Subject: DOMAIN NAME SERVICE DOMAIN NAME SERVICE Domain Name Service (DNS) is used to convert domain names like lightlink.com into IP numbers like 205.232.34.1, and back again. The reason for this is that the internet needs to work in IP numbers, but human minds prefer to work in English words. IP stands for Internet Protocol, and an IP number is the logical address of a computer on the internet. Human minds can deal with lightlink.com, but computers need to deal with 205.232.34.1. IP numbers also allow efficient routing to take place. For example both 205.232.34.1 and 205.232.35.1 are under 205.232. So if the router knows where to send 205.232, it doesn't have to bother even looking at the rest of the IP. A domain name server is a program that runs on a computer, usually there is at least one such server running at every large organization, school or ISP, so there are quite a few of them in the world. One such name server program is called BIND which stands for the Berkeley Internet Name Daemon. Its also called NAMED, which is pronounced NAME - D. Most unix daemons end with the letter d. A daemon (pronouced DEMON) is a program that stays resident in core and listens continuously in the background for incoming requests and then services them as they come in. Unix daemons are similar to DOS TSR's (Terminate and Stay Resident programs) or Mac extensions, both of which serve the same purpose. Other examples of unix daemons are ftpd which handles FTP requests, httpd, which handles web requests, sendmail which handles mail requests, telnetd which handles telenet requests, innd which handles news (usenet), and ircd which handles irc requests. FTP = File Transfer Protocol HTTP = Hyper Text Transfer Protocol INN = Internet Network News NNTP = Network News Transport Protocol IRC = Internet Relay Chat SERVERS AND SERVERS The term 'server' tends to have two separate but related meanings. The first meaning is the physical machine that a daemon is running on, such as 'the web server'. At lightlink, our web server is the machine named light.lightlink.com. It also used to be mail and ftp server. The second meaning of the word server, is the daemon program running on the machine. "What web server are you running?" In this case the answer is Apache HTTPD. So this can lead to the following brain twister: "We are running the Apache web server on a Sparc 20 server." Usually when one refers to a server, one is refering to the whole functional conglomerate which consists of both the physical machine server and the server software. DOMAIN NAME SERVICE (DNS) A domain name server is a machine usually running the named daemon. It can be a stand alone machine set up solely to run named, or it can be a mail, ftp or a web server that is also running named for its own purposes. DNS servers provide 3 broad functions on the internet. 1.) PRIMARY NAME SERVICE They act as the primary server of authority for a given domain, such as artmatrix.com. When a user wishes to have their own domain, either a private end user or a major ISP, they need to get an IP number assigned to their domain, and they need to find a DNS server somewhere that will act as the primary server of authority for their domain. Only one DNS server machine can be the primary server of authority for any given domain, but any one ISP might have more than one DNS server machines serving different domains. When a customer wishes to have their own domain, they must first choose a domain name that does not already exist on the planetary grid. The master database of US domains is at the Internic (Internet Network Information Center) and can be queried through the WHO-IS search engine that they provide. Foreign domains must be handled through the respective foreign 'internics' in each country. Once a domain name has been chosen like artmatrix.com, the customer must find an ISP somewhere that will be willing to offer primary name service for that domain. This is often the same ISP that the client is using for his dial up access and to host his web pages, but it does not have to be. The customer and ISP must decide on an IP number that will be associated with the domain name, and the ISP must then enter a record into his domain name server that records the relationship between the customer's domain name and its IP number. The customer must register the domain name with the internic and in the registration, he must state that his domain gets is primary name service from say, light.lightlink.com. As an example, Art Matrix which sells fractal videos, has a domain name artmatrix.com, which has its primary DNS server at light.lightlink.com and there is a record in the name server on light showing that artmatrix.com <-> 205.232.88.128. Coincidentally, that IP number points to web pages also hosted on light.lightlink.com, but they could just as easily have been hosted in Timbuktu, in which case the name record residing on the machine light.lightlink.com would point artmatrix.com to some completely different IP over in Timbuktu. HOW DO WE USE DNS? Say a remote user at rahul.net using Win95 running Netscape, wishes to visit the artmatrix.com home pages. So he types in http://www.artmatrix.com and hits the return key. His browser will first query a local name server probably belonging to rahul.net. His Win95 setup will contain an area to enter two name server IP numbers, and no doubt rahul.net will have told him what these IP numbers are for just this purpose. Although Win95 calls these two entries, Primary and Secondary DNS, they really have nothing to do with the primary name service that we are talking about here, they merely lay out the order in which the two name servers should be queried in case one is down. Neither of them will be the primary name server of authority for artmatrix.com. Since the first name server in the user's list is undoubtedly not primary for artmatrix.com it will have no idea what the correct IP number is for artmatrix.com. The rahul.net name server will then query the internic ROOT name servers that contain the data base which says where every domain gets its primary name service. Every domain name server on the planet knows the IP addresses of the internic ROOT servers, if they didn't, they would never be able to get any data about the rest of the world. The internic root servers will send back to the rahul.net name server that primary service for artmatrix.com can be found at 205.232.34.1 or light.lightlink.com (same thing). Then the rahul.net name server will send a second request directly to light.lightlink.com asking for the IP of artmatrix.com, and our name server on light will respond with 205.232.88.128. The rahul.net name server will then send this answer (artmatrix.com = 205.232.88.128) to the end user at rahul.net using win95 who made the request in the first place, and his netscape browser software will then send a web (http) request directly to 205.232.88.128 which will respond with the web pages for artmatrix.com. The next user at rahul.net who wants to get to artmatrix.com will have to go through the same procedure, except that the local name servers at rahul.net already know the IP for artmatrix.com because they have recorded it in their memory from the last person who wanted it, so they won't have to bother the internic root servers nor the primary server at light.lightlink.com for the answer all over again. This recording process is called CACHING, and greatly lessens the load on the primary name servers which would go crazy if they had to answer every time someone wanted the artmatrix.com home page. Every so often the data in the caches expire, and the remote name servers erase their data and so the primary has to be queried again if someone wants the data. This assures that the data in the caches does not get too old and stale, in case the IP number for artmatrix.com changes or disappears completely. THE IMPORTANCE OF NAME SERVICE It's pretty clear that primary name service is a VERY important service to domain name holders, because if the primary name server goes down, then the remote user won't be able to find out what IP that domain is, and that domain will effectively be off the internet. EVEN IF THE WEB PAGES ARE UP, IF NAME SERVICE IS DOWN, THE WHOLE DOMAIN IS DEAD INCLUDING E-MAIL. It is for this reason that it is very important to not only have a very stable and well guarded primary name server, but to also have multiple secondary backup name servers. 2.) SECONDARY NAME SERVICE The second broad function of a name server is to act as a secondary backup name server for a domain. It has been a long standing internet policy that every domain should be serviced by at least two name servers, a primary name server and at least one secondary name server. Further the secondary name server should not be on the same network as the primary, because if the network as a whole goes down, then both name servers will be out of commission, which means all of the domains that they service will be dead for the duration of the outage. For example we have two name servers here at lightlink, light is the primary name server for all our domains, majesty is the secondary. If light goes down, then majesty takes over, no loss. But if NYSERNET or SPRINT go down, then we are effectively cut off from the net for a while, and everyone outside our dark spot will find that all the domains that we host are 'non existent'. Now you might say, well if your whole network is off line, then remote people can't get to your web pages anyhow, so who cares if the domain is off line? Well for one it is very disconcerting to an end user to receive back a message that says 'domain unknown', or 'domain does not resolve' or some such. If its your domain, it might make them think you have gone out of business. So even if your ISP or your web pages are momentarily down, you ALWAYS want your domain to resolve properly. Then the user gets back 'Server might be down', which is much more calming than 'Domain does not resolve.' But more importantly, it is not always true that one's web pages are hosted at the same ISP that is doing primary name service. One can in fact envision a business whose sole activity is to provide domain name service to people who will definitely host their pages and e-mail elsewhere. (Check out http://www.worldnic.com for example, they provide 'cold storage' for domains names that people want to reserve but not otherwise use.) So even if the primary name server or its ISP are offline, the webpages might be just fine and accesible at some other ISP, but no one can get to them! This is why it is so important to have a secondary name server that is physically and electronically separate from the primary name server. Taking it to an extreme, the primary and secondary name servers shouldn't even be in the same city, because if the city gets nuked, both will go off line! If one is really paranoid, which you should be if you are taking responsibility for other people's lives, you probably will want 2 or more secondary servers at very widely disparate locations, preferably on the other side of the country, or even in a foreign land if you can. Secondary name servers are no different than primary name servers, they run BIND on a machine just like the primary. Only rather than having an authoritative database of domains and their IP nuymbers entered by the hand of the ISP, they have a secondary database of domains and their IP numbers THAT THEY HAVE DOWNLOADED AUTOMATICALLY FROM A SPECIFIED PRIMARY NAME SERVER. They may have no primary records of their own, but they download copies of primary records from the real primary name servers, and store them in their own database. A secondary name server is set to download its secondary database every couple of hours or every day or whatever the ISP who owns the primary records wants. One problem with setting up secondary name servers, is getting access to a name server in a remote part of the country that is willing to down load YOUR primary domains! In order to facilitate this, ISPs join into swapping agreements with each other. For example we have a swapping agreement with John Levine at ivan.iecc.com. Every night his name server downloads all our primary name records and puts them in his secondary data base. And we download all his primary name records and put them in our secondary database. Since we already have a secondary name server on our own system (majesty) that gives us two secondary servers, majesty and ivan. Ivan is physically disparate from us (well a single atom bomb would take us both out), but we are very electronically separated from each other, as he is on the PSI backbone, and we are on the Nysernet backbone, and it is very unlikely that any single network down would take both of us out. We also have a swapping arrangement with denver.net which is in colorado on yet a totally different network. So for every domain that we host as primary, the internic lists four name servers. light.lightlink.com primary authoritative majesty.lightlink.com secondary not authoritative ivan.iecc.com secondary not authoritative denver.net secondary not authoritative The reason the secondary name servers are not considered authoritative for our primary domains, is because if I change the IP number of artmatrix.com on the primary name server, it will be a while before the secondaries go through their download cycle and get the new corrected information. Therefore secondaries can be wrong for a small time window after a change takes place. Secondary servers always respond that they are non authoritative, and primary name servers always respond that they are authoritative. When the user at rahul.net wants to hit on artmatrix.com, the internic root servers actually send him all four addresses of the primary and 3 secondary name servers, and his local name server at rahul.net picks one of the 4 at random, so the load of incoming requests is actually shared by all 4 name servers. When a secondary server is hit upon for artmatrix.com, the server will state that it is non authoritative, and this fact will be matched with the data received from the internic. If the internic says that a server is non authoritative but the server responds as if it were authoritative, then an error is logged at rahul.net although the data may be accepted and sent on to the end user anyhow. If anyone of the 4 name servers fails to respond because it is completely down, then the server at rahul.net will try the next one in line. If anyone of the 4 name servers responds but says it has no data for the domain being requested, then an error is logged saying that the server is the brunt of a LAME DELEGATION. That means the server was delegated by the owner of the domain through the internic as a valid primary or secondary server, and yet that server says it has no knowledge of the domain. 3.) CACHING ONLY SERVER The third broad function of a name server is to act as a caching only server. A caching only name server has no primary or secondary records to serve. It merely gets and stores answers to queries that are sent to it. If someone asks it what the IP of artmatrix.com is, it will respond if it knows. If it doesn't know the answer, it will go to the internic root servers, find the primary and secondary name servers for artmatrix.com, query them, give the answer to the user making the query, and store the answer in its cache so it can give a faster answer to the next user. SUMMARY To summarize, there are 3 broad functions of a name server. 1.) Primary name server - To act as the primary name server of authority for a domain name. 2.) Secondary name server - To act as one of a number of backup secondary name servers that will respond if the primary is down. 3.) Caching only name server - To answer name service queries for any domain at all, and store the answer for a faster response. The caching only name server gets its answers from primary or secondary name servers. THREE BROAD USES OF A NAME SERVER. Now that we know the 3 broad functions of a name server we can take a look at the three broad uses that name servers can be put to. These are of course related to the 3 functions, but it is enlightening to take a look at the matter from the point of view of who is hitting on the server, rather than what it can do. Remember that any one machine can act as primary for some domains, secondary for others, and cache for every one else. All this name service can really load a machine down, so its important to know where all the requests are coming from, and perhaps divide up your name servers to handle each load separately. 1.) SERVING PRIMARY AND SECONDARY DOMAINS REMOTE USERS The first broad use of a name server is as a 'primary/secondary name server', its job is simply to serve primary and secondary names for the domains that it is hosting. *ANYONE* anywhere in the world who wants to know the IP number for artmatrix.com will be hitting on its primary server or one of its secondaries for the IP. Say a server is the primary server for 250 domains and secondary server for 200 more domains. That server is going to be receiving hits all day long, 24 hours a day, from people everywhere on the planet, trying to find the IP numbers of those domains. There are two things that mitigate this load. The first is that the primary and secondary servers share the load. When someone wants the IP of artmatrix.com they are presented with one primary and 3 secondary servers, and they pick the one they query at random. So if the primary server has 3 secondaries, it really only gets to see 1/4 of the total hits meant for it. But if that same server is also secondary for other domains, it will also be seeing the hits from those secondaries. So basically the server is going to see a full load of hits even if only 1/4 of those hits are its own. The other 3/4's are hits coming from domains it is secondary for! If you have ever taken a look at the logs going by on a name server, you will see that busy ones are being hit upon just relentlessly. For this reason it is important to have those domains hosted on a strong and powerful server, with multiple redundant hardware and tape for backups, in case something goes wrong. The second thing mitigating the load, is that remote name servers around the world will cache the answers they get from the primary/secondary name servers, so futher hits on the domain FROM THOSE SAME AREAS will be answered locally rather than come to the primary/secondary name server again. 2.) SERVING LOCAL USERS REQUESTING REMOTE DOMAINS The second broad use of a name server is as a 'local user name server', its job is to find and answer DNS queries from the local users of the ISP who want to surf the web. For example lightlink may have 130 users on line at any time, and they all have two name servers set in their Win95 or Mac, setup box. Everytime they want to go to a remote site, their Win95 queries one of those name servers, usually 205.232.34.1, and that name server has to go out and get the answer and give it to the user. It also caches the answer for the next user that wants to go to the same site. There are distinct differences between a local user name server and the primary/secondary name server mentioned in 1.) above. The primary/secondary name server is being hit upon by millions of different people from all over the world for the same 200 or so domains. It doesn't need to have a lot of memory but it has to have a lot of bandwidth and CPU power to handle all those requests. There is no queuing of requests, if 10,000 people all want to know the IP of artmatrix.com at the same time, that name server had better be able to deal with 10,000 requests at the same time or its going to die. The local user name server is only being hit upon by say 130 users at a time but they are requesting data for every possible domain in existence, so it has to have a HUGE cache. It doesn't get a lot of hits, so its CPU and bandwidth needs are minimal, but it has to have fast and expansive memory. The primary/secondary name server is only answering queries for its own primary and secondary domains so actually it doesn't need a cache at all. It already knows the data for its own domains, and no one should be hitting on it for domains that it is not primary or secondary for. It's a good idea to actually turn the cache off. The local user name server shouldn't have any primary or secondary domains at all in its data base, and it should ONLY answer queries for domains that exist out in the real world, and so it needs a huge cache to keep all that data. It is probably not a good idea to put both kinds of name servers on the same machine. The relentless hitting that comes from a planet querying your machine for 200 domains, does not go well with the memory needs of a huge cache created when your your local users query 3,000,000 different sites they want to see. It's two different jobs and should be handled by two different machines. 3.) SERVING LOCAL PROGRAMS The third broad use of a name server is as a 'local program name server', its job is to provide name service to local programs like mail and web servers. For example every time you want to send a piece of mail to homer@rahul.net, the mail program has to look up the IP number for rahul.net before it can send the mail. This is similar to the local user name server above, only its being hit upon by a single program rather than a bunch of users, and it needs to have a huge cache of answers to keep the mail busily flowing on. Another big program user of name service is the web server. This isn't quite as obvious, but every time a hit comes into the server from a remote site, for example someone trying to look at your home page, the server gets the IP number of the requesting site. That's how it knows where to send the response back to and who is making the reponse. This IP number shows up in your web hit logs, and that's how you know where hits are coming from. But people *HATE* IP numbers, and they want their web hit logs to show english language domains names instead, so the web server has to constantlly query a name server to translate those incoming IP's to domain names. If the web server is being hit relentless, then the name server is also being hit relentlessly with every hit. Thus, just as with mail, it is very important for a web server to have its own dedicated local program name server to service those requests. A very busy mail or web server can generate more name service queries than primary/secondary or local user name servers combined. For this reason it is very important to have separate *DEDICATED* name server daemons running on both the mail server and the web server whose sole purpose is to service the requests being generated by those two programs. Since a program name server is dependent on its cache, its important for the web and mail servers to have LOTS of memory and CPU power. You certainly wouldn't want the name server that is servicing your web server say, to ALSO be your primary/secondary server, because the relentless number of hits coming in from the outside world is going to slow your web server down tremendously, and that's going to be very bad for business. SUMMARY To summarize, there are 3 broad uses for a name server. 1.) Primary/secondary name service - to provide answers to queries from people all over the world about domains that you are hosting and for which you are a primary or secondary name server. This server needs a powerful CPU and good bandwidth. 2.) Local user name service - to provide your local users with answers to queries for their surfing needs. This server needs a huge memory cache but doesn't need a terribly fast CPU, nor a lot of bandwidth. 3.) Local program name service - to provide local programs like mail and web servers with name service. This server needs a huge memory cache too and also a powerful CPU which has to do double duty in running the mail or web server AND the name server at the same time. But doesn't need any bandwidth at all because usually its on the same machine as the local program server that it is servicing. Homer