WIXLIB

Application Layer: E-mail, DNSEECS 3214Slides courtesy of J.F Kurose and K.W. Ross, All Rights Reserved22-Jan-181-1Chapter 2: outline2.1 principles of networkapplications2.2 Web and HTTP2.3 electronic mail SMTP, POP3, IMAP2.4 DNS2.5 P2P applications2.6 video streaming andcontent distributionnetworks2.7 socket programmingwith UDP and TCPApplication Layer 2-21

2.3 Electronic mailoutgoingmessage queueThree major components:§ user agents§ mail servers§ simple mail transferprotocol: SMTPUser Agent§ a.k.a. “mail reader”§ composing, editing, readingmail messages§ e.g., Outlook, Apple Mail,iPhone mail client§ outgoing, incomingmessages stored on serveruseragentuser ation Layer 2-3Electronic mail: mail serversmail servers:§ mailbox contains incomingmessages for user§ message queue of outgoing(to be sent) mail messages§ SMTP protocol between mailservers to send emailmessages client: sending mailserver “server”: receiving ragentApplication Layer 2-42

2.3.1 Electronic Mail: SMTP [RFC 5321]§ uses TCP to reliably transfer email message fromclient to server, port 25§ direct transfer: sending server to receivingserver§ three phases of transfer handshaking (greeting) transfer of messages closure§ command/response interaction (like HTTP) commands: ASCII text response: status code and phrase§ messages must be in 7-bit ASCIIApplication Layer 2-5Scenario: Alice sends message to Bob1) Alice uses UA to composemessage “to”bob@someschool.edu2) Alice’s UA sends message toher mail server; messageplaced in message queue3) client side of SMTP opensTCP connection with Bob’smail server1 useragent2mailserver3Alice’s mail server4) SMTP client sends Alice’smessage over the TCPconnection5) Bob’s mail server places themessage in Bob’s mailbox6) Bob invokes his user agentto read messageuseragentmailserver465Bob’s mail serverApplication Layer 2-63

Sample SMTP interactionblue text:S:C:S:C:S:C:S:C:S:C:C:C:S:C:S:handshaking220 hamburger.eduHELO crepes.fr250 Hello crepes.fr, pleased to meet youMAIL FROM: alice@crepes.fr 250 alice@crepes.fr. Sender okRCPT TO: bob@hamburger.edu 250 bob@hamburger.edu . Recipient okDATA354 Enter mail, end with "." on a line by itselfDo you like ketchup?How about pickles?\r\n.\r\n250 Message accepted for deliveryQUIT221 hamburger.edu closing connectionApplication Layer 2-7Try SMTP interaction for yourself§ telnet servername 25§ see 220 reply from server§ enter HELO, MAIL FROM, RCPT TO, DATA, QUITcommandsabove lets you send email without using email client (reader)Application Layer 2-84

SMTP Interaction: ExampleApplication Layer 2-9More on SMTP§ SMTP uses persistentconnections§ SMTP requires message(header and body) to bein 7-bit ASCII§ SMTP server usesCRLF.CRLF todetermine end of messageComparison with HTTP (2.3.2)§ HTTP: pull§ SMTP: push§ both have ASCIIcommand/responseinteraction, status codes§ SMTP: message in 7-bitASCII§ HTTP: each objectencapsulated in its ownresponse message§ SMTP: multiple objectssent in multipart messageApplication Layer 2-105

2.3.3 Mail message formatSMTP: protocol forexchanging email messagesRFC 5322: standard for textmessage format:§ header lines, e.g.,header To: From: Subject:blanklinebodydifferent from SMTP MAILFROM, RCPT TO:commands!§ Body: the “message” ASCII characters onlyApplication Layer 2-112.3.4 Mail access protocolsuseragentSMTPSMTPmail accessprotocoluseragent(e.g., POP,IMAP)sender’s mailserverreceiver’s mailserver§ SMTP: delivery/storage to receiver’s server§ mail access protocol: retrieval from server POP: Post Office Protocol [RFC 1939]: authorizationand download IMAP: Internet Mail Access Protocol [RFC 1730]: morefeatures, including manipulation of stored messages onserver HTTP: gmail, Hotmail, Yahoo! Mail, etc.Application Layer 2-126

POP3 protocolauthorization phase§ client commands: user: declare username pass: password§ server responses OK -ERRtransaction phase, client:§ list: list message numbers§ retr: retrieve message bynumber§ dele: delete§ quitupdate phaseS:C:S:C:S: OK POP3 server readyuser bob OKpass hungry OK user successfully loggedC:S:S:S:C:S:S:C:C:S:S:C:C:S:list1 4982 912.retr 1 message 1 contents .dele 1retr 2 message 1 contents .dele 2quit OK POP3 server signing offonApplication Layer 2-13POP3 (more) and IMAPmore about POP3§ previous example usesPOP3 “download anddelete” mode Bob cannot re-read email if he changesclient§ POP3 “download-andkeep”: copies of messageson different clients§ POP3 is stateless acrosssessionsIMAP (RFC 3501)§ keeps all messages in oneplace: at server§ allows user to organizemessages in folders§ keeps user state acrosssessions: names of folders andmappings betweenmessage IDs and foldername§ allows agents to retrievecomponents of a message§ more features but morecomplexApplication Layer 2-147

Web-based E-mailuseragentHTTPHTTPSMTPsender’s mailserveruseragentreceiver’s mailserver§ sender’s agent to sender’s server: HTTP§ sender’s server to receiver's server: SMTP§ receiver's server to receiver's agent: HTTPApplication Layer 2-15Chapter 2: outline2.1 principles of networkapplications2.2 Web and HTTP2.3 electronic mail SMTP, POP3, IMAP2.4 DNS2.5 P2P applications2.6 video streaming andcontent distributionnetworks2.7 socket programmingwith UDP and TCPApplication Layer 2-168

DNS: domain name systempeople: many identifiers: SSN, name, passport #Internet hosts, routers: IP address (32 bit) used for addressingdatagrams “name” or URL, e.g.,www.yahoo.com used by humansQ: how to map between IPaddress and name, andvice versa ?Domain Name System:§ distributed databaseimplemented in hierarchy ofmany DNS servers§ application-layer protocol: hosts,DNS servers communicate toresolve names (address/nametranslation) note: core Internet function,implemented as applicationlayer protocol complexity at network’s“edge”Application Layer 2-17DNS: services, structureDNS serviceswhy not centralize DNS?§ hostname to IP addresstranslation§ host aliasing§ § § § canonical, alias names§ mail server aliasing§ load distribution replicated Webservers: many IPaddresses correspondto one name DNS server sendsentire list, rotating theorderingsingle point of failuretraffic volumedistant centralized databasemaintenanceA: doesn‘t scale!§ HTTP client uses the firstaddress on the listApplication Layer 2-189

DNS: a distributed, hierarchical databaseRoot DNS servers com DNS serversorg DNS serversyahoo.comamazon.comDNS servers DNS serverspbs.orgDNS serversedu DNS serverspoly.eduumass.eduDNS serversDNS serversclient wants IP for www.amazon.com; first approximation:§ client queries root server to find .com DNS server (TLD)§ client queries .com DNS server to get amazon.com DNS server(authoritative server)§ client queries amazon.com DNS server to get IP address forwww.amazon.comApplication Layer 2-19Root DNS Servers§ § § § Provide IP addresses of the TLD serversOver 400 root DNS servers all over the worldManaged by 12 organizationsSee www.root-servers.orgc. Cogent, Herndon, VA (5 other sites)d. U Maryland College Park, MDh. ARL Aberdeen, MDj. Verisign, Dulles VA (69 other sites )e. NASA Mt View, CAf. Internet Software C.Palo Alto, CA (and 48 othersites)a. Verisign, Los Angeles CA(5 other sites)b. USC-ISI Marina del Rey, CAl. ICANN Los Angeles, CA(41 other sites)g. US DoD Columbus,OH (5 other sites)k. RIPE London (17 other sites)i. Netnod, Stockholm (37 other sites)m. WIDE Tokyo(5 other sites)13 logical root name“servers” worldwide each “server” replicatedmany timesApplication Layer 2-2010

TLD, authoritative serverstop-level domain (TLD) servers: responsible for com, org, net, edu, gov, and all top-levelcountry domains, e.g.: uk, fr, ca, jp Verisign maintains servers for .com TLD Educause for .edu TLD provide IP addresses for authoritative serversauthoritative DNS servers: organization’s own DNS server(s), providing authoritativehostname to IP mappings for organization’s named hosts can be maintained by organization or service providerApplication Layer 2-21Local DNS server§ does not strictly belong to the previous hierarchy§ each ISP (residential ISP, company, university) hasone also called “default DNS server”§ when host makes DNS query, query is sent to itslocal DNS server has local cache of recent name-to-address translationpairs (but may be out of date!) acts as proxy, forwards query into the hierarchyApplication Layer 2-2211

DNS nameresolution example (1)2§ host at cis.poly.eduwants IP address forgaia.cs.umass.eduiterated query:§ contacted serverreplies with name andIP address of nextserver to contact§ “I don’t know thisname, but ask thisserver”root DNS server34TLD DNS server5local DNS serverdns.poly.edu1678authoritative DNS serverdns.cs.umass.edurequesting hostcis.poly.edugaia.cs.umass.eduApplication Layer 2-23DNS nameresolution example (2)2recursive query:§ puts burden of nameresolution oncontacted DNSserver§ heavy load at upperlevels of hierarchy?root DNS server376TLD DNSserverlocal DNS serverdns.poly.edu1548requesting hostauthoritative DNS uApplication Layer 2-2412

DNS: caching, updating records§ once (any) name server learns a mapping, it cachesthe mapping cache entries timeout (disappear) after some time (TTL,typically 2 days) TLD servers typically cached in local DNS servers thus root DNS servers not often visited§ cached entries may be out-of-date (best effortname-to-address translation!) if a host changes IP address, that may not be knownInternet-wide until all TTLs expire§ update/notify mechanisms proposed in IETFstandard RFC 2136Application Layer 2-25DNS recordsDNS: distributed database storing resource records (RR)RR format: (name,type A§ name is hostname§ value is IP addresstype NS name is domain (e.g.,foo.com) value is hostname ofauthoritative nameserver for this domainvalue, type, ttl)type CNAME§ name is alias name for some“canonical” (the real) name§ www.ibm.com is reallyservereast.backup2.ibm.com§ value is canonical nametype MX§ value is name of mailserverassociated with nameApplication Layer 2-2613

DNS messages§ query and reply messages, both with same messageformat2 bytes2 bytesmessage headeridentificationflags§ identification: 16 bit # forquery, reply to query usessame #§ flags:§ query or reply§ reply is authoritative§ recursion desired§ recursion available# questions# answer RRs# authority RRs# additional RRsquestions (variable # of questions)answers (variable # of RRs)authority (variable # of RRs)additional info (variable # of RRs)Application Layer 2-27DNS messages (cont.)2 bytes2 bytesidentificationflags# questions# answer RRs# authority RRs# additional RRsname, type fieldsfor a queryquestions (variable # of questions)RRs in responseto queryanswers (variable # of RRs)records forauthoritative serversauthority (variable # of RRs)additional “helpful”info that may be usedadditional info (variable # of RRs)Application Layer 2-2814

Inserting records into DNS§ example: new startup “Network Utopia”§ register name networkuptopia.com at DNS registrar(e.g., Network Solutions or some others) provide names, IP addresses of authoritative name server(primary and secondary) registrar inserts two RRs into .com TLD servers:(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)§ create authoritative server type A record for webserver www.networkuptopia.com; type MX record formail server mail.networkutopia.comApplication Layer 2-29Attacking DNSDDoS attacks§ bombard root serverswith traffic not successful to date traffic filtering (of ICMPmessages) local DNS servers cacheIPs of TLD servers,allowing root server tobe bypassed§ bombard TLD servers potentially moredangerous mitigation: caching inlocal DNSsOther attacks§ man-in-middle intercept queries send bogus replies§ DNS poisoning§ send bogus relies toDNS server, whichcaches them§ difficult to implementin practiceApplication Layer 2-3015