DNS Hierarchy in a Local Domain
If your company is large enough, it might support a number of domains, organized into a local namespace. The following figure shows a domain hierarchy that might be in place in a single company. The top-level, or "root" domain for the organization is ajax.com, which has three subdomains, sales.ajax.com, test.ajax.com, and manf.ajax.com.
Figure 3-3 Hierarchy of DNS Domains in a Single Organization
DNS clients request service only from the servers that support their domain. If the domain's server does not have the information the client needs, it forwards the request to its parent server, which is the server in the next higher domain in the hierarchy. If the request reaches the top-level server, the top-level server determines whether the domain is valid. If it is not valid, the server returns a "not found" type message to the client. If the domain is valid, the server routes the request down to the server that supports that domain.
DNS Hierarchy and the Internet
The domain hierarchy shown in the following figure is a "leaf" of the huge DNS namespace supported on the global Internet.
It consists of the root directory, represented as a dot (.), and two top level domain hierarchies, one organizational and one geographical. Note that the com domain introduced in this figure is one of a number of top-level organizational domains in existence on the Internet.
Figure 3-4 Hierarchy of Internet Domains
At the present time, the organizational hierarchy divides its namespace into the top-level domains listed shown in the following table. It is probable that additional top-level organizational domains will be added in the future.
Table 3-3 Internet Organizational Domains
Domain | Purpose |
---|---|
com | Commercial organizations |
edu | Educational institutions |
gov | Government institutions |
mil | Military groups |
net | Major network support centers |
org | Nonprofit organizations and others |
int | International organizations |
The geographic hierarchy assigns each country in the world a two or three-letter identifier and provides official names for the geographic regions within each country. For example, domains in Britain are subdomains of the uk top-level domain, Japanese domains are subdomains of jp, and so on.
Joining the Internet
The Internet root domain, top-level domains (organizational and geographical) are maintained by the various Internet governing bodies. People with networks of any size can "join" the Internet by registering their domain name in either the organizational or the geographical hierarchy.
Every DNS domain must have a domain name. If your site wants to use DNS for naming service without connecting to the Internet, you can use any name your organization wants for its your domains and subdomains, if applicable. However, if your site plans wants to join the Internet, it must register its domain name with the Internet governing bodies.
To join the Internet, do the following.
Register your DNS domain name with the an appropriate Internet governing body.
Obtain a network IP address from that governing body.
There are two ways to accomplish this.
You can communicate directly with the appropriate Internet governing body or their agent.
You can contract with an Internet Service Provider (ISP) to assist you. ISPs provide a wide range of services from consulting to actually hosting your Internet presence.
Domain Names
Domain names indicate a domain's position in the overall DNS namespace, much as path names indicate a file's position in the UNIX file system. After your local domain is registered, its name is added to the name of the Internet hierarchy to which it belongs. For example, the ajax domain shown in Figure 3-5 has been registered as part of the Internet com hierarchy. Therefore, its Internet domain name becomes ajax.com.
The following figure shows the position of the ajax.com domain in the DNS namespace on the Internet.
Figure 3-5 Ajax Domain's Position in the DNS Namespace
The ajax.com subdomains now have the following names.
sales.ajax.com test.ajax.com manf.ajax.com |
DNS does not require domain names to be capitalized, though they can be. Here are some examples of machines and domain names.
boss.manf.ajax.com quota.sales.ajax.com |
The Internet organization regulates administration of its domains by granting each domain authority over the names of its hosts and by expecting each domain to delegate authority to the levels below it. Thus, the com domain has authority over the names of the hosts in its domain. It also authorizes the formation of the ajax.com domain and delegates authority over the names in that domain. The ajax.com domain, in turn, assigns names to the hosts in its domain and approves the formation of the sales.ajax.com, test.ajax.com, and manf.ajax.com domains.
Fully Qualified Domain Names (FQDNs)
A domain name is said to be fully-qualified when it includes the names of every DNS domain from the local domain on up to ".", the DNS root domain. Conceptually, the fully qualified domain name indicates the path to the root, as does the absolute path name of a UNIX file. However, fully qualified domain names are read from lowest, on the left, to highest, on the right. Therefore, a fully-qualified domain name has the following syntax.
The fully qualified domain names for the ajax domain and its subdomains are:
ajax.com. sales.ajax.com. test.ajax.com. manf.ajax.com. |
Note the dot at the furthest right position of each name.
Zones
DNS service for a domain is managed on the set of name servers. Name servers can manage a single domains or multiple domains, or domains and some or all of their corresponding subdomains. The part of the namespace that a given name server controls is called a zone. Therefore, the name server is said to be authoritative for the zone. If you are responsible for a particular name server, you might be given the title "Zone Administrator".
The data in a name server's database are called zone files. One type of zone file stores IP addresses and host names. When someone attempts to connect to a remote host using a host name by a utility like ftp or telnet, DNS performs name-to-address mapping, by looking up the host name in the zone file and converting it into its IP address.
Figure 3-6 Domains and Zones
For example, the Ajax domain shown in the above contains a top domain (Ajax), four subdomains, and five sub-subdomains. It is divided into four zones.. Thus, the Ajax name server administers a zone composed of the Ajax, Sales, Retail, and Wholesale domains. The Manf and QA domains are zones unto themselves served by their own name servers, and the Corp name server manages a zone composed of the Corp, Actg, Finance, and Mktg domains.
Reverse Mapping
The DNS database also includes zone files that use the IP address as a key to find the host name of the machine, enabling IP address to host name resolution. This process is called reverse resolution or more commonly, reverse mapping. Reverse mapping is used primarily to verify the identity of the machine that sent a message or to authorize remote operations on a local host.
The in-addr.arpa Domain
The in-addr.arpa domain is a conceptual part of the DNS namespace that uses IP addresses for its leaves, rather than domain names. It is the part of your zone that enables address-to-name mapping.
Just as DNS domain names are read with the lowest level subdomain occupying the furthest left position and the root at the far right, in-addr.arpa domain IP addresses are read from lowest level to the root. Thus, the IP addresses are read backward. For example, suppose a host has the IP address 192.168.21.165. In the in-addr.arpa zone files, its address is listed as 165.21.168.192.in-addr.arpa. with the dot at the end indicating the root of the in-addr.arpa domain.