Zones
The DNS standards do not specify the internal data structure that stores resource records, and various implementations differ. Generally, servers use zones stored on that server in plain text, but it is not required. With Windows 2000, you can integrate your DNS database with the Active Directory database, in which case the zones are stored in the Active Directory database.
One common implementation of DNS, the Berkeley Internet Name Domain (BIND) implementation, generally uses the file names shown in Table 5.5.
Table 5.5 Zone Names Used in BIND
Name |
Description |
---|---|
db. domain |
Forward lookup zone. For example, if your DNS domain is reskit.com, then this file is called db.reskit.com. |
db. addr |
Reverse lookup zone. For example, if your network is the class C network address 172.16.32 then this file is called db.172.16.32. |
db.cache |
Also known as the root hints file , this file contains the names and IP addresses for the name servers that maintain the root DNS domain. This file is essentially the same on all servers that use Internet root DNS servers, but must be modified for servers that use private root DNS servers. (A root DNS server is a DNS server that is authoritative for the root of the namespace.) |
db.127.0.0.1 |
Used to resolve queries to the loopback address. It is essentially the same on all name servers. |
The names of the database files are arbitrary and are specified in the configuration of the DNS server. By default, the Microsoft Windows 2000 DNS server does not use the same file names as a typical BIND DNS server but instead uses zone_name .dns. However, if you are porting DNS db files from another DNS server, you can configure the Microsoft Windows 2000 DNS server to use the BIND file names.
The following sections explain the contents of the zones and describe one additional file, the BOOT file, which is used by BIND servers, though not specified in the DNS standards.
Forward Lookup Zone
Forward lookup zones contain information needed to resolve names within the DNS domain. They must include SOA and NS records and can include any type of resource record except the PTR resource record.
Reverse Lookup Zone
Reverse lookup zones contain information needed to perform reverse lookups. They usually include SOA, NS, PTR, and CNAME records.
With most queries, the client supplies a name and requests the IP address that corresponds to that name. This type of query is typically described as a forward lookup .
But what if a client already has a computer's IP address and wants to determine the DNS name for the computer? This is important for programs that implement security based on the connecting FQDN, and is also used for TCP/IP network troubleshooting. The DNS standard provides for this possibility through reverse lookups .
If the only means to answer a reverse lookup were to conduct a thorough search of all DNS domains in the DNS namespace, the reverse query search would be too exhaustive to perform in any practical way.
To solve this problem, a special DNS domain called in-addr.arpa was created. This domain uses a reverse ordering of the numbers in the dotted-decimal notation of IP addresses. With this arrangement, administration of lower limbs of the in-addr.arpa domain can be delegated to organizations as they are assigned their class A, B, or C IP network IDs. For more information about creating classless reverse lookup zones, see "Windows 2000 DNS" in this book. See also RFC 2317, "Classless IN-ADDR.ARPA delegation."
Figure 5.5 shows a branch of the in-addr.arpa namespace.
Figure 5.5 In-addr.arpa Namespace
The in-addr.arpa domain tree requires PTR resource records to store and provide reverse mappings for IP addresses of their corresponding FQDNs.
If a client needs to find the FQDN associated with the IP address 172.16.44.1, the client queries for the PTR record of the 1.44.16.172.in-addr.arpa domain name.
Inverse Queries |