Differences between version 14 and previous revision of DNS.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 14 | Last edited on Wednesday, November 24, 2004 2:21:29 pm | by PerryLorier | Revert |
| Older page: | version 8 | Last edited on Wednesday, October 8, 2003 11:24:51 pm | by StuartYeates | Revert |
@@ -1,19 +1,67 @@
-An [Acronym] for __D__omain __N__ame __S__ervice -- the glue that binds the InterWeb together
.
+An [Acronym] for __D__omain __N__ame __S__ervice.
-DNS is
the [Protocol|CategoryProtocols
] that takes you typing '
www.JRandomWebsite.com'
into your web browser, finds
the InternetProtocol address of the site (
which would look something like 64
.94
.110.11)
.
+The glue that binds the InterNet together --
the [Protocol] that takes you from
typing <tt>
www.JRandomWebsite.com</tt>
into your web browser to
the InternetProtocol address of the site which would look something like <tt>123
.45
.67
.89</tt> so that:
-Practical upshot?
You can remember www.amd.com instead of 64.41.192.105. And then they
can change the name to point somewhere else if they need to (if something like the CodeRedBungle happens).
+*
You can remember <tt>
www.amd.com</tt>
instead of <tt>
64.41.192.105</tt>
+* They
can change the name to point somewhere else if they need to (if something like the CodeRedBungle happens).
-DNS is usually provided by a program called named(8) - usually
a version of bind, the Berkeley Internet Name Daemon. See our NamedNotes page and our NameServer page for some definitions. We also have a [DNSHowTo] and information on [ICANN] who control the political side of things
.
+[
DNS] does more than just that (a ForwardLookup) though -- there are different types of ResourceRecord~s. It
is usually provided by a program called named(8) -- commonly
a version of bind, the Berkeley Internet Name Daemon.
-RFC:1034
- Domain Names
- Concepts and Facilities
-RFC:1035
- Domain Names
- Implementations
and Specification
+-----
+This is pasted here from a conversation on IRC because this information is important but I don't have time to sit down
and write it up as a nice paragraph, it should also have it's facts verified:
-DNS
doesn't "just" turn names into numbers (
a ForwardLookup
) - there are different types
of records
:
-* [A]
and [AAAA] and [A6]
-* [CNAME]
-* [LOC]
(to find
the [GPS] location of a
machine or site
)
-* [MX
] (to find an [SMTP] server for a domain
)
-* [NS]
(to find a NameServer for domain
)
-* [PTR
] (for doing
a ReverseLookup
)
-* [TXT]
+<verbatim>
+ <Isomer> people set up dns so that replies don't come from the same ip sometimes
+ <quantum_> i wonder about this: client c sends a resquest to s1
+ <quantum_> which forwards the request to s2
+ <quantum_> but using a wierd packet so the reply goes right back to c
+ <quantum_> bypassing s1 completely
+ <Isomer> that
doesn't happen
+ <Isomer> it's more when you have
a machine
+ <Isomer> h1
+ <Isomer> with two interfaces i1 and i2
+ <quantum_> (which is just stupid, because then s1 cant cache
)
+ <Isomer> which have one unique IP each
+ <Isomer> now the default route goes out i1
+ <Isomer> but i2 is the IP in DNS as the nameserver
+ <Isomer> you send a query to i2, but when h1 creates a new packet and sends it
+ <Isomer> the OS attaches i1 as the source address instead of i2
+ <Isomer> because it uses the IP of the interface that the packet leaves from
+ <Isomer> see?
+ <Isomer> this can't be easily fixed either, coz if you use the IP of i1
+ <Isomer> then people on i2 have the same issue
+ <Isomer> bind fixes this by opening one port per interface
+ <Isomer> hence why you see lots
of :53's for bind
+ <Isomer> but it can't bind to new port 53's when you bring up another interface after it's started
and has dropped privileges
+ <quantum_> ah
+ <Isomer> so yeah
+ <Isomer> I should wiki this
+ <quantum_> yes
+ <quantum_> because many things were just made clear
+ <Isomer> which is why so many things have cone nat's
+ <Isomer> because if they were restrictive nats
+ <quantum_> all because recv
() can tell you who sent the packet
+ <Isomer> then you can't query some dns servers
+ <quantum_> but not where it arrived in
the machine.
+ <Isomer> thats not the problem
+ <Isomer> the problem is sending a packet with a specific source address
+ <quantum_> im sure ive seen log messages about bind discovering new interfaces
+ <quantum_> so they could leave a suid root child which communicates to its parent over unix domain socket
+ <quantum_> to pass file descs
+ <quantum_> and does nothing else, so is (hopefully
) mostly secure
+ <Isomer> you run bind as root?
+ <quantum_> (maybe they do this, i dont admin any bind nameservers, nor have looked at the source)
+</verbatim>
+-----
+See also:
+* NameServer
+* NamedNotes
+* [DNSHowTo
]
+* RFC:1034
(Domain Names -- Concepts and Facilities
)
+* RFC:1035
(Domain Names -- Implementations and Specification
)
+* [ICANN
]
+
+
(Should there be
a category dns?
)
+
+----
+Part of CategoryNetworking and CategoryProtocols
