Introduction to DNS

Previous Topic Next Topic

Zones

The DNS standards do not specify the internal data structure that stores resource records, and various implementations differ. Generally, servers use zones stored on that server in plain text, but it is not required. With Windows 2000, you can integrate your DNS database with the Active Directory database, in which case the zones are stored in the Active Directory database.

One common implementation of DNS, the Berkeley Internet Name Domain (BIND) implementation, generally uses the file names shown in Table 5.5.

Table 5.5 Zone Names Used in BIND

Name Description
db.domain Forward lookup zone. For example, if your DNS domain is reskit.com, then this file is called db.reskit.com.
db.addr Reverse lookup zone. For example, if your network is the class C network address 172.16.32 then this file is called db.172.16.32.
db.cache Also known as the root hints file, this file contains the names and IP addresses for the name servers that maintain the root DNS domain. This file is essentially the same on all servers that use Internet root DNS servers, but must be modified for servers that use private root DNS servers. (A root DNS server is a DNS server that is authoritative for the root of the namespace.)
db.127.0.0.1 Used to resolve queries to the loopback address. It is essentially the same on all name servers.

The names of the database files are arbitrary and are specified in the configuration of the DNS server. By default, the Microsoft Windows 2000 DNS server does not use the same file names as a typical BIND DNS server but instead uses zone_name.dns. However, if you are porting DNS db files from another DNS server, you can configure the Microsoft Windows 2000 DNS server to use the BIND file names.

The following sections explain the contents of the zones and describe one additional file, the BOOT file, which is used by BIND servers, though not specified in the DNS standards.

Forward Lookup Zone

Forward lookup zones contain information needed to resolve names within the DNS domain. They must include SOA and NS records and can include any type of resource record except the PTR resource record.

Reverse Lookup Zone

Reverse lookup zones contain information needed to perform reverse lookups. They usually include SOA, NS, PTR, and CNAME records.

With most queries, the client supplies a name and requests the IP address that corresponds to that name. This type of query is typically described as a forward lookup.

But what if a client already has a computer's IP address and wants to determine the DNS name for the computer? This is important for programs that implement security based on the connecting FQDN, and is also used for TCP/IP network troubleshooting. The DNS standard provides for this possibility through reverse lookups.

If the only means to answer a reverse lookup were to conduct a thorough search of all DNS domains in the DNS namespace, the reverse query search would be too exhaustive to perform in any practical way.

To solve this problem, a special DNS domain called in-addr.arpa was created. This domain uses a reverse ordering of the numbers in the dotted-decimal notation of IP addresses. With this arrangement, administration of lower limbs of the in-addr.arpa domain can be delegated to organizations as they are assigned their class A, B, or C IP network IDs. For more information about creating classless reverse lookup zones, see "Windows 2000 DNS" in this book. See also RFC 2317, "Classless IN-ADDR.ARPA delegation."

Figure 5.5 shows a branch of the in-addr.arpa namespace.

Figure 5.5    In-addr.arpa Namespace
Enlarge figure

Figure 5.5 In-addr.arpa Namespace

The in-addr.arpa domain tree requires PTR resource records to store and provide reverse mappings for IP addresses of their corresponding FQDNs.

If a client needs to find the FQDN associated with the IP address 172.16.44.1, the client queries for the PTR record of the 1.44.16.172.in-addr.arpa domain name.

Inverse Queries

In addition to reverse lookups, some DNS servers support what is known as an inverse query. Just as with a reverse lookup, a client making an inverse query provides the IP address and requests the FQDN. However, the server does not use the in-addr.arpa domain to find the answer, and it does not query any other servers. Instead, it simply checks its own zones for the answer, and if it does not find the answer, it returns an error message. There is no way for either the server or the client to know whether the IP address is simply missing from the zones of that server, or whether the IP address does not exist.

Because support for inverse queries is optional and because servers often cannot provide a definitive answer, inverse queries are of limited use. Only certain applications use inverse queries, such as earlier versions of nslookup.

The Windows 2000 server responds to inverse query requests by replying with the IP address specified in the query enclosed in square brackets. For example, if it receives an inverse query for 172.16.72.1, it responds with [172.16.72.1].

For more information about inverse queries, see RFC 1035.


© 1985-2000 Microsoft Corporation. All rights reserved.