Lesson 2:?Understanding Name Resolution
Name resolution is the process of resolving names to IP addresses. It is similar to looking up a name in a telephone book, in which the name is associated with a telephone number. For example, when you connect to the Microsoft Web site, you use the name www.microsoft.com. DNS resolves www.microsoft.com to its associated IP address. The mapping of names to IP addresses is stored in the DNS distributed database.
DNS name servers resolve forward and reverse lookup queries. A forward lookup query resolves a name to an IP address, and a reverse lookup query resolves an IP address to a name. A name server can only resolve a query for a zone for which it has authority. If a name server can't resolve the query, it passes the query to other name servers that can. The name server caches the query results to reduce the DNS traffic on the network.
After this lesson, you will be able to
- Explain the name resolution process
Estimated lesson time: 10 minutes
Forward Lookup Query
The DNS Service uses a client/server model for name resolution. To resolve a forward lookup query, which resolves a name to an IP address, a client passes a query to a local name server. The local name server either resolves the query and provides an IP address or queries another name server for resolution.
Figure 5.3 represents a client querying the name server for an IP address of www.microsoft.com.
Figure 5.3??Resolving a forward lookup query
The numbers in Figure 5.3 depict the following activities:
- The client passes a forward lookup query for www.microsoft.com to its local name server.
- The local name server checks its zone database file to determine whether it contains the name-to-IP address mapping for the client query. The local name server does not have authority for the microsoft.com domain, so it passes the query to one of the DNS root servers, requesting resolution of the host name. The root name server sends back a referral to the com name servers.
- The local name server sends a request to a com name server, which responds with a referral to the Microsoft name servers.
- The local name server sends a request to the Microsoft name server. Because the Microsoft name server has authority for that portion of the domain namespace, when it receives the request, it returns the IP address for www.microsoft.com to the local name server.
- The name server sends the IP address for www.microsoft.com to the client.
- The name resolution is complete, and the client can access www.microsoft.com.
Name Server Caching
When a name server is processing a query, it might be required to send out several queries to find the answer. With each query, the name server discovers other name servers that have authority for a portion of the domain namespace. The name server caches these query results to reduce network traffic.
When a name server receives a query result, the following process takes place (see Figure 5.4):
- The name server caches the query result for a specified amount of time, referred to as Time to Live (TTL).
The zone that provided the query results specifies the TTL. The default value is 60 minutes.
- After the name server caches the query result, TTL starts counting down from its original value.
- When TTL expires, the name server deletes the query result from its cache.
Caching query results enables the name server to resolve other queries to the same portion of the domain namespace quickly.
Figure 5.4??Caching query results
Shorter TTL values ensure that data about the domain namespace is more current across the network. However, shorter TTL values cause the cached values to expire sooner and increase the DNS traffic. A longer TTL value causes the cached values to be retained longer, which decreases the DNS traffic but increases the risk of the entries becoming stale. If a change does occur, the client doesn't receive the updated information until the TTL expires and a new query to that portion of the domain namespace is resolved.
Reverse Lookup Query
A reverse lookup query maps an IP address to a name. Troubleshooting tools, such as the nslookup command-line tool, use reverse lookup queries to report back host names. Additionally, certain applications implement security based on the ability to connect to names, not IP addresses.
Because the DNS distributed database is indexed by name and not by IP address, a reverse lookup query would require an exhaustive search of every domain name. To solve this problem, in-addr.arpa was created. This special second-level domain follows the same hierarchical naming scheme as the rest of the domain namespace; however, it is based on IP addresses, not domain names, as follows:
- Subdomains are named after the numbers in the dotted-decimal representation of IP addresses.
- The order of the IP address octets is reversed.
- Companies administer subdomains of the in-addr.arpa domain based on their assigned IP addresses and subnet mask.
For example, Figure 5.5 shows a dotted-decimal representation of the IP address 192.168.16.200. A company that has an assigned IP address range of 192.168.16.0 to 192.168.16.255 with a subnet mask of 255.255.255.0 has authority over the 16.168.192.in-addr.arpa domain.
Figure 5.5??The in-addr.arpa domain
Here are some questions to help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."
- What is a forward lookup query and how is it resolved?
- In DNS name resolution, which of the following statements about Time to Live (TTL) are correct? (Choose all answers that are correct.)
- TTL is the length of time a query can exist before it is resolved or discarded.
- Shorter TTL values help ensure that data about the domain namespace is more current across the network.
- Longer TTL values increase the amount of DNS traffic.
- Longer TTL values cause the cached values to be retained longer.
- Which of the following statements about DNS name and address resolution are correct? (Choose all answers that are correct.)
- The DNS distributed database is indexed by both names and IP addresses.
- The top-level domain in-addr.arpa is used for both forward and reverse queries.
- In the in-addr.arpa domain the order of the IP address octets is reversed.
- Troubleshooting tools, such as the nslookup command-line tool, use reverse lookup queries to report back host names.
- Name resolution is the process of resolving names to IP addresses. The mapping of names to IP addresses is stored in the DNS distributed database.
- A forward lookup query resolves a name to an IP address, and a reverse lookup query resolves an IP address to a name.
- Name servers cache query results to reduce DNS traffic on the network.
- The DNS distributed database is indexed by name and not by IP address, so in-addr.arpa, a special second-level domain, was created. It is based on IP addresses instead of domain names.