DNS and BIND
Unit: Unix for Telecommunications HET306
Due date:14th April 2011
Date submitted:14th April 2011
Abstract—This document provides information about Mail servers ,ftp programs, ssh all use DNS virtually.
DNS(Domain Name System) and functionality of DNS in ,
the network. b) Functionality: A DNS system is divided into
domains and subdomains. DNS is a logically divided hi-
I. I NTRODUCTION erarchical structure.this domain name structure is called
namespace DNS namespace is like a tree of named
DNS and BIND are distributed database systems. they domains. A domain may have subdomain. For example
are the core of an internet connection and web browsing http://Hello.example.com Domain is a subdomain of
.user will not be able start browsing internet without http:/example.com. Domains are referred as levels. There
using these systems. DNS and BIND are fundamental are total seven top-level domain which are sub-domains
building blocks of internetworking thus it is important or second-level Childs of root domain like in Unix ﬁle
to understand the way of DNS and BIND behave.how system which is also hierarchal root is on the top of
and why they were deployed in internet? Today number all ﬁle system, root in DNS is on the top managed by
of hosts on internet increasing exponentially thus ,how internet root servers.
DNS and BIND fulﬁll their requirements with efﬁciency DNS protocol works with different functions. The most
and accuracy? common function of DNS protocol is DNS Query, which
The following document provides an information about consist od request and reply. The query request for
distributed database system. additionally, this document Resource record from DNS database. The reply could be
also provides information about dynamic DNS and im- ultimate answer iteration or denial if requested record is
portance of DDNS, to serve increasing number of hosts not found.
on internet, DNS and BIND security, multi-user func- ,,
tionality and two different type of scripts to design DNS Further more, A Domain information(database) is
and BIND application.also, Issues and requirements as- stored in a name server, the name server stores informa-
sociated with two types of scripts. tion about some part of domain referred as Zone.thus,
the domain information can be stored into one name
II. DNS server or can be divided into independent name servers
a) Overview: DNS(Domain Name Systems) pro- for some subdomains. If the subdomains are further
vides a mapping from a names to internet addresses. divided into subordinates zones than the subordinates
Instead of using hostnames user can type IP address to zones will be managed by subdomains name servers and
communicate with any device. But it will be difﬁcult for the domain and subdomains will be administered by the
user to remember ip addresses thus DNS was designed to original name server. To elaborate further, let’s look at
make users lives easier. DNS consist of string separated the example of xyz.com domain. The xyz domain is ﬁrst
by dots called FQDN(fully qualiﬁed domain name). the administered by one name server. xyz is conﬁgured as
highest authority is referred as root domain expressed as a single zone. Now, xyz is subdivided to ”abc” those
dot(.) in DNS. subdomains needs to be delegated by separate zone
Moreover, DNS is just not used for mapping hostnames. means database or information for abc.xyz.com will be
But also provides all kind of information, advertise those managed by separate name server in separate zone away
information about hosts. The DNS database is distributed from xyz name server. If information for abc is not stored
world wide. DNS database contains records called ”Re- in separate name server than the subdomain information
source Record (RR)”.Each part of DNS database is will be part of xyz’s name server.
called ”zone” stored in particular ”name server”. ,
DNS Queries 
DNS protocol performs different functions. The most d) Implementation: DNS Database is a core of
common function of DNS protocol is DNS Query, DNS.DNS servers handle databases. When user request
which consist od request and reply. The query request for particular record from the database DNS protocol
for Recourse record from DNS database. The reply searches the Resource Records(RR) ﬁles stored in
could be ultimate answer iteration or denial if requested primary DNS server’s local hard drive. These ﬁles
record is not found. There are three types of DNS are called DNS Databases.DNS database may contain
queries as below:. different types of records as below:
SOA record: Authoritative data must start with the SOA
record. SOA indicates that this name server is best
• Recursive queries
source of information. there is always one SOA record
In recursive query DNS server will try to answer
in a zone database ﬁle.
with full reply or else it will give an error.
Brief description of ﬁeld in SOA record.
• Iterative queries In Iterative query DNS server will
partially answer a query of else reply with an error.
• Inverse queries Inverse queries support is optional • Name
and reply from DNS server is NOT IMPLE- zone domain name.
MENTED. ineverse queries are not used to ﬁne host • ttl
name to give domain name. Duration for record in second for when record will
c) Implementation: DNS Database is a core of • class
DNS.DNS servers handle databases.when user request Deﬁne the class of record normally which is
for particular record from the database DNS protocol IN=internet.
searches the Resource Records(RR) ﬁles stored in • name server
primaray DNS server’s local hard drive.these ﬁles Name of authoritative domain.
are called DNS Databases.DNS database may contain • email-addr
differen types of records as below: Responsible person email address.
• sn-serial number
Name server stores information about translation of when the zone updates the value will increment by
computer names to IP addresses. name server takes care one. Slave uses this value to initiate zone transfer
of curtains parts of computer names. Which is called from master if the value for master is higher than
zone. There are mainly two types of name servers, salve.
primary name server and secondary name server. in • refresh
primary name server zone database is saved on local refresh is also used by slave when this value expires
host. Secondary name server acquires zone database slave will fetch data from master.
from primary name server at regular interval of time. • retry
Which is called zone transfer. there is one more name If slave can not contact master retry will begin
server called master name server. Normally master normally after 180 seconds hold time.
server is primary server but that’s not required. • expiry
Types of DNS servers expiry is used by slave server. After expiry slave do
not respond to any query from master.
1) Master(Primary) DNS server 
Master can have one or more zone ﬁles. When Next entry is DNS record server: this entry deﬁnes
master receive query for authorized zone than reply the authoritative name server for a zone. There could
as ”Authoritative. Master NOTIFY slave if there is be one or more name servers for a zone.
any zone changes. A record: Address record assigns ip address to domain
2) Slave(Secondary) DNS server names of a computer.
Slave is performs zone transfer to fetch data from CNAME record: CNAME records are used to assign
master. aliases for a domain names.
3) Caching name server MX record: Mx record is used for the mail server
4) Forwarding name server for a domain.MX record hides the name of the mail
5) Stealth name server server.MX record use the priority to send mail to domain.
6) Authoritative name server
PTR record: this are reverse zone ﬁles. PTR records New version of BIND(version 8.1 and onwards)
translate an IP address to domain name. The address is supports dynamic update, DNS notiﬁcation with new
reversed and appended with in-addr.arpa. , conﬁguration ﬁle and syntax. more efﬁcient zone
e) Dynamic update: Now a days, dynamic DNS is transfer, improved performance for server and other
essential since the growth of hosts in internetworking. bugs were ﬁxed in new version of BIND. Security was
Dynamic updates are essential by DNS client while improved with support of new version of IPv6.
client changes location and uses DHCP to obtain an IP BIND server uses port 53 to access network. Both
address. DNS client need to register and update resource reliable and non-reliable protocols TCP and UDP are
records with DNS server. Dynamic updates reduce the used by BIND respectively. queries are made by UDP.
overhead for manual maintenance for zones records. if the responses are too large than TCP is used for
Additionally, zone ﬁles would not take effect until reliability.
server is restarted and also slave can not access data
from master with out zone transfer.to solve this problem g) Implementation: Old version: A name server
dynamic DNS update was necessary. BIND is implemented as emphnamed program. Zone
database ﬁles are stored in a conﬁguration ﬁle called
”Full Zone Transfer Process: To perform a zone named. Boot. the named. Boot ﬁle loads zone database
transfer, the secondary name server queries the primary ﬁle in to cache from the disk.the database ﬁles are stored
name server to determine if any changes have been in a namedb ﬁle inside a named. Boot conﬁguration
made to the zone. The query is based on data in the ﬁle.
primary server? @ Ys SOA record: the Serial Number, directory /etc/namedb
and the interval speci? Aed by the Minimum TTL value. primary:Specify the primary name server for the zone
The secondary server downloads all RRs even if there stated and the relevant database in a text ﬁle stated.
are only a few modiﬁed records. Primary and secondary secondary:Specify the secondary name server for the
name servers are typically out of synchronization by zone stated and the ip address of the server from which
approximately one hour. Incremental Zone Transfer the data will be transferred. the last parameter will
Process: be the name of ﬁle where the transferred data will be
If the primary name server supports the NOTIFY and stored.
Incremental Zone Transfer (IXFR) protocol, then the cache: cache ﬁle is where the information about root
primary name server can NOTIFY the secondary name servers should be copied from to the memory.
server that a portion of its data has changed. After Forwarder:forwarder server will handle the query from
receiving the NOTIFY command, the secondary name local name server.
server can request only the data that has changed from
the primary using the IXFR command.” h) Implementation: New version:
Dynamic update is prone to security threat , if not • Zone Vs. Domains
properly implemented.BIND provide ACL(Access con- • Types of name servers
trol list) which is helpfull to permit or block ip addresses. • Zone Transfers
To secure server to server transfer use TKEY.TKEY 1) Delegation
uses shared secret which is called key exchange between Administrators can subdivide domains into
master and slave. subdomains to delegate responsibility to man-
DNSSEC is public or private Key Authentication. age them. creation of subdomain is like cre-
citePRO:DNSandBIND ating a new administration thus domain and
subdomain can be managed by different ad-
III. BIND ministration. delegation of domain to subdo-
f) Overview: BIND is a client-server software main is called zones.
system. Client in BIND is called Resolver , which 2) Zone Vs. Domains
sends query for domain name and server which is Zone is a part of domain. For example
called daemon in unix, which replies a query. BIND is domain string.com contains all data for
an implementation of DNS and it is widely use DNS string.com,abc.string.com but zone string.com
software on internet. BIND is open source sofware. contains information for string.com only
BIND is similar to name server called ”named” in managed by authoritative name server for the
must be updated to map the hostname to IP address.
3) Types of name servers For this purpose DHCPD and BIND will be working
Name servers stores database about name together.
space in units of zones.to ensure redundancy
there are more than one name server
COMMAND LINE TOOLS FOR DYNAMIC UPDATE
authoritative for same zone.
To enable dynamic update edit conﬁguration ﬁle called
Master name server loads data for a zone
from a ﬁle on a disk.
Create a key using dnssec-key(” DNSSEC was
Slave name server loads data for zone from
designed to protect the Internet from certain attacks,
primary name server.
such as DNS cache poisoning. It is a set of extensions
to DNS, which provide: a) origin authentication of
4) Zone Transfers
DNS data, b) data integrity, and c) authenticated denial
Slave servers fetch zone database from author-
of existence.”) generator this command will c these
itative name server using zone transfer. Master
keys are used to secure communication between
server may notify slave server when new data
DHCPD and named.
is available. Data is transferred using TCP
put this key into global portion of named.conf.
next step is to allow updates for all zones in
named.conf. This information is for dhcp.
i) Dynamic update: Manual approach to edit re-
last step is to restart named server which should be
source records and updating zone ﬁles for large organi-
able to push dynamic updates to the DNS server.
zation is cumbersome and after updating ﬁles manually
to test the updates use the nsupdate command.
needs to restart BIND server is time consuming. Today,
addresses are assigned by DHCP on all type of internet
IV. M ULTI - USER FUNCTIONALITY
connection thus DNS has to support. of records. RFC
2316 introduce this mechanism called DNS dynamic To allow access to the customers to update their own
update. entry using script ,jail need to be created. Jail is a
Dynamic update can be performed without restarting software that allow user to access recourses outside a
server using external application. Only drawback using limited area by keeping security in mind. Jail is created
external application to update is new domain can not using chroot()(change root),BIND will live inside this
be created dynamically.to secure DDNS updates it is chroot().now, move named.conf and zone ﬁle under
essential to use TSIG/TKEY authentications. The up- chroot jail thus BIND can have access to them. Once
dates can be allowed to hosts using allw-update in BIND the BIND is inside the chroot directory it will not have
named.conf ﬁle. access to outside ﬁles. Next step is to create user or
As mentioned earlier domain can not be created using group and restrict user as require.
standar dynamic approach , to overcome this problem Using web page(CGI) approach is much easier to
major database like (MYSQL,LDAP) can be used to add permit user to add, remove and delete entries. in CGI
new domain without restarting BIND. user speciﬁc web pages can be created based on their
As described in RFC 2316 DDNN supports administrator input. Reply will be based on user submission of
to add and delete records from a authoritative zone information. create html textbox ,buttons for add
name server. this task is done by retrieving zone NS remove and delete entries using CGI interface.
record. If the update message received by name server
is not from primary master for the zone, it forwards V. C OMMAND - LINE S CRIPTS
update ”UPSTREAM” to primary master, this process is Command-line script is simply collection of executable
called ”update forwarding”. slave server also use update operating system commands put into text ﬁle in
forwarding to copy all zone data from primary master. sequence they are needed for execution.in UNIX world
Once the primary master performs thr dynamic update , it is called shell script. There are three versions of shell
slaves update their data via zone transfer. ,Bourne shell(sh),C shell(csh) and ”korn shell”. korn
Using dynamic update , updater can also add or delete she shell is a default program when user logs in but
individual resource records, set of resource records with user can change to different shell using chsh command.
same domain name. For the most part, dynamic update shell is a user interface program. shell reads line from
comes in a scene where IP addresses are assigned by either ﬁle or terminal, interprets them and generally
DHCP to DNS client thus the DNS server for that client executes other commands and provide input, output,
decision making, variable storage and so on. This is Adding domains dynamically is pssible and imoroving
call shell programming. Shell programming is like with different databases. managing users is possible
other programming language, which performs speciﬁc and giving privileges with keeping security can be
tasks.it is excellent for system-management task.as performed using different database and webservers.
mention earlier shell program is like other Easy to manage DNS and BIND server using various
programming language and so memory can be graphical user interfaces and programming scripts.
allocated to variable as like other programming
language. type of variable could be any type. Variable R EFERENCES
do not have to be declare in Bourne shell. For loop,  A. Dostalek, Libor Kabelova, “Dns in action,” April 2006.
while loop and functions can also be written in shell  P. Liu, Cricket; Albitz, “Dns and bind,” Feb 2009.
script. Few commands are very useful in UNIX utility  [Online]. Available: http://technet.microsoft.com/en-
for example grep, tr, expr and cut. us/library/default.aspx
 PRO DNS AND BIND, 2003-2011. [Online]. Available:
”Unix is full of text manipulating utilities, some of the http://www.zytrax.com/books/dns/
more powerful of which we will now discuss in this  “Understanding dns,” January 2007.
section of this tutorial. The signiﬁcance of this, is that  “Conﬁguring bind is available at
virtually everything under Unix is text. Virtually http://linuxvm.org/present/share102/s9261hpa.pdf.”
 “Dns and bind 4th edition,” 2002.
anything you can think of is controlled by either a text  “http://www.dnssec.net/.”
ﬁle, or by a command-line-interface (CLI). The only  “A bourne shell programming,” 2000-2001. [Online]. Available:
thing you can’t automate using a shell script is a http://steve-parker.org/sh/sh.shtml
GUI-only utility or feature. And under Unix, there
aren’t too many of them!”  Program interpretation is
slow and needs to launch other programs for execution.
syntax errors are likely in command line scripts.
CGI stand for common Gateway Interface. CGI is used
to create web pages. CGI can fetch data from databases
and other documents. CGI loads wen contents
dynamically. CGI script is used to queries database or
submit a form. CGI acts as a interface between browser
and server to read data and to generate response.CGI
script is used with perl programming language.
CGI program can be written in any language.CGI
function is very simple, reading a data submitted by a
user via an html form, proceessing data and returnig
response in html format.In unix to distribute database
to world and allow user to query unix database, there
could be CGI script used by web deamon to transmit
information to database , and result can be displayed to
user.Implementation of CGI script is difﬁcult.there are
some security issues with CGI scripts. 
Advantages of using CGI, it is open source.they run on
web server, calculate counts and monitor web trafﬁc.
user speciﬁc webpage can be created. Disadvantages of
using CGI, since CGI runs on web server the load on
web server increases.
VII. C ONCLUSIONS
Conclusively, DNS and BIND are essential for present
internet world and it has also improved with current
version of ineternet protocol IPv6. DDNS plays
important role for updating informations.