Day 17: DNS Operation

All hosts have a HOSTS file that matches names to IP addresses. This file is first used to resolve a request for a domain. Obviously its impossible to keep it all in file, so a DNS server performs this task on a network. If you want to verify the capability to access a DNS server you'd use the nslookup utility: http://technet.microsoft.com/en-us/library/cc725991(WS.10).aspx

The domain naming system has these components: resource records and domain namespace, domain name servers and resolvers. The hierarchy of the domain name system begins at the top with top-level domains such as .com, .org - they could also represent countries. These are followed by second-level domains such as cisco, yet they could also have specific locations such as mail.

So, what happens if a host wants to resolve a Domain Name System (DNS - port 53) name such as mail.cisco.com? A domain that that points to a specific computer in a domain is considered a fully qualified domain name (FQDN). The host uses a resolver to query a DNS server inside its domain to get the IP address of mail.cisco.com. This DNS server is preconfigured (see ipconfig /all). You could use the well known 4.2.2.2 but there's always a security risk using one that you're not authorized to.

1. The DNS server (usually from our ISP) receives the request and checks its local records. If the DNS server cannot resolve the domain name, it forwards the request to another preconfigured DNS server. The local DNS server may query a root DNS server to discover the location of top-level.com domain name servers.
2. The top-level DNS server, after it's queried responds with the location of the cisco.com DNS server for the requested domain.
3. The local DNS server queries the cisco.com DNS server for the location of mail.cisco.com. When the resolved name to IP address is returned, each DNS server caches the record for a limited amount of time.
4. The local DNS server receives the returned request, temporarily caches the record and responds to the requesting host with the IP address for mail.cisco.com.

 It's important to know that DNS zones can be broken into primary or secondary forward lookup or reverse lookup zones:

• Primary and secondary: there can be primary and secondary forward lookup and reverse lookup zones. The primary zone is where you update records, and the secondary zone operates as a read-only backup copy of the primary zone.
• Forward lookup zones: standard zone that resolves FQDNs to IP addresses.
• Reverse lookup zones: this query works in reverse: a host wants to know the FQDN because it knows the IP address. Private networks use reverse lookup to identify host names on their local network. I've had some issues with this lately when we forgot to set this zone up during a rollout of hosts, we got the error Nonexistent domain when testing with nslookup.

It's a good idea to use redundant DNS servers!

There's good information and links on wikipedia: http://en.wikipedia.org/wiki/Domain_Name_System