Rev | Author | # | Line |
---|---|---|---|
18 | AristotlePagaltzis | 1 | An [Acronym] for __D__omain __N__ame __S__ervice. |
2 | |||
3 | The glue that binds the InterNet together -- the [Protocol] that takes you from typing <tt>www.JRandomWebsite.com</tt> into your web browser to the InternetProtocol address of the site which would look something like <tt>123.45.67.89</tt> so that: | ||
4 | |||
5 | * You can remember <tt>www.amd.com</tt> instead of <tt>64.41.192.105</tt> | ||
6 | * They can change the name to point somewhere else if they need to (if something like the CodeRedBungle happens). | ||
7 | |||
8 | [DNS] does more than just that (a ForwardLookup) though -- there are different types of ResourceRecord~s. It is usually provided by a program called named(8) -- commonly a version of bind, the Berkeley Internet Name Daemon. | ||
9 | |||
10 | ----- | ||
11 | |||
12 | This is pasted here from a conversation on IRC because this information is important but I don't have time to sit down and write it up as a nice paragraph, it should also have it's facts verified: | ||
13 | |||
14 | <verbatim> | ||
15 | <Isomer> people set up dns so that replies don't come from the same ip sometimes | ||
16 | <quantum_> i wonder about this: client c sends a resquest to s1 | ||
17 | <quantum_> which forwards the request to s2 | ||
18 | <quantum_> but using a wierd packet so the reply goes right back to c | ||
19 | <quantum_> bypassing s1 completely | ||
20 | <Isomer> that doesn't happen | ||
21 | <Isomer> it's more when you have a machine | ||
22 | <Isomer> h1 | ||
23 | <Isomer> with two interfaces i1 and i2 | ||
24 | <quantum_> (which is just stupid, because then s1 cant cache) | ||
25 | <Isomer> which have one unique IP each | ||
26 | <Isomer> now the default route goes out i1 | ||
27 | <Isomer> but i2 is the IP in DNS as the nameserver | ||
28 | <Isomer> you send a query to i2, but when h1 creates a new packet and sends it | ||
29 | <Isomer> the OS attaches i1 as the source address instead of i2 | ||
30 | <Isomer> because it uses the IP of the interface that the packet leaves from | ||
31 | <Isomer> see? | ||
32 | <Isomer> this can't be easily fixed either, coz if you use the IP of i1 | ||
33 | <Isomer> then people on i2 have the same issue | ||
34 | <Isomer> bind fixes this by opening one port per interface | ||
35 | <Isomer> hence why you see lots of :53's for bind | ||
36 | <Isomer> but it can't bind to new port 53's when you bring up another interface after it's started and has dropped privileges | ||
37 | <quantum_> ah | ||
38 | <Isomer> so yeah | ||
39 | <Isomer> I should wiki this | ||
40 | <quantum_> yes | ||
41 | <quantum_> because many things were just made clear | ||
42 | <Isomer> which is why so many things have cone nat's | ||
43 | <Isomer> because if they were restrictive nats | ||
44 | <quantum_> all because recv() can tell you who sent the packet | ||
45 | <Isomer> then you can't query some dns servers | ||
46 | <quantum_> but not where it arrived in the machine. | ||
47 | <Isomer> thats not the problem | ||
48 | <Isomer> the problem is sending a packet with a specific source address | ||
49 | <quantum_> im sure ive seen log messages about bind discovering new interfaces | ||
50 | <quantum_> so they could leave a suid root child which communicates to its parent over unix domain socket | ||
51 | <quantum_> to pass file descs | ||
52 | <quantum_> and does nothing else, so is (hopefully) mostly secure | ||
53 | <Isomer> you run bind as root? | ||
54 | <quantum_> (maybe they do this, i dont admin any bind nameservers, nor have looked at the source) | ||
55 | </verbatim> | ||
56 | |||
57 | ---- | ||
58 | |||
59 | More crud, from the deleted page about the A6 ResourceRecord: | ||
60 | |||
61 | I tried setting this up at home - debian woody, bind9. I could do host -t A6 $domain fine, and host -t A6 $host.$domain worked too, although it returned the fragment for the host and the domain name as part of the record - not what its supposed to do. Glibc under debian woody doesn't appear to support it, and its listed as a bug as of June 15 2003, tagged 'wishlist'. Pity too, as A6 addressing makes a LOT of sense for dynamic IP. | ||
62 | |||
63 | I had: | ||
64 | |||
65 | <verbatim> | ||
66 | $ORIGIN element.tla. | ||
67 | test 10 IN A6 0 2002:6to4:prefix:: | ||
68 | |||
69 | $ORIGIN test.element.tla. | ||
70 | helium 10 IN A6 0 ::1 test.element.tla. | ||
71 | </verbatim> | ||
72 | |||
73 | which is how I interpreted the bind9 docs on setting up A6 addressing. If i'm doing this wrong let me know. -- DanielLawson | ||
74 | |||
75 | ''Some name servers (bind9?) support <tt>A6</tt> -> <tt>AAAA</tt> translations, can this be enabled?'' | ||
76 | |||
77 | ''I can find no mention of this. Bind9 supports A6 addresses in full, which are essentially identical to AAAA addresses, but thats not what I want'' | ||
20 | MattBrown | 78 | |
79 | ---- | ||
80 | !NZ Zone Push Times | ||
81 | |||
82 | Added here for lack of ideas about a better page to put it on. | ||
83 | |||
21 | MichaelJager | 84 | Currently the .nz zone push occurs every hour on the hour. |
18 | AristotlePagaltzis | 85 | |
86 | ---- | ||
87 | |||
88 | See also: | ||
89 | * NameServer | ||
90 | * NamedNotes | ||
19 | AristotlePagaltzis | 91 | * [DNSHowto] |
18 | AristotlePagaltzis | 92 | * RFC:1034 (Domain Names -- Concepts and Facilities) |
93 | * RFC:1035 (Domain Names -- Implementations and Specification) | ||
94 | * [ICANN] | ||
95 | |||
96 | ---- | ||
97 | Part of CategoryDns, CategoryNetworking and CategoryProtocols |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 2 times)