لطفا منتظر باشید ...
When to Run a DNS Server
Administering a DNS server isn't a trivial undertaking, so
it's important to understand thoroughly what you'll get out of doing so. One
set of benefits accrues if you run servers on your local network that should be
accessible by name to people outside of your local network. Another reason
relates to purely local network access. In both cases, there are alternatives
you might want to consider.
Running
an Externally Accessible DNS Server
The Internet as a whole relies upon an interlinked set of DNS
servers. Understanding how this system works is critical to understanding why
you might want to run DNS to allow outsiders to reach your systems. Consider as
an example a DNS lookup performed in response to a user's Web browsing. The
user enters a uniform resource locator (URL), such as
This entry results in various activities on the local computer, which
ultimately result in the system contacting the local DNS server to resolve the target="_blank">www.whitehouse.gov
hostnamethat is, to convert it into a numeric IP address. The local DNS server
begins this process by contacting a root server.
This is one of a handful of systems whose addresses are unlikely to change, so
the DNS server encodes root server IP addresses in a configuration file. The
local DNS server asks the root server for help in resolving the
hostname. The root server is unlikely to know the IP address, but the root
server does know the IP addresses of servers that have more information on the top-level domains (TLDs), such as .com , .gov ,
and .uk . The root server
therefore passes the local DNS server the addresses for the .gov servers, and the local DNS server
redirects the request to one of these. The .gov
DNS server is unlikely to be able to resolve the entire hostname, but it should
know the IP addresses of servers responsible for the
domain, and so passes those addresses back. The local DNS server then asks one
of the whitehouse.gov DNS servers for the
address, and the whitehouse.gov server will know this address,
and so will return it. The local DNS server can then return this final address
to the Web browser, which uses it to request the Web page. This entire process
is illustrated in
from the end user; to a program or person using this system, it appears as if
the local DNS server knows the addresses associated with all the systems on the
Internet.
Figure 18.1. A single DNS lookup may
involve requests being sent to multiple DNS servers in quick succession.
of resolving a hostname, the entire process typically only takes a few seconds.There are also shortcuts that can help make the system even
more efficient. For instance, local DNS servers may cache lookup results. Thus,
if two users request the same addresses in quick succession, the DNS server
won't need to go through the entire process a second time; it can simply return
the original value. Also, the cache includes lookups on common domains. For
instance, a local name server is almost certain to have the addresses of the .com TLD servers available, so the initial
call to the root name server can be skipped. These caches aren't kept around
indefinitely, though; they're occasionally flushed, which allows domain
administrators to change their systems' IP addresses without causing undue
problems.If you run servers that you want to be accessible to others,
it's a practical necessity to tie yourself into this DNS network. Specifically,
you must run a DNS server that fills the role of the
name server in
practical aspects of doing this are discussed in the upcoming section, "
server is configured and running, and once the DNS server for the
next-higher-level domain knows about yours, anybody on the Internet will be
able to reach your computers by name.NOTE
align=left border=0> The authorities who administer DNS require that every domain
have at least two DNS servers. This isn't
done because the protocols require it, but for redundancyif one DNS server
crashes, the other can still resolve hostnames. This requirement can be a
problem if your network is particularly small, but you might be able to run
your own primary DNS server and use an outside source for the secondary DNS
server.
One alternative to running your own DNS servers is to let
somebody else do it for you. Many domain registrars (discussed shortly, in the
section "
service providers (ISPs) offer DNS hosting services. Sometimes these are free
with some other service, such as domain registration. Other times you must pay
a small fee (usually a few dollars annually). At least one organization,
Granite Canyon (http://www.granitecanyon.com ) offers free DNS
servicesbut remember the adage, "You get what you pay for." In any
event, a third party can handle your DNS requirements for the outside
worldeither both servers or just one, if you want to host one yourself.There's a specific type of DNS service that's marketed
primarily to home users with digital subscriber line (DSL) or cable modem
connections:dynamic DNS. Organizations that
offer dynamic DNS services operate a DNS server much like any other, but they
allow you to quickly and easily update the DNS records to reflect a changing IP
address. Most businesses are better off using an Internet connection that
allows for static IP addresses, but dynamic DNS services may be useful for
hobbyists who want to run their own servers. A few dynamic DNS providers also
offer conventional static DNS services. There are too many dynamic DNS
providers to list them all here, but a couple of sites that host lists of
dynamic DNS providers are target="_blank">http://www.technopagan.org/dynamic/
and http://www.oth.net/dyndnsl .Relying on an outside source for your DNS server can make a
great deal of sense if you don't want to deal with maintaining one yourself.
Because DNS is so important to so many other services, it's a good idea to rely
on an experienced outside source of DNS services if you're inexperienced in DNS
administration or if your network connection is flaky.Even if you rely on an outside DNS server,
you may want to learn something about DNS configuration. This is because the
Web-based configuration forms that are common with DNS providers typically
require you to fill out much of the same information you'd enter into local DNS
configuration files. Knowing what this information is will help you to
configure your domain appropriately even when you don't run the DNS server
yourself. The upcoming section, "
domain whose name servers are being provided by a DNS hosting service.
Running a Local DNS Server
In addition to providing services to outside
systems, a DNS server you run can function as your domain's DNS serverthat is,
the computer whose address you enter into /etc/resolv.conf or whose
address you specify in a DHCP configuration file as the name server. This has
two major advantages over relying upon an outside DNS server: You can configure your local systems to rely on
your local DNS server for external lookups, thus potentially improving
performance, particularly if your ISP's DNS server becomes unreliable or slow. Your
local DNS server can maintain its own local cache, which might result in
improved performance in some circumstances. Your local DNS server can maintain information
on your local network, even for local systems that you do not want to make
accessible to the outside world. For instance, you might run a local DNS server
behind a firewall to allow for easy name resolution within your local network. These
systems might not be visible from the outside world, and so would have no
external DNS entries.The second reason is generally more
important, although on some networks the first reason may be important, as
well. As a general rule, if you run a DNS server to grant outsiders access to
your own network, you might as well use that server for internal access, as
well. Purely local DNS servers are helpful when you run a network of more than
a few computers behind a firewall.An alternative to running a DNS server for
purely local use is to configure the clients to use a name resolution method
other than DNS. One common approach is to use the /etc/hosts file in Linux
or other UNIX-like systems. (Non-UNIX systems also often support this
mechanism, although the file may be stored in some other location, such as C:\WINDOWS\HOSTS in Windows 9 x /Me.) An /etc/hosts entry consists of an IP address followed by a full hostname and a shorter
"nickname." For instance, an entry might look something like this: 192.168.78.109 gingko.threeroomco.com gingko
A typical Linux system includes at least one /etc/hosts entry to define localhost as 127.0.0.1. On a small network, it's usually not too difficult to
expand this file to include definitions for all the other local computers. The
effort involved on a small network is usually much less than is required to
administer a full DNS package. As the number of computers grows, the
effort involved in updating all the computers' /etc/hosts
files grows much faster than does the effort in administering a centralized DNS
server. The /etc/hosts approach
is also impractical if your network uses DHCP and dynamic IP addresses (a
configuration that's tricky, but not impossible, for a conventional DNS server
to handle).
