Saturday, June 21, 2008

About DNS.

DNS name structure
In the early days of the Internet, all host names and their associated
IP addresses were recorded in a single file called hosts.txt,
maintained by the Network Information Centre in the USA.

Not surprisingly, as the Internet grew so did this file, and by the
mid-80's it had become impractically large to distribute to all systems
over the network, and impossible to keep up to date. The Internet
Domain Name System (DNS) was developed as a distributed database to
solve this problem. It's primary goal is to allow the allocation of
host names to be distributed amongst multiple naming authorities,
rather than centralised at a single point.

DNS names are constructed hierarchichally. The highest level of the
hierarchy being the last component or label of the DNS address. Labels
can be up to 63 characters long and are case insensitive. A maximum
length of 255 characters is allowed. Labels must start with a letter
and can only consist of letters, digits and hyphens. [Unfortunately
some administrators construct names that start with digits. This is
wrong and can easily cause problems with software that simply inspects
the first character of a host address to determine whether a DNS name
or an IP address has been quoted.]

Note In the early days of the Internet users in at least one country
(the United Kingdom) adopted a similar scheme with the highest
hierarchical level appearing first rather than last. I.e.
uk.ac.wlv.scit.sun rather than sunc.scit.wlv.ac.uk. This practice is,
fortunately, obsolete.

DNS addresses can be relative or fully qualified. A fully qualified
address includes all the labels and is globally unique. A relative
address can be converted by appending the local domain information. For
example sunc.scit.wlv.ac.uk is a fully qualified name for the host sunc
in the domain scit.wlv.ac.uk. Strictly there should be a stop at the
end of a fully qualified name but this is often overlooked.

The final most significant label of a fully qualified name can fall
into one of three classes

arpa

This is a special facility used for reverse translation, i.e. going
from IP address to fully qualified domain address. If everything is
properly configured a suitably framed query for
1.4.220.134.in-addr.arpa will return sunc.scit.wlv.ac.uk. Details of
this will be described later.

3 letter codes

The DNS was orginally introduced in the United States of America and
the final component of an address was intended to indicate the type of
organisation hosting the computer. Some of the three letter final
labels (edu, gov, mil) are still only used by organisations based in
the USA, others can be used anywhere in the world.

The three letter codes are

code
meaning

com
Commercial. Now international.

edu
Educational.

gov
Government.

int
International Organisiation.

mil
Military.

net
Network related.

org
Miscellaneous Organisation.

Two letter codes

The final two letter codes indicate the country of origin and are
defined in ISO 3166 with the minor exception that uk is used for the
United Kingdom rather than gb although there are some .gb sites. [This
apparently happened because the ISO committee was unaware that Northern
Ireland was part of the United Kingdom but not part of Great Britain.]

The two letter code us is used by some sites in the United States of
America.

In some countries there are sub-domains indicating the type of
organisation such as ac.uk, co.uk, sch.uk in the United Kingdom and
edu.au and com.au in Australia. Most European countries have not
adopted this useful practice. A fuller discussion of the United Kingdom
DNS domains is provided by To obtain a domain address it is necessary
to identify the administrator of the required domain and then all that
is basically necessary is to send the administrator the required code
and the associated IP address and they will, if they accept the
request, include the details in their databases. Conditions for
acceptance vary widely between administrators, the administrators for
the com and org being, apparently, quite happy to accept anything from
anywhere.

A DNS server is just a computer that's running DNS software. Since most
servers are Unix machines, the most popular program is BIND (Berkeley
Internet Name Domain), but you can find software for the Mac and the PC
as well.

DNS software is generally made up of two elements: the actual name
server, and something called a resolver. The name server responds to
browser requests by supplying name-to-address conversions. When it
doesn't know the answer, the resolver will ask another name server for
the information.

To see how it works, let's go back to the domain-name-space inverted
tree.

When you type in a URL, your browser sends a request to the closest
name server. If that server has ever fielded a request for the same
host name (within a time period set by the administrator to prevent
passing old information), it will locate the information in its cache
and reply.

If the name server is unfamiliar with the domain name, the resolver
will attempt to "solve" the problem by asking a server farther up the
tree. If that doesn't work, the second server will ask yet another -
until it finds one that knows. (When a server can supply an answer
without asking another, it's known as an authoritative server.)

Once the information is located, it's passed back to your browser, and
you're sent on your merry way. Usually this process occurs quickly, but
occasionally it can take an excruciatingly long time (like 15 seconds).
In the worst cases, you'll get a dialog box that says the domain name
doesn't exist - even though you know damn well it does.

This happens because the authoritative server is slow replying to the
first, and your computer gets tired of waiting so it times-out (drops
the connection). But if you try again, there's a good chance it will
work, because the authoritative server has had enough time to reply,
and your name server has stored the information in its cache.

DNS Structure

The DNS is arranged as a hierarchy, both from the perspective of the
structure of the names maintained within the DNS, and in terms of the
delegation of naming authorities. At the top of the hierarchy is the
root domain "." which is administered by the Internet Assigned Numbers
Authority (IANA). Administration of the root domain gives the IANA the
authority to allocate domains beneath the root.

The process of assigning a domain to an organisational entity is called
delegating, and involves the administrator of a domain creating a
sub-domain and assigning the authority for allocating sub-domains of
the new domain the subdomain's administrative entity.

This is a hierarchical delegation, which commences at the "root" of the
Domain Name Space ("."). A fully qualified domain name, is obtained by
writing the simple names obtained by tracing the DNS hierarchy from the
leaf nodes to the root, from left to right, separating each name with a
stop ".", eg. fred.xxxx.edu.au. is the name of a host system (huxley)
within the XXXX University (xxx), an educational (edu) institution
within Australia (au).

The sub-domains of the root are known as the top-level domains, and
include the edu (educational), gov (government), and com (commercial)
domains. Although an organisation anywhere in the world can register
beneath these three-character top level domains, the vast majority that
have are located within, or have parent companies based in, the United
States.

The top-level domains represented by the ISO two-character country
codes are used in most other countries, thus organisations in Australia
are registered beneath au.

The majority of country domains are sub-divided into
organisational-type sub-domains. In some countries two character
sub-domains are created (eg. ac.nz for New Zealand academic
organisations), and in others three character sub-domains are used (eg.
com.au for Australian commercial organisations). Regardless of the
standard adopted each domain may be delegated to a separate authority.

Organisations that wish to register a domain name, even if they do not
plan to establish an Internet connection in the immediate short term,
should contact the administrator of the domain which most closely
describes their activities.

Even though the DNS supports many levels of sub-domains, delegations
should only be made where there is a requirement for an organisation or
organisational sub-division to manage their own name space.

Any sub-domain administrator must also demonstrate they have the
technical competence to operate a domain name server (described below),
or arrange for another organisation to do so on their behalf.

Domain Name Servers

The DNS is implemented as collection of inter-communicating
nameservers. At any given level of the DNS hierarchy, a nameserver for
a domain has knowledge of all the immediate sub-domains of that domain.


For each domain there is a primary nameserver, which contains
authoritative information regarding Internet entities within that
domain. In addition Secondary nameservers can be configured, which
periodically download authoritative data from the primary server.

Secondary nameservers provide backup to the primary nameserver when it
is not operational, and further improve the overall performance of the
DNS, since the nameservers of a domain that respond to queries most
quickly are used in preference to any others. Thus, in addition to
having a primary nameserver on site, each organisation should have at
least one secondary on site, and another elsewhere on the Internet,
preferably well connected. This is particularly important for entities
with slow speed or dial-up Internet connections to reduce use of their
link to support the DNS.

No comments: