DOCSLIB.ORG

3. Domain Name System (DNS) Administrasi Dan Manajemen

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
3. Domain Name System (DNS) Administrasi Dan Manajemen Administrasi dan Manajemen Jaringan 3. Domain Name System (DNS) M. Udin Harun Al Rasyid, Ph.D http://lecturer.eepis-its.edu/~udinharun [email protected] Lab Jaringan Komputer (C-307) Table of Contents Introduction to DNS Name Space Domain Name Space Domain Name and Label Distribution of Name Space Hierarchy of name servers Resolution DNS Basics Dynamic DNS DNS Tools, Testing, and Troubleshooting A Simple DNS Server M. Udin Harun Al Rasyid 2 Introduction to DNS Domain Name System (DNS) is an Internet service that maps IP addresses and fully qualified domain names (FQDN) to one another. A standard technology for managing the names of Web sites and other Internet domains. A key element of the DNS is a worldwide collection of DNS servers A DNS server is any computer registered to join the Domain Name System. A DNS server runs special-purpose networking software, features a public IP address, and contains a database of network names and addresses for other Internet hosts. M. Udin Harun Al Rasyid 3 In this way, DNS alleviates the need to remember IP addresses. Computers that run DNS are called name servers. Every system on the Internet must have a unique IP address. DNS acts as a directory service for all of these systems, allowing you to specify each one by its hostname. M. Udin Harun Al Rasyid 4 There are other hostname-to-IP directory services in use, mainly for LANs. Windows LANs can use WINS. UNIX LANs can use NIS. But because DNS is the directory service for the Internet (and can also be used for LANs) it is the most widely used. UNIX LANs could always use DNS instead of NIS, and starting with Windows 2000 Server, Windows LANs could use DNS instead of, or in addition to, WINS. M. Udin Harun Al Rasyid 5 When you enter www.some-domain.com in a Web browser, it's DNS that takes the www host name and translates it to an IP address. Without DNS, you could be connected to the Internet just fine, but you ain't goin' no where. Not unless you keep a record of the IP addresses of all of the resources you access on the Internet and use those instead of host/domain names. M. Udin Harun Al Rasyid 6 When you visit a Web site, you are actually doing so using the site's IP address even though you specified a host and domain name in the URL. In the background your computer quickly queried a DNS server to get the IP address that corresponds to the Web site's server and domain names. Now you know why you have to specify one or two DNS server IP addresses in the TCP/IP configuration on your desktop PC (in the resolv.conf file on a Linux system and the TCP/IP properties in the Network Control Panel on Windows systems). M. Udin Harun Al Rasyid 7 When you visit Web sites, the DNS server your workstation queries for name resolution is typically run by your ISP, but you could have one of your own. When you have your own Web site the DNS servers which respond to visitors queries are typically run by your Web hosting provider, but you could likewise have your own one of these too. Actually, if you set up your own DNS server it could be used to respond to both "internal" (from your workstation) and "external" (from your Web site's visitors) queries. The most widely used DNS application is BIND (Berkeley Internet Name Domain) and it runs a daemon called named that, among other things, responds to resolution queries. M. Udin Harun Al Rasyid 8 Name Space The names assigned to machines must be carefully selected from a name space with complete control over the binding between the names and IP addresses. M. Udin Harun Al Rasyid 9 Domain Name Space To have a hierarchical name space, a domain name space was designed. In this design the names are defined in an inverted-tree structure with the root at the top. The tree can have only 128 levels: level 0 (root) to level 127. M. Udin Harun Al Rasyid 10 Domain Name and Label M. Udin Harun Al Rasyid 11 Domain M. Udin Harun Al Rasyid 12 Distribution of Name Space The information contained in the domain name space must be stored. However, it is very inefficient and also unreliable to have just one computer store such a huge amount of information. M. Udin Harun Al Rasyid 13 Hierarchy of name servers M. Udin Harun Al Rasyid 14 Zones and domains M. Udin Harun Al Rasyid 15 Domain name space is divided into three different sections: generic domains country domains the inverse domain M. Udin Harun Al Rasyid 16 Generic domains M. Udin Harun Al Rasyid 17 Generic domain labels M. Udin Harun Al Rasyid 18 Country domains M. Udin Harun Al Rasyid 19 Inverse domain M. Udin Harun Al Rasyid 20 Resolution Mapping a name to an address or an address to a name is called name-address resolution. Recursive Iterative M. Udin Harun Al Rasyid 21 Recursive resolution M. Udin Harun Al Rasyid 22 Iterative resolution M. Udin Harun Al Rasyid 23 DNS Basics Finding a single server out of all of the servers on the Internet is like trying to find a single file on drive with thousands of files. The DNS "namespace" is hierarchical in the same type of upside- down tree structure seen with file systems. M. Udin Harun Al Rasyid 24 DNS can use either UDP or TCP. In both cases the well-known port used by the server is port 53. UDP is used when the size of the response message is less than 512 bytes because most UDP packages have a 512-byte packet size limit. If the size of the response message is more than 512 bytes, a TCP connection is used. M. Udin Harun Al Rasyid 25 When specifying the absolute path to a file in a file system you start at the root and go to the file: /etc/bind/named.conf When specifying the absolute path to a server in the DNS namespace you start at the server and go to the root: www.eepis-its.edu M. Udin Harun Al Rasyid 26 Internet resources are usually specified by a domain name and a server hostname. The www part of a URL is often the hostname of the Web server. DNS is basically just a database with records for these hostnames. If you want to find the IP address of the www server in the some- domain.com domain, you'd have to query the DNS server that stores the DNS records for that domain. M. Udin Harun Al Rasyid 27 The entries in the database map a host/domain name to an IP address. This is why a real Internet server needs a static (unchanging) IP address. The IP address of the server's NIC connected to the Internet has to match whatever address is in the DNS database. M. Udin Harun Al Rasyid 28 When you want to browse to www.their-domain.com, your DNS server (the one you specify in the TCP/IP configuration on your desktop computer) most likely won't have a DNS record for the their- domain.com domain. So it has to contact the DNS server that does. When your DNS server contacts the DNS server that has the DNS records (referred to as "resource records" or "zone records") for their-domain.com.Your DNS server gets the IP address of the www server and relays that address back to your desktop computer. M. Udin Harun Al Rasyid 29 Once you've got your Web site up and running on your Web hosting provider's servers and someone surf's to your site, the DNS server they specified in their local TCP/IP configuration will query your hosting provider's DNS servers to get the IP address for your Web site. The DNS servers that host the DNS records for your domain, i.e. the DNS servers you specify in your domain name registration application, are the authoritative DNS servers for your domain. The surfer's DNS server queries one of your site's authoritative DNS servers to get an address and gets an authoritative response. When the surfer's DNS server relays the address information back to the surfer's local PC it is a "non-authoritaive" response because the surfer's DNS server is not an authoritative DNS server for your domain. M. Udin Harun Al Rasyid 30 Example: If you surf to eepis's Web site the DNS server you have specified in your TCP/IP configuration queries one of eepis's authoritative DNS servers and gets an authoritative response with the IP address for the 'www' server. Your DNS server then sends a non-authoritative response back to your PC. You can easily see this for yourself. At a shell prompt, or a DOS window on a newer Windows system, type in: nslookup www.eepis-its.edu.edu First you'll see the name and IP address of your locally-specified DNS server. Then you'll see the non-authoritative response your DNS server sent back containing the name and IP address of the eepis Web server. M. Udin Harun Al Rasyid 31 You can also see which name server(s) your DNS server contacted to get the IP address. whois eepis-its.edu Because DNS is so important to the operation of the Internet, when you register a domain name you must specify a minimum of two name servers.
Load more

Recommended publications
  • Configuring DNS
    Configuring DNS The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname. The Cisco IOS software maintains a cache of hostname-to-address mappings for use by the connect, telnet, and ping EXEC commands, and related Telnet support operations. This cache speeds the process of converting names to addresses. Note You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource record type AAAA is used to map a domain name to an IPv6 address. The IP6.ARPA domain is defined to look up a record given an IPv6 address. • Finding Feature Information, page 1 • Prerequisites for Configuring DNS, page 2 • Information About DNS, page 2 • How to Configure DNS, page 4 • Configuration Examples for DNS, page 13 • Additional References, page 14 • Feature Information for DNS, page 15 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
    [Show full text]
  • V6.5 Data Sheet
    Data Sheet Blue Prism Network Connectivity To ensure compatibility with evolving network infrastructures, Blue Prism can be deployed in environments that utilize IPv4 or IPv6 network protocols for all connections as well as those that use a hybrid approach, utilizing a combination of both protocols. This allows all Blue Prism components - Runtimes, Clients, Application Servers - to connect using the preferred or most suitable method. Resource connectivity When establishing connections to Runtime Resources, Blue Prism uses the name specified in the DNS. This is based on the machine name and can either the short name or the Fully Qualified Domain Name (FQDN). If a Resource has both IPv4 and IPv6 addresses in the DNS, the network adapter settings of the connecting device (Application Server, Interactive Client, or Resource) are used to determine which IP address should be used to establish the connection: 1. The connecting device defaults to an IPv6 connection. 2. If an IPv6 connection is not established within 1.5 seconds and if the connecting device has multiple IPv6 addresses listed in the DNS, a connection attempt is made using the next available IPv6 address. 3. If an IPv6 connection is not established, the connecting device automatically attempts to connect using IPv4. 4. If all available IPv4 addresses have been tried without success, the Resource is considered unreachable. Commercial in Confidence Page 1 of 3 ®Blue Prism is a registerd trademark of Blue Prism Limited 6.5 Data Sheet | Blue Prism Network Connectivity Resource connectivity The following diagram illustrates the logic used for connections to Runtime Resources. Commercial in Confidence Page 2 of 3 ®Blue Prism is a registerd trademark of Blue Prism Limited 6.5 Data Sheet | Blue Prism Network Connectivity Application Server connectivity Application Server connectivity Clients and Resources can connect to Application Servers using the host name, IPv4 address, or IPv6 address specified in the connection settings on the Server Configuration Details screen.
    [Show full text]
  • Changing IP Address and Hostname for Cisco Unified Communications Manager and IM and Presence Service, Release 11.5(1) First Published
    Changing IP Address and Hostname for Cisco Unified Communications Manager and IM and Presence Service, Release 11.5(1) First Published: Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Reverse DNS What Is 'Reverse DNS'?
    Reverse DNS Overview • Principles • Creating reverse zones • Setting up nameservers • Reverse delegation procedures What is ‘Reverse DNS’? • ‘Forward DNS’ maps names to numbers – svc00.apnic.net -> 202.12.28.131 • ‘Reverse DNS’ maps numbers to names – 202.12.28.131 -> svc00.apnic.net 1 Reverse DNS - why bother? • Service denial • That only allow access when fully reverse delegated eg. anonymous ftp • Diagnostics • Assisting in trace routes etc • SPAM identifications • Registration • Responsibility as a member and Local IR In-addr.arpa • Hierarchy of IP addresses – Uses ‘in-addr.arpa’ domain • INverse ADDRess • IP addresses: – Less specific to More specific • 210.56.14.1 • Domain names: – More specific to Less specific • delhi.vsnl.net.in – Reversed in in-addr.arpa hierarchy • 14.56.210.in-addr.arpa Principles • Delegate maintenance of the reverse DNS to the custodian of the address block • Address allocation is hierarchical – LIRs/ISPs -> Customers -> End users 2 Principles – DNS tree - Mapping numbers to names - ‘reverse DNS’ Root DNS net edu com arpa au apnic in-addr whoiswhois RIR 202202 203 210 211.. ISP 6464 22 .64.202 .in-addr.arpa Customer 2222 Creating reverse zones • Same as creating a forward zone file – SOA and initial NS records are the same as normal zone – Main difference • need to create additional PTR records • Can use BIND or other DNS software to create and manage reverse zones – Details can be different Creating reverse zones - contd • Files involved – Zone files • Forward zone file – e.g. db.domain.net • Reverse zone file – e.g. db.192.168.254 – Config files • <named.conf> – Other • Hints files etc.
    [Show full text]
  • Configuring Smart Licensing
    Configuring Smart Licensing • Prerequisites for Configuring Smart Licensing, on page 1 • Introduction to Smart Licensing, on page 1 • Connecting to CSSM, on page 2 • Linking Existing Licenses to CSSM, on page 4 • Configuring a Connection to CSSM and Setting Up the License Level, on page 4 • Registering a Device on CSSM, on page 14 • Monitoring Smart Licensing Configuration, on page 19 • Configuration Examples for Smart Licensing, on page 20 • Additional References, on page 26 • Feature History for Smart Licensing, on page 27 Prerequisites for Configuring Smart Licensing • Release requirements: Smart Licensing is supported from Cisco IOS XE Fuji 16.9.2 to Cisco IOS XE Amsterdam 17.3.1. (Starting with Cisco IOS XE Amsterdam 17.3.2a, Smart Licensing Using Policy is supported.) • CSSM requirements: • Cisco Smart Account • One or more Virtual Account • User role with proper access rights • You should have accepted the Smart Software Licensing Agreement on CSSM to register devices. • Network reachability to https://tools.cisco.com. Introduction to Smart Licensing Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure – you control what users can access. With Smart Licensing you get: Configuring Smart Licensing 1 Configuring Smart Licensing Overview of CSSM • Easy Activation: Smart Licensing establishes a pool of software licenses that can be used across the entire organization—no more PAKs (Product Activation Keys). • Unified Management: My Cisco Entitlements (MCE) provides a complete view into all of your Cisco products and services in an easy-to-use portal, so you always know what you have and what you are using.
    [Show full text]
  • Aerohive Configuration Guide: RADIUS Authentication | 2
    Aerohive Configuration Guide RADIUS Authentication Aerohive Configuration Guide: RADIUS Authentication | 2 Copyright © 2012 Aerohive Networks, Inc. All rights reserved Aerohive Networks, Inc. 330 Gibraltar Drive Sunnyvale, CA 94089 P/N 330068-03, Rev. A To learn more about Aerohive products visit www.aerohive.com/techdocs Aerohive Networks, Inc. Aerohive Configuration Guide: RADIUS Authentication | 3 Contents Contents ...................................................................................................................................................................................................................... 3 IEEE 802.1X Primer................................................................................................................................................................................................... 4 Example 1: Single Site Authentication .................................................................................................................................................................... 6 Step 1: Configuring the Network Policy ..............................................................................................................................................................7 Step 2: Configuring the Interface and User Access .........................................................................................................................................7 Step 3: Uploading the Configuration and Certificates ....................................................................................................................................
    [Show full text]
  • Internet Protocol Suite
    InternetInternet ProtocolProtocol SuiteSuite Srinidhi Varadarajan InternetInternet ProtocolProtocol Suite:Suite: TransportTransport • TCP: Transmission Control Protocol • Byte stream transfer • Reliable, connection-oriented service • Point-to-point (one-to-one) service only • UDP: User Datagram Protocol • Unreliable (“best effort”) datagram service • Point-to-point, multicast (one-to-many), and • broadcast (one-to-all) InternetInternet ProtocolProtocol Suite:Suite: NetworkNetwork z IP: Internet Protocol – Unreliable service – Performs routing – Supported by routing protocols, • e.g. RIP, IS-IS, • OSPF, IGP, and BGP z ICMP: Internet Control Message Protocol – Used by IP (primarily) to exchange error and control messages with other nodes z IGMP: Internet Group Management Protocol – Used for controlling multicast (one-to-many transmission) for UDP datagrams InternetInternet ProtocolProtocol Suite:Suite: DataData LinkLink z ARP: Address Resolution Protocol – Translates from an IP (network) address to a network interface (hardware) address, e.g. IP address-to-Ethernet address or IP address-to- FDDI address z RARP: Reverse Address Resolution Protocol – Translates from a network interface (hardware) address to an IP (network) address AddressAddress ResolutionResolution ProtocolProtocol (ARP)(ARP) ARP Query What is the Ethernet Address of 130.245.20.2 Ethernet ARP Response IP Source 0A:03:23:65:09:FB IP Destination IP: 130.245.20.1 IP: 130.245.20.2 Ethernet: 0A:03:21:60:09:FA Ethernet: 0A:03:23:65:09:FB z Maps IP addresses to Ethernet Addresses
    [Show full text]
  • Domain Name System System Work?
    What is the DNS? - how it works Isaac Maposa | Dev Anand Teelucksingh | Beran Gillen Community Onboarding Program | 11 March 2017 Agenda 1 2 3 What is the Domain Structure of the How does the Name System? Domain Name Domain Name System System Work? 4 5 6 Who makes the Stakeholders in the Engage with ICANN Domain Name Domain Name ??? System Work? System. | 2 What is the Domain Name System (DNS)? The Internet, what is it..? ● The Internet is a network of networks that interconnects devices to exchange information. ● In order to “talk” to each other, all of these devices must have a unique numerical address called an Internet Protocol address or IP Address. An example of an IP address is 94.127.53.132 ● When you visit a website from your browser, you are requesting the website from your device’s IP address to the web server’s IP address. ● However, you don’t type in the ip address of the web server, rather the domain name of for example www.google.com ● In so doing, you have queried the DNS. ● So what is this DNS???? | 4 What is the Domain Name System? ● The Domain Name System or DNS overcomes this problem of remembering IP addresses by mapping domain names to IP addresses. ● While this sounds like a phone book, it is not a centralised database. ● The DNS is a distributed database across a hierarchy of networks of servers and provide ways for devices and software (like browsers and email) to query the DNS to get an IP address. ● Domain names must be unique.
    [Show full text]
  • Service (SRV) Records
    Service (SRV) Records You deploy multiple DNS SRV records in different locations on your enterprise DNS structure. Understand which records you should provision on which name servers. Review examples of SRV records to ensure a successful deployment. • Deploy SRV Records, page 1 • SRV Records, page 4 Deploy SRV Records The client queries name servers for records in the services domain. The services domain is determined as described in How the Client Discovers Available Services. You must deploy SRV records in each DNS zone for those service domains if your organization has multiple subsets of users who use different service domains. Deploy SRV Records in a Separate Domain Structure In a separate name design there are two domains, an internal domain and an external domain. The client queries for SRV records in the services domain. The internal name server must serve records for the services domain. However in a separate name design, a zone for the services domain might not exist on the internal name server. If the services domain is not currently served by the internal name server, you can: • Deploy records within an internal zone for the services domain. • Deploy records within a pinpoint subdomain zone on the internal name server. Use an Internal Zone for a Services Domain If you do not already have a zone for the services domain on the internal name server, you can create one. This method makes the internal name server authoritative for the services domain. Because it is authoritative, the internal name server does not forward queries to any other name server.
    [Show full text]
  • NAT-Aware Public-Private GSLB Configuration Avi Networks — Technical Reference (17.2)
    Page 1 of 5 NAT-aware Public-Private GSLB Configuration Avi Networks — Technical Reference (17.2) NAT-aware Public-Private GSLB Configuration view online An Avi GSLB configuration can serve clients from a mixture of public and private networks. Introduction Typically, the VIP configured in a local virtual service (configured as a GSLB pool member) is a private IP address. But this IP address may not always be reachable by the client. For example, a user on a laptop could come in via the corporate intranet or VPN, but also directly from the public Internet. In the former case, the source IP address would be an intranet private IP address. In the latter case, it would be a public IP address. Note that, with resolvers (LDNS) in the middle and no support for extension mechanism for DNS (EDNS), this may not be as simple. Note ? If EDNS processing is enabled, the client's IP address is found within the ECS option. For more information, refer to the Extension Mechanisms for DNS Client Subnet Option Insertion article. The source being a certain set of resolver IP addresses could indicate that the client is coming in from a private network, and another set of IP addresses could indicate that the client is coming in from a public network. How It Works Client DNS requests coming in from within the intranet have the private IP served in the A record, and requests from outside are served the public IP address. Please note that datapath health monitoring is performed only against the private IP address.
    [Show full text]
  • New Gateways (PDF
    Packet Network Notice Rev: 28-Nov-2011 Date: Nov 28, 2011 From: Santa Clara County ARES/RACES Packet Committee Subject: Packet Network Update – New AMPRnet and E-mail gateways Attention: All ECs, AECs, MACs and other Santa Clara County Packet Users This Packet Network Notice contains important information which affects your ability to access and use the county packet backbone. This update covers the following topics: • New AMPRnet Gateway • New E-mail Gateway Please read this information thoroughly and pass along to any packet users in your local area. New AMPRnet Gateway The AMPRnet is an AMateur Packet Radio network consisting of packet radio BBSs located worldwide. Local networks of BBSs are interconnected to other local networks through gateways. These gateways use IP-in-IP tunnels to connect to each other. AMPRnet IP addresses are allocated from the IP address block of 44.0.0.0/8. Once a BBS or local network of BBSs is connected to AMPRnet, each of the BBSs can reach any other BBS on the AMPRnet, and vice-versa. For example, in the State of Michigan, each county has a local network of one or more BBSs. Each county is connected to all other counties (and to the rest of the world) with AMPRnet connections. Here in California, we can use AMPRnet connections to reach other counties which do not have a radio path to our network. We have just started to reach out to other counties to work on making those connections. There are two primary uses for this connectivity: 1) Messaging: Messages can now be addressed to anyone at any of the AMPRnet BBSs with a simple and standard Internet-style address format: [email protected].
    [Show full text]
  • World-Wide Web Proxies
    World-Wide Web Proxies Ari Luotonen, CERN Kevin Altis, Intel April 1994 Abstract 1.0 Introduction A WWW proxy server, proxy for short, provides access to The primary use of proxies is to allow access to the Web the Web for people on closed subnets who can only access from within a firewall (Fig. 1). A proxy is a special HTTP the Internet through a firewall machine. The hypertext [HTTP] server that typically runs on a firewall machine. server developed at CERN, cern_httpd, is capable of run- The proxy waits for a request from inside the firewall, for- ning as a proxy, providing seamless external access to wards the request to the remote server outside the firewall, HTTP, Gopher, WAIS and FTP. reads the response and then sends it back to the client. cern_httpd has had gateway features for a long time, but In the usual case, the same proxy is used by all the clients only this spring they were extended to support all the within a given subnet. This makes it possible for the proxy methods in the HTTP protocol used by WWW clients. Cli- to do efficient caching of documents that are requested by ents don’t lose any functionality by going through a proxy, a number of clients. except special processing they may have done for non- native Web protocols such as Gopher and FTP. The ability to cache documents also makes proxies attrac- tive to those not inside a firewall. Setting up a proxy server A brand new feature is caching performed by the proxy, is easy, and the most popular Web client programs already resulting in shorter response times after the first document have proxy support built in.
    [Show full text]