Class Summary 10/3/07: Internet Addresses

State
Question: When I want to go to a web site, how does my computer know how to get there? Answer: My computer looks it up in an Internet address book known as a domain name server.

Elaborate:
Every computer with a public web site has to register its domain name with the Internet Corporation for Assigned Names and Numbers, better known as ICANN. ICANN maintains an address book of web domains and IP (or Internet Protocal) addresses worldwide. All or parts of the worldwide address book are kept at local servers known as DNS or Domain Name Servers. When I want to go to a web site, like www.icacademy.org, my local DNS server looks up the name. If my local DNS server doesn't know the name and address, it requests the information from another DNS server that does. The address book lookup takes the name, like www.icacademy,org, from my computer and then sends back to my computer the IP address. For www.icacademy.org the IP address is 64.202.163.150. My computer can them go visit the address 64.202.163.150 and see the web page there.

Exemplify:
If I want to go to myspace.com from my computer at home, I type www.myspace.com in the address line of my web browser. My home computer sends a request to a DNS server. If my ISP is AT&T Yahoo DSL, the request goes to an address book that is on a DNS server at AT&T Yahoo. The DNS server takes the name, looks up the IP address, then sends back the IP address to my computer. My computer then goes to that IP address and displays the web pages there.

If I'm at school and want to visit www.myspace.com, I usually get a message that indicates the web site is blocked. How does that happen? Well, at ICA we pay for a content filter service in our hardware firewall that checks address requests before it lets them go through. If the address request is to a place that is on the "forbidden" list, then the request is blocked, and I see a message indicating that the web site is blocked. (If the request isn't blocked, the content filter in the firewall sends the request to the DNS server.) Does that mean I absolutely can't go to myspace.com from a school computer? As many enterprising students at ICA know, there are ways around the ICA content filter firewall.

According to Wikipedia, a proxy server is "a server which services the requests of its clients by forwarding requests to other servers." (See http://en.wikipedia.org/wiki/Proxy_server for further info.) If, very, very hypothetically here, I were to go to a proxy server first and then enter my request to go to www.myspace.com, what would happen? The request to lookup the address of the proxy server would be sent by the computer at which I'm sitting at school. The content filter in the ICA firewall would not recognize the proxy server as a forbidden location and would allow the request to pass throug to a DNS server. My computer at school would be allowed to open up the web page at the proxy server. Once at the proxy server web page, since I am now looking beyond the firewall, I could ask the proxy server to request the IP address for myspace.com for me. The proxy server would forward my request for myspace.com to its own DNS server, and then would return the IP address of myspace.com to my school computer bypassing the ICA content filter. The web browser on my computer would then jump to that address. But . . . if by chance the address and names of the proxy servers were added to the content filter forbidden list in the ICA firewall, then my initial request to go to the proxy server would be blocked.

An aside (ethical issues about censorship): The country of Arabia controls all internet requests through proxy servers. If the government does not want a web site visited, it removes the domain name and IP address from the country's proxy servers. In China, the country is too large to controll all Internet traffic through proxy servers. Instead, since most cannot afford Internet at home, the Chinese government installs video cameras at Internet cafes. If they see you visiting a forbidden web site, like www.msnbc.com, you may be arrested.

Illustrate
So, the DNS servers are like a worldwide phone book. If my number is unlisted, I can't be found -- even though I may have a phone number that works. If my number is listed and my phone is broken, someone can find me but my phone won't ring. If my phone is working and someone looks up my number in the phone book and then
calls, my phone rings, and I can answer.