diff --git a/_posts/2021-07-25-dns.markdown b/_posts/2021-07-25-dns.markdown
new file mode 100644
index 0000000..aef0a5d
--- /dev/null
+++ b/_posts/2021-07-25-dns.markdown
@@ -0,0 +1,88 @@
+---
+layout: post
+title:  Connections
+categories: ["networks"]
+---
+
+It is impractical to remember IP addresses of any target service and address them. While it is expensive to get hold of a static IP address, it would be a nightmare to propagate that change to all the consumers of your application when the IP address changes.
+
+DNS solves this problem by providing a proxy name to the IP address. You can now distribute this to the clients who can address your device using this address.
+
+---------------
+
+
+
+## Network
+
+Interconnected group of computers that are able to send and receive information from one other defines a network. There are different [network topologies](https://en.wikipedia.org/wiki/Network_topology) that define how the computers should be connected to one other.
+
+The Internet is a network.
+
+## IP Address
+
+An IP address is an identifier for a machine in a network. It was initially 32 bits in size, but for more than 2 decades now, a 64 bit version is also in use. The limitation of the 32 bit address is that [there are more than **2<sup>32</sup>** devices](https://en.wikipedia.org/wiki/IPv4_address_exhaustion) connected to the internet. There are some mitigation strategies for this limitation that change how these 32 bit addresses are handled and exposed.
+
+Here's how the 2 versions of IP addresses are expressed for this site.
+
+- 32-bit also called IpV4 : `139.180.190.208`
+- 64 bit also called IpV6 : `2001:19f0:4400:78f6:5400:3ff:fe17:349c`
+
+## Port number
+
+This is a logical construct identifying a process in a computer.
+
+An application, when it needs to send/receive packets from another computer, it needs to create a binding to a port. When an application sends a packet intended for a specific application in another computer, the operation system of the target computer looks at the port number in the incoming packet, and forwards the packet to the application process that is listening for packets on this port.
+
+It is an integer from 1 to 65536. The operating system might prevent binding to port numbers less than 1000 as these are well-known ports. These run well-known processes and therefore optimises routing at the OS layer. Examples are - port 80 for web server applications an 22 for SSH.
+
+## TCP and UDP
+
+These are 2 widely used connection protocols. Under TCP, the application get a guarantee that the target computer indeed received the packet (an acknowledgement). For this reason TCP is called connection oriented protocol. UDP doesn't provide an acknowledgement and is therefore called a connection less protocol.
+
+The crux of these protocols is that, they add header and footer metadata on the message to construct a packet. When such a packet is delivered to the network, the network takes care of forwarding the packet to the correct target using these headers and footers.
+
+## Connection
+
+A connection is defined as the 5-tuple - (sourceIp, sourcePort, destinationIp, destinationPort, protocol).
+
+- **sourceIp** - IP address of the source in the network.
+- **sourcePort** - Port number used by the source process.
+- Similarly for destination Ip and Ports.
+- **protocol** - TCP or UDP.
+
+We will focus on just TCP protocol here.
+
+When we say that a TCP connection is established, both the source and the destination computers know about this 5-tuple. Any new packet with this information will be quickly forwarded to the correct process at the receiver. And any response on that packet, will use the same 5-tuple and be forwarded to the network.
+
+## TCP Connection handshake
+
+A message in the below paragraphs is a connection + some message bytes.
+
+To establish a TCP connection, the source computer sends a message called **SYN** - signalling start of connection establishment. The destination computer responds with a **SYN-ACK** - indicating that it is ready to accept a connection. The source receiving the **SYN-ACK** validates the target ip address. The source computer now sends an **ACK** - signalling that it will send messages using that 5-tuple from this point onwards. The destination receiving this **ACK** means that the destination's previous message reached the source, validating the ip address of the source for the destination.
+
+1. Source : Send SYN, (IP<sub>source</sub>, Port<sub>source</sub>, IP<sub>dest</sub>, Port<sub>dest</sub>, TCP)
+1. Destination : Receive SYN, (IP<sub>source</sub>, Port<sub>source</sub>, IP<sub>dest</sub>, Port<sub>dest</sub>, TCP)
+1. Destination : Send SYN-ACK (IP<sub>dest</sub>, Port<sub>dest</sub>, IP<sub>source</sub>, Port<sub>source</sub>, TCP)
+1. Source : Receive SYN_ACK (IP<sub>dest</sub>, Port<sub>dest</sub>, IP<sub>source</sub>, Port<sub>source</sub>, TCP)
+1. Source : Send ACK (IP<sub>source</sub>, Port<sub>source</sub>, IP<sub>dest</sub>, Port<sub>dest</sub>, TCP)
+1. Source : Mark connection as established.
+1. Destination : Receive ACK (IP<sub>source</sub>, Port<sub>source</sub>, IP<sub>dest</sub>, Port<sub>dest</sub>, TCP)
+1. Destination : Mark connection as established.
+
+This handshake is also called the [3-way handshake](https://en.wikipedia.org/wiki/Handshaking). This establishes the source and target ip address validity.
+
+## Security
+
+With TCP, the destination can setup ip firewall rules to only accept packets from specific sources, as well as only send packets to specific sources. 
+
+But this is not enough.
+
+If the network is compromised, malicious agents can inspect the data segment in the packet. Therefore, in practise, apart from the 3-way handshake, there is also the [TLS handshake](https://en.wikipedia.org/wiki/Handshaking) that establishes a connection to also send encrypted messages that can only be read by the source and destination and not by anyone intercepting the message.
+
+## Cost of a connection
+
+Because of multiple handshakes involved, developers should keep in mind that establishing a new connection is an expensive process. A TLS connection takes around 1 to 2 seconds to setup. When the source and targets are fixed, reusing a connection is of utmost importance.
+
+## What's next
+
+While IP Addresses identify the destination computer, it is not practical to remember IP addresses of different machines. IP Addresses have proxies to them called **Domain Names**. In the next post, I will try to talk about how a Domain Name maps to a specific IP address.