Skip to content
On this page

General Internet Info

This note provides some basic info about how internet works, and is intended for people who aren't necessarily very technical, etc.

THE ISO MODEL

The Open Systems Interconnection model (OSI model) is a conceptual model that 'provides a common basis for the coordination of [ISO] standards development for the purpose of systems interconnection'.  In the OSI reference model, the communications between a computing system are split into seven different abstraction layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. | LayerType | LayerLevel | LayerName | Protocol data unit (PDU) | | | ----------- | ---------- | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Host Layer | 7 | Application | Data | High-level protocols such as for resource sharing or remote file access, e.g. HTTP. | | Host Layer | 6 | Presentation | Data | Translation of data between a networking service and an application; including character encoding, data compression and encryption/decryption | | Host Layer | 5 | Session | Data | Managing communication sessions, i.e., continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes | | Host Layer | 4 | Transport | Segment, Datagram | Reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing | | Media Layer | 3 | Network | Packet | Structuring and managing a multi-node network, including addressing, routing and traffic control | | Media Layer | 2 | Data link | Frame | Transmission of data frames between two nodes connected by a physical layer | | Media Layer | 1 | Physical | Bit, Symbol | Transmission and reception of raw bit streams over a physical medium |

A broader description of these elements is provided here: ListOfProtocolsISOmodel.

In practice; this model ends-up getting a bit mixed up, as work-arounds are defined to address various issues that exist that make it more difficult (or impossible) to achieve some sort of functionality via a more 'straight forward' approach (ie: the use of WireGuard / VPN technologies or the use of DNS over TLS or HTTPS).

IPv6 Protocols

The Domain Name System Security Extensions (DNSSEC**)) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

DNS-based Authentication of Named Entities (DANE)) is an Internet security protocol to allow X.509 digital certificates, commonly used for Transport Layer Security (TLS), to be bound to domain names using Domain Name System Security Extensions (DNSSEC).

About ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN /ˈaɪkæn/ EYE-kan) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the functions to the global multistakeholder community.

DNS Security

DNS over HTTPS (DoH)) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

DNS over TLS (DoT)) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.

While DNS-over-TLS is applicable to any DNS transaction, it was first standardized for use between stub or forwarding resolvers and recursive resolvers, in RFC 7858 in May of 2016.

Edit this page
Last updated on 1/29/2023