DNS and Windows Server 2003

Because the Internet uses DNS as its primary name resolution method, a good working DNS setup is essential. Several DNS programs are out there, including the DNS server built into WS03.

History of DNS

DNS was developed by DARPA in the early 1980s to address problems with name resolution on the ARPANET. With DNS, computers use numbers to identify devices, like people use first and last names to identify themselves.

Originally, each host on the ARPANET had both a unique name and a unique number. An organization called InterNIC (for Internet Network Information Center) collected and distributed this information in the form of a hosts file that stored the name-to-IP address mappings. This file would be updated periodically, and each user would download a copy to his or her computer. When the user wanted to talk to another computer, the user’s computer would perform the name resolution using that hosts file.

This was effective so long as every machine on the network had a unique name and the network stayed small. But when two computers tried to use the same name in the hosts file, problems ensued. In addition, people using an out-of-date hosts file wouldn’t be able to resolve new machines on the network.

When DARPA standardized on TCP/IP as the protocol for ARPANET, it also looked to improve name resolution and settled on DNS, because DNS is a central database that holds only pointers to decentralized databases that hold the entries for each namespace. DARPA also chose the Berkeley Internet Name Domain (BIND) as the DNS software of choice for the project.

Note 

WS03 still can use a hosts file for name-to-IP address resolution. See the section “Using a Hosts File For Name Resolution” later in this chapter for the uses of a hosts file.

A Brief Overview of DNS and TLDs

DNS is a hierarchical name resolution system that consists of several layers of naming. The first layer is called the Top Level Domain (TLD) and is the rightmost section of a DNS address. DNS addresses are read in sections, from right to left. For example, for www.microsoft.com, .com is the TLD and microsoft is the second level domain name. The leftmost section (www) is the name of a record, rather than a domain name. Domain names can be many levels deep. For example, www.on.thursday.i.will.eat.pizza.com could be a valid domain name. In this example, you have to wade through seven levels of domains to get to the record you’re looking for.

To resolve a name, the TLD will provide the address for the DNS server that handles the second level domain. The second level domain provides the address for the DNS server that handles the third level, and so on, until you reach the last record in the chain. At that point, the entire address for that resource has been revealed. This hierarchical arrangement allows for the scalability that the Internet needs, because to resolve a name, you go to the source, and the framework is in place to get you where you want to go. A single hosts file would be unmanageable in today’s Internet, because every computer on the Internet would need to be a part of that hosts file. Since there are millions of computers on the Internet, it would make for a very large hosts file, and each computer on the Internet would need a copy of that hosts file.

TLD also creates separate databases for domains, rather than just one big database, making it more difficult for a single database outage to affect large parts of the Internet. Updating name resolution information is also accomplished by thousands of different administrators. This scalability is accomplished by delegating DNS zones from the top down. Each layer is delegated the responsibility of handling records for that zone by the zone above it.

Because a hierarchy to the naming exists, host names can be unique, because each host name is appended to the subdomain to which it belongs. So unless two hosts have the same name in the same subdomain, there isn’t a conflict if they have the same host name. If two hosts using the same name exist in the same subdomain, the conflict exists only in their subdomain instead of in the entire network.

Imagine a big database that holds all the TLDs and directs the traffic to the appropriate DNS servers for each TLD. Such a database would be the root that supports the Internet. That database exists on what are referred to as root name servers. These root name servers are in the root-servers.net domain. You can look them up using a whois search. All DNS servers know to look at the root name servers to start to resolve a name. The root name servers know about all the TLDs and can point to the DNS server that is delegated to hold the entries for a particular domain name.

How TLDs Work

The registry for all domain names on the Internet originates with IANA, the same group that hands out IP addresses. IANA holds the registry of which company hands out second level domain names in the various top level domains. Many top level domains are in use, and several companies host records for these domains. Additionally, each country has a two-letter country code TLD, as determined by the ISO code for that country. For example, the TLD for the United States is .us, and the TLD for the United Kingdom is .uk.

Original TLD List

Originally, eight TLDs were set up for use, as listed here; the last two TLDs in this list are special TLDs, because they have special purposes and are not available for ownership by organizations.

  • .com For commercial organizations

  • .gov For US governmental use

  • .net For network providers

  • .edu For educational institutions

  • .mil For the US military’s use

  • .org For nonprofit organizations

  • .int For organizations created by international treaties

  • .arpa For reverse-DNS information

Recently Added TLDs

In November 2000, ICANN adopted seven new TLDs. Table 8-1 shows the TLDs that are in use today and the organization responsible for managing and registering domains in each namespace.

More top level domains could be added in the future—the process is more political than technological.

Table 8-1: TLDs in Use Today

TLD

Registrar

Purpose

.aero

Societe Internationale de Telecommunications Aeronautiques SC, (SITA)

For the air transport industry

.arpa

American Registry for Internet Numbers

For reverse-DNS information

.biz

NeuLevel

For businesses

.com

Verisign

For commercial organizations

.coop

National Cooperative Business Association

For business cooperatives

.edu

Educause

For educational institutions

.gov

US General Services Administration

US government sites

.info

Afilias, LLC

Open registration

.int

IANA

For organizations created by international treaties

.mil

US DoD Network Information Center

For the US military

.museum

Museum Domain Management Association

For museums

.name

Global Name Registry, LTD

For personal names

.net

Verisign

For network providers

.org

Verisign

For nonprofit organizations

.pro

RegistryPro, LTD

Still under consideration; for professionals (doctors, lawyers, and so on)

Getting Your Own Domain Name

It’s easy to get your own domain name; all you have to do is come up with the registration fee and fill out the appropriate forms, and you’re done. Little verification occurs, unless you try to register in a restricted use domain, such as .museum. Each registrar has its own policies governing use and payment for domain names. Each also operates independently of the others, so if you want to register the same name in different TLDs, you may have to register with different organizations.

How DNS Names Are Resolved

A DNS server can handle queries in one of two ways: recursively or iteratively.

A recursive query occurs when the DNS server resolves the name, even if the server doesn’t hold that information. The server will query from the root servers all the way down to get to the information. The WS03 DNS server is configured for recursive queries by default.

An iterative query occurs when the DNS responds that it has the information the client wants or that it does not have that information. In the latter case, it would be the client’s responsibility to get that information elsewhere. The DNS server can send the address of other DNS servers as a “hint” to help the client.

Tip 

You can set up your DNS server to perform only iterative queries. Just change the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters\NoRecursion key to 1. Again, modifying the registry in the wrong way can be very bad, so be careful.

Let’s follow the process of resolving a name to IP address using a recursive query:

  1. The client performs some operation, such as clicking a web link, that requires a DNS name to be resolved.

  2. The client machine checks the DNS cache and the hosts file on the machine to see whether the address is located there. We’ll assume it’s not there.

  3. The client machine sends a DNS query to the first DNS server listed in the TCP/IP configuration.

  4. That DNS server checks to see whether it has the name in its cache.

  5. If the server has the address in its cache, it returns that information to the client.

  6. If it doesn’t have the address, the server looks at all the domains for which it hosts DNS and sends the query to one of the root DNS servers.

  7. The root DNS server looks into its records for that domain (the second level domain), and sends back the record to the client’s DNS server for the name server that handles that domain.

  8. If the address record is in that domain, the client’s DNS server sends its query to that destination DNS server for the address record.

  9. Otherwise, if it has more levels of domains to search through, the client’s DNS server keeps querying for name servers and moving down the tree until it reaches the name server that handles the domain that contains the address record.

  10. When the client’s DNS server reaches that name server, it queries that name server for the address record.

  11. That DNS server sends back the IP address to the client’s DNS server.

  12. The client’s DNS server caches that IP address and sends the IP address back to the client PC.

Types of Zones for Windows Server 2003

A zone is a part of the DNS domain. For example, the MyCompany.com domain can contain several zones, such as Sales.MyCompany.com and Corp.MyCompany.com.Typically, the term zone is used to refer to a part of the domain as it pertains to the DNS server. The term subdomain is used to describe the section of the domain that a zone handles. When only one zone exists in a domain, either term can be used.

Three types of zones are available in WS03: a primary zone, secondary zone, and stub zone.

Primary Zone A primary zone is the master copy of a zone. This zone is authoritative for the part of the domain it manages. The zone file can be read from and written to.

Secondary Zone A secondary zone is a read-only copy of a zone. This type of zone helps take some of the traffic off the primary server by providing name resolution just like a primary zone.

Stub Zone A stub zone is set up to hold the authoritative name server record for that part of the domain. That way, the DNS server can keep track of which servers are authoritative for a certain domain, without having to go to the root name servers all the way down to that domain to get the information.




IIS 6(c) The Complete Reference
IIS 6: The Complete Reference
ISBN: 0072224959
EAN: 2147483647
Year: 2005
Pages: 193

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net