Foundation Topics Domain Name System

This section covers Domain Name System (DNS) and sample configurations used on Cisco IOS routers.

DNS's primary use is to manage Internet names across the World Wide Web. For users or clients to use names instead of 32-bit IP addresses, the TCP/IP model designers developed DNS to translate names into IP addresses.

DNS uses TCP and UDP port number 53.

In a large IP environment, network users need an easier way to connect to hosts without having to remember 32-bit IP addresses—that's where DNS comes into play. DNS provides a service that allows users to use a host's name in place of an IP Address to connect to hosts. When DNS services are running, the host's name is used to request its IP address from a DNS server. The DNS server is a host running the DNS service, and it is configured to do the translation for the user transparently. In other words, the user never sees the DNS request and host-to-IP address translation. The client simply connects to a host name, and the DNS server does the translation.

For example, the website www.cisco.com is translated to the IP address 198.133.129.25.

DNS is a distributed database where organizations can use a predefined name or extension to all their devices. Nations can use extensions to define hosts residing in their country. For example, the extension for Australia is defined as .au. To reach the Cisco website in Australia, a user would type www.cisco.com.au in a web browser.

A regulatory body called the Internet Registration Authority manages domain names.

Similar to DNS, Cisco routers can be configured to locally look up names so network administrator can simply type a name rather than an IP address. Local names can also be configured for devices.

To illustrate a local DNS lookup on a Cisco IOS router, look at the following Cisco router command that provides a host lookup. (Note: a router will not provide DNS server responses to client devices such as PCs or UNIX hosts.)

The following IOS command defines a local name to IP address:

ip host name [tcp-port-number] ip addressl [ip address2...ip address8]

You can assign more than one IP address to any given name. Example 3-1 displays three hosts and their corresponding IP addresses.

Example 3-1 Local IP Host Configuration on a Cisco Router

ip

host

Routerl

131

10

3.1

ip

host

Router2

131

10

3.1

ip

host

Router3

131

10

3.1

The three hosts, named Router1, Router2, and Router3 in Example 3-1, are translated into IP addresses 131.108.1.1, 131.108.1.2, and 131.108.1.3.

When a network administrator types in the host name, the router translates the name to an IP address. Example 3-2 displays a network administrator Telneting from router, R1, to the remote host, Router2.

Example 3-2 Local DNS Translation

R1#router2

Translating "router2"

Trying Router2 (131.108.1.2)..

. Open

User Access Verification

Password: *****

Router2>

When the network administrator types the name router2 (DNS names are not case-sensitive) at the exec prompt, the Cisco IOS router does a local host lookup for the name router2 and translates the address to 131.108.1.2.

What would happen if you typed a name that was not configured locally? Example 3-3 displays the sample output from a Cisco router when an unknown name (ccie, in this case) is typed at the exec prompt.

Example 3-3 Name Translation for ccie

R1#ccie

Translating "ccie" Translating "ccie"

% Unknown command or computer name, or unable to find computer address R1#

From the privileged exec prompt on Router R1 in Example 3-3, R1 does a local DNS lookup, discovers there is no DNS translation, and provides the shaded error message.

Scalability issues with local host configuration can become a nightmare with a large network. Thankfully, DNS servers can be placed around the network (typically in the core infrastructure) to ensure that only a few devices in the network require the full table of names and IP address translations. The World Wide Web has DNS servers that provide DNS mapping for websites.

NOTE By default, Cisco routers search for a DNS server. To disable this feature, use the IOS command no ip domain-lookup. This stops the router from querying a DNS server whenever a name translation is required. This command is a definite time saver for the CCIE Security Lab exam.

To enable a Cisco IOS router to perform DNS lookup to a remote DNS server, the following steps are required:

Step 1 For local DNS entries, you must specify any local host mapping with the following IOS command (note that the tcp-port-number is used for connections on a different TCP port number other than the default, 23):

ip host name [tcp-port-number] ip addressl [ip address2...ip address8]

Step 2 Specify the domain name or a domain list (Cisco routers can be configured with multiple domain names) with the following IOS commands:

— ip domain-name name defines a default domain name that the Cisco IOS Software uses to complete unqualified host names.

— ip domain-list name defines a list of default domain names to complete unqualified host names.

Step 3 Specify the DNS server or servers with the following IOS command:

ip name-server server-addressl [server-address2... server-addressB]

Devices such as PCs can also be configured for DNS servers and domain names. Example 3-4 configures a router named R1 with the domain name cisco.com. The domain name servers are 131.108.255.1 and 131.108.255.2.

Example 3-4 DNS Configuration

R1(config)#ip domain-name cisco.com R1(config)#ip name-server 131.108.255.1 R1(config)#ip name-server 131.108.255.2

When a network administrator types a name (not a valid IOS command, of course), the Cisco router attempts to translate the name into an IP address, first from the DNS server with the IP address 131.108.255.1, and then from the DNS server 131.108.255.2.

Example 3-5 displays a successful DNS query and translation to the host named ccie (another Cisco router) from the DNS server 131.108.255.1.

Example 3-5 DNS Query from the Exec Prompt

R1#ccie

! Administrator types ccie Translating "ccie"

! Query is sent to first configured DNS server

User Access Verification

CCIE>

NOTE In Example 3-5, a Telnet connection requires a password authentication phase (and for all

Telnet-based connections, for that matter). You can disable the Telnet login password on Cisco routers with the command no login under the VTY line configuration, as follows:

line vty 0 4 no login

0 0

Post a comment