Network Attacks

There are different types of network attacks that can harm computer network. The network attacks are classified into three main categories which are following:

• Reconnaissance attacks 


• Access attacks 


• Denial of service 

Reconnaissance Attacks

The attackers use internet tool for the reconnaissance attack, such as the whois and nslookup, to resolve the IP address of the host or the organization. Once the attacker resolves the IP address, then he can ping the public addresses to identify the address that is active. The attacker also can use ping sweep tool such as fping and gping that automatically pings addresses in the given range. The attacker can also use port scan and packet sniffing.

Access Attacks

the unauthorized manipulation of data, system access, or user privileges

This type of attack use vulnerabilities in the operating system authentication service; web and FTP services to get access to different types of account such as web account; databases and information services. This attack allows attackers unauthorized access to information that the attacker have no rights. The access attacks are classified into four types:

• Password attacks - The attackers use a different technique to get a password of the users, such as packet sniffers, Brute-force-attack and Trojan horse.


• Trust Exploitation – For this type of access attacks, the attacker can use active directory services and network files systems.

• Port Redirection – In this type of attack the attackers used compromised computer ports to get access on another computer on the network.

• Man-in-the-Middle – in this type of attack the attacker inter between the server and client.

Denial of Service Attacks

Denial of Service (DoS) attacks is the most difficult attack to avoid and eliminate. DoS attacks are required so little effort to execute but it is too damaging than other types of attacks. So DoS attacks need special attention from network security administrators. The DoS attack has many forms, to help prevent DoS attacks it is important to systems with the latest security update for operating system and application.

The Dos attacks prevent authorized peoples from using a service by using up system resources. following are some types of DoS attacks

• Disk space, bandwidth, buffers overloading


• Ping floods such as smurf


• Packet storms like UDP bombs and Fraggle


• Oversized packets such as ping of death


• Overlapping packet like winuke


• Unhandled data such as teardrop.

Types of Malware

Malware or malicious software is a program or code file that is dangerous and unsafe for a user computer. This code is specially designed to harm, interrupt, steal, delete, monitor or other illegal action on user computer or networks without any permission. The malware includes viruses, Trojan horse, worms, and spyware. 

Viruses

The virus is a kind of malware that spread out inserting a copy of itself into the user computer and fitting itself as a part of another program. It spreads from computer to computer. It reproduces and spread itself using programming files or document. A virus inserting or attaching itself to a valid program or document that supports macros to execute its code.

 A virus has the power to cause harmful or destructive effects, for example, harming the system software by corrupting or destroying data which causing denial-of-service (DoS) conditions. All types of viruses are attached to an executable file, that will not be active until a user runs this affected file. When a user opens the affected file, a viral code is executed also. Usually, the affected program work but; viruses overwrite other programs with copies of themselves, which destroys the computer programs completely. Viruses also spread when the software or document are copied or transferred from one computer to another.

Worms

Computer worms are a type of malicious software just like viruses. It is a self-replicating program that duplicates functional copies of themselves and can cause the same type of damage like a virus.  In comparing to viruses, which require infected host file to spread; worms are individual software and it does not require a host file, program or human help to spread.

The computer worms are not requiring attachment to a program to infect a host and enter a computer through vulnerability. The computer worms often use parts of a computer operating system that are automatic and invisible to the user.  It is usually, noticed when it consumes maximum system resources, slowing and halting the computer tasks.

Trojan Horses

Trojan horse is another harmful program for computers. The cyber-thieves used Trojan to gain access to the user's system. Users are usually tricked into loading and executing it on their systems by using some social engineering. Once it is executed on the user's computer; it can steal users important data, it can also get backdoor access to the user's system. Trojan horse can delete user data from the system. It is also used to activate and spread another malware program on the user’s computer.

Like viruses and worms, Trojan horses do not use the self-replicate method to infect other files.  It should spread through user interaction such download files from the internet; accepting files while chatting to unknown persons and opening an e-mail attachment from an untrusted source.

Types of Vulnerabilities

Weaknesses of the network which is intrinsic in every network and its device which included routers, switches, servers, desktops and even security devices e.g. firewall etc. Usually, the endpoints are under attacks, such as servers and desktop computers. Defending the privacy of information, securing from unauthorized access and shielding the network against attacks are the primary issue of network security professionals today. There are three primary vulnerabilities of the network. Which lead to various attacks on the network, including malicious code attacks and network attacks.

Technological

• HTTP, ICMP, and FTP are basically insecure. SMTP and NSMP are related to the insecure structure upon which TCP was designed.


• The operating system UNIX, Linux Mac OS, Mac OSX, Window has the security problem that must be considered by network administrators.


• There is various type of network equipment, such as switches, routers, and firewalls. These all have a security weakness including password protection, lack of authentication, protocols and firewall weakness that must be acknowledged and protected.

 Configuration

The vulnerabilities of configuration are following:-

• User Account Information may be transmitted over the network insecurely, which exposing username and passwords.


• Another common vulnerability is easily guessed password and username. The system account password must contain uppercase latter, lower case latter, figures, and signs.


• Javascript in the web browser, enabling attacks by way of hostile javascript when accessing untrusted sites.IIS, FTP, and terminal services also pose problems


• The difficult setting of devices enables security holes.


• Misconfiguration of the equipment is also a big security problem.

Security policy

The vulnerabilities of security policy are following:-

• An un-written security policy cannot be consistently applied.


• Default password and poorly chosen password like dictionary word can easily allow hackers unauthorized access to the network.


• Unauthorized changes to the hardware and software which not meet the policy can create security risks

Types of Threats

Threats to the network security are an emergent problem for the individual as well as organizations in the whole world, and the threats become worse and multiply day by day. Computer networks are necessary for everyday activities and both the Individuals and organizations depend on their computers and networks.

Intrusion to these computers by an illegal person can result in network breakdown and loss of data and works. Attacks on a network can be disturbing, which result in a loss of time and money due to damage or theft of significant information.

The Intruders can enter into the network through software vulnerabilities, through guess someone's username and password and hardware attacks. An intruder is an individual commonly called hacker or software that enters a computer without authorization. When intruder (hacker) successfully gains access to the network, four types of threats may happen:-

Loss of Data and manipulation

When hacker successfully enters to someone computer, he destroys or alters data records. Examples sending a virus that reformats a computer's hard drive and breaking into a records system to change information.

Information Theft

In this case when intruder gain access to the computer which obtains confidential information. The intruder used this Information for different purposes and he also sold this information.

Identity Theft

The individual usually obtains the personal document on their personal computer.  The intruder stole this personal information. Using this information, an intruder can get legal documents, make an unauthorized purchase and apply for credit.

Disruption of service

If the intruder can't get in, then he tries to ensure that no one else can, either. This is the Dos (denial-of-service attack). This kind of threat does not try to get information directly, depending on which service crashes under the load, their effect can expose other resources that were previously protected.

Physical Security Threats

The physical security is another important aspect of network security. The aspects of physical security must be dealt with in an organizational policy. The physical security has four classes of physical threats are:

• Hardware threats– hardware threat is physical damage network devices, servers, and workstations.


• Electrical threats– This threat is about the input voltage, the voltage may be insufficient, voltage spikes, unconditioned power, and complete power loss


• Maintenance threats– This threat is about poor handling of electrical components, poor cabling and labeling and lack of spare parts.


• Environmental threats– Environment threat also important, the temperature too hot or too cold and humidity too wet or too dry are the environmental threats.

To Limit the physical damage to equipment, make a security plan is as follow:-

• Lockup equipment


• Prevent unauthorized access


• Maintain electronic logs of entry and exits


• Use security cameras

The figure below illustrates a general floor plan for a secure computer room for a network. 

Small Network Growth

Growth is a natural process for many small businesses, it must grow up with the passage of time. Many of larger companies start as small companies. The world-leading Microsoft company start with two persons.  A strategic plan will help you to grow your company. Ideally, the network administrator has much time to make smart decisions about increasing the network in sequence with the growth of the company. To balance a network and take a decision the below elements are used to scale a small network into a large network.

Network documentation – diagram of the physical and logical topology

Device inventory – The list of devices included in the network

Budget - itemized IT budget, including fiscal year equipment purchasing budget

Traffic analysis - protocols, applications, services and their respective traffic requirements e.g. bandwidth and disk/storage capacity should be documented a planned.

Network segmentation requirements. Based on performance, Security, Management, and availability requirement.

Protocol Analysis

When a network is growing, it is important to understand the type of traffic that will be crossing the network including current traffic flow. If the types of traffic are not known; a protocol analyzer can help recognize the traffic and its source. During peak hours try to capture the network traffic to find out the traffic types. Also, perform capture on different network segments for better understand. The figure below illustrates the network analyzer for different segments.

The protocol analyzer is analyzing the bases of its source and destination as well as the type of traffic being sent. The analysis can be used to make decisions on how to manage the traffic efficiently when relocating a server. 

Employee Network Utilization

When the network is growing, it is very necessary for a network administrator to understand; how network usage is going to change.

In addition to understanding changing traffic trends, a network administrator must also be aware of how network use is changing. The small network administrator has the capability to get  “snapshots” of employee application utilization for an important portion of the employee workforce time to time. These snapshots may contain information about:

• Operating system and its Version


• Both Network and Non-Network work application


• CPU, Drive and RAM Utilization

Common Applications

Without applications, the network is not too useful. The applications are software programs that used to communicate over the network or process that giving access to the network. The application has two types, network application and application layer services.

Network Applications

The network applications are used to communicate over the network. Some end-user applications apply application layer protocols and are able to communicate straight with the lower layers of the protocol stack. Email clients are the example of this type of application.

Application Layer Services

Network print spooling and file transfer over the network is required application layer services to use network resources. These services are the software programs that interface with the network and organize the data for transfer. Several types of data e.g. text, graphics audio, and video are required different network services to make sure that the data is perfectly ready for processing.

Each application or network service uses protocols, which describe the standards and formats to be used for data. There is no way to format data without common network protocols. Before understanding the role of network services, the understanding of protocols is very important. In the Windows operating system, we can view the current application, services, and running process as shown in the above figure. Following are the common protocols uses in networking:-

DNS

DNS was created to change the numeric address into a simple, recognizable name. The DNS is short for Domain Name System (or Service or Server). 

Telnet

Telnet is a service that allows network administrators to log in to a host remotely and control the host just like they are working locally.

Email Server

SMTP, POP3, or IMAP are used to send email messages from clients to servers over the Internet.

DHCP Server

DHCP is the service that assigns the IP address, subnet mask, default gateway, and other information to clients automatically.

Web Server

Web server is used to transfer information and data between web clients and web servers

the majority of websites are accessed using HTTP (Hypertext Transfer Protocol)

FTP Server

The FTP service allows download and uploads files between a client and server

Voice and Video Applications

Streaming media is too much important for businesses to communicate with customers as well as their business partners. The network administrators must care that the equipment is properly configured, installed and it’s meet the requirements of real-time applications. The administrator must determine whether the present switches and cabling can support the traffic that will be added in near future.  

VoIP

VOIP stands for Voice Over Internet Protocol. In common terms, VOIP is call service over the Internet.
VOIP is required quality Internet connection for getting a phone service through Internet connection instead of the local phone company. VoIP can also be used with traditional phone service because VOIP service providers typically give low call rates than traditional phone services.

We can use a traditional phone set using ATA (analog telephone adopter). The ATA adopter converts the analog signal into digital IP packets and vice versa. The device is attached between a traditional analog phone and the Ethernet switch. VoIP is too much less expensive than an integrated IP telephony solution, but the quality does not meet the same standards

IP Telephony

In IP telephony the ATA adopter is no more required because the IP phone itself performs the voice-to-IP conversion. The IP phones use a separate server for call control and signaling.

Real-time Applications

A real-time application is a software program that works within a time frame that the user senses as current. This kind of software uses Real-Time Transport Protocol (RTP) and Real-Time Transport Control Protocol (RTCP). The QoS mechanism controls the latency of less than a defined value, which usually measured in seconds. Video conferencing application, online gaming video chatting are the examples of Real-time applications

Redundancy and Traffic Management in a Small Network

Redundancy In a Small Network

Redundancy is another important factor of the network design. Its provide reliability in the network. In a business community, the breakdown of the network can be very costly. So, to maintain reliability in the small network, the redundancy is must be required in the network design. It helps to get rid of single points of network failure. There are several ways to achieve redundancy in the small network.

The network redundancy can be taken by installing standby and alternate network devices e.g router and switches but it can also be taken by installing duplicate network links for important areas within the network. In the case of redundancy, When the primary path is not available, the redundant path can immediately start to make sure minimal downtime and continuity of network services. 

The Small networks normally give a single route in the direction Internet using one or more default gateways. If the gateway fails, the whole network loses connectivity to the Internet. So, in this case, it may be suitable for a small business network to pay for a second service provider as a backup. The figure below illustrates network redundancy. 

Traffic Management

The traffic management is another consideration for network administrators. There are different types of traffic and their behavior in the network design to be considered. The real-time traffic required configuration of router and switches, such as voice and video; in a different way relative to other data traffic. A good network design will categorize traffic according to the priority of traffic; as shown in the below table how traffic is categorized. In the end, to enhance the efficiency of the staff and minimize network downtime is important for a small network to minimize downtime.

 

Voice	High Priority	Real-Time Traffic
Video	High Priority	Real-Time Traffic
SMTP	Medium Priority
Internet Messaging	Normal Priority
TCP	Normal Priority
File Transfer Protocol	Low priority

 

IP Address Planning for Small Network

The IP address planning is very important for implementing a small network. All hosts within the small network should have a unique address. The IP addressing scheme must be planned and documented. The IP addresses should be maintained based on the type of device configure the addresses. The different types of devices that required IP addresses are:-

• Servers


• End devices


• Intermediary devices


• Hosts that are accessible from the Internet

The Figure below illustrates the devices which require IP address Planning to assign an IPv4 address.

Proper planning and documentation of the IP addressing are necessary for helping the network administrator to track device types and troubleshoot. Usually, the network administrator knows the ranges of IP addresses assigned to devices. For examples, if all hosts are assigned the IP address range from 100 to 200 and the servers are assigned an IP address between the range of 220 – 250; so it is easy to identify the traffic by IP address; and it is very useful when troubleshooting the network traffic issues using a protocol analyzer.

style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-5785941393087442"
data-ad-slot="7701536484">

If IP address scheme is documented, the network administrator can easily control access to the resources available on the network. The IP addressing scheme is important for hosts that providing resources to the internal and external network such as e-commerce servers. Without proper planning, the security and accessibility are not possible. If a host has a random address assigned from address range, blocking access to this host is difficult. Different device types should be assigned a logical block of addresses within the address range of the network.

When you are a network administrator and want to set up a small network; If you only have a few computers. You maybe assign your network private IP addresses from the 192.168.0.0 to 192.168.255.255 range. There are sufficient addresses available for a small network. If your computer needs to access the internet, you may require public IP address. The public IP address you must purchase from ISPs.

Small Network Topologies

The small networks topologies and technique is too impotent for network professionals because the majority of businesses are required small networks. The small network's design is generally very simple. Generally, the network topologies contain a single router and one or more switches. The small networks may possibly have access points (possibly built into the router) and also IP phones. As for the requirement of the internet, the small networks usually use only a single WAN connection provided by internet service providers. The internet connection may be in the shape of DSL, cable, or an Ethernet. The figure below display the typical small network.

The small network also requires the same skills which required for managing a larger network. The main work in the small network is maintenance and troubleshooting after one-time installation of equipment. The securing devices and information on the network are important for the network administrator.

Device Selection for a Small Network

The small networks also required planning and design according to the user requirement. Network planning ensures the requirements of the user, cost of the network, and implementation options. For a small network implementation, the type of intermediate devices is very important for the design. For the selection of intermediate devices, there are some important factors that required to be measured.

Type of Intermediate Devices

For the implementation of a small network, the first design considerations are the type of intermediate devices have to use in the network. While selecting intermediate devices, there are some factors that need to be measured

Cost

The cost of intermediate devices is determined by its capacity and features. The capacity of the intermediate device based on the number and types of ports available. The network management capabilities, embedded security technologies, and advanced switching technologies also affect the cost of the devices.

The cable cost also is considered which required to connect all device on the network. The redundancy is another factor which affects the cost of the network.

Ports/Interfaces Speed and Types

The interface and port selection on intermediate devices router or switch) is an important decision. Some computers have built-in 1 Gb/s NICs. 10 Gb/s ports also available on newer computers, workstations, and servers. It is too much expensive; to accommodate increased speed on Layer 2 devices that allow the network to evolve without replacing central devices.

Expandability

Both fixed and modular type of network devices is available. Fixed devices have a fixed number and type of ports or interfaces available which cannot be changed, while modular devices have expansion slots that give the flexibility to add new modules as per requirements. Switches are also available with extra ports for high-speed links.

Operating System Features and Services

The operating system feature usually depends on the version of the operating system, a network device usually support features and services, such as:

• Quality of Service (QoS)


• Security


• Voice over IP (VoIP)


• Dynamic Host Configuration Protocol (DHCP)


• Network Address Translation (NAT)


• Layer 3 switching

Server Message Block (SMB)

The Server Message Block (SMB) is a network protocol that allows the host to share data within the same network. It is share directories, files, printers, and serial ports as easily as if they were on the local computer. It is a request-response protocol and it used TCP port 445 for communication. All the messages of Server Message Block protocol have a common format, which uses a fixed-sized header, with a parameter of variable size and a data component.

The Server Message Block protocol suite is comparatively easy and simple. It includes commands for resource operation that you might perform on a local disk or printer, such as:

• Creating new files and directories


• Deleting files and directories


• Opening and closing files


• Searching for files and directories


• Reading and writing and editing files


• Queuing and dequeueing files in a print spool

style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-5785941393087442"
data-ad-slot="5068931457">

The Server Message Block servers make the file systems and resources available to the clients in the network. The clients make SMB requests for the available resources on the server using the commands and the servers create SMB response messages. The following are the SMB messages types:-

• Initiate, authenticate, and terminate the sessions


• Control access to file and printer


• Allow to send and receive messages using application

The files sharing and printer sharing both are the main services of Microsoft networking. With releasing of Windows 2000, Microsoft changed the original structure for using SMB. Before Windows 2000, the Server Message Block services used a non-TCP/IP protocol to execute name resolution but after windows2000; all Microsoft products use DNS naming, which allows TCP/IP protocols to support SMB resource sharing. The figure below illustrates the SMB protocols connection establishment.

Using Server Message Block, once the connection is established, the user of the client can access the resources on remote end as if the resource is local to the client host.

although SMB was initially created for Windows; now it can also be used by Linux Unix and Mac OSX, using a software called Samba. With using Samba, Linux, Mac, Windows, and Unix computers can share the same files, folders, and printers.

File Transfer Protocol (FTP)

File Transfer Protocol is an another most used and standard Internet protocol for transmitting files between computers on the Internet over TCP/IP connections. It is application layer protocol. It was first created in 1971 to transfer data between a client and a server. To use this protocol, FTP client application is required on a computer that is used to send and receive data from a server running an FTP daemon (FTPd). The FTP is client-server protocols that work on two channels between client and server:

• Command channel for controlling the conversation between host and server


• Data channel for transmitting and receiving files between client and server

style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-5785941393087442"
data-ad-slot="5068931457">

Clients initiate a connection to the servers to manage traffic using port 21, consisting of client command and server replies. After the client command and server replies, the client establishes the second connection to the server for the transfer of actual data using TCP port 20. The connection to port 20 is established every time there is data to be transferred. The figure below illustrates the FTP connection.

The FTP client can download, upload, delete, rename, move and copy data on a server depending upon user rights. A user typically needs to log on to the FTP server, while some servers use anonymous user for some or all of their content available without login.

The File Transfer Protocol sessions work in two modes, passive and active. In active mode, when a client opens a session via a command channel request; the server then open a data connection back to the client and start transferring data. In the passive mode, the server as an alternative uses the command channel to send the client the information it required to open a data channel. Because in the passive mode the client has initiated all connections, it works better across firewalls and NAT.

The FTP client can work via a simple command line interface; with a graphical user interface (GUI) and the Web browsers can also serve as FTP clients.

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) is a protocol used to provide fast, automatic, and central management for the allotment of IP addresses within a network. The Dynamic Host Configuration Protocol (DHCP) automates the assigned IP addresses, subnet masks, gateways, and other networking parameters. This is called dynamic or automatic addressing. The alternative to dynamic addressing is static addressing. In the static addressing, the network administrator manually assigns and configures IP addresses on hosts.

When a client device is turned on and connects to the network; the device requests an IP address from a DHCP server; the DHCP server chooses an address from a configured range of addresses called a pool and assigns it to the client device on lease bases.

DHCP is an ideal and efficient system on a larger network to configure IP address settings where client’s changes occurred frequently. New User may arrive and want connection and someone want to leave the network. Static IP address configuration is too difficult in such a larger network.

DHCP addresses are issued to clients on leased bases. When the lease period is expired; the address must be renewed by DHCP if the client is connected to the network. If the client has been powered down or taken off the network; the address is returned to the pool for reuse.

A variety of devices can be as DHCP servers. The DHCP server in most of the networks is generally a local and dedicated PC-based server. The home users DHCP server is usually a local router that connects the home network to the ISP. Several networks use both static and DHCP address settings. The static addressing is used for network devices and DHCP is used for general purpose. The figure below illustrates the types of DHCP servers that can be used.

There are two types of DHCP, DHCPv4 and DHCPv6 both provide similar services for there clients. The main difference between DHCPv4 and DHCPv6 is the gateway, DHCPv6 does not provide a default gateway address. The gateway can only be obtained automatically from the router's Router Advertisement message.

Dynamic Host Configuration Protocol (DHCP) Operation

When device configured for DHCPv4 boots up or connects to the network; the DHCP client sends broadcasts a DHCP discover message to discover any available DHCP server. When DHCP server receive (DHCPDISCOVER) message, it replies with a DHCPOFFER message. The offer message contains the IPv4 address including subnet mask; the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The offer also includes the duration of the lease period.

Incas of multiple DHCP servers exist on the network, and then the client may receive multiple DHCPOFFER messages. So, the client should choose between them, and sends a DHCPREQUEST message. The DHCPREQUEST message identifies the exact server and leases offer that the client is accepting. A client can also request an address that it had previously been allocated by the server and the server should allow the previously used IP address.

Once the offer has been made for the chosen IP address; the device responds to the DHCP server with a DHCPREQUEST packet to accept it; after which the server sends an ACK that's used to confirm that the device has that specific IP address and to define the amount of time that the device can use the address before getting a new one. If the server decides that the device cannot have the IP address, it will send a NACK.

For example, the client requested the IPv4 address, or offered by the server; is still available, the server returns a DHCPACK (DHCP Acknowledge) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, then the server responds with a DHCP negative acknowledgment (DHCPNAK) message. If a DHCPNAK message is returned to the client; then the selection process should start again with a new DHCPDISCOVER message from the client. When a client gets a lease, it should be renewed previous to the lease expiration through another DHCPREQUEST message. The DHCP server is responsible to assign are unique IP addresses to the host.

DHCPv6 has the similar set of messages, the messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY

Domain Name Service (DNS)

In the network, devices are labeled with numeric numbers called IP addresses to send and receive data over networks. Domain names were created to change the numeric address into a simple, recognizable name. The DNS is short for Domain Name System (or Service or Server). It is a large database which resides on various computers and it contains the names and IP addresses of different hosts on the internet and different domains. It is the Internet's equivalent of a phone book.

The domain name service is an important service because, domain names are easy for people to remember and access a computer, servers, and websites based on IP addresses. The domain name, such as http://fschub.com, are much easier for the humans to remember that its IP address 192.169.80.98.  In case of changing the IP address of http://fschub.com, it is clear to the user because the domain name remains the same. The new address will be simply linked to the existing domain name. The DNS defines an automatic service that matches resource names with the required numeric IP address including queries format, responses, and data. The DNS protocol uses a single format called a message for all types of client queries and server responses, error messages, and the transfer of resource record information bet]. ween servers.

The domain name system is its own complete network. If one DNS server doesn't know how to translate a particular domain name, it asks another DNS, and so on, until the correct IP address is returned. The Figure below illustrates the steps involved in DNS resolution.

DNS Message Format

The DNS server has two types of messages: query and response. The query message contains a header and question records and the response message contains a header, question records, answer records, authoritative records, and additional records.
The DNS server stores names, addresses and some other records to resolve the names.  Some types of records are following:

• A            -   The IPv4 address of An end device


• AAA      -   The IPv6 address record of an end devices


• NS         -   An authoritative name server


• PTR      -   Record contains the name of a node in the DNS namespace.


• SRC      -   Record contains information about a server


• TXT      -   Record contains arbitrary text


• MX       -   A mail exchange record

Whenever a host sends a query for name resolving, the DNS process, first of all, checks its own stored records to resolve the name. If the record is not found in its own stored records, then it forwards the query to other servers to resolve the name. Once a name resolved and returned to the requesting server, the server for the time being stores the IP address in the event that the same name is requested again.  The figure above illustrates that process.

The DNS Client service on Windows PCs also stores subsequently resolved names in memory. The ipconfig /displaydns command displays all subsequently resolved entries that cached in the memory. DNS uses the below message format for all types of client queries and response, error messages and for resource record sharing between DNS servers.

The DNS has two types of messages, query, and response. Both have the same format. The query message consists of a header and the question records and the response message contents of a header, question records, answer records, authoritative records, and additional records as shown in the figure.

Header -The header is an important element for any message because header contains important control fields. In DNS messages, the header section carries several key control flags and is also where we find out which of the additional sections are even being used in the message. The header also states whether the message is a query or a response. The header for both query and response are the same as shown in the figure. The length of the header is 12 bytes.

Questions-The question section contains fields that describe a question to a name server and the question may be query or response. If the message contains a query then this section contains the question expressing the query. If the message is a contain response than this section contains the question sent in the query to which this is the response.

 Answers- The answer section contains resource records that answer the question. If the message contains a non-error response then this section contains the resource record(s) which match the query to which this is the response.

Authority-The authority section contains one or more resource records that point toward an authoritative name server. If the message is an error response then this section may contain resource record(s) identifying DNS servers which can be queried instead.

Additional- the additional records section contains Resource records which relate to the query but are not strictly answers for the question. If the message is a non-error response then this section may contain resource records, which do not match the query but are related to it.

Fully Qualified Domain Name (FQDN)

For understanding the DNS hierarchy It is essential to know about Fully Qualified Domain Name (FQDN).  A fully qualified domain name (FQDN) consists of the hostname and domain name. The hostname are not case sensitive and can also contain alphabetic and numeric letters. An FQDN is the domain name that specifies its accurate site in the DNS hierarchy. It specifies all domain levels including root and top-level domains. The example of FQDN is “mail.fschub.com” where “mail” is the hostname and the “fschub.com” is the domain name.

DNS Hierarchy

The DNS uses a hierarchical system database for resolving name address. DNS uses domain names to form the hierarchy. The DNS hierarchy is comprised of the following five elements:

1) Root Level

2) Top Level Domains

3) Second Level Domains

4) Sub-Domain

5) Host

Root Level

The DNS root zone is the uppermost level in the DNS hierarchy tree. The root name server is server for the root zone. Thes servers contain the information that makes up the root zone, which is the global list of top-level domains.  The root name servers are very important as they are the first step in resolving a domain name. The root name server are the authoritative servers which serve the DNS root zone. These servers contain the global list of the top-level domains. The root servers are operated by 12 different organizations:

• University of Maryland


• VeriSign Global Registry Services


• Cogent Communications


• University of Southern California, Information Sciences Institute


• Internet Systems Consortium, Inc.


• NASA Ames Research Center


• VeriSign Global Registry Services


• US Army Research Lab


• US DoD Network Information Center


• Netnod


• WIDE Project


• RIPE NCC


• ICANN

 Top Level Domains (TLDs)

TLDs are the next level in the DNS hierarchy. There are many TLDs that serve at the moment. As we have seen the TLDs are classified into two subcategories. The different top-level domains represent either the type of organization or the country of origin. Examples of top-level domains are:

• .com     -   A business or industry


• .org       -   A non-profit organization


• .edu      -    Educational Institutions


• .gov      -    Government Intuitions


• .mil      -     Military Groups


• .net      -     Major network Support Centers


• .org      -     Nonprofit Organization and others


• .int       -     International Organization


• .au       -      Australia


• .pk       -      Pakistan


• .us        -      United States

Second Level Domains

Second Level Domain is come after TLDs in the DNS hierarchy. These domain are directly below the TLDs. Second Level domain are an important part  of the DNS. There are no limits of second level domain like the TLDs. If the domain is available anyone can purchase it.

 Sub-domain

The sub-domain is the last level in the DNS servers. It is the part of the main domain. the only domain that is not only a subdomain is the root domain. For example, alfa.example.com and bravo.example.com are subdomains of the example.com domain, which in turn is a sub domain of the com top-level domain (TLD).

This is the DNS hierarchy and elements of the DNS hierarchy. The DNS hierarchy is just like an inverted tree. The figure below illustrates the hierarchy of DNS.

The nslookup Command

The domain name server addresses are important for network device configuration. Generally, the ISPs provide the IP addresses to use for the DNS servers. The host usually requests to connect to a remote device by name; the requesting client queries the name server to resolve the name to IP address.

The operating systems also have a utility called nslookup that give the opportunity to manually query the nameservers to resolve a given host name. The nslookup can also be used to troubleshoot name resolution issues and to verify the current status of the name servers.