Charles M. Kozierok The TCP-IP Guide

Подождите немного. Документ загружается.

In the DNS files you maintain you could refer to each device by its FQDN every time; for

example, “apple.cs.widgetopia.edu.”, “banana.cs.widgetopia.edu.” and so on. But it's easier

to tell the software “if you see a name that is not fully qualified, assume it is in the ‘cs.widge-

topia.edu’ domain”. Then you can just call the machines “apple”, “banana”, etc. Whenever

the DNS software sees a PQDN such as “kiwi” it will treat it as “kiwi.cs.widgetopia.edu”.

Key Concept: A fully-qualified domain name (FQDN) is a complete domain name

that uniquely identifies a node in the DNS name space by giving the full path of labels

from the root of the tree down to that node. It defines the absolute location of a

domain. In contrast, a partially-qualified domain name (PQDN) only specifies a portion of a

domain name. It is a relative name that has meaning only within a particular context; the

partial name must be interpreted within that context to fully identify the node.

Differentiating FQDNs and PQDNs in DNS

I mentioned in the prior topic that the trailing dot for the null root domain is usually omitted.

This is true in common parlance, and when users specify a domain name in an application;

you don't use the trailing dot in your Web browser for instance. However, within DNS itself,

the dot is used to clearly distinguish a FQDN from a PQDN within DNS master files. This

allows us to use both FQDNs and PQDNs together. In the example above, “apple” would

refer to “apple.cs.widgetopia.edu.”, but “apple.com.” would refer to the fully-qualified

domain name for Apple Computer, Inc. You have to be careful about watching the dots

here, because “apple.com” (no trailing period) would be a PQDN, and would refer to

“apple.com.cs.widgetopia.edu.”, and not the domain of Apple Computer.

DNS Name Registration, Public Administration, Zones and Authorities

The DNS name space consists of a hierarchy of domains and subdomains. From the root

we have a number of top-level domains, then second-level domains below them, and still

lower-level domains below that. The obvious questions then become: how do we determine

the shape and structure of the name space, and who will manage it? More specifically, who

will control the root of the tree and decide what the top-level domains will be called? How

will we then subdivide control over the rest of the name space? How do we ensure there are

no conflicts in choosing the names of sibling subdomains within a domain?

DNS can be used on private networks controlled by a single organization, and if so, the

answer to my questions above is obviously, “that organization”. We'll discuss private

naming, but in reality, it's just not that interesting. The vast majority of DNS use occurs on

the public Internet. Here, we have a much greater challenge, because we have to construct

a name space that spans the globe and covers millions of machines managed by different

organizations. For this, we need a very capable name registration process and adminis-

tration methods to support it.

In this section I describe the process of name registration and how authorities are managed

within the Domain Name System, focusing on the public Internet. I begin with a description

of the DNS hierarchical authority structure and how it relates to the hierarchical name

space, and a discussion of the concepts behind the DNS distributed name database. I

describe the Internet's organizational and geopolitical top-level domains, and how they are

administered by various authorities. I then discuss how authority is delegated to the

second-level and lower-level domains, and how public registration of domain names works,

including how public registration issues and problems are resolved. I explain how the DNS

name space is partitioned into administrative zones of authority, and conclude with a brief

discussion of private DNS name registration.

Related Information: Most TCP/IP implementations include a special utility

called whois that can be used to interrogate the DNS distributed name database

to obtain registration information about domains. This application can be very

useful for troubleshooting; for details, see the topic discussing whois in the section on TCP/

IP administration utilities.

DNS Hierarchical Authority Structure and the Distributed Name Database

I began my description of the DNS name space with a dissertation on the central concept of

naming in DNS: that of the domain. Each domain can be considered akin to a sphere of

influence or control. A domain “spreads its wings” over all the objects and subdomains that

it contains. Due to this concept of influence, when we consider any DNS name space, we

see that it is hierarchical because it reflects a hierarchy of organizations that control

domains and the nodes within them. This means that there is in fact a hierarchical authority

structure that complements the hierarchical name structure in DNS.

The DNS Root Domain Central Authority

The primary reason why the name space hierarchy leads to an authority hierarchy is the

requirement that sibling subdomains be unique within a domain. As soon as we have a

need for uniqueness, this means we must have some sort of authority or process that

ensures that each subdomain or object picks a different name within that domain. This is in

fact what name registration is all about.

This concept of a hierarchical authority structure is a bit abstract, but it's easier to under-

stand if we examine a sample DNS name space and discuss the issues involved in

assigning names within it. Naturally, we will want to start at the top of the name hierarchy,

with the root domain, “null”. To start off the name space we must create top-level domains

(TLDs) within the root. Now, each of these must be unique, so one authority must manage

the creation of all TLDs. This in turn means that the authority that controls the root domain

controls the entire name space.

In the case of the Internet, then, this central authority is ultimately responsible for every

name in DNS. The central DNS authority for the Internet, which controls the creation of

TLDs, was initially called the Network Information Center. It was later the Internet Assigned

Numbers Authority (IANA), which is also responsible for protocol numbers, IP addresses

and more. These functions are now shared by IANA and the Internet Corporation for

Assigned Names and Numbers (ICANN). We'll discuss the specific TLDs of the Internet in

the next few topics; IANA/ICANN and related organizations are discussed in the topic on

Internet registration authorities.

Top Level Domain Authorities

At the next level down in the authority hierarchy, we create second-level domains within

each of the TLDs. Each TLD must itself be managed using a coordinating authority,

however, this is not necessarily the organization that runs the root (IANA). IANA delegates

authority for some of the TLDs to other organizations. They may delegate control for each

TLD to a different authority at this level of the hierarchy. In fact, there can be completely

different rules for managing the creation of second-level domains in one TLD than there are

in another.

We'll see more of how this works later in the section. We'll also discover that in some TLDs

there are in fact multiple authorities that work together on name registration.

Lower-Level Authority Delegation

The process of authority delegation continues as we continue down the name space

hierarchy. At each level the name space becomes more specific; if we use an organizational

hierarchy, like the “.COM” top-level domain, we generally delegate authority for each

second-level domain to the organization whose name it represents. So “IBM.COM” is

managed by IBM, and so forth. Since IBM is huge, it may itself subdivide the authority

structure further, but smaller organizations probably won't.

I want to point out explicitly that the authority hierarchy is complementary to the name

hierarchy; they are not exactly the same. It is not necessary that there be a different

authority for every level of the hierarchy. In many cases a single authority may manage a

section of the name space that spans more than one level of the structure. For example,

IANA manages the Internet root domain (“null”) and also the “.INT” top-level domain, but

other TLDs are managed by other organizations. The name hierarchy is divided into zones

of authority that reflect the hierarchy of authorities that manage parts of the name space.

It's also worth remembering that authority over a domain doesn't necessarily imply physical

control. A domain can contain subdomains that are managed by organizations on different

continents, and a single subdomain can contain named devices that are on different conti-

nents as well.

The DNS Distributed Name Database

Of course, with authority comes responsibility, and the main responsibility an authority has

for a domain is registering names within the domain. When a name is registered, a set of

data is created for it, which can then be used by internetwork devices to resolve the name

into an address, or perform other functions. The set of all the data describing all DNS

domains constitutes the DNS name database. Just as registration authority is distributed

and hierarchical, this database too is distributed and hierarchical.

In other words, there is no single place where all DNS name information is stored. Instead,

DNS servers carry resource records that describe the domains for which they have

authority. As we'll see, the fact that this database is distributed has major implications on

how name resolution is carried out.

Key Concept: The name space of the public Internet is managed by a hierarchy of

authorities that is similar in structure to the hierarchical DNS name space, though not

identical. The top of the hierarchy is centrally managed by IANA/ICANN, which

delegates authority to other organizations for registering names in various other parts of the

hierarchy. The information about name registrations is maintained in resource records

stored in various locations, which form a distributed name database on the Internet.

DNS Organizational (Generic) Top Level Domains and Authorities

The top of the DNS name hierarchy is managed by a central authority, which controls the

entire name space by virtue of deciding what top-level domains (TLDs) are allowed to exist.

Obviously, it is very important that a great deal of thought go into how the TLDs are chosen;

a poor design at this top level would make the entire hierarchy poorly reflect the actual

structure of organizations using the name space.

There are any number of ways that the creators of DNS could have chosen to structure the

Internet's name hierarchy. One obvious possibility would be to structure the Internet based

on geopolitical boundaries: countries, states and so forth, as we saw in a topic in the last

section. Another sensible idea is to structure the name space based on types of organiza-

tions. One could imagine other possible ways to divide up the names of the world's

computers as well.

The beauty of the hierarchical name space is that we don't have to choose between

different methods of structuring the name space. We can use more than one technique at

the same time, and this is exactly what was done when DNS was first implemented. Both of

the methods I described above, based on organization type and geography, were used for

TLDs. This gives multiple options for name registration for most groups and individuals. I’ll

begin here by discussing organizational TLDs; geopolitical ones are the subject of the topic

that follows.

Original Generic TLDs

The initial deployment of DNS featured a set of seven top-level domains that are in the

standard called generic TLDs. The idea was that each company or organization could

choose a name within one of these TLDs; they were “generic” enough that every organi-

zation would find a place that suited them. I prefer to call them organizational, because they

divide the generic portion of the name space by organization type. The initial TLDs and their

original intended organization types were:

☯ .ARPA: A temporary domain used many years ago for transition to DNS. Its name

refers to the ARPAnet, the precursor of the modern Internet (in turn named for the

United States Defense Advanced Research Projects Agency, ARPA). Today this

domain is used for reverse name resolution.

☯ .COM: Corporations and businesses.

☯ .EDU: Universities and other educational organizations.

☯ .GOV: Government agencies.

☯ .MIL: Military organizations.

☯ .NET: Organizations that implement, deal with or manage networking technologies

and/or the Internet.

☯ .ORG: Other organizations that don't fit into any of the classifications above.

At first glance this seems like a reasonable way to cover the organizations of the world.

However, since the .ARPA domain is “temporary”, this left only six categories for all other

organizations. Also, the TLDs weren't all used as was originally foreseen; for example, the

.GOV and .MIL domains were not used for all types of government and military organiza-

tions, but primarily for the United States federal government and military. .EDU ended up

being used only for universities, again in the United States.

This left only three common top-level domains—.COM, .NET and .ORG—for almost all

other groups and companies that wanted to use the organizational hierarchy. Since there

were only three such TLDs, they quickly became very “crowded”, especially the .COM

domain. A new fourth domain, .INT for international organizations, was added fairly soon to

the original seven, but it too was only for a small number of organizations, such as interna-

tional standards bodies. Despite the handful of organizational TLDs, there is no doubt that

they have been much more popular than the geopolitical ones. I explain some of the

reasons for this in the next topic.

New Generic TLDs

There was, of course, no inherent reason why it was necessary to limit the generic domains

to only that the few that were originally created. Over the years, many suggestions were

made for new generic TLDs that would expand the number of possible second-level domain

names and also provide better categorization for different organization types—that is, make

the generic TLDs “less generic”. There was some resistance at first to adopting these new

names, especially because there were so many different ideas about what new TLDs

should be created. As I said before, creating TLDs must be done carefully to ensure that the

name hierarchy makes sense.

IANA took input from a lot of people, and followed a complex procedure-that-I'd-rather-not-

get-into-here ☺ to determine what new TLDs should be made. In 2001 and 2002, approval

was given for the creation of several new top-level domains, and decisions made about

authorities for administering them.

Of the new TLDs approved in the last few years, the number that has achieved widespread

popularity is, to my knowledge, zero. Humans are creatures of inertia, and most people are

still used to names ending in .COM, .NET or .ORG. In time this may change, but it will

probably take a few years.

Incidentally, there are some people who actually felt that adding new generic TLDs was a

bad idea, since it makes organizations potentially more difficult to locate (due to the possi-

bility of a name ending in a variety of different TLDs). This is debatable, however, especially

since the exhaustion of address space in the existing TLDs means many companies have

had to choose unintuitive domain names anyway.

Summary of Organizational (Generic) TLDs

Table 166 shows all the current generic TLDs and describes how they are used, and also

lists the current central authority that manages each. The original TLDs are highlighted in

italics (I am including .INT as an original TLD since it was created long before the “new”

ones earlier this decade). Figure 239 shows the fifteen generic TLDs in graphical form.

Table 166: Internet DNS Organizational (Generic) Top-Level Domains (Page 1 of 2)

Generic

TLD

Abbreviation

For

Authority Current Use / Description

.AERO Aerospace

Société Internationale

de Télécommunica-

tions Aéronautiques

(SITA)

Members of the aerospace industry, such as

airlines and airports. (Yes, that is French!)

.ARPA

Address

and Routing

Parameter Area

Internet Assigned

Numbers Authority

(IANA) / Internet

Corporation for

Assigned Names and

Numbers (ICANN)

First defined as a temporary domain for

migration from the older host table system, the

“ARPA” of course originally stood for the

Advanced Research Projects Agency, creators

of the predecessors of the Internet. Today, the

.ARPA domain is used for internal Internet

management purposes; the abbreviation at left

was, I believe, “manufactured” to fit the letters

“ARPA”. ☺ The best-known use of this domain

is for reverse DNS lookups.

.BIZ Business NeuLevel, Inc.

Businesses. Intended as a competitor to

.COM.

.COM

Commercial

Organizations

VeriSign Global

Registry Services

Originally intended for corporations and other

commercial interests, .COM is also widely

used for other purposes, including small

businesses and even individuals who like the

popularity of the .COM domain.

.COOP

Cooperative

Associations

Dot Cooperation LLC Cooperative associations.

.EDU Education Educause

Originally intended for all types of educational

organizations, now used only for degree-

granting higher education institutions

accredited in the United States. Other educa-

tional institutions such as public schools

usually use the country code TLDs.

.GOV Government

US General Services

Administration

Reserved for the United States federal

government.

.INFO Information Afilias Limited

A very generic TLD designed for information

resources of various sorts. It is unrestricted, in

that anyone can register any sort of organi-

zation in .INFO. Also positioned as an

alternative to .COM.

.INT International

IANA .int Domain

Registry

Used only for large organizations established

by international treaty.

.MIL Military

US DoD Network

Information Center

Reserved for the United States military.

.MUSEUM Museum

Museum Domain

Management

Association

Take a guess. ☺

.NAME Names Global Name Registry

In the original generic hierarchy there was no

place set aside for individuals to register

names for themselves, so people would

instead create domains like “jonesfamily.org”.

This was non-ideal so .NAME was created as a

place for individuals and families to register a

domain for their names. .NAME also competes

with the country code TLDs.

.NET Network

VeriSign Global

Registry Services

This TLD was supposed to be used only for

Internet service providers and other organiza-

tions working intimately with the Internet or

networking. Due to the exhaustion of name

space in .COM and .ORG, many .NET domains

are registered to other organizations, however.

.ORG Organizations

Public Interest

Registry

Originally intended for organizations not fitting

into the other generic TLDs, .ORG quickly

became associated with professional and non-

profit organizations. It is possible, however, to

have a for-profit company use a .ORG name.

.PRO Professional RegistryPro

Reserved for credentialed professionals such

as lawyers and doctors.

Figure 239: Internet DNS Organizational (Generic) Top-Level Domains (TLDs)

There are fifteen generic TLDs currently defined for the Internet. They have been shown here in alphabetical

order, with the original TLDs shown in blue and the new ones added in 2001/2002 in green.

Table 166: Internet DNS Organizational (Generic) Top-Level Domains (Page 2 of 2)

Generic

TLD

Abbreviation

For

Authority Current Use / Description

Root

.AERO

.ARPA

.BIZ

.COM

.COOP

.EDU

.GOV

.INFO

.INT

.MIL

.MUSEUM

.NAME

.NET

.ORG

.PRO

Key Concept: One of the two ways in which the Internet’s DNS name space is

divided is using a set of generic top-level domains. These TLDs are intended to

provide a place for all companies and organizations to be named based on their

organization type. There were originally six such domains, but this has been expanded so

that there are now fifteen.

DNS Geopolitical (Country Code) Top Level Domains and Authorities

In theory, the generic top-level domains (TLDs) would be sufficient to meet the needs of all

the individuals, companies and groups in the world. This is especially true since .ORG by

definition is a “catch all” that can include anyone or anything. However, back at the

beginning of DNS, its creators recognized that the generic TLDs might not meet the needs

of everyone around the world. There are several reasons for this, chief among them:

☯ Americentricism of the Generic Domains: I don't mean this as a criticism (I'm an

American citizen and love my country!) It is indisputable, however, that United States

organizations and companies dominate the generic TLDs. This is not surprising, given

that the Internet was first developed in the U.S.A., but it still presents a problem for

certain groups. For example, if the United States military controls the .MIL domain,

where does, say, Britain's military fit into the name space?

☯ Language: Most of the generic domains are populated by organizations that primarily

do business in English. There are hundreds of languages in the world, however, and

it's easier for the speakers of those tongues if they can more readily locate resources

they can understand.

☯ Local Control: Countries around the world rarely agree on much, and they certainly

differ on how organizations within their nations should have their Internet presence

arranged. There was a desire on the parts of many to allow nations to have the ability

to set up subsets of the name space for their own use.

Geopolitical (Country Code) Top Level Domains

For these and other reasons, the Internet's name space was set up with a set of country-

code top-level domains paralleling the generic ones, sometimes called ccTLDs. I call these

geopolitical TLDs since they are based on geopolitical divisions of the world (similar to the

example I used in my overview of the DNS name space). In this hierarchy, every country of

the world is assigned a particular two-letter code as a top-level domain, with a specific

authority put in charge of administering the domain. For example, the ccTLD for Great

Britain is “.UK”, the one for Canada “.CA” and the one for Japan is “.JP”. The codes often

are more meaningful in the local language than in English, incidentally; Germany's is “.DE”

and Switzerland's “.CH”.

Designating Countries and Country Code Letters

When I said that countries rarely agree on anything, I wasn't kidding—in fact, they can't

even agree on what's a country! Real shooting wars have been fought over whether or not

a particular territory was independent or part of another nation, never mind verbal wars, and

the creators of DNS wanted no part of this sort of controversy. As the IANA web site says:

“The IANA is not in the business of deciding what is and what is not a

country, nor what code letters are appropriate for a particular country.”

To remain neutral, IANA’s ccTLD codes are taken directly from the standard country abbre-

viations maintained by the International Organization for Standardization (ISO) in ISO

standard 3166-1. When a country is recognized by the ISO and a code assigned to it on this

list, IANA creates it as a top-level domain. There are presently over 200 different geopo-

litical TLDs. No, I am not putting them here in a table, I have to draw the line somewhere

around here! ☺

On The Web: You can find the current list of IANA country code TLDs at: http://

www.iana.org/cctld/cctld-whois.htm

Country Code TLD Authorities

Each country has the authority to set up its TLD with whatever internal substructure it

chooses; again, this is the power of a hierarchical structure. Some countries enforce a

further geographical substructure at the lower levels. For example, the .US domain for the

United States was originally set up so that all second-level domains were two-letter state

abbreviations (this was later changed). Other countries may actually use organizational

subdomains within their country code; Great Britain for example has .CO.UK for companies

in their country (like .COM but for the UK only; they left off the “M”), and .COM.AU is for

corporations in Australia. Other countries may not have any particular substructure at all,

especially if they are small.

Key Concept: Due to the limitations of the generic TLDs, a set of country code top-

level domains was created. This geopolitical hierarchy allows each nation on earth to

set up its own name system based on its own requirements, and to administer it in

the manner it sees fit. The IANA determines what is a country based on official decisions

made by ISO.

Leasing/Sale of Country Code Domains

Interestingly, some very small countries with recognizable codes, especially to English

speakers, have used their codes for very creative purposes, including selling or renting the

name space to enterprising companies. A good example is the .TV domain, which techni-