|
DNS
DNS name structure
In the early days of the Internet, all host names and their
associated IP addresses were recorded in a single file
called hosts.txt, maintained by the Network Information
Centre in the USA.
Not
surprisingly, as the Internet grew so did this file, and by
the mid-80's it had become impractically large to distribute
to all systems over the network, and impossible to keep up
to date. The Internet Domain Name System (DNS) was developed
as a distributed database to solve this problem. It's
primary goal is to allow the allocation of host names to be
distributed amongst multiple naming authorities, rather than
centralised at a single point.
DNS
names are constructed hierarchichally. The highest level of
the hierarchy being the last component or label of the DNS
address. Labels can be up to 63 characters long and are case
insensitive. A maximum length of 255 characters is allowed.
Labels must start with a letter and can only consist of
letters, digits and hyphens. [Unfortunately some
administrators construct names that start with digits. This
is wrong and can easily cause problems with software that
simply inspects the first character of a host address to
determine whether a DNS name or an IP address has been
quoted.]
Note
In the early days of the Internet users in at least one
country (the United Kingdom) adopted a similar scheme with
the highest hierarchical level appearing first rather than
last. I.e. uk.ac.wlv.scit.sun rather than
sunc.scit.wlv.ac.uk. This practice is, fortunately,
obsolete.
DNS
addresses can be relative or fully qualified. A fully
qualified address includes all the labels and is globally
unique. A relative address can be converted by appending the
local domain information. For example sunc.scit.wlv.ac.uk is
a fully qualified name for the host sunc in the domain
scit.wlv.ac.uk. Strictly there should be a stop at the end
of a fully qualified name but this is often overlooked.
The
final most significant label of a fully qualified name can
fall into one of three classes
arpa
This
is a special facility used for reverse translation, i.e.
going from IP address to fully qualified domain address. If
everything is properly configured a suitably framed query
for 1.4.220.134.in-addr.arpa will return sunc.scit.wlv.ac.uk.
Details of this will be described later.
3
letter codes
The
DNS was orginally introduced in the
United
States of America
and the final component of an address was intended to
indicate the type of organisation hosting the computer. Some
of the three letter final labels (edu, gov, mil) are still
only used by organisations based in the USA, others can be
used anywhere in the world.
The
three letter codes are
code
meaning
com
Commercial. Now international.
edu
Educational.
gov
Government.
int
International Organisiation.
mil
Military.
net
Network related.
org
Miscellaneous Organisation.
Two letter codes
The
final two letter codes indicate the country of origin and
are defined in ISO 3166 with the minor exception that
uk
is used for the United Kingdom rather than gb although there
are some .gb sites. [This apparently happened because the
ISO committee was unaware that
Northern Ireland
was part of the United Kingdom but not part of Great
Britain.]
The
two letter code us is used by some sites in the United
States of America.
In
some countries there are sub-domains indicating the type of
organisation such as ac.uk, co.uk, sch.uk in the
United
Kingdom
and edu.au and com.au in Australia. Most European countries
have not adopted this useful practice. A fuller discussion
of the United Kingdom DNS domains is provided by To obtain a
domain address it is necessary to identify the administrator
of the required domain and then all that is basically
necessary is to send the administrator the required code and
the associated IP address and they will, if they accept the
request, include the details in their databases. Conditions
for acceptance vary widely between administrators, the
administrators for the com and org being, apparently, quite
happy to accept anything from anywhere.
A DNS
server is just a computer that's running DNS software. Since
most servers are Unix machines, the most popular program is
BIND (Berkeley Internet Name Domain), but you can find
software for the Mac and the PC as well.
DNS
software is generally made up of two elements: the actual
name server, and something called a resolver. The name
server responds to browser requests by supplying
name-to-address conversions. When it doesn't know the
answer, the resolver will ask another name server for the
information.
To
see how it works, let's go back to the domain-name-space
inverted tree.
When
you type in a URL, your browser sends a request to the
closest name server. If that server has ever fielded a
request for the same host name (within a time period set by
the administrator to prevent passing old information), it
will locate the information in its cache and reply.
If the
name server is unfamiliar with the domain name, the resolver
will attempt to "solve" the problem by asking a server
farther up the tree. If that doesn't work, the second server
will ask yet another - until it finds one that knows. (When
a server can supply an answer without asking another, it's
known as an authoritative server.)
Once
the information is located, it's passed back to your
browser, and you're sent on your merry way. Usually this
process occurs quickly, but occasionally it can take an
excruciatingly long time (like 15 seconds). In the worst
cases, you'll get a dialog box that says the domain name
doesn't exist - even though you know damn well it does.
This
happens because the authoritative server is slow replying to
the first, and your computer gets tired of waiting so it
times-out (drops the connection). But if you try again,
there's a good chance it will work, because the
authoritative server has had enough time to reply, and your
name server has stored the information in its cache.
DNS
Structure
The DNS is arranged as a hierarchy, both from the
perspective of the structure of the names maintained within
the DNS, and in terms of the delegation of naming
authorities. At the top of the hierarchy is the root domain
"." which is administered by the Internet Assigned Numbers
Authority (IANA). Administration of the root domain gives
the IANA the authority to allocate domains beneath the root.
The process of assigning a domain to an organisational
entity is called delegating, and involves the administrator
of a domain creating a sub-domain and assigning the
authority for allocating sub-domains of the new domain the
subdomain's administrative entity.
This
is a hierarchical delegation, which commences at the "root"
of the Domain Name Space ("."). A fully qualified domain
name, is obtained by writing the simple names obtained by
tracing the DNS hierarchy from the leaf nodes to the root,
from left to right, separating each name with a stop ".", eg.
fred.xxxx.edu.au. is the name of a host system (huxley)
within the XXXX University (xxx), an educational (edu)
institution within Australia (au).
The
sub-domains of the root are known as the top-level domains,
and include the edu (educational), gov (government), and com
(commercial) domains. Although an organisation anywhere in
the world can register beneath these three-character top
level domains, the vast majority that have are located
within, or have parent companies based in, the
United
States.
The top-level domains represented by the ISO two-character
country codes are used in most other countries, thus
organisations in Australia are registered beneath au.
The
majority of country domains are sub-divided into
organisational-type sub-domains. In some countries two
character sub-domains are created (eg. ac.nz for New Zealand
academic organisations), and in others three character
sub-domains are used (eg. com.au for Australian commercial
organisations). Regardless of the standard adopted each
domain may be delegated to a separate authority.
Organisations that wish to register a domain name, even if
they do not plan to establish an Internet connection in the
immediate short term, should contact the administrator of
the domain which most closely describes their activities.
Even
though the DNS supports many levels of sub-domains,
delegations should only be made where there is a requirement
for an organisation or organisational sub-division to manage
their own name space.
Any sub-domain administrator must also demonstrate they have
the technical competence to operate a domain name server
(described below), or arrange for another organisation to do
so on their behalf.
Domain
Name Servers
The DNS is implemented as collection of inter-communicating
nameservers. At any given level of the DNS hierarchy, a
nameserver for a domain has knowledge of all the immediate
sub-domains of that domain.
For
each domain there is a primary nameserver, which contains
authoritative information regarding Internet entities within
that domain. In addition Secondary nameservers can be
configured, which periodically download authoritative data
from the primary server.
Secondary nameservers provide backup to the primary
nameserver when it is not operational, and further improve
the overall performance of the DNS, since the nameservers of
a domain that respond to queries most quickly are used in
preference to any others. Thus, in addition to having a
primary nameserver on site, each organisation should have at
least one secondary on site, and another elsewhere on the
Internet, preferably well connected. This is particularly
important for entities with slow speed or dial-up Internet
connections to reduce use of their link to support the DNS.
|