Differences between version 18 and predecessor to the previous major change of DNS.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 18 | Last edited on Sunday, November 28, 2004 11:44:01 am | by AristotlePagaltzis | Revert |
| Older page: | version 1 | Last edited on Tuesday, July 16, 2002 12:34:15 am | by CraigBox | Revert |
@@ -1,11 +1,90 @@
-An [Acronym] for __D__omain __N__ame __S__ervice -- the glue that binds the InterWeb together
.
+An [Acronym] for __D__omain __N__ame __S__ervice.
-DNS is
the [Protocol|CategoryProtocols
] that takes you typing '
www.JRandomWebsite.com'
into your web browser, finds
the InternetProtocol address of the site (
which would look something like 127
..1)
.
+The glue that binds the InterNet together --
the [Protocol] that takes you from
typing <tt>
www.JRandomWebsite.com</tt>
into your web browser to
the InternetProtocol address of the site which would look something like <tt>123
.45
.67
.89</tt> so that:
-Practical upshot?
You can remember www.amd.com instead of 64.41.192.105. And then they
can change the name to point somewhere else if they need to (if something like the CodeRedBungle happens).
+*
You can remember <tt>
www.amd.com</tt>
instead of <tt>
64.41.192.105</tt>
+* They
can change the name to point somewhere else if they need to (if something like the CodeRedBungle happens).
-DNS is usually provided by a program called named(8) - usually
a version of bind, the Berkeley Internet Name Daemon. See our page of NamedNotes
.
+[
DNS] does more than just that (a ForwardLookup) though -- there are different types of ResourceRecord~s. It
is usually provided by a program called named(8) -- commonly
a version of bind, the Berkeley Internet Name Daemon.
-''someone wanna go find all the rfc's that refer to DNS and link them here?
-- PerryLorier''
+-----
-Yes Perry
, you do.
+This is pasted here from a conversation on IRC because this information is important but I don't have time to sit down and write it up as a nice paragraph
, it should also have it's facts verified:
+
+<verbatim>
+ <Isomer> people set up dns so that replies don't come from the same ip sometimes
+ <quantum_> i wonder about this: client c sends a resquest to s1
+ <quantum_> which forwards the request to s2
+ <quantum_> but using a wierd packet so the reply goes right back to c
+ <quantum_> bypassing s1 completely
+ <Isomer> that doesn't happen
+ <Isomer> it's more when
you have a machine
+ <Isomer> h1
+ <Isomer> with two interfaces i1 and i2
+ <quantum_> (which is just stupid, because then s1 cant cache)
+ <Isomer> which have one unique IP each
+ <Isomer> now the default route goes out i1
+ <Isomer> but i2 is the IP in DNS as the nameserver
+ <Isomer> you send a query to i2, but when h1 creates a new packet and sends it
+ <Isomer> the OS attaches i1 as the source address instead of i2
+ <Isomer> because it uses the IP of the interface that the packet leaves from
+ <Isomer> see?
+ <Isomer> this can't be easily fixed either, coz if you use the IP of i1
+ <Isomer> then people on i2 have the same issue
+ <Isomer> bind fixes this by opening one port per interface
+ <Isomer> hence why you see lots of :53's for bind
+ <Isomer> but it can't bind to new port 53's when you bring up another interface after it's started and has dropped privileges
+ <quantum_> ah
+ <Isomer> so yeah
+ <Isomer> I should wiki this
+ <quantum_> yes
+ <quantum_> because many things were just made clear
+ <Isomer> which is why so many things have cone nat's
+ <Isomer> because if they were restrictive nats
+ <quantum_> all because recv() can tell you who sent the packet
+ <Isomer> then you can't query some dns servers
+ <quantum_> but not where it arrived in the machine.
+ <Isomer> thats not the problem
+ <Isomer> the problem is sending a packet with a specific source address
+ <quantum_> im sure ive seen log messages about bind discovering new interfaces
+ <quantum_> so they could leave a suid root child which communicates to its parent over unix domain socket
+ <quantum_> to pass file descs
+ <quantum_> and does nothing else, so is (hopefully) mostly secure
+ <Isomer> you run bind as root?
+ <quantum_> (maybe they
do this, i dont admin any bind nameservers, nor have looked at the source)
+</verbatim>
+
+----
+
+More crud, from the deleted page about the A6 ResourceRecord:
+
+I tried setting this up at home - debian woody, bind9
. I could do host -t A6 $domain fine, and host -t A6 $host.$domain worked too, although it returned the fragment for the host and the domain name as part of the record - not what its supposed to do. Glibc under debian woody doesn't appear to support it, and its listed as a bug as of June 15 2003, tagged 'wishlist'. Pity too, as A6 addressing makes a LOT of sense for dynamic IP.
+
+I had:
+
+<verbatim>
+$ORIGIN element.tla.
+test 10 IN A6 0 2002:6to4:prefix::
+
+$ORIGIN test.element.tla.
+helium 10 IN A6 0 ::1 test.element.tla.
+</verbatim>
+
+which is how I interpreted the bind9 docs on setting up A6 addressing. If i'm doing this wrong let me know. -- DanielLawson
+
+''Some name servers (bind9?) support <tt>A6</tt> -> <tt>AAAA</tt> translations, can this be enabled?''
+
+''I can find no mention of this. Bind9 supports A6 addresses in full, which are essentially identical to AAAA addresses, but thats not what I want''
+
+----
+
+See also:
+* NameServer
+* NamedNotes
+* [DNSHowTo]
+* RFC:1034 (Domain Names -- Concepts and Facilities)
+* RFC:1035 (Domain Names -- Implementations and Specification)
+* [ICANN]
+
+----
+Part of CategoryDns, CategoryNetworking and CategoryProtocols
