Beruflich Dokumente
Kultur Dokumente
DNS provides name registration and name to address resolution capabilities. And DNS drastically
lowers the need to remember numeric IP addresses when accessing hosts on the Internet or any
other TCP/IP-based network.
Before DNS, the practice of mapping friendly host or computer names to IP addresses was
handled via host files. Host files are easy to understand. These are static ASCII text files that
simply map a host name to an IP address in a table-like format. Windows ships with a HOSTS file
in the \winnt\system32\drivers\etc subdirectory
The fundamental problem with the host files was that these files were labor intensive. A host file is
manually modified, and it is typically centrally administrated.
The DNS system consists of three components: DNS data (called resource records),
servers (called name servers), and Internet protocols for fetching data from the servers.
Q2. Which are the four generally accepted naming conventions?
NetBIOS Name (for instance, SPRINGERS01)
TCP/IP Address (121.133.2.44)
Host Name (Abbey)
Media Access Control (MAC)this is the network adapter hardware address
Step 1. A client (or resolver) passes its request to its local name server. For example, the URL
term www.idgbooks.com typed into Internet Explorer is passed to the DNS server identified in the
client TCP/IP configuration. This DNS server is known as the local name server.
Step 2. If, as often happens, the local name server is unable to resolve the request, other name
servers are queried so that the resolver may be satisfied.
Step 3. If all else fails, the request is passed to more and more, higher-level name servers until
the query resolution process starts with far-right term (for instance, com) or at the top of the DNS
tree with root name servers
Below is the Steps explained with the help of a chart.
1. Host or Address Records (A):- map the name of a machine to its numeric IP address. In
clearer terms, this record states the hostname and IP address of a certain machine. Have three fields:
Host Name, Domain, Host IP Address.
E.g.:- eric.foobarbaz.com. IN A 36.36.1.6
It is possible to map more than one IP address to a given hostname. This
often happens for people who run a firewall and have two 2thernet cards
in one machine. All you must do is add a second A record, with every
column the same save for the IP address.
One should use caution with wildcards; specific records will be given precedence over
ones containing wildcards.
1996111901
10800
; Serial
; Refresh
3600
; Retry
3600000
; Expire
86400 )
; Minimum
The first column contains the domain for which this record begins authority for. The
next two entries should look familiar. The draven.foobarbaz.com entry is the
primary name server for the domain. The last entry on this row is actually an email
address, if you substituted a @ for the first .. There should always be a viable
contact address in the SOA record.
The next entries are a little more unusual then what we have become used to. The
serial number is a record of how often this DNS entry has been updated. Every time
a change is made to the entry, the serial number must be incremented. Other name
servers that pull information for a zone from the primary only pull the zone if the
serial number on the primary name servers entry is higher than the serial number
on its entry. In this way the name servers for a domain are able to update
themselves. A recommended way of using your serial number is the YYYYMMDDNN
format shown above, where the NN is the number of times that day the DNS has
been changed.
Also, a note for Allegiance Internet customers who run their own name servers: even
if the serial number is incremented, you should still fill out the web form and use the
comment box when you make changes asking us to pull the new zones.
All the rest of the numbers in the record are measurements of time, in seconds. The
refresh number stands for how often secondary name servers should check the
primary for a change in the serial number. Retry is how long a secondary server
should wait before trying to reconnect to primary server if the connection was
refused. Expire is how long the secondary server should use its current entry if it is
unable to perform a refresh, and minimum is how long other name servers should
cache, or save, this entry.
There can only be one SOA record per domain. Like NS records, Allegiance
Internet sets up this record for you if you are not running your own name
server.
Quick Summary of the major records in DNS
Record Type
Definition
Host (A)
Aliases (CNAME)
Nameservers (NS)
Pointer (PTR)
AD-integrated zones store the zone data in Active Directory and use the same replication
process used to replicate other data between domain controllers. The one catch with ADintegrated zones is that the DNS server must also be a domain controller. Overloading
DNS server responsibilities on your domain controllers may not be something you want
to do if you plan on supporting a large volume of DNS requests.
Q10.What is a STUB zone?
A stub zone is a copy of a zone that contains only those resource records necessary to identify the
authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve
names between separate DNS namespaces. This type of resolution may be necessary when a
corporate merger requires that the DNS servers for two separate DNS namespaces resolve names
for clients in both namespaces.
The master servers for a stub zone are one or more DNS servers authoritative for the child zone,
usually the DNS server hosting the primary zone for the delegated domain name.
Q11. What does a stub zone consists of?
A stub zone consists of:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A
The IP address of one or more master servers that can be used to update the stub zone.
static, records. DNS scavenging is a recommended practice so that your DNS zones are
automatically kept clean of stale resource records.
Q15. What is the default interval when DNS server will kick off the scavenging
process?
The default value is 168 hours, which is equivalent to 7 days.
DNS Q&A corner
Q1.
> Just wanted to ask a question about load balanced DNS servers
> via an external network load balancing appliance (i.e - F5's Big IP,
> Cisco's Content Switches/ Local Directors).
> The main question being the configuration whether to use 2
> Master/Primary Servers or is it wiser to use 1 Primary and 1
> Secondary? The reason is that I feel there are two configurations
> that could be setup. One in which only the resolvers query the
> virtual IP address on the load balancing appliance or actually
> configure your NS records to point to the Virtual Address so that all
> queries, ie - both by local queries directly from local users and
> also queries from external DNS servers. I've included a text
> representation of the physical configuration. Have you ever
> heard or architected such a configuration?
>
>
VIP = 167.147.1.5
> ----------------------------------->> Load Balancer Device |
> ----------------------------------->
|
>
|
>
---------------->
|
|
> ---------------------------->> DNS 1
|
| DNS 2 |
> ----------------------------> 1.1.1.1
1.1.1.2
There's usually not much need to design solutions like these, since most
name server implementations will automatically choose the name server
that responds most quickly. In other words, if DNS 1 fails, remote
name servers will automatically try DNS 2, and vice versa.
However, it can be useful for resolvers. In that case, you don't need to
worry about NS records (since resolvers don't use them), just setting up
a virtual IP address.
> Also, Is there any problems in running two Master/Primaries?
Just that you'd have to synchronize the zone data between the two
manually.
How can reverse lookup possibly work on the Internet - how can a local
resolver or ISP's Dns server find the pointer records please? E.g. I run
nslookup 161.114.1.206 & get a reply for a Compaq server
- how does it know where to look? Is there a giant reverse lookup zone in
the sky?
Q3. What are the pros and cons of running slaves versus caching-only name
servers?
>
>
>
>
>
>
>
I have a single machine running DNS mail and web for a domain
and I'm not sure that I have DNS setup properly. If the machine
that is running the mail is the name of the domain does there need
to be an MX record for mail?
Could you elaborate a little bit on why do we need to put NS records for
the zone we are authoritative for ?
The parent name server handles these already. Is there any problem if our
own NS records have lower TTLs than the records from parent name server ?
That's a good question. The NS records from your zone data file are used for several things:
- Your name servers returns them in responses to queries, in the authority section of the DNS
message. Moreover, the set of NS records that comes directly from your name server
supersedes the set that a querier gets from your parent zone's name servers, so if the two sets
are different, yours "wins."
- Your name servers use the NS records to determine where to send NOTIFY messages.
- Dynamic updaters determine where to send updates using the NS records, which they often
get from the authoritative name servers.
Q7.
>
>
>
>
When the slave zone checks in with the master zone for the serial number, is
all this traffic happening on TCP. For example, if you have acl's blocking
udp traffic but allowing tcp traffic will the transfer work or will it fail
due to the slaves inability to query for the SOA record on udp?
No. The refresh query (for the zone's SOA record) is usually done over UDP.
I'm very wondering why there are only 13 root servers on globally.
Some documents explain that one of the reason is technical limit on Domain
Name System (without any detailed explanation).
From my understanding, it seems that some limitation of NS record numbers
in DNS packet that specified by certain RFCs, or just Internet policy stuff.
Which one is proper reason?
IMP information
http://www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm