Using DNS
The abbreviation DNS stands for Domain Name Service. You use DNS to translate host names and domain names to IP addresses, and vice versa, by means of a standardized lookup table that
the network administrator defines and configures. The system works just like a giant telephone directory.
Suppose you are using your browser to surf the Web and you enter the URL http:// www.microsoft.com to go to the Microsoft home page. Your web browser then asks the TCP/IP protocol to ask the DNS server for the IP address of www.microsoft.com. When your web browser receives this address, it connects to the Microsoft web server and downloads the home page. DNS is an essential part of any TCP/IP network because it simplifies the task of remembering
addresses; all you have to do is simply remember the host name and domain name. A DNS zone is an administrative area or name space within a DNS domain. For example, sybex.com is a DNS domain, but there is a server that is authoritative over the sybex.com
name space, or zone. An additional level could be added to sybex.com, making, for instance, networkbooks.sybex.com. The networkbooks zone would be handled by a particular server.
The server holds the zone file, or DNS table, for that zone. DNS tables are composed of records. Most records are composed of a host name, a record type, and an IP address. There are several
record types, including the address record, the mail exchange record, the CNAME record, and the SOA record.
There are primary DNS servers, which are authoritative for the zone for which they carry the zone file, and secondary DNS servers, which have a nonauthoritative copy of the zone file updated from the primary server. The DNS zone file must be changed only on the primary server that is authoritative for that zone. If changes are made to the secondary server, the changes will not be propagated elsewhere, and these changes will be lost during the next update from the primary server. What this means is that whenever a change to any record is required, even one as simple as adding the IP address of a new server or changing the IP address of an established one, the change must be performed by the administrator, ISP, or other entity that hosts and has write access to the primary DNS server that is authoritative for the domain/zone in which the change occurs.
The address record, commonly known as the A record, maps a host name to an IP address. The following example shows the address record for a host called mail in the company.com domain:
mail.company.com. IN A 204.176.47.9
The mail exchange (MX) record points to the mail exchanger for a particular host. DNS is structured so that you can actually specify several mail exchangers for one host. This feature provides a higher probability that e-mail will actually arrive at its intended destination. The mail exchangers are listed in order in the record, with a priority code that indicates the order in which the mail exchangers should be accessed by other mail delivery systems.
If the first priority doesn’t respond in a given amount of time, the mail delivery system tries the second one, and so on. Here are some sample mail exchange records:
hostname.company.com. IN MX 10 mail.company.com.
hostname.company.com. IN MX 20 mail2.company.com.
hostname.company.com. IN MX 30 mail3.company.com.
In this example, if the first mail exchanger, mail.company.com, does not respond, the second one, mail2.company.com, is tried, and so on.
The CNAME record, or canonical name record, is also commonly known as the alias record and allows hosts to have more than one name. For example, your web server has the host name
www, and you want that machine to also have the name ftp so that users can use FTP to access a different portion of the file system as an FTP root. You can accomplish this with a CNAME record. Given that you already have an address record established for the host name www, a CNAME record that adds ftp as a host name would look something like this:
www.company.com. IN A 204.176.47.2
ftp.company.com. IN CNAME www.company.com.
When you put all these record types together in a zone file, or DNS table, it might look like this:
mail.company.com. IN A 204.176.47.9
mail2.company.com. IN A 204.176.47.21
mail3.company.com. IN A 204.176.47.89
yourhost.company.com. IN MX 10 mail.company.com.
yourhost.company.com. IN MX 20 mail2.company.com.
yourhost.company.com. IN MX 30 mail3.company.com.
www.company.com. IN A 204.176.47.2
ftp.company.com. IN CNAME www.company.com.
The SOA record, or start of authority record, contains global parameters for the zone and is easily the most crucial record in the zone file. There can be only one SOA per zone file. The SOA record might look something like this:
TABLE 3 . 6 Fields of the DNS SOA Record
TABLE 3 . 6 Fields of the DNS SOA Record (continued)
Note:
You can establish other types of records for specific purposes, but we won’t go into those in this book. DNS can become very complex very quickly, and entire books are dedicated to the DNS system.The nslookup and dig commands are discussed further in Chapter 4, but a quick peek at a special function of the utility will help tie together the preceding material. The following output was generated by the nslookup utility. Notice the similarity to the actual SOA record shown earlier. Once nslookup is started, entering the command set type=SOA, followed by entering the domain for which you want to view the SOA information for that zone, will produce output similar to this:
C:\>nslookup
Default Server: ns.company.com
Address: 10.184.147.254
> set type=SOA
> company.com
Server: ns.company.com
Address: 10.184.147.254
Non-authoritative answer:
company.com
primary name server = ns.company.com
responsible mail addr = dns\.support.company.com
serial = 55281
refresh = 7200 (2 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 1800 (30 mins)
[output omitted]
>
0 comments:
Post a Comment