Chapter 11. DNS Servers
DNS(Domain Name System), is a distributed database system that is used to associate host names with their respective
IPaddresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses. For system administrators, using a
DNSserver, also known as a nameserver, enables changing the
IPaddress for a host without ever affecting the name-based queries. The use of the
DNSdatabases is not only for resolving
IPaddresses to domain names and their use is becoming broader and broader as DNSSEC is deployed.
11.1. Introduction to DNS
DNSis usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If the nameserver is configured to be a recursive name servers and it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name. Nameservers configured as purely authoritative, with recursion disabled, will not do lookups on behalf of clients.
11.1.1. Nameserver Zones
DNSserver, all information is stored in basic data elements called resource records (RR). Resource records are defined in RFC 1034. The domain names are organized into a tree structure. Each level of the hierarchy is divided by a period (
.). For example: The root domain, denoted by
., is the root of the
DNStree, which is at level zero. The domain name
com, referred to as the top-level domain (TLD) is a child of the root domain (
.) so it is the first level of the hierarchy. The domain name
example.comis at the second level of the hierarchy.
Example 11.1. A Simple Resource Record
example.com. 86400 IN A 192.0.2.1
example.com, is the owner for the RR. The value
86400is the time to live (TTL). The letters
IN, meaning “the Internet system”, indicate the class of the RR. The letter
Aindicates the type of RR (in this example, a host address). The host address
192.0.2.1is the data contained in the final section of this RR. This one line example is a RR. A set of RRs with the same type, owner, and class is called a resource record set (RRSet).
DHCPservers, as well as any provisioning applications, should agree on the host name format used in an organization. See Section 3.1.1, “Recommended Naming Practices” for more information on the format of host names.
11.1.2. Nameserver Types
- Authoritative nameservers answer to resource records that are part of their zones only. This category includes both primary (master) and secondary (slave) nameservers.
- Recursive nameservers offer resolution services, but they are not authoritative for any zone. Answers for all resolutions are cached in a memory for a fixed period of time, which is specified by the retrieved resource record.
11.1.3. BIND as a Nameserver
named, an administration utility called
rndc, and a debugging tool called
dig. See Red Hat Enterprise Linux 7 System Administrator's Guide for more information on how to run a service in Red Hat Enterprise Linux.