Domain Naming System (DNS)

 Domain Name System (DNS)

A DNS server is any computer registered to join the Domain Name System. A DNS server runs special-purpose networking software, features a public IP address, and contains a database of network names and addresses for other Internet hosts.

-> DNS Root Servers
DNS servers communicate with each other using private network protocols. All DNS servers are organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the complete database of Internet domain names and their corresponding IP addresses. The Internet employs 13 root servers that have become somewhat famous for their special role. Maintained by various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm, Sweden.




-> DNS and the World Wide Web
All public Web sites run on servers connected to the Internet with public IP addresses. The Web servers at myip.com, for example, have addresses like 207.241.148.80. Although people can type address information like http://207.241.148.80/ into their Web browser to visit sites, being able to use proper names like http://www.myip.com/ is much more practical.

The Internet utilizes DNS as a worldwide name resolution service for public Web sites. When someone types a site's name into their browser, DNS looks up the corresponding IP address for that site, the data required to make the desired network connections between Web browsers and Web servers.

-> DNS Servers and Name Hierarchy
DNS uses a client/server network architecture. DNS servers are the computers designated to store DNS database records (names and addresses), while clients of the DNS include PCs, phones and other devices of end users. DNS servers also interface with each other, acting as clients to each other when needed.


   The DNS organizes its servers into a hierarchy. For the Internet, so-called root name servers reside at the top of the DNS hierarchy. The Internet root name servers manage DNS server information for the Web's top-level domains (TLD) (like ".com" and ".uk"), specifically the names and IP addresses of the original (called authoritative) DNS servers responsible for answering queries about each TLD individually. Servers at the next lower level of the DNS hierarchy track second-level domain names and addresses (like "about.com") , and additional levels manage Web domains (like "compnetworking.about.com").

DNS servers are installed and maintained by private businesses and Internet governing bodies around the world. For the Internet, 13 root name servers (actually redundant pools of machines around the world) support the hundreds of Internet top-level domains, while About.com provides authoritative DNS server information for the sites within its network. Organizations can similarly deploy DNS on their private networks separately, on the smaller scale.

-> Configuring Networks for DNS
DNS clients (called resolvers) wanting to use DNS must have it configured on their network. Resolvers query the DNS using fixed (static) IP addresses of one or more DNS servers. On a home network, DNS server addresses can be configured once on a broadband router and automatically picked up by client devices, or the addresses can be configured on each client individually. Home network administrators can get valid DNS server addresses from either their Internet service provider or third-party Internet DNS providers like Google Public DNS and OpenDNS.


-> Types of DNS Lookups
IP address lookup is the process of translating between IP addresses and Internet domain/computer names. Forward IP address lookup converts an Internet name to an address. Reverse IP address lookup converts the number to the name.



Several Internet services support both forward and reverse IP lookup for public addresses. On the Internet, these services rely on the Domain Name System (DNS) and are known as DNS lookup and reverse DNS lookup services.

Years ago, before the advent of dynamic IP addressing, many smaller business networks lacking name servers managed private IP lookups through hosts files. Hosts files contained simple lists of static IP addresses and associated computer names. This IP lookup mechanism is sitll used on some Unix computer networks. It can also be used on home networks without a router and with static IP addressing in place. DHCP-based networks, like most home networks today, rely on the DHCP server to maintain hosts files.

Utility programs provided with the computer's network operating system (NOS) allow IP address lookups on both private LANs and the Internet. In Windows, for example, the nslookup command supports lookups via name servers and/or hosts files.

-> DNS Caches
To better process high volumes of requests, the DNS utilizes caching. DNS caches store local copies of recently-accessed DNS records while the originals continue to be maintained on their designated servers. Having local copies of DNS records avoids having to generate network traffic up and through the DNS server hierarchy. However, if a DNS cache becomes outdated, network connectivity issues can result. DNS caches have also been prone to attack by network hackers.

-> Dynamic DNS
Standard DNS requires all IP address information stored in the database to be fixed. This works fine for supporting typical Web sites but not for devices using dynamic IP addresses such as Internet Web cams or home Web servers. Dynamic DNS (DDNS) adds network protocol extensions to DNS to enable name resolution service for dynamic clients.

Unlike DNS that only works with static IP addresses, DDNS is designed to also support dynamic IP addresses, such as those assigned by a DHCP server. That makes DDNS a good fit for home networks, which often receive dynamic public IP addresses from their Internet provider that occasionally change.

To use DDNS, one simply signs up with a DDNS provider and installs network software on their host to monitor its IP address. For example, dyndns.com provides a free dynamic DDNS service via software that can run on Windows, Mac or Linux computers.

-> DNS Blacklists
A DNS blacklist (DNSBL) is a database that contains the IP addresses of malicious hosts on the Internet. These hosts are typically email servers that generate large volumes of unsolicited mail messages (spam) or other Internet servers used for network attacks. A DNSBL tracks servers by IP address and also within the Internet Domain Name System (DNS).


DNS blacklists help you to determine whether message senders may be spammers or hackers. You can also report spam and suspicious addresses to a DNSBL for the benefit of others on the Internet.


-> DNS Record's
Computers that need to be accessed from Active Directory and DNS domains must have DNS records. Although there are many different types of DNS records, most of these record types aren't commonly used. So rather than focus on record types you probably won't use, let's focus on the ones you will use:

  •     A (address) Maps a host name to an IP address. When a computer has multiple adapter cards or IP addresses, or both, it should have multiple address records.

For example, if you want mycomputer.yourdomain.com to point to your home computer (which is, for example, 192.168.0.3), you would enter a record that looks like:

mycomputer.yourdomain.com. A 192.168.0.3

Important: You must put a period after the hostname. Do not put periods after IP.
  •     CNAME (canonical name) Sets an alias for a host name. For example, using this record, zeta.microsoft.com can have an alias as www.microsoft.com.

For example:

yourdomain.com. A 192.168.0.1

Using CNAME, you can point other hostnames to the canonical (A record) address. For example:

ftp.yourdoman.com. CNAME yourdomain.com.
mail.yourdomain.com. CNAME yourdomain.com.
ssh.yourdomin.com. CNAME yourdomain.com.

CNAME records make it possible to access your domain through ftp.yourdomain.com, mail.yourdomain.com, etc. Without a proper CNAME record, you will not be able to connect to your server using such addresses.
  •     MX (mail exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.

  •      NS (name server) Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record.

  •     PTR (pointer) Creates a pointer that maps an IP address to a host name for reverse lookups.

For example, to make 192.168.0.1 resolve to www.yourdomain.com, the record would look like:

    1.0.168.192.in-addr.arpa PTR www.yourdomain.com.

Note: The IP address is reversed in the first field. Please use a period after your hostname (second field).

The �in-addr-arpa� method is the most frequently used.

Important: PTR records are effective only if your site has its own IP address.

Important: PTR records are only effective if named.conf is manually edited and the proper zone information is added. This can only be done by a root user (the server Admin).
  •      SOA (start of authority) Declares the host that's the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone).

Reactions:

5 comments:

Post a Comment