TCP/IP Study Notes (5)
I,DNS System
1. DNS authorization:
The Network Information Center Nic is responsible for allocating the top polar domain and assigning authorization institutions to other designated regions. An independently managed DNS subtree is called a region. Many polar domains divide their subdomains into smaller regions. When a system is added to a region, the DNS manager of the region applies for a domain name and an IP address for the new system and adds them to the database of the name server.
A name server is responsible for one or more regions. A region administrator must provide a primary name server and at least one secondary name server for the region.
Each Master name server must know the IP address of the root name server, and the root server must know the name and IP address of each authorization name server in all the two polar domains.
2. DNS message format: consists of 12-byte headers and 4 variable-length fields.
Identifier |
Flag |
Problem count |
Resource Records |
Number of authorized resource records |
Additional Resource Records |
Query Problems |
Q & A (variable number of Resource Records) |
Authorization (variable number of Resource Records) |
Additional information (variable Resource Records) |
◆ The ID field is set by the customer program and returned by the router. The customer program uses it to determine whether the response matches the query.
◆ The flag field is divided into several subfields:
Qr |
Opcode |
AA |
TC |
Rd |
RA |
(Zero) |
RCODE |
QR-1 bit, 0 indicates query, 1 indicates response message.
Opcode-4 bit, 0 indicates standard query, 1 indicates reverse query, 2 indicates server status request.
AA-1 bit, indicating that the answer is authorized.
TC-1 bit, indicating truncated, when UDP is used, it indicates that the total length should exceed 512 bytes, only returns the first 512 bytes.
RD-1 bit, indicating expected recursion. This field can be set in a query and returned in the response. This indicates that the name server must process the query. If this parameter is set to 0 and the requested name server does not have an authorized answer, it returns a list of other name servers that can answer the query. This is called a stacked query.
RA-1 bit, indicating recursion is available. If the name server supports recursive queries, set this position to 1 in the response.
Rcode-4 bit return code, 0 indicates no error, 3 indicates name error. A name error is returned only from an authorized server, indicating that the domain name specified in the query does not exist.
The following four 16-bit fields indicate the number of entries in the last four variable-length fields. For Query Packets, the number of problems is usually 1, and the other three items are 0. For a response message, the number of questions and answers must be at least 1, and the remaining two items can be 0 or not 0.
3. Problems in DNS query packets:
The format is as follows. There is usually only one problem.
Query name |
Query type |
Query Class |
The query name is the name to be searched. It is a sequence of one or more identifiers. Each identifier uses the Count value of the first byte to indicate the length of the subsequent identifier. Each name ends with the last byte of 0 and the length of 0 is the root identifier. The value of the count byte must be 0-63, because the maximum length of the identifier is 63. This field does not need to take 32 as the boundary, that is, it does not need to fill in bytes.
Example: gemini.tuc.noao.edu storage:
6gemini3tuc4noao3edu0
Each question has a query type, and each response (Resource Record) is also a type. The most common Query type is a (with a value of 1), which indicates the IP address of the query name. For a PTR query (with a value of 12), the request obtains the domain name corresponding to an IP address.
The Query Class is generally 1, indicating the Internet address.
4. Resource Record in DNS response packets:
The last three fields in the DNS message, including the answer field, authorization field, and additional information field, all adopt the same format called Resource Record (RR. The RR format is as follows:
Domain Name |
Type |
Class |
Survival time |
Resource Data Length |
|
Resource Data |
The domain name is the name corresponding to the resource data in the record. It is in the same format as the previous query name segment.
Type description RR type code, which is the same as the previous Query type value. Usually 1, indicating Internet data.
The lifetime is the number of seconds that the customer program retains the resource record. The usual lifetime of the resource record is 2 days.
The length of resource data indicates the number of resource data. The format of the data depends on the value of the domain type field. For type A resource data, it is a 4-byte IP address.
5. pointer query: The domain name corresponding to the given IP address is returned.
For example, the EDU of the top-pole domain name and the noao domain below it correspond to the B-class network with the network number 140.252. The next level of noao.edu must be the first byte (140) of the IP address, and the next byte (252) of the IP address ). Because the DNS name is gradually written up at the bottom of the DNS tree. This means that the IP address of the host is 140.252.13.33, and its DNS name is 33.13.252.140.noao.edu.
6. Check the Host Name:
When IP data is reported to a server host, the server process can obtain the IP address and port number of the customer regardless of the UDP datagram or TCP connection request, some servers require the customer's IP address to obtain pointer records in DNS.
7. resource record:
The IP address query is type A, and the pointer query is type PTR. Resource Records returned by the name server: Response RR, authorization RR, and additional information RR.
(1) A-a record defines an IP address.
(2) PTR-pointer records are used for pointer query. IP addresses are considered as a domain name under the noao.edu domain.
(3) cname indicates a canonical name, which is used to represent a domain name. A domain name with a canonical name is usually called an alias. Some FTP servers use it to provide an easy-to-remember alias to other systems.
(4) HINFO-indicates the host information, including two strings indicating the host CPU and operating system.
(5) Mx-mail exchange record. Function: If a message is sent to the use@foo.com, it is sent to relay1.uu.net.
(6) NS-name server record. It indicates the authorization name server of a domain, which is represented by a domain name.
8. High-speed cache:
To Reduce DNS traffic on the Internet, all name servers use high-speed cache.
9. Use UDP or TCP:
DNS supports both UDP and TCP, and the port number is 53. When the response length of a query request exceeds 512 bytes and only the first 512 bytes are returned, the name parser usually resends the original query request using TCP. Since DNS mainly uses UDP, good retransmission and timeout procedures are very important.
II,TFTP: simple File Transfer Protocol
1. Agreement
At the beginning of work, TFTP's client Domain Server exchanges information, and the customer sends a read or write request to the server. When a diskless system is guided by the system, the first request is read (rrq ).
The TFTP Message format is as follows: (5)
IP Header |
UDP Header |
Operation Code 1 or 2 |
File Name |
0 |
Mode |
0 |
Operation Code 3 |
Block ID |
Data |
Operation Code 4 |
Block ID |
Operation Code 5 |
Error Code |
Error Message |
0 |
The first two bytes of the TFTP message indicate the operation code. For read requests and write requests (WRQ), the file name field indicates the file on the server to be read and written by the customer. The file field ends with 0 bytes. The Mode Field is an ASCII string netascii or octet and ends with 0 bytes. Netascii indicates that the data is composed of ASCII characters in a line and uses two bytes to return a line break as the ending character. The end characters of these two lines are converted between this format and the line delimiters used by the local host. Octet regards the data as a group of eight bytes and six bytes without any explanation.
Each Data Group contains a block number field, which will be used in the validation group later. Taking reading a file as an example, the TFTP client needs to send a read request to describe the file name and file mode to be read. If the data can be read by this customer, the TFTP server returns a data group with block number 1, and the TFTP server sends an ACK with block number 1. I already know that this file has been transferred. Except that the last data group can contain less than 512 bytes of data, each other data group contains 512 bytes of data. When a TFTP client receives a Data Group of less than 512 bytes, it will know that it has received the last data group.
When writing a request, the TFTP client sends WRQ to specify the file name and mode. If the file can be written by the client, the TFTP server returns an ACK packet with the block number 0, and the client sends the first 512 bytes of the file with the block number 1. The server returns the ACK with the block number 1.
The data transmission of this protocol is called the Stop wait protocol.
The last TFTP packet type is error packets. It is used when the server cannot process read or write requests. Reading or writing errors during file transmission can also lead to transmission of such packets and then stop transmission.
When TFTP uses unreliable UDP, TFTP must process packet loss and duplicate packets.
2. Security
Because TFTP is designed for system boot, it cannot provide a user name or password.
III,BOOTP: Bootstrap Protocol
First, let's talk about the shortcomings of RARP: (1) the IP address is the only returned result (2) Because RARP uses link layer broadcast, RARP requests are not forwarded by the router.
BOOTP uses UDP and usually needs to work with TFTP.
1. Group format
IP Header |
UDP Header |
Bootp request/Response |
Operation Code (1, 2) |
Hardware type 1 |
Hardware address length 6 |
Hops |
Transaction ID |
Seconds |
Unused |
Customer IP Address |
Your IP Address |
Server IP Address |
Gateway IP Address |
Client host hardware address (16 bytes) |
Server Host Name (64 bytes) |
Boot file name (128 bytes) |
Specific vendor information (64 bytes) |
Operation Code: 1 indicates a request, and 2 indicates a response.
Hardware type: 1 indicates Ethernet.
Hops: The customer is set to 1, but can also be set by the proxy server.
Transaction ID: A 32-bit integer set by the customer and returned by the server. The customer uses the 32-bit integer to match the request and response. For each request, the customer should set a random number.
Seconds: The customer sets a time uniform to see this time value. The Standby server will respond to the customer's request only when the waiting time exceeds this time value, which means that the master server is not started.
IP address: If the customer already knows its own IP address, write it. Otherwise, set this field to 0. In subsequent cases, the server uses the customer's IP address to write the "your IP address" field. The server field is filled in by the server. If a proxy server is used, the proxy server is filled in the "gateway IP Address" field.
Customer hardware address: This parameter must be set by the customer, although both the Ethernet data frame header and the UDP header contain this value.
Server Host Name: It is a null abort character, which is entered by the server. The server will also fill in the "boot file name" field with the full name of the file name used for system boot and the path where it is located.
Specific vendor Region: Used for BOOTP extension.
When a customer uses BOOTP for system boot, it usually uses link layer broadcast. The IP address in the IP header is 255.255.255.255, and the source address is usually 0.0.0.0, because the customer does not know its own IP address.
2. Port Number:
The port number Of The BOOTP server is 67, and that of the bootp client is 68.