109.4 Configure client-side DNS
Candidates should be able to configure DNS on a client host
Key Knowledge Areas
- Demonstrate the use of DNS on the local system.
- Modify the order in which name resolution is done.
When host name lookups are performed, two configuration files are consulted to determine where to get the information from. The first is /etc/nsswitch.conf (the "name service switch" file). This file tells the resolver (the lookup routine) what data source to consult for the information. It is used to configure several types of lookup including user name , group, and host name lookups. In this topic we are concerned only with host name lookups.
All that the nsswitch file really does is to tell the resolver which library to call to do the work. There is a simple mapping between the entries in the file and the library names. For example, given this line in nsswitch.conf:
hosts: dns nis files
the resolver will attempt to use the libraries libnss_dns, libnss_nis and libnss_files, in that order.
Additional notations in the file control what action to take if a particular type of lookup fails. For example, this entry:
hosts: dns [NOTFOUND=return] files
tells the resolver to consult DNS first. If the resolver was able to perform a DNS lookup but DNS did not find the name, the resolver will immediately return failure. The local file (/etc/hosts) will only be consulted in the event that DNS cannot be contacted at all.
|files||flat files, generally in /etc|
|nis||a map from a NIS server|
|dns||a DNS server|
|ldap||an LDAP server|
|networks: files nis ldap|
In the case that DNS is being used for name resolution, a second file, /etc/resolv.conf, is consulted. This specifies the IP addresses of one (or preferably two or three) DNS servers.
Here, two name servers are specified. The first is, presumably, on the local network (since it's a private IP address). In the case of networks that connect through a broadband modem/router to an ISP, the router itself is probably providing a caching DNS service. The second (to be used if the first is unavailable) might be a name server maintained by your ISP, or any other DNS server you trust.
The search directive specifies a default domain. For example if the resolver is looking up a simple name like "neptune" it will append the default domain (so in this example it will look up neptune.example.com).
The options directive is not often used. It can be used to configure specific resolver settings. The example shown sets the amount of time (in seconds) the resolver will wait for a response from a remote name server before trying the next one. (The default is 5 seconds). For other options, see the man page for resolv.conf(5)
Some background on DNS
DNS (Domain Name System) is a distributed hierarchical naming system. A primary use of DNS is to map host names (such as www.lpi.org) onto IP addresses (such as 188.8.131.52).
Names are organised within a hierarchical structure. At the top of this tree are a number of pre-defined names. Early assignments of top-level domains included the following:
com - Commercial organisations
edu - US educational institutions
gov - US government institutions
mil - US military institutions
net - Gateways and network providers
org - Non commercial sites
Later, two character top-level domains were added, corresponding to sites in individual countries; for example:
uk - United Kingdom
ca - Canada
jp - Japan
ke - Kenya
za - South Africa
For a complete list, see http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains.
The figure below shows a fragment of the DNS name-space for machines in the Computer Science department at Sheffield University, an academic institution in the UK:
Names in DNS are written "little endian", that is, starting from the bottom of the tree and working up. An example from the figure above is zaphod.cs.sheffield.ac.uk. Such a name is known as a fully qualified domain name (FQDN).
DNS servers hold several types of record. These include:
|A||These records map host names onto IPV4 addresses. These are the most commonly used records in DNS|
|MX||Mail exchanger records specify the name of the mail server for a specified domain. For example the MX record for lpi.org tells us where to send mail for the user email@example.com|
|PTR||These records map IP addresses back to host names, supporting "reverse DNS lookups". A complete name-space (with a top-level domain at inaddr.arpa) exists to support these lookups|
|NS||Name server records specify the name server for a given domain. For example the NS records for lpi.org tell us which servers are able to resolve the name www.lpi.org.|
The primary or master DNS server for a domain is the one that is ultimately responsible for resolving queries for records in that domain. On these servers, zone files (plain text files) contain the definitions of the records for that domain. These zone files are the raw materials of DNS.
Secondary (or slave) DNS servers are used to share the load with the primary servers (and to avoid having a single point of failure in case the primary server goes down). Secondary DNS servers maintain copies of the zone files but these are obtained by synchronising with the primary server. This synchronisation is called a zone transfer.
Caching DNS servers do not hold their own zone files. They simply forward DNS queries to other servers but retain (cache) the results they receive so that if a query is repeated it can be answered rapidly from the local cache. Caching DNS servers are easy to set up and even if you run only a small corporate network it is probably worth setting up a caching DNS server to service it.
The following is a partial list of the used files, terms and utilities: