쥐스킨트의 작은 서재

DomainName System

The Domain Name System (DNS) is ahierarchical decentralized naming system for computers, services, or anyresource connected to the Internet or a private network. It associates various informationwith domain names assigned to each of the participating entities. Mostprominently, it translates more readily memorized domain names to the numericalIP addresses needed for the purpose of locating and identifying computerservices and devices with the underlying network protocols. By providing aworldwide, distributed directory service, the Domain Name System is anessential component of the functionality of the Internet.

The Domain Name System delegates the responsibilityof assigning domain names and mapping those names to Internet resources by designatingauthoritative name servers for each domain. Network administrators may delegateauthority over sub-domains of their allocated name space to other name servers.This mechanism provides distributed and fault tolerant service and was designedto avoid a single large central database.

Proxy server

In computer networks, a proxy server is aserver (a computer system or an application) that acts as an intermediary forrequests from clients seeking resources from other servers. A client connectsto the proxy server, requesting some service, such as a file, connection, webpage, or other resource available from a different server and the proxy serverevaluates the request as a way to simplify and control its complexity. Proxieswere invented to add structure and encapsulation to distributed systems. Today,mots proxies are web proxies, facilitating access to content on the World WideWeb and providing anonymity.

Uses

Monitoringand filtering

-      Content-control software

A content-filtering web proxy server provides administrative controlover the content that may be relayed in one or both directions through theproxy. It is commonly used in both commercial and non-commercial organizations(especially schools) to ensure that Internet usage conforms to acceptable usepolicy.

A content filtering proxy will often support user authentication, tocontrol web access. It also usually produces logs, either to give detailed information about the URLs accessedby specific users, or to monitor bandwidth usage statistics. It may alsocommunicate to daemon-based and/or ICAP-based antivirus software to providesecurity against virus and other malware by scanning incoming content in realtime before it enters the network. 

-      Filtering of encrypted data

Web filtering proxies are not able to peer inside secure socketsHTTP transactions, assuming the chain-of-trust of SSL/TLS has not beentampered with.

The SSL/TLS chain-of-trust relies on trusted root certificateauthorities. In a workplace setting where the client is managed by theorganization, trust might be granted to a root certificate whose private key isknown to the proxy. Consequently, a root certificate generated by the proxy isinstalled into the browser CA list by IT staff.

In such situations, proxy analysis of the contents of a SSL/TLStransaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client’s trust of a root certificate theproxy owns.

-      Bypassing filters and censorship

If the destination server filters content based on the origin of therequest, the use of a proxy can circumvent this filter. For example, a serverusing IP-based geolocation to restrict its service to a certain country can beaccessed using a proxy located in that country to access the service.