Chapter 16: Domain Name System

16.1 Naming Concepts

Once a kernel is configured for TCPIP the current UNIX default setting, the network interface is set properly, and the routing table is established, the system is ready for a network communication. A number of extremely useful network applications and services are available so that the system may benefit from the network configuration. In the past, UNIX considered networking an option; today, networking is an integral part of any UNIX installation. Networking and network−based applications are booming today; however, it is not realistic to expect each network service to be a default part of UNIX. The UNIX philosophy is to remain open to all newcomers, and, thanks to this concept and other related issues, UNIX is supporting networking very well. UNIX is actually the main supporting platform for most network services. The significance of different network applications and services varies; some network services are conditio sine qua non for other network services, while other services are optional, and are used only by a very small segment of the UNIX community. Some network applications are important from an administration point of view, and we will refer to those network services as the core network services. Core network services are usually an integral part of each modern UNIX installation, and we will focus on them. Among all the core network services, perhaps the most important one is the name service.

16.1.1 Host Names and Addresses

Each UNIX system on the network is uniquely identified by at least one IP address, and this is sufficient for systems. The machines understand these addresses very well, and they communicate among themselves without any problem. In fact, they only understand the numerical IP addresses. However, it is not very convenient for users, who are human beings, to use numerical IP addresses four not−logically related numbers, although there are no restrictions. For example, a user wishing to telnet to the host with IP address 128.124.128.14 can do that by entering the following command: telnet 128.122.128.14 And it will work well. But when a user wishes to telnet to many different hosts, it would be quite hard to remember all of the required IP addresses. Users are accustomed to using another identification mechanism, names, to identify someone or something. The name service, officially named Domain Name Service DNS, also known as Domain Name System helps in implementing this mechanism in network communications. It is much easier for a user to establish the above telnet session using the following command: telnet acf4.nyu.edu And it will also work well. DNS is basically a distributed database of host information, which, besides host names and IP addresses, also includes some other useful information about hosts on the network. DNS makes this information available to all hosts, i.e., all users, on the network whenever they need it. By 367

16.1.2 Domain Name Service DNS

The development of DNS followed the development of the Internet itself. In the beginning, when the network ARPANET at that time was a small friendly community of a few hundred hosts, a centralized host database that consisted of a single file called HOSTS.TXT could contain all of the required information about the hosts on the network. The file held a name−to−address mapping for each host existing at that time and has been maintained by the Network Information Center. The data were distributed from a single host named SRI−NIC. Every host updated its local host database, the etchosts file, from the centralized host database, by copying all data and deleting entries not attractive for that particular site. However, the centralized host database could not support the rapid network growth, and the scheme quickly became unworkable, mostly because of the following simple reasons: Network traffic and processor load at the host SRI−NIC became unbearable. • Name collisions became very frequent SRI−NIC did not have authority over host names, only over IP addressing, so anyone could add a host with a conflicting name and break the whole scheme. • Maintaining consistency among the increasing number of hosts became a very difficult task just imagine the job with the millions of hosts on the network today. • Clearly, a new approach was needed. In 1984 RFCs 882 and 883 were released, defining new naming concepts done by Paul Mockapetris based on the distributed DNS database. The structure of the DNS database is very similar to the structure of a UNIX filesystem. Each unit of data in the database is indexed by a name, which is a path in a large inverted tree called the domain name space or DNS space, shown in Figure 16.1. 368 For example: acf4.nyu.edu Full domain name for the host acf4 acf4.nyu.edu. Fully−qualified domain name absolute domain name for the host acf4 Root domain name At first, this seems confusing: full names vs. fully−qualified names? In some ways it is confusing, but fortunately the different forms of names have no significant influence in real implementations. Both names identify the same host node uniquely; applications just treat them in slightly different ways. To make the use of domain names easier, applications permit the use of shorter name versions, usually relative to a default domain, which is then automatically appended by the application itself of course, the default domain must be predefined. If the absolute name is implemented, there is no need to append anything; the absolute name determines the nodes complete domain name. DNS requires that sibling nodes nodes that are children of the same parent node be named uniquely repeated names are not allowed. This restriction guarantees a domain name uniquely defines a single node in the domain tree. This is not a real limitation, since it is implied only on the sibling nodes, not among all nodes in the tree, and the sibling nodes are supposed to be under the same administration. 16.1.2.1 Domains and Subdomains A domain is simply a subtree of the domain name space. A domains domain name is the same as the domain name of the starting root node of this subtree. This is presented in Figure 16.2. Any domain can be a part of another domain, and any domain name can be a part of another domain name, as well. Hosts are a part of the domain, too, but hosts are also domains; their domain names point to the individual hosts themselves. A domain contains all the hosts whose domain names are within this domain. 369 Figure 16.2: The domains. The hosts and the domain are related logically, often by organizational affiliation, and not necessarily by the location, network, or hardware type. Theoretically, hosts from the same domain can be located in different countries, or even continents; hosts domain names are not even related to their IP addresses. In real life, though, relating the two is highly favorable and can make future administration much easier. A domain inside the domain is often called a subdomain. Although a subdomain is a domain per se and can contain subdomains of its own, using this term makes it easier to explain the hierarchical structure of the domain name space it recalls the relationship between a directory and subdirectories in the directory tree hierarchy. The top−level domains are directly under the root domain. There are two basic types of top−level domains: geographic and organizational. Geographic domains have been set aside for each country in the world and are identified by a two−letter code, for example: uk United Kingdom ca Canada au Australia us United States this is actually rarely used for hosts within the United States The top−level domains within the United States are organizational, i.e., membership in a domain is based on the type of organization. The top−level domains belonging to this category are: 370 International organizations info New, recently introduced top−level domain of general nature The Network Information Center NIC had the authority to allocate domains. An official application to the NIC must be submitted to obtain a domain. The NICs approval meant that a new domain is registered and it granted complete authority over the domain. Any registered domain had the authority to divide its domain into subdomains arbitrarily, without consulting the NIC. The decision to add additional subdomains is completely up to the local network administrator. Currently, NIC authority has moved to other organizations, but we will continue to refer to NIC as a central authorization body. An address assignment is in some ways similar to a domain assignment. The NIC assigns a network address or several addresses corresponding to the domain, and the network administrator for the domain may assign subnet addresses and host addresses belonging to the assigned network. The NIC is the central authority that delegates power and distributes control over names and addresses to individual organizations. Once that authority has been delegated, the individual organization is responsible for managing the names and addresses it has been assigned. The parallel between subnet and subdomain assignments is only verbal; subnets and subdomains must not be linked, although sometimes such links could make the administration easier. A subdomain may contain information about hosts from several different networks. Creating a new subnet does not require the creation of a new subdomain, and vice versa.

16.1.3 Host Database Files