DNS Technical
Sidebar
- What is
DNS?
- Purpose
- Sample Lookup
- DNS Hierarchical Structure
- Sample Recursive Lookup
- Authoritative vs. Non-Authoritative
Responses
- Setting up
DNS services:
- Overview
- Secondary Servers and Zone Transfers
- Mail Exchangers
- Glossary
What is DNS?
Purpose
Domain Name Service is a distributed database
system used to map hard-to-remember IP addresses to
easy-to-remember names. In many ways, it's similar
to a phone directory: when you want to call
someone, you know their name, and look up their
number. When you want to connect to a certain type
of IP service, whether it be a Web Server or a mail
server or some other kind of service, you usually
know its name, but need to look up its IP address
(because computers need the IP address in order to
communicate with other computers over the network)
. That's where DNS comes in.
The domain name server keeps a table of hosts
(i.e., computers) and their IP addresses; when
someone needs to resolve a name to an IP address,
they do what's called a "lookup", which is
basically sending the name to the name server (NS);
and the NS responds with the IP address.
Sample Lookup
The lookup process is typically handled behind
the scenes, using information entered in your
TCP/IP control panel (Name Servers field). This
field contains the IP addresses of name servers.
Here's an example, in simplistic terms, of how such
a transaction might go:
- You are using a Web browser and trying to
connect to www.apple.com.
- Your machine asks your DNS server (the one
entered in your TCP/IP control panel), what's
the IP address of www.apple.com?
- If your DNS server doesn't have that
information in its own tables or cached away
from a previous lookup, it knows how to find out
by communicating with other DNS servers; in this
case, it would want to talk to the DNS server
that has authority over the domain "apple.com".
It learns the IP address of www.apple.com, and
returns that information to your machine.
- Once your machine has the IP address it
needs, it can now send a request to that server
to download a page.
Of course, it can get more complicated, but this
is basically how it works.
DNS Hierarchical Structure
In order to keep domain names unique across the
Internet (which encompasses the world), a central
organization called "InterNIC" controls domain
names (they are also the organization that assigns
IP addresses to organizations). To use our
telephone analogy again, think of the how
irritating it is when you need to phone someone and
find multiple listings in the phone book for the
same name. You might have to call each one of them
before you locate the correct person. Because DNS
lookup should be transparent to the end user, this
type of trial-and-error method of locating the
right number would not be acceptable. So the
InterNIC makes sure that all registered domain
names are unique.
The domains are also organized into a hierarchy,
like an upside-down tree. At the root of the
hierarchy is the "." (dot) domain, also just called
"root". It is the parent of all other domains. The
top level domains are organized either by function,
or by geographical area. For example, the following
top-level domains are organized by function.
/AppleShare IP 6.2 Install/Tutorials/MacDNS Tutorial/Media/dnshierarchy.gif/dnshierarchy.gif)
The table below describes the other functional
top-level domains. (NOTE: A second way domains are
organized at the top level is geographically, for
example, sites in Canada would be in domain .ca,
Japan in .jp, Kentucky in .ky.)
|
Function
|
Domain
|
|
Government
|
.gov
|
|
Military
|
.mil
|
|
Not-for-Profit
|
.org
|
|
Educational
|
.edu
|
|
Commercial
|
.com
|
|
Network Services
|
.net
|
A commercial institution, applying for a domain
name, would be given something within the .com
domain. It could then create subdomains within its
domain. For example, Apple is in the .com domain,
and has subdomains such as "corp" (corp.apple.com),
and "austin" (austin.apple.com). The name server
for "austin.apple.com" keeps a table for the
computers within that domain name space, or "zone."
This table, which includes the host names, host
static IP addresses, aliases, mail exchangers,
time-to-live values, and other information, is also
called a "zone file" and the information it
contains is sometimes referred to
as "zone information."
Sample Recursive Lookup
To continue with our earlier example of trying
to resolve www.apple.com, we said that your
acme.com name server didn't have the IP address for
www.apple.com in its own tables or in its cache,
but it was able to find out the address from other
name servers. It does this by asking the
appropriate name server at the top level where it
can find this information. That name server will
most likely give it a pointer to another name
server to try. And the name server will keep asking
other name servers till it finds an answer to
return to you, the client. This is called
recursive lookups.
The interaction might go something like this:
- Your domain name server (acme.com) only has
entries in its zone file for hosts within
acme.com, and finds it doesn't have
"www.apple.com" cached from an earlier
inquiry.
- The acme.com NS asks the .com NS, what's the
IP address for www.apple.com?
- The .com NS replies, "I don't know...ask the
apple.com NS, its IP address is
17.104.26.2."
- The acme.com NS asks the apple.com NS,
what's the IP address for www.apple.com?
- The apple.com NS has this address in its
tables, and responds with the correct IP
address.
- The acme.com NS returns the IP address to
your machine, and caches it for a period of
time, specified by the Time-to-Live (TTL) value
in the www.apple.com host's record, so that next
time it's asked, it can answer more quickly.
Authoritative vs. Non-authoritative
responses
When the apple.com name server gives out an IP
address for a host within the apple.com domain,
this is an "authoritative" response, because the
information is coming straight from the database
where it is defined. If a response comes from a
cached entry in another name server, such as our
acme.com NS, its called a non-authoritative
response, because there's a possibility, albeit
slight, that the IP address was changed at
apple.com since the address was cached. That's why
TTL values are kept short. When the TTL expires,
the entry is flushed from the NS' cache.
Setting Up DNS
The first step in setting up your own DNS
services is to contact the InterNIC to register a
domain name, if you don't already have one. See
www.internic.net
for the details in doing so. If you also need a
range of IP addresses for your organization, you
could obtain those at the same time. Registering
your domain name is critical; failure to do so
will result in the top-level domain name servers
not knowing about your domain, and thus being
unable to point other name servers to your DNS to
get names resolved.
Your DNS server would then be the "authority"
over names in your domain. It would contain a
table, mapping machines in your organization to
their domain names, and it would give this
information to other DNS servers on the Internet,
trying to connect with someone in your domain.
When setting up DNS entries for your hosts
(i.e., computers at your site), each host entered
must have a static IP address, one that will
not change from day to day, such as might happen if
you were using IP server addressing to assign an IP
address somewhat randomly from a group of
addresses. So be sure that your computers offering
IP services (web server, mail server, ftp server,
etc.) have static IP addresses. You can still use
server addressing, such as BootP or DHCP
addressing, as long as the server gives these
machines the same address each time.
Not every machine in your organization would
need to have an entry in DNS, but you would
certainly want to enter every machine that was
providing an IP service, such as your ftp server,
your web server, your mail server, your AppleShare
IP server. You would also include information on
aliases that could be used for each machine, and
information on what machine provides mail service.
Note that DNS services is not mandatory for
communicating with hosts on the Internet. The IP
address could be used instead of a domain name to
communicate with a web server, for example.
However, using domain names makes it much easier
for users to find your services; many people
actually guess at an organization's web server name
by simply trying "www.companyname.com". Think of
how many fewer visitors you would have if each had
to successfully guess the machine's IP address!
Another advantage is that you can move services
from place to place, without having to inform all
your users of the changed IP addresses; just make
the change at your DNS server.
The sections on setting up MacDNS will bring you
through these steps, and explain more about the
information that is entered for each host.
Secondary Servers and Zone
transfers
MacDNS acts as a primary name server. That means
that it is the “true” authority for a
particular zone. For robustness, the Domain Name
System allows secondary servers to keep a copy of
the zone’s information. The secondary server
obtains its information from the primary server for
a zone. Rather than attempting to query the primary
server for each of its hosts, one at a time, there
is a zone transfer mechanism that moves all the
information in a single operation. (You cannot
configure MacDNS to be a secondary server, though
you can control how often MacDNS distributes
information to secondary servers.) The zone
transfers happen on a periodic basis. The secondary
server uses three parameters to control the timing:
The refresh timer tells the secondary how
often to query the primary server to see if new
information is available. If something has changed,
the secondary then does a zone transfer.
The retry timer tells how long the
secondary should wait before reattempting to
contact the primary if the first attempt failed.
The expire timer tells how long to cache
the zone information in the event that the primary
cannot be reached. If this timer lapses, then the
secondary server removes all information about the
primary from its database.
Mail
Exchangers
DNS provides a facility for designating that
E-mail for a site should be sent to one of several
hosts. When E-mail is to be delivered to a site,
the sender attempts to deliver it to the ultimate
destination. If that computer is down, or if it is
not available at the moment (possibly because it
establishes a dial-up connection to receive mail),
the sender can deliver messages to an alternate
host that will, in turn, attempt to deliver the
message at a later time. The site’s
administrator could define a series of these hosts
(known as “mail exchangers” or “MX
hosts”) with different priorities.
In MacDNS, mail exchangers are entered this way:
10 mail.acme.com, 20
mail.myISP.com
The numbers 10 and 20 are preference value,
indicating the priority. The lower number means
higher priority. So in this case, the mail would be
delivered to mail.myISP.com only if mail.acme.com
was not available for whatever reason.
(Arrangements should be made with the ISP for mail
forwarding service.)
Here is an example of how mail is sent across
the Internet:
- You compose a letter in your mail software,
address it to "john@acme.com" and click
"send"
- The mail is sent to the SMTP (Simple Mail
Transfer Protocol) server you have configured in
your mail program. Let's say it's called
"smtp.mycompany.com"
- smtp.mycompany.com now has the mail and
needs to deliver it to the mail server at
acme.com. It contacts the acme.com DNS server
and says, basically, who does mail for
acme.com ?
- acme.com NS returns the Mail Exchangers for
acme.com:
10 mail.acme.com, 20
mail.myISP.com
- smtp.mycompany.com tries mail.acme.com
first, so now it asked the acme.com NS, who does
mail for mail.acme.com ?
- acme.com NS returns the Mail Exchangers for
mail.acme.com:
10 mail.acme.com, 20
mail.myISP.com
- Note that mail.acme.com has an entry that
simply points back to itself; this says in
effect, "I am the mail server".
- smtp.mycompany.com then sends the mail to
mail.acme.com, where the mail server software
checks to make sure he has a user called "john",
and puts the mail in the equivalent of john's PO
box, waiting for user John to connect and pick
it up.
If no response came from mail.acme.com,
smtp.mycompany.com would attempt to get the mail
to mail.myISP.com instead, and that mail server
would then continue making attempts to deliver
the mail to mail.acme.com (note that you must
make arrangements with your ISP for this type of
mail forwarding).
The set up instructions within this training
guide walk you through setting up mail exchangers
for your permanent hosts, and setting up an MX-only
host record, which allows you to specify mail
exchangers for a domain (such as acme.com). This is
used when there is no real permanent host named
acme.com.
Glossary (courtesy of Network
Solutions, Inc.)
com
The top level domain
originally intended for "commercial" entities.
One of the worldwide top level domains, in which
any person or organization may register a domain
name. [see also: Top Level Domain]
Domain
A subset of the total domain
name space. A domain represents a level of the
hierarchy in the Domain Name Space, and is
represented by a domain name. For example, the
domain name netsol.com represents the second
level domain netsol which is a subset, or
sub-domain, of the top level domain com, which
is in turn a larger subset of the total Domain
Name Space. If you think of the Domain Name
Space as a tree, a domain would be analogous to
a limb and would encompass all of the branches
off of that limb. [see also: Domain Name Space,
Second Level Domain, Top Level Domain, Third
Level Domain, Domain Name]
Domain Name
An addressing construct used
for identifying and locating computers on the
Internet. Domain names provide a system of
easy-to-remember Internet addresses, which can
be translated by the Domain Name System (DNS)
into the numeric addresses (Internet Protocol
(IP) numbers) used by the network. A domain name
is hierarchical and often conveys information
about the type of entity using the domain name.
A domain name is simply a label that represents
a domain, which is a subset of the total domain
name space. Domain names at the same level of
the hierarchy must be unique, for example there
can be only one com at the top level of the
hierarchy, and only one netsol.com at the next
level of the hierarchy. [see also: Domain Name
System (DNS)]
Domain Name
Space
An Internet addressing scheme
that is hierarchical in nature and uses a "tree"
structure to organize information that describes
networks and computers. The domain name space is
the sum total of domain names that currently
represent networks and computers, as well as all
of the possible domain names - not yet in use -
which may potentially represent networks and
computers. Also, the realm of networks,
computers, and other network devices that can be
described and represented by the Domain Name
System (DNS). [see also: Domain Name, Domain
Name System (DNS)]
Domain Name System
(DNS)
A distributed database of
information that is used to translate domain
names, which are easy for humans to remember and
use, into Internet Protocol (IP) numbers, which
are what computers need to find each other on
the Internet. People working on computers around
the globe maintain their specific portion of
this database, and the data held in each portion
of the database is made available to all
computers and users on the Internet. The DNS
comprises computers, data files, software, and
people working together.
dot or "."
The top of the hierarchy in
the Domain Name System (DNS). [See Root]
edu
The top level domain
designated for four-year, degree-granting
colleges and universities. [see also: Top Level
Domain]
gov
The top level domain
designated for agencies and branches of the
United States Federal Government. State and
local governments in the United States should
use the us top level country code domain. Prior
to October 1, 1997, registration in gov was
handled by Network Solutions; the General
Services Administration (GSA) began handling
registration in the top level domain gov
starting October 1, 1997. [see also: Top Level
Domain]
hosts
Used here to refer to
computers on a network.
Inverse
Address Resolution (IN-ADDR)
The process used to resolve
Internet Protocol (IP) number(s) to their
corresponding domain name(s), as opposed to the
more familiar type of resolution that starts
with a domain name and translates it into the
corresponding IP numbers. The Domain Name System
(DNS) was designed to translate domain names
into IP numbers; to enable an IP number to be
translated to a domain name, both the domain
name and its corresponding IP number(s) must be
registered in a special domain - in-addr.arpa -
using the IN-ADDR registration form. This means
that the IP address 198.41.0.52 would be listed
as 52.0.41.198 in the in-addr.arpa domain, so
that when read from left to right it moves from
specific to general in the hierarchy, the same
way that domain names do. Inverse address
resolution can be helpful when using tools such
as log files, because it enables the Internet
Protocol (IP) number(s) logged by the network
and computers to be related to the corresponding
domain names, which are more easily recognized
by humans. [see also: Domain Name System
(DNS)]
Internet Protocol (IP)
Numbers (IP addresses)
A unique, numeric identifier
used to specify hosts and networks. Internet
Protocol (IP) numbers are part of a global,
standardized scheme for identifying machines
that are connected to the Internet. Technically
speaking, IP numbers are 32 bit addresses that
consist of four octets, and they are expressed
as four numbers between 0 and 255, separated by
periods, for example: 198.41.0.52.
Internet Service Provider
(ISP)
A person, organization, or
company that provides access to the Internet. In
addition to Internet access, many ISPs provide
other services such as Web hosting, Domain Name
Service, and other proprietary services. [see
also: Name Service]
InterNIC
The name given to a project
that originated and operates under acooperative
agreement with the National Science Foundation
(NSF). Under this agreement, Network Solutions,
Inc. provides domain name registration services
in com, net, org, and edu; Internet Protocol
(IP) network number allocation; and information
and education services. AT&T provides
directory and database services
InterNIC Directory and
Database Services
A National Science Foundation
(NSF) cooperative agreement awarded to and
operated by AT&T. Database and Directory
services provides:
- Directory of
Directories, containing lists of FTP sites,
servers, white and yellow page directories,
library catalogs and data archives.
White and yellow
pages-type Directory Services.
InterNIC Registration
Services
A National Science Foundation
(NSF) cooperative agreement awarded to and
operated by Network Solutions, Inc..
Registration Services administers the
registration of second level domain names under
the following top level domains: com, org, net,
and edu. Network Solutions also has been
responsible for Internet Protocol (IP) number
allocation for the Americas, the Caribbean, and
sub-Saharan Africa throughout the duration of
the cooperative agreement, but will be
transitioning this responsibility to the
American Registry for Internet Numbers
(ARIN).
mil
The top level domain
designated for United States military
entities.
Name Server
Also called a host or a name
server. A computer that has both the software
and the data (zone files) needed to resolve
domain names to Internet Protocol (IP) numbers.
[see also: Host (Name Server), Zone File,
Resolve]
Name Service
Providing individuals or
organizations with domain name-to-Internet
Protocol (IP) number resolution by maintaining
and making available the hardware, software, and
data needed to perform this function. Many
Internet Service Providers (ISPs) operate name
servers and provide their customers with name
service when they register a domain name. Most
individuals are not in a position to operate a
name server on their own and will need to make
arrangements for name service with an ISP or
some other person or organization. [see also:
Resolve, Internet Service Provider (ISP), Name
Server]
net
The top level domain
designated for entities and computers that
represent part of the Internet’s
infrastructure. Originally intended for use by
Network Information Centers (NICs), Network
Operations Centers (NOCs), administrative
computers (such as a name server) and network
node computers. One of the worldwide top level
domains. [see also: Top Level Domain]
org
The top level domain
designated for miscellaneous entities that do
not fit under any of the other top level
domains. Typically used for non-profit
organizations. One of the worldwide top level
domains. [see also: Top Level Domain]
Primary Server
The host name and Internet
Protocol (IP) number of the name server that
will contain authoritative information for the
domain name and will be used to resolve that
domain name to its corresponding IP number(s).
The designation of "primary" means that this
name server will be used first and will be
relied upon before any of the other name servers
that may be listed on the Domain Name
Registration Agreement.
Request For Comments
(RFCs)
The official document series
of the Internet Engineering Task Force (IETF)
that discusses many aspects of computing and
computer communication focusing on networking
and Internet protocols, procedures, programs,
and concepts. All Internet protocols are written
up as RFCs, but not all RFCs describe Internet
standards.
Resolve
The term used to describe the
process by which domain names are matched with
corresponding Internet Protocol (IP) numbers.
"Resolution" is accomplished by a combination of
computers and software, referred to as name
servers, which use the data in the Domain Name
System to determine which IP numbers correspond
to a particular domain name. [see also:
Domain Name System (DNS),
Name Server]
Root
The top of the Domain Name
System (DNS) hierarchy. Often referred to as the
"dot." [see dot or ".", Domain Name System
(DNS)]
Root server
A machine that has the
software and data needed to locate name servers
that contain authoritative data for the top
level domains (e.g., root servers know which
name servers contain authoritative data for com,
net, fr, uk. etc.). The root servers are, in
fact, name servers and contain authoritative
data for the very top of the Domain Name System
(DNS) hierarchy. Currently, technical
specifications limit the number of root servers
to 13. These machines are located around the
globe, in the U.S., the U.K., Sweden, and Japan.
[see also: Root, Top Level Domain, Name Server,
Domain Name System (DNS)]
RWhois
A protocol under development
at Network Solutions that helps find domain
names and other network data on a large number
of servers, rather than on just one server.
RWhois is a directory services protocol which
extends and enhances the Whois protocol in an
effort to provide a scaleable, decentralized,
and efficient means of storing and retrieving
information related to hosts, network
information systems, and the individuals
associated with those systems. Borrowing from
earlier established Internet protocols, other
directory service efforts, and the architecture
of the Domain Name System (DNS), RWhois uses the
hierarchical nature of the information related
to network "objects" (domains, Internet Protocol
(IP) numbers, hosts, people) to provide the
shortest and most efficient path between network
data and the person who needs it. [see also:
Whois, Domain Name System (DNS)]
Second Level
Domain
In the Domain Name System
(DNS), the next highest level of the hierarchy
underneath the top level domains. In a domain
name, that portion of the domain name that
appears immediately to the left of the top level
domain. For example, the netsol in netsol.com.
Second level domain names are often descriptive
and have come to be used increasingly to
represent businesses and other commercial
concerns on the Internet. [see also: Domain Name
System (DNS), Top Level Domain]
Secondary
Server
The hostname and Internet
Protocol (IP) number of a name server that will
contain authoritative data for a domain name and
will resolve that domain name to its
corresponding IP number(s). The designation of
"secondary" indicates that the name server will
be used in addition to and as a backup for the
primary name server.
Start of Authority (SOA)
Resource Record
A type of record used in the
distributed database that is the Domain Name
System (DNS) to indicate that a particular name
server contains authoritative data for a
particular domain. [see also: Domain Name System
(DNS), Name Server]
Third Level
Domain
In the Domain Name System
(DNS), the next highest level of the hierarchy
underneath the second level domains. In a domain
name, that portion of the domain name that
appears two segments to the left of the top
level domain. For example, the reston in
reston.va.us. Third level domains are not the
portion of an email address that appears in
front of the @ symbol - for example, the
webmaster in webmaster@netsol.com is not a third
level domain. [see also: Second Level Domain,
Top Level Domain, Domain Name System
(DNS)]
Top Level Domain
(TLD)
In the Domain Name System
(DNS), the highest level of the hierarchy after
the root. In a domain name, that portion of the
domain name that appears furthest to the right.
For example, the com in netsol.com. [see also:
Domain Name System (DNS), Root, Domain
Name]
Whois
A searchable database
maintained by Network Solutions, which contains
information about networks, networking
organizations, domain names, and the contacts
associated with them for the com, org, net, edu,
and ISO 3166 country code top level domains.
Also, the protocol, or set of rules, that
describes the application used to access the
database. Other organizations have implemented
the Whois protocol and maintain separate and
distinct Whois databases for their respective
domains.
Zone
A portion of the total domain
name space that is represented by the data
stored on a particular name server. The name
server has authority over the zone - or the
particular portion of the domain name space -
described by that data. [see also: Zone File,
Name Server, Domain Name Space]
Zone File
A file that contains data
describing a portion of the domain name space.
Zone files contain the information needed to
resolve domain names to Internet Protocol (IP)
numbers. [see also: Zone, Domain Name Space,
Resolve]
For glossary:
Permission is granted to quote, copy, or
otherwise reproduce this material, provided that
the following copyright notice is retained on
each and every copy: © Copyright 1997
Network Solutions, Inc. All rights
reserved.
|
/AppleShare IP 6.2 Install/Tutorials/MacDNS Tutorial/Media/applelogo.gif/applelogo.gif){kind=small}
/AppleShare IP 6.2 Install/Tutorials/MacDNS Tutorial/Media/arrowl.gif/arrowl.gif){kind=small}
/AppleShare IP 6.2 Install/Tutorials/MacDNS Tutorial/Media/arrowr.gif/arrowr.gif){kind=small}
/AppleShare IP 6.2 Install/Tutorials/MacDNS Tutorial/Media/MacDNS_Title.gif/MacDNS_Title.gif)
/AppleShare IP 6.2 Install/Tutorials/MacDNS Tutorial/Media/apple.gif/apple.gif){kind=small}