Domain Name System - DNS
This contains links to information used in the lectures.
Overview
DNS allows the mapping of symbolic names to Internet addresses.
Originally done statically in a centralised file.
Can be done statically in /etc/hosts. As Internet grew
there was a need for a dynamic distributed system.
DNS ws specified in 1983 and became part of BSD as Berkeley
Internet Domain System (BIND) in 1985.
DNS
DNS defines:
- A hierarchical namespace for hosts
- A host table implemented as a distributed database
- library routines for access
- Routing for e-mial
- A protocal to exchange naming information
DNS Namespace
Although DNS hierarchies can be set up for private networks, the vast majority of DNS use is by
the giant hierarchy present on the Internet, that wholly remarkable network of networks that
spans the globe. Most of the use comes from name resolution, the use of DNS for determining the
IP address of a machine so that communication can take place.
The top-level domains in the Internet's DNS are comprised of two-letter abbreviations for each
country, such as "UK" and "US", as well as a handful of special domains that exist mainly due to
tradition, such as "EDU", "COM", "NET", "GOV", and "MIL".
- Organized as tree of domains with ascending authority.
- Two types of top-level domains
- 3 letter in US (com,edu,gov,mil,net,org,intr,arpa)
- 2 letter national (ISO) (ca,de,fr,uk,ie,se,nl,us)
- Second level domains assigned by InterNIC (Network Information Center)
or RIPE in Europe. (e.g. kent.edu)
- Lower level subdomains may be created as desired by organizations
having second level domains (e.g. mcs.kent.edu)
- Authority may be delegated (e.g to mcs.kent.edu) to create
further subdomains (e.g. osnet.mcs.kent.edu, pclab.mcs.kent.edu)
- Note that domains reflect organizational structure whereas
IP addresses reflect network connectivity (for routing purposes).
(These are often the same but do not need to be. Example: undp.org).
There are a number of "root nameservers" in existance in various corners of the Internet which
store the ultimate information for the root domain, as well as zones for a handful of top-level
domains. Certain organizational units such as countries and universities have delegation of
domains underneath the root and top-level domains. Entities wishing domain names must register,
and perhaps receive delegation of, their domains from the appropriate registry.
Reverse Name Resolution
Another important task of DNS on the Internet is reverse
name resolution, or the translation of IP addresses back
to domain names. This is important, for example, so servers
can determine and record the full domain name of machines
connecting to them over the network. It is not efficient to
use the same set of DNS records for reverse name resolution
(one would have to search through *every* domain name on
the Internet in hopes of finding the one with the matching
IP address!). Instead, a seperate domain called
"IN-ADDR.ARPA" has been set aside to provide a hierarchy for
translating IP addresses into names. A DNS lookup of
"borg.ee.msstate.edu" would reveal it has the IP address
"130.18.64.5". If one has the IP address and wishes to
know the name, one must perform a DNS lookup of
"5.64.18.130.in-addr.arpa", which will return the name.
Reverse name resolution fields use the PTR resource record,
which "points" to the correct position in the normal DNS space.
The hierarchy under "IN-ADDR.ARPA" can be delegated, of course,
just like any other domain.
This graphic demonstrates the principle of reverse name
resolution.
BIND Components
- named: BIND name server
- The Resolver Library
- Command line interfaces such as nslookup
named: BIND name server
- Answers queries either from a local database or asks other servers
for answer.
- Caches information
- Nameserver Types
- Primary - one per domain. Keeps master copy of database.
- Secondary - must be at least one per domain.
Gets database using "zone transfer".
Should be at least 2 - one offsite.
- Caching - loads a few names from file and gets rest by caching
answers to queries. Help to reduce DNS traffic on net.
- Authorative answers from primary or secondary
The Resolver Library
This provides for lookup of names from the database rather than
from /etc/hosts by gethostbyname and
gethostbyaddr. On most modern systems, these are installed
in libc.a or libresolv.a . This was not true on SunOS which was not
running NIS. To use the nameserver required relinking the
applications which use gethostbyname and
gethostbyaddr.
How DNS works?
- Non-recursive nameservers.
Answers only if it is authorative or answer is cached.
Otherwise refers client to authorative servers of other domain.
Usual on high-level domains such as edu - otherwise cache
bloats.
- Recursive nameservers. Returns real answers or errors only.
This leads to caching of intermediate domains. Best for LAN servers.
- Caching helps efficiency - many queries are repeated.
BIND Clients
- Each client must have an /etc/resolv.conf
- Lists name servers to query
- Example:
search mcs.kent.edu hp300.mcs.kent.edu cs-mcs.mcs.kent.edu kent.edu
nameserver 131.123.2.130 # ns.mcs.kent.edu
nameserver 131.123.2.131 # chaos.mcs.kent.edu
nameserver 131.123.75.254 # zeus.kent.edu
- if host is nameserver list it first - use actual address not loopback
- the servers are contacted in order, each 4 times with increasing
timeout interval
- do not use pound sign for comments
- the domain directive is obsolete
domain mcs.kent.edu
nameserver 131.123.2.130 # ns
nameserver 131.123.2.131 # chaos
nameserver 131.123.75.254 # ksuvxa
- good idea to spread load among servers
- the search path is used to complete host names in the order given
Informational
Setting Up a Nameserver
Named is started from one of the rc files run at boot time.
In the case of HP-UX 10.XX it is from /etc/netbsdsrc using
this command:
# /etc/named.boot is present and /etc/named is executable.
if [ -x /etc/named -a -f /etc/named.boot ] ; then
/etc/named && /bin/echo "named \c"
This reads named.boot by default.
- /etc/named.boot: the boot file.
- Entries
- Sample templates
- ns- the primary nameserver.
Zone Files and Zone Transfers
When you make changes to a domain:
- update data files on primary server
- increment serial number in SOA record otherwise the changes will not
propagate to secondaries
- send a hangup signal to named
These make new data available on primary immediately and
after refresh seconds on secondaries. Hangups to the secondary
force rereads from primary.
Don't forget to update reverse zones as well.
Note that all the data for a zone are transferred at once.
Shell Level Interfaces and Tools
