A DNS Primerby Dan Benjamin
Editor's note: Sometimes we forget about the gems stashed away in Mac OS X. A great example is the Network Utility application, hidden away in your Utilities folder. In this article, Dan Benjamin shines a light on this handy tool and provides you with a sweet primer to understanding DNS. If you're already an expert, then you might want to hop over to Jason Deraleau's more advanced "Implementing BIND on Mac OS X."
The World's Address
Have you ever wondered, "How does the email I'm sending, or the text on the site I'm reading, find its way from here to there?" Behind the scenes, connecting every machine on the entire Internet is a system called DNS, the Domain Name System, which makes it all possible.
Each system on a modern network is assigned a unique address -- the same way that your home or office has a unique street address. There can only be one building at a specific address at any given time, and the same is true with machines on the Internet.
Finding your way from one building to another is easy, if you have someone to ask who knows the shortest route from here to there. Just like real-world traffic cops, DNS is the Internet's traffic cop. By way of a distributed system of names and numbers, it always knows how to get from one machine to another. No matter where or how far apart they are, it always knows the addresses.
Each time you type a URL into the address bar of your web browser, your computer talks to the DNS server of your Internet service provider (ISP) and asks it how to get to the web site you've specified. Behind the scenes, the DNS server is taking the URL you've given it and translating that into the system's unique address, a twelve-digit number called an IP address. Every machine on the Internet has one, and DNS keeps track of them all.
For most people, remembering numbers isn't easy. It's much easier to remember a domain name, such as www.macdevcenter.com, rather than its IP address, like 18.104.22.168 or 22.214.171.124. DNS is the backbone of the Internet, handling the mapping of IP addresses (like 126.96.36.199) into human-friendly names, like www.macdevcenter.com.
Look Me Up
Each computer on the Internet has its own address, just like a house or building on a street. In this way, the Internet can be thought of as a big city. It can be broken down into smaller neighborhoods, or networks, which are connected to each other by big roads, the Internet pipelines. Finding the way around your own neighborhood isn't too much trouble, but leaving this familiar territory and venturing out onto the big roads without a map can get confusing. The same is true for the Internet and its connected networks -- we need a map, a system to help us find our way around. DNS provides us with that map.
You can see this mapping in action by using the Mac OS X Network Utility, located in the /Applications/Utilities folder. Launch Network Utility, select the Lookup tab, and enter "macdevcenter.com" into the address box. "Macdevcenter.com," just like "apple.com" and "google.com," are domain names, which map to the unique IP addresses that your machines will use to talk to them.
When you click Lookup, you'll see a list of IP addresses in the larger text box below.
This is really just a graphical front end to the UNIX command
nslookup, which provides the same information from the command line.
When Dinosaurs Ruled the Earth
Back in the early days, when independent, unconnected networks were the norm, managing servers and systems was a simple task. Users knew how to get around their network. They knew the host systems, how to find them, and what role each played on the network.
As these networks grew in size (because more client computers were attached to the network), and more administrators became responsible for maintaining them, a way to keep track of this information was needed. At first, a simple file containing a list of hosts and their IP addresses was sufficient. This file mapped the "Internet Names" given to network hosts to the IP addresses to which they were assigned. This file would be updated and made available to all Internet administrators, who would then download the file and copy it to all of their servers. When a new server was added or an old one removed, the file would have to be downloaded and copied to each machine again.
As the number of Internet hosts grew, updating and passing a HOSTS.TXT file around manually became too difficult. Users needed a system that was easier to maintain and update. DNS was created to handle the task of disseminating host information automatically.
Each Internet-connected network would be identified by a top-level domain (TLD). Initially, these included .com, .net, .org, .edu, .gov, .mil, and .arpa (as well as a feast of two-letter country zones, such as .us, .uk, etc.). Each connected network, or "zone," (usually a company, college, or military division), would be identified with a name, such as oreilly.com, whitehouse.gov, or stanford.edu. Since that time, many more TLDs have been added, including .cc, .tv, and .biz, and many more.
Each network is responsible for maintaining its own DNS servers, at least two machines (a primary and a secondary, or backup, machine in case the first one goes down) that are dedicated to providing this information 24 hours a day, 7 days a week. When you enter a URL into your web browser and press return, your computer talks to your ISP's DNS server, which in turn talks to one of the "top-level" DNS servers. For example, if you want to visit www.apple.com, your computer talks to the top-level DNS server that is authoritative for (or "owns") the large .com zone.
Your machine says, basically, "I'd like to get to apple.com," and the top-level DNS server says "OK, you need to ask Apple's nameservers about that. You can find them at this IP address." From there, your computer will then talk to Apple's DNS server, which will tell your computer the IP address of Apple's web server. Then, finally, your browser will be able to contact www.apple.com and display the page for you.
You can learn more about a domain name using the Mac OS X Network Utility. As before, launch the program and this time, select the Whois tab. In the first text box, enter "macdevcenter.com." Select "whois.networksolutions.com" in the Whois server drop-down list box, and click the Whois button. Scroll down a bit in the large text box below, and you'll see a bunch of neat information about macdevcenter.com. Feel free to try this on any domain you'd like.
This is really just a graphical front end to the UNIX command
whois, which provides the same information from the command line.
Larger zones, or domains, with lots of smaller networks can be broken down further into smaller zones to make their management easier. For example, a large company might want to separate the management of the servers for its engineering group from its accounting group. They might create two new sub-zones, eng.company.com and acct.company.com. Then, administrators for each sub-domain would only have to manage their sub-domains, and the changes they make will run back "upstream" to the parent DNS servers. This is how the whole Internet works behind the scenes.
DNS is more than just a way to look up IP addresses. In fact, one of the first, most important goals of DNS was to propagate email-server information. Using something called a "mail exchanger" (or MX) record, DNS nameservers are responsible for the path that all email takes on its way from one server to another.
I Want My DNS
At some point, you'll probably want to get your own domain name, either for yourself, your hobby, or your business. Although many years ago it was possible to acquire a domain name for free (as long as you met the requirements), this is no longer the case. While domain registrations are no longer free, they are very reasonably priced, usually between $10 and $25 per domain per year.
You can check for the availability of the domain name you're interested in by using the Whois tab in the Mac OS X Network Utility program, as demonstrated above. Just type in the domain name you're interested in acquiring, and see what turns up in the results text box. If the domain shows up as available, you're in luck.
As you'll quickly discover, most of the "good" names (names that are catchy, fun, useful, or marketable) are already taken. In many cases, even obscure, seemingly worthless domains have been taken, as well. This simply means that someone has already registered the domain. Technically, nobody can "own" a domain name, they just pay to use it for a specific period of time (usually between one and three years, but sometimes longer).
Once you've found the domain name you're interested in registering, jot it down and head over to a registrar -- a company that provides domain name registration services to consumers.
Technically, all registrars provide the same service (they register a domain for you), but the quality of their interfaces, online help, additional services, and support systems differ greatly. Many ISPs and web-hosting companies also offer domain name registrations, although usually at slightly higher prices. One of the best ways to find a registrar is by doing a search on Google or Yahoo for "register a domain" or a similar phrase. A few inexpensive and reliable registrars to check out include Registerfly, Dreamhost, and GoDaddy. Many registrars also offer web hosting and additional services that are worth checking out, as well.
You've picked out your new domain name and a registrar, and you're ready to fill out the registration form. You'll probably notice at least two blanks for DNS nameservers. As mentioned earlier, you'll need at least two DNS servers in place (a master and a slave) in order to register a domain on the Internet. The idea behind this requirement is that, should the first DNS server happen to suffer a connectivity outage or hardware failure, the second DNS server would respond in its place, providing identical information.
This works because once the relationship has been set up, the slave DNS server will obtain all of its information from the master DNS server on the fly (limited only by the slave server's DNS cache, explained in detail in Implementing BIND on Mac OS X). It's also recommended that the servers exist on different networks and/or different upstream provider backbones, for added redundancy. Nowadays, this is common only with high-availability web sites for companies that cannot afford any downtime.
Most web hosting companies provide DNS services for their customers, so it's important to know this information prior to the domain name registration process. Additionally, many webhosts and registrars offer "DNS parking" or similar services that will allow you to temporarily "park" your domain until you're actually ready to host it somewhere.
Static or Dynamic?
If you're thinking about hosting your web site on your own servers, it's important to understand that your machines will need to have constant and reliable connectivity to the Internet, and be able to handle the potential DNS traffic requirements a busy site can generate.
Computers in people's homes and offices that are connected to the Internet using DSL or a cable modem usually have temporary IP addresses, called dynamic addresses. When you connect to the Internet, your ISP will assign your computer (or perhaps your Airport Base Station or router) an IP address from a large pool of shared addresses dedicated to this purpose.
Conversely, when you shut down your computer or disconnect from the Internet, your ISP will return the address back into the shared pool of addresses. Of course, this kind of setup won't work if you're trying to provide DNS services, because your servers will need to be reachable "in the same place" every time, or else DNS won't work.
Many registrars can help you get around this limitation by offering "forwarding" services, where a request for "mynewsite.com" will redirect to your own computer, which you've set up with a dynamic hostname. Setting up your own machine to serve web pages has been detailed in James Duncan Davidson's excellent article, "Setting up a Site Server with Jaguar."
If you've got the servers, the bandwidth, and either have or can obtain the dedicated (or static) IP addresses for each of your machines from your ISP, you're ready to set your machines up as nameservers with your registrar. Remember that in order for anyone to find your web site, their machines need to talk to the top-level domain servers and ask them how to find you. The TLD servers in turn refer those machines to your DNS servers. For this reason, your registrar needs to add them to the list of servers responsible for your domain name.
This is usually accomplished with a simple form on your registrar's web site. Often, you'll need to register a new domain name first (using temporary nameservers, or the ones provided to you by your ISP, webhost, or registrar). Finally, you'll need to configure special nameserver software on each of the machines so that they can respond to your visitors' DNS requests. This process is explained in detail in Jason Deraleau's article, "Implementing BIND on Mac OS X ."
Dan Benjamin is a business strategist, programmer, writer, interface designer, and photographer.
Return to Mac DevCenter.
2006-08-03 09:13:42 interplein [View]
Just a small note...
2004-01-16 04:51:33 anonymous2 [View]
The US Government
2003-12-29 12:12:44 muthafucka [View]
2003-10-08 02:57:16 anonymous2 [View]
Another great in-depth article...
2003-05-29 09:42:41 anonymous2 [View]
dig works, nslookup doesn't
2003-05-29 01:05:50 ausmike [View]