DNS and Name Resolution

  • DNS is also referred to as BIND (Berkeley Internet Name Domain)
    • An implementation of DNS,
    • Most popular DNS application in use.
    • Name resolution is the technique that uses DNS/BIND for hostname lookups.

DNS Name Space and Domains

  • DNS name space is a
    • Hierarchical organization of all the domains on the Internet.
    • Root of the name space is represented by a period (.)
    • Hierarchy below the root (.) denotes the top-level domains (TLDs) with names such as .com, .net, .edu, .org, .gov, .ca, and .de.
    • A DNS domain is a collection of one or more systems. Subdomains fall under their parent domains and are separated by a period (.). root of the name space is represented by a period ( - redhat.com is a second-level subdomain that falls under .com, and bugzilla.redhat.com is a third-level subdomain that falls under redhat.com.

  • Deepest level of the hierarchy are the leaves (systems, nodes, or any device with an IP address) of the name space.
    • a network switch net01 in .travel.gc.ca subdomain will be known as net01.travel.gc.ca.
    • If a period (.) is added to the end of this name to look like net01.travel.gc.ca., it will be referred to as the Fully Qualified Domain Name (FQDN) for net01.

DNS Roles

A DNS system or nameserver can be a

  • primary server
  • secondary server
  • or client

Primary server

  • Responsible for its domain (or subdomain).
  • Maintains a master database of all the hostnames and their associated IP addresses that are included in that domain.
  • All changes in the database are done on this server.
  • Each domain must have one primary server with one or more optional secondary servers for load balancing and redundancy.

Secondary server

  • Stores an updated copy of the master database.
  • Provide name resolution service in the event the primary server goes down.

Client

  • Queries nameservers for name lookups.
  • DNS client on Linux involves two text files.
    • /etc/resolv.conf

/etc/resolv.conf

  • DNS resolver configuration file where information to support hostname lookups is defined.
  • May be edited manually with a text editor.
  • Referenced by resolver utilities to construct and transmit queries.

Key directives

  • domain

  • nameserver

  • search

    Directive Description

domain

  • Identifies the default domain name to be searched for queries

nameserver

  • Declares up to three DNS server IP addresses to be queried one at a time in the order in which they are listed. Nameserver entries may be defined as separate line items with the directive or on a single line.

search

  • Specifies up to six domain names, of which the first must be the local domain. No need to define the domain directive if the search directive is used.

Sample entry

  domain                              example.com

  search                              example.net example.org example.edu example.gov

  nameserver                          192.168.0.1 8.8.8.8 8.8.4.4

Variation

  domain                              example.com

  search                              example.net example.org example.edu example.gov

  nameserver                          192.168.0.1

  nameserver                          8.8.8.8

  nameserver                          8.8.4.4
  • Entries are automatically placed by the NetworkManager service.
[root@server30 tmp]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 2001:578:3f::30
nameserver 2001:578:3f:1::30
  • If this file is absent, the resolver utilities only query the nameserver configured on the localhost, determine the domain name from the hostname of the system, and construct the search path based on the domain name.

Viewing and Adjusting Name Resolution Sources and Order

/etc/nsswitch.conf

  • Directs the lookup utilities to the correct source to get hostname information.

  • Also identifies the order in which to consult source and an action to be taken next.

  • Four keywords oversee this behavior

    • success
    • notfoundq
    • unavail
    • tryagain

    Keyword Meaning Default Action

success

  • Information found in return (do not try the source and provided to next source) the requester.

notfound

  • Information not found continue (try the next in source source).

unavail

  • Source down or not continue (try the next responding; service source) disabled or not configured.

tryagain

  • Source busy, retry continue (try the next later source).

Example shows two sources for name resolution: files (/etc/hosts) and DNS (/etc/resolv.conf).

hosts:files    dns
  • Default behavior
  • Search will terminate if the requested information is found in the hosts table.

Instruct the lookup programs to return if the requested information is not found there:

hosts:files [notfound=return] dns
  • Query tools available in RHEL 9:
    • dig
    • host
    • nslookup
    • getent

dig command (domain information groper)

  • DNS lookup utility.
  • Queries the nameserver specified at the command line or consults the resolv.conf file to determine the nameservers to be queried.
  • May be used to troubleshoot DNS issues due to its flexibility and verbosity.

To get the IP for redhat.com using the nameserver listed in the resolv.conf file:

[root@server10 ~]# dig redhat.com

; <<>> DiG 9.16.23-RH <<>> redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9017
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;redhat.com.			IN	A

;; ANSWER SECTION:
redhat.com.		3599	IN	A	52.200.142.250
redhat.com.		3599	IN	A	34.235.198.240

;; Query time: 94 msec
;; SERVER: 172.16.10.150#53(172.16.10.150)
;; WHEN: Fri Jul 19 13:12:13 MST 2024
;; MSG SIZE  rcvd: 71

To perform a reverse lookup on the redhat.com IP (52.200.142.250), use the -x option with the command:

[root@server10 ~]# dig -x 52.200.142.250

; <<>> DiG 9.16.23-RH <<>> -x 52.200.142.250
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;250.142.200.52.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
250.142.200.52.in-addr.arpa. 299 IN	PTR	ec2-52-200-142-250.compute-1.amazonaws.com.

;; Query time: 421 msec
;; SERVER: 172.16.10.150#53(172.16.10.150)
;; WHEN: Fri Jul 19 14:22:52 MST 2024
;; MSG SIZE  rcvd: 112

host Command

  • Works on the same principles as the dig command in terms of nameserver determination.
  • Produces less data in the output by default.
  • -v option if you want more info.

Perform a lookup on redhat.com:

[root@server10 ~]# host redhat.com
redhat.com has address 34.235.198.240
redhat.com has address 52.200.142.250
redhat.com mail is handled by 10 us-smtp-inbound-2.mimecast.com.
redhat.com mail is handled by 10 us-smtp-inbound-1.mimecast.com.

Rerun with -v added:

[root@server10 ~]# host -v redhat.com
Trying "redhat.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28687
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;redhat.com.			IN	A

;; ANSWER SECTION:
redhat.com.		3127	IN	A	52.200.142.250
redhat.com.		3127	IN	A	34.235.198.240

Received 60 bytes from 172.16.1.19#53 in 8 ms
Trying "redhat.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47268
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;redhat.com.			IN	AAAA

;; AUTHORITY SECTION:
redhat.com.		869	IN	SOA	dns1.p01.nsone.net. hostmaster.nsone.net. 1684376201 200 7200 1209600 3600

Received 93 bytes from 172.16.1.19#53 in 5 ms
Trying "redhat.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61563
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 12

;; QUESTION SECTION:
;redhat.com.			IN	MX

;; ANSWER SECTION:
redhat.com.		3570	IN	MX	10 us-smtp-inbound-1.mimecast.com.
redhat.com.		3570	IN	MX	10 us-smtp-inbound-2.mimecast.com.

;; ADDITIONAL SECTION:
us-smtp-inbound-1.mimecast.com.	270 IN	A	205.139.110.242
us-smtp-inbound-1.mimecast.com.	270 IN	A	170.10.128.242
us-smtp-inbound-1.mimecast.com.	270 IN	A	170.10.128.221
us-smtp-inbound-1.mimecast.com.	270 IN	A	170.10.128.141
us-smtp-inbound-1.mimecast.com.	270 IN	A	205.139.110.221
us-smtp-inbound-1.mimecast.com.	270 IN	A	205.139.110.141
us-smtp-inbound-2.mimecast.com.	270 IN	A	170.10.128.221
us-smtp-inbound-2.mimecast.com.	270 IN	A	205.139.110.141
us-smtp-inbound-2.mimecast.com.	270 IN	A	205.139.110.221
us-smtp-inbound-2.mimecast.com.	270 IN	A	205.139.110.242
us-smtp-inbound-2.mimecast.com.	270 IN	A	170.10.128.141
us-smtp-inbound-2.mimecast.com.	270 IN	A	170.10.128.242

Received 297 bytes from 172.16.10.150#53 in 12 ms

Perform a reverse lookup on the IP of redhat.com with verbosity:

[root@server10 ~]# host -v 52.200.142.250
Trying "250.142.200.52.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62219
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;250.142.200.52.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
250.142.200.52.in-addr.arpa. 300 IN	PTR	ec2-52-200-142-250.compute-1.amazonaws.com.

Received 101 bytes from 172.16.10.150#53 in 430 ms

nslookup Command

  • Queries the nameservers listed in the resolv.conf file or specified at the command line.
  • See man pages for interactive mode

Get the IP for redhat.com using nameserver 8.8.8.8 instead of the nameserver defined in resolv.conf:

[root@server10 ~]# nslookup redhat.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	redhat.com
Address: 34.235.198.240
Name:	redhat.com
Address: 52.200.142.250

Perform a reverse lookup on the IP of redhat.com using the nameserver from the resolver configuration file:

[root@server10 ~]# nslookup 52.200.142.250
250.142.200.52.in-addr.arpa	name = ec2-52-200-142-250.compute-1.amazonaws.com.

Authoritative answers can be found from:

getent Command

  • Fetch matching entries from the databases defined in the nsswitch.conf file.
  • Reads the corresponding database and displays the information if found.
  • For name resolution, use the hosts database and getent will attempt to resolve the specified hostname or IP address.

Run the following for forward and reverse lookups:

[root@server10 ~]# getent hosts redhat.com
34.235.198.240  redhat.com
52.200.142.250  redhat.com
[root@server10 ~]# getent hosts 34.235.198.240
34.235.198.240  ec2-34-235-198-240.compute-1.amazonaws.com

Hostname

  • “-”, “_ “, and “. " characters are allowed.
  • Up to 253 characters.
  • Stored in /etc/hostname.
  • Can be viewed with several different commands, such as hostname, hostnamectl, uname, and nmcli, as well as by displaying the content of the /etc/hostname file.

View the hostname:

hostnamectl --static
hostname
uname -n
cat /etc/hostname

Lab: Change the Hostname

Server1

  1. Open /etc/hostname and change the entry to server10.example.com
  2. restart the systemd-hostnamed service daemon
sudo systemctl restart systemd-hostnamed
  1. confirm
hostname

server2

  1. Change the hostname with hostnamectl:
sudo hostnamectl set-hostname server21.example.com
  1. Log out and back in for the prompt to update

  2. Change the hostname using nmcli

nmcli general hostname server20.example.com