Chapter 3 Domain Name Server Types of this chapter include: • Main domain server. The primary domain server gets an authorization to respond to the query of the domain area, and it is also a source that provides all domain area addresses. This section describes the characteristics of the primary domain server. Note that sometimes a primary domain server is also known as a primary server. This new statement comes from the change of the B i N D version 8 setting file. The primary domain name server involved in any place in this chapter can be interchanged with the primary server. • A auxiliary domain name server. The auxiliary domain name server is a backup server. They are not places where domain area source data is stored, but they also authorize the inquiry of the domain name. Auxiliary domain name servers typically obtain domain zone data from the main D n S server of the domain. Note that the secondary server is also known as the slave server. • Cache domain server. As the name suggests, the cache domain server is used to cache address data. The cache is a characteristic of most servers. The cache domain server is specifically used to cache the address of the query without warning any other job. They do not contain a domain zone file of many hosts, nor does it transmit data from other D n s servers. The cache domain name server also answers the query, but no authorization. This section will describe the cache server and explain why they are valuable. • Pass the query: forward server and slave server. Before servers and slave servers are also D n s servers, they have very special partnerships with other D n s servers to share the responsibility of the processing query. This section describes the pre-server and slave servers explains how they provide the options for service design to the administrator. • Determine the type of D N S server. If you encounter a server, don't know what it works, this section will show you how to distinguish between master, secondary servers, forward servers, slave servers, and cache servers. A domain name server can only play a role or play a few roles. This chapter provides an overview of a possible role of a server. Note that a D n S server can support multiple domains at the same time, sometimes having a role for each domain, which is important. Some characters, such as only caches, which must be set for the entire server. Then, the type of a D n S server is already determined when it is selected. This setting allows the server to support each domain. In addition to explaining the role of potential D N S servers, this chapter also reveals and discusses the architecture that helps to explain the difference between primary servers, secondary servers, forward servers, slave servers, and cache servers. It is better to understand this in practical problems and applications. The only certain deterministic for this relationship is that some D n s servers are primary servers for each domain, and the rest is specified by themselves. 3.1 Main domain server The main domain server is the main member of D N s, which plays a very important role in the release of the domain name data in I N t e R N e t. The primary domain server is always an initial source of address data. The primary server has the domain name in the domain with the highest authorization, and because they are the only source of the domain transmission domain data, there is a function of the information to any one or even the server released by the data. A secondary server can also be a "primary server" when transmitting a domain zone to another secondary server, but the file is on the primary domain server. The confusion on this language is clarified in RFC 2136. It distinguish between slave servers, primary servers, and primary domain servers (Primary Master Server). • The slave server. A server used to search for domain zones. And use N s record in the domain zone to name it. • The primary server. A authorization server set to transfer the data source to one or more slave servers. • The root main domain server. The primary server as the root in the domain region transmits the interconnection (T R A N S F E R- D E P e n D E N C Y). The primary domain server is named in the domain zone S O A record. Depending on the definition, each domain area can only have one primary domain server. The data release process starts from the administrator to create a configuration boot file, which can be copied from the BIND DNS implementation of the U N i x host, more likely to enter all servers required by the D N S server management interface when installation. The Windows 2000 DNS server will automatically put any configuration files in the% W I N D I R% / S Y S T E M 3 2 / D N S folder.
The basic data information of D N s that needs to be manually configured includes: • Domain's name (if the domain name needs to be parsed outside the enterprise, you must approval by I N T E R N i C). • Each is ready to provide the I P address and name of the server of the domain name resolution. • Host names and addresses of each domain name server. • Other hostnames and addresses including computers in this D N S server domain area. Chapter 11 provides guidance for installing and configuring Windows 2000 DNS servers. 3.1.1 Storage Windows DNS boot configuration data There are two ways to store Windows DNS boot configuration data: By booting files and through registration. The default method is through the registry. If you want to boot the configuration file instead of the registry, you must select the "From File" option under "Load Zone Data" in "LOAD ZONE DATA" in "S t a r t u p (start menu)" to set the boot method. This selection menu is under the "A D V a N C E D (Advanced)" option of the D N S server properties. Unlike D N S server software, the Windows 2000 DNS server automatically updates the registry and boot file when selecting or changing the boot method (in previous versions, synchronization is a heavy work). The key value of the registry is HK L m / s y S t e m / c u R R E N T C O N R O L S e T / S E R V I C E / D N S. Chapter 11 discusses the impact of changing storage methods. In Windows 2000, you can also use an active directory integration domain, but only for the main domain. Because the secondary server does not modify the data, it is not necessary to let the secondary server directly access the data of the primary server, and they only perform domain regions in the normal mode. For the main domain, the integration of the active directory means that the domain area data is stored in the directory. This provides a more robust approach to store and replicate (transfer) data. If you use an active directory integration domain, multiple domain controllers can share domain information. From the entire storage to a single source record, this integration provides access control as a way to ensure domain data security. 3.1.2 Configuring data and domain The profile provided by the domain Microsoft DNS can be compatible with the B i n d of the U N i x mode, so that transition to the MS DNS server is much easier. The default name of the cache file in Windows 2000 is C A C H E. D N S. Configuration Data not only specifies the directory and cache directory of the server storage domain file, but also contains a list of domain names that will support, and indicate which type of server that is the type of each domain; is a primary server, auxiliary server, Or caching the server. If the server is a primary server, the boot configuration information contains the source domain area of each domain. If the server is a secondary server, the I P address of the primary server should be included. This way, the server knows where to request update data. Chapter 3 domain name server type counting 29
If a primary server is running. Modifications made to domains can be increasing or deleting hosts, subdomains, mail servers, domain name servers, and more. If you use a boot profile to make the server start and run, you can only modify the source file of the primary server. The structure of the domain name server boot file is shown below (the annotation of the annotation "starting with a semicolon"; "to explain the statement of the boot file). This example is given in the form of u n i x administrator style. In this example, Windows 2000 ignores the directory. Pay attention to these files, including cache files, except for the not specified. D N S. There is no need to worry about all configuration options. This section describes that D N S will give all the information needed to understand and use these options. In addition, many settings are automatic. The above cache server points to the root domain (.). Its cache file contains an entry for each of the server addresses. Windows 2000 DNS itself has this root buffer file, and its latest version can always be able to change the file name to cache file from the I NTER NIC FTP: / / RS. ROOT. Name (do not confuse root caching files and servers used to cache). The F t p site may be the easiest way to get the latest version. The root caching file is only available when I N t e R n e T itself is announced to add a new root server (almost no happens), or if your D N S server is only used to support a internal network that is isolated from the outside. Note These files are only used when you are ready to use the server for web search. Some companies are divided into internal and external to the analysis of I N t e R n e t address. This is often used for separate internal or external servers. The above example shows the structure of a domain name server boot file. Host. DB file contains a list of Example. NET domain, Hosts. The REV file contains 1. 1 6 8. 1 9 2. in - Add r. ARPA domain list, this domain contains I NTERNET Address (in - Addr The map, that is, 1 9 2. 1 6 8. 1. 0 The IP address of the network to the host name. The omitted directory statement tells the Unix Bind Domain Name Server These files are stored in The parser uses the remaining information to select different domain name servers for different queries. • Redundancy. With auxiliary domain name server, even if the primary server is faulty, the domain's request can still be forwarded, and the query can still be parsed. Particularly useful is a network resettlement auxiliary server that is different in geographic location, or arranges a secondary server in different regions of a country. The local host of the counter address domain and the root domain of the cache parsing 0.0.127. In-Addr. Arpa domain file and root caching files are usually the same, because each computer has one The address is 1 2 7. 0. 0. 1 return. The return of the retraction is often identified by the local host (L O C A L H O S) for internal communication of network services. The domain name server can call yourself by local host address, which can accelerate the operation of the domain name server, because the communication at this time does not have a network. Of course, if you look at these items carefully, you will find all the functions described above if you find the multi-master (M u L T I -M A S TE R) model of the active directory integration domain zone without the secondary server. Email is a good instance that must be set up a redundancy. Assuming x y z. C O m is in San Jose. California has its primary domain server. The administrator decided to set a secondary server in different subnets, but still in the same building. If the connection of XYZ. COM and I N t e R n e t is broken, it cannot answer the external D n s query immediately. If someone wants to send an email to the x y z. C O m domain, it must not succeed, and it will generally obtain "U N k N o w n h o s t (host name unknown)" error. Now, X Y Z. C O m determines a auxiliary domain name server in the East Coast of the United States, and its domain name is A b c. C o m. If the connection is broken by X Y Z. C O m, the query will still be answered by a secondary server in the A b C. C O m domain. In addition, x y z. C O m parses the overall response of external queries will also improve because it has an overall distributed arrangement more convenient to handle queries from all over the United States. For example, an email sent to x y z. C O m domain, if you have a delivery problem, it will be queued again, and it will not be passed on this. The following example shows a boot file for auxiliary domain server: From the above example, you can see the data source from the domain is from the host 1 9 2. 1 6 8. 1. 2 2 0, this auxiliary domain server will store the backup of domain area files Document, and called Hosts. DB. The point to the auxiliary domain server cache is also the same as the main domain server. Note that it is the primary domain server because the response address is self-contained by the response address, so each machine is the primary server for your own response network. The auxiliary server does not necessarily save the backup of domain information, but it is generally recommended. The auxiliary service holder keeps such a local copy makes it started faster because it does not have to immediately request the domain information to the primary server when it starts. And if the data is preparing to update, there is no need to transfer more information than checking the new domain area. Although this does not guarantee that the initial data must be the latest, at least the secondary server can start to answer the query with these data. 3.3 Cache Domain Server Cache Server can improve the performance of the D n S server in the network. When D N S often queries some of the same target, the type of Annamette 3 domain name server is 31 The buffer server can provide a faster response to the query without the need to pass by the primary server or auxiliary server. The settings required to cache servers are very simple, as shown in the following example: Cache server only includes only a directory, returning to the domain (0. 0. 1 2 7. In - add r. Arpa) and cache statement itself . The only requirement for the cache server is that there should be a root caching file including the domain name server itself. Because the cache server is unauthorized, it cannot delegate the domain. The cache server can be configured to forward the query and then store the result to respond to future queries. If agency or company has the primary D N S serving I S P service, then configure a cache server to improve the system's performance and support the link of the remote site. In order to configure a cache server to Wi N D O W S, D N S service must start first. When the new server is established, C A C H E and the return will be automatically generated. The only thing that needs is to ensure the start of the D N S after the Windows server restarts and terminates other systems. Most of the D n s services for supporting a Wi N D O W S domain environment does not require I S P (I N T E R N e t service provider). But from the external name from the public namespace I s P or internal name server, it will bring a lot of benefits to the local cache. The cache server has many advantages, mainly for multi-users, the system's performance is improved, otherwise, these users must be forwarded to another server to complete. The cache server also has a disadvantage that the information it is stored is not necessarily the latest. However, the valid time of the information can be set to control the cache server to discard the corresponding cache data when the set time limit is reached. One problem is that Windows 2000 DNS implements N c a c h e, or ignores the response cache. This usually does not bring problems, but sometimes it will bring confusion, especially D n s administrators to change or test. 3.4 Transfer Query: A D N S server forward server and slave server can specify another server to the forward server (F O R W A R D) to determine where it will turn the query when it cannot answer the query. The subordinate (S L a V e) relationship is to answer the query before the server relies on its forward server, and it can no longer be a client of other D n s servers. The basic difference between the forward server and the slave server is: • Before the server: Send a query to a specified machine, wait a short time, then start you look up. • Substation Server: Send a query to a specified machine and wait for an answer. The slave server itself is not parsing the query. Note that the "slave server" here is not a device, but is a definition that is actually called "slave server". The forward server is a machine specified for processing queries (see Figure 3 - 1). The client, also includes other D n s servers, waiting for a while, if you don't receive an answer, you can start looking for results. Because a large number of communications must pass forward servers, they will build a large address cache. If you want to use a cache for many users, you can use the forward server. Figure 3 - 1 shows the processing of forward servers: 1) Send a query to the local D n S server. 32 counting the first part of understanding the domain name system Chapter 3 domain name server Type 0333 2) Local D N S servers transfer the query to the forward server and start waiting. 3) Send a query to a domain server on I N t e R n e t and wait. 4) If the answer is not received, the local D N S server sends a query to a domain name server on the I N T E R N e t. Figure 3-1 Before the server represents the other D n S server, the front to the server and the local D n S server will eventually get a response and establish a cache. If a client's domain name server has a specified forward server and receives a query not to result from its local area file or cache, this domain name server does not perform recursion queries to get results (Chapter 5 " Domain Name Query Details "The recursive query is described, but forward the query to the specified forward server. Search and provide answers by the specified forward domain name servers. If the front server cannot returns an answer, the server itself starts a recursive query. Before forwarding has a certain use. One of the uses is to forward queries to several D N s servers that can be parsed, so that the caching of the corresponding host is established on these machines to facilitate future queries. But the most frequently used to forward servers is to establish a dual D n S server system inside and outside the firewall. A mechanism connected to I n t e R n e t needs to parse I N t e R n e T host name, but may not wish to expose its own network to the remaining users of I N T E R N e t due to security. At this time, you can use an internal D n S server forward to the external query of all the domains to the external query to the external D n S server (forward server) to seek the answer. The slave server is a D n S server that must use forward servers (see Figure 3 - 2). The slave server sends a query to the specified machine, waiting to answer, if the front server does not quickly give an answer, it is not allowed to parse the query. This option can be used as a very useful security measures because all queries can only pass only a passage from the slave servers to the forward server. This is also a good way to make only the authorized external queries can pass the firewall, on this basis, can implement good security measures. The processes shown in Figure 3 - 2 are as follows: 1) The client sends a query to the local D n S server. 2) Local D N S servers forward the query forward to a forward server and start waiting. Local DNS server forward (DNS server) DNS client 3 forwards to a domain name server on the I N T E R N e t forward to the server forward. 4) If the result is not obtained, the slave server (in this case is the local D n S server) nor will you start parsing. Figure 3-2 The slave server must wait for the response slave server to the server to use the D n S server that is forwarded to the server, the only limit is: the slave server can only get the query result from the specified forward server. Back to the safety consideration mentioned earlier, an internal D n S server provides the name resolution service for all internal hosts. This provides control of whether or not to terminate the I n t e R n e t service. An external D n S server provides an analysis of all protected hosts and agencies. The internal domain name service will serve the D n S server in the firewall to prevent internal names and addresses from being known externally. Remember any information on the D n S server can be easily discovered by a simple query. The Active Directory Integration of Windows 2000 is controlled with access control lists (A c1). To set forward servers, the boot file must have an entry that describes the forward server, or you must enter the corresponding information in the "Forwarders" tab, click "F" in the "Server Properties" dialog box. The ORWARDERS icon will display the "F Orwarders" tab. To open the Server Properties dialog box, simply select the "P R O P E R T I E S (attribute)" ". If you check the "Do Not Use Recursion" check box, you will find the slave server. Regardless of the above case, the I P address of the forward server must be included in the configuration. The following example shows the corresponding boot file entry. Note that the default directory of Windows 2000 is used here. Here, I will take it here, because any, sometimes you will forget where something is placed, and if there is anything to tell you where it will be great. 34 counting the first part of understanding the domain name system Depending on (DNS Servers) 3.5 Determine the type of DNS server, the type of DNS client is determined below the type of DNS server, which can help readers choose a class server and implement: • Main Server: Has one or Several authorizations of several domain areas. The domain area is data in one or several domains, or part of a domain. • Auxiliary server: also has an authorization function as a backup of the primary domain server. It transmits all domain zone data from the primary server through the domain zone. • Before: a D n S server that is specified by other D n s servers. • Border Server: Configured to use the D n S server for the forward server, but it does not have other options, you must use the front to perform all queries. Note that this is not a means auxiliary server. • Cache Server: Establish an address cached server through its own query. Only for cached servers, there is no own domain data, just for the client. The Windows 2000 DNS server can provide all of the above services, and an interesting difference is that it is called a slave server when it is authorized to one or more domain. Chapter 11 will discuss the settings of these different types of servers in more detail. If there is a system administrator's permissions, you can determine which type of server in the current system. System administrator or can read boot files or manage the domain's properties through the D N S management controller. The function of the D n S server is spelled in the U N i x system boot file. The files for the domain name server function are also listed in the file to start with the purpose or function of the server. For Wi N D O W S, this file tells you all the domains and which are used in the cache file on the server. If the domain name server is started by the registry (can be started by the registry or boot configuration file), the boot file has only one statement, which is started by the registry. When using the D N S service controller, you can use the mouse to right click to open the "Z O N EP R O P E R T I E E S (Domain Zone Properties)" dialog, as shown in Figure 3-3. The "G E N E R A L (General Tab)" shown in the figure gives the domain information, indicating that the server is a primary server or a secondary server. If the D N s management controller exists in addition to 1 2 7. i n -a d r. A r p A does not list other domains, you can know that this is a cache server or a slave server. To distinguish it, check the Cache file or view the Root Hints tab of the server properties. If there is no administrator's permissions, but know the server I P address, you can check this server via the S O A record of any domain of the server. If the S O U r C E entry recorded by S O A is the server, it is certain that this machine is the primary server of this domain. The auxiliary server can provide authorization data from the domain zone from the primary server. Figure 3 - 3 shows how the secondary server is configured, where the I P address domain shows the I P address of the specified primary server. The secondary server can be arranged in the LAN to provide query services to reduce the load of the WAN and improve security. Similarly, you can use Chapter 3 Type 3 Type 35 for a slower connection 35