A Simple Introduction to DNS & DDNS and Why your organization might need them
DNS stands for Domain Name System. A Simple function of the DNS server is to convert a Domain name into IP address & IP address into a Domain name. DDNS stands for Dynamic Domain Name System or just Dynamic DNS and it is required to provide a permanent (and easily remember-able) Domain name for remote access when you don’t have a permanent IP address. Read on for a simple introduction to DNS & DDNS.
DNS – Domain Name System
DNS Service is provided by most of the common server packages like Windows 2003/2008, Ubuntu/ Suse/ Redhat Linux Server etc. DNS is used within an organization to resolve the names of the computers/ servers/ printers connected in the network into their IP addresses and vice-versa, so that you can identify the networked devices by their names instead of IP addresses. It generally works in conjunction with DHCP services.
DNS is a very important component of Internet. Whenever you type the name of a website in your browser, it first looks up to a DNS server to perform the name resolution (Site name into IP address) before fetching the requested web-page. This is required because, domain names can be remembered by humans but computers cannot associate to them. Hence domain names need to be converted into their corresponding (machine friendly) IP addresses to reach the destination website.
The browser first checks if the IP address is available in its local cache and if not, it sends a request to the local DNS Server in the organization (If caching is enabled on that server). If the required information is not available with the local server, it is forwarded to the DNS Server of the ISP (Internet Service Provider) which looks up the TLD (Top Level Domain – .com, .net, .org, etc) database to identify the same.
So, it is possible to configure the DNS Server in your organization to provide local DNS resolution services for local computers, servers, printers, etc (or) provide DNS resolution services over the Internet for a Website or Mail Server hosted in your organization (or) act as a recursive/ caching DNS server for faster resolution of DNS queries. A Single Server can do all the three functions, if required.
It is important to have at least two DNS Servers – One of them primary/authoritative (for a domain/ zone) and the other, slave. The information in primary servers are copied on to the slave regularly through zone transfers and the slave takes over when the primary server fails. DNS Servers are also called as Name Servers and you might have come across ns1, ns2 which refer to different name servers for a domain.
It is not required that a organization’s website be hosted in its own servers as there are Hosting Service Providers who offer shared/ dedicated hosting for websites. They also share their DNS Servers / Public IP address in case you don’t want to have a dedicated DNS Server in your organization. Even if you have a dedicated DNS Server for your domain, you could look at having the secondary DNS Server from a DNS Service provider.
DNS Servers in your organization send the queries that they cannot resolve to external DNS Servers called Forwarders. Usually, these queries are sent to your ISP’s DNS Server which might have the IP address in its cache. If not, it forwards the request to Top Level Domain Servers. Alternatively, you could forward the unresolved DNS Queries to a free service like Google Public DNS in order to get a faster resolution.
DNS Servers are vulnerable to certain security threats like Footprinting (Domain names/ IP addresses stolen by a hacker), Denial of Service attacks (Which send a very large number of queries to occupy all the DNS Server resources fully thereby rejecting service to genuine requests), IP Spoofing (For gaining access to the network), DNS Cache Poisoning (redirecting the DNS resolution queries to harmful servers controlled by the hackers), etc. Measures like TSIG (encrypting the transactions between DNS Servers during zone transfers, lookup), DNSSEC, etc are used to protect the DNS Servers from getting compromised in addition to various DNS Server Security hardening measures.
DDNS – Dynamic Domain Name System (Dynamic DNS)
Big companies / organizations generally get a block of Public IP addresses assigned from their ISP’s. They can use these Public IP addresses to host their website, for remote access, etc. But what about small business and individuals who don’t have their own permanent static IP addresses but still want to access their network connected devices remotely? That’s where the Dynamic DNS service comes in handy.
Every computer requires an IP address while connecting to the Internet. But when a small organization/ individual connects to the Internet using a broadband connection, they are not given permanent IP address. The IP address keeps changing every time a new Internet session is initiated / after a fixed time period. But a permanent IP address is required for accessing various network devices like computers, IP cameras, NAS storage appliances, etc from a remote location.
Dynamic DNS is actually a service that uses a permanent domain name (instead of permanent IP address). This domain name can be your own domain name (hosted on your DNS server / with a DNS service provider) or a sub-domain from a free DDNS service provider. You can now identify your network device using this (dynamic) domain name from anywhere on the Internet.
So, instead of permanent IP address a Dynamic DNS Service gives you a permanent domain name (or sub-domain name) and they keep updating your device’s IP address as it changes. For this, you may need to install a tracking software in your computer (or) you need to use a DDNS aware router that automatically updates the DDNS service whenever an IP address changes.
You could stay up to date on the various computer networking/ related IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’