Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
The first two sessions on DNS covered foundational topics including name resolution, records, and the evolution of the DNS system. In Part 3 of this Session Wednesday series, Kelly takes us on a deeper dive into the implementation and organizational structure of DNS. Some basic terms are introduced. A zone is an area of a namespace for which it is authoritative. In other words, a zone knows about a particular area and can be regarded as the "expert" or authority on it. Zones are set up on DNS servers. An example would be a DNS server that is authoritative for the Cybrary.com domain. There are several options for configuring zones on a DNS server ranging from simple to complex. In the Cybrary.com example, a single zone could handle the entire namespace which could potentially include all sub-domains such as east.cybrary.com and west.cybrary.com. An important rule regarding namespaces is that they must be contiguous: there can be no gaps between zones within a namespace. The decision to use one big zone to handle an entire namespace versus splitting up the namespace into separate zones residing on multiple DNS servers depends on network structure and load handling. Better performance can sometimes be achieved by splitting up a namespace into separate zones. The concept of zone delegation is introduced next. When a DNS server receives a request for a zone outside its scope of authority it must perform what is known as zone delegation. A server can either delegate down or up. In the case of a client request such as from an end user on a PC, the delegation flows downward. A namespace record with a pointer is used to find the DNS server that is authoritative for the requested zone. DNS forwarding is a request originating from one DNS server to another. The request is delegated up in a child/parent relationship. Such forwarding can also occur in a side-to-side direction on a conditional basis, but this is typically avoided since it's cumbersome. External name resolution for a domain outside of a server's namespace is directed to the client's ISP. An example would be a request for Yahoo.com to the Cybrary.com DNS server. More efficient lookups can be achieved by leveraging the cache of the ISP's DNS server.