledge about entire network with its neighbors.

16
Distance Vector Routing Table: consist of three field network id , cost and next hop

Routing Table Distribution:

Updating Routing Table for Router A:

17
Configuring Linux as router:

The Linux OS manages outbound and inbound IP (Internet Protocol) traffic. Inbound traffic is captured
based on ARP and IP address configuration. Outbound traffic is managed by routes. Routing determines
the path these packets take so that they are sent to their destinations. This is required for all IP traffic,
local and remote, including when multiple network interfaces are available. Routes are held by the
kernel routing table.

Direct routing table entries occur when the source and destination hosts are on the same physical
network and packets are sent directly from the source to the destination.

Indirect routing table entries occur when the source and destination hosts are on different physical
networks. The destination host must be reached through one or more IP gateways. The first gateway is
the only one which is known by the host system.

Default routing defines a gateway to use when the direct network route and the indirect host routes are
not defined for a given IP address.

Static routes: IP uses a routing table to determine where packets should be sent. First the packet is
examined to see if its' destination is for the local or remote network. If it is to be sent to a remote
network, the routing table is consulted to determine the path. If there is no information in the routing
table then the packet is sent to the default gateway. Static routes are set with the route command and
with the configuration file:

Red Hat/Fedora: /etc/sysconfig/network-scripts/route-eth0

Red Hat 7: /etc/sysconfig/static-routes

Dynamic routes: RIP (Routing Information Protocol) is used to define dynamic routes. If multiple routes
are possible, RIP will choose the shortest route. (Fewest hops between routers not physical distance.)
Routers use RIP to broadcast the routing table over UDP port 520. The routers would then add new or
improved routes to their routing tables.

Man pages:

18
route - show / manipulate the IP routing table (Static route) Show routes:

Option Description

-n display IP addresses. Do not resolve host names for faster results.

-e Print more extensive information about routes.

-v Verbose.

--help Route command information.

$ netstat -rn :

One utility that can be used to find the contents of a routing table for a host or router is netstat in UNIX
or LINUX. The following shows the list of the contents of a default server. We have used two options, r
and n. The option r indicates that we are interested in the routing table, and the option n indicates that
we are looking for numeric addresses. Note that this is a routing table for a host, not a router. Although
we discussed the routing table for a router throughout the chapter, a host also needs a routing table.

Note also that the order of columns is different from what we showed. The destination column here
defines the network address. The term gateway used by UNIX is synonymous with router. This column
actually defines the address of the next hop. The value 0.0.0.0 shows that the delivery is direct. The last
entry has a flag of G, which means that the destination can be reached through a router (default router).

$ ifconfig eth0:

The Iface defines the interface. The host has only one real interface, eth0, which means interface 0
connected to an Ethernet network. The second interface, lo, is actually a virtual loopback interface
indicating that the host accepts packets with loopback address 127.0.0.0. More information about the IP
address and physical address of the server can be found by using the ifconfig command on the given
interface (eth0).

$ ifconfig eth0 up: enable the network interface

$ifconfig eth0 down: disable the network interface.

19