The Domain Name System (DNS)
In the Windows PC world this is just a name you set in "System Properties" when you look for net shared resources, you see those names, and you use those names to move files between shared folders and use remote printers.
In the Linux and Unix realm there is much more. Each computer may have a lot of running services (time service, web, file transfer, backup, remote connections and more ...), a computer is often use by a remote connection and you need a real name for each computer, as you need a network number for it (IP number).
As we ave seen elsewhere, computer numbers are network addresses (IP addresses), usually expressed in a dotted notation, as: 192.168.1.1, the first part of the address represents a network, the last part a computer.
Humans use names to refer to things, net software uses IP numbers, so there is the need to translate names to number to use remote computers and services running on them.
The old (very old) way to do this was put names and numbers in a configuration file (/etc/hosts) on each computer. The net software looks into this file to find numbers. But you need to copy this file on all your computers, and to update all the copies of this file each time you add a computer or change a name. This is a long job, so DNS was invented as soon as the net began to grow (1983-84), and the first DNS servers where written.
The DNS server. is a computer program which maintain a database with numbers and names, it listens to the net for name queries, and returns the IP number corresponding to a name or the name corresponding to a number.
Computer names are written in the well known dotted notation, i.e. some simple names, divided by dots (as www.helldragon.eu). The names reflect a hierarchical structure: eu is the main domain for the Europe, managed by EURid (www.eurid.eu) helldragon is my domain name, managed by my provider (on behalf of myself), www is a computer name.
The database with all the numbers and names is named DNS and is a distributed database; each organization mantains its part of the database, on it's computers, each with its DNS server. The DNS servers of the main domains ( i.e. .eu) are named "root servers", and contain only the names and numbers of the nameservers for their sub-domains.
The name search is done in a hierarchical way too, in a top-down way: when your network software looks for www.helldragon.eu, it goes to the .eu server, which doesn't contain numbers of computers in the helldragon domain, but returns the address of the nameserver holding the helldragon domain, so your computer can ask the helldragon nameserver for the number of the computer named www.
A name server can be "recursive": you ask it and it goes to the root nameservers and all the subdomains, then give you the final answer.
A name server holding the main informations for a domain is said to be "authoritative" for that domain, there are also "secondary" name servers, which contain copies of the database, and "cache-only" nameservers, which don't contain a real database, but remember the preceding queries holding them in a memory area called "cache"; in this way, when you ask again, the answer is ready for you. A name server can be configured also with forwarders: it forwards requests to other name servers (forwarders), and only if they don't give an answer, make the search by himself.
Cache is important: all the nameservers have a cache; in the top-down scheme all the queries begin from the root name servers, they would be overloaded; but if you ask a cache nameserver, making recursive queries, you have a ready answer without going to the root domains. Using caches and recursive nameservers, the queries are done a bit top-down, a bit bottom-up,root servers are saved and you have a fast answer. Some applications, as IE, mantain also their cache of IP numbers and names.
The DNS system is crucial component for a working internet, it's
managed by the "Internet Corporation for Assigned Names and Numbers",
(www.icann.org)
and is somewhat controlled by the US government;
companies registering domain names must be accredited by the ICANN,
and pay an annual fee.
Through the "Internet Assigned Numbers Authority"
(IANA www.iana.org)
ICANN manage the root servers (with the top level domain names)
and the IP number distribution. There is also a top level domain for each country, managed by each country
in an autonomous way.
To find names and number in internet the DNS must be unique, but some people didn't like the management of the DNS and organized their own DNS; see for example: ORSN (european.ch.orsn.net) , which manage a set of alternative root servers (in sync with ICANN DNS), OPENNIC (www.opennic.unrated.net), new.net (www.new.net) , "Cesidian root" (www.cesidianroot.com) or (namespace.org) which add new top level domains.
The alternative DNS and root domains hadn't much success, this is a good thing: having different name systems would make many sites unrachable and the internet more complicated.
DNS Configuration
But let's return to our problem: giving names to the computers of our LAN.
This problem is solved by running a private name server on one of ours computers; all our computer will be configured to make queries to this nameserver, which will be authoritative for our private domain, and will forward all other queries to the name servers of our provider, which, we hope, will have a big cache. Our private nameserver can maintain a cache too.
I'll name my private domain as "miodominio" and want to name my computer with IP number 192.168.1.1 as nessie.miodominio, shenron.miodominio will be the computer 192.168.1.2. Normally your names will not be visible out of your LAN, your nameserver will be on an hidden computer, in your private network, nobody from the net can see it.
Each Linux distribution comes with the program bind, as a nameserver.
This program is maintained by The Internet Software Consortium
(www.isc.org ) and is used by the most
of DNS servers.
Sometimes it is installed by default, configured
as a cache-only name server,
and you have only to adjust the configuration.
Otherwise use the package manager of your distribution and install it.
With debian it's easy, as root, I type in a terminal window:
apt-get install bind9
Here I'll describe only the essential needed to have a
working system, but, if you want all the details of the configuration,
you can read the DNS how to
(langfeldt.net/DNS-HOWTO);
there are also some books on
DNS, as:
"The Concise Guide to DNS and BIND" by Nicolai Langfeldt, published by Que;
"DNS and BIND" by Cricket Liu and P. Albitz, published by O'Reilly;<
The file: named.conf
In Linux Debian the main configuration file is /etc/bind/named.conf, in other distributions you can find a file: /etc/named.conf ; as usual: all Linuxes are a bit different ...
Let's see the important parts of this file:
acl "clienti_autorizzati" { 127/8 ; 192.168.1.0/24 ; };
with this statement I define an access lists, which will be used
below, you really needn't this.
At the beginning of the file we have a number of options, defining the DNS server behavior, there are many possible options, documented in the bind manual; in my named.conf file I have the followings:
options {
directory "/var/cache/bind";
forward first ;
forwarders {
213.205.32.70 ;
213.205.36.70 ;
};
this says that all temporary files go to /var/cache/bind,
that, before a search, the forwarders are to be queried,
and gives the IP number of the forwarders
(here the DNS servers of my network provider).
recursion yes;
allow-recursion { clienti_autorizzati; };
};
This makes possible recursive search on behalf of authorized clients,
I do this hoping that the DNS server will obtain a bigger cache.
After the options we have a description of the name zones managed by this name server.
zone "." {
type hint;
file "/etc/bind/db.root";
};
this says that the db.root file contains the IP numbers of
the root name servers, the servers from which the recursive
searches start.
zone "miodominio" {
type master;
file "/etc/bind/db.miodominio";
allow-transfer {
192.168.1.2 ;
};
};
This defines my DNS zone, my nameserver is authoritative for the
zone: miodominio, it is the main (or master) server for the zone,
the IP numbers and names are in the file db.miodominio
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.1";
allow-transfer {
192.168.1.2 ;
};
This is a fictious zone, used to translate numbers to names,
we are the master server for this zone too.
Then we have other zones, corresponding to your loopback address, (i.e. as the computer sees himself); for these zones you can keep the defaults:
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
The Zone Files
My numbers and names are kept in the file: db.miodominio, this is a "zone" file, the DNS database; we can have different information in this file, other than numbers and names; the term "record" is used for these informations, we have a SOA record, an A record etc.: the main records are:
SOA : means the starting of a name domain, and give some options NS: give the name servers of the domain A : an IP number MX : the computer which relay mail for this domain CNAME : an alias for a computer name PTR : a pointer to another record TXT : a textual comment
Here an excerpt of my db.miodominio file:
$TTL 86400
;
@ IN SOA nessie.miodominio. root.nessie.miodominio. (
2002101220 ; Serial: numero version number (date)
604800 ; Refresh period : each week
86400 ; Retry period : once a day
2419200 ; Expire
86400 ) ; Cache TTL: time to live in the caches
;
IN NS nessie.miodominio.
IN NS shenron.miodominio.
;
IN MX 10 nessie.miodominio.
IN MX 20 shenron.miodominio.
;
nessie IN A 192.168.1.1
IN HINFO "PC" "Linux"
IN TXT " Il vecchio drago di casa"
IN TXT " Il Drago del Lago "
IN TXT " AMD K6 200 "
IN TXT ""
;
; services for my domain, on nessie
;
master IN CNAME nessie
www IN CNAME nessie
mail IN CNAME nessie
;
The SOA record give some data for your zone: nessie.miodominio is the master name server, the mail for the management of this zone is to be send to the user root; then there are numbers telling how long secondary DNS can save your data in their database without updating them.
TTL is the "time to leave" of your zone, after 86400 seconds (24 hours) your zone data are thrown away from the cache of the name servers, and the queries are to repeated. If you seldom make changes to your configuration you can give an higher value.
The NS records with tell the name of the nameservers of your zone, here I have a master name server: nessie, and a secondary one (shenron), which maintains a copy of the master's data. In an home network you don't really need many nameservers, one may be enough, but real domains have a master nameserver and 2-3 secondaries in case the master nameserver where unavailable.
MX tells to which computer the mail for the domain must be sent, here mail is sent to nessie, if nessie is not found, to shenron.
Then you have detailed data for each computer. For nessie you have the address: 192.168.1.1, an information on the hardware (HINFO), and some comments (TXT records)
A computer can have also aliases (record CNAME); here we tell than nessie can also be called as master, www or mail. In this way a service can be redirected: looking for www.miodominio means going the the web server on nessie. This is the kind of redirection which is used for google services.
That's nearly all; to find names of a given IP number there is a "reverse" zone, which essentially contains PTR records, which are "pointers" to the main records in your zone: the file: db.192.168.1 contain:
@ IN SOA nessie.miodominio. root.nessie.miodominio. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS nessie.miodominio.
IN NS shevron.miodominio.
;
1 IN PTR nessie.miodominio.
2 IN PTR shevron.miodominio.
3 IN PTR grisou.miodominio.
;
This means that if you search for 192.168.1.1 you have to
refer to the computer: nessie.miodominio,
if you search for 192.168.1.2 you have to refer to
shevron.miodominio and so on.
Starting our DNS
Yes, it's easy. Try to prepare your files, then use the program: named-checkconf, to test your configuration file and the program: named-checkzone, to test the zone files i.e. run someting as:
named-checkzone miodominio miodominio.db
To make your DNS reload it's configuration files and database use:
rndc reloadthe programs host or dig make queries, test your nameserver with these programs.
host nessiesould give:
nessie.dragons has address 192.168.1.1
Finally you have to instruct all your computers to ask to your nameserver; usually this is done by putting the nameserver addresses in the file: /etc/resolv.conf. This file contains the addresses of the nameservers and the domains which are searched for names given whitout a full domain suffix:
/etc/resolv.conf search miodominio nameserver 192.168.1.1 nameserver 192.168.1.2
There is also the file: /etc/nsswitch.conf which should contain a line as:
hosts: files dnswhich instructs your computer to look first in the /etc/hosts file, then to ask the nameservers. If you put:
hosts: dns filesThe dns server are queried first.
Really, if you have few computers, you can use the old way: a file /etc/hosts with name and numbers on each computer, without struggling with DNS management. Windows has a file equivalent to /etc/hosts, it is named lmhost, and can be found in: Windows\System32\Drivers\Etc.