Previous Section
 < Day Day Up > 
Next Section


Domain Name Service (DNS)

Each computer connected to a TCP/IP network, such as the Internet, is identified by its own IP address. IP addresses are difficult to remember, so a domain name version of each IP address is also used to identify a host. As described in Chapter 34, a domain name consists of two parts, the hostname and the domain. The hostname is the computer's specific name, and the domain identifies the network of which the computer is a part. The domains used for the United States usually have extensions that identify the type of host. For example, .edu is used for educational institutions and .com is used for businesses. International domains usually have extensions that indicate the country they are located in, such as .de for Germany or .au for Australia. The combination of a hostname, domain, and extension forms a unique name by which a computer can be referenced. The domain can, in turn, be split into further subdomains.

As you know, a computer on a network can still be identified only by its IP address, even if it has a hostname. You can use a hostname to reference a computer on a network, but this involves using the hostname to look up the corresponding IP address in a database. The network then uses the IP address, not the hostname, to access the computer. Before the advent of large TCP/IP networks, such as the Internet, it was feasible for each computer on a network to maintain a file with a list of all the hostnames and IP addresses of the computers connected on its network. Whenever a hostname was used, it was looked up in this file and the corresponding IP address was located. You can still do this on your own system for remote systems you access frequently.

As networks became larger, it became impractical-and, in the case of the Internet, impossible-for each computer to maintain its own list of all the domain names and IP addresses. To provide the service of translating domain addresses to IP addresses, databases of domain names were developed and placed on their own servers. To find the IP address of a domain name, you send a query to a name server, which then looks up the IP address for you and sends it back. In a large network, several name servers can cover different parts of the network. If a name server cannot find a particular IP address, it sends the query on to another name server that is more likely to have it.

If you are administering a network and you need to set up a name server for it, you can configure a Linux system to operate as a name server. To do so, you must start up a name server daemon and then wait for domain name queries. A name server makes use of several configuration files that enable it to answer requests. The name server software used on Linux systems is the Berkeley Internet Name Domain (BIND) server distributed by the Internet Software Consortium (www.isc.org). Chapter 34 describes the process of setting up a domain name server in detail.

Name servers are queried by resolvers. These are programs specially designed to obtain addresses from name servers. To use domain names on your system, you must configure your own resolver. Your local resolver is configured with your /etc/host.conf and /etc/resolv.conf files. You can use /etc/nsswitch in place of /etc/host.conf.

host.conf

Your host.conf file lists resolver options (shown in Table 38-8). Each option can have several fields, separated by spaces or tabs. You can use a # at the beginning of a line to enter a comment. The options tell the resolver what services to use. The order of the list is important. The resolver begins with the first option listed and moves on to the next ones in turn. You can find the host.conf file in your /etc directory, along with other configuration files.

Table 38-8: Resolver Options, host.conf

Options

Description

order

Specifies sequence of name resolution methods:
hosts Checks for name in the local /etc/host file
bind Queries a DNS name server for address
nis Uses Network Information Service protocol to obtain address

alert

Checks addresses of remote sites attempting to access your system; you turn it on or off with the on and off options

nospoof

Confirms addresses of remote sites attempting to access your system

trim

Checks your local host's file; removes the domain name and checks only for the hostname; enables you to use only a hostname in your host file for an IP address

multi

Checks your local hosts file; allows a host to have several IP addresses; you turn it on or off with the on and off options

In the next example of a host.conf file, the order option instructs your resolver first to look up names in your local /etc/hosts file, and then, if that fails, to query domain name servers. The system does not have multiple addresses.

/etc/host.conf
Start example
# host.conf file
# Lookup names in host file and then check DNS
order bind host
# There are no multiple addresses
multi off
End example

/etc/nsswitch.conf: Name Service Switch

Different functions in the standard C Library must be configured to operate on your Linux system. Previously, database-like services, such as password support and name services like NIS or DNS, directly accessed these functions, using a fixed search order. For GNU C Library 2.x, used on current versions of Linux, this configuration is carried out by a scheme called the Name Service Switch (NSS), which is based on the method of the same name used by Sun Microsystems Solaris 2 OS. The database sources and their lookup order are listed in the /etc/nsswitch.conf file.

The /etc/nsswitch.conf file holds entries for the different configuration files that can be controlled by NSS. The system configuration files that NSS supports are listed in Table 38-9. An entry consists of two fields: the service and the configuration specification. The service consists of the configuration file followed by a colon. The second field is the configuration specification for that file, which holds instructions on how the lookup procedure will work. The configuration specification can contain service specifications and action items. Service specifications are the services to search. Currently, valid service specifications are nis, nis-plus, files, db, dns, and compat (see Table 38-10). Not all are valid for each configuration file. For example, the dns service is valid only for the hosts file, whereas nis is valid for all files. The following example will first check the local /etc/password file and then NIS.

passwd:  files nisplus
Table 38-9: NSS Supported Files

Files

Description

aliases

Mail aliases, used by Sendmail

ethers

Ethernet numbers

group

Groups of users

hosts

Hostnames and numbers

netgroup

Network-wide list of hosts and users, used for access rules; C libraries before glibc 2.1 only support netgroups over NIS

network

Network names and numbers

passwd

User passwords

protocols

Network protocols

publickey

Public and secret keys for SecureRPC used by NFS and NIS+

rpc

Remote procedure call names and numbers

services

Network services

shadow

Shadow user passwords

Table 38-10: NSS Configuration Services

Service

Description

files

Checks corresponding /etc file for the configuration (for example, /etc/hosts for hosts); this service is valid for all files

db

Checks corresponding /var/db databases for the configuration; valid for all files except netgroup

compat

Valid only for passwd, group, and shadow files

dns

Checks the DNS service; valid only for hosts file

nis

Checks the NIS service; valid for all files

nisplus

NIS version 3

hesoid

Uses Hesoid for lookup

An action item specifies the action to take for a specific service. An action item is placed within brackets after a service. A configuration specification can list several services, each with its own action item. In the following example, the entry for the network file has a configuration specification that says to check the NIS service and, if not found, to check the /etc/protocols file:

protocols: nisplus [NOTFOUND=return] files

An action item consists of a status and an action. The status holds a possible result of a service lookup, and the action is the action to take if the status is true. Currently, the possible status values are SUCCESS, NOTFOUND, UNAVAIL, and TRYAGAIN (service temporarily unavailable). The possible actions are return and continue: return stops the lookup process for the configuration file, whereas continue continues on to the next listed service. In the preceding example, if the record is not found in NIS, the lookup process ends.

Shown here is a copy of the current Red Hat /etc/nsswitch.conf file, which lists commonly used entries. Comments and commented-out entries begin with a # sign.

/etc/nsswitch.conf
Start example
#             
# /etc/nsswitch.conf
#
# An example Name Service Switch config file.
passwd:     files nisplus
shadow:     files nisplus
group:      files nisplus
hosts:      files nisplus dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   nisplus
publickey:  nisplus
automount:  files nisplus
aliases:    files nisplus
End example


Previous Section
 < Day Day Up > 
Next Section
This HTML Help has been published using the chm2web software.