Ict-innovation/LPI/109.4

= 109.4 Configure client-side DNS = Candidates should be able to configure DNS on a client host

Key Knowledge Areas


 * Demonstrate the use of DNS on the local system.
 * Modify the order in which name resolution is done.

When host name lookups are performed, two configuration files are consulted to determine where to get the information from. The first is /etc/nsswitch.conf (the "name service switch" file). This file tells the resolver (the lookup routine) what data source to consult for the information. It is used to configure several types of lookup including user name, group, and host name lookups. In this topic we are concerned only with host name lookups.

All that the nsswitch file really does is to tell the resolver which library to call to do the work. There is a simple mapping between the entries in the file and the library names. For example, given this line in nsswitch.conf:

hosts: dns nis files

the resolver will attempt to use the libraries libnss_dns, libnss_nis and libnss_files, in that order.

Additional notations in the file control what action to take if a particular type of lookup fails. For example, this entry:

hosts: dns [NOTFOUND=return] files

tells the resolver to consult DNS first. If the resolver was able to perform a DNS lookup but DNS did not find the name, the resolver will immediately return failure. The local file (/etc/hosts) will only be consulted in the event that DNS cannot be contacted at all.

Common "database" names in nsswitch.conf

Common information sources in nsswitch.conf

In the case that DNS is being used for name resolution, a second file, /etc/resolv.conf, is consulted. This specifies the IP addresses of one (or preferably two or three) DNS servers.

Here, two name servers are specified. The first is, presumably, on the local network (since it's a private IP address). In the case of networks that connect through a broadband modem/router to an ISP, the router itself is probably providing a caching DNS service. The second (to be used if the first is unavailable) might be a name server maintained by your ISP, or any other DNS server you trust.

The search directive specifies a default domain. For example if the resolver is looking up a simple name like "neptune" it will append the default domain (so in this example it will look up neptune.example.com).

The options directive is not often used. It can be used to configure specific resolver settings. The example shown sets the amount of time (in seconds) the resolver will wait for a response from a remote name server before trying the next one. (The default is 5 seconds). For other options, see the man page for resolv.conf(5)

Some background on DNS
DNS (Domain Name System) is a distributed hierarchical naming system. A primary use of DNS is to map host names (such as www.lpi.org) onto IP addresses (such as 24.215.7.162).

Names are organised within a hierarchical structure. At the top of this tree are a number of pre-defined names. Early assignments of top-level domains included the following:

com - Commercial organisations

edu - US educational institutions

gov - US government institutions

mil - US military institutions

net - Gateways and network providers

org - Non commercial sites

Later, two character top-level domains were added, corresponding to sites in individual countries; for example:

uk - United Kingdom

ca - Canada

jp - Japan

ke - Kenya

za - South Africa

For a complete list, see http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains.

The figure below shows a fragment of the DNS name-space for machines in the Computer Science department at Sheffield University, an academic institution in the UK:



Names in DNS are written "little endian", that is, starting from the bottom of the tree and working up. An example from the figure above is zaphod.cs.sheffield.ac.uk. Such a name is known as a fully qualified domain name (FQDN).

DNS servers hold several types of record. These include:

The primary or master DNS server for a domain is the one that is ultimately responsible for resolving queries for records in that domain. On these servers, zone files (plain text files) contain the definitions of the records for that domain. These zone files are the raw materials of DNS.

Secondary (or slave) DNS servers are used to share the load with the primary servers (and to avoid having a single point of failure in case the primary server goes down). Secondary DNS servers maintain copies of the zone files but these are obtained by synchronising with the primary server. This synchronisation is called a zone transfer.

Caching DNS servers do not hold their own zone files. They simply forward DNS queries to other servers but retain (cache) the results they receive so that if a query is repeated it can be answered rapidly from the local cache. Caching DNS servers are easy to set up and even if you run only a small corporate network it is probably worth setting up a caching DNS server to service it.

The following is a partial list of the used files, terms and utilities:


 * /etc/hosts
 * /etc/resolv.conf
 * /etc/nsswitch.conf

Previous Chapter | Next Chapter