From Fedora Project Wiki

DNS and BIND

Introduction

DNS is an acronym for Domain Name System. DNS organizes the Internet into a hierarchy of domains, providing a system to resolve easy to remember host and domain names to their IP address. An example of this is typing www.google.com into a browser and having the google web page come up. Another example is using ping [hostname] command instead of ping [IP address] command. These are both examples of forward lookups. DNS also provides reverse lookups, which is resolving hostnames when given an IP address. Reverse lookups are handy for web sites tracking users, tools such as traceroute and ping, checking the reverse DNS records of email addresses, which can be useful against fighting spam, and so on. The Domain Name System also solves name uniqueness problems on networks: a hostname only needs to be unique to the domain or organization, not the entire Internet.

File:Docs Drafts AdministrationGuide UserAccounts DNSBIND Introduction hierarchy.png

The top of the DNS hierarchy is a "dot", which is the root domain. The root domain holds together all domains underneath it. Below the root domain are the familiar com's, edu's, net's, and so on. These are called global Top Level Domains (gTLD). Below gTLDs are subdomains, for example, google.com.

When working with DNS you will hear about zones, which are basically a group of machines within a domain. Every period in a DNS name indicates a point where authority can be delegated, so you can think of a zone as part of the DNS namespace: with australia.test.com, australia is a zone in the test.com domain. There is debate on the correction definition of a zone.

DNS Queries

In most cases a DNS query is sent when you need the IP address of a hostname. The following example will use the host testhost, and the domain testdomain.com. The process is as follows:

  • if the DNS server you are using is using cache facilities, the cache is first checked for any information about testhost.testdomain.com. If an A record for testhost.testdomain.com is found, the process is complete.
  • if no information about testhost.testdomain.com exists in cache, the cache is then checked for any information on testdomain.com. This process continues, taking away parts of the DNS namespace from left to right.
  • when the query reaches the end of com, a query for testhost.testdomain.com is sent to a root level nameserver. The root level name server refers you to a nameserver in the .com domain, which will know more about the query for testhost.testdomain.com
  • the .com level nameserver refers you to a testdomain.com level nameserver. The testdomain.com level nameserver will contain the A record (IP address) for the testhost.testdomain.com system.
Referrals
Referrals do not contain an answer section (A Resource Records). Instead, they provide an answer section which contains a list of authoritative nameservers to query.

Types of DNS Queries

There are three types of queries you can send to a DNS server: recursive, iterative, and inverse:

  • recursive: DNS server will provide the full answer by following all referrals.
  • iterative: non-recursive. The DNS server first checks its cache. If it is not found, a referral is sent to the resolve on your system. Most local resolves are stub resolvers, which means they can not follow referrals. Therefore you should have at least one nameserver in /etc/resolv.conf that can provide recursive queries.
  • inverse: inverse queries map a resource record to a domain.

Types of DNS Servers

  • Master: holds zone fails for the domain it is authoritative for. DNS is not owned by one central organizing, instead authority is delegated so that everyone running a domain, or a zone, has control over their DNS.
  • Salve: downloads zone information from Master DNS servers. Slave servers will reply with an authoritative answer as long as the information was not from its cache.
  • Advertising: only serves information for the zone it is authoritative for. Does not provide recursive queries. An advertising server will not be able to resolve any queries outside the domain it is configured for.
  • Cache-only: uses a root hints zone file to provide recursive queries. A cache-only server does not hold authoritative information or serve a domain.