DNS Fundamentals


DNS works in a hierarchical fashion with the root at the top. Queries cascade down through the branches until a server is found that can provide a resolution. The collection of machines that use DNS is called the namespace . The namespace is made up of a number of domains, each consisting of a number of machines that contain information about hosts , or of other servers that might contain the required information. The domains are organized in a similar way to a Unix file system, which is an inverted tree, with a root at the top and numerous branches extending from the root.

Top-Level Domains

If you are connected to the Internet, then the root domain is the highest level of domain, identified by a . (dot). It is often called the "Nameless root" and acts as a placeholder for the top-level domains that are administered centrally by the Internet Assigned Numbers Authority (IANA). When you specify a URL, such as www.sun.com , the last word (furthest right) is the top-level domain, in this case com , which identifies the domain as a commercial organization. Top-level domains are broken down into organizational and geographical structures. Table 10.1 shows the most popular organizational top-level domains.

Table 10.1. Organizational Top-Level Domains

Domain Name

Description

com

Commercial organizations ( mainly U.S. based)

org

Non-commercial or non-profit organizations

edu

Educational organizations, such as schools and universities

net

Networking organizations and Internet Service Providers (ISPs)

mil

US Military domain names

gov

Government departments and organizations

int

International organizations, such as NATO, for example

Geographical domains are assigned to each country, normally with two letters relating to the country. Table 10.2 shows some of the geographical top-level domains.

Table 10.2. Geographical Top-Level Domains

Domain Name

Description

ca

Canada

de

Germany

es

Spain

fr

France

jp

Japan

uk

United Kingdom (Great Britain)

us

United States

Second-Level Domains

Second-level domains come below the top-level domains and are administered by the organizations themselves . In the domain name www.sun.com , for example, sun is the second-level domain name and is administered by Sun Microsystems. An organization is free to split its second-level domain into further subdomains, if required, and so delegate responsibility of the subdomains to specific departments or sections. There is a restriction, however, that a complete domain name, including all its subdomain names and the top-level domain name (known as a Fully Qualified Domain Name FQDN ), cannot be longer than 255 characters. Also, each single domain name cannot be longer than 63 characters .

Zones

A zone represents the extent of the authority of a name server. A single DNS name server might manage a single domain, or it might include a number of subdomains. A DNS name server maintains its own zone files, which are referenced when a resolution request is received from a client. Figure 10.1 shows a conceptual picture of an organization, xyz.com this is the domain name that would be registered on the Internet. There are four subdomains: accounts , marketing , systems , and staff . The top-level domain and the accounts subdomain are part of the same zone of authority; the other three subdomains are located in their own zone of authority.

Figure 10.1. DNS zones of authority.

graphics/10fig01.gif

If a query is received for a host in the systems.xyz.com subdomain, it is passed to the DNS server responsible for the zone. The server responsible for xyz.com does not answer the DNS request because it is outside the server's authority.

DNS Server Types

There are a number of DNS server types, which carry out different functions within the DNS namespace. The most common types are root, primary, secondary, caching-only, and forwarding servers:

  • Root These servers maintain the data about the top-level domains. There are currently 13 root servers on the Internet. A list of the root servers can be obtained on the Web from ftp://ftp.rs.internic.net/domain/named.root.

  • Primary Every DNS zone requires a primary server to act as the master. There is normally only one primary server in a zone. You can have more than one, but there is a corresponding administration overhead and a greater risk of errors. Primary servers specifically :

    • Specify the delegation of authority for subdomains.

    • Are the place where all changes are made to the zone, such as the addition of a secondary server.

    • Are the authoritative servers for the specific zone.

    • Provide updates to secondary servers and synchronize the information held on them.

  • Secondary These servers act as a backup for the primary server and are updated, through zone transfers, by the primary server. There can be multiple secondary servers in a domain.

  • Caching-only DNS servers cache the information they receive on domains for which they have no authority. A caching-only server does not have any authority for any domain, providing only cached information about the most commonly accessed namespace queries. Caching-only servers reduce the overhead of a secondary server because there are no zone transfers from the primary server.

  • Forwarding A forwarding server is used when a query requires off-site resolution; that is, it can't be resolved by the local DNS servers because it is remote.

Forwarding servers have the following features:

  • They handle all remote queries.

  • They build up a cache of remote queries, so that frequently used queries can be answered very quickly.

  • They are simple to set upa directive in the configuration file is all that's needed.

  • If the forwarder fails to respond with an answer, the local DNS server proceeds to contact remote servers itself, unless the forward only directive is used, which prevents local name servers from contacting remote servers.

graphics/alert_icon.gif

Two terms that could come up in the exam are recursive DNS and iterative DNS . Recursive DNS refers to a query that is sent to a DNS server, and if it is not resolved locally, the server will contact further servers until it is resolved. In other words, "Here's a queryyou do all the work." With iterative DNS, if a query is not resolved by the DNS server, either the address of another DNS server to try is returned or an error message is returned, but no further searching is carried out by the server. In other words, "Here's a querygive me your best answer and I'll do all the work."


Name Resolution

DNS resolution is done in several steps, all of which are transparent to the DNS client making the request. The following list outlines the steps to resolving a client request.

  1. A client issues a command, or query, that requires name-to-address resolution, such as ping sun.com .

  2. The name service switch file, /etc/nsswitch.conf , is referenced for the search order and name service to use. This file determines whether or not DNS is used. The following entry

     hosts:     files  dns 

    signifies that the local /etc files should be searched first and then DNS should be used if the local files do not provide the resolution.

  3. Assuming the local /etc/inet/hosts file did not answer the query, the local DNS server is consulted.

  4. The client consults the file /etc/resolv.conf to determine the IP addresses of up to three name servers to contact.

  5. The client sends a recursive DNS query to the server. This means that DNS will continue to try to resolve the query if it doesn't have the information itself. The local DNS server will contact remote servers on the client's behalf .

  6. The local DNS server checks its own cache to see whether the query has been resolved recently. If it can't resolve the query itself, it sends an iterative request to one of the root DNS servers. The iterative request states that the root server should simply return any information it has and not pursue the query itself. The local DNS server will continue to try to resolve the query, not the root server.

  7. The root server normally responds with the IP address of another server to contact. This server is sent an iterative request. The response is the IP address that resolves the query, the IP address of another server to try, or an error message stating that no information could be found.

  8. The process continues until, eventually, the IP address is returned to the local DNS server, and subsequently returned to the client. If the IP address cannot be found, an error message is issued to the client.



Solaris 9 Network Administration Exam Cram 2 (Exam Cram CX-310-044)
Solaris 9 Network Administrator Exam Cram 2 (Exam CX-310-044)
ISBN: 0789728702
EAN: 2147483647
Year: 2003
Pages: 174
Authors: John Philcox

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net