Create DNS Host (A) Records
What is DNS?
DNS stands for Domain Name System. Think of it as a filing system or database for all the domain names on the internet. What is a domain name? When you browse to a web address, such as k2.com, you instruct your computer to visit a particular domain - a human friendly representation of a particular location on the Internet. Locations are defined by IP addresses, and domains are tied to a particular IP address. These domain names are sometimes referred to as host names. Host names are not case sensitive and can contain alphabetic or numeric letters or the hyphen. A host name is also the name provided within a local network to each individual computer. Usually host names are used in reference to servers. Each organization that maintains a computer network has at least one server handling DNS queries. That server, called a Name Server, maintains a list of all the IP addresses within its network, plus a cache of IP addresses for recently accessed computers outside the network. Each computer on each network needs to know the location of only one name server.
Computer networks don't communicate in terms of names, but rather numbers. Each server that serves content, be it web sites, an email sever, a file server, etc. has a special number assigned to it, called an IP address (IP stands for Internet Protocol). A computer network has no idea what k2.com is or how to find it, but if you used the IP address of the site, it would understand what the connection should be. Therefore, there needed to be a way to translate the domain (a human understandable name like k2.com), into terms that the computer network would understand, one based on IP numbers. This is what DNS does. DNS is a system whereby we can keep a registry of human-readable names mapped to network-friendly numbers.
When visiting a website like k2.com, a browser checks to see if it has been there recently, in which case the IP address might be cached or stored locally on the computer. If the IP address cache is not found, the computer looks outside to DNS servers provided by the corporate network or Internet Service Provider (ISP). If those servers can't provide the information they in turn look to a server farther upstream on the Internet. These searches are forwarded up the line until they find the address or determine that it doesn't exist. If the address is available, it is then passed back to your browser. If not, a message telling the browser that the host name or domain is not available is sent.
How DNS works
So, how does the process work? How does a domain name, something humans understand, get translated into a IP number, something that computer networks will understand? As mentioned in the previous section, each domain has to have something called a name server. This is a server that is designated as authoritative for answering queries regarding the domain, communicating what number goes to what domain.
Where does the process start? Technically, “.com” is a domain. Every "." in the domain name is a separator representing a different level. Thus, when an Internet browser asks for the number assigned to k2.com, the computer network first has to go to the name server for the “.com” domain and request the name server for the "k2" domain under it. Theoretically there can be an infinite number of levels. We could ask for anthony.tom.bob.k2.com, and the computer would start from the right side of the domain name, ".com," and ask for the name server authoritative for each level. There does not need to be that many name servers in the search, for if the k2.com name server knew the IP address of anthony.tom.bob.k2.com, it could just send that information through the network and the process would stop. But, if it didn't have all the information, it would tell my computer where the next link in the chain was. If at any time the process hits a name server that is supposed to be authoritative for its level and that name server does not know where to direct the search, it will return an error. If there is no such domain as anthony.tom.bob.k2.com, then when the internet browser attempts to view the site, an error will be returned at whatever link of the chain the name servers have no information. Whenever a computer connects to the internet, your ISP gives that computer the IP addresses of special servers designed to answer enquiries from that computer about domains. These designated servers in turn get their information from ICANN.
ICANN and the Top Level Domains
ICANN stands for the Internet Corporation for Assigned Names and Numbers. All the concepts discussed above can be found in the ICANN's name, and thus we can infer that they manage the whole DNS process. ICANN sets up, manages and maintains all the authoritative name servers for the very top level domain, the domain that is to the farthest right of any address. These servers are always on and their addresses never change. Their only purpose is to start the whole search and convert procedure. These ICANN servers have a list of other servers, managed by different companies, which ICANN has authorized to be authoritative for the next step in the process, the "Top Level Domains" or TLDs. They would be the ".com", ".net", ".org", ".ac", etc. These servers are also referred to as ‘root servers’. ICANN is the organization at the very top of the tree, and they manage and delegate the whole name server process for everyone else.
Adding DNS Entries for your K2 Network
To set up the DNS, follow the below steps:
-
On the Domain Controller, open the DNS Management Console (Administrative Tools > DNS, or run dnsmgmt.msc, or find DNS in the Server Manager).
-
Expand the Forward Lookup Zones node, and add a New Host (A or AAAA) to your domain.
-
In the New Host window, enter in the appropriate name and IP Address, make sure the Create associated pointer (PTR) record check box is checked, and click Add Host.
If you are using a cluster, be sure to use the virtual IP address of the cluster.
Repeat the above steps for as many servers as you have in your K2 environment.
Forward and Reverse Lookup
Forward Lookup refers to the process of 'looking forward' from a hostname or domain name to lookup the IP address for it.
Reverse Lookup refers to the opposite process, finding the domain or hostname that relates to a known IP address.
DNS servers maintain forward and reverse lookup zones, with directories which facilitate this process. A forward lookup is used in the standard DNS queries described above. A reverse lookup is often used by e-mail servers to combat spam. When a message comes in, a server may also do a reverse lookup on the IP address the mail came from. If it doesn't match the domain name the e-mail claims to be coming from, the server may discard the message.
Caching
Once the computer or the DNS servers it has referred to have an IP for a domain or host name, it will 'cache' it, or hold the information for a period of time. This time will vary from system to system, but it is typically a fairly short time. The principal reason for the short time period is that IP addresses can change.
Fully Qualified Domain Name
A fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the Internet. The FQDN consists of two parts: the host name and the domain name. For example, an FQDN for a hypothetical mail server might be mymail.k2.com. The host name is mymail, and the host is located within the domain k2.com.
Understanding more about DNS Mapping
Domain name syntax
A domain name consists of one or more parts, technically called labels, that is delimited by dots, such as example.com. The following list provides the basic outline of DNS name syntax:
-
The right-most label conveys the top-level domain; for example, the domain name www.example.com belongs to the top-level domain com.
-
The hierarchy of domains descends from right to left – with each label to the left indicating a further subdivision, or subdomain of the domain to the right. For example: the label example specifies a subdomain of the com domain. The tree of subdivisions may have up to 127 levels.
-
Each label may contain up to 63 characters. The full domain name may not exceed a total length of 253 characters in its external dotted-label specification.
-
DNS names may technically consist of any character representable in an octet. However, the allowed formulation of domain names in the DNS root zone, and most other sub domains, uses a preferred format and character set. The characters allowed in a label are a subset of the ASCII character set, and includes the characters a through z, A through Z, digits 0 through 9, and the hyphen. This rule is known as the LDH rule (letters, digits, hyphen).
-
A host name is a domain name that has at least one IP address associated. For example, the domain names www.example.com and example.com are also host names, whereas the com domain is not.
DNS Resolvers
The client-side of the DNS is called a DNS resolver. It is responsible for initiating and sequencing the queries that ultimately lead to a full translation of the resource sought, e.g. the translation of a domain name into an IP address.
-
A non-recursive query is one in which the DNS server provides a record for a domain for which it is authoritative itself, or it provides a partial result without querying other servers.
-
A recursive query is one for which the DNS server will fully answer the query (or give an error) by querying other name servers as needed. DNS servers are not required to support recursive queries.
The resolver, or another DNS server acting recursively on behalf of the resolver, negotiates use of recursive service using bits in the query headers. Resolving usually entails searching in sequence through several name servers to find the needed information. However, some resolvers function more simply by communicating only with a single name server. These simple resolvers (called "stub resolvers") rely on a recursive name server to perform the work of finding information for them.
A DNS Example Record
A Resource Record (RR) is the basic data element in the domain name system. Each record has a type (A, MX, etc.), an expiration time limit, a class, and some type-specific data. Resource records of the same type define a resource record set. An example DNS configuration (with the most commonly used resource record types) is shown in the table below, with explanations of each of the record types in the following paragraphs:
A Records | |
example.com |
69.90.142.25 (a primary server) |
help.example.com |
69.90.142.26 |
CNAME Records |
|
vpn.example.com | Cr758341-a.ourisp.com |
files.example.com | example.com |
www.example.com | example.com |
MX Records | |
example.com | example.com (see below for more information) |
A Records / Host Records
The bread and butter behind the DNS system is the A Record. The A record (address record, or host record) maps a domain name to an IP address on the local network or on the Internet.
In this example, the network system is hosting example.com. Using a dynamic DNS tool, we could set our domain to be example.com and the IP address (69.90.142.25) will be automatically updated via dynamic DNS. For our vpn, we need to create a static A record with the IP address (69.90.142.26) associated with vpn.example.com.
So, we have two names mapped to IP addresses (A Records):
example.com - 69.90.142.25
help.example.com - 69.90.142.26
CNAME Records / Alias Records
CNAME Records (Canonical Name records) act as aliases for host names. Instead of mapping a domain name to an IP address (an A record) you can map a domain name to another domain name. In the example, you have:
files.example.com - example.com
www.example.com - example.com
vpn.example.com - Cr758341-a.ourisp.com
What are the advantages of CNAMEs? Multiple domain names can be mapped to one - sometimes dynamic - IP address. In our example, files.example.com and www.example.com will now be associated with example.com's IP address (a Dynamic DNS A record). In the case of the vpn, CNAMEs gives the options of changing a not-so-easy-to-remember-super-long domain name into something better.
MX Records / Mail Records
MX Records (Mail exchanger record) tells mail systems how to handle mail that is addressed to a particular domain. Like CNAME records, the MX record maps a domain name to another domain name.
In the example, we use our primary machine as a server for mail to xyx@example.com. Every MX record is tagged with a priority number. The MX record with the lowest number is the primary mail server. If the primary server is unavailable, the backup mail server (also called a “secondary mail server”) will queue the mail.