Internet Domains

Internet DomainsThe Domain Name SystemThe Domain Name ServiceThe Domain Name Space

DNS

Internet host nameInternet domain names are hierarchical in nature, that is, they have a tree-like structure.

A `domain' is a family, or group of names. A `domain' may be broken down into `subdomain'. A `toplevel domain' is a domain that is not a subdomain. The Top Level Domains are specified in RFC-920.

.COM Commercial Organisations

.EDU Educational Organisations

.GOV Government Organisations

.MIL Military Organisations

.ORG Other organisations

.NET Network

Country Designator are two letters codes that represent a particular country.

Each top level domain has subdomains. The top level domains based on country name are broken down

into subdomains, so for example you end up with: .ac.uk, .co.uk. The next level of division usually represents the name of the

organisation: .brad.ac.uk, .theinternetwebshop.co.uk Often the next level of subdomain is based on the departmental

structure of the organisation but it may be based on any criterionconsidered reasonable and meaningful by the network administrators for the organisation: .eesf.brad.ac.uk, .eimc.brad.ac.uk

The very left-most portion of the name is always the unique name assigned to the host machine and is called the `hostname', the portion of the name to the right of the hostname is called the `domainname' and the complete name is called the`Fully Qualified Domain Name‘: www.inf.brad.ac.uk

Internet Corporation for Assigned Names and Numbers (ICANN)

http://www.icann.com/

What Does ICANN Do?

To reach another person on the Internet you have to type an address into your computer -- a name or a number.

That address must be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination, we wouldn't have one global Internet.

www.internic.net:

The InterNIC® web site is a public information resource for Internet users worldwide.

It provides information on the domain-name system, the domain-name registration process, and domain-name registrars.

To access information regarding registered domains, go to the Registry Whois.

For Whois information about country-code (two-letter) top-level domains, try Uwhois.com.

http://www.whois.net/ http://www.betterwhois.com/ http://www.nic.uk/

Nominet UK is the registry for .uk internet names.

Manages the authoritative database of .uk domain name registrations.

A not-for-profit company - has members instead of shareholders.

Nominet is officially recognised as the .uk domain name registry by the internet industry, users and the UK Government.

DNS You will need to know what domain your hosts name will belong to. Eg .eimc.brad.ac.uk

The name resolver software provides this name translation service by making requests to a `Domain Name Server', so you will need to know the IP address of a local nameserver that you can use. Eg. 143.53.238.5

The Domain Name Server converts machine names to IP addresses, so allowing messages to pass between machines in a format they understand.

http://en.wikipedia.org/wiki/Dns

/var/named/eesf.zon;This file is used to resolve hostnames to IP addresses. The origin refers to the eesf.brad.ac.uk domain

; nameservers for eesf.brad.ac.uk domain

IN NS d4bs.eesf.brad.ac.uk.

$ORIGIN eesf.brad.ac.uk.

d4bs IN A 143.53.138.20

dforbes IN A 143.53.138.10

; services

$ORIGIN eesf.brad.ac.uk.

ftp CNAME d4bs.eesf.brad.ac.uk.

www CNAME d4bs.eesf.brad.ac.uk.

Domain Name System http://en.wikipedia.org/wiki/Domain_Name_System

Paul Mockapetris invented the DNS in 1983. The Domain Name System or DNSis a system that stores information about Internet host names and domain names.

It provides an IP address for each host name, and lists the mail exchange servers accepting e-mail for each domain.

Originally, each computer on the network retrieved a file called HOSTS.TXT from SRI - Stanford Research Institute(now SRI International), which mapped an address to a name.

The system had inherent limitations, because every time a given computer's

address changed, every single system that wanted to communicate with that computer would need an update to its Hosts file.

The host file is located in the following directories for each operating system:

Linux and other Unix related operating systems - /etc Windows 95/Windows 98/Windows Me - C:\windows\ Windows 2000/Windows XP - %SystemRoot%\system32\drivers\etc\ Windows NT - C:\winnt\system32\drivers\etc\ Mac OS - System Folder:Preferences or System Folder (Format of the file

may vary from Windows and Linux counterparts)

Blocking ads on the Internet with a list of ad server hostnames and IP addresses (http://pgl.yoyo.org/adservers/index.php)

Ad filtering: One useful ability of the host file is that it is capable of ad filtering. This is accomplished by adding a line to the file that contains 127.0.0.1 (home IP) or 0.0.0.0 (no IP). That way, when a internet capable program attempts to access the IP of an advertiser the ad is prevented from appearing. For example, if you wanted to block Doubleclick ads, youcould add the following to your host file:

127.0.0.1 ad.doubleclick.net

How the DNS works in theory

The practical operation of the DNS system consists of three parts:

* The DNS resolver, a DNS client program which runs on a user's computer, and which generates DNS requests on behalf of software programs;

* The recursive DNS server, which searches through the DNS in response to queries from resolvers, and returns answers to those resolvers;

* The authoritative DNS server which hands out answers to queries from recursors, either in the form of an answer, or in the form of a delegation (i.e. referral to another authoritative DNS server).

The DNS consists of a hierarchical set of DNS servers.

Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it.

The hierarchy of authoritative DNS servers matches the hierarchy of domains.

At the top of the hierarchy stand the root servers: the servers to query when looking up (resolving) a top-level domain name.

DNS recursion http://en.wikipedia.org/wiki/Domain_Name_System

* The process starts by the recursor asking one of these root servers - for example, the server with the IP address "198.41.0.4" - the question "what is the IP address for www.wikipedia.org?"

* The root server replies with a delegation, meaning roughly: "I don't know the IP address of www.wikipedia.org, but I do know that the DNS server at 204.74.112.1 has information on the org domain."

* The local DNS recursor then asks that DNS server (i.e. 204.74.112.1) the same question it had previously put to the root servers, i.e. "what is the IP address for www.wikipedia.org?". It gets a similar reply - essentially, "I don't know the address of www.wikipedia.org, but I do know that the DNS server at 207.142.131.234 has information on the wikipedia.org domain."

* Finally the request goes to this third DNS server (207.142.131.234), which replies with the required IP address.

This process utilises recursive searching.

Root nameserverhttp://en.wikipedia.org/wiki/Root_nameserver

A root nameserver is a DNS server that answers requests for the root namespace domain,and redirects requests for a particular top-level domain to that TLD's nameservers.

All domain names on the Internet actually end in a . (period) character -- that is, technically, Wikipedia is actually hosted on the domain "www.wikipedia.org." (try it.)

This final dot is implied, and all modern DNS software does not actually require that the final dot be included when attempting to translate a domain name to an IP address.

The empty string after the final dot is called the root domain, and all other domains (i.e. .com, .org, .net, .uk, etc.) are contained within the root domain.

There are currently 13 root name servers, with names in the form

letter.root-servers.net where letter ranges from A to M:

Letter Old name Operator LocationA ns.internic.net VeriSign Dulles, VAB ns1.isi.edu ISI Marina Del Rey, CAC c.psi.net Cogent (http://www.cogent.com/) Herndon, VAD terp.umd.edu University of Maryland College Park, MDE ns.nasa.gov NASA Mountain View, CAF ns.isc.org ISC (http://www.isc.org/) Palo Alto, CAG ns.nic.ddn.mil U.S. DoD NIC Vienna, VAH aos.arl.army.mil U.S. Army Research Lab Aberdeen, MDI nic.nordu.net Autonomica (http://www.autonomica.se/) StockholmJ VeriSign Dulles, VAK RIPE LondonL ICANN Los AngelesM WIDE Project Tokyo

the C, F, I, J and K servers exist in multiple locations on different continents

There are quite a few alternate namespace systems with their own set of root nameservers that exist in opposition to the mainstream nameservers.

Alternate DNS roothttp://en.wikipedia.org/wiki/Alternate_DNS_root In addition to the Internet's main DNS root (currently consisting of 13 nominal root nameservers

working in agreement with ICANN), several organizations operate alternate DNS roots (often referred to as alt roots).

Each alternate root has its own set of root nameservers and its own set of top-level domains.

Legal users of domains No one in the world really "owns" a domain name except the Network Information Centre (NIC),

or domain name registry.

Most of the NICs in the world receive an annual fee from a legal user in order for the legal user to utilise the domain name (i.e. a sort of a leasing agreement exists, subject to the registry's terms andconditions).

Depending on the various naming convention of the registries, legal users become commonly known as "registrants" or as "domain holders".

ICANN holds a complete list of domain registries in the world.

One can find the legal user of a domain name by looking in the WHOIS database held by most domain registries.

Tools to hack DNS YoLinux: List of Linux Security and Hacker Software Toolshttp://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html

Unix tools track hackers http://insight.zdnet.co.uk/hardware/servers/0,39020445,2123102,00.htmhttp://www.antihackertoolkit.com/tools.html

For DNS lookups use - 'dig' (domain information groper) or host -a 143.53.29.129 ns2.splice1.com ornslookup Note: nslookup is deprecated and may be removed from future releases. orhttp://www.dns.net/dnsrd/tools.html

C:\>nslookup 143.53.29.129 ns1.splice1.comServer: server4.splice1.comAddress: 66.45.242.178Name: d209.inf.brad.ac.ukAddress: 143.53.29.129

Where is the site hosted?traceroute/tracert

Is the site on-line?ping

Is there a back door or way in?nmap

How is the network routing configured?netstat -r

Kernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface143.53.28.0 * 255.255.255.0 U 0 0 0 eth1169.254.0.0 * 255.255.0.0 U 0 0 0 eth1127.0.0.0 * 255.0.0.0 U 0 0 0 lodefault Skipton.cen.bra 0.0.0.0 UG 0 0 0 eth1

How are the network cards configured?ifconfig/ipconfig

http://www.networksecuritytoolkit.org/nst/index.html

What Is a Mail Message?

A mail message generally consists of

a message body, which is the text of the message,

and special administrative data specifying recipients, transport medium, etc., as you see when you look at an envelope of a real letter.

A typical mail header may look like this:

Return-Path: <[email protected]> Received: ursa.cus.cam.ac.uk ([email protected] [131.111.8.6]) by

al.animats.net (8.9.3/8.9.3/Debian 8.9.3-6) with ESMTP id WAA04654 for <[email protected]>; Sun, 30 Jan 2000 22:30:01 +1100

Received: from ph10 (helo=localhost) by ursa.cus.cam.ac.uk with local-smtp (Exim 3.13 #1) id 12EsYC-0001eF-00; Sun, 30 Jan 2000 11:29:52 +0000

Date: Sun, 30 Jan 2000 11:29:52 +0000 (GMT) From: Philip Hazel <[email protected]> Reply-To: Philip Hazel <[email protected]> To: Terry Dawson <[email protected]>, Andy Oram <[email protected]> Subject: Electronic mail chapter In-Reply-To: <[email protected]> Message-ID: <Pine.SOL.3.96.1000130111515.5800A-

[email protected]>

This list is a collection of common header fields

From: This contains the sender's email address and possibly the “real name.” A complete zoo of formats is used here.

To: This is a list of recipient email addresses. Multiple recipient addresses are separated by a comma.

Cc: This is a list of email addresses that will receive “carbon copies” of the message. Multiple recipient addresses are separated by a comma.

Bcc: This is a list of email addresses that will receive “carbon copies” of the message. The key difference between a “Cc:” and a “Bcc:” is that the addresses listed in a “Bcc:” will not appear in the header of the mail messages delivered to any recipient. It's a way of alerting recipients that you've sent copies of the message to other people without telling them who those others are. Multiple recipient addresses are separated by a comma.

Subject: Describes the content of the mail in a few words.Reply-To: Specifies the address the sender wants the recipient's reply directed to.

This may be useful if you have several accounts, but want to receive the bulkof mail only on the one you use most frequently. This field is optional.

How Is Mail Delivered? Generally, you will compose mail using a mailer interface like pine. These programs are called mail user agents, or MUAs. If you send a mail

message, the interface program will in most cases hand it to another program for delivery. This is called the mail transport agent,or MTA. On most systems the same MTA is used for both local and remote delivery and is usually invoked as a program such as sendmail.

Local delivery of mail is, of course, more than just appending the incoming message to the recipient's mailbox. Usually, the local MTA understands aliasing (setting up local recipient addresses pointing to other addresses) and forwarding (redirecting a user's mail to some other destination). Also, messages that cannot be delivered must usually be bounced, that is, returned to the sender along with some error message.

Mail delivered over a network using TCP/IP, commonly uses Simple Mail Transfer Protocol (SMTP).

SMTP was designed to deliver mail directly to a recipient's machine, negotiating the message transfer with the remote side's SMTP daemon.

Today it is common practice for organizations to establish special hosts that accept all mail for recipients in the organization and for that host to manage appropriate delivery to the intended recipient.

Email Addresses

Email addresses are made up of at least two parts.

One part is the name of a mail domain that will ultimately translate to either the recipient's host or some host that accepts mail on behalf of the recipient.

The other part is some form of unique user identification that may be the login name of that user, the real name of that user in “Firstname.Lastname” format, or an arbitrary alias that will be translated into a user or list of users.

Internet sites adhere to the RFC-822 standard, which requires the familiar notation of [email protected], for which host.domain is the host's fully qualified domain name. The character separating the two is properly called a “commercial at”sign, but it helps if you read it as “at.”

How Does Mail Routing Work?

The process of directing a message to the recipient's host is called routing .

Apart from finding a path from the sending site to the destination, it involves error checking andmay involve speed and cost optimization.

Mail Routing on the Internet On the Internet, the destination host's configuration determines

whether any specific mail routing is performed.

The default is to deliver the message to the destination by first determining what host the message should be sent to, and then delivering it directly to that host.

Most Internet sites want to direct all inbound mail to a highly available mail server that is capable of handling all this traffic and have it distribute the mail locally.

The Mail Exchanger is a machine that states that it is willing to act as a mail forwarder for all mail addresses in the domain.