Webserver use, configuration and management Unit WUCM1

Domain names

DNS - the Domain Name System

(Best reference for this topic is Albitz (2001), parts of these notes from Albitz after Jim Briggs)

Resolving host names

The Domain Name System (DNS) is the means by which the names of network hosts (e.g. www.port.ac.uk) are mapped onto their address (e.g. 148.197.254.16). Although not limited to the Internet, DNS is hardly ever used for other networks, some of which have their own name mapping schemes (e.g. Microsoft WINS, Sun's NIS).

Initially (in the 1970s) there was a single file HOSTS.TXT that could be downloaded by FTP from a computer at Stanford. This contained a name-to-address mapping of all the (few hundred) hosts on the then ARPAnet. (The Windows /system32/drivers/etc/hosts or Linux /etc/hosts files are the residual decedents of the original HOSTS.TXT, with some of the original fields deleted.) The use of an FTP copy of HOSTS.TXT quickly became difficult to maintain, with the growth of the number of hosts, by the time an update had been copied to the far reaches, it was out of date! For a brief review see http://www.byte.org/one-history-of-dns.pdf

DNS has been used since about 1984. It was designed by Paul Mockapetris, then of University of Southern California.

It is a distributed database. Servers called name servers each keep details about some segment of the Internet. Clients called resolvers query the database by means of calls to name servers.

Pros and cons of distribution:

• + Resilience: not reliant on one machine or one file
• + Performance: many name servers can be running simultaneously and the load can be balanced (somewhat) among them
• -  Consistency: need to have a mechanism to keep servers consistent

Structure of the namespace

The original (1980s) three-letter top-level domains (TLDs) are .COM, .NET, .ORG, .EDU, .INT, .MIL and .GOV. The first three are operated on commercial principles, while the last four have restrictive conditions on who can register names in those domains (respectively, four-year degree granting institutions in North America, organisations that were established by international treaty, the US military, and the US federal government). In 2001-2002, four new domains (.biz, .info, .name, and .pro) were introduced, as well as three so-called "sponsored" TLDs (.aero, .coop and .museum).

In addition, there are two-letter top-level domains for each country, and a special domain .ARPA which currently contains some Internet infrastructure databases. The two-letter country code top-level domains (ccTLDs) are based on the ISO 3166-1 two-letter country codes, (see http://www.din.de/gremien/nas/nabd/iso3166ma/codlstp1/en_listp1.html). There is one exception to this - .UK should really be .GB!

See http://www.icann.org/tlds/ for more details

Within each domain, the rules for allocating names and sub-domains are up to the domain administrator. An organisation called InterNIC (http://www.internic.net/) administers the .COM, .NET and .ORG domains (though they subcontract registration within these domains to a number of other companies around the world).   Nominet.uk (http://www.nic.uk/) is the registry for most .UK domain names (including co.uk, org.uk, net.uk, ltd.uk and plc.uk).

Most DNS servers are authoritative for just a few zones, but larger servers are authoritative for tens of thousands of zones. There may be more than one authoritative server for a zone but one of them will be designated the primary master name server, and the others (the slave servers) will query the master to update their information.

Querying a domain name

Assume that your web browser (Firefox or Internet Explorer) wants to look up a page on sunsite.ic.ac.uk:

1. The resolver within the browser will have a list of name servers that it can query. This list (like your machine's IP address) is either specified in your network settings, or (more usually) assigned dynamically when you establish a network connection using the Dynamic Host Configuration Protocol (DHCP). Such name servers are usually relatively local. (The University operates at least two.) It is considered impolite to bombard someone else's name server with requests.
2. The resolver will contact the first name server on the list and send it a recursive query to resolve the name "sunsite.ic.ac.uk".
3. If that name server has "sunsite.ic.ac.uk" in its cache, then it will return the address.
4. If it doesn't, it will send a series of iterative queries to allow it to resolve the name.
   1. It will ask one of the root name servers for the address of the name servers for the .uk domain.
   2. It will ask one of those name servers for the address of the servers for the .ac.uk domain.
   3. It will ask one of those name servers for the address of the servers for the .ic.ac.uk domain.
   4. It will ask one of those name servers for the address of sunsite.ic.ac.uk.
   5. If it already knows the address of a server it can short-circuit the process. For example if it already knows the server for the .ic.ac.uk domain, it can skip steps (a)-(c) above.
5. Whenever a name is resolved, the authoritative name server annotates it with a "time to live" (TTL). A caching server will only cache the entry (if it can) for that length of time. After that it will do a full resolution again. This means that changes to addresses eventually get noticed (but not necessarily immediately).
6. The resolver will wait 5 seconds for a response from a name server. If there is no reply within that time, it will try another name server. Once it has tried all the servers it knows about and got no reply, it go backs to the beginning and tries again with ever longer timeouts. There is a limit to the number of retries (normally 3). Normally, your resolver will give up after 75-80 seconds with a message like "host name lookup failure". Diagram modified from Albitz, (2001)

Finding the name associated with an address (inverse query)

Part of the domain namespace is given over to the resolution of names from addresses. This is the purpose of the .in-addr.arpa domain.

To find the name server responsible for 148.197.175.1 (for example), you would do a lookup on 1.175.197.148.in-addr.arpa (note the reverse order of the octets).   Authoritative name servers need to be setup to administer the appropriate part of this domain, as well as the conventionally named one associated with their zone.

Choosing a domain name

You need to do two things:

1.      You need to choose a name for your domain.

2.      You need to find a parent domain willing to adopt you. Obviously you need to choose a name that is not already taken in the parent domain.

Choosing a good name

• Keep it short - people will certainly have to remember it and probably have to type it
• Relate it to the name of your company, your department, your role or you - anything to make it memorable
• Make it distinct from other names
• Don't try to spoof another legitimate name (see http://www.yaaho.com/)

See also:

• http://www.officelinks.com/tips4_names.htm
• http://www.zdnet.com/devhead/stories/articles/0,4413,2398114,00.html
• http://dnsindex.com/Guides/
• http://www.domainnamebuyersguide.com/

There is big business to be done in domain names. Tuvalu ( .tv domain) is making a big profit out of its registration process - it will cost you $1 million to register "sports.tv" (see http://www.tv/en-def-0b188b9a5d77/cgi-bin/lookup.cgi?domain=sports). Moldova (.md) is targeting the medical community (see http://www.register.md/our-company.jsp).

Registering a domain

If you wanted to be "me.port.ac.uk", you would need to persuade the administrators of the ".port.ac.uk" domain to add you to their name server configuration. If you want to be "me.com", you would need to register with one of InterNIC's registrars. Most domain registration authorities provide you with a web-accessible means of checking whether a name is already taken.

What if the name you want is already taken?

1. Choose a different name.
2. Choose a different parent domain.
3. Persuade the owners of the name to give/sell you it.
4. Initiate the Uniform Domain-Name Dispute-Resolution Policy followed by all registrars in the .com, .net and .org domains. (see http://www.icann.org/udrp/udrp.htm) Under the policy, most types of trademark-based domain-name disputes must be resolved by agreement, court action, or arbitration before a registrar will cancel, suspend, or transfer a domain name. Nominet operates a similar free Dispute Resolution Service (DRS) for the .uk ccTLD. (see http://www.nic.uk/ref/drs.html)
5. Give up!

The DNS Resource Directory has some good advice on the legal position in respect of Domain Names as intellectual property, see http://www.dns.net/dnsrd/disputes.html  and (Rony, 1998)

Setting up your own DNS server

If you are willing and able to administer your own zone of the DNS, you need to set up a computer as a name server and get the administrator of your parent domain to delegate authority for your sub-domain to you. In order to provide a reliable service in all cases you need to provide a Master DNS Server, and a backup or slave.   Without this level of assurance – delegation will not occur.

The most commonly used DNS software is BIND ( http://www.isc.org/software/bind ). This is an open source product. It has been incorporated into most vendors' UNIX-based systems, though you won't necessarily get the most recent version.

There is also a Microsoft name server that runs under Windows NT/2000/XP. Other vendors offer similar products.

As well as the code for the name server, most distributions include a resolver as a library routine that can be loaded into your program.

See Albitz (2001) for details of how to set up your name server. The practical side is well outside the scope of the WUCMI unit.

Commercially provided service and names

Thus far the discussion has been centred about providing your own web server, DNS etc, but for many smaller companies obtaining the use of web space managed by a specialist company is a preferable option. Even larger companies may well outsource their web systems, relying on the expertise and technical support of a third party.

Narrow or broadband ISP

Many ISPs offering either dial up modem based Internet access or broadband ADSL or Cable Internet access include web space as part of the deal. In most cases the name on offer is very tied to the supplier, i.e. it includes the name of the ISP as part of the URL, e.g.  www.nodename.freeserve.co.uk where nodename is your Freeserve identifier. Whilst this is fine for private use it is inappropriate for commercial activities – though not unknown.

Web hosting companies

Another route to acquiring both a domain name and web space is the use of web hosting companies, e.g. Lycos, http://webcentre.lycos.co.uk/product/domain/ or One&One http://oneandone.co.uk/. In this case the hosting company offers clients managed space on their web servers. The package would typically include:

• A domain name (usually from a choice of top level domains, e.g. .com, .net, .org, .info etc.) with the option of sub-dividing your given domain if required.
• Webspace on their servers - 300MB up to several GB is common.
• Email accounts – usually a significant number of discrete, independently managed accounts within the same domain.
• Access to web development tools (often online).
• Database support (e.g. MySQL or SQLserver) with an appropriate scripting support (e.g. PHP, Perl, etc).
• Technical support and advice (not always for a fee!)
• Backup, restore, security, anti-virus defence, etc.

For reviews and comparisons see one of the many monitoring and evaluation sites (sometimes with a commercial interest in some of the services). As an example, look at http://www.webhostingratings.com/ or http://www.webhostdir.com/spotlight/ukwebhosting.asp

Dedicated and managed server hosts

The next level up of commercial outsourcing is to have a host company run the hardware on your behalf. In this case the web host will provide fast Internet connectivity (often by being sited near a major Internet node such as in Canary Wharf), air and power conditioning, and optionally technical support (in the managed server scenario). An example of companies in this market would be RackSpace, http://www.rackspace.com/index.php (both US and UK server farms) or Apollo Hosting, http://www.apollohosting.com/ (largely confined to the US).

This type of service is the closest to running your own server in your own computer centre, offering a very good level of control over the environment offered to your website visitors/clients.

References

The DNS Resources Directory is online at http://www.dns.net/dnsrd/