I intend this to be a blog post that I'm going to update, but it might make more sense to move this information to a personal knowledge web.... We'll see.
DNS - You want to contact a computer to which you know the name of? No problem. The computer your using makes a request to a Domain Name Service, asking for an IP address for the server, then proceeds to connect to the server using it's IP address. - Simple!
Many internet fundamental technologies were created by very clever people in robust and simple ways and have either stood the test of time; or developed such a historical inertia that they had to be kept the same or else everything thing would break. Many of these technologies have been extended and expanded in very clever ways to function better and more completely today then they ever have.
At first blush Computer Name Resolution doesn't seem to be one of these golden children. Check out the Wikipedia History on DNS - In 1973 ARPANET used a hosts.txt file on each system, and apparently it was managed by Jake over at Stanford. She managed all computer name resolution for ~17 years. -- Stick that on your resume and smoke it. -- Oh, and she invented Domains. -- Although I 100% believe Jake was clever; the systems that she and her team put into place have not been robust. The one constant for DNS seems to be that it constantly changes; and stays the same.
I imagine there is a ton of awesome history between 1989 and now. But I'm trying to get my server to work, so I'm going to focus on today. Today Jake has been replaced by a group known as the"Internet Assigned Numbers Authority" (IANA).Or excuse me maybe it's the Public Technical Identifiers (PTI) that actually run things, they are an affiliate of ICANN, contracted to preforn the IANA functions on behalf of ICANN.
Based on my messed up preconceived notions and the very few things I think I've learned about ICANN I believe them to be completely morally bankrupt. -- Really, never in history has a bureaucracy been worse than ICANN. As far as I know they are completely useless and a massive detriment to society in general. The only way to get anything done with ICANN is to provide nation state level bribes to it's ~388 employees.
Jon Postel did it better in his spare time and without charging anything for his services.
None of this should have happened, it's a modern tragedy.
"Once you realize what a joke everything is, being the Comedian's is the only thing that makes sense."
—Eddie Blake
So forget it, lets move on. Lets look at the technology, and see what's been done and where we can go from here.
If you have something on the internet, you probably started with getting a name from Jon/ICANN/PTI/IANA, lets call them JIPI. JIPI authorizes registrars to charge you yearly for your name.
Either those registrars, a hosting company, or you, must provide DNS servers to go along with your name. You maintain 'records' with those DNS servers so that when someone requests information on how to contact your site the DNS server responds with an IP address, or such, which the requestor can use to contact the computer that is hosting your site. "Site" in this case could be a web page, game, virtual world, or whatever...
I just looked up "josiahluscher.com" and a name server ns3.dreamhost.com replied with an 'A' record and the IP address 64.90.48.157
Neat eh? DNS servers are hierarchical, and divided up into zones. So if whatever DNS server you contact doesn't have an authoritative answer, it asks the lowest server that it knows will be able to find the answer.... That might be the root DNS server. The root server won't give an answer though, it just refers the requester to a higher level server that should have the answer. this referral process may repeat several times. Finally the "authoritative" DNS server is found, and then you get an answer.
Obvious challenges to traditional DNS:
- Internet DNS, doens't know about local networks, so a local DNS is needed.
- Multiple computers serving many users who all expect to use the same service.
- Prevent malicious actors from replying with fake destinations to perpetrate man-in-the-middle attacks.
- Others?
Pieces of software that I want to learn about related to DNS:
nmcli - NetworkManager
systemd-resolvd
dnsutils
ifupdn
iproute2
resolvconf
dhclient
net-tools
mDNS
nmcli
In terms of ease of use and the help information available nmcli is one of those programs that give Linux a bad name.
[Good news though I did solve my immediate problem that inspired this post. My eno1 wired gigabit ethernet interface was setup with a static IP and static DNS records which were no longer correct. The way to change that interface to DHCP and remove the old records is this:
nmcli device show eno1
less /etc/sysconfig/network-scripts/ifcfg-eno1
nmcli con mod eno1 ipv4.ignore-auto-dns no
nmcli device modify eno1 ipv4.method auto
nmcli device modify eno1 ipv6.method auto
nmcli con mod eno1 -ipv4.dns [Old.Incorrect.DNS.IP]
nmcli con mod eno1 -ipv4.dns [Old.Incorrect.DNS.IP]
systemctl restart NetworkManager
nmcli device show eno1
less /etc/sysconfig/network-scripts/ifcfg-eno1
To be continued someday....
No comments:
Post a Comment