The Domain Name System is responsible for translating a domain name into an IP address.
Domain names are used for virtually every web service, including HTTP, mail, FTP, and so on. Domain names are registered through an issuing authority, or domain registrar, such as netsol.com or directnic.com. The personal information you provide your registrar with for that domain is then stored in a root DNS server. This root DNS server is responsible for distributing this information to any DNS servers across the world when it is requested. This is called propagation. DNS propagation usually takes between 24 and 48 hours to take effect globally but can be much shorter for your own zone depending on the administrator’s con-figuration settings.
When you type a domain name into your or FTP client, your computer asks its primary name server for the proper IP address. If your name server has ever fielded a request for that domain, the server will locate the domain within its own cache and reply with the proper IP address, as long as the time to live (TTL) has not expired. If your name server has never fielded a request for the domain, the DNS server will attempt to locate the proper address by using a set of func-tions referred to as a resolver. It does this by asking the next server up the tree what the proper IP address is for the given domain. If that server fails to come up with an answer, the DNS server will keep trying a different server until it reaches an answer. If no answer comes back within a reasonable amount of time, the client application making the request will most likely display a message saying that it has timed out. If this happens and you know the domain exists,
125
Using DNS
you could choose to keep trying until your DNS finds a match on a remote server. If the domain is not valid, however, you are out of luck and your attempts are futile.
A domain name resolution request to a server contains five basic parts:
Header section The header section contains errors, flags, and other miscellaneous settings.
Question section The question section carries the domain name that is being queried.
Answer section This section contains the answer to the question.
Authority section The authority section contains a list of name servers that might be able to answer the question at hand.
Additional information section This section holds other records that are not the requested domain but might be similar or relevant to the question.
Here we see the breakdown of how DNS processes its requests. When you type in a domain to be resolved, a message is sent to your name server. If that name server does not know the answer, it in turn queries another name server. This second name server sends back one of two responses: either your answer (the actual IP address the domain resolved to) or entries in the authority section of the response (a list of other name servers). If your original DNS server does not receive an answer, it tries to contact each one of those servers and find out the proper answer. If no answer is forthcoming, it will dig down deeper by using the referrals from each of the new recommendations by those servers. Most likely, however, your DNS will receive an actual answer back during the first round of queries.
If an answer that is received back comes with an authoritative source flag, your DNS will update itself automatically and cache the address so that DNS will not have to go through this same process again. If another request is made for the same domain, it will not reply with the authoritative source flag because it is not coming from such a source.
There are a variety of tools available for finding out information about a specific domain.
One of the most popular on Linux is the dig command. This command is used to query a DNS name server for a specific domain. It is a powerful and versatile command for your administra-tion arsenal and should not be overlooked.
Go ahead and perform a dig linuxforum.com and you’ll be greeted with the following output:
; <<>> DiG 9.2.2-P3 <<>> linuxforum.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62984
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:
;linuxforum.com. IN A
4337Book.fm Page 125 Saturday, June 19, 2004 5:24 PM
;; ANSWER SECTION:
linuxforum.com. 38400 IN A 66.98.196.36
;; AUTHORITY SECTION:
linuxforum.com. 38400 IN NS NS4.W3FREAKS.com.
linuxforum.com. 38400 IN NS NS1.W3FREAKS.com.
linuxforum.com. 38400 IN NS NS2.W3FREAKS.com.
;; Query time: 337 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 3 04:41:03 2004
;; MSG SIZE rcvd: 111
The previous query was performed without specifying a type. By default, type A was speci-fied. The actual syntax for dig is as follows:
dig @server name type
Our previous query also left off server, which is reserved for an IP address or hostname, but we specified the name and the default type. Other types are MX, SIG, MB, CNAME, ANY, and so forth.
You can also perform a reverse DNS lookup through dig. Try using the command dig -x dig -x ipAddress and you will be returned an answer as to what primary domain that IP resolved to.
You can see the upcoming “Record Types” subsection for a complete list and short descrip-tion. In addition to types of queries, there are almost 40 options you can specify to retrieve spe-cific information about a server or domain name. Listed here are a few that we feel are most important. Try experimenting with the options and learning the different results:
-b source This option sets the source IP address to be the given IP. This IP address must be bound to a local network device.
-ffilename Specifying this option enables dig to operate in batch mode, retrieving its list of queries from the file specified. Each query should be constructed as it would on the command line and should be one per line.
-pport If you plan on querying a nonstandard port, you can simply specify this option followed by the port number.
-xipAddress This enables you to perform a reverse DNS lookup, which means that the specified IP address will be resolved into a domain name. When this occurs, you do not need to specify the name or type.
127
Using DNS
Performing a man on dig will also display an extended list of options. These options are specified by using a + followed by an optional no to state whether to include or not include the value for the following option. Here are some of the more important items you might use:
+[no]tcp Use [do not use] TCP when querying a name server. The default is UDP unless the type is set to AXFR or IXFR.
+domain=domainName This option enables you to set the search list to contain only the domain provided as if it were specified in a domain directive in the /etc/resolv.conf file. It also enables search list processing, much like the +search option.
+[no]search Use [do not use] the search list as specified by the resolv.conf file.
+[no]cdflag This sets the Checking Disabled bit in your query. The server will not perform the Domain Name System SECurity (DNSSEC) lookup and will return all other information specified.
+[no]recursive This set [unsets] the capability of your name server to perform recursive queries on other name servers. This is automatically enabled unless you are specifying the nssearch or trace options.
+[no]nssearch This useful specification enables you to tell your server to look for an authoritative name server for the specified domain. This ensures that the IP address is cached to your name server as well.
+[no]trace Although trace is disabled by default, it has an interesting behavior. Much like the name suggests, it traces each of the queries made to each name server in order to resolve a domain name. Each of the answers from each of the queries will be printed to the screen.
+[no]cmd You can use this option to toggle the comment field, which is initially printed when the command is run. This is the one that includes the options specified and the ver-sioning info. This can be especially useful if you are running dig in batch mode.
+[no]comments This flag toggles the display of the actual comment field in a name server answer.
+[no]qr The qr option turns on [off] the printing of the query used to query the name server. By default, this option is off.
+[no]question Show [do not show] the question portion of the response.
+[no]answer Show [do not show] the answer portion of the response.
+[no]authority Show [do not show] the authority portion of the response.
4337Book.fm Page 127 Saturday, June 19, 2004 5:24 PM
+[no]additional Show [do not show] the additional portion of the response.
+tries=number This sets the maximum number of tries before failing.
+[no]besteffort This attempts to display the answer received even if it has been marked as invalid or corrupted.
These options should provide you with enough functionality to find any answer you could ever want to name-server-related questions. Learning to use the dig tool can provide huge benefits for you when tracking down DNS and resolution problems.