| Rev | Author | # | Line |
|---|---|---|---|
| 18 | AristotlePagaltzis | 1 | An [Acronym] for __D__omain __N__ame __S__ervice. |
| 2 | |||
| 3 | The glue that binds the InterNet together -- the [Protocol] that takes you from typing <tt>www.JRandomWebsite.com</tt> into your web browser to the InternetProtocol address of the site which would look something like <tt>123.45.67.89</tt> so that: | ||
| 4 | |||
| 5 | * You can remember <tt>www.amd.com</tt> instead of <tt>64.41.192.105</tt> | ||
| 6 | * They can change the name to point somewhere else if they need to (if something like the CodeRedBungle happens). | ||
| 7 | |||
| 8 | [DNS] does more than just that (a ForwardLookup) though -- there are different types of ResourceRecord~s. It is usually provided by a program called named(8) -- commonly a version of bind, the Berkeley Internet Name Daemon. | ||
| 9 | |||
| 10 | ----- | ||
| 11 | |||
| 12 | This is pasted here from a conversation on IRC because this information is important but I don't have time to sit down and write it up as a nice paragraph, it should also have it's facts verified: | ||
| 13 | |||
| 14 | <verbatim> | ||
| 15 | <Isomer> people set up dns so that replies don't come from the same ip sometimes | ||
| 16 | <quantum_> i wonder about this: client c sends a resquest to s1 | ||
| 17 | <quantum_> which forwards the request to s2 | ||
| 18 | <quantum_> but using a wierd packet so the reply goes right back to c | ||
| 19 | <quantum_> bypassing s1 completely | ||
| 20 | <Isomer> that doesn't happen | ||
| 21 | <Isomer> it's more when you have a machine | ||
| 22 | <Isomer> h1 | ||
| 23 | <Isomer> with two interfaces i1 and i2 | ||
| 24 | <quantum_> (which is just stupid, because then s1 cant cache) | ||
| 25 | <Isomer> which have one unique IP each | ||
| 26 | <Isomer> now the default route goes out i1 | ||
| 27 | <Isomer> but i2 is the IP in DNS as the nameserver | ||
| 28 | <Isomer> you send a query to i2, but when h1 creates a new packet and sends it | ||
| 29 | <Isomer> the OS attaches i1 as the source address instead of i2 | ||
| 30 | <Isomer> because it uses the IP of the interface that the packet leaves from | ||
| 31 | <Isomer> see? | ||
| 32 | <Isomer> this can't be easily fixed either, coz if you use the IP of i1 | ||
| 33 | <Isomer> then people on i2 have the same issue | ||
| 34 | <Isomer> bind fixes this by opening one port per interface | ||
| 35 | <Isomer> hence why you see lots of :53's for bind | ||
| 36 | <Isomer> but it can't bind to new port 53's when you bring up another interface after it's started and has dropped privileges | ||
| 37 | <quantum_> ah | ||
| 38 | <Isomer> so yeah | ||
| 39 | <Isomer> I should wiki this | ||
| 40 | <quantum_> yes | ||
| 41 | <quantum_> because many things were just made clear | ||
| 42 | <Isomer> which is why so many things have cone nat's | ||
| 43 | <Isomer> because if they were restrictive nats | ||
| 44 | <quantum_> all because recv() can tell you who sent the packet | ||
| 45 | <Isomer> then you can't query some dns servers | ||
| 46 | <quantum_> but not where it arrived in the machine. | ||
| 47 | <Isomer> thats not the problem | ||
| 48 | <Isomer> the problem is sending a packet with a specific source address | ||
| 49 | <quantum_> im sure ive seen log messages about bind discovering new interfaces | ||
| 50 | <quantum_> so they could leave a suid root child which communicates to its parent over unix domain socket | ||
| 51 | <quantum_> to pass file descs | ||
| 52 | <quantum_> and does nothing else, so is (hopefully) mostly secure | ||
| 53 | <Isomer> you run bind as root? | ||
| 54 | <quantum_> (maybe they do this, i dont admin any bind nameservers, nor have looked at the source) | ||
| 55 | </verbatim> | ||
| 56 | |||
| 57 | ---- | ||
| 58 | |||
| 59 | More crud, from the deleted page about the A6 ResourceRecord: | ||
| 60 | |||
| 61 | I tried setting this up at home - debian woody, bind9. I could do host -t A6 $domain fine, and host -t A6 $host.$domain worked too, although it returned the fragment for the host and the domain name as part of the record - not what its supposed to do. Glibc under debian woody doesn't appear to support it, and its listed as a bug as of June 15 2003, tagged 'wishlist'. Pity too, as A6 addressing makes a LOT of sense for dynamic IP. | ||
| 62 | |||
| 63 | I had: | ||
| 64 | |||
| 65 | <verbatim> | ||
| 66 | $ORIGIN element.tla. | ||
| 67 | test 10 IN A6 0 2002:6to4:prefix:: | ||
| 68 | |||
| 69 | $ORIGIN test.element.tla. | ||
| 70 | helium 10 IN A6 0 ::1 test.element.tla. | ||
| 71 | </verbatim> | ||
| 72 | |||
| 73 | which is how I interpreted the bind9 docs on setting up A6 addressing. If i'm doing this wrong let me know. -- DanielLawson | ||
| 74 | |||
| 75 | ''Some name servers (bind9?) support <tt>A6</tt> -> <tt>AAAA</tt> translations, can this be enabled?'' | ||
| 76 | |||
| 77 | ''I can find no mention of this. Bind9 supports A6 addresses in full, which are essentially identical to AAAA addresses, but thats not what I want'' | ||
| 20 | MattBrown | 78 | |
| 79 | ---- | ||
| 80 | !NZ Zone Push Times | ||
| 81 | |||
| 82 | Added here for lack of ideas about a better page to put it on. | ||
| 83 | |||
| 21 | MichaelJager | 84 | Currently the .nz zone push occurs every hour on the hour. |
| 18 | AristotlePagaltzis | 85 | |
| 86 | ---- | ||
| 87 | |||
| 88 | See also: | ||
| 89 | * NameServer | ||
| 90 | * NamedNotes | ||
| 19 | AristotlePagaltzis | 91 | * [DNSHowto] |
| 18 | AristotlePagaltzis | 92 | * RFC:1034 (Domain Names -- Concepts and Facilities) |
| 93 | * RFC:1035 (Domain Names -- Implementations and Specification) | ||
| 94 | * [ICANN] | ||
| 95 | |||
| 96 | ---- | ||
| 97 | Part of CategoryDns, CategoryNetworking and CategoryProtocols |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 2 times)