Domain Name Service Concepts and Configuration
The Domain Name System (DNS) is one of the foundation pieces of the global Internet and is used by anyone accessing the Internet on a daily basis. It can also be used in private networks as well and is heavily used in many private organizational networks. This article takes a look at what the DNS is, what it provides for a “normal” Internet user and finishes up with some methods of configuring DNS on Cisco equipment.
Domain Name System Concepts
The idea for DNS was introduced in the late 80’s as a method of making the different devices on the network more accessible. Without a naming solution, each of the devices on the Internet (as well as private networks) would need to be accessed via an address solely. Up until recently, this address was an Internet Protocol version 4 (IPv4) address, which included a number that was represented as four octets (i.e. 126.96.36.199). Using these addresses to access a few known resources on the network is relatively easy; however, when trying to deal with thousands of different devices and addresses it becomes unmanageable quickly. This is where the DNS comes in; it provides a system that allows a simplified name to represent any number of configured addresses. When using this system instead of using an address like 188.8.131.52 (which may be hard to remember for many users), users can use a domain name like google.com.
DNS was designed to have three main components: namespace and resource records (RR), name servers and resolvers. These will be covered in the next few sections:
DNS namespace uses a tree-like structure with roots being the basis for all other parts of the tree. The main Top level Domains (TLD) that exist within DNS included commonly seen domains like .com and .edu; these are then used as the roots for all domains that use them as a suffix (for example psu.edu or mit.edu). Administratively, DNS is separated into authoritative zones; these zones are managed by a specific entity and that entity manages all of the names that come under it. For example, google.com is managed by Google; all other domains like http://www.google.com, news.google.com and books.google.com are all also managed by Google.
Organizationally these different domains are kept within DNS as a number of Resource Records (RR). There are a number of different RRs that exist within DNS, but for the purposes of this article only a few of the most common will be covered.
- The A type address record is used to directly map an IPv4 address with a specific name. For example, google.com is mapped with an A record to the address 184.108.40.206.
- The AAAA type address record is used to directly map an IPv6 address with a specific name. For example, ipv6.google.com is mapped with an AAAA record to the address 2001:4860:800a::6a.
- The NS type name server record is used to map a domain with its authoritative name servers. For example, google.com is mapped with NS records to ns1.google.com, ns2.google.com, ns3.google.com and ns4.google.com.
- The CNAME type canonical name record is used to alias one name to another. For example, http://www.google.com is mapped with a CNAME record to http://www.l.google.com.
- The MX type mail exchange record is used to map a domain name with a list of mail transfer agents (those devices that manage the email for the domain). For example, one of Google’s (google.com) MX records maps to aspmx.l.google.com.
- The PTR type pointer record is used to map an IP address with a canonical name; this record is typically used for reverse lookups where an IP address is known and the name linked to it is being requested. For example, 220.127.116.11 is mapped with a PTR record to vb-in-f105.1e100.net (which is owned by Google).
- The SOA type start of authority record is used to associate information about the authoritative owner of the domain, including the primary name server, administrator email address, the domain serial number, and the timers associated with the domain.
DNS was designed to be a distributed system with support for local caching. What this means is that early on it was understood that the number of records that could potentially exist within the system is in the billions and could not be individually managed by a single group of servers or a single database. DNS operates by having the authoritative nameservers maintained by the owning entities and these entities are responsible for maintaining an authorized list of DNS records for their zones.
Any DNS nameserver can be queried for a RR; if the server is not authoritative for the requested domain, it will check to see if it has a cached version of the RR. If it does not have a cached copy, it will query the authorized nameserver for an up-to-date version of the record. If a new RR is received from the authorized nameserver, it will be cached for future lookups. Anyone with the ability can set up a DNS server that can be used to provide naming and lookup services. It is possible to set up a local DNS server just for the purpose of caching to increase the lookup performance of commonly accessed DNS records.
A DNS resolver exists on any device that performs lookups of DNS information from the DNS nameservers. Typically the resolver is integrated as part of the operating systems IP network implementation.
Domain Name Configuration
While it is possible to configure a Cisco IOS router to act as a DNS server, this is almost never done in production. Commonly, Cisco IOS devices are only configured to be DNS resolvers or to not support DNS at all.
Domain Name Configuration Commands
The next few sections go over the most common Cisco IOS DNS commands:
- The ip host name address1...address8 provides a method of statically configuring a local DNS address entry. Up to 8 different addresses can be mapped in a single entry to a single name.
- The ip domain name name command is used to define the default domain name that will be used when performing an unqualified name lookup. For example, if a lookup of www was completed on the device and the ip domain name was set to cisco.com it would be looked up as http://www.google.com.
- The ip name-server server-address1...server-address6 is used to specify the address of the DNS nameserver(s) to use when looking up a name. There can be up to 6 different DNS servers specified.
- The [no] ip domain lookup command is used to enable or disable IOS DNS lookup abilities. By default, DNS lookups are enabled which can be quite annoying when no DNS servers are used or configured.
- The ip domain timeout seconds command is used to specify the amount of time that the IOS device will wait for a DNS nameserver response.
Domain Name Configuration Example
The following example shows the configuration of a Cisco IOS device that enables DNS lookups using the DNS nameserver 18.104.22.168, uses a default domain name of ciscopress.com and has a timeout of 15 seconds.
IOS DNS Lookup Configuration
Enter global configuration mode.
Configure the use of ciscopress.com as a default domain name.
router(config)#ip domain name ciscopress.com
Configure the use of 22.214.171.124 as a default DNS nameserver
router(config)#ip name-server 126.96.36.199
Configure a DNS timeout of 15 seconds.
router(config)#ip domain timeout 15
DNS is one of the many fundamental parts of the modern networks and has been able to keep up with modern network design changes. A good understanding of how the system works is an important part of any network engineer’s education and should be part of any network engineer’s learning plans. Hopefully the content of this article has been able to be used as a primer of DNS and has been able to extend the reader’s understanding of DNS.