< Archive:Docs/Drafts | AdministrationGuide | Servers | DNSBIND
m (→DNS and BIND: forgot to close the bracket after (DNS) |
m (Docs/Drafts/AdministrationGuide/Servers/DNSBIND/Introduction moved to Archive:Docs/Drafts/AdministrationGuide/Servers/DNSBIND/Introduction: This page references a newer draft version. Archiving old page tree then I'll go back and redirect to the n) |
(No difference)
| |
Latest revision as of 17:50, 4 March 2009
DNS and BIND
Introduction
The Domain Name System (DNS) organizes the Internet into a
hierarchy of domains, providing a system to resolve easy to remember host and domain names to
their IP address. An example of this is typing www.google.com into a Web browser and having the
google webpage come up. Another example is using the ping [hostname] command instead of the ping [IP address] command.
These are both examples of forward lookups. DNS can provide reverse lookups which is resolving a
hostname when given an IP address. Reverse lookups are handy for web sites tracking users, tools
such as traceroute and ping, checking the reverse DNS records of email addresses, which can be
useful against fighting spam, and so on. DNS also solves name uniqueness problems
on networks: a hostname only needs to be unique in the domain or organization, not the entire
Internet.
File:Docs Drafts AdministrationGuide Servers DNSBIND Introduction hierarchy.png
At the top of the DNS hierarchy is a "dot", which is the root domain. The root domain holds together all domains underneath it. Below the root domain are the familiar com's, edu's, net's, and so on. These are called global Top Level Domains (gTLD). Below gTLDs are subdomains, for example, google.com.
When working with DNS you will hear about zones, which are basically a group of machines within a domain. Every period in a DNS name indicates a point where authority can be delegated, so you can think of a zone as part of the DNS namespace. Using australia.test.com as an example, australia is a zone in the test.com domain.
DNS Queries
In most cases a DNS query is sent when you need the IP address of a hostname. The following example will use the host testhost, and the domain testdomain.com. The process is as follows:
- If the DNS server you are using is using cache facilities, the cache is first checked for any information about testhost.testdomain.com. If an A record for testhost.testdomain.com is found, the process is complete.
- If no information about testhost.testdomain.com exists in cache, the cache is then checked for any information on testdomain.com. This process continues, taking away parts of the DNS namespace from left to right.
- When the query reaches the end, which is the end of .com, a query for testhost.testdomain.com is sent to a root level nameserver. The root level nameserver refers you to a nameserver in the .com domain, which will know more about the query for testhost.testdomain.com.
- The .com level nameserver refers you to a testdomain.com level nameserver. The testdomain.com level nameserver will contain the A record (IP address) for the testhost.testdomain.com system.
Referrals do not contain an answer section (A Resource Records). Instead, they provide an answer section which contains a list of authoritative nameservers to query.
Types of DNS Queries
There are three types of queries you can send to a DNS server. These are recursive, iterative, and inverse:
- Recursive: the DNS server will provide the full answer by following all referrals.
- Iterative: non-recursive. The DNS server first checks its cache. If the query can not be resolved, a referral is sent to the resolver on your local system. Most local resolvers are stub resolvers, which mean they can not follow referrals. Therefore you should have at least one nameserver in
/etc/resolv.confthat can provide recursive queries. - Inverse: inverse queries map a resource record to a domain.
Types of DNS Servers
There are many different types of DNS servers. The following is a list of the most common:
- Master: holds zone files for the domain it is authoritative for. DNS is not owned by one central organization, instead authority is delegated so that everyone running a domain, or a zone, has control over their DNS.
- Slave: downloads zone information from Master DNS servers. Slave servers will reply with an authoritative answer as long as the information was not from cache.
- Advertising: only serves information for the zone it is authoritative for. Does not provide recursive queries. An advertising server will not be able to resolve any queries outside the domain it is authoritative for.
- Cache-only: uses a root hints zone file, and provides recursive queries. A cache-only server does not hold authoritative information or serve a domain.
In this guide BIND and named are the same thing. The actual daemon providing the DNS service is called named. These two terms will be used interchangeably throughout this guide.
| Administration Guide - TOC | Next Page - Client Configuration |