Name resolution is the process of resolving names to IP addresses. It is similar to looking up a name in a telephone book, in which the name is associated with a telephone number. For example, when you connect to the Microsoft Web site, you use the name www.microsoft.com. DNS resolves www.microsoft.com to its associated IP address. The mapping of names to IP addresses is stored in the DNS distributed database.
DNS name servers resolve forward and reverse lookup queries. A forward lookup query resolves a name to an IP address, and a reverse lookup query resolves an IP address to a name. A name server can only resolve a query for a zone for which it has authority. If a name server can't resolve the query, it passes the query to other name servers that can. The name server caches the query results to reduce the DNS traffic on the network.
The DNS Service uses a client/server model for name resolution. To resolve a forward lookup query, which resolves a name to an IP address, a client passes a query to a local name server. The local name server either resolves the query and provides an IP address or queries another name server for resolution.
Figure 5.3 represents a client querying the name server for an IP address of www.microsoft.com.
Figure 5.3 Resolving a forward lookup query
The numbers in Figure 5.3 depict the following activities:
When a name server is processing a query, it might be required to send out several queries to find the answer. With each query, the name server discovers other name servers that have authority for a portion of the domain namespace. The name server caches these query results to reduce network traffic.
When a name server receives a query result, the following process takes place (see Figure 5.4):
The zone that provided the query results specifies the TTL. The default value is 60 minutes.
Caching query results enables the name server to resolve other queries to the same portion of the domain namespace quickly.
Figure 5.4 Caching query results
Shorter TTL values ensure that data about the domain namespace is more current across the network. However, shorter TTL values cause the cached values to expire sooner and increase the DNS traffic. A longer TTL value causes the cached values to be retained longer, which decreases the DNS traffic but increases the risk of the entries becoming stale. If a change does occur, the client doesn't receive the updated information until the TTL expires and a new query to that portion of the domain namespace is resolved.
A reverse lookup query maps an IP address to a name. Troubleshooting tools, such as the nslookup command-line tool, use reverse lookup queries to report back host names. Additionally, certain applications implement security based on the ability to connect to names, not IP addresses.
Because the DNS distributed database is indexed by name and not by IP address, a reverse lookup query would require an exhaustive search of every domain name. To solve this problem, in-addr.arpa was created. This special second-level domain follows the same hierarchical naming scheme as the rest of the domain namespace; however, it is based on IP addresses, not domain names, as follows:
For example, Figure 5.5 shows a dotted-decimal representation of the IP address 192.168.16.200. A company that has an assigned IP address range of 192.168.16.0 to 192.168.16.255 with a subnet mask of 255.255.255.0 has authority over the 16.168.192.in-addr.arpa domain.
Figure 5.5 The in-addr.arpa domain
Here are some questions to help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."