tyt11fi.htm

tcpip 协议学习电子书籍 第一次上传东西

<HTML>

<HEAD>

<TITLE>tyt11fi.htm</TITLE>

<LINK REL="ToC" HREF="index.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/index.htm">

<LINK REL="Index" HREF="tppmsgs/msgs0.htm#3" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/htindex.htm">

<LINK REL="Next" HREF="tyt12fi.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/tyt12fi.htm">

<LINK REL="Previous" HREF="tyt10fi.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/tyt10fi.htm"></HEAD>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#800080"><A ID="I0" NAME="I0"></A>

<P><P ALIGN=CENTER>

<A HREF="tyt10fi.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/tyt10fi.htm" TARGET="_self"><IMG SRC="blanprev.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blanprev.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="Previous Page"></A>

<A HREF="index.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/index.htm" TARGET="_self"><IMG SRC="blantoc.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blantoc.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="TOC"></A>

<A HREF="tyt12fi.htm" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/tyt12fi.htm" TARGET="_self"><IMG SRC="blannext.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/blannext.gif" WIDTH = 37 HEIGHT = 37 BORDER = 0 ALT="Next Page"></A>


<HR ALIGN=CENTER>

<P>

<UL>

<UL>

<UL>

<LI>

<A HREF="#E68E102" >Domain Name Service (DNS)</A></LI>

<UL>

<LI>

<A HREF="#E69E144" >DNS Structure</A></LI>

<LI>

<A HREF="#E69E145" >The Name Server</A></LI>

<LI>

<A HREF="#E69E146" >Resource Records</A></LI>

<LI>

<A HREF="#E69E147" >IN-ADDR-ARPA</A></LI>

<LI>

<A HREF="#E69E148" >Messages</A></LI>

<LI>

<A HREF="#E69E149" >The Name Resolver</A></LI>

<LI>

<A HREF="#E69E150" >Configuring a UNIX DNS Server</A></LI>

<UL>

<LI>

<A HREF="#E70E43" >Entering the Resource Records</A></LI>

<LI>

<A HREF="#E70E44" >Completing the DNS Files</A></LI>

<LI>

<A HREF="#E70E45" >Starting the DNS Daemons</A></LI>

<LI>

<A HREF="#E70E46" >Configuring a Client</A></LI></UL></UL>

<LI>

<A HREF="#E68E103" >BOOTP Protocol</A></LI>

<UL>

<LI>

<A HREF="#E69E151" >BOOTP Messages</A></LI></UL>

<LI>

<A HREF="#E68E104" >Network Time Protocol (NTP)</A></LI>

<LI>

<A HREF="#E68E105" >Summary</A></LI>

<LI>

<A HREF="#E68E106" >Q&amp;A</A></LI>

<LI>

<A HREF="#E68E107" >Quiz</A></LI></UL></UL></UL>

<HR ALIGN=CENTER>

<A ID="E66E11" NAME="E66E11"></A>

<H1 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>&#151; 11 &#151;</B>

<BR><B>Domain Name Service</B></FONT></CENTER></H1>

<BR>

<P>TCP/IP uses a 32-bit address to route a datagram to a destination. It is useful to forget these 32-bit addresses and use common names instead, because names are much easier to remember. There are several methods used for this. The most common is examined on Day 7, &quot;TCP/IP Configuration and Administration Basics,&quot; employing an ASCII file on the sending machine that had names and corresponding addresses (/etc/hosts on a UNIX device). One major limitation to this system is that the machine can route only to other machines that have an entry in this file, which can be impossible to maintain when there are many target machines or you want to access all the devices on your network.

<BR>

<P>Another approach is to off-load the address resolution to another process that acts like a directory service. There are two such schemes in common use today: Domain Name Service (DNS) and Network Information Service (NIS), which is now part of NFS. Today I look at DNS in more detail. On Day 12, &quot;NFS and NIS,&quot; I examine NFS in depth.

<BR>

<P>Also today I look at the BOOTP protocol, a system that is becoming widely adopted as diskless workstations and client/server systems become more common. BOOTP relies on TCP/IP. Anyone working with TCP/IP can eventually expect to run across the BOOTP protocol, so an explanation of it is useful at this stage.

<BR>

<P>Finally, the day closes with a quick look at the Network Time Protocol (NTP), which is used to ensure synchronization of timestamps between machines.

<BR>

<BR>

<A ID="E68E102" NAME="E68E102"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Domain Name Service (DNS)</B></FONT></CENTER></H3>

<BR>

<P>A symbolic name is a character string that is used to identify a machine. A symbolic name can be straightforward (bills_machine or tpci_server1) or more complex, as is often the case in large organizations where the name identifies the type of machine and its location (such as hpws510, where hpws identifies an HP workstation on the fifth floor, room 10). 

<BR>

<P>When sending information to remote machines, IP addresses or Internet addresses must be used. Instead of requiring the user to memorize the remote machine's numbers, it is common to use a symbolic name. After all, a simple name is much easier to remember than a 32-bit Internet address.

<BR>

<P>As you saw earlier in this book, the conversion from a symbolic name to an actual IP address is usually performed within the sending machine, using a file such as UNIX's /etc/hosts file. This type of approach works well within a small network, where a limited number of destination machines are involved. When dealing with the entire Internet, however, it is unreasonable to expect an ASCII file to contain all possible symbolic names and their addresses.

<BR>

<P>The sheer size of a file required to hold all possible symbolic domain names and their corresponding unique network addresses is not the only problem. Large networks tend to change constantly, especially on an internetwork the size of the Internet. Hundreds of additions and modifications to existing entries must be performed daily. The time required to update each machine (or even selected gateways to autonomous networks) on the internetwork would be huge.

<BR>

<P>The solution to the problem is to offer a method of moving the management of the lookup tables away from the Network Information Center (NIC), which governs the Internet, and toward the participants and their autonomous networks in such a manner that the load on the network is small but flexibility is not compromised. This is what the Domain Name Service (DNS) does. DNS is sometimes also called the Internet directory service, although the name is somewhat of a misnomer.

<BR>

<P>UNIX implements DNS through a daemon called named, which runs on a <I>name </I><I>server, </I>a machine that handles the resolution of symbolic names using DNS methods. Part of the system is a library of functions that can be used in applications to perform queries on the name server. This query routine is called the <I>resolver</I> or <I>name resolver</I> and can reside on another machine. The name server and resolver are examined in more detail shortly.

<BR>

<BR>

<A ID="E69E144" NAME="E69E144"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>DNS Structure</B></FONT></CENTER></H4>

<BR>

<P>The Domain Name Service, as its name implies, works by dividing the internetwork into a set of domains, or networks, that can be further divided into subdomains. This structure resembles a tree, as shown in Figure 11.1, using some arbitrarily chosen domain names. The first set of domains is called the <I>top-level domains.</I> There are six top-level domains in regular use:

<BR>

<UL>

<LI>ARPA: For Internet-specific organizations

<BR></LI>

<BR>

<LI>COM: For commercial enterprises

<BR></LI>

<BR>

<LI>EDU: For educational organizations

<BR></LI>

<BR>

<LI>GOV: For governmental bodies

<BR></LI>

<BR>

<LI>MIL: For military organizations

<BR></LI>

<BR>

<LI>ORG: For noncommercial organizations

<BR></LI>

<BR>

</UL>

<P><B><A HREF="11tyt01.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/11tyt01.gif">Figure 11.1. The Internet domain structure.</A></B>

<BR>

<P>In addition to these top-level domains, there are dedicated top-level domains for each country that is connected. These are usually identified by a short form of the country's name, such as .ca for Canada and .uk for the United Kingdom. These country top-level domains are usually left off diagrams of the Internet structure for convenience (otherwise there would be hundreds of top-level domains). The domain breakdown is sometimes repeated beneath the country domain, so there could be a .com extension coupled with .ca to show a Canadian commercial domain, or an .edu with .uk for a British university.

<BR>

<P>Beneath the top-level domains is another level for the individual organizations within each top-level domain. The domain names are all registered with the Network Information Center (NIC) and are unique to the network. Usually the names are representative of the company or organization, but a few &quot;cute&quot; names do work their way in (usually because of historical reasons).

<BR>

<P>There are two ways to name a target. If the target is on the internetwork, the <I>absolute name </I>is used. The absolute name is unique and unambiguous, specifying the domain of the target machine. A <I>relative </I><I>name </I>can be used either within the local domain, where the name server knows that the target is within the domain and hence doesn't need to route the datagram onto the internetwork, or when the relative name is known by the name server and can be expanded and routed correctly.

<BR>

<BR>

<A ID="E69E145" NAME="E69E145"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>The Name Server</B></FONT></CENTER></H4>

<BR>

<P>Each DNS Name Server manages a distinct area of a network (or an entire domain, if the network is small). The set of machines managed by the name server is called a <I>zone.</I> Several zones can be managed by one name server. Almost every zone has a designated secondary or backup name server, with the two (primary and secondary) name servers holding duplicate information. The name servers within a zone communicate using a <I>zone transfer protocol.</I>

<BR>

<P>DNS operates by having a set of nested zones. Each name server communicates with the one above it (and, if there is one, the one below it). Each zone has at least one name server responsible for knowing the address information for each machine within that zone. Each name server also knows the address of at least one other name server. Messages between name servers usually use the User Datagram Protocol (UDP) because its connectionless method provides for better performance. However, TCP is used for database updates because of its reliability.

<BR>

<P>When a user application needs to resolve a symbolic name into a network address, a query is sent by the application to the resolver process, which then communicates the query to the name server. (I examine the resolver in more detail in the next section, &quot;Resource Records.&quot;) The name server checks its own tables and returns the network address corresponding to the symbolic name. If the name server doesn't have the information it requires, it can send a request to another name server. This process is shown in Figure 11.2. Both the name servers and the resolvers use database tables and caches to maintain information about the machines in the local zone, as well as recently requested information from outside the zone.

<BR>

<P><B><A HREF="11tyt02.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/11tyt02.gif">Figure 11.2. Resolving symbolic names.</A></B>

<BR>

<P>When a name server receives a query from a resolver, there are several types of operations the name server can perform. Name resolver operations fall into two categories: <I>nonrecursive </I>and <I>recursive. </I>A recursive operation is one in which the name server must access another name server for information.

<BR>

<P>Nonrecursive operations performed by the name server include a full answer to the resolver's request, a referral to another name server (which the resolver must send a query to), or an error message. When a recursive operation is necessary, the name server contacts another name server with the resolver's request. The remote name server replies to the request with either a network address or a negative message, indicating failure. DNS rules prohibit a remote name server from sending a referral to yet another name server.

<BR>

<BR>

<A ID="E69E146" NAME="E69E146"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Resource Records</B></FONT></CENTER></H4>

<BR>

<P>The information required to resolve symbolic names is maintained by the name server in a set of <I>resource records, </I>which are entries in a database. Resource records (often abbreviated RR) contain information in ASCII format. Because ASCII is used, it is easy to update the records. The format of resource records is shown in Figure 11.3.

<BR>

<P><B><A HREF="11tyt03.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/11tyt03.gif">Figure 11.3. The resource record format.</A></B>

<BR>

<P>The Name field is the domain name of the machine the record refers to. If no name is specified, the previously used name is substituted.

<BR>

<P>The Type field identifies the type of resource record. Resource records are used for several purposes, such as mapping names to addresses and defining zones. The Type of resource record is identified by a mnemonic code or a number. These codes and their meanings are shown in Table 11.1. Some of the resource record types are now obsolete (3 and 4), and others are considered experimental at this time (13 and 17&#150;21).

<BR>

<BR>

<P ALIGN=CENTER>

<CENTER>

<FONT COLOR="#000080"><B>Table 11.1. Resource record types.</B></FONT></CENTER>

<BR>



<CENTER><TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 CELLPADDING=3 >

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P><B><I>Number</I></B>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P><B><I>Code</I></B>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P><B><I>Description</I></B>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>1

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>A

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Network address

<BR>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>2

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>NS

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Authoritative name server

<BR>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>3

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>MD

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Mail destination; now replaced by MX

<BR>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>4

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>MF

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Mail forwarder; now replaced by MX

<BR>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>5

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>CNAME

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Canonical alias name

<BR>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>6

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>SOA

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Start of zone authority

<BR>

</FONT>

<TR>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>7

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>MB

<BR>

</FONT>

<TD BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<P>Mailbox domain name

<BR>