Domain Name Service
The Domain Name Service (DNS) is an Internet service that converts domain names into their corresponding IP addresses. As you may recall, all computers connected to the Internet area addressed using an Internet Protocol (IP) address. The IP address may be implemented in either the newer IPV6 (Internet Protocol Version 6) format or on the older and more commonIPV4 (Internet Protocol Version 4) format.
Overview
Depending on the type of network, several of the first segments are used for the network address and several of the last segments are used for the host address.
In a standard class C network used in smaller networks, the first three segments are the computer’s network address, and the last segment is the computer’s host ID (as used in these examples).
For example, in the address
192.189.1.2
,192.189.1
is the network address and 2 is the computer’s host ID within that network.Together, they make up an IP address with which the computer can be addressed from anywhere on the Internet. IP addresses, though, are difficult to remember and easy to get wrong.
As a normal user on a network might have to access many different hosts, keeping track of the IP addresses needed quickly became a problem.
It was much easier to label hosts with names and use the names to access them. Names were associated with IP addresses. When a user used a name to access a host, the corresponding IP address was looked up first and then used to provide access.
IP addresses were associated with corresponding names, called fully qualified domain names. A fully qualified domain name is composed of three or more segments: The first segment is the name to identify the host, and the remaining segments are for the network in which the host is located.
The network segments of a fully qualified domain name are usually referred to simply as the domain name, while the host part is referred to as the hostname (though this is also used to refer to the complete fully qualified domain name).
In effect, subnets are referred to as domains. The fully qualified domain name, www.linux.org, has an IP address198.182.196.56, where 198.182.196 is the network address and 56 is the host ID. Computer scan be accessed only with an IP address.
So, a fully qualified domain name must first be translated into its corresponding IP address to be of any use. The parts of the IP address that make up the domain name and the hosts can vary.
Any computer on the Internet can maintain a file that manually associates IP addresses with domain names. On Linux and UNIX systems, this file is called the /etc/hosts file. Here, you can enter the IP addresses and domain names of computers you commonly access.
Using this method, however, each computer needs a complete listing of all other computers on the Internet, and that listing must be updated constantly.
Early on, this became clearly impractical for the Internet, though it is still feasible for small isolated networks. The Domain Name Service has been implemented to deal with the task of translating the domain name of any computer on the Internet to its IP address.
The task is carried out by interconnecting servers that manage the Domain Name Service (also referred to either as DNS servers or as nameservers). These DNS servers keep lists of fully qualified domain names and their IP addresses, matching one up with the other.
This service that they provide to a network is referred to as the Domain Name Service. The Internet is composed of many connected subnets called domains, each with its own Domain Name Service (DNS) servers that keep track of all the fully qualified domain names and IP addresses for all the computers on its network.
DNS servers are hierarchically linked to root servers, which, in turn, connect to other root servers and the DNS servers on their subnets throughout the Internet.
The section of a network for which a given DNS server is responsible is called a zone.
A zone may correspond to a domain, many zones may, in fact, be within a domain, each with its own name server. This is true for large domains where too many systems exist for one name server to manage.
When a user enter a fully qualified domain name to access a remote host, a resolver program queries the local network’s DNS server requesting the corresponding IP address for that remote host.
With the IP address the user can then access the remote host.
If a user at wilshire.wst.com wants to connect to the remote host linux. Wst.com.wilshire.wst.com first sends a request to the network’s DNS server-in this case, unix.wst.com-to look up the name linux.wst.com and find its IP address.
It then returns the IP address for linux.wst.com, 192.189.1.3, to the requesting host, wilshire.wst.com. With the IP address, the user at wilshire.wst.com can then connect to linux.wst.com.
DNS server operation the names of the DNS servers that service a host’s network are kept in the host’s /etc/resolv.conf file. When setting up an Internet connection, the name servers provided by your Internet service provider (ISP) were placed in this file.
These name servers resolve any fully qualified domain names that you use when you access different Internet sites.
Local Area Network Addressing
Internet, you should use a special set of IP numbers reserved for such non-Internet networks (also if you are setting up a DNS server for a local area network (LAN) that is not connected to the known as private networks or intranets).
This is especially true if you are implementing IP masquerading, where only a gateway machine has an Internet address, and the others make use of that one address to connect to the Internet.
For a class C network (254 hosts or less), these are numbers that have the special network number 192.189, as used in these examples.
If you are setting up a LAN, such as a small business or home network, you are free to use these numbers for your local machines.
You can set up a private network, such as an intranet, using network cards such as Ethernet cards and Ethernet hubs, and then configure your machines with IP addresses starting from 192.189.1.1.
The host segment can range from 1 to254, where 255 used for the broadcast address. If you have three machines on your home network, you can give them the addresses 192.189.1.1, 192.189.1.2, and 192.189.1.3.
You can then set up domain name services for your network by running a DNS server on one of the machines. This machine becomes your network’s DNS server. You can then give your machines fully qualified domain names and configure your DNS server to translate the names to their corresponding IP addresses.
For example, you could give the machine 192.189.1.1 the name unix.wst.com, and the machine 192.189.1.2 the name wilshire.wst.com.
You can also implement Internet services on your network such as FTP, Web, and mail services by setting up servers for them on your machines.
You can then configure your DNS server to let users access those services using fully qualified domain names. For example, for the wst.com network, the Web server could be accessed using the name www.wst.com.
BIND
The DNS server software currently in use on Linux systems is Berkeley Internet Name Domain (BIND).
BIND was originally developed at the University of California, Berkeley, and is currently maintained and supported by the Internet Software Consortium (ISC).
BIND directory in /usr/share/doc contains extensive documentation, including Web page manuals and examples. Tiny dns implements the authoritative name server for a network, whereas dns cache implements a caching server that will resolve requests form DNS clients like Web browsers.
In effect, dns cache operates as the name server that your applications will use to resolve addresses. dns cache will then query tiny dns to resolve addresses on your local network. Zone transfers are handled separately by axfrdns and asfget.
Web site Resource
www.isc.org Internet Software Consortium www.dns.net/dnsrd DNS Resource Directory www.nominum.com Nominum, BIND support
The BIND DNS server software consists of a name server daemon called named, several sample configuration files, and resolver libraries.
As of 1998, a new version of BIND, beginning with the series number 8.x, implemented a new configuration file using a new syntax. Recently version 9.0 was released, adding new security features.
Older versions, which begin with the number 4.x, use a different configuration file with an older syntax.
Tool Description
digdomainDomain Information Groper, tool to obtain information on a DNS server. Preferred over nslookup.
host host name Simple lookup of hosts.nslookup domain Tool to query DNS servers for information about domains and hosts.
rndc command Remote Name Daemon Controller is an administrative tool for managing a DNS server (version 9.x).ndc Name Daemon Controller (version 8.x).
On Red Hat systems, the named daemon is started using a startup script in the /etc/rc.d/init.ddirectory called named. You can use this script to start, stop, and restart the daemon using the stop, start, and restart arguments. You can invoke the script with the service command #service named restart
On Red Hat systems, named runs as a standalone daemon, starting up when the system boots and constantly runs. If you don’t want named to start up automatically, you can use the System V Run level Editor or Setup to change its status.