DNS: Terms and Process    


The domain name system, DNS, allows us humans better interaction with the Internet or your own local area network. DNS provides translation of computer names, which we better understand, to IP addresses which computer and networking gear better understand - consider it the phone book for the network.

Timely response from DNS improves corporate productivity and improves over all users moral, as end users are not frustrated by long wait times for access to resources. Here we are going to review some of the configurable items universally found in DNS.

Remember, with DNS it is a matter of who knows what when asked.

What are the components that make up DNS? When configuring DNS what are the components you need to deal with, and what is the impact of making changes. Company productivity is not a place you want to be guessing. So the following are some of the key things you need to know when dealing with DNS...

Forwarders
A DNS forwarder is a DNS server that performs queries on behalf of another DNS server. Typically this will be the DNS server at your ISP. When setting up your DNS server, if you enter IP addresses in the forwarder section, then your DNS server will ask those IP addresses for information on any Domain which your DNS has no information on. The forwarder queries are made to the IP addresses as they appear in the list.

The Root.hints file
As we all should know, the Domain Name System is hierarchal. The root.hints file lists the name and IP address of the servers responsible for providing information for the top level domains. Using the root.hints file instructs your DNS server to ask the Internet directly for IP address information about a specific domain - thus reducing the chance for ‘not found’ errors.

Depending on the Operating system you are using the root.hints file may also be known as named.cache, root.ca. This file has not changed since Jan 29, 2004

Recursive Lookups
In DNS, recursion is the act of following the path. When a request is made for a domain the DNS server is unaware of, say www.esubnet.net the server will ask the root servers for the IP address of the name server which has information on esubnet.net, which will in turn be asked for the IP address for the machine hosting the www.

Turning off recursive lookups means that a DNS server will only provide information on domains it knows.

The Zone File
DNS information is held in a file called a zone file. The computer that holds the zone file for a given domain is called the Source of Authority (SOA for short) for that domain.

The zone file is made up of two parts the SOA fields (sdata) and the resource records (rdata). The components of each are explained below.

Common DNS SOA fields
The following list explains the common SOA record (sdata)information found in DNS:

MNAME The of the name server that was the original or primary source of data for this zone.

RNAME A which specifies the mailbox of the person responsible for this zone.

SERIAL The unsigned 32 bit version number of the original copy of the zone. Zone transfers preserve this value. This value wraps and should be compared using sequence space arithmetic.

REFRESH A 32 bit time interval before the zone should be refreshed.

RETRY A 32 bit time interval that should elapse before a failed refresh should be retried.

EXPIRE A 32 bit time value that specifies the upper limit on the time interval that can elapse before the zone is no longer authoritative.
All time intervals are in seconds.

Common DNS record types
The following list explains the common SOA record (sdata)information found in DNS:
Name Short form Explanation
Name pointer PTR Most often used to associate a domain name with its IPv4 IP address
Mail Exchange MX This indicates that this host is capable of receiving email. MX hosts are prioritized by including a number, the lowest number has priority.
Name Server NS This record type provides information on who is authoritative for a domain -or - which servers “know” about the domain and who do not have to ask another server.
Start of authority SOA This marks the start of the zone information.
Text String TXT Arbitrary binary data has a line length limit of 256 characters
Comment ; All characters after the semi-colon are ignored

For more information on DNS and DNS resource records see RFC1035

Sample zone file
$TTL 86400 ; 24 hours could have been written as 24h or 1d
$ORIGIN example.com.
@ 1D IN SOA ns1.example.com. hostmaster.example.com. (
                                                       2002022401 ; serial
                                                       3H ; refresh
                                                       15 ; retry
                                                       1w ; expire
                                                       3h ; minimum
                                                       )
IN         NS         ns1.example.com. ; in the domain
IN         NS         ns2.smokeyjoe.com. ; external to domain
IN         MX 10      mail.another.com. ; external mail provider
; server host definitions
ns1        IN A       192.168.0.1 ;name server definition
www        IN A       192.168.0.2 ;web server definition
ftp        IN CNAME   www.example.com. ;ftp server definition
; non server domain hosts
bill       IN A       192.168.0.3
fred       IN A       192.168.0.4

Originally published May, 2007

Fragment - Current Release


Articles
Administration

IT Roles and Responsibilities
App_Sec
BCP STATS
On Passwords
Spending Enough
Planning to Fail
Living With the Enemy
A Reason for Policy
Mission Critical Messaging – Do you have a policy
Globalizing the SMB
High Availability: People and Processes
Case for Project Management
Risk Management
Networking

On Routing
VLAN Tutorial
IPs 4 Golden Rules
WAN Technology primer
DHCP Primer
Your Head in the Cloud(s)
DNS: Terms and Process
VPN Surfing Challenge
Network Slowdown
Importance of Time
High Availability: Technologies
Security

Spammers Go Full Circle
Beyond the Lock
The Guardian at the Gate
A Web of Trust
Data Breach Notification
Misc

Electricity Primer
Documentation-101
Data Control
Open Source in the Enterprise
Closing the Loop
Helping IT to help you
Your ICT Keystone

eSubnet Services

Contact us regarding your network,
security and Internet services needs




All content © eSubnet 2003-2017
ESUBNET ENTERPRISES INC. TORONTO CANADA