< Day Day Up > |
Name resolution includes the Domain Name System (DNS) and hosts files. The Dynamic Host Configuration Protocol (DHCP) goes hand-in-hand with name resolution. Name resolution resolves names to IP addresses, and DHCP takes over the tedious chore of assigning IP addresses to individual hosts. Servers need static IP addresses. Workstations do just fine with dynamically assigned addresses just plug 'em in and let DHCP do the work. DNS powers the Internet. All it does is name resolution, or translation of names to numbers. As simple as the concept is, a huge infrastructure has evolved to implement it. We could get along fine without DNS after all, we've been using complex postal mail addresses and phone numbers all of our lives. But there are many advantages to using name resolution. Several names can be mapped to a single IP address. Names are easier to remember. And we can indulge in giving our servers fanciful hostnames, like the names of Tolkien characters, or astronomical terms, or mythological characters. (Okay, so that last one isn't vitally important but it is fun.) 24.1.1 Implementing DNSOne difficulty with learning to run a DNS server is that the vast majority of the documentation is BIND-centric. Berkeley Internet Name Domain (BIND) is the oldest and most widely used DNS server. It seems as though BIND is considered to be the DNS protocol, rather than just an implementation of it. This chapter contains recipes for two different DNS servers: BIND and djbdns. I believe that djbdns is the superior choice. It's modular, small, very fast, and very secure. It's also simple to configure and very dependable, because it runs from supervisory daemons that automatically restart it if it should die unexpectedly. Replicating a djbdns server securely and efficiently is easy you use standard Linux utilities such as rsync-over-ssh, which means you can easily set up authenticated datafile transfers using SSH keys. BIND has been around forever, and it is widely deployed. However, it's one big monolithic program, so you cannot customize the installation to suit your needs. About all you can do is configure it differently for different uses, which is not completely effective in shutting down the parts you don't need. This presents security risks, and BIND has a long history of security problems. Furthermore, it uses odd proprietary methods for replicating zone files to backup servers (secondaries), instead of nice, reliable, standard Unix utilities. Even back in the days before rsync, there was no shortage of dependable methods for transferring files, so the reason for the evolution of these BIND-specific file transfer protocols is a mystery. Despite its drawbacks, BIND has the advantage in sheer volume of books and documentation, with Cricket Liu's books being the standards: the DNS & BIND Cookbook and DNS and BIND, which is now on its fourth edition (both published by O'Reilly), are must-haves for the BIND admin. 24.1.2 A DNS GlossaryDNS refers to three things: the DNS protocol; name resolution; and the entire system that implements it, which consists of domain name registrars, root servers, authoritative servers, IANA and the regional Internet registries, ICANN, and all the caching DNS servers that spread the load and keep things moving. Here are some terms to familiarize yourself with:
|
< Day Day Up > |