I'm developing a network application which should be capable of contact DNS servers.
I was wondering what would be the best way to do it. And browsers came to my mind.
For example, how Firefox or Chrome resolve the Domain names i put in the URL bar?
I mean, i type http://www.google.com, how does it know that has to make a TCP request to the IP 209.85.195.104?
Thanks!
In the simplest scenario, browsers would use a function such as gethostbyname() to resolve names to addresses. However, this function is not always implemented in such a way that's convenient for a browser (it usually blocks until it gets an answer).
Browsers today are starting to use "DNS prefetch", where the browser will send DNS requests directly to a DNS server as the page is loading, to resolve addresses before the user clicks on the next link. That way, the user doesn't have to wait for name resolution when they click, and the browsing experience appears faster.
Web browser send request to DNS server. Server send list of associate addresses (if domain name record do have, several IP addresses - example is cnn.com with several IPv4 and IPv6 addresses).I am not sure if this addresses store browser or Operating systems but if browser use first address and don t get answer he will use another address from list. I read somewhere that it waits max 30 seconds until he use another address from list.
Related
I am using a websocket connection with an ip address like ws://172.168.41.61. It is working fine. Now I want use the same service from an Android/IOS application, so I purchased a domain say, mydomain.example. Now I linked the above ip to this url: api.mydomain.example. But when I tried to use ws://api.mydomain.example it is not working as a replacement for the above IP address.
I have following 2 concerns:
Is it safe to deploy IP address (172.168.41.61) directly in the app for any API or websocket connection. (I guess no, because IP may be difficult to manage or bad practice, offcourse IP will be static)
Although I have tested the domain (api.mydomain.example) to IP conversion and the IP address is same as expected, then why can't I use the domain like ws://api.mydomain.example as a replacement for ws://172.168.41.61?
This the site from where I check the domain to IP conversion:
https://ipinfo.info/html/ip_checker.php
It is working now. There may be 2-3 issues because of which it was not working earlier:
Domain pointing takes some time. (But I waited for atleast 1-2 hour after pointing the domain and still it didn't work). May be it take more than that, sometimes.
May due to cache issue, when I tried the first time, the no response thing is cached and it continued to show the same thing even after 2-3 hour.
Although I confirmed the domain to IP is converting fine, still the cache in the my system was preventing me to access the original resource.
Thanks
I have some knowledge on my question but not exactly. What exactly programatically happening after http request?
Scott Hanselman said in one of his blog posts:
Describe, in as much detail as you think is relevant, as deeply as you can, what happens when I type "cnn.com" into a browser and press "Go".
My question is exactly this,
That's like asking "describe how to perform a coronary bypass". Yes, one can explain how, but one is better first studying medicine and learning about the basics, before starting with specific procedures. However, in bulletpoints:
Your browser will want to know the IP address of cnn.com. It doesn't do DNS lookups itself, but rather asks the operating system.
Your browser will connect to that IP address on port 80
Your browser will send a HTTP GET request
The webserver will reply with statuscode 200 and the body contents
Your browser will parse the HTML
In the HTML, other resources (images, scripts, css-files...) might be included, which the browser will also fetch.
After the browser is done, it will close the connection. If it doesn't, the webserver will.
Browser tries to resolve the name cnn.com into its ip address.
Browser TCP connects to cnn.com's ip address on the default HTTP port (80)
Browser sends a GET request to the server, asking for the / page
Browser says that it's trying to connect to "cnn.com" (cnn.com and bbc.com could be hosted on the same hosting company, with the same IP address)
Browser also says what's your browser, browser engine, browser version, operating system and the plug-ins that you have installed.
Server sends a header saying what's coming on your reply, the kind of data you're going to receive (in this case, HTML), and the size of the response if it's available.
Server closes the connection if there isn't any keep-alive instruction from the browser. Otherwise it will use this opened connection to ask for other things that might be needed (images within the page, for example.)
By the way, download and install Wireshark if you want to go deep and see what's really going on behind the curtains.
i want to do the following:
open a web browser on my local network. type in mydevice.com(or something similar) and have the browser redirect to the actual device (192.168.1.x)
the reason is, it really is NOT for me. it is for a product that hosts a web page and i do not want the users to have to type in the IP address.
also, i am aware of dyndns.org and related sites. i was wondering though if there isnt another (easier) alternative since i have no requirement whatsoever to get IN from OUTSIDE (i.e. no external access). i pretty much just want to tell my router whenever it sees a request for some made up domain name, to instead just redirect to a specific IP address on the local network. the only question then will be, if such a thing is possible, is it easy enough to instruct said users to set up.
is such a thing possible?
ps - somebody may have to change my problem title... i didnt know what this was called, which made it hard to google in the first place. so i turn to SO, but then naturally, have trouble writing a specific title
You could use a Hosts file. See Wiki Hosts file entry for the format for your OS.
Basically I want to display a hosts external public facing IP address regardless of whether or not it is part of a natted lan. What I'm doing now is just connecting to myipaddress.com and retrieving it from there. I just don't know if I trust that site as a stable source. Is there some authority that facilitates this?
Every web server on the public internet automatically sees your external IP address. There is just no standardized way to "talk it back" as far as I know (e.g. through a header or something).
If you want to do this manually, just use one of the numerous "what's my IP?" services around like www.infobyip.com/detectmyip.php
If you want to do it in an automated fashion, the most stable way would be to set up a script on a remote server, and have that output the requester's IP. In PHP, in most cases, it would look like so:
<? echo $_SERVER["REMOTE_ADDR"]; ?>
(Here is a detailed discussion on how to retrieve the IP in various ways, but if the above worked for you once, it is likely to work forever.)
STUN RFC 3489will do it, though you need access to an open STUN server. There are other sites (like myipaddress.com) that will report your apparent address back to you, but there is no "standard" service for this.
I have a web application that should behave differently for internal users than external ones. The web application is available over the Internet, and therefore obviously to the internal users as well.
All the users are anonymous, not authenticated, but the page should render differently for internal users than external. What I'm doing in my code is use Request.UserHostName and then Dns.GetHostEntry. The result is then compared to a setting in my web.config (that holds something like *.mydomain.local) . If the comparison gives a positive result then I render the HTML that the internal user should see otherwise I render the HTML the external user should see.
However, my problem is that I don't always get the expected value from Request.UserHostName. on the development site I get the IP-number (?) of the machine running the browser but on the customer site I don't get the IP-number of the user machine, I get some other IP-number. The browsers don't have any proxies set or anything like that.
Should I be using something else than Request.UserHostName?
I recommend using IP addresses as well. I'm dealing with this exact same situation setting up an authentication system right now as well and the conditions described by Epso and Robin M are exactly what is happening. External users coming to the site give me their actual IP address while all internal users provide the IP of the gateway machine(router) on to the private subnet the webservers sit on.
To deal with it I just check for that one IP. If I get the IP of the gateway, I provide the internal access. If I get anything else they get the external one which requires additional authentication in my case. In yours, it would just mean a different interface.
Try Request.UserHostAddress, which returns the client's IP address. Assuming your internal network uses IP addresses reserved for LANs, it should be relatively simple to check if an IP is internal or external.
There might be a firewall that is doing some sort of NAT, to enable inside clients to use the external dns-name to reach the server.
Is the IP-number you get on customer site the same at the external customer-server ip? In that case you can hard code for that one IP-address. All internal computers behind that firewall will appear to have to same ip-address and you can classify them as "internal".
It looks like you're being returned a public facing IP Address. Get the user to go to http://www.myipaddress.com . If this is the same as the IP Address returned to your software, then this is definitely the case.
The only solution I can see to get around this is to either get them to connect to the machine holding the asp.net application via a VPN, or to use some other kind of authentication. The latter is probably the best option.
It does sound like there is a proxy between users and the server on the customer site (it doesn't need to be configured in the browser). It may be an internal or external proxy depending on your network configuration.
I would avoid using the UserHostName for what is effectively authentication as it is presented by the browser duing the request and would be easy to spoof. IP address would be much more effective as it's difficult to spoof an IP address in a TCP/IP connection (and maintain a connection). It's still weak authentication but may be sufficient in this scenario.
Even if you are using IP address, if there's a NAT proxy between client and server, you may have to accept that anything coming through that proxy is trusted (I'm assuming that external/untrusted clients don't come through that proxy).
If that isn't acceptable, you're back to other methods of authentication. Rather than requiring a logon or VPN connection, you might consider a permanent cookie or client certificates and only give those to internal clients but you would need some way of delivering those to the client. You could certainly deliver a permanent cookie based on a one-time logon. Cookies can be spoofed in a similar way in that the UserHostName can be however you've got a better opportunity to create a cookie value that is less guessable than a domain name.