Friday, April 29, 2011

Domain Name System (DNS)


Domain Name System (DNS)

A connection must be established before data can be exchanged. This connection, from a user standpoint can be a simple URL entered into the browser address window. The host name we are familiar with entering is not however the network identifier used to exchange data. A DNS server performs a resolving process to convert the entered host name (www.blogspot.com) to a network IP address (209.85.229.191). By defining the location of the DNS server the host is able to request this conversion. The conversion process would be unacceptably slow if it were conducted from a single world wide server. Therefore a distributed data base is used enabling local servers to provide the conversion. It is important the user set the environmental variable, DNS Server, to point at the local server providing the host to URL conversions.

Domain Names

Domain names are allocated by a sole agency in each country responsible for the Domain Name System. Upon application, the agency allocates the name and corresponding range of addresses associated with that name to the requesting organization.

An example of a domain name is microsoft.com used by Microsoft. There is an organizational part for the domain name, as well as a top-level identifier (in this instance .com) that specified the type of organization (commercial). Top-level identifiers are pre-assigned and not subject to change. Some common top-level identifiers are:

.comcommercial
.edueducation
.govnon-military government organizations
.orgnon-profit organization
.milmilitary
.netnetworks


Countries other than the USA have a country code as their top-level identifier.

Any host computer using TCP/IP is assigned a logical host name, such as www.microsoft.com is the logical host name of the web server at Microsoft. All computers running TCP/IP must have a unique hostname and unique TCP/IP address.

Generally, control of the domain is assigned to the organization that requests the domain name. So, Microsoft will be responsible for holding information related to the microsoft.com domain, such as computer hostnames and their TCP/IP addresses.

DNS Servers

A server running the DNS service accepts requests for domain name resolutions. The server constructs a table of entries for the domain that it is responsible for (this table may be static or dynamic). The table entries consist of computer host names and their TCP/IP addresses.

DNS Records

A DNS uses resource records to resolve host names and IP addresses. These records are stored in the DNS zone files. The following table lists some of the more common resource records.

Resource Record TypeDescription
AAddress record, associates a host name to an IP address. Used in forward lookups
CNAMECanonical name record. Associates an alias with an existing host name
MXMail exchange record, specifies the mail server for the domain
NSName server record, specifies servers that can resolve names
PTRPointer record, associates an IP address with a host name. Used in reverse lookups
SOAStart of authority record. Specifies the server that contains the zone files for the domain
SRVService record. Specifies servers that provide special services.


When you create a DNS, some resource records will be automatically created. If client computers on the network are using DHCP, and you are using the DNS that comes with Windows 2000, these clients will have records created in the DNS automatically. Microsoft refers to this as dynamic update.

Third party DNS systems that do not support dynamic updating will require you to create records for client computers and servers on your network.

Domain Name Service (DNS) Management

Domain Name Service (DNS) Management provides an interconnected network of DNS name servers that keep databases of mappings (called resource records) between IP Addresses and DNS Names for components on the network. Any host with software DNS Resolver installed on it may obtain the IP Address of another network component by providing only its DNS Name to one of the DNS name servers. The DNS name server responds to the resolver with the IP Address associated with the component's DNS Name. The host then uses that IP Address in messages to that component, since network routers use that IP Address to route the message to the identified component. DNS name servers may also provide address-to-name translation, i.e. if a host's resolver provides a DNS IP Address the DNS name server can respond with the associated component's name. Network components such as servers, hosts, routers, appliances – and network resources such as printers and scanners -- are assigned unique IP addresses on the LandWarNet to enable their discovery, connection and communication with other components. The Army's Protected DNS (P-DNS) system supports concise compartmentalization for security and management of names and addresses for LWN components, and allocates address space for all devices on Army networks. Microsoft Active Directory (AD) forests internal to the LWN have their own DNS servers installed on AD domain controllers, but may use the P-DNS to find domain controllers when accessing components in other forests.

Domain Name System Security Extensions (DNSSEC)

DNS Security or simply DNSSec has evolved to become an important security measure for the DNS. Domain Name System Security Extensions have been brought to existence for the purpose of providing authentication and integrity of DNS data. Authentication of source data can be used by the resolver to make sure it is communicating with valid name servers.

Dynamic Domain Name System (DDNS)

When the DNS was designed, no one predicted that there would be so many changes may to addresses. In DNS, when there is a change, such as adding a new host, removing a host, or changing an IP address, the change must be made to the DNS master file. These types of changes involves a lot of manual updating. The size of today’s Internet does not allow this kind of manual operation.

The DNS master file must be updated dynamically. The dynamic domain name system therefore has been devised to respond this need. DNS uses the services of UDP for messages of less than 512 bytes; otherwise, TCP is used.

Conclusion

The Domain Name System is the linchpin of the modern internet. It provides a lookup service to over 14 million hostnames and is used by almost every computer connected to the internet worldwide. This document aims to describe how DNS performs such a service, how it copes with the large scale demand and what future issues or improvements may affect its operation. The history of DNS, the structure of the DNS hierarchy and the server side functions of the name servers are all considered. Although the initial motivation for implementing the system was to overcome the scaling problems of an incumbent system, how well has DNS coped with expansion? Security vulnerabilities as well as an alternative and more flexible system both threaten the use of DNS as the global standard for name resolution in the future.




Comments: