|
||||||||
Internet > How
the Internet works > Domain
Name System >
Domain Name Servers
The Domain Name System (DNS) servers distribute the job of mapping domain names to IP addresses among servers allocated to each domain. Each second-level domain must have at least one domain name server responsible for maintenance of information about that domain and all subsidiary domains, and response to queries about those domains from other computers on the Internet. For example, management of domain name information and queries for the LivingInternet.info domain is handled by a specific DNS server that takes care of the load required. This distributed architecture was designed to enable the Internet to grow, where as the number of domains grew, the number of DNS servers can grow to keep pace with the load. Today, everyone who registers a second-level domain name must at the same time designate two DNS servers to manage queries and return the current IP address for addresses in that domain. The primary domain name server is always consulted first, and the secondary domain name server is queried if the primary doesn't answer, providing a backup and important support to overall Internet reliability. The application that underlies almost all DNS server software on the Internet is a free open source software program called BIND, currently maintained by the Internet Systems Consortium. When your computer was added to the Internet, one of the initial setup tasks was to specify a default domain name server, usually maintained by your local Internet Service Provider, and almost certainly a variant of the BIND server software. When your computer tries to access a domain like "www.LivingInternet.info", the domain name system works like this:
Security. There are a range of good security practices built in to the design of the DNS, although versions of the BIND server software itself have periodically been found to be vulnerable, often through buffer overrun attacks. If you run DNS server software, you should always make sure it is up-to-date with the latest version and patches. DNS server vulnerabilities typically affect the systems running the servers, which is generally Internet Service Providers, and so are not a direct threat to the home user unless you are running one at home. A major extension to security of the DNS was introduced in 1997 with the DNS Security (DNSSEC) standard described in RFC 2065, updated in 1999 with RFC 2535, which provided DNS servers with secure data integrity and system authentication through the use of public key cryptography digital signatures. Resources. The following references provide additional information about DNS servers:
|