Understanding DNS

by: Budi Rahardjo

The heart of the Internet is Domain Name Services (DNS). Understanding DNS is essential for Internet / Intranet operators. This short article hopefuly can give an introduction on DNS. For an in depth discussion, you should get a good book on DNS, listed at the "Reading materials" section. Computers deal with numbers but we, human, are weak when dealing (memorizing) numbers. On the Internet, each computer has its own number, called an IP Number. (IP = Internet Protocol) An IP number has four numbers separated by dots: aaa.bbb.ccc.ddd. For example, my current desktop computer's IP number is 192.168.1.123. The name of this computer is "pc04". It is easier for me to memorize "pc04" than the IP number. I can connect to my computer using the following command: "telnet pc04". (This will only work from a machine in our local area network, since we are behind a firewall.) When I execute the above command, the "pc04" is expanded into its actual number. Thus, the computer actually executes "telnet 192.168.1.123". How does the computer know the number? Where does it get the number from? Originally, the Internet was so small that the name and number translation can be put in a file, which is usually called "/etc/hosts". If you have one or a small number of computers in your network, you can just put the translation in this file. Here is an example of entries in the /etc/hosts file.
# entry of /etc/hosts # IP number name 192.168.1.123 pc04.win.trlabs.ca pc04 192.168.1.1 gateway

The number of computers connected to the Internet grew, and the file (static) translation became out of hand. It is just impossible to sync /etc/files on thousands (or even millions?) of computers. Many people wanted to name their computers with the same name. Popular names include "orion", "gateway", and so on. Then people added the domain name. So now, my machine became known as "pc04.win.trlabs.ca". But still, the database must be distributed. Came the Domain Name Services (DNS). The name to number translation is now distributed and maintained locally by owener of the domain.

BIND the DNS Server

One of the most popular UNIX implementation of a DNS server is BIND (Berkeley Internet Name Domain). This is implemented as a server program called "named". Check your machine if there is a named process. On a BSD-flavor UNIX, do the following command:
ps -aux | grep named

If you see a named process, then your computer is running a DNS.

The main configuration file of "named" is a file called "/etc/named.boot". This file stores information about domain name your computer is serving. Your computer can be the primary server of the domain, or it can be the secondary (backup) of a domain. This is usually indicated by the word "primary" or "secondary" in the "/etc/named.boot". Have a look at this file. Examples of entries in the file
; semicolon is a comment

; an example of primary DNS for mydomain.com ; the information is stored in a file called named.mydomain primary mydomain.com named.mydomain ; ; an example of secondary DNS for myfriend.com ; the primary DNS is running on 192.168.1.1 ; information will be downloaded from the primary DNS and ; will be stored in a file called "named.myfriend" secondary myfriend.com 192.168.1.1 named.myfriend

The information for each domain is stored in an individual file. The filename is noted in the entry for that domain in the /etc/named.boot file. (See the example above.) If you made any modification to your DNS, you have to let named know about the changes by giving a HUP signal. Or, you can kill and restart named. The way named is started usually is found in your machine rc.files. (In Slackware Linux, probably the command to start named is in /etc/rc.d/ directory.) Here is an example to restart named in Linux.
# ps -aux | grep named # kill -HUP PID-found-from-above-command or in Solaris 2.x # cat /etc/named.pid # kill -HUP PID-found-from-above command

or you can do the above in one step

# kill -HUP `cat /etc/named.pid`

After executing the above command, you might want to check the log file of your server. Usually it is stored in /var/adm/messages or /var/log/messages.
% tail /var/adm/messages

To test the changes, you can use the "host" or "nslookup" command:
% host some.site.com % nslookup some.site.com

Reading materials
1. DNS and BIND, O'Reilly & Assoc., Inc.

Version 1.2 - 23 May 1997

Copyright 1997, Budi Rahardjo