HOW 'CACHING' WORKS
DNS uses principle of 'caching' for its operation. When a nameservers receives Information about a mapping, it caches this information .further queries for the same mapping will use this cached result, thereby reducing the search cost. The nameservers don't cache forever. The caching has a component called time to live (TTL) and the TTL determines how long a server will cache a piece of information. So when the nameservers caches receive an IP address, it receives the TTL with it. The nameserver caches the IP address for the period of time then discards it.
When a process needs to determine an IP address given a DNS address, it calls upon the local host to resolve the address. This can be done in variety of ways:
Table look up. On UNIX hosts, the table is /etc/hosts.
The process communicates with a local nameservers. This is named on a UNIX system.
By sending a massage to the remote system that is identified from the information in the file/etc/resolve.conf.
When a nameserver receives a query for a domain that is does not serve, it may send back a referral to the client by specifying better nameservers. Typically operate in the recursive manner wherein any DNS server passes requests it cannot handle to higher level server and so on, until either the request can be handled or until the root of the DNS name space is reached.
The nameservers contain pointers to other nameserver with the help of which it is possible to traverse the entire domain naming hierarchy. A host with the initial nameserver addresses has to be configured. After this, it is able to use DNS protocols to locate the nameserver responsible for any part or the DNS naming hierarchy.
Thus when a nameserver receives a request, it can do one of the following:
It can answer the request with an IP address. This method is called iterative. In this, the client simply asks the server to resolve a domain name. The server accesses its database, finds its IP address and sends that back. If the server does not find the address, it sends back an error ;DNS not found'). Contact another nameserver and try to find the IP address for the requested name. Send back a referral to the client specifying the IP address of better nameservers.
A popular user interface, called 'nslookup'is available on the UNIX system. With this, you can perform any DNS function. This program also displays the result to the user. Using is nslookup, you can obtain a listing of all the hosts in a zone. In order to do this, you first need to identify the nameserver for the zone.
The threats that are associated with the DNS are due to the lack of integrity and authenticity checking of the data held within the DNS. Also, other protocols can use host names as an access control mechanism. The internet engineering task force (IETF) has come up with DNS security (DNSSEC) extensions to DNS protocol. The main objective to DNSSEC is to provide authentication and integrity to the DNS. These are provided through the use of cryptographic'
Pawan Bangar owns Birbals, a web solution
provider that offers web hosting, web promotion, web design, search engine submission, and more.