HTTP and Web Technologies Flashcards

Question

What is HTTP TRACE?

Answer 1

It is used to retrieve the hops that a request takes to round trip from server and is used for diagnostic purposes. Ex. TRACE /home/class

Answer 2

HTTP OPTIONS method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval. The request can be either 1. OPTIONS /catalogue/home HTTP/1.1 or 2. OPTIONS * HTTP/1.1 The client can send a URI for OPTIONS method or an asterisk (*) to refer to entire server. Minimally, the response should be a 200 OK and have an Allow header with a list of HTTP methods that may be used on this resource. It is used mostly by APIs to describe to user what he/she is allowed to do with each resource exposed by their endpoints.

Answer 3

Status code provides the status of server's processing of the request from client. The status codes starting with 1xx: information message (request is received by server) 2xx: request processing successful 3xx: redirection 4xx: client error 5xx: server error

Answer 4

Continue server has received the request headers and the client should proceed to send the request body.

Answer 5

Switching protocols

Answer 6

OK request was processed successfully and response was sent

Answer 7

Created New resource was created by request on server

Answer 8

Accepted | the request has been accepted for processing

Answer 9

No Content the request was processed successfully but does not contain any data

Answer 10

Multiple choices multiple options for the resource from which the client may choose (via agent-driven content negotiation)

Answer 11

Moved permanently the new location of resource is given in the Location option inside response header

Answer 12

Not modified The resource is not modified and client should use cached copy

Answer 13

Bad request server did not understand the request due to invalid syntax/too large size

Answer 14

Unauthorized need to perform authentication before accessing the resource

Answer 15

Forbidden similar to 401 except reauthentication will make no difference. The access is permanantly forbidden and tied to the application logic, such as insufficient rights to a resource (for eg, creating a duplicate record where only one is allowed)

Answer 16

Page Not Found

Answer 17

Method Not Allowed requested method is not supported for resource such as PUT request on a read-only resource.

Answer 18

Not Acceptable The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request (related to content negotiation)

Answer 19

Proxy Authentication Required The client must first authenticate itself with the proxy

Answer 20

Request Timeout request took longer than the server was prepared to wait

Answer 21

Gone resource requested is no longer available and will not be available again

Answer 22

Payload Too Large The requested resource is too large for the server to handle

Answer 23

URI Too Long The URI provided was too long for the server to process

Answer 24

Unsupported Media Type The requested resource has a media type which does not match Content-Type or Content-Encoding values of request.

Answer 25

Login Time-out The client's session has expired and must log in again.

Answer 26

Internal server error

Answer 27

Not implemented The server does not yet support the functionality

Answer 28

Bad Gateway Indicates that the server, while acting as a gateway or proxy, received an invalid response from the upstream server, requires a fix by the web server or the proxies you are trying to get access through.

Answer 29

Service Unavailable Common causes are a server that is down for maintenance or that is overloaded. This response should be used for temporary conditions and the Retry-After HTTP header should contain the estimated time for the recovery of the service.

Answer 30

Gateway Timeout The server was acting as a gateway or proxy and did not receive a timely response from the upstream server

Answer 31

HTTP Version Not Supported The server does not support the HTTP protocol version used in the request

Answer 32

Entity Tag (ETag) is an identifier assigned by server to a specific version of resource. When a server receives a request, it sends the resource with its ETag value. If the client decides to cache the resource, the ETag value is also stored. When the client requests for same resource again, the request is sent with ETag value of cached version. If it matches with ETag value of resource version on server, then 304 Not Modified status is sent to the client, asking client to fetch cached copy. If it does not match, server sends new version of resource.

Answer 33

It is used to break the response into smaller parts allowing for streaming of data instead of one big payload.

Answer 34

HTTP connection is made over TCP which is over IP.

Answer 35

HTTPS connection is made over TLS/SSL which is over TCP followed by IP.

Answer 36

In HTTP/1.0, all connections were closed after single transaction. If client wants 3 resources, then client needs to send 3 requests, which can introduce network traffic and delay. HTTP/1.1 supports long-lived connections that stay open until client explicitly closes them. These are termed as persistent connections and they are default now.

Answer 37

Client needs to send "Connection:close" in request header.

Answer 38

URLs modified to include user's state information are called Fat URLs. Some servers keep track of user identity by generating special versions of each URL for each user. Typically, a real URL is extended by adding some state information to the start or end of the URL path . As the user browses the site, the web server dynamically generates hyperlinks that continue to maintain the state information in the URLs. In this way, we can tie the independent HTTP transactions with a web server into a single session. The first time a user visits the web site, a unique ID is generated, it is added to the URL in a server-recognizable way, and the server redirects the client to this fat URL. Whenever the server gets a request for a fat URL, it can look up any incremental state associated with that user ID (shopping carts, profiles, etc.), and it rewrites all outgoing hyperlinks to make them fat, to maintain the user ID.

Answer 39

An HTTP cookie is a small piece of data that a server sends to the client during the first request. The client may store it and send it back with next request so that the server can know if requests are coming from same client. Cookies are used for 3 purposes: 1. Session management- logins/shopping cart/gaming score or anything which server should remember 2. Personalization- user preferences/themes 3. Tracking- recording and analyzing user behavior

Answer 40

When a server receives an HTTP request, it can send "set-cookie" header with response. If the client stores the cookie, then the cookie is sent with requests made to the same server inside a cookie header. An expiration date or duration can be specified, after which the cookie is no longer sent. 1. Header from server to client asking client to store cookies: HTTP/2.0 200 OK set-cookie: var1= val1 set-cookie: var2= val2 2. Header from client to server with every request to server: GET /somepage.html HTTP/2.0 Host: www.example.com Cookie: var1= val1; var2= val2

Answer 41

A session cookie contains session information that is stored in a temporary memory location and then subsequently deleted after the session is completed or the web browser is closed.

Answer 42

The cookies which expire after specific date/time instead of expiring when the client closes the session are called permanent cookies. For eg. set-cookie: var1=val2; Expires=Wed, 21 Sep 2020 07:41:12 GMT

Answer 43

Domain and path directives of a cookie set the scope of cookie- what URLs should the cookies be sent to. Domain specifies allowed hosts if specified, otherwise it defaults to the host of current URL. Ex. if Domain=mozilla.org then cookies are included on all subdomains like developer.mozilla.org Path indicates the URL path that must exist in requested URL in order to send cookies. The "/" character is directory-separator and subdirectories will match as well. Ex. if Path=/docs then /docs, /docs/web, /docs/web/HTTP will match.

Answer 44

Cookies that recreate after deletion are called zombie cookies. They are recreated from backups stored outside of client's dedicated cookie storage.

Answer 45

It is similar to basic authentication performed by server upon receiving client request except the authentication is asked by an intermediate proxy, not the target server. 1. Client sends a request to the server. 2. An intermediate proxy server sends "407 Proxy Authentication Required" response along with Proxy-Authenticate header to client. 3. Client prompts user for login. 4. The login credentials are sent in Proxy-Authentication header of request. 5. After the proxy validates the credentials, request is forwarded to the target server.

Answer 46

Basic, proxy and digestive

Answer 47

1. Client sends a request to the server. 2. Server sends 401 Unauthorized response along with WWW-Authenticate header to client. 3. Client prompts user for login. 4. The login credentials are sent in base64 encryption format in Authentication header of request. 5. After the server validates the credentials, response containing the resource is sent to client.

Answer 48

It is quite similar to basic authentication performed by server except digest authentication uses more secure hashing functions to encrypt user's login credentials (MD5 or KD) and does not need password to be sent in the request. It requires servers to store the hash of user's password such that it cannot be decoded to get the password. The process goes like this: 1. Client sends a request to the server. 2. Server sends 401 Unauthorized response along with WWW-Authenticate header to client, which contains realm (group of web pages who use same authentication so that user doesn't get prompted every time he/she goes to different page) and nonce(random number that can be only used once). 3. Client prompts user for login. 4. Client generates an MD5 hash of username, realm, password and server nonce. This result is referred to as HA1. 5. Client generates another MD5 hash of HTTP method and URI. This result is referred to as HA2. 6. The MD5 hash of combined HA1, server nonce, client nonce and HA2 is calculated. This result is referred to as response and is sent to server finally. 7. Server takes the username and realm and generates its own version of MD5 hash of username, realm, server nonce and hashed password for that user available in server's database. 8. If client-generated and server-generated MD5 hashes are equal, then authentication is complete. Otherwise it gives 401 Unauthorized response. The obvious advantages are that the password is not sent directly and server nonce is allowed to contain timestamps so that replay attack can be prevented. On the down side, digest authentication is vulnerable to MITM attack. An MITM attacker could ask client to use basic authentication as digest authentication does not provide a way for client to verify server's identity.

Answer 49

Secure Sockets Layer (SSL) is a standard security protocol for establishing an encrypted link between client and server. It determines the variables of the encryption for both link being established and data being sent by using RSA and public-key cryptography. SSL 3.1 was termed as TLS 1.0 (Transport Layer Security) after which all previous versions of SSL were deprecated.

Answer 50

It is an electronic document used to prove ownership of public key and includes the public key itself, identity of owner (i.e. subject) and digital signature of the issuer. If the certificate is valid, then the key is used to communicate securely with the certificate's subject.

Answer 51

Secure Socket Layer (SSL) Certificateis a type of digital certificate that establishes secure connection between client and server and encrypts all the transmitted data. Sites that have valid SSL certificate in place start with HTTPS and to assure the security to the visitors, browsers display Extended Validation (EV) indicators such as green padlock. The sites which do not have SSL certificates show red padlock with 'Your connection is not private' warning text.

Answer 52

Transport Layer Security (TLS) is SSL 3.1 and is a standard security protocol for establishing an encrypted link between client and server, such as web browser loading a website. TLS can also be used to encrypt other communications such as email, messaging and VOIP. It operates directly on top of TCP, so that higher layer protocols (such as HTTP) can be left unchanged while still providing a secure connection. HTTPS is an implementation of TLS on top of HTTP. Underneath TLS layer, HTTP is identical to HTTPS.

Answer 53

TLS handshake is the foundational part of how TLS works. It happens once TCP connection has been opened via TCP handshake. 1. Client opens a TLS connection to the server by sending a message to the server. The TLS handshake starts. The message contains TLS version supported by client, a set of encryption algorithms (known as cipher suites) and a string of random bytes (known as client random). 2. Server sends back its SSL certificate (which has its public key) along with its chosen cipher suite and server random. 3. The client verifies server's SSL certificate with issuing CA and in response, creates a "pre-master secret" encrypted with server's public key (extracted from server's digital certificate) and sends it to the server. 4. Server decrypts the pre-master secret using its private key. 5. Both client and server generate session keys using client random, server random and pre-master secret and send it to each other with "finished" message. 6. The TLS handshake is complete, TLS session is established and server and client now encrypt all the transmitted data.

Answer 54

1. Client opens an SSL connection to the server and asks server to identify itself. The SSL handshake starts. 2. Server sends its SSL certificate, which contains server's public key. 3. Browser checks the certificate root (certificate issuing authority for server's certificate) against a list of trusted CAs (Certificate Authority) and that it is unexpired, unrevoked and its common name matches the host it is connecting to. 4. If the certificate passes all the tests, client creates a symmetric session key, encrypts it using server's public key and sends it back to the server. 5. Server decrypts the symmetric session key using its private key and sends back an acknowledgment, encrypted using the symmetric session key to start the encrypted session. Handshake is now complete. 6. Server and client now encrypt all the transmitted data.

Answer 55

Certificate Authorities (CAs) only sign the certificates knowing a particular public key belongs to a server having a particular private key. Also, another CA, pretending to be the original CA cannot sign the certificate as it needs to know original CA's private key. When client agent receives the certificate, it first verifies the public key it has received with the CA who has signed the certificate. This means that attacker must have its own certificate, for which he/she needs to convince the CA to either sign the certificate or use it as it is. - If the attacker's certificate has been signed by CA, then the identity will be immediately revealed. - If attacker's certificate has not been signed by CA, client's web browser will identify it from its own list of trusted CAs. Even if the attacker tries to forge the SSL Certificate and provide his own public key to the Client, this action will destroy the signature of CA and the Client’s browser will display warnings about the invalid SSL Certificate.

Answer 56

GET parameters will be stored on browser’s session history. In regards to POST, if the user navigates back after submitting a form, the data will be re-submitted (the browser should alert the user that the data are about to be re-submitted), but it won’t be kept on the history.

Answer 57

GET responses can be cached because GET is idempotent and most of the webpage resources are returned via this method, the browser by default will cache get requests.

Answer 58

GET is a safe method because this method should NEVER change a resource. Safe methods are HTTP methods that do not modify resources.

Answer 59

GET and POST both method requests can have body- GET method can have username password whereas POST request has data to be added to server.

Answer 60

GET. A static website is an application which does not need any other tool to process its files as they will return browser readable content (Javascript, images, CSS, HTML). As a result, it only needs to respond to GET requests in order to return the html pages.

Answer 61

GET method- the URL has a length limit of 2048 characters. As payload is sent in POST method, there is no limit on the data sent.

Answer 62

POST. GET responses can be cached by browser and stored in browser history. That can make GET login endpoint to be visible in browser and will also get logged in server. Hence it is not safe.

Answer 63

GET. POST should not be bookmarked for below reasons: - Attempting to bookmark a POST will just result in a GET operation on the URL. - The method is not idempotent and there is no guarantee the response will always be the same. It could result in a duplicated bank transaction, for example. - The URL would lose its parameters as bookmark doesn’t support a body payload. - It may contain sensitive data, which should not be stored.

Answer 64

HTTPS URLs begin with https:// whereas HTTP ones begin with http:// HTTPS uses port 443 and HTTP post is 80. HTTP is not encrypted and is vulnerable to man-in-the-middle attack and eavesdropping.

Answer 65

Returning a specific representation of a resource as specified by client is called content negotiation. There are 2 types of content negotiation: 1. Server-driven: client sends several HTTP headers describing the preferred format/language/encoding of data and server provides the content best suiting these headers. 2. Agent-driven: when facing an ambiguous request, the server sends back a page containing links to available resources with '300 multiple choices' status. The user is presented with these choices and has to choose one.

Answer 66

The methods which do not modify the resource and are only intended for information retrieval are called safe methods. GET, HEAD, OPTIONS, TRACE are safe methods.

Answer 67

Multipurpose Internet Mail Extensions (MIME) is used as a standard way of classifying file types over the internet. It has two parts- type and subtype, separated by / For eg. application/msword is MIME type when MS Word file is being received.

Answer 68

In computer networking, upstream server refers to a server that provides service to another server. In other words, upstream server is a server that is located higher in a hierarchy of servers. The highest server in the hierarchy is sometimes called the origin server.

Answer 69

Encryption is the process that encodes a message/data so that it can be only read by certain people. Random string of bits created specifically for scrambling and unscrambling of data is called key. Keys are generated via complex algorithms (called ciphers) to make sure they are unpredictable. The two types of encryption are: - Symmetric Key - Asymmetric key

Answer 70

This type of encryption uses same key for encryption and decryption of the data. The keys may be identical or there may be a simple transformation to go between the two keys. Sender encrypts the data using the key and sends ciphertext+key to receiver. Receiver then decrypts the ciphertext using key. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption. Symmetric Key encryption can use either - stream cipher: encrypts the digits/letters of a message one at a time - block cipher: takes a number of bits and encrypts them as a single unit, padding the plaintext so that it is multiple of the block size. AES, DES, Blowfish are popular examples of symmetrics key algorithms.

Answer 71

Also called as public key encryption, uses a pair of keys- public and private, i.e., encryption and decryption keys are different. The sender as well as receiver each generate a pair of keys using a complex algorithm, such as RSA. This algorithm makes sure that the public and private keys of a user (are really just extremely large alphanumeric strings) are mathematically linked but cannot be deduced from one another. Public key is then used to encrypt the data and matching private key is used to decrypt the data. The encryption process goes as follows: - Sender and receiver first exchange their public keys. This way, sender has receiver's public key and vice versa. - Sender then encrypts the data with receiver's public key and sends it through. - Receiver decrypts the data with its private key, which only he/she has and cannot be derived from his/her public key.

Answer 72

Man in the middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. If Alice wants to communicate with Bob using asymmetrics key encryption, Alice will ask Bob for his public key. If Bob sends it to Alice, but a third party attacker Eve is able to intercept it, MITM attack can begin. Eve can pass her own public key as Bob's public key to Alice. Alice, who thinks she has Bob's public key, encrypt the message and sends it across channel. Eve, whose public key was actually used for encryption, can now easily decrypt the message actually intended for Bob. This shows the need for Alice and Bob to have some way to ensure that they are truly using each others' public keys.

Answer 73

CA proves that the entity is really who they claim to be. Just like all the entities wanting to communicate securely, every CA has its own public and private key. When a web server wants to get involved in secure communication using asymmetric key encryption, it needs CA to validate its public key so that it can show client that the server is who it claims to be. For this, the web server sends its key pair to CA with a certificate signing request. The CA signs the certificate with its private key and sends it to web server. Now anyone with CA's public key can decrypt it and see that it was indeed signed by CA. This builds trust.

Answer 74

Domain Name System (DNS) is (1) a distributed database implemented in a hierarchy of DNS servers and (2) an application-layer protocol that provides a key-value lookup from a domain/host name (google.com) to an IP address, which is required in order for the network to route a request to an appropriate server. The DNS servers are often Unix machines running the Berkeley Internet Names Domain (bind) software. DNS protocol runs over UDP and uses port 53. DNS is commonly employed by other application-layer protocols such as HTTP, SMTP, FTP to translate user-supplied hostnames to IP addresses.

Answer 75

Google maintains the IP addresses 8.8.8.8 and 8.8.4.4 as the primary and secondary DNS addresses for Google Public DNS.

Answer 76

Canonical Name (cname) is the true host name of the server that its multiple aliases are associated with. The multiple aliases are just easy to remember than the complicated cname. For eg. www.example.com CNAME example.com www.example.com is an alias for CNAME example.com. A CNAME must point to another domain name, never to an IP address. They can point to another CNAME record but it is not a good practice. CNAME records are used for - providing separate hostname for specific services such as email or FTP and pointing that hostname to the root domain - registering the same domain in several countries and pointing the country versions to the main ".com" domain When the DNS server returns a CNAME record, it will not return that to the client. Rather it will again look up the returned domain name, and finally return the A record’s IP address.

Answer 77

It is same as cname, but for a mail server. It is highly desirable that email addresses and their hostnames (such as hotmail.com) be easy to remember. The cname for hotmail.com might be relay1-west-coast.hotmail.com but with mail server aliasing, we do not have to remember the cname and can use alias.

Answer 78

Also known as round-robin or load distribution, is the practice of configuring a domain name in DNS server such that client requests to that domain are distributed across a group of servers. This helps optimize client requests for a specific domain by routing traffic.

Answer 79

Root nameservers Top-level domain (TLD) nameservers Authoritative nameservers (ANS)

Answer 80

When a browser cache, OS and ISP does not have an entry for domain name requested by client, the request goes to root nameservers, which returns IP address of appropriate TLD nameservers. For eg. for www.example.com, the root server will return the IP address of .com TLD server. There are 13 logical root nameservers, with logical names ranging from a.root-servers.net to m.root-servers.net. Although they are referred to as a single server, each root server is actually a network of replicated servers (hence called 13 logical), for both security and reliability purposes. As of June 2020, there are 1085 instances of root nameservers.

Answer 81

When a response is recevied from a root server, below information is transmitted: ``` IP address: 4 bytes full name of root server: 20 bytes record type code: 2 bytes record class code: 2 bytes TTL value: 4 bytes ``` This amounts to 32 bytes in total. DNS protocol uses UDP datagram, which limits to single packet of 512 bytes. If there are multiple queries to a DNS server, then in a single packet, maximum 13 32-byte information packets can be sent, hence there are 13 logical root nameservers. 512/32 is actually 16 but the 3 bytes are left for protocol information.

Answer 82

They are responsible for resolving top-level domains such as: - generic: com, edu, org, net, gov - country: in, uk, fr, ca, jp and directing to the authoritative nameservers (ANS) for that domain.

Answer 83

When the domain name is typed in a browser, the entity that accepts the query and hurries to root nameservers to begin the process, is called resolver/recursive resolver/resolving nameserver/local DNS server. It acts as a middleman between client agent (browser) and DNS nameserver. After receiving a DNS query from client, it either responds with cached data or sends a request to root nameserver, followed by another request to TLD nameserver, and then one last request to ANS. During this process, recursive resolver will cache information received from ANS. On most occasions, the recursive resolver is the ISP (Internet Service Provider). All the resolvers must know the IP address of nearest root server.

Answer 84

The ANS is usually the last step in the resolving a domain name. It provides the IP address and cname (if required).

Answer 85

Typically, the communication between network-devices is 1:1, each communication goes from one specific device to a targeted device on the other end of communication. Anycast network, in contrast, allow multiple servers on the network to use same IP address, or set of IP addresses so that any one of the DNS servers can respond to the DNS query and typically the one that is geographically closest will provide the response. Anycast network is 1:many communication. This reduces latency, improves uptime for DNS resolving service and provids protection against DNS flood DDoS attacks.

Answer 86

1. Client types a URL, www.example.com, in the browser. 2. Browser first checks its own DNS cache (chrome://net-internals/#dns). If an entry for requested URL exists, then it is returned otherwise it proceeds to next step. 3. Browser queries OS for OS-level caching. A process called stub resolver handles this request by checking its own cache. If an entry for requested URL exists, then it is returned otherwise it proceeds to next step. 4. Browser sends the query to local DNS server inside ISP. The recursive resolver first checks its own cache. 4. 1 If it has cached the entry, it is returned to client. 4. 2 If it has NS records for the ANS but not A records, it sends a query to ANS directly, bypassing intermediate steps. 4. 3 If it does not have NS records, it queries the TLD nameserver, skipping the root server. 4. 4 In the unlikely event that recursive resolver's cache has been purged, it queries the root nameserver (.) 5. The root server responds to the resolver with the address of TLD nameserver for .com. 6. The resolver then makes a request to the .com TLD nameserver. The TLD server then responds with the IP address of the domain’s ANS, ns1.example.com. Although there are numerous .com domains, TLD nameservers know the exact address of ns1.example.com due to Domain Registrar. When a domain is purchased, the domain registrar reserves the name and communicates the TLD registry its ANS. 7. Lastly, the recursive resolver sends a query to the domain’s nameserver. The IP address for example.com is then returned to the resolver from the nameserver. The DNS resolver then responds to the web browser with the IP address of the domain requested initially. 8. The browser, having now received the IP address of www.example.com makes an HTTP request to that IP address. 9. The server at that IP address returns the webpage to be rendered in the browser.

Answer 87

There are 3 types of DNS queries: 1. Recursive: DNS client requests DNS resolver for an answer and resolver responds to the client with requested resource record or an error message. Resolver starts a recursive query process, starting from root server until it finds ANS. 2. Iterative: DNS client queries DNS resolver, which returns the best answer it can. If the resolver has the correct answer in its cache, it returns the answer. If not, it refers the DNS client to the root server or nearest ANS. The DNS client then must repeat the query directly against DNS server it was referred to. 3. Non-recursive: A query in which DNS resolver either (a) already knows the answer because it has record stored in its cache or (b) knows the final ANS for the record which definitely holds the correct IP address. In both cases, there is no need for additional rounds of queries. Rather, a response is immediately returned to the client.

Answer 88

When DNS resolver queried TLD nameserver, TLD nameserver responded with extra information. The resolver got at least one IP address for each ANS, which is called glue. Hence, the resolver not only got the name of authoritative server, but also the IP address (which breaks circular dependency).

Answer 89

When a client queries for www.example.com, the DNS resolver first queries root nameserver, then TLD nameserver and finally ANS. However, the ANS are inside domain itself, such as domain www.example.com has ANS ns1.example.com, ns2.example.com etc. By having the ANS inside the domain itself, these nameservers cannot be found without outside assistance. This is called a ‘circular reference’. Creating a glue record, an A record served by the TLD nameserver, avoids circular references and allows for both DNS name resolution and listing the nameservers inside the domain itself. Glue records can only be created at the domain registrar as the registrar controls the DNS settings for a given domain’s delegation. Every nameserver on the internet has its own glue record created by the domain’s owner. When you host your own authoritative servers, you need to set up the glue records with the domain registrar. If a third party, such as a managed DNS provider hosts your ANS, then the provider takes care of setting up the glue record.

Answer 90

The domain name consists of one or more parts called labels, which are separated by dot. For eg. forum.support.example.com is a domain name where forum, support, example, com are labels. A label may contain up to 63 characters. The label at extreme right is TLD (here, com), the next one example.com is second-level domain and all the subsequent labels from right to left are lower down in the namespace hierarchy, and they are called subdomains. DNS allows maximum 127 subdomains. The above example represents a subdomain “forum” under the subdomain “support”, under the domain “example”, under the top level domain “.com”.

Answer 91

DNS communication occurs via two types of messages: queries and replies. Both DNS query format and reply format consist of the following sections: Header (12 bytes): contains identification, flags, no. of questions, no. of answers, no. of authority records and additional info. flags section of Header: contains bits indicating type of message(query/reply), whether name server is authoritative, whether query is recursive, whether request was truncated and status. Question: contains domain name being resolved, record type (A, AAAA, MX, TXT etc) and record class (IN). Answer: contains the resource records of the queried name. This response is in the format name, TTL, record class, record type and record data. Authority: contains info for authoritative nameserver (its TTL, refresh rate etc) Additional: contains other helpful records. For eg. answer field in reply to an MX server contains canonical hostname of mail server. The additional section contains Type A record for IP address of that canonical hostname.

Answer 92

A DNS zone is a distinct part of domain namespace which is delegated to a legal entity- a person or organization, who are responsible for maintaining it. For eg. in forum.support.example.com, .com is TLD, example is second-level domain and rest are subdomains. Each of these levels can be a DNS zone. Every domain zone has two types of zone files containing the mappings between domain names, IP addresses and other resources. - Master file: which authoritatively describes a zone - Cache file: lists contents of DNS cache

Answer 93

In a DNS zone file, each entry represents the DNS resource record (RR) and is made up of following fields: - Name: alphanumeric identifier of DNS record. If left blank, inherits its value from previous record. - Time To Live (TTL): mentioned in seconds, it is how long the record should be kept in local cache of DNS client. If left blank, inherits its value from Global TTL value of the zone file. - Record type: DNS record type. For eg. A record maps hostname to IPv4 address, CNAME record maps an alias to another hostname. - Record data: has one or more information elements, depending on record type, separated by whitespace. For eg. MX record has two elements- priority and domain name of email server.

Answer 94

It is an address mapping record in DNS zone file. A record maps a hostname to corresponding IPv4 addresss. AAAA record maps a hostname to corresponding IPv6 address.

Answer 95

A Mail Exchanger record specifies an email server for the given domain and is used to route outgoing emails to an email server. One domain can have multiple MX records (i.e. multiple mail servers) for load balancing.

Answer 96

A Name Server record specifies that a DNS zone, such as example.com is delegated to a specific ANS and provides the IP address of that ANS server.

Answer 97

A Reverse Lookup Pointer record allows DNS resolver to perform reverse DNS lookup (from IP address to hostname)

Answer 98

A Certificate record stores encryption certificates such as PKIX, SPKI, PGP etc.

Answer 99

A Service record is a custom DNS record defining the location (hostname and port number) of a service.

Answer 100

A Start of Authority record contains administrative information about the zone. It contains the primary master ANS for that zone, contact details for domain admin, domain serial number and how frequently the information for the zone is refreshed.

Answer 101

Berkeley Internet Name Domain (BIND) is free, open-source software used by DNS servers. BIND has 3 main components: - Nameserver: maintains DNS zone file and responds to DNS queries either as caching-only name server or ANS. - Resolver: BIND has lightweight resolver library that can run on DNS clients (OS or routers) and a resolver daemon process that can run on local host. - Nameserver tools: BIND provides tools to manage DNS system such as dig, host, nslookup, Remote Name Daemon Control (RNDC).

Answer 102

Primary DNS server is the first point of contact for a browser for resolving a DNS query. The primary DNS server contains a DNS record that has the correct IP address for the hostname. If the primary DNS server is unavailable, the device contacts a secondary DNS server, also known as slave, containing a recent read-only copy of the same DNS records. The process of secondary DNS server receiving an updated version of DNS records' copy is called zone transfer. Changes to DNS records can only be done on a primary server, which can then update secondary DNS servers. Secondary DNS servers are not mandatory and DNS system can work even if a primary DNS server is available. A primary DNS server can act as a secondary DNS server for another zone. The concept of primary and secondary DNS servers is benefitial as it: - serves well during the time of primary server failure - distributes the load between primary and secondary

Answer 103

Dynamic Host Configuration Protocol (DHCP) is used to dynamically assign IP addresses to end systems (hosts) if automatic IP settings are enabled for them. Usually, network admins assign the IP addresses manually when small and fixed number of hosts are present. If number of hosts is going to be large and variable, instead of configuring all hosts, network admins configure one special host which runs a service to lease IP addresses to all the connected hosts. This special host is called DHCP server. The SOHO router supports embedded DHCP server. When a laptop connects to the internet via router, laptop runs DHCP protocol and DHCP server assigns an IP address to laptop. The laptop here becomes DHCP client (every device's OS has DHCP client service incorporated) and this process of obtaining IP address is called DORA process which means: - Discover: host sends discover message to DHCP server - Offer: DHCP server sends an IP address in response - Request: host asks DHCP server to allocate this IP address to host - Acknowledgement: allocates the IP address to host and sends an ack message. Post acknowledgement, DHCP client configues the TCP/IP settings in its OS. In the DORA process, DHCP server provides DHCP client with additional information such as : - Default gateway IP address (which is the IP address of first hop router) - subnet mask (4-byte number dividing an IP address into network and host address) - DNS server IP address (IP address of DNS - lease time (duration till when host can use assigned IP address, after end of this duration host must send request to renew the IP address). DHCP uses connectionless UDP protocol and uses port 67 for server and 68 for client.

Answer 104

MAC is a method used by SSL to check authenticity and data integrity. It is based on symmetric key encryption. It accepts two parameters: a symmetric secret key and a random message. Client and server both must have the same symmetric secret key. Message encryption with key produces a result called tag. If the MAC tag of the sender and the calculated MAC tag of the recipient match, nobody tampered with the message. If they do not match, data is compromised. The MAC is sometimes called a checksum, cryptographic checksum, or protected checksum. Creation and verification of MAC tags for each packet doesn't add much delay as MAC uses same key and symmetric cryptography is computationally cheaper than asymmetric one. With digital signature, the cost of signing and verifying each packet will surely increase the computation and add substantial delay.

Answer 105

1. Discovery: client creates a DHCPDISCOVER message and places it in UDP datagram, where source port address is 68 and destination port address is 67. IP packet encapsulates this and adds 0.0.0.0 as source IP address (as source doesn't yet have an IP) and 255.255.255.255 as destination IP address (to broadcast over network as source doesn't even know where DHCP server is). IP packet is then wrapped by data link layer frame, putting client's MAC address as source and FF:FF:FF:FF:FF:FF as destination address. 2. Offer: DHCP server receives the message on port 67 and sends DHCPOFFER message in response by filling up the YIAddr (Your IP address) field in DHCPDISCOVER message. It also adds its own IP address and same transaction ID (as sent by client). Now the offer message is placed in UDP segment with 67 as source port address and 68 as destination port address. In IP packet and Ethernet frame, source IP and MAC address is DHCP server IP and MAC address. Destination address in both layers is broadcast as client has set the broadcast bit. 3. Request: The newly arriving client will choose from among one or more server offers and respond to its selected offer with a DHCPREQUEST where the addresses match that of DHCPDISCOVER message as IP address is still not assigned to host. 4. Acknowledgement: The server responds to the DHCP request message with a DHCPACK message, confirming the requested parameters.

Answer 106

With the help of relay agent (which is just a router acting as an intermediary). The relay agent knows the IP address of DHCP server and listens to the broadcast messages on port 67. When it receives DHCP discover packet, it encapsulates the message in unicast datagram and forwards the packet to DHCP server. The packet, now having unicast destination address can be forwarded by any router. Once it reaches DHCP server, server knows the message has come from a relay agent because of the GIADDR field in packet. The relay agent, after receiving a reply from DHCP server, sends it to DHCP client.

Answer 107

DHCP has two strategies: - it requires that UDP uses checksum - DHCP client uses timers and a retransmission policy if it does not receive the reply. To prevent traffic jam when several hosts need to retransmit a request (for eg. after power failure), DHCP forces the client to use random number to set its timer.

Answer 108

1. DHCPDISCOVER: the client broadcasts discover message on the network in order to obtain an IP address. 2. DHCPOFFER: server responds to discover message with offer of config params. 3. DHCPREQUEST: client messages to server either (a) requesting offered params from one server and implicitly declining offers from all others (b) confirming correctness of previously allocated address after, say, system reboot (c) extending the lease on a particular network address 4. DHCPDECLINE: client performs a quick ARP process to see if anyone has same IP. If a different client indicates that it has same IP, client sends DHCPDECLINE message and starts the process all over. 5. DHCPACK: DHCP server sends acknowledgement message to client with configuration parameters including committed IP address 6. DHCPNAK: DHCP server sends negative acknowledgement message to client as client has moved to new subnet or lease has expired 7. DHCPRELEASE: client sends release message to server, giving the IP address away and cancelling remaining lease. 8. DHCPINFORM: client sends inform message to server, asking only for configuration parameters as client already has externally (manually) configured IP address.

Answer 109

DHCP scopes is the range of available IP addresses that the DHCP server can lease to clients. Scopes typically define a single physical subnet on network to which DHCP services are offered.

Answer 110

CNAME has been defined in the IETF standards such that it must always point to an alias. If it is made to point to an IP address, the resolver will try to resolve the IP address as if it is an alias. For eg. if CNAME is made to point to an IP address like: www.example.com CNAME 124.23.64.45 1. The resolver will try to query a record for hostname 124 within domain 23.64.45. It doesn't have anything for that name, hence it will query root server. 2. The rootserver returns the IP address of TLD server but since in this case, .45 is the TLD, it will respond with nothing, failing the DNS lookup.

Answer 111

A CNAME can point to another CNAME but DNS server's strategy with CNAME record is that it will look up the returned hostname until it finds A record. This chain may continue several CNAME levels deep and if the RRs are not properly created, the lookup process might get caught in endless loop.

Answer 112

After receiving an IP offer from DHCP server, client checks the ARP table on network to see if IP address is unique. If it is not, it sends a DHCPDECLINE message. The reason why this IP conflict occur could be: 1. If a network admin manually configures hosts and assigns duplicate IP address to two hosts on the same network 2. If there are two DHCP servers on a network, they might hand out same IP address to two different hosts 3. If a device comes back online after being in standby mode for long time. In this case, if the lease expires and the host does not renew it, server may retract the IP address and assign it to another host. Now if the old host comes back online, thinking it still owns the IP, results in conflict.

Answer 113

Hypertext is a text document containing links (references) to other document(s). Hypermedia is superset of hypertext- hypertext which is not limited to text, it can include graphics, audio and video.

Answer 114

1. The initial part of a request has been received and has not yet been rejected by server. The server intends to send a final response after request has been fully received and acted upon. Or 2. If client is sending a large data to server using say, PUT, client may include an 'Expect' header in request like this: Expect: 100-Continue This tells the server that it should respond with 100 Continue status if it is going to accept the request. It tells client that it can start sending the request body. The benefit here is that if server is unable to accept the request or there is some problem with the request, server can immediately respond with error before client starts sending the body.

Answer 115

Server understands and is willing to comply with the client request for which TCP connection is about to be used for different protocol. The server must generate an Upgrade header field in the response to indicate the protocol to which it is switching to immediately after the empty line that terminates the response. HTTP/ 1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade It is assumed that the server will only agree to switch protocols when it supports the protocol and is advantageous to do so. For example, switching to a newer version of HTTP might be advantageous over older versions.

Answer 116

It informs the client that a full request has been received, the server is working on it and the real status will be sent later. It is similar to 100 Continue except 100 Continue is returned immediately (so that client can send data) whereas 102 Processing is sent only after full request has been received and handling the request is going to take more than 20 seconds. This mechanism of sending 102 Processing status helps server to tell client that it is not dead and to avoid client timeout.

Answer 117

It is used by server to preemptively send headers to a client or intermediary so that the client can make certain optimizations ahead of time. A server might tell a browser that it is very likely to require certain CSS stylesheets to render the document using Link header. When the client receives these headers, it might immediately start fetching those resources. The 103 Early Hints status code can move those headers up even earlier. In this case, client's GET request would produce 2 responses: 1. 103 Early Hints would be sent asap for server while 2. 200 OK (the real response) took a bit longer to produce. This could allow client to quickly fetch these additional resources.

Answer 118

It states that the request has succeeded. The meaning of success depends on the HTTP request method: 1. GET: the resource has been fetched and transmitted in the message body 2. HEAD: the entity headers are in the message body 3. POST: the resource has been transmitted in the message body 4. TRACE: the message body contains the request message as received by the server. The successful result of a PUT or a DELETE is often not a 200 OK but a 204 No Content (or a 201 Created when the resource is uploaded for the first time).

Answer 119

It states that the request was successful and also resulted in a new resource being created. In the case of - PUT request, it means that a new resource was created on the actual URL that was specified in the request. - POST request, it means that a new resource was created at different URL, specified in the Location header and validator headers ETag and Last-Modified.

Answer 120

It indicates that the request has been accepted by the server but its not sure if the request will be completed successfully. This status code is used by APIs mostly who run some batch processing. The server accepts the request and sends 202 Accepted response. The API might later send an email to user providing the status of batch process. There is no way for HTTP to later send another response indicating the outcome of processing the request.

Answer 121

It is a status code used by proxy when it makes changes to the response payload sent by server before it reaches client, perhaps because the proxy converts the format or adds something to the HTML body. For these situations a proxy can indicate that it changed something by changing the status-code to 203. As proxy changes the status code, it is no longer possible to see what the original status code was. Hence it is recommended to use the Warning header set to 214 Transformation Applied code.

Answer 122

It is returned by server when request was successful but there was no response body. If the status code was generated for a PUT/POST request, the response can contain ETag header. It also indicates that the user agent need not navigate away from its current view. For e.g. save action during document editing. The document being saved remains available to the user for editing.

Answer 123

The server has fulfilled the request and wants the user agent to reset the view (refresh the UI or clear the contents of a form). This response is intended for common data entry tasks such as form-filling. When user submits its filled form, the request is sent and server asks browser to reset the view for next entry so that user can initiate another input action. Since this implies that no additional content will be sent, server must not send any payload and indicate the content-length to be zero.

Answer 124

It is used for range requests. It is possible for an HTTP client to request only portions of a resource using range requests. For eg. client requesting only last 100 bytes of a large log resource. If client issued such request and server is able to fulfill it, it indicates to the client that it is sending back only certain ranges with 206 Partial Content status and Content-Range header. If the server doesn't support Range requests, it will just return a 200 OK status along with entire payload. The client will know that the server didn't support it via this status code and omission of Content-Range header. If only one range is being sent, Content-Type is set to response's content type and Content-Range is provided. If several ranges are being sent, Content-Type is set to multipart/byteranges and each fragment covers one range with Content-Range describing it.

Answer 125

This code says that server has multiple representations of requested resource and user agent (or user) should choose one of them. If the server has a preferred choice, the server should generate Location header field containing a preferred choice's URI. For request methods other than HEAD, the server should generate payload containing list of URIs for multiple choices. The user agent may make a selection from the list if it understands the provided media type.

HTTP and Web Technologies Flashcards

(151 cards)