An Introduction to DNS and DNS Tools

The domain name system (DNS) hums along behind the scenes and, as with running water, we largely take it for granted. That this system just works is a testament to the hackers who designed and developed DNS and the open-source package called Bind, thereby introducing a scalable Internet to the world. Before DNS and Bind, /etc/hosts was the only way to translate IP addresses to human-friendly hostnames and vice versa.

This article will introduce the concepts of DNS and three commands with which you can examine DNS information: host, dig and nslookup.

The DNS is a distributed, hierarchical database where authority flows from the top (or root) of the hierarchy downward. When Linux Journal registered linuxjournal.com, they got permission from an entity that had authority at the root or top level. The Internet Corporation for Assigned Names and Numbers (ICANN) and a domain name registrar, transferred authority for linuxjournal.com to Linux Journal, which now has the authority to create subdomains such as embedded.linuxjournal.com, without the involvement of ICANN and a domain name registrar.

When trying to understand the structure of the DNS, think of an inverted tree—the very structure of the UNIX filesystem. Each branch of the tree is within a zone of authority; more than one branch of this tree can be within a single zone. Linux Journal could choose to retain authority for embedded.linuxjournal.com, or they could delegate it down the tree to someone else who could make subdomains such as zeus.embedded.linuxjournal.com.

The software (usually Bind) that stores domain name information is called a domain name server. A single name server can be authoritative for multiple zones. All zones have a primary master and a secondary master name server that provides authoritative responses for their zones.

If you query a name server not authoritative for a particular zone, that name server will most likely return the correct information. This is because zone information propagates throughout the Internet, and name servers cache zone information for which they are not authoritative.

When you register a new domain name, transfer your old one to a new host or just make changes to the zone database file, it often takes several days for the new information to propagate completely. During that interim period, nonauthoritative name servers often temporarily cache stale information about your domain name.

You may wonder how you fit into this process when you use the Internet. Well, whenever you use the Web, Telnet, FTP, etc., your software uses the resolver (the client side of the DNS), which is a set of library routines compiled into programs such as Mozilla. When you type www.linuxjournal.com, the resolver sets up the query to the name server that does the work of translating www.linuxjournal.com to 207.178.22.49 so you can get to the web site.

For comprehensive coverage of DNS and DNS commands, read the man pages and get one of the excellent DNS books on the market, such as O'Reilly's DNS and Bind and Sybex's Linux DNS Server Administration.

Zone file database records divide DNS information into three primary types: NS (name server) records, MX (mail exchange) records and A (Address) records. NS records indicate the name servers. MX records indicate the hosts that handle e-mail delivery; the priority (pri) number indicates the order in which mail servers are used, with the lowest number receiving the highest priority. The A (Address) records map hostnames to IP addresses, the real names of machines.

This is the simplest of the DNS commands. It is a quick way to determine the IP address of a hostname:

host www.linuxjournal.com
www.linuxjournal.com has address 207.178.22.49
www.linuxjournal.com mail is handled (pri=80)
by www.ssc.com
www.linuxjournal.com mail is handled (pri=10)
by mail.ssc.com
www.linuxjournal.com mail is handled (pri=40)
by cascadia.a42.com

The -a option will return all of the DNS information in verbose format, as seen in Listing 1.

Listing 1. DNS Information in Verbose Format with -a Option

Now that you know the IP address for www.linuxjournal.com, you might want to make sure the reverse lookup works. The reverse lookup checks to see if the reverse zone file maps the IP address to the hostname:

host 207.178.22.49 49.22.178.207.IN-ADDR.ARPA
domain name pointer www.linuxjournal.com