Lessons & Learnings

from real life experiences and examples

Network Protocols - Part II

In the previous chapter we learnt about the protocols that can be used for troubleshooting network level issues. There are another group of protocols that help managing and performing various services in the network e,g: assigning ip address to machines, resolving ip to name, sending email, managing machine time and so on.
In this chapter let us learn about some of use cases of such protocols

Note: There will be some interesting handson exercises at the end of the chapter.Don’t forget to try them out.


DHCP or Dynamic Host Control Protocol helps assigning ip address automatically to a machine when it is connected to a network. It works in 4 primary steps:

Img_src: [https://technet.microsoft.com/en-us/library/Bb962067.ch06xx01_big(l=en-us).gif]
DHCP Discover: When a machine is connected to a network it sends an ip lease request by broadcasting a DHCP discover message which is captured by any DHCP server that is present on same network.
DHCP Offer: DHCP server then sends a reply back to the client with an ip lease offer which is a unicast message. This offer contains the client mac address, ip address, subnet mask, lease duration and the dhcp server ip.
DHCP Request: Once that message is received the client requests for the ip address that was offered by the server.
DHCP Ack: The DHCP server then sends an acknowledgment back with ip address that gets assigned to the client. This completes the entire process of assigning ip address to a client dynamically with DHCP.

Note: Both client and DHCP server should be in the same network.


The next protocol that is very useful for network communication is DNS.DNS stands for Domain Name System. This help to translate ip addresses into names and vice-versa.This system maintains a record of all the name to ip address mapping present in the network. There are various kinds of records that is maintained in a DNS server as below:

Hostnames or A Records: These are the name entries that are mapped for the exact ip address of the host hence the name Host names.
Alias or CNAME Records: The CNAMEs are the alias dns names that can be mapped to a Host names.Thus it is possible to have multiple names mapped to a single host ip.This mechanism is useful while creating web applications with different urls or names hosted on the same machine.
Main Exchanger or MX Records MX records are the entries that tell us the mail exchanged for that particular domain. This is useful when we send email across different domains.This will be discussed in detail in next section.
These records in any DNS server is saved in two groups what is called a zones.There are two types of zones.
Forward Lookup Zones: This is where all the A, CNAME and MX records are saved. Reverse Lookup Zones: This zone saves the ip addresses of the corresponding names.
DNS server are also referred to as Name Servers.They can be of two types:
Authoritative Name server: This one is the used for name resolution within the same network or domain that has been configured in it.
Caching Name Server: This saves the dns queries in record for a certain time period as configured. This is usually useful when we are maintaining an public facing name server for the external world to resolve our private domain names.Here is a pictorial representation of how a client resolves a dns query. For instance lets say we go connect to www.wikipedia.com from browser.What happens next, we see the webpage with the all its contents.Ever wondered for this magic happened in seconds? How did the browser know where is wikipedia.com and where did this webpage come from? So many questions right.This ain’t any magic.Let see how this works.

Img_src: [https://upload.wikimedia.org/wikipedia/commons/0/09/DNS_in_the_real_world.svg]

As in the above image a certain client in you computer say in this case the browser tries to connect to www.wikipedia.com it first sends the request to its local DNS resolver. Every operating system maintains their own local cache of dns entries and also the details of which is their name server. In Linux the file /etc/resolv.conf tells which is the name server. The local dns resolver then sends the request to the network DNS resolver or server. It can be either your internal dns server in your organization or ISP dns server at home broadband.This kind of search is call recursive dns search.

Img_src: [https://en.wikipedia.org/wiki/File:An_example_of_theoretical_DNS_recursion.svg]

The DNS recurser then sends the request to your organization external facing name server which then sends the query to wikipedia name server. Once it reaches wikipedia name server it resolves the name www.wikipedia.com to the ip address that it points to and the reply is send back to your org name server and goes through the same path of dns recurser and finally reaches your computer and then to your browser client. This you browser gets connected to www.wikipedia.com. This is how dns works.


1. How to troubleshoot dns issue ?
Scenario: How to troubleshoot error below while connecting to www.example.in from browser.

Using commands like nslookup or dig we can check whether dns is working or not. A successful nslookup query looks something like this:

nslookup www.wikipedia.com

Non-authoritative answer:
Name:   www.wikipedia.com

A failed dns result looks something like this:

nslookup www.example.in

** server can't find www.example.in: NXDOMAIN

This shows that records for www.example.in is not entered in the dns server.

2. Alternative to DNS server

If you do not have a dns server then another alternative to resolve names for ip address is host file entries on local machines.You can edit /etc/hosts in your machine and add an entry as below.Look at the last line where there is an entry for www.example.in

cat /etc/hosts
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##   localhost broadcasthost
::1             localhost
fe80::1%lo0 localhost www.example.in

Note: Host file entries are not recommended when you have multiple systems and services that you have hosted, because it becomes difficult to manage entries in each machine and prone to human error. So DNS entries are always recommended.