May 25, 2011, 1:35 p.m.
posted by whitehat
Introduction to DNS
Everyone in the world has a first name and a last, or family, name. The same thing is true in the DNS world: A family of Web sites can be loosely described as a domain. For example, the domain linuxhomenetworking.com has a number of children, such as www.linuxhomenetworking.com and mail.linuxhomenetworking.com for the Web and mail servers, respectively.
BIND is an acronym for the Berkeley Internet Name Domain Project, which is a group that maintains the DNS-related software suite that runs under Linux. The most well-known program in BIND is named, the daemon that responds to DNS queries from remote machines.
A DNS client doesn't store DNS information; it must always refer to a DNS server to get it. The only DNS configuration file for a DNS client is the /etc/resolv.conf file, which defines the IP address of the DNS server it should use. You shouldn't need to configure any other files. You'll become well acquainted with the /etc/resolv.conf file soon.
Authoritative DNS Servers
How DNS Servers Find Your Site Information
There are 13 root authoritative DNS servers (super duper authorities) that all DNS servers query first. These root servers know all the authoritative DNS servers for all the main domains.com, .net, and the rest. This layer of servers keep track of all the DNS servers that Web site systems administrators have assigned for their sub domains.
For example, when you register your domain my-web-site.org, you are actually inserting a record on the .com DNS servers that point to the authoritative DNS servers you assigned for your domain. (More on how to register your site later.)
When to Use a DNS Caching Name Server
Most servers don't ask authoritative servers for DNS directly, they usually ask a caching DNS server to do it on their behalf. The caching DNS servers then store (or cache) the most frequently requested information to reduce the lookup overhead of subsequent queries.
If you want to advertise your Web site www.my-web-site.org to the rest of the world, then a regular DNS server is what you require. Setting up a caching DNS server is fairly straightforward and works whether or not your ISP provides you with a static or dynamic IP address.
After you set up your caching DNS server, you must configure each of your home network PCs to use it as their DNS server. If your home PCs get their IP addresses using DHCP, then you have to configure your DHCP server to make it aware of the IP address of your new DNS server, so that the DHCP server can advertise the DNS server to its PC clients. Off-the-shelf router/firewall appliances used in most home networks usually can act as both the caching DNS and DHCP server, rendering a separate DNS server is unnecessary.
When to Use a Static DNS Server
If your ISP provides you with a fixed or static IP address, and you want to host your own Web site, then a regular authoritative DNS server would be the way to go. A caching DNS name server is used as a reference only, regular name servers are used as the authoritative source of information for your Web site's domain.
When To Use A Dynamic DNS Server
If your ISP provides your router/firewall with its IP address using DHCP, then you must consider dynamic DNS covered in Chapter 19, "Dynamic DNS." For now, I'm assuming that you are using static IP addresses.
How to Get Your Own Domain
Dynamic DNS providers frequently offer you a subdomain of their own site, such as my-web-site.dnsprovider.com, in which you register your domain on their site.
If you choose to create your very own domain, such as my-web-site.org, you have to register with a company specializing in static DNS registration and then point your registration record to the intended authoritative DNS for your domain. Popular domain registrars include VeriSign, Register Free, and Yahoo.
If you want to use a dynamic DNS provider for your own domain, then you have to point your registration record to the DNS servers of your dynamic DNS provider. (More details on domain registration are coming later in the chapter.)
Basic DNS Testing of DNS Resolution
As you know, DNS resolution maps a fully qualified domain name (FQDN), such as www.linuxhomenetworking.com, to an IP address. This is also known as a forward lookup. The reverse is also true: By performing a reverse lookup, DNS can determining the fully qualified domain name associated with an IP address.
Many different Web sites can map to a single IP address, but the reverse isn't true; an IP address can map to only one FQDN. This means that forward and reverse entries frequently don't match. The reverse DNS entries are usually the responsibility of the ISP hosting your site, so it is quite common for the reverse lookup to resolve to the ISP's domain. This isn't an important factor for most small sites, but some e-commerce applications require matching entries to operate correctly. You may have to ask your ISP to make a custom DNS change to correct this.
There are a number of commands you can use to do these lookups. Linux uses the host command, for example, but Windows uses nslookup.
The host Command
[[email protected] tmp]# host www.linuxhomenetworking.com www.linuxhomenetworking.com has address 18.104.22.168 [[email protected] tmp]#
To perform a reverse lookup:
[[email protected] tmp]# host 22.214.171.124 126.96.36.199.in-addr.arpa domain name pointer 65-115-71-34.my-ispprovider.net. [[email protected] tmp]#
As you can see, the forward and reverse entries don't match. The reverse entry matches the entry of the ISP.
The nslookup Command
C:\> nslookup www.linuxhomenetworking.com Server: 192-168-1-200.my-web-site.org Address: 192.168.1.200 Non-authoritative answer: Name: www.linuxhomenetworking.com Address: 188.8.131.52 C:\>
C:\> nslookup 184.108.40.206 Server: 192-168-1-200.my-web-site.org Address: 192.168.1.200 Name: 65-115-71-34.my-isp-provider.net Address: 220.127.116.11 C:\>