Preventing Vexation and Woe: DNS Fundamentals, Part 1 - Page 2

By Carla Schroder | Posted Jan 30, 2003
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

LAN Cache

Another option is to use a single cache for the entire LAN. Install dnscache on a computer with a static IP and then configure the other computer's resolvers to point to it, replacing any existing nameserver entries:

nameserver 192.168.1.110

This is called an external cache because other hosts are allowed to access it. dnscache comes with built-in authentication, so you must specify which hosts are allowed access. Never ever expose your DNS cache to the world at large. Ever. It's a big security hole.

FQDN

Host names are a continual source of confusion. Fully-qualified domain names (FQDNs) are always needed for DNS to work correctly. The Internet domain hierarchy is in a tree format, with the first-level domains at the top. FQDNs are read right-to-left. For example, in server1.bratgrrl.com,

  • com is the first-level domain (like .org, .net, .gov, .info, and so forth),
  • bratgrrl is the second-level domain name, and
  • server1 is the specific machine hostname.
There is a limited, official list of first-level domain names. The first- and second-level names combine to form registered domain names. Add a machine hostname, and that makes a FQDN. I own bratgrrl.com, so everything@bratgrrl.com belongs to me. Mine all mine. I can use any designation on my servers that I want, like weirdname.bratgrrl.com or my.cool.server.at.bratgrrl.com.

Setting the hostname on a Linux PC is easy. In /etc/hostname, give the machine a hostname only, such as server1, and in /etc/hosts, give the FQDN mapped to the IP address, then the hostname:

192.168.1.110 server1.bratgrrl.com server1

Use the hostname and the dnsdomainname commands to test that it was done correctly:

$ hostname
server1
$ dnsdomainname
bratgrrl.com

Red Hat does this slightly differently; it uses /etc/sysconfig/network. Other Linuxes may vary as well, so check your documentation. The various Windows versions vary somewhat, too; start at the Network and Dial-Up Connections control panel. Just because it's easy doesn't mean you should do it; changing hostnames will affect a variety of network functions.

There are two types of domains: Internet-connected and private. The first- and second-level names only matter for Internet-connected domains -- for running Web, mail, and FTP servers, and such. For these you have to purchase unique names in an approved format from a domain name registrar. For a strictly local domain on a private LAN, you can name your hosts anything you like: server.here.andnow, this.weird.name.because.ican, etc.

In Part 2 we'll take a look at running a DNS server, security considerations, and mixed networks. Please see Resources for excellent companion articles.

Resources
Internet Assigned Numbers Authority
Tinydns: Kiss Your Bind Good-Bye
Kiss Your BIND Good-bye: In-Depth Configuration with Tinydns
djbdns home page
Stroud's CWSApps, search here for a variety of Windows DNS and proxy software
man resolver, man hosts

» See All Articles by Columnist Carla Shroder


Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter