Professional Documents
Culture Documents
OVERVIEW
Names and Addresses
DNS Domains
BIND
Configuring DNS
DNS DOMAINS
Everyone in the world has a first name and a l
ast (or family) name.
The same thing is true in the DNS world: A fam
ily of Web sites can be loosely described as a
domain.
For example, the domain vtc.edu.hk has a numbe
r of children, such as cwvideo.vtc.edu.hk, cwc
im.vtc.edu.hk as well as www.vtc.edu.hk.
DNS CLIENTS
A DNS client doesn't store DNS informati
on; it must always refer to a DNS server
to get it.
The only DNS configuration file for a DN
S client is the /etc/resolv.conf file, w
hich defines the IP address of the DNS s
erver and the DNS domain name.
There is no need to configure any other
files.
ROOT DOMAIN
DNS has a root domain at the top of the
domain hierarchy that is served by a gro
up of name servers called the root serve
rs.
Information about a domain is found by t
racing pointers from the root domain thr
ough subordinate domains to the target d
omain.
TOP-LEVEL DOMAINS
Directly under the root domain are the
top-level domains (TLDs).
There are two types of top-level domain
s: geographic and organizational.
GEOGRAPHIC DOMAINS
Geographic domains have been set aside f
or each country in the world and are ide
ntified by a two-letter country code.
Thus, this type of domain is called a co
untry code top-level domain (ccTLD).
For example, the ccTLD for the Hong Kong
is .hk, for Japan it is .jp, and for the
United Kingdom it is .uk.
ORGANIZATIONAL DOMAINS
Organizational domain: membership in a
domain is based on the type of organizat
ion (commercial, military, etc.) to whic
h the system belongs.
These domains are called generic top-lev
el domains or general-purpose top-level
domains (gTLDs).
org
Organizations that don't fit into any of the above, such a
s nonprofit organizations
aero
Organizations involved in the air-transport industry
biz
Businesses
coop
Cooperatives
museum
Museums
pro
Professionals, such as doctors and lawyers
info
Sites providing information
name
Individuals
DOMAIN HIERARCHY
No servers, not even the root servers, have complete information about all domains,
but the root servers have pointers to the servers for the top-level domains. So while
the root servers may not know the answer to a query, they know who to ask.
RECURSIVE QUERY
A DNS QUERY
Non-recursive Servers
Local server has no information,
so it queries a root server
Recursive Server
DOMAIN NAMES
Domain names reflect the domain hierarchy.
They are written from most specific (a hostname) to
least specific (a top-level domain), with each part
of the domain name separated by a dot (.).
A fully qualified domain name (FQDN) starts with a s
pecific hostname and ends with a top-level domain. E
xample:
cwcim.vtc.edu.hk is the FQDN of server cwcim, in the vtc
domain, of the edu domain under hk.
A “domain” is a subtree of the DNS naming tree. Fo
r example, the atrust.com domain contains atrust.com
and all of atrust.com’s subdomains and hosts. By co
ntrast, a “zone” is a domain minus any subdomains
that have been delegated to other name servers.
Domain Name System (DNS)
Topic 03,p.32
©VTC 2012
Technical Support Fundamentals (ITP 4107)
DOMAIN NAMES
Name servers are associated with zones, not domains. Yo
u can determine whether a given name (such as booklab.a
trust.com ) identifies a subdomain rather than a host b
y checking DNS. Subdomains have name server (NS) record
s associated with them.
Domain names are not always written as fully qualified
domain names.
They can be written relative to a default domain in the
same way that Unix pathnames are written relative to th
e current (default) working directory.
DNS adds the default domain to the user input when cons
tructing the query to the name server.
e.g. if the default domain is vtc.edu.hk, a user can
omit the vtc.edu.hk extension for any hostname in tha
t domain.
On most systems, the default domain name is added only
if there is no dot (.) in the requested hostname.
Domain Name System (DNS)
Topic 03,p.33
©VTC 2012
Technical Support Fundamentals (ITP 4107)
RESOLVER
The resolver does not exist as a distinc
t process running on the computer.
The resolver is a library of software ro
utines (called the resolver code) that i
s linked into any program that needs to
look up IP addresses; e.g. web browser.
Under BIND, all computers use the resolv
er code, but not all computers run the n
ame server process.
NAME SERVER
The BIND name server runs as a distinc
t process called named.
Name servers are classified differentl
y depending on how they are configured
.
The three main categories of name serv
ers are:
a) Master,
b) Slave, and
c) Caching-only
BIND CONFIGURATIONS
Basic BIND configuration tasks:
Configuring the BIND resolver
Configuring the BIND name server (named)
Constructing the name server database files,
called the zone files
RFC 1033, the Domain Administrators Operati
BIND CONFIGURATIONS
The four levels of service :
a. resolver-only systems (DNS clients),
b. master servers,
c. slave servers, and
d. caching-only servers.
The resolver is the code that asks nam
e servers for domain information
On Unix systems, it is implemented as a li
brary rather than as a separate client pro
gram.
/etc/named.conf
CONFIGURING NAMED
Several files are used to configure named
1. The configuration file (boot file): /etc/n
amed.conf
Sets general named parameters and points to th
e sources of DNS database information (zone fi
les) used by this server. These source files c
an be on local disk or remote servers.
2. The root hints file (cache file): named.ca
, db.cache, named.root, or root.ca
Points to the root domain servers.
3. The localhost file (loopback file): named.
localhost
Used to locally resolve the loopback address.
Domain Name System (DNS)
Topic 03,p.52
©VTC 2012
Technical Support Fundamentals (ITP 4107)
CONFIGURING NAMED
4. Forward-mapping zone file – forward zone file
The zone file that maps hostnames to IP addresse
s. This is the file that contains the bulk of th
e information about the zone. The zone file is g
enerally given a descriptive name, such as mysit
e.zone, that identifies which zone data is conta
ined in the file.
TROUBLESHOOTING BIND
1. Determine whether the DNS server is
accessible on DNS UDP/TCP port 53.
Lack of connectivity could be caused b
y a firewall with incorrect permit, NA
T, or port forwarding rules to the DNS
server.
Failure could also be caused by the na
med process being stopped. It is best
to test this both inside the network a
nd outside from the Internet.
TROUBLESHOOTING BIND
2. Linux status messages are logged
to the file /var/log/messages.
Use it to make sure all your zone f
iles are loaded when you start the
named.
Check your /etc/named.conf file if
they fail to do so.
TROUBLESHOOTING BIND
Use the host (nslookup in Windows) comman
d for both forward and reverse lookups to
make sure the zone files were configured
correctly.
FURTHER DIAGNOSIS
Double check the serial numbers in the m
odified zone files are updated, and also
inspect the individual records within th
e files for mistakes.
Ensure there is not a firewall that coul
d be blocking DNS traffic on TCP and/or
UDP port 53 between the host and the DNS
server.
Use the dig command to determine whether
the name server for the domain is config
ured correctly.
Domain Name System (DNS)
Topic 03,p.64
©VTC 2012
Technical Support Fundamentals (ITP 4107)
SUMMARY
Names and Addresses
DNS Domains
BIND
Configuring DNS
Troubleshooting BIND