[tlug] DNS [was: dhcp.conf]

["Stephen J. Turnbull" <stephen@example.com>]

*sigh*  As long as we're opening up worm cans ....  More archival spew.

Scott Robbins writes:

 > > # Sample dhcpd.conf
 > > 
 > > # option definitions common to all supported networks...
 > > #option domain-name "linuxhelp.ca";
 > > ??I don't have a domain on this box so no need I think
 > 
 > In general, those who set up a DHCP server would probably use one, even
 > if it's just used locally, that is, on your internal LAN (Local Area
 > Network.)

I don't know if it's actually required, but if you've got as few as
three or four hosts it's definitely convenient to be able to run a
nameserver just for the mnemonic of using host names rather than IP
addresses.  There are some services that require a nameserver, as
well.  In that case you'll want to be able to distinguish inside from
outside, and that means you need a domain name.

 > > 
 > > # Your name servers. You can normally find these in 
 > > # your /etc/resolv.conf file. These will be distributed to all DHCP 
 > > # clients.
 > > option domain-name-servers 10.1.1.1, 65.39.196.215, 65.39.192.130;
 > > 
 > > ?? what is 10.1.1.1????  I have two entries 210.230.70.2
 > > 210.230.70.3 plus a name "rosenet.ne.jp"

Be precise.  Presumably you're talking about resolv.conf, but that's
not obvious.  And for something that short you should give the whole
file, like:

/etc/resolve.conf:
domain sk.tsukuba.ac.jp
# Generated by dhcpcd for interface eth0
nameserver 130.158.97.253
nameserver 130.158.68.21

<ahem> There's a third keyword, "search", which takes a list of
domains (whitespace-separated).  Presumably you have a "domain" entry,
not a "search" entry.  They behave differently (see below).

Now, there are several different types of Internet addresses.  First,
there are the usual public addresses such as 130.158.97.253, nominally
divided into three size classes (the size is the number of addresses
in the network block) according to the leading bits.  There are
network addresses ending in "0", such as 130.158.97.0 which have no
meaning as host addresses, but are used to "name" networks.  There are
broadcast addresses ending in all 1 bits, such as 130.158.98.255,
which are used to send a single message to all hosts on the
corresponding network.  There are "multicast" addresses starting with
224 IIRC, which are used to send a single message to a defined group
of hosts on the Internet.

Finally, there are private networks (which overlap with the functional
definitions above).  There is the localhost set of addresses beginning
with 127 (I'm not sure what anything except 127.0.0.1 is used for, but
all 16 million of those addresses are reserved).  Then there are the
nontrivial private networks: 256 networks of the form 168.192.x.0, 16
networks of the form 172.x.0.0, and one network of the form 10.0.0.0.
The corresponding broadcast address is 10.255.255.255, ie, you can put
up to 16 million hosts on that network.

What does it mean to have a "private" network?  Simply that these
addresses will never be assigned to a host visible on the public
Internet.  You will never (if everybody follows the rules) type "host
www.yaseppochi-gumi.net" and get an address of the form 10.1.1.1
(unless you're connected to Skinny Boy Associates' internal net).  A
properly configured Internet router will never forward a packet to an
address of the form 10.1.1.1.  By the same token, you can discard all
packets from 10.1.1.1 that come from the Internet at the firewall,
since there's no legitimate way to reply to one.  From the point of
view of the Internet, the address 10.1.1.1 doesn't exist!  (These
rules are defined in RFC 1918.)

What this means is that if you have a LAN with several hosts on it,
but you do not have permanently allocated addresses for all of them,
you can still use Internet technology such as routers, gateways, and
DNS as long as you use the private network space.  Of course you have
to keep track of which numbers you use (nontrivial for large private
networks!), but you don't have to worry about collisions (unless you
get merged with another entity with a private network, and need to
merge the networks, too).  You can also use these for VPNs spread
across the Internet.

So it is very common to see people with a single public address
supporting a network of a couple of dozen machines.  The gateway
machine gets the public address on one interface (eg ppp0 in the bad
old days) and a private address on others (often 168.192.0.1 on eth0);
the other machines on the LAN also get 168.192.0.x addresses with x in
the range 2-254.

Evidently the example dhcpd.conf (which has assigned Internet
addresses; you can look them up with host) is for such a network, but
it uses the 10.0.0.0 network internally.  Then 10.1.1.1 is the
internal nameserver; the 65.x.y.z addresses are external nameservers.

 > This would have been a sample to show syntax.

I think probably the example is real. ;-)

 > > ??does rosenet.ne.jp translate into a number somehow using a
 > > command like host or um forgot the other reverse lookup

Go ahead, try "host rosenet.ne.jp".  You won't hurt anything. :-)
Even if you don't understand the reply, you may discover a useful
question.  (The other command you're thinking of may be "whois".)

However, in general the answer is "No".  It might translate to a host,
or to a network, but it need not, since a large domain is likely to be
spread across several networks.  So what is "rosenet.ne.jp"?  Consider
the telephone system.  If you want to call me, you might start by
calling 104 (the "root server"; you just have to know that number, and
the same is true on the Internet).  They'll tell you the number of
Tsukuba U., which you call.  The university operator tells you my
number, which in my case will be the same city code/prefix
(029-853-xxxx) as the operator, but need not be (Tsukuba U. has a
branch campus in Tokyo, which obviously will be an 03 city code).

Similarly, to find the name server for .jp, you contact the well-known
root server.  Then you ask .jp for a nameserver for .ne.jp, that
nameserver for .rosenet.ne.jp's nameserver, and finally rosenet's NS
for the address of www.rosenet.ne.jp.

The use in resolv.conf is somewhat different, however.  The process of
resolving a fully-qualified domain name (ie, one corresponding to a
host) is transparent to user software.  In fact, you ask a local
nameserver for help, and it does the legwork of climbing the tree to
the root [sic] and back down to the branch you want to go to.  You
just say "host www.rosenet.ne.jp", and the DNS answers
"www.rosenet.ne.jp has address 61.213.205.54".  So what is the domain
in resolv.conf for?

It allows abbreviation, that's all.  If you say "host www" and your
resolv.conf has "rosenet.ne.jp" in it, then the DNS will first try to
find a host named "just plain" "www" on the Internet, and fail.  If
that fails, it will try "www.rosenet.ne.jp", then "www.ne.jp", and
finally "www.jp" before giving up.  (You can short-circuit the search
process by ending the domain name with a period, eg, "host www.".)
The "search" keyword specifies a path exactly; the members of the path
are not decomposed and searched piecewise.  Ie if resolv.conf contains

search rosenet.ne.jp

then "host www" tries "www." and "www.rosenet.ne.jp." then gives up.
To get the effect of the domain keyword, you need

search rosenet.ne.jp ne.jp jp

(NB, I was lazy and the description above is not quite correct; see
the man page for resolv.conf for details.)