UNIX System Administration Handbook - Evi Nemeth [239]
Two new features of DNS collide with respect to case sensitivity: internationalization of names and DNSSEC security. Internationalized names require case to be significant and preserved, but DNSSEC maps all names to lower case before computing cryptographic signatures. It’s likely that DNS will canonicalize names to lower case internally for its cryptographic computations but send the actual data with case preserved. Any international encoding will have to include canonicalization rules. With luck, the IETF standards folks will sort out these issues before either new feature is in widespread use.
An Internet host’s fully qualified name is formed by appending its domain name to its hostname. For example, boulder.colorado.edu is the fully qualified name for the host boulder at the University of Colorado. Other sites can use the hostname boulder without colliding because the fully qualified names will be different.
Within the DNS system, fully qualified names are terminated by a dot, for example, “boulder.colorado.edu.”. The lack of a final dot indicates a relative address. Depending on the context in which a relative address is used, additional components might be added. The final dot convention is generally hidden from everyday users of DNS. In fact, some systems (such as mail) will break if you supply the dot yourself.
It’s common for a host to have more than one name. The host boulder.colorado.edu could also be known as www.colorado.edu or ftp.colorado.edu if we wanted to make its name reflect the services it provides. In fact, it’s a good practice to make service hostnames such as www be “mobile,” so that you can move servers from one machine to another without changing any machine’s primary name.
When we were issued the name colorado.edu, we were guaranteed that colorado was unique within the edu domain. We have further divided that domain into subdomains along department lines. For example, the host anchor in the computer science department is called anchor.cs.colorado.edu on the Internet.
The creation of each new subdomain must be coordinated with the administrators of the domain above to guarantee uniqueness. Entries in the configuration files for the parent domain delegate authority for the namespace to the subdomain.
Masters of their domains
Management of the top-level domains com, org, net, and edu was formerly coordinated by Network Solutions, Inc., under contract with the National Science Foundation. This monopoly situation has now changed, and other organizations are allowed to register domain names in those gTLDs. Other top-level domains, such as those for individual countries, are maintained by regional organizations.
There have been various proposals to allow private companies to operate their own top-level domains, and it is likely that additional top-level domains will be available in the near future. Consult www.icann.org for up-to-date information.
Most ISPs offer fee-based domain name registration services. They deal with the top-level domain authority on your behalf and configure their DNS servers to handle name lookups within your domain. Although you can reduce direct expenses by dealing directly with the registrars and running your own DNS servers, you will not necessarily save money. The disadvantage of relying on an ISP’s servers is that you lose direct control over the administration of your domain.
Even if you want to manage your own DNS services, you must still coordinate with your ISP. Most ISPs supply reverse DNS mappings for IP addresses within their CIDR blocks. If you take over DNS management of your addresses, make sure that your ISP disables its service for those addresses and delegates that responsibility to you.
See page 276 for more information about CIDR.
A domain’s forward and reverse mappings should be managed in the same place whenever possible. Some ISPs are happy to let you manage the forward