DNS ARCHITECTURE

/etc/hosts Local resolver or local DNS file

Uses of /etc/hosts
Primary names are used by system to do reverse lookups [IP to names]
Reverse lookups are required to create more readable displays
Limitations of /etc/hosts
Flat file easy to read!edit "ard to searc"
not inde#ed or encrypted
Daily maintenance at eac" m!c required for ne$ entries

DNS HIERARCHY
Structure of DNS
Distributed "ierarc"ical D%
Locali&ed not centrali&ed maintenance required
Example 'onsider a file !etc!"ttpd!conf!"ttpd(conf

!
)
*******************************************************
) ) ) ) )
!boot !"ome !usr !etc !var
)
***********
)
!etc!"ttpd
)
**********
)
!etc!"ttpd!conf
)
!etc!"ttpd!conf!"ttpd(conf
+ere root of file system is !
, "ostname on t"e Internet is e#actly t"e opposite
Example !a!ar"mum#ai"ipsolution"or$" -Dot denotes root of DNS tree.

+ostname sub*domain Domain /LD
+ere root of DNS tree is " -D0/.
!a!ar Name of t"e computer ["ostname *s]
mum#ai sub*domain under 1ipsolution1
ipsolution Domain $e "ave purc"ased under 1or21
or$ , /LD
" Root node
" or root node is like ! t"e root of t"e FS
Directories are like domains or more precisely sub*domains
Files are like "osts or computers $it" IP and "ostnames
3ac" domain can be furt"er divided or partitioned in to sub domains 4ust like a dir can be furt"er subdivided
into subdirectories(
Directories use / as t"e separator( Domains are separated by "
Note
Sub domains are like directories under a parent directory but t"is directory is not any normal directory but appears
as a directory because it is like a NFS mounted s"are( , directory $"ic" is a file system on some ot"er "ost can be
56
detac"ed but once mounted on a particular file system becomes part of t"at( Like every directory a domain name
"as a unique name and identifies its position in t"e database7 8uc" as a directory1s absolute pat" name identifies its
place in t"e file system( , domain is a sequence of labels from t"e node at t"e root of t"e domain to t"e root of t"e
$"ole tree $it" t"e labels separated by dots( In 9NI: a directory;s absolute pat" name is a list of relative names
read from root 1!1 to leaf [opposite to DNS] usin2 a slas" to separate t"e names( <ust as one can "ave t$o files $it"
t"e same name in separate directories( So one can "ave t$o similar "osts but in different domains [nodes](
DNS requires t"at siblin2 nodes * nodes t"at are c"ildren of t"e same parent * "ave different labels * /"is is to ensure
uniqueness(
e"$" dadar(mumbai(ipsolution(or2
dadar(del"i(ipsolution(or2
+ere t"e parent is 1ipsolution1 and "as = siblin2s * 1mumbai1 and 1del"i1( /"ese "ave to "ave different labels(
/"e above = are names of = mac"ines i(e( t"ey are = completely different "osts(
D%&AINS AND D%&AIN NA&ES
Domains> , sub tree of t"e domain name space /"e domain name of a domain is t"e same as t"e domain
name of t"e node at t"e very top of t"e domain(
?(? [root node]
!
)
*******************************************************
) ) ) ) )
or2 edu com 2ov in
)
****************
)
ipsolution(or2

, domain name can also be in many domains(
E"$( /"e domain name ?mumbai( ipsolution(or2(? is a part of t"e ?ipsolution(or2(? domain as $ell as of t"e ?or2(?
domain $"ic" is once a2ain a part of t"e @(; domain(
,ll DNS servers are in t"e ( domain
?(? [root node]
!
)
*******************************************************
) ) ) ) )
or2 edu com 2ov in
)
****
)
ipsolution(or2( -ipsolution ipsolution(or2 domain.
)
*****************************************************
) )
mumbai( ipsolution(or2( c"ennai(ipsolution(or2(

-mumbai mumbai( ipsolution(or2( domain. -c"ennai c"ennai(ipsolution(or2( domain.

0ne of t"e main 2oals of t"e DNS $as to decentrali&e administration(
Let us compare $it" '30 of a lar2e 'orp( +o$ does "e dele2ate responsibilityA
+e breaks up t"e or2anisation into departments eac" $it" its o$n "ead( /"e +ead "as total responsibility for "is
department( /"e department is created by t"e '30 and "ence cannot be made $it"out t"e '30 kno$in2 about it(
/"at is it;s made by t"e '30 and total responsibility is dele2ated to t"e Dept +ead to "andle "is Dept( /"e Dept
+ead can create more sub departments under "is department $it"out consultin2 t"e '30( +e "as total aut"ority
over "is Dept -domain.( +e is said to be aut"orative over "is Dept -domain.
=B
No$ let1s see "o$ DNS does domain dele2ation(
?(? [root node]
!
)
*******************************************************
) ) ) ) )
or2 edu com 2ov in
)
******************************
) ) )
mumbai del"i c"ennai
)
*****************************************************
) ) )
dadar t"ane and"eri
/"e ?(? is controlled by I',NN -Int1l 'orp for ,ssi2ned Names!Numbers.( ?or2? domain is controlled by Net$ork
Solutions( Net$ork Solutions "as sub*domains del"i c"ennai and mumbai(
Net$ork Solutions can "andle all t"e data t"ere but $"y s"ould itA
It t"erefore dele2ates t"e sub domain ?mumbai(or21 to t"e folks at 8umbai to mana2e( /"e folks at mumbai "ave
total aut"ority over t"is domain no$ and can create more domains -sub domains. and t"ey do( /"ey create
?dadar(mumbai(or2? and ?and"eri(mumbai(or2? and let t"e folks at dadar t"ane and and"eri to "andle t"ose domains(
,t dadar 0ffice> station5(dadar(mumbai(or2
station=(dadar(mumbai(or2
Some t$o "osts at t"e dadar office(
,t and"eri 0ffice> station5(and"eri(mumbai(or2
station=(and"eri(mumbai(or2
Some t$o "osts at t"e and"eri office(
No$ I do ?pin2 station5(and"eri(mumbai(or2?(
/"e query $ould 2o to ?(? $"ic" $ould direct me to a server $"ic" "andles t"e ?or2? domain( /"e ?or2? domain
kno$s about t"e ?mumbai? sub domain so it directs me anot"er DNS server -$"ic" kno$s all about t"e
mumbai(or2? domain.( 0nce t"ere t"is server a2ain directs me to anot"er DNS server $"ic" kno$s all about
?and"eri(mumbai(or2? domains( ,t t"e DNS server $"ic" "andles t"e ?and"eri(mumbai(or2? domain I finally find a
RR -Resource Record. $"ic" is somet"in2 like t"is>
station5(and"eri(mumbai(or2( IN , 5C=(=D(B(E
,nd at last I "ave t"e DNS*resolved IP of my station5(and"eri(mumbai(or2F /"e pro2rams $"ic" store info about
t"e domain name space are called ?name servers? and yes one of t"ese pro2rammes $as runnin2 on t"is last
mac"ine $"ic" solved by problem(
Re'erse Domains
,ddress to Name conversion
Reverse lookups are required to create more readable o!p displays ! lo2s etc( /"ey are called Reversed Domains
since t"ey are $ritten in t"e reverse order(
/"e structure of an IP address % is t"e opposite of t"e domain name , to create a 1Reverse Domain Name1 $e
reverse t"e IP address
E(B(=D(5C=(in*addr(arpa(
1in*addr(arpa(1 is a special /LD domain in $"ic" all reverse domains are located(

Reverse Domain root DNS servers
"
)
arpa
)
=5
in*addr
)
*******************************************************************
)
56=(5GH
)
***********
) ) )
B 5 =EE
)
******************************
) ) ) ) ) )
5 = I D E (((=EE

'reatin2 a ,ut"oritative 8aster!Primary DNS Server
(ormat
5 = I D E
name!o$ner [//L(((] 'lass record*type data
J IN!'+!+S S0,

Internet NS , P/R 8: 'N,83 RP
'"aosNet /:/ +INF0 N9LL(((
+esiod
KnameL ttl class S0, ori2in KpersonL of &one
KserialL
Krefres"L
KretryL
Ke#pireL
KminimumL .
DNS Recor!)T*pes
S0, Start of ,ut"ority
NS Name Server
, Internet ,ddress
P/R Pointer
8: 8ail 3#c"an2er
'N,83 'anonical Name -nickname pointer.
RP Responsible Person
/:/
+INF0 +ost Information * 0S!'P9 etc
N9LL
RD,/,
S0, Record> C components -Start of ,ut"ority.
5( Primary or 8aster Name server
=( DNS ,dmin1s 8ail*Id
I( /"e ne#t E are t"e c"aracteristics >
D( Serial Number
E( Refres" rate
G( Retry
C( 3:PIRM
H( Default //L for t"e domain
SER+ER C%N(I,URATI%N
-" Find out $"ere dns database files s"ould e#ist( Directives $"ic" directs $"ere s"ould dns confi2uration files
e#ists
[rootJserver N] O cat !etc!sysconfi2!named
R00/DIRP!var!named!c"root
." Find dns confi2uration file $"ic" also indicates $"ere are sample files are located(
==
[rootJserver N] O locate named(conf
!etc!dbus*5!system(d!named(conf
!usr!s"are!doc!bind*6(I(I!sample!etc!named(conf Q
!usr!s"are!lo2$atc"!default(conf!services!named(conf
!usr!s"are!man!manE!named(conf(E(2&
!usr!s"are!system*confi2*bind!profiles!default!named(conf Q
/" 'opy t"e sample files to default location(
[rootJserver N] O cp !usr!s"are!doc!bind*6(I(I!sample!etc!R !var!named!c"root!etc
[rootJserver N] O cp !usr!s"are!doc!bind*6(I(I!sample!var!named!R !var!named!c"root!var!named
[rootJserver N] O cp !usr!s"are!doc!bind*6(I(I!sample!var!named!slaves!R
!var!named!c"root!var!named!slaves
[rootJserver N] O cp !usr!s"are!system*confi2*bind!profiles!default!named(conf S
!var!named!c"root!etc!named(conf
[rootJserver N] O cd !var!named!c"root!etc!
0" 3dit t"e main confi2uration file
[rootJserver N] O vi named(conf
&one ?e#ample(com? IN T Q Mour aut"oritive for$ard lookup &one(
type master7
file ?e#ample(f&one?7 Q Uone;s for$ard lookup file
allo$*update T none7 V7
V7
&one ?=D(5C=(in*addr(arpa(? IN T Q Mour aut"oritive reverse lookup &one
type master7
file ?e#ample(r&one?7 Q Uone;s reverse lookup file
allo$*update T none7 V7
V7
1" 8ake for$ard W reverse lookup &one files
[rootJserver N] O cd !var!named!c"root!var!named!
[rootJserver N] O cp named(local e#ample(r&one
[rootJserver N] O vi e#ample(r&one
X//L HGDBB
J IN S0, server( root(server( -
566CB==CBB 7 Serial
=HHBB 7 Refres"
5DDBB 7 Retry
IGBBBBB 7 3#pire
HGDBB . 7 8inimum
J IN NS server(e#ample(com(
5(B IN P/R server
I(B IN P/R stationI
-23 s/localhost/ser'er/$ Q Dynamically edit t"e c"an2es $it" vi internal commands
[rootJserver N] O cp e#ample(r&one e#ample(f&one
[rootJserver N] O vi e#ample(f&one
X//L HGDBB
J IN S0, server( root(server( -
566CB==CBB 7 Serial
=HHBB 7 Refres"
5DDBB 7 Retry
IGBBBBB 7 3#pire
HGDBB . 7 8inimum
J IN NS server(e#ample(com(
=I
server IN , 5C=(=D(B(5
stationI IN , 5C=(=D(B(I
4" 3dit dns pointer file
[rootJserver N] O vi !etc!resolv(conf
searc" e#ample(com
nameserver 5C=(=D(B(5
5" Start t"e dns service(
[rootJserver N] O service named restart
CLIENT C%N(I,URATI%N
6" 3dit dns pointer file
[rootJstation= N] O netconfi2
0r
[rootJ station= N] O vi !etc!resolv(conf
nameserver KI7 ADDRESS of dns serverL
8" /estin2 tools
[rootJserver N] O di2 server(e#ample(com
[rootJserver N] O di2 *# 5C=(=D(B(5
[rootJserver N] O nslookup
[rootJserver N] O "ost *al e#ample(com
=D