Address Record, assigns an IP address to a domain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address. This is not practical due to the limitations of CNAME records.
See CNAME record
Term used to describe zones and domain names. Root, written as “.” is the ultimate ancestor zone. All top level domains like com, gov, and org are all its children. example.com is the child of com. gomer.example.com is the child of example.com.
Adjective describing a name server or a response from a name server that is referencing its own native data. The authoritative server contains an entire copy of the zone that is derived from local configuration data, possibly with the help of another authoritative name server for the zone. Data is obtained without the need for caches or the help of any resolver. A server can be authoritative about one zone but not authoritative for another.
Berkeley Internet Name Daemon. The most common DNS software of the internet. Ported to every flavor of Unix and Windows NT (Windows is a Trademark of the Microsoft Corp.). Bind source code is maintained by the Internet Software Consortium.
The act of recording authoritative response to resolver queries for future reference. Generally cached records will be purged after a predetermined time.
The real name of a host. Used in CNAME records, PTR records, NS records and MX records. A canonical name is something of a fiction because many servers have more then one equally valid name. Basically, any domain name that has an A record.
Classless Inter Domain Routing. Currently subnets are defined by the number of binary bits they have in common. This replaces the older subnet class system. Each octet of the IP address can be broken down into two hexadecimal digits; it takes 8 bits to represent each pair of hexadecimal digits. So a class A subnet which shares the first octet would be an 8 Bit subnet. A class B would be a 16 Bit subnet. A class C subnet would be a 24 bit subnet.
Canonical Name Record. Creates an alias of a canonical name. The alias gains all properties of the original, including IP addresses and mail routes. Because of this, it is illegal for there to be any other record with the same owner name as a CNAME record. It is also illegal for any record other than a CNAME record to refer to an alias.
The process of separating a descendant of a zone into a separate zone. The delegation is accomplished with NS records and if necessary, A records. NS records used for this purpose are called “delegation records”, A records used for this purpose are called “glue records.”
Records in a delegation are an exception to the rule that a record should only be defined only in the zone that owns the name of the record.
Similar to nslookup. Another command line tool for querying DNS servers. Somewhat unwieldy, bundled with BIND.
A DNS Server is any piece of software that serves as a name server, a resolver, or both.
The basic purpose of spoofing is to confuse a DNS server into giving out bad information. The way it works is that an attacker sends a recursive query to the victim’s server, using the victim’s server to resolve the query. The answer to the query is in a zone the attacker controls. The answer given by the attacker’s name server includes an authoritative record for a domain name controlled by a third party. That authoritative record is FALSE. The victim’s server caches the bogus record. (Most modern servers will not cache a fake record because it does not fall in the same parent zone as the record that was requested.) Once spoofed the victim’s resolver will continue to use the false record it has in its cache, potentially misdirecting E-Mail, or any other internet service. This is a potential major security leak for credit card information, trade secrets, and other highly sensitive information.
Most often used to refer to a domain zone, domain is also used to describe a zone, or a domain name. This ambiguity results in an unbelievable number of technical support questions, and is a driving force in the sales rate of “DNS and Bind.”
A unique designator on the Internet made up of symbols separated by dots, such as post.lu
Domain Name System
The domain name system is a distributed database arranged hierarchically. Its purpose is to provide a layer of abstraction between other Internet services (web, email, etc.) and the numeric addresses (IP addresses) used to uniquely identify any given machine on the Internet.
Any zone that isn’t a reverse zone. Root is an exception; root is not a domain zone. Sometimes called a forward domain, or forward zone. This terminology came about because of the ambiguity of the word domain, and use of the term reverse domain, which is now considered archaic.
The process of sending a recursive query sent from a host to a resolver, to a second predetermined resolver. Reasons for forwarding might involve a resolver having little or no net access, or if one resolver has a significantly larger cache.
A glue record is an A record that is created as part of a delegation. If a zone is delegated to a name server whose hostname is a Descendant of that particular zone, then a glue record for that hostname must be included in the delegation.
A host is any machine on any network. On TCP/IP networks, each host has one or more unique IP addresses.
A Hostname is any domain name that has one or more IP addresses associated with it. The association is created by placing an A record in the zone that owns the domain name.
A unique identifier number for any host on any TCP/IP network, including the Internet. An IP address is made up of four octets. Each octet has a value between 0-255.
An element of a domain name. No label can be longer then 63 characters. Labels are made up of letters, numbers and hyphens, but may not start with hyphens. Labels in a domain name are separated from each other by “.”’s. Labels are case insensitive.
When an NS record points to an incorrect host.
The process of sending a message from one point to another through an intermediary. Any mail server that supports this should have some kind of filter system in place to avoid unauthorized use by spammers. Mail servers without this protection are open to hijacking. More on mail relay.
Seventh field in an SOA Record. The default TTL for every record in the zone. Can be overridden for any particular record. Typical values range from eight hours to four days. When changes are being made to a zone, often set at ten minutes or less.
Mail Exchange Record. Creates a mail route for a domain name. A domain name can have multiple mail routes, each assigned a priority number. The mail route with the lowest number identifies the server responsible for the domain. Other mail servers listed will be used as backups.
A name server is software that runs on a host that can be set to authoritatively answer queries for records in a zone.
A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter, and by similar terms) is a computer hardware component that connects a computer to a computer network.
Name Server Record. An NS record declares that a given zone is served by a given name server. Every NS record is either a delegation record or an authority Record. If the name of the NS record is the name of the zone it appears in, it is an authority record. If the name of the NS record is that of a descendant zone, then it is a delegation record.
Standard tool for querying name servers in command line operating systems like Unix and NT.
The ancestor that is appended to an unqualified domain name to form a fully qualified domain name. Usually set to the zone name.
A zone owns itself and all descendant names that are not delegated.
The first field of an SOA record. This field is informational only and has no function. It is intended to hold the hostname of the primary server.
Also called a master server. An authoritative name server that gets its zone data from local configuration, not from an outside source. This term is used in terms of a specific zone. The primary server of one zone could be a secondary server in regards to another zone. Despite a common misconception, from a resolver‘s point of view, primary and secondary servers are equal in authority and priority.
Pointer Record. Also called a reverse record. A PTR record associates an IP address with a canonical name. PTR records should point to a name that can be resolved back to the IP address. The name of the pointer record is not the IP address itself, but is the IP address’ four IP octets in reverse order followed by IN-ADDR.ARPA. for Example:
192.168.0.1 becomes 184.108.40.206.IN-ADDR.ARPA.
A request for records of a certain name to be sent to a certain DNS server.
A recursive query is a request from a host to a resolver to find data on other name servers.
A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that allow third party entities to request administrative control of a domain name.
A domain name registrar is an organization or commercial entity that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry and/or a country code top-level domain (ccTLD) registry. The management is done in accordance with the guidelines of the designated domain name registries.
Fourth field in an SOA record. Refresh determines the number of seconds between a successful check on the serial number on the zone of the primary, and the next attempt. Usually around 2-24 hours. Not used by a primary server.
A resolver is a host capable of performing a recursive search of the Domain Name System to locate records that would answer a query. It does this by querying name servers, including the root servers.
In other words, a resolver is a DNS server that looks up DNS records on behalf of a client machine.
One unit of data in the domain name system. A resource record defines some attribute for a domain name such as an IP address, a string of text, or a mail route.
Fifth field in an SOA record. If a refresh attempt fails, a server will retry after this many seconds. Not used by a primary server.
A reverse zone is a zone whose purpose is the mapping of IP addresses to names. Nearly all reverse zones are descended from the IN-ADDR.ARPA zone.
There are currently 13 servers that are authoritative for the root zone. They are named a.root-servers.net – m.root-servers.net. Every resolver must have the IP addresses of one or more of these root servers coded in so that it can resolve domain name.
The ancestor of all zones, the parent of the top level domains. It is written as “. “. Root (as it is often called) has no labels.
Round Robin Load Sharing
Primitive load sharing system without any fault tolerance. A native feature of most major servers; If multiple resource records of the same name and type are found, all will be sent; However, their order will be rotated for successive queries. For example, identical A records could point to different IP Addresses. This works for load sharing because web browsers and other clients usually only expect only one record of the appropriate type in response, and ignore further records after the first. Can cause problems with PTR records, causing mail delivery problems because IP addresses might not resolve back to the name expected.
Responsible Person. Informational, not functional. Used to indicate the person responsible for the domain.
Sometimes called a slave server: A secondary name server is an authoritative name server that gets its data from outside sources, usually a zone transfer from a primary server. This term only applies to relations with a specific zone, a secondary server for one zone could be a primary for another. Despite a common misconception, from a resolvers point of view, primary and secondary servers are equal in authority and priority.
Serial Number Field
Third Field in an SOA record. Used by a secondary server to determine if it requires a zone transfer from the primary server. If the Secondary’s Number is lower than the Primary’s, then the secondary server knows that its records are out of date. Not used by a primary server.
Start of Authority Record. The SOA is the first record in every properly configured zone. The SOA record contains information about the zone in a string of fields. The SOA record tells the server to be authoritative for the zone.
Also known as a Service record. An SRV record is intended to provide information on available services. A SRV record has four fields and a unique system for naming. The naming system is an underscore followed by the name of the service, followed by a period, and underscore, and then the protocol, another dot, and then the name of the domain. The four fields are.
Static IP Address
A static IP Address is an IP address is an IP address assigned by a service provider that never changes. This requires that the service provider keep at least one IP address per customer. Because their IP address remains fixed, static IP addresses can be used for hosting name servers.
Traditionally subnets have been broken down into three size classes based on the 4 octets that make up an IP address. For example: 220.127.116.11.
TLD – Top Level Domain
Any zone owned by the root servers. You can also think of this as the first label in any domain name other than root (which has no labels) e.g. .com or .lu
A common analogy for the branching structure of the Domain Name System. Under this analogy various domain names are referred to as nodes.
Time To Live, the number of seconds remaining on a cached record before it is purged. For authoritative records the TTL is fixed at a specific length. If a record is cached, the server providing the record will provide the time remaining on the TTL rather then the original length it was given.
Text Record: Strictly informational, not functional. Used to provide up to 255 characters of free form text, hopefully about the zone. Multiple TXT records are permitted but their order is not necessarily retained, a bad forum for presenting War and Peace.
Unqualified Domain Name
A domain name that is intentionally written incompletely with the understanding that some ancestor domain name will be appended to form a fully qualified domain name.
Any domain name that has been delegated by an ancestor zone.
A special type of query that asks a name server for the entire contents of a Zone. Cached records are never reported in a zone transfer. Zone transfers are usually used by secondary servers to update its own zone data from its primary server.