puzzling.org · mary.gardiner.id.au

About nameservers

About DNS

Every computer directly connected to the Internet has an IP (Internet Protocol) address. An IP (version 4) address is a series of four numbers between 0 and 255 (eg 10.7.123.255, 253.10.124.7) and uniquely identifies that machine's connection, allowing answers to its queries to be delivered.

The Domain Name System (DNS), which maps domain names to IP addresses, lets you do two things:

  • use a domain name instead of an IP address in URLs, email addresses and so on;
  • move a domain name between IP addresses

There are a couple of reasons why this mapping is useful: the first is that domain names are far easier to remember than IP addresses, the second is that IP addresses are generally allocated to providers (like broadband and dialup ISPs, domain hosting services, colocation facilities, telecommunication providers...) rather than individuals. For most of us, that means we will always be using an IP address associated with our host, and hence switching hosts means switching IPs. The domain name system lets us keep our services at the same address when we do it.

About nameservers

In order to discover the mapping between a domain name and an IP address, a client needs to contact the nameservers for that domain.

A nameserver is simply a server that can respond to DNS queries in the appropriate way. As with web servers, email servers and so on, it is possible to run your own nameserver (the most common program used to do this on Linux is called "BIND") but this course won't teach you how.

However, even if you do use a nameserver configured by a third party, you will either have some control over the answers they give for your domain, or you may need to know a little about DNS in order to move your domain from one IP to another. Hence this lesson.

There's two obvious bootstrapping problems here: how do the nameservers know the mapping, and how does the client find the nameservers?

How the nameservers know your domain's IP address

The process by which the nameservers know your IP address is no more mysterious than the process which your webserver uses to find your files, or the process your SMTP server uses to put mail in your mailbox: someone has configured it to know. The upshot of this is that somehow, your nameservers are going to have to know about your IP. Configuration details vary widely and will be covered by your host's documentation if you need to know. (See the "DNS hosting options" section.)

How clients find your nameserver

Now, how do clients know where the nameservers are? What happens is that at each level of the domain name, the nameservers for that domain know where to find the nameservers for the subdomain.

So, for subdomain.example.com:

  • the .com nameservers know where to find the example.com nameservers
  • the .example.com nameservers know where to find the subdomain.example.com nameservers

If the parent isn't itself the subdomain's nameserver and doesn't know where to find the subdomain's nameservers, then the subdomain doesn't resolve.

Telling the parent nameservers about your domain

Now for some questions about this bootstrapping process:

Where are the .com nameservers; and how do I tell them the example.com nameservers?

How do clients know where are the .com (or .net, or .tv, or ...) nameservers are?

There are nameservers that know the answer to this question. These are known as "root nameservers." There are presently 13 of these servers and if you go to root-servers.org you'll see that they're scattered pretty widely around the world (they need to be massively redundant, if they vanish then so does the DNS for most users — although there are certainly other servers with copies of their information)

Other nameservers need to know where these are, although if you know one of them it can tell you where the others are. Their IPs change very seldom.

Here's a sample root nameserver query:

dig ns . @A.ROOT-SERVERS.NET

How do I tell the .com nameservers where the example.com nameservers are?

You do this through your registrar. As soon as your domain is in their system they provide a "Update nameservers" facility for you to enter the nameservers for your domain. When you do that, they update the appropriate parent nameservers for you.

Now, quite often when you register a domain you do not yet have a host for it, or you don't know what the nameservers are going to be. In this case your registrar will enter some default nameservers, normally ones under their control.

If you don't change them for a day or so, a webpage will normally appear at your domain saying something like "example.com, recently registered at SOME REGISTRAR. Consider SOME REGISTRAR for your registration needs today!" While they're controlling the nameservers, they'll do some advertising. Obviously once you tell them where your nameservers are, then you'll be able to point example.com at a different IP address and deprive your registrar of advertising.

That concludes the basic DNS section. The next section is about actually getting yourself some nameservers. In the last section of the mail, I've got a discussion of "moving IPs", because despite my sales pitch in the first lesson this isn't an entirely trivial task and you need to know some more about DNS to understand why.

DNS hosting options

Your domain will generally need at least two nameservers. This is for redundancy purposes and the normal setup is to have one — the "slave" -- automatically updating itself from the other — the "master". The fact that there needs to be two is enforced to varying degrees: many registrars won't let you enter just one, and if they do some clients will complain. Hence most DNS providers will store your domain on at least two servers and you give both of these to your registrar.

Here is a discussion of various DNS hosting options:

  1. You use your host's nameservers.
  2. You use a third party's nameservers.
  3. You use your registrar's nameservers.
  4. You run your own nameservers.

You use your host's nameservers.

This is a very common option for people using commercial domain hosting. It will probably be the one you choose unless your arrangements are unusual.

Your host will have a couple of nameservers (or many more, depending on how big they are), and they will store your information in their servers. They will tell you which servers these are (generally after you sign up), and you pass them onto your registrar.

If you use your host's nameservers your host may retain complete control over the nameservers and enter the IP address details themselves. However, they may give you some level of control over the contents of your servers. This could be useful if you host example.com on their service, but subdomain.example.com is hosted elsewhere and you want to tell them where. It may also be educational for you to play around.

The precise way they let you configure it will vary on a case-by-case basis. Usually, they will have worked up some interface (perhaps a web interface, or a simple command line tool) that makes this relatively straightforward. It's pretty rare to find them asking for "zone files" (by which they mean BIND's configuration format) but I've seen that happen too. Check their documentation.

You use a third party's nameservers.

There are a number of providers who only do DNS, usually allowing you to configure your servers however you want (there's no point limiting it to their IPs, otherwise you'd never use them!)

There are a few reasons you might want to do this:

  • you're hosting your own domain, but you don't want to host a nameserver;
  • you don't have a second machine to use as the other nameserver; you're worried about reliability; or you just want some backup
  • your commercial host doesn't have nameservers they let you use (I've seen this occasionally, often from very low budget hosts)
  • your commercial host's nameservers aren't any good. I had a host once who had their nameservers configured so that it took 5 weeks for changes to work. (Explanation for people who know about DNS: Their custom configuration tool didn't update the serial number and only updated one server!)
  • your commercial host doesn't provide all the options you need. For example, perhaps you want to point "home.example.com" at your broadband connection's IP so that you can connect to your home PC, but your host doesn't let you point subdomains at different IP addresses.

A note on using a third party nameserver with a commercial host who has their own servers. As long as your third party nameserver points at the right IP, your domain's web, email etc services should work, but there are a couple of pitfalls:

  • your commercial host, who will be assuming you are using their nameservers, might move you to a new IP address for some reason and because they assume that you're using their nameservers which they update themselves, may not tell you;
  • your commercial host's DNS configuration tool might be tied in with their website configuration tool and so on; or
  • your commercial host's users and staff may ask their nameservers for your domain, not your chosen nameserver. So if you do use a third party nameserver and your commercial host also has DNS records for your domain, make sure they agree.

As should be obvious by now, I suggest you use your host's nameservers if they're available. If they're badly configured, consider switching hosts.

If you need third party nameserver hosting, there are a few free third party DNS hosts. ZoneEdit.com seems to be the most commonly used, they will host DNS records for up to 5 domains for free (I don't know if subdomains count). The Public DNS Service is another. I haven't used either, so you may want to ask around. There are some commercial providers too, but I don't know anything about them.

One note on third party providers: at least some of them will run a "whois" command on your domain name to check that you own it before they agree to host your DNS. This is a pain if someone has given you subdomain.example.com and you want to run nameservers for it, because whois won't respond for it.

You use your registrar's nameservers

As mentioned above, many registrars will enter some default nameservers for you and point them at a "Register with us!" holding page. They expect you to replace these nameserver entries with your own, and you'll have to if you want to use the domain.

However, some registrars will let you use and update their nameservers. register.com allows this by default (I think it's why they're relatively expensive), some others will do it for an additional fee (dotster.com). This is a special case of the "Use a third party's nameservers" option.

You run your own nameservers

As with hosting anything yourself, this requires more work than the other options but allows you the most flexibility. I won't discuss configuring BIND or any other DNS server program here, but I'll briefly discuss the prerequisites:

  • You need a "static IP" for all your nameservers. A static IP is a connection with a permanent IP address that persists after re-connection. A "dynamic IP" is one where a machine reconnecting to the Internet may get a new IP address. Most dialup ISPs use a dynamic IP system and so do many home broadband providers. If your IP can change rapidly, regularly or arbitrarily, it isn't suitable for hosting a nameserver because the parent nameserver won't be able to point at the nameserver's new IP fast enough.
  • As with hosting web or email, you need to make your your provider's terms of service allow hosting server programs — many home ISPs don't allow this. This won't be a problem if you've paid for a server hosting service though.
  • Ideally your two nameservers should be as independent as possible. I've seen this described as "make sure they share as few of these as possible: power supply, building, upstream provider, country, continent." That is, the ideal nameservers for a domain would live in different continents.
  • Ideally you should have a lot of control over both nameservers. A common scenario for nameserving is that you and a friend agree that you will each use the other's nameserver as your second nameserver. However, in this scenario, if your nameserver is down and you urgently need to update the information in the other, you may not have access to it directly.

Obviously, as with many other hosting decisions, the urgency of these considerations depends on how much you value consistent and correct DNS information for your domain. (Although, it's amazing how much more valuable it all becomes when you're at risk of losing email because a nameserver is pointing at the wrong place!)

Last modified: 24 July 2004