DNS

Domain Name System (DNS) Resolution is a core component to the internet. It is both a standard for communication and a multi-layered, distributed infrastructure.

Contents

  1. DNS
    1. Internet Protocol
    2. Domain Name System
      1. A note about dynamic IP addresses
    3. Configuring your DNS
    4. Running your DNS Server

Internet Protocol

All internet gateways (commonly modems) act as an interface between the internet and local hosts. This is governed by the Internet Protocol (IP).

A set of IP addresses are reserved for local networking:

IP Block

IP Range

Reserved for

127.0.0.0/8

127.0.0.0 - 127.255.255.255

Loopback

10.0.0.0/8

10.0.0.0 - 10.255.255.255

Local network

172.16.0.0/12

172.16.0.0 - 172.31.255.255

Local network

192.0.0.0/24

192.0.0.0 - 192.0.0.255

Local network

192.168.0.0/16

192.168.0.0 - 192.168.255.255

Local network

::1/128

::1 (yes, just one address)

Loopback

fc00::/7

fc00:: - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Local network

There are also a number of reservations for infrastructure and future use. The remainder are mapped to the public internet.

Any host will have both a private (local network) IP address and a public (internet) IP address. Most users have a dynamic IP address, which means it was assigned randomly and temporarily. This assignment is handled by a Dynamic Host Configuration Protocol (DHCP) server. The alternative is a static IP address, which is a permanent assignment.

Domain Name System

The Domain Name System (DNS) maps human-readable domain names to actual IP addresses. A domain name is queried against a DNS server, and the true destination is returned.

A domain name can be purchased from any number of providers, which then register your actual IP address with the authoritative DNS servers. Each service will have it's own portal or interface for setting the DNS records for your domain.

The primary sorts of DNS records are:

Record Type

Function

A

Maps a name to an IPv4 address

AAAA

Maps a name to an IPv6 address

CNAME

Aliases a name to another name

A note about dynamic IP addresses

While a dynamic address is an excellent security-by-design measure, it can be inconvenient for web hosting as DNS records must be adjusted with every re-assignment. Most ISPs will charge for a static IP address. An alternative is Dynamic DNS; see ddclient for more details.

Configuring your DNS

The primary method for adjusting a Linux system's DNS is to edit /etc/hosts. See here for a thorough description of the complete stack.

Running your DNS Server

A DNS server receives (TCP and UDP) queries over port 53. A server could be recursive, which means it will contact other DNS servers to resolve the query authoritatively, or iterative, which means it may fail.

Popular implementations of DNS servers are dnsmasq and bind.

Note that recursive DNS servers are vulnerable to exploitation. DNS amplification attacks, which are a subtype of DDoS attacks, and cache poisoning both rely on the recursive design.

CategoryRicottone