One of the core services of networking is DNS, or domain name service. It tells you how to get where you want to go. This was first done with a very large hosts file, which still exists, but DNS was put in place not long ago to streamline this huge distributed thing which we call the Internet. Mastering this distributed system will allow you to better manage the rest of your network services.

The ideas which make DNS work are worth a look. Each domain name on the internet has a primary name server with one or more secondary name servers. This duplication from a single source provides solid redundancy. The primary is the master server for the domain. This is where all information originates. With the secondary servers, you set up a slave for each domain which will be directed to take information from the primary. If the primary is ever down the secondary servers would be queried instead and should have all current data from the primary. In order to ensure this redundant system works, you should distribute your secondary name servers widely, on different networks, whenever possible. If you do not, you may have long periods of downtime. Consider your server placement carefully if connectivity is important for your situation.

Each domain is set up in the zone file. When a secondary server requests information on a domain it will pull all of the data in the zone file, and this is called a zone transfer. The frequency of its updates is defined right in the zone record. For detailed information on the structure of all the information in a zone file, you can use the Bible for name services, "DNS and Bind," from O'Reilly. It is an excellent book and if you are dealing with DNS you will find this book very useful.

Currently there is virtually only one name server in use. It is Bind from The Internet Software Consortium. It is the server software used by the root servers that make the internet work and by just about every name service around. There are alternatives to Bind in the works which hope to replace Bind, but they are nowhere close to the popularity of Bind.

One concern with Bind in recent months has been security. ISC has often released information about security holes in Bind which allow for remote attacks to gain root access to systems. If you use Bind, be prepared to upgrade often. Also be sure to subscribe to the appropriate security mailing list for your platform. You can expect to see announcements on how to patch Bind to work out a security hole ever so often. The security list will also inform you of other security holes in other software as well. Recent talk on some mailing lists and on Slashdot suggests that an open DNS server should be made with the goal of being very secure. Some suggest it would be called OpenDNS. The OpenBSD crowd may take on this task much like they did with OpenSSH. It would be a worthwhile project.

• ISC Bind (isc.org)
• DNS Resource Directory (dns.net)
• Setting up a basic DNS server
• Bind version? (FreeBSD Diary)