Networks: Access Management Server Class Notes # 18 Domain Name Server (Part I) February 12, 2004

Computers connected to a network require distinct IP addresses in order to communicate using the TCP/IP protocol. The IP addresses provide a distinct location for the sending and receiving of information. The IP addresses consist of a complicated set of numbers (4 octet address) that is not easy to remember. Therefore, DNS is used to provide a mapping between a name and its IP address. DNS is made up of many elements to provide name resolution for clients on a TCP/IP network, including name servers, domains, zones, zone files, and records.

For any computer on the Internet, you can find the address of any other computer using the DNS hierarchy or namespace. This information is acquired within seconds. There is no one person or organization keeping track of the DNS machine name to IP address database. The responsibility for keeping track of the name to IP address relationship is maintained locally. For example, if your DNS server tries to figure out the IP address of www.google.com then your DNS server is soon going to be talking to the google DNS server to resolve that name.

The DNS names are arranged in pieces separated by a period. For example, teacher.wqsb.qc.ca has four pieces where each piece can’t exceed 63 characters in length and the entire name can’t exceed 255 characters in total. The left most piece is the computer name, the remaining pieces to the right of the computer name is the DNS domain or DNS suffix.

To create com domain requires permission of whomever owns the root (.) domain. Originally it was owned by the U.S. government by it now belongs to a non-profit organization called ICANN (Internet Corporation for Assigned Names and Numbers). To register a name requires you to provide some information and a credit card to the people who run the root domain. The public DNS namespace is given in figure one.

A DNS server resolves a name by working its way up the DNS hierarchy until it gets to the root then works its way back down until it finally finds the DNS server that can answer its question. For example, when your local DNS server tired to resolve www.wdig.com it would: 1. Your DNS server tries to find the wdig.com DNS server. 2. Your DNS server decides to look for the addresses of the com domain’s DNS server (wdig.com is the child domain of com). 3. To find the com domain’s DNS server, your DNS server decided to look for the root DNS servers. Your DNS server knows the IP address of the root DNS server because of your DNS server’s root hint file. 4. Using the IP address of a root DNS server, your DNS server asked that root DNS server for the address of a DNS server for the com domain. 5. The root DNS server then tells your DNS server the addresses of the com domain’s DNS servers.

1 6. Your DNS server then takes one of those addresses and asks the com DNS server for the addresses of the wdig.com DNS server. 7. That DNS server for the com domain then gives your local DNS server the addresses of wdig.com’s two DNS servers. 8. Your DNS server then asks one of the wdig.com’s DNS servers to resolve the name of www.wdig.com 9. The wdig.com DNS server resolves the address, returning the IP address of www.wdig.com

Typically, DNS server software comes with a root hint file, which contains the name and IP addresses of 13 root DNS servers.

Root Domain . (root)

.com .org .net .gov .ca .uk Top Level Domain

wdig.com Second Level Domain

test.wdig.com Sub-Domain

Host computer in a domain 216-07

Figure 1: Public DNS hierarchy

The root domain does not perform name resolution for www.wdig.com. Basically what happens is the root domain contains records called name server (NS) records that delegate the responsibility for the com domain to the com DNS servers, and the com domain’s DNS servers contain NS records that delegate name server responsibility for the wdig.com domains to the wdig.com servers.

DNS servers hold a database for a zone (DNS domain). Zone basically means the range of Internet addresses that the DNS server is responsible for. Figure two and figure three illustrate one DNS zone and three DNS zones respectively.

2 sales.wdig.com

Root Servers

wdig.com

DNS server for all wdig.com

Internet HR.wdig.com

Figure 2: Wdig with one DNS zone

wdig.com sales.wdig.com

sales.wdig.com Root Servers DNS server

wdig.com DNS server

Internet HR.wdig.com HR.wdig.com DNS server

Figure 3: Wdig with three DNS zones

DNS can convert host names such as www.wdig.com to IP addresses such as 205.33.42.26. DNS can also do the reverse. You can ask the DNS server what host name is associated with IP address 205.33.42.26.

A primary DNS server is authoritative for names in a domain. That’s the one that you make changes and updates to the on. You can have only one primary DNS server for a given zone. You can have as many secondary DNS servers for a zone as you like. Secondary DNS servers only hole read-only zone copies. The reason for creating more than one DNS server per zone is that the additional servers can share some of the burden of name resolution.

3 The primary DNS server provides a copy of the zone file to the secondary DNS server on a periodic basis. The term used to describe updating a zone file to the secondary DNS server is called replicating the zone files. It is the responsibility of the secondary DNS to ask the primary DNS server for an update of the zone file.

DNS Record Types The DNS database contains several kinds of database records (i.e. there are more than just names and IP addresses). The most significant of these records are: • Active Address (A) record • Start of Authority (SOA) record • Name Server (NS) record • Canonical Name (CNAME) record • Mail exchange (MX) record • Pointer (PTR) record

A record These records are the most common on a DNS server and are the host to IP address records that help in resolving names initiated by client workstations or other DNS servers.

SOA Record SOA records names the primary DNS server for the domain, provides an e-mail address for an administrator for the domain, and specifies how long it’s okay to cache its data. It also contains information on when any of the domain’s records have changed through a serial number.

NS Record Define the name servers in the domain. You can use the NS records to delegate authority to a sub-domain, a zone. NS record keeps track of delegated servers for the domain or for sub-domains. Delegation is where the server is authorized to answer queries for the given domain.

CNAME Record Defines an alias for a host or host name. An alias is another name that the host is known as. For example, if a server was named hoserver2334b233.wdig.com. A CNAME record may be generated so that the friendly name such as hosrv233 is used in place of the more abstract name.

MX Record These records provide information about where mail can be routed within the domain. For example, if you send an email to [email protected], then you have told your email program that you want the mail to go to someone name trobert and that trobert has an account on some server in the alcantrap.com domain. Therefore the MX record answers the question, “Which machine is the mail server for alcantrap.com?”

4 PTR record A pointer record lets you look up a host name associated with a particular IP address. Windows 2000 DNS snap-in will, upon request, create a pointer records automatically whenever it creates a host record.

Windows 2000 SRV records The SRV record is essential to Windows 2000 . You cannot run an active directory without DNS servers that understand SRV records. SRV records let DNS become a sort of directory of services for a domain. For example, if you know my domain’s name is wdig.com, how would you know the name of the web server for that domain? By convention, that name of the web server for wdig.com is www.wdig.com. But what if I wanted to call my web server something other than “www” and still have you able to find it? Simply put, an SRV record lets you say, “If you are looking for this kind or server, it’s over there”.

Dynamic DNS (DDNS) Windows 2000 provides an option where DNS zones are updated dynamically as a client computer comes on the network. Most DNS servers must be updated manually, where records are added to the zone file one at a time. If clients are dynamically assigned addresses through DHCP where addresses may change often, the static DNS file becomes outdated very quickly. DDNS reduces the administrative overhead associated with keeping up with DNS record registration.

5