|
Size: 3613
Comment:
|
Size: 2059
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from DNS | |
| Line 4: | Line 3: |
| '''Domain Name System''' ('''DNS''') '''Resolution''' is a core component to the internet. It is both a standard for communication and a multi-layered, distributed infrastructure. | '''Domain Name System''' ('''DNS''') is a system for identifying machines in a human-readable format (i.e. as compared to [[Protocols/IP|IP addresses]]). While there are root nameservers, the system is decentralized and records can be shadowed, spoofed, or confined to a local network. |
| Line 12: | Line 13: |
| == Internet Protocol == | == Domain Names == |
| Line 14: | Line 15: |
| All '''internet gateways''' (commonly modems) act as an interface between the internet and local hosts. This is governed by the '''Internet Protocol''' ('''IP'''). | '''Domain names''' map to actual IP addresses. A domain name is queried against a nameserver, which in some manner returns an answer. |
| Line 16: | Line 17: |
| A set of IP addresses are reserved for local networking: | |
| Line 18: | Line 18: |
| ||'''IP Block''' ||'''IP Range''' ||'''Reserved for''' || ||127.0.0.0/8 ||127.0.0.0 - 127.255.255.255 ||Loopback || ||10.0.0.0/8 ||10.0.0.0 - 10.255.255.255 ||Local network || ||172.16.0.0/12 ||172.16.0.0 - 172.31.255.255 ||Local network || ||192.0.0.0/24 ||192.0.0.0 - 192.0.0.255 ||Local network || ||192.168.0.0/16 ||192.168.0.0 - 192.168.255.255 ||Local network || ||::1/128 ||::1 (yes, just one address) ||Loopback || ||fc00::/7 ||fc00:: - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ||Local network || |
|
| Line 27: | Line 19: |
| There are also a number of reservations for infrastructure and future use. The remainder are mapped to the public internet. | === Obtaining Domain Names === |
| Line 29: | Line 21: |
| Any host will have both a private (local network) IP address and a public (internet) IP address. Most users have a '''dynamic IP address''', which means it was assigned randomly and temporarily. This assignment is handled by a '''Dynamic Host Configuration Protocol''' ('''DHCP''') server. The alternative is a '''static IP address''', which is a permanent assignment. | A domain name can be purchased from any number of providers, which act as a middleman with the authoritative root nameservers. Each service will have it's own portal or interface for setting the DNS records for your domain. |
| Line 35: | Line 27: |
| == Domain Name System == The '''Domain Name System''' ('''DNS''') maps human-readable '''domain names''' to actual IP addresses. A domain name is queried against a DNS server, and the true destination is returned. A domain name can be purchased from any number of providers, which then register your actual IP address with the authoritative DNS servers. Each service will have it's own portal or interface for setting the DNS records for your domain. |
== Records == |
| Line 48: | Line 36: |
| ---- | |
| Line 50: | Line 39: |
| === A note about dynamic IP addresses === | |
| Line 52: | Line 40: |
| While a dynamic address is an excellent security-by-design measure, it can be inconvenient for web hosting as DNS records must be adjusted with every re-assignment. Most ISPs will charge for a static IP address. An alternative is '''Dynamic DNS'''; see [[Ddclient|ddclient]] for more details. | == Nameservers == An authoritative nameserver contains a complete set of records and will directly return an answer. A recursive nameserver acts as a proxy, querying authoritative nameservers on behalf of the client. It returns the first authoritative answer it can find. Note that recursive servers are vulnerable to exploitation, as through ''amplification attacks'' and ''cache poisoning''. A caching nameserver also acts as a proxy, but caches the answer as an authoritative record. If the name is queried again before the internal database expunges that record, the nameserver will directly return the answer. Nameservers conventionally operate over TCP and UDP on port 53. |
| Line 58: | Line 54: |
| == Configuring your DNS == | == Hosts File == |
| Line 60: | Line 56: |
| The primary method for adjusting a Linux system's DNS is to edit `/etc/hosts`. See [[Linux/DNS|here]] for a thorough description of the complete stack. | Prior to the creation of a central DNS, networks were managed by local hosts files. These files are fundamentally an authoritative record of names. |
| Line 62: | Line 58: |
| ---- == Running your DNS Server == A DNS server receives (TCP and UDP) queries over port 53. A server could be '''recursive''', which means it will contact other DNS servers to resolve the query authoritatively, or '''iterative''', which means it may fail. Popular implementations of DNS servers are [[Dnsmasq|dnsmasq]] and [[Bind|bind]]. Note that recursive DNS servers are vulnerable to exploitation. DNS amplification attacks, which are a subtype of DDoS attacks, and cache poisoning both rely on the recursive design. |
For [[Linux/DNS|Linux]] or [[BSD/DNS|BSD]] distributions, see `/etc/hosts`. |
DNS
Domain Name System (DNS) is a system for identifying machines in a human-readable format (i.e. as compared to IP addresses).
While there are root nameservers, the system is decentralized and records can be shadowed, spoofed, or confined to a local network.
Domain Names
Domain names map to actual IP addresses. A domain name is queried against a nameserver, which in some manner returns an answer.
Obtaining Domain Names
A domain name can be purchased from any number of providers, which act as a middleman with the authoritative root nameservers. Each service will have it's own portal or interface for setting the DNS records for your domain.
Records
The primary sorts of DNS records are:
Record Type |
Function |
A |
Maps a name to an IPv4 address |
AAAA |
Maps a name to an IPv6 address |
CNAME |
Aliases a name to another name |
Nameservers
An authoritative nameserver contains a complete set of records and will directly return an answer.
A recursive nameserver acts as a proxy, querying authoritative nameservers on behalf of the client. It returns the first authoritative answer it can find. Note that recursive servers are vulnerable to exploitation, as through amplification attacks and cache poisoning.
A caching nameserver also acts as a proxy, but caches the answer as an authoritative record. If the name is queried again before the internal database expunges that record, the nameserver will directly return the answer.
Nameservers conventionally operate over TCP and UDP on port 53.
Hosts File
Prior to the creation of a central DNS, networks were managed by local hosts files. These files are fundamentally an authoritative record of names.
For Linux or BSD distributions, see /etc/hosts.