by
Ty Belknap

Background

Internet addresses are somewhat like postal addresses. Where a normal address would be something like 123 Main Street, however, Internet and addresses do not use letters. To find a site on the Internet you would type something like 192.5.17.26, which is called an Internet Protocol (IP) address. This was extremely difficult, though, so host names were created for servers Internet domains. To help servers and routers understand host names, a hosts file was created.

 Host files were originally created as a static database with the host name and IP address listed for every available server and router. When a name like www.microsoft.com was typed in a browser, the host file would be accessed to resolve the host name to its corresponding IP address.

 Discussion

The Domain Name System was created to replace host files. DNS is easier to configure and update than host files. Although DNS still requires static configuration of IP address to name address mapping, it uses a tree structure, called domain name space, so each domain branch can contain information for sub-domains. DNS servers can also talk to each other to determine the best route to the receiving host.

The Internet layer on the user PC sends DNS requests to the DNS host. The DNS host looks up the name, notes the Internet address associated with that name, then sends the Internet address back to the Internet layer on the user PC. This entire process is done without the user's knowledge, and is usually completed before the user even knows it's happening.

DNS does, however, pose a possible security hole. A hacker with the proper knowledge and security clearance can change the DNS list to point the host name to a different IP address. For example, a user must login to access accounting files on the accounting server. The user types accounting in the browser to access the system. DNS knows that accounting resolves to the local IP address of the accounting server. However, a hacker has infiltrated the system and rerouted the accounting IP address to another computer that caches names and passwords. It is easier to do this on a DNS server than a normal server with a read-only hosts file (you can learn more about this from the book Application Frameworks: Design and Architecture, listed below).

 Conclusion

DNS was a great breakthrough in making the Internet easier to use. As you can tell, however, we have a long way to go to create any sort of truly secure computing experience.

There is a new type of DNS out. Dynamic DNS standard (RFC 2136) was developed to allow DNS to be dynamically updated to reflect dynamically assigned IP addresses. Of course, being able to dynamically assign addresses may make it easier for bad guys to break in.