Lesson 1: Understanding DNS Name Resolution - MCSE Training Kit, Microsoft Windows 2000 Active Directory Services [Electronic resources] نسخه متنی

Lesson 1: Understanding DNS Name Resolution

The DNS service provides name resolution for clients running Windows 2000. With name resolution, users can access servers by name rather than having to use IP addresses that are difficult to remember. This lesson introduces you to the name resolution process.

After this lesson, you will be able to

Explain the name resolution process

Estimated lesson time: 10 minutes

Name Resolution

Name resolution is the process of resolving DNS names to IP addresses. Name resolution is similar to looking up a name in a telephone book, where the name
is associated with a telephone number. For example, when you connect to the Microsoft Web site, you use the name www.microsoft.com. DNS resolves www.microsoft.com to its associated IP address, 207.46.130.149. The mapping
of names to IP addresses is stored in the DNS distributed database.

IP Addressing

An IP address identifies each host that communicates by using TCP/IP. Each 32-bit IP address is separated internally into two parts—a network ID and a host ID.

The network ID, also known as a network address, identifies a single network segment within a larger TCP/IP internetwork (a network of networks). All the systems that attach and share access to the same network have a common network ID within their full IP address. This ID is also used to uniquely identify each network within the larger internetwork.

The host ID, also known as a host address, identifies a TCP/IP node (a workstation, server, router, or other TCP/IP device) within each network. The host ID for each device identifies a single system uniquely within its own network.

Here is an example of a 32-bit IP address:

10000011 01101011 00010000 11001000

To make IP addressing easier, IP addresses are expressed in dotted decimal
notation. The 32-bit IP address is segmented into four 8-bit octets. The octets
are converted to decimal (base-10 numbering system) and separated by periods. Therefore, the previous IP address example is 131.107.16.200 when converted
to dotted decimal notation.

Continuing with the sample IP address (131.107.16.200), if the network ID
portion (131.107) is indicated by the first two numbers of the IP address, then the host ID portion (16.200) is indicated by the last two numbers of the IP address.

Lookup Queries

DNS name servers resolve forward and reverse lookup queries. A forward lookup query resolves a name to an IP address. A reverse lookup query resolves an IP address to a name. A name server can only resolve a query for a zone for which it has authority. If a name server cannot resolve the query, it passes the query to other name servers that can resolve the query. The name server caches the query results to reduce the DNS traffic on the network.

Forward Lookup Query

The DNS service uses a client/server model for name resolution. To resolve a
forward lookup query, a client passes a query to a local name server. The local name server either resolves a query or queries another name server for resolution.

Figure 5.1 represents a client from outside of the microsoft.com zone, querying the name server for an IP address of www.microsoft.com.

Figure 5.1 Resolving a forward lookup query

The numbers in the figure depict the following activities:

The client passes a forward lookup query for www.microsoft.com to its local name server.

The local name server checks its zone database file to determine whether it contains the name-to-IP-address mapping for the client query. The local name server does not have authority for the micrososft.com domain, so it passes the query to one of the DNS root servers, requesting resolution of the host name. The root name server sends back a referral to the com name servers.

The local name server sends a request to a com name server, which responds with a referral to the Microsoft name servers.

The local name server sends a request to the Microsoft name server. The Microsoft name server receives the request. Because the Microsoft name server has authority for that portion of the domain namespace, it returns the IP address for www.microsoft.com to the local name server.

The name server sends the IP address for www.microsoft.com to the client.

The name resolution is complete, and the client can access www.microsoft.com.

Name Server Caching

When a name server is processing a query, it might be required to send out several queries to find the answer. With each query, the name server discovers other name servers that have authority for a portion of the domain namespace. The name server caches these query results to reduce network traffic (see Figure 5.2).

Figure 5.2 Caching query results

When a name server receives a query result the following actions take place:

The name server caches the query result for a specified amount of time, referred to as Time To Live (TTL).

NOTE
The zone that provided the query results specifies the TTL. TTL is
configured using the DNS console. The default TTL value is 60 minutes.

Once the name server caches the query result, TTL starts counting down from its original value.

When TTL expires, the name server deletes the query result from its cache.

Caching query results enables the name server to resolve other queries to the same portion of the domain namespace quickly.

NOTE
Use shorter TTL values to help ensure that data about the domain namespace is more current across the network. Shorter TTL values, however, increase the load on name servers. A longer TTL value decreases the time required to
resolve information. However, if a change does occur (for example, a change in the subnet), the client will not receive the updated information until the TTL
expires and a new query to that portion of the domain namespace is resolved.

Reverse Lookup Query

A reverse lookup query maps an IP address to a name. Troubleshooting tools, such as the NSLOOKUP command-line utility, use reverse lookup queries to
report back host names. Additionally, certain applications implement security based on the ability to connect to names, not IP addresses.

Because the DNS distributed database is indexed by name and not by IP address, a reverse lookup query would require an exhaustive search of every domain name. To solve this problem, a special second-level domain called in-addr.arpa was created.

The in-addr.arpa domain follows the same hierarchical naming scheme as
the rest of the domain namespace; however, it is based on IP addresses, not
domain names:

Subdomains are named after the numbers in the dotted-decimal representation of IP addresses.

The order of the IP address octets is reversed.

Companies administer subdomains of the in-addr.arpa domain based on their assigned IP addresses and subnet mask.

For example, Figure 5.3 shows the in-addr.arpa domain representation of the IP address 169.254.16.200. A company that has an assigned IP address range of 169.254.16.0 to 169.254.16.255 with a subnet mask of 255.255.255.0 will have authority over the 16.254.169.in-addr.arpa domain.

Figure 5.3 The in-addr.arpa domain

Lesson Summary

In this lesson you learned that name resolution is the process of resolving names to IP addresses and that mapping of names to IP addresses is stored in the DNS distributed database. You learned that DNS name servers resolve forward lookup queries, and what actually happens when a client queries the name server for an IP address. You also learned about name server caching and that the name server caches the query results to reduce the DNS traffic on the network.

In addition to forward lookup queries, DNS name servers resolve reverse lookup queries. A reverse lookup query resolves an IP address to a name. Because the DNS distributed database is indexed by name and not by IP address, a special second-level domain called in-addr.arpa was created. The in-addr.arpa domain follows the same hierarchical naming scheme as the rest of the domain namespace; however, it is based on IP addresses instead of domain names.