46.9. Domain Name Service (DNS)Usually, when you want to refer to a machine, you want to use its hostname, rather than having to remember its IP address (Section 46.1). However, IP only understands IP addresses, not hostnames, so some mapping from hostname to IP address is necessary. /etc/hosts provides a simple mapping from hostname to IP address, but it has the disadvantage of being local to your machine. It would be impossible to maintain an /etc/hosts file that actually reflected the constantly changing reality of the Internet. (In fact, historically, /etc/hosts was a list of every single machine on the Internet, downloaded regularly from a central source. This system broke down when the number of hosts on the Internet surpassed a few hundred.) The Domain Name Service (DNS) is a specification for a loosely coordinated, distributed database mapping host names to IP addresses. Generally, it's implemented by the Berkeley Internet Name Daemon (bind), running on hundreds of hosts. Each DNS server has authority over a small piece of the database, and coordination is accomplished through delegation. The root servers know which DNS servers have authority over the top-level domains (TLDs), such as .com, .net, .org, and so forth. Each of those DNS servers knows which DNS server has authority over each subdomain, and so on. DNS servers also cache information, so that a full, time-intensive search through the large distributed database isn't necessary every time you want to access a host's IP address. DNS also stores other records, including Mail Exchanger (MX) records for routing mail (Section 46.8). MTAs use MX records when resolving where to send an email by looking up MX records on the domain for which the email is destined. Typically a DNS administrator creates an address record for mail.domain.com, points it at a machine configured to catch mail for domain.com, and then adds an MX record pointing to mail.domain.com on each host within domain.com. DNS can affect you in a few obvious ways. The first is that you might need to diagnose problems if for some reason your machine can't look up hostnames. host is a simple tool for making DNS queries. host hostname.domain.com will return the IP address for hostname.domain.com. While host can do slightly more complicated queries, I recommend dig (Section 46.3) for anything more complicated than a quick query. whois can show you registration information for a domain; comparing this information to a dig on that domain can tell you if your DNS cache is stale (or if the root servers haven't been updated): % whois oreilly.com ... Registrant: O'Reilly & Associates (OREILLY6-DOM) 101 Morris Street Sebastopol, CA 95472 US Domain Name: OREILLY.COM ... Record last updated on 20-Mar-2002. Record expires on 28-May-2003. Record created on 27-May-1997. Database last updated on 28-Mar-2002 15:33:00 EST. Domain servers in listed order: NS.OREILLY.COM 209.204.146.21 NS1.SONIC.NET 208.201.224.11 % dig oreilly.com ns ... ;; ANSWER SECTION: oreilly.com. 3h42m10s IN NS ns2.sonic.net. oreilly.com. 3h42m10s IN NS ns.oreilly.com. oreilly.com. 3h42m10s IN NS ns1.sonic.net. ... You might also want to set up a local DNS cache by configuring bind to resolve only. (You can also use dnscache, available at http://cr.yp.to/djbdns.html.) To do this, make sure you have bind installed and then put these lines into your named.conf : options { ... allow-query { localnets; }; allow-transfer { none; }; allow-recursion { localnets; }; ... } zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; This allows machines on your local network to query this bind and will look up queries for them (which is what allow-recursion means). It also provides the normal basic root servers list (necessary for bind to do full DNS queries for its clients) and the reverse lookup for 127.0.0.1/localhost. If you need to run your own DNS server, you'll want to configure bind to be authoritative for your domain or domains. An example is beyond the scope of this book, though; refer to the bind documentation or to O'Reilly's DNS and Bind. Copyright © 2003 O'Reilly & Associates. All rights reserved. |
|