[plug] DNS resolution in detail

Leon Brooks leon at brooks.smileys.net
Sun Nov 15 07:41:40 WST 1998


John Summerfield wrote:
> > I've just had a domain registered and hosted through an ISP.  The ISP
> > said that the domain was set up, but it was not generally visible - only
> > from the ISP's domain.

> > Eventually it was fixed.  They said that Telstra (presumably as the root
> > nameserver for .org.au) was responsible for the delay.  Other reports
> > were that the problem was in the nameserver operation at the ISP.

> depends. Good chance it's the ISP - if he doesn't arrange the DNS for you,
> nobody will find you.

True. And these ISP fellows have "authority" for certain network name
domains, which means that they can add a sub-domain or individual name
pretty much instantly. For example, abc.com could put xyz.abc.com and
www.xyz.abc.com on the net pretty much instantly (everyone permanently
connected will see it within minutes) by simply changing their DNS
config files (probably in /var/named on your machine), including the
serial number, and doing a kill -HUP on the DNS process.

Of course, the fact that an address has been given a name doesn't mean
that there's actually a machine there, or that it will respond to any
particular service (www, mail etc).

> Somewhere in the IS there are the root DNS servers. They point to whoever's
> responsible for the .gov. .com. .org. .at, .au etc domains.

Start at http://www.internic.net/ and work your way out to the domain
you need. A shortcut is http://rs.internic.net/cgi-bin/whois?@@-dom
where @@ is replaced by your country code (so au-dom in thise case).

This leads you to http://www.aunic.net/ (not a hotlink, a cut-and-paste
job, wonder if there's a reason for that), at which point you can
register your own NIC handle and start slugging through the "paperwork"
for registering thingummy.org.au or whatever.

> if someone invents a new top level domain, it won't work untill the root
> servers are updated.

Before that, the domain name is automatically scanned against several
databases to see if it's a common word or the name of an existing
company. In the first case, it is refused, in the second, paper
authority is required.

The first time I did this, I learned a lot of picky details about my own
DNS setup (for example, the automatic checker doesn't like using CNAME
records for anything important), and spent a good quarter hour
re-arranging things to the program's satisfaction. Naturally, it's a
one-error-at-a-time situation. (-:

Then a human has to put an X in a box and click on OK, then within four
hours, in theory, the pointer to the ISP's DNS appears in the main
.com.au DNS.

> Doubtless they point of to someone who looks after .au for us, and it all
> starts again. The .au servers point off to com.au, .org.au etc - pretty
> much a clone of the US conventions.

> If you have a new domain, Shackleton.org.au perhaps, you (or your ISP) has
> to set up two DNSs for it and they have to be pointed to from .org.au.

> If either of those steps is not done, nobody can find you. if it was
> visible from the ISP's domain (without specifying which DNS to use), then I
> suspect your ISP's done something trick and isn't using the root servers
> properly.

No, the ISP can set up his own DNS more or less instantly, but the
outside world won't know the details until the appropriate root DNS
tells them to look there.

> It's possible to set up a DNS and to not tell the world about it; I use one
> at home to resolve my local LAN hosts and to look up addresses for external
> hosts (and to resolve IP addresses). 

It's even possible to set up a DNS that doesn't resolve to real
addresses. For example, there is a DNS set up to play adventure! You
start dnslookup, tell it to use that DNS as a server, query all types of
DNS record, and that your domain is "adventure."

You then type 1 to start, the DNS looks up "1.adventure" and prints the
associated text record, which has instructions including which numbers
to type to proceed or make a choice.

I don't have the address any more, but know who to ask if you're
interested.

> If someone configures their resolver
> to use my IP address for DNS lookups it will work and they'll be able to
> lookup IP addresses for my home computers.

Which, if they're 192.168.*.* numbers (or 10.*.*.* or whatever the
B-class one is), won't get them anywhere unless they're actually hooked
up to your network as well...

-- 
OK, I'm weird, but I'm saving up to be eccentric.


More information about the plug mailing list