 Hi everyone again welcome to this lecture today, we will be continuing the Linux networking topics this is lecture number 4 we finished the Linux basics and now we are into Linux networking today we will be talking about the domain name system this is one of the important things that we really touched upon doing the first lecture and then now we will be taking it up much more details. So before I want to before I go into the this domain name system itself let's recap what we learned the last lecture the lecture number 3 which was mainly about the file transfer protocol or FTP we learned about how to do the FTP itself by using the FTP and then followed by the FTP server command and then there are various commands that be used to transfer files back and forth you can transfer it into the FTP server and also you can get the file into your system and there are various modes by which you can transfer all those things we learned and then we also learned something that is unique which is how to set up an FTP system or FTP site in your machine the specifically we learned about the FTP access dot control or CTL this particular file decides in the flash EPC area and this is the main file that is used to provide access to any users and here there we use several keywords on access deny read only write only things like that to make sure that the whoever is connecting to do any kind of FTP activity has all the permissions he or she needs to do the file transfers then we also learn some administrative commands like FTP who FTP count the thing command that you already know about things like that to see how we can transfer effectively but I hope it was interesting for you all and now let's look at some activities that I want you to do based on the last lecture so go ahead and actually answer these questions what do these comments do in FTP then LCD M which so I think like these are the commands that we already learned in the last class so it should be fairly easy for you to answer these questions the second one is slightly more challenging is what commands will you use to set up an anonymous FTP essentially like I mean this is I'm clearly referring to the FTP access control inside that how do you what do you write to set up the anonymous FTP some hints I can give you the when you talk about an anonymous FTP you don't know who is actually connecting so you need to make sure that you need to give all the permissions that is needed for any kind of access so yes it depends on what they want to access but I also want you to give some idea as to how you want to give this the permissions and then the other question this is very simple is where will you set up the FTP access control this answer is I think like I mean in the previous slide so just refer back immediately you'll get it so again this question is slightly difficult than the first one the first one is helps you to get the base understanding and this one likely more and then if you are still like I mean if you are looking for more challenge for you it is the third question it is the find the number of connections that are available for each FTP server configuration in your machine so your machine is has like several configuration of FTP find the number of connections that are available for each of those who are who are connected to those various FTP servers I think like I mean this is fairly easy assignment just you should be able to do it in move and if you are paying attention to the lecture 3 so now we will start today's lecture today's lecture is on domain name system as I mentioned so let's look at the domain name system here we will be learning about configuring the domain name system name resolution we will also try to configure the dial up network using the PPP or the point-to-point protocol and then we will also try to understand the plan services such as DHCP and LDAP these are all like acronyms that we will study later then we will also like look at some of the graphical applications and the remote dial up authentications and then we will also look at some plant level tools such as web browsers and email plans because these are kind of you can almost think of them as applications of the DNS name resolution system so first of all what is the DNF DNF is the hierarchical distributed naming system for computers services or any resources connected to the internet or even a private network so that everyone knows what the other computers or services are available and address so address is one of the key things that you know everyone wants to have you have your home address and so like I mean in the locality people know like how to get hold of you to come to your house and they also know your name so we can mostly approach you and then they know that it is you so it is kind of it gives the identity of a person similarly the domain name service and domain name system you can think of it as a directory where we store the identities of all the people and the key thing is I think we saw a little bit in the last month the like I mean as you know the IP addressing that we learned when we learned about IP addressing IP addresses are this four of the numbers which are binary or maybe you can convert that into decimal or hexadecimal but issue is if I asked you to remember say like 10 IP addresses from different sites you will soon just not able to recollect recall any of the numbers so for humans we need something which and identify what is available for example Google.com you need to know what like I mean the you need to know the IP address in order to go to the Google.com but at the same time what you want to remember is just the Google.com not exactly so the domain name system provides a way to actually do so let's look at how we do it so in this course we will be talking about like setting up but again it's a translation file that how you can do it as where you can think of the numerical IP addresses on one side and then the actual text based domain names on the other side so and imagine right I mean this you can use it to find and locate any computer services and devices worldwide this is one of the beauty of internet so that you can really find any computer in any part of the world connected to internet very quickly using the domain names so in fact as I said it's an address book or phone book you can think of it for internet so that that's how you should be with some domain name like say like example.com it translates into address 192.0.43.10 so I mean the DNS will just store that that name essentially the that www.example.com along with its address so that if you type in www.example.com it takes you to that site using the actual IP address the new internet IP address closely associated with the DNS is also the URLs essentially like I mean that is the the names starting with HTTP so URL stands for the universal uniform resource locators and essentially that's basically it's a form of the IP addressing which is which part which which is a part of the DNS so on the domain name syntax essentially like I mean so we will be learning about it before that let's look at the how we do the name resolution the DNS itself is implemented by domain name server the domain name server essentially keeps multiple all the details the IP addresses of in the world pretty much in the world and it's corresponding the textual addresses in one place here the term domain means the name of the multiple hosts in the net in the internet and they are that are collectively the most widely known the domain name is the.com very much lot of people will be a lot of you working for one of the.com and we call it like the.com era things like that and an organization can have its own domain or collection of domains the the network hosts the names of the network hosts are the host name essentially and the FQDN refers to the fully qualified domain name it combines the host name with the name of the domain so we will see some of the examples in the later section so this is essentially like I mean how you would set up the name resolution the domain name syntax is one thing is the top-level domain is always represented at the right most as the right most level you can almost think of the domain name as an inverted tree structure so the.com is at the top here you see that the.com is at the top and then followed by the remaining part in the the.com is here and then you can also have the other other items to the left of the.com so let us look at some of the examples so here there are multiple examples the top-level domain name the.com one example is www.idm.com which is essentially like I mean ARM refers to commercial organization all for the first three letters and the other top-level domain name is widely used is also .gov or .gov here the example is www.state.gov or irs.gov things like that the .gov refers to the government it is typically the US federal government then you have edu which is the another very common top-level domain name for example here it is www.itla.edu should be like Stanford.edu several schools edu and these are the educational institution so that is why the first three letters again it stands for edu. Now the military US military has its own top-level domain name again that is denoted by the first three letters myel and any kind of organization whether it is profit or nonprofit mostly it is nonprofit they have their own domain names that is the ORG and then so these were the primary top-level names for long long long time top-level domain names were only like edu. Today the US has opened up with other ones like net is any networking services it is not just limited to the networking services there are many companies now getting the this one and then .us is another one it is mostly a geographical domain and it exists with the other domains in US and it is also used by a lot of state governments even though in the California uses also a lot of .gov names as well then there are country specific names for example JP Japan IT is Italy DE is stands for the Dwight or Germany and I think like you all know what I am stands for that's the India and one of the famous domain names in Indian India is airnet.in which is essentially the educational research network so that goes to a lot of educational institutions and you can find those several other names like UK stands for the United Kingdom a US I think is the for the Australia things like that so you should be able to find the top-level domain names for a lot of these things and nowadays like actually like now they have the the board the particular body that controls this the domain names they are opening up in a big way so more domain names that are available today so before we go into the resolver the there is also the hierarchy of domains as I mentioned like I mean when you are reading the the domain names it goes from right to left with each label specifying one subdivision and each level is separated by the next level by a full stop or a dot so we just call it like www.idm.com is essentially an imperfect as the calm being at the top level and then under that one of the sub domain is IBM it could be Intel could be another sub-domain so that will be www.intel.com and then if you are on to put more stuff within Intel they like the semiconductor division or they like microprocessor division you will see like microprocessor.intel.com so that means that it's a subdivision under the Intel you and there are some rules governing the name central each label can go up to 603 characters the tree of subdivisions may have up to 127 levels so I mean I don't think like anybody is using that kind of thing but you can think of the the deepest tree that can accommodate all these things so the other rule that also says is the full domain name must not exceed the length of 253 characters in its textual representation so the internal binary representation of the DNS has a maximum length of 255 aspects of storage but even though like I mean it allows the 255 of this in practical practically actually it's much shorter because the domain registries don't have like a lot of other space that this that is needed for updating this particular IP address and the domain names themselves can contain any character that are that can be representable in an object so it is not limited to this alphabet something like that but typically basically includes the ASCII character set that is A to Z digits 0 through 9 uppercase H to Z and also hyphen is also can be accommodated this particular rule is also known as LDH rule this is letter digits and hyphen usually the domain names are interpreted in the case independent manner so the lower case IBM and uppercase IBM means the same thing and the definition of a host name is a domain name that has at least one IP address associated so the way to convert that IP address is to store the IP address with the corresponding domain names in a text file as I said like this is this is your direction and this is actually located in the slash ETC slash hosts file which should be you will be able to find it so I am not aligning that slash ETC slash hosts there are other files that are also being used the host dot on and NS switch dot on they determine the order in which the resolver the resolver looks at various sources to resolve the IP address again as I said you know the IP address and the whole directory structure is all hierarchical and sometimes you may not have the storage space to store everything so you have to look at these additional file to see where is the the information if it goes beyond the hierarchy that is supported within the within your let us look at configuring the DNS resolver so graphically here you can see basically the host name which is Sundance the domain name I think X mission dot form again you can you can see that the dot form is the popular domain name followed by the sub domain is X mission and then you have your host name and then the primary DNS that you can say what is the domain name system name and then there is a 192 dot 160 about 105 I think by now you know like it is for octets what they mean there is what is a network and what is the actual host ID and then the same thing like second again specify part of like two networks and in one network is named as the fifth computer mission fifth node and this in the second one it is actually the second one so here is the web main utility which is essentially like used to configure the DNS resolver this one is again like the configuration page essentially like I mean one of these tabs is what you click to get the other one and then the DNS solver so here is how the DNS client itself is configured something like this may be like hard to read but it also gives the same information the DNS server information the host name and then there are anything like that those are the main information that is in the site and that is used to configure this system but before we go into the next one is the ballot network using the point-to-point protocol I just wanted to add how the address the resolution works so essentially like I mean the domain name resolvers determine the appropriate domain name servers responsible for the domain name and it does so by using a sequence of queries starting from the make most of the top level domain so a network host is actually configured with some initial cache essentially which has some known addresses and then when you query to the root servers you get like in the authoritative top level domain again just clarify that authoritative server authoritative name server is a server that gives the answers that have been like configured by the original source so again these are all like I mean a self-spawning system almost think of it that way there the initially the domain administrator pretty much codes this the domain names to one of the servers and then from that point onwards it just spawns and then basically like I mean it actually provides answers to the next server and then that pretty much like because really it goes on and populates all the servers in fact if you are doing any kind of web web searching things like that this is one of the key answers that was developed basically that one person gets to know something by recursion you everybody else in the network knows about the same thing and this actually helps in doing a lot of web searches there the material itself what you're searching on will be stored distributed across the network and whenever you want you can easily get it because you know the system can use recursion to handle this information presented to the top level so the entire directory is also known as registry so and then there is also like the main registrar who essentially registers any key or in fact all the IP addresses so let's look at the the point-to-point protocol or PPP PPP is PPP is one of the protocols that is used to connect to internet via modern it includes the features that that is security flexibility and dependability all of them than terminal emulation so emulation is another way that you can use there pretty much what is in the remote side you emulate it into your machine and so basically that's what the other thing will do or kind of mimics what the other PPP is essentially more interactive in the sense that whatever the messages that you are sending basically they'll actually send to the remote system and executed there one thing to notice it's like it's not very secure and used to be like very challenging and challenging to configure and manage there are two advances that happen that improve the PPP security one was the password authentication protocol or path that stores the user data in a file that only the root user can access then the second one is which is becoming more and more important is the challenge handshake authentication protocol called CHAP this is most secure PPP option so one example will be like your RSA secure access token token mechanism there it challenges you with either a password or particular pin number and then once you send that pin number then it starts it on some variants of this methodology you have a pin with a random number generator and this random generator is actually synced with the server inside the system or inside the company and then once you generate a random number based on your pin and that's compared against what is generated in the system because the algorithms do allow the system to be doing very similar to what you are so once it understands that once the passwords do match then it provides that that handshake is exactly carried over and then that's how the user gets authenticated and now he can actually do whatever he wants inside the system because it knows exactly the coordinates and decided he has been established so let's look at how this connection will happen it's a text mode utility for the WV dial that pretty much works to eliminate all this difficulty in connecting with PPP and this one you can actually use it from the command line in the server in red hat Linux there's a utility called RP3 which is provided this is a wizard driven graphical utility so it goes through the various steps to make sure that you can set up the PPP connections in Linux KDE graphical environment to utility called KPP is used and then the dial D is also like used to automate PPP but dial D is kind of difficult to use and little bit more challenging to set up so here is one example of how do we set the PPP connection so here the many many options one is the PPP do all my authentication begin connection in the computer is turned on you may or may not want to do that and then let user start and stop the connection so this is like a good option so that the machine doesn't shut you down when it and then the other one is the make connection the default route which is also kind of important so that you receive the maximum then configure the name resolution automatically which is I think it's a good thing to do you are considering the PPP because once you do the name resolution automatically then it is going to a primary source and actually getting that information and then it populates and as I mentioned the recursive population will enable that the whole thing is populated in no time then there are other options for restarting and then one thing to note is essentially like once you set up a PPP if it cannot find the connection it can sign and you can set up the time to wait for the connection to be complete finally the it also provides the way to configure the primary DNS and the secondary then there are some low power features this is also mentioned here like bringing the link up and down automatically in activity time set essentially you can do all these things so here there's more dialogue boxes this is used to set up an account and starting a connection using the KPPP in open Linux so as I mentioned like there are other PPP servers this in the Linux KDE that will manage the KPPP so using the KPPP to set up an account and start a connection I think I given you are familiar with some of the PPP and VHPP because they have any iPhone or anything you will be working on this a lot so just to give you more sense of how this name mapping really work is so as I mentioned basically like the network host is initially configured so it has at least some basic directory and then builds on the directory so then you make a query into one of the root servers to find the server authoritative for the top domain then once that is completed that gives you the servers for the next level because it contains for that particular top level.com what is the the next part which is IBM gives you that the corresponding idea this and then you essentially like now the you have sent a query to the server the address of the server that is returned and then essentially like that will provide the address of the DNS service DNS server that is authoritative for the second level so now we first went to the first level domain then that gave us some information we take that information and then we submit to the second level domain name and then now that is going to return something that's that's all you need you stop it right there but won't continue again you can go and continue on with other sub levels as well whatever is available so one thing that I wanted to add to the slide that he talked about where this is domain names for this one so today like I mean .com and .net domain names they use the directory there are the domain registry from VeriSign VeriSign is the company that keeps these two all domain essentially so the register who is using which domain how long is supposed to use and also what are the dates that the things will expire so just to keep in mind so let's talk about DHCP DHCP stands for dynamic host configuration protocol we learned a little bit when we talked about the IP addressing we just started talking about it but we will continue in that lecture so as I mentioned like I mean initially we started with IP addressing the core of it and pretty much like I mean we wanted every machine in the world who is connected to the internet have a unique identifier but with just this four octets it's just not possible and not only that if a machine is connected to a network you know then you may want to move that machine to some other place and either replace it with a new machine or not replace it with a new machine but you need more addresses than what is provided so that you can be successful in doing this DNS and the other thing and then also like you don't make any of the DNS DNS you don't want to make them like obsolete so the way to do it is this dynamic host configuration protocol which lets you change the IP addresses at the time of installation or at the time of setting it up so essentially like the DHCP allows the configuration of the service that hands out IP addresses to the network clients and since like coming you are creating new IP addresses and essentially but it's in under the sub domain so that it does not clash with the main domain now you can actually like keep updating whatever web address that you want all you got to do is to make sure that the DHCP server has that information and it's actually like so better so advantage of DHCP is it can reduce the administration cost quite a bit the DHCP server itself is involved by default on many Linux Linux systems so you don't need to do any kind of thing for the DHCP server and you can also look at the configuration of your machine in the lab from the slash ETC slash the D dot console console so how do you use the DHCP so again in this section DHCP like I mean we can move on figure the DHCP graphically as shown here this is one of the things where you can actually like IP addresses that you can give you like some pointers to the very log and and then you can let it run so now let's look at the LDAP or lightweight the directory access protocol this is quite the directory structure that lets the users query a database of network resource information so the LDAP directories are organized as inverted trees and in order to use the directory services the client software allows the traversal of the tree looking for the needed data objects in the same tree are referred to using a formalized set of enterprise so that's pretty much on the local directory access protocol now let's look at how it is organized so here in the LDAP you can see that basically there are two different types of objects one is the container objects and then the other one is the leaf objects and it's very easy for you to actually select the container objects you can see that actually the FDR admin FDR and PON or the container objects and then the the the low-level items files and etc they are the leaf objects so here let's spend some more time to understand how the LDAP works so here like I mean we have a top domain called just called top on the top we have like Latvia IP and then then we have also like another one Mexico and there are attributes of these country objects the attribute will be a class is country the name whatever the name of the states or the country the the just the name of the place itself and then there's an internal code and then also the capital city so these are the four items from the from for this particular LDAP so like under Mexico you can still have like IBM and Excel and in fact you can also have in Italy have ties with Italy and then you progressively go down essentially like then it's the various people on the base people there is books for example here there is a Cm named Louis Rodriguez and another Cm is laser jet and third one is a marketing group itself and then from there you can still focus down go down the hierarchy dimension like I mean you can have all the two levels of logic and also like I mean everybody is trained in those kind of things so now let's a bit more so how do we run applications remotely so the way that to be run for example here like I mean you can think of the host name the host computer has just two programs so here all this K paint K cal if I can be paint these are all just the host program whereas actually like I mean I take it back only the first two only the first two but then the remaining programs out of the remaining programs the DMP or a paint it out they are more like batch programs of their actually they we want to run it under this server so what do you do so again the number one requirement is we need to configure the remote host before we can use it so we need to tell in that computer as to what the pitch clients will be using that resource so we need to authenticate that the user in the remote system one way to do it is like I mean actually there are several like first authentication services are available a quick one is like the exhaust plus kind of thing there it actually opens up the terminal for receiving any kind of X requests the XR is another one which is it's more secure than a ghost X host since it employs the use of the code but I think like X host is quite prevalent today I want you to in fact try some of the X host commands and see how they work and then for the remote graphical terminals the X DMCT get you the remote X service and it will have a logical login screen or a graphical login screen and it will be using this time so for remote execution there are our units that are available what are our units we will see in the next slide but essentially like things like copying or going to a directory those kind of things this are utilities are much more helpful to connect to a remote machine and then perform this operation and then the UUCP is essentially like I mean that the transferring emails over model between the two mail so the are commands that I mentioned earlier these are like standard your links commands are who is essentially like a remote who so it it logs in to see like I mean what is who is using what then our time is the other one how long the server is up and then so that the it tracks that our login is a remote login this everybody should familiar with which is essentially a way to get the the remote system respond to your request and then RSH is another widely it is essentially it executes a command in the remote computer before logging and then RCP is the other one which is copying the files so it helps in copying that's not even copy and then basically it's a very fast discoverer of no sorry so so RCP is essentially to copy one or more files between two computers it could be like either a local computer and remote computer or just between two remote computers so RCP is another widely used command so now let's look at some of the mail clients one of the most famous one is browser so the popular Linux browsers are links is one of them which is a tech-based browser and it's actually comes up free with a lot of Linux machines let's keep coming together is still you then Mozilla Firefox is another one this is by far the most common one again Mozilla is again another open-source type of graphics so and then they they they they work on that and other browser browsers are opera, Dillo, galleon, skips, etc. now we go into more details regarding the links browsers sorry Linux browsers again I'm like let's go to this previous slide and then so there are several popular Linux browsers links is one of them is the x-based browser that is installed by by default on many popular Linux installation so let's look at the links browser here and it's the text browsers are kind of it's a small p of this point because we are all used to a lot of this graphical user interface and working with the browser this text browser is kind of unique and think of it you can see that actually like a kind of stuff and then basically like it goes on and then the way to interact it is also like some arrow keys that you can go to like scrolling up and down and then you need to provide the address in a particular box and then display this good thing about these kind of text browsers are first of all they are fairly easy to bring up the secondly the text browsers are much more faster than the graphics-based ones but nowadays like I mean actually the processes speak so much that you don't see any difference but if you remember even the Google started as the text-based browser and actually not a browser but at least a website and then it basically added various graphics but even today actually like I mean the basic Google is just a blank page with just one small window where you can type in and then get the information so the next topic is going to be the email but before we go in the email I also wanted to talk about few things one is on the security so the the DNS software needs to consider the security aspects of it there are some vulnerability issues that was discovered and they were exploited by some malicious users there is something called DNS cache causing in which the the data is distributed the cache resolvers under the pretense of being an authoritative resolve so basically like I mean it corrupts the DNS entries so that if you are typing the Google.com it will take you to some one site or some other site and it also like I mean the once that data gets put in in one of the servers as I mentioned basically the whole system both in the recursive mode where now then another system another system queries about the addresses suddenly like when you get this this address which is also like the corrupted address and then suddenly the corrupted address just flows through the system some of the denial of services also can be can be used or can be can the result of this kind of attack there you capture the directory of one of the system and then put a fake the URL or fake IP address for a given URL and then whenever somebody types it in it takes you to like say say like flash now flash there flash now which is like no place so that's kind of the denial of services attack again it's all results in this whole recursive mechanism so if we obey it obey and use it properly we can also like get back the proper results otherwise it's basically we can easily manipulate and the destroy the whole thing so once these kind of attacks started coming now we are talking about the domain name security extension domain name system security extension or DNS sec or short these extensions offer some kind of programmatically signed bits and then since they are encrypted and that can prevent some of the attacks essentially so now nowadays like I mean there are several extensions that I will devise to make it secure a simple thing will be like in CTPS secured HTTP the hypertext hypertext transfer protocol they also have like some spoofing effects whereas so like I mean this is another way to attack some of those things which where you just change the names slightly for example if it is Google.com this is DOGLE.com somebody can spell another site for DOGEL.com Google.com where if you type that wrongly suddenly like you end up in a different altogether different site which can do another thing and this kind of vulnerability is exploited in what is called the phishing phishing is PHI SHING it is kind of an act of it is an attempt to actually acquiring information that has used in its passwords and even credit cards by masquerading as a or covering yourself as a trustworthy site so that you can get all this information and phishing even though like I mean right now it's very popular like there are several phishing types and doing all the things this term phishing itself was described in detail in 1987 so imagine it's been around for a long long long time it's now famous because of the internet so with that I am going to conclude for tonight or for this lecture we will be talking about understanding the email and continuing from this point in the next lecture okay so thank you very much once again thanks