|
Initially, all the hosts
in the Internet will be in the domain 'ARPA'. As soon as is practical a second
domain, 'DDN', will be introduced. Other domains may be added after that... -
Jon Postel; The Domain Names Plan and Schedule;
RFC 881; November 1983. |
The Domain Name System (DNS) servers distribute
the job of mapping domain names to IP
addresses among servers allocated to each domain.
Each second-level domain must have at least one domain name
server responsible for maintenance of information about that domain
and
all subsidiary
domains, and response to queries about those domains from other
computers on the Internet. For example, management
of domain name information and queries for the LivingInternet.com
domain is handled by a specific DNS server that takes care of the
load required. This distributed architecture
was
designed to enable the Internet to grow, where
as the number of domains grew, the number of DNS servers can
grow to keep pace with the load.
Today, everyone who registers a second-level domain name
must at the same time designate two DNS servers to manage
queries and return the current IP address for
addresses in that domain. The primary domain name server is always consulted
first, and the secondary domain name server is queried if the primary
doesn't answer, providing a backup and important support
to overall Internet reliability.
The application
that
underlies almost all DNS server software on
the Internet is an open
source program called BIND,
currently maintained
by the Internet
Systems Consortium. When your computer was added to the Internet, one
of the initial setup tasks was to specify a default domain name server, usually
maintained by
your local Internet Service Provider, and almost certainly a variant
of the BIND server software.
When your computer tries to access a domain
like "www.livinginternet.com",
the domain name system works like this:
- Your computer asks your default DNS server if it knows the
IP address for www.livinginternet.com. If the DNS server has
been asked that question recently, then it will have the answer
stored in its local cache, and can answer immediately.
- Otherwise, your DNS server queries the central
zone files for the address of the primary domain name server
for livinginternet.com, and is answered with something like "ns1.livinginternet.com".
- Your DNS server will ask the livinginternet.com DNS server
for the IP address of www.livinginternet.com, which will then
look up
the
answer
and send it back.
- Your DNS server will store the IP address returned in its local
cache, and make the address available to your computer.
- Your computer then contacts www.livinginternet.com with the
standard Internet routing protocols by
using the returned IP address.
The IP address assigned to a computer may change frequently because
of physical moves or network reconfigurations. The major advantage
of the network of DNS servers is that domain names stay the
same even when IP addresses change, and so the domain name servers
can transparently take
care
of
the
mapping.
Security. There are a range of good security
practices built in to the design of the DNS, although versions
of the BIND server software itself have periodically been found
to be vulnerable, often through buffer overrun attacks. If
you run DNS server software, you should always make sure it is
up-to-date with the latest version and patches. DNS server vulnerabilities
typically affect the systems running the servers, which is generally
Internet Service Providers, and so are not a direct threat to the
home user unless you are running one at home.
A major extension to security of the DNS was introduced
in 1997 with the DNS Security (DNSSEC) standard described in
RFC 2065, updated in 1999 with RFC
2535, which provided DNS servers with secure data integrity
and system authentication through the use
of public key cryptography digital
signatures.
Resources. The following references provide additional
information about DNS servers:
- NSLOOKUP -- provides
reports on domain name servers.
- BIND --
the standard DNS server application, maintained by the Internet
Software Consortium.
