Gary Kessler
March 1996

An edited version of this paper appeared with the title "Running Your Own DNS" in Network VAR, July 1996.

All hosts on the Internet, or any TCP/IP network for that matter, have an assigned 32-bit IP address. Most hosts have a name, as well, since host names are easier to remember than host addresses. The Domain Name System (DNS) is the distributed database that contains the names and addresses of all reachable hosts on a TCP/IP subnet, including the Internet.

Most, but not all, Internet service providers (ISPs) will set up and maintain the DNS information for their customers. There are several reasons, however, that a customer may want to operate their own DNS. This article will describe Internet domain names and the structure of the DNS, followed by a brief tutorial about creating and maintaining the DNS information.


Internet host names use a hierarchical address structure comprising a top-level domain, subdomain, and host name. Top-level domain names and IP network addresses are assigned and maintained by the Internet Assigned Numbers Authority (IANA), which is responsible for the overall coordination and management of the DNS. Domain administrators are responsible for host name and address assignment within their domain.

  |       |       |      |     |     |     |    |    |    |
 com     edu     gov    mil   org   net    us   fr   ca   jp
  |       |       |                        |              |
  |    --------   |                     -------           ac
  |    |      |   |                     |     |           |
  |   uvm   smcvt |                     vt    ca         keio
  |               |                     |                 |
  -------      ---------              state              inst
  |     |      |       |                |                 |
 hill  mfi   ntia  whitehouse          dps               myo

FIGURE 1. Domain name tree.

The Internet naming hierarchy is best understood if a host name is read from right-to-left. All host names end with a top-level domain name (Figure 1). Generic top-level domains (although generally limited to the U.S.) include com (commercial organizations), edu (educational institutions, primarily 4-year colleges and universities), gov (U.S. government agencies), mil (U.S. military), org (non-profit organizations), net (network providers), and int (international treaty organizations).

The host name, for example, is assigned to a VAX computer (smcvax) within the St. Michael's College (Colchester, VT) subdomain (smcvt), which is within the educational top-level domain (edu). The name refers to a host (golem) in the Hill Associates subdomain (hill) within the commercial top-level domain (com).

Other top-level domain names use international two-letter country codes, such as au (Australia), ca (Canada), de (Germany), es (Spain), fr (France), jp (Japan), mx (Mexico), and us (United States).

Each country determines for themselves how the country-based subdomains, and the associated DNS database, will be organized. The US domain, for example, is mostly organized on the basis of geography, usually using a name of the form; the format may be slightly different for special names, such as those for state government or K-12 and 2-year educational institutions. The address, for example, refers to the Corporation for National Research Initiatives located in Reston, Virginia. The ca subdomain within the us high-level domain does not cause a conflict with the ca high-level domain; the former refers to California and the latter to Canada. The host name refers to a system at the Science and Technology Department of Keio University in Yokohama, Japan; note that the ac subdomain within jp refers to academic institutions.


As mentioned above, host names are easier to remember than IP addresses. Use of host names, then, is a convenience for the humans who use the network. The network has to provide some sort of name-address translation, however, for the network to operate.

The HOSTS.TXT file was used in the ARPANET prior to the definition of the DNS. This file contained the IP address, name, and alias(es) of every host on the ARPA network. This was a suitable scheme during the days when the network had only a few hundred systems and the network not very dynamic, but is wholly unsuited for the Internet with almost ten million hosts (as of January 1996) and 10% growth per month!

HOSTS.TXT files are still used, however. Their main function today is to contain the names of local systems so that one machine on a LAN (or other local network) can find other local systems without having to perform a DNS lookup. When TCP/IP software is configured on a host, the location of the HOSTS.TXT file must be provided if the file is used by a given system.

IP address:
---------------    --------------    ----------
| Mail server |    | DNS server |    | Router |===== Internet
---------------    --------------    ----------
      |                |                |
=============================================== LAN
     |               |                    |
-----------     -----------      -------------------
| User #1 |     | System  |      | WWW/FTP server; |
-----------     | Manager |      | backup DNS/mail |     -----------      -------------------

FIGURE 2. Sample network for this article.

TABLE 1. Sample HOSTS.TXT file for the domain.     router        dns      www ftp mail2 dns2       mail        pc1        pc2 sysman

A sample HOSTS.TXT file is shown in Table 1 for the fictitous FOO.COM domain shown in Figure 2. Each line contains three fields: the IP address, host name, and (optionally) any aliases the system might use. As an example, a system on the local LAN that is trying to make an ftp connection to the local ftp server may attempt to open a connection to,, ftp, www, mail2, or dns2.


The DNS is a distributed database that contains the names and/or addresses of every host that is accessible via the Internet. The DNS was one of the key developments that allowed the Internet to grow as it has. Unlike the HOSTS.TXT files, which have to be individually maintained at every host on the network and be synchronized to ensure their correctness, DNS files are maintained by thousands of hosts on the network, each responsible for a portion of the name space (called a zone). The DNS provides a mechanism so that backup databases can be identified in case the first one becomes unavailable. DNS databases are updated automatically so that information on one name server does not remain out-of-date for long.

When TCP/IP software is installed on a host, the address (not the name!) of one or more (usually no more than three) name server(s) is one of the configured parameters. When the host attempts to establish a connection to another IP host, it will first check its local HOSTS.TXT file (if there is one) for the name of the remote host. If the remote host is not in the HOSTS.TXT file, the host will send a query to the primary DNS name server. The primary name server may well not contain the information about the particular destination host; in that case, the query must be forwarded to another name server that is higher up on the domain name hierarchy.

Consider the following example. Suppose a user on a system at Baz University (domain wishes to initiate a connection to the WWW server at Foo Corp. ( The following name resolution steps would occur:

  1. The Baz host will check its HOSTS.TXT file. In this example, Foo's WWW server is not found.
  2. The Baz host will then check its primary DNS name server. Since the Baz DNS server probably only covers the zone, it will not contain Foo's WWW server's address; instead it will forward the query.
  3. The query is passed to a name server higher up in the DNS hierarchy. A database exists for every top-level domain and it contains the name of every subdomain within that top-level domain, and its assigned name server(s). When the higher-level name server checks the com DNS file, it will find an entry for and the address of its DNS server(s). This information is returned to the Baz DNS server.
  4. The query is forwarded to one of the name servers for, which returns the IP address of the WWW server (

The DNS can be examined with a number of common TCP/IP tools. The most common DNS lookup utilities are NSLOOKUP and Host. If you turn off the recursive option, you can see these steps in more detail.

The DNS database contains different types of information on resource records (RRs). The most common RRs are:


DNS server software may be found by a variety of names depending on the operatng system; Windows NT simply refers to DNS while UNIX will have named or BIND (Berkeley Internet Name Daemon). When the DNS process is launched, the name of a boot file must be provided; this file contains the names of the database files containing the DNS information. A sample boot file, which might be called named.boot, is shown in Table 2.

TABLE 2. Sample named/BIND boot file.
; FILE: named.boot
directory /usr/local/named

;Type     Domain                    Data file
primary   localhost       
primary      localhost.rev
cache     .                         named.cache

The first record in the boot file contains directory information and points to the directory where the DNS program files reside. The remaining records each contain three fields which describe a DNS database file: the type of DNS information, the domain defined in the file, and the filename. There are six records that refer to DNS databases for which this DNS server has primary responsibility. The six domains defined here are:

The final record defines where the DNS cache information for the root domain (".") can be found. This is not a "cache," as in short-term memory, but is a set of fixed pointers to the higher-level DNS databases. In this example, the cache information is maintained in the file named.cache.


All of the DNS resource records have a similar format. Although there are many shortcut notations and abbreviations that may be found in DNS files, these examples use the simplest nomenclature to eliminate confusion and/or ambiguity.

The first field in any DNS record is always either an IP address or a host name. If it is missing, then the name/address from the previous record is implied. Note that all names and addresses end with a trailing "dot" (.). This signifies that the name or address is an absolute name/address rather than a relative name/address. Absolute addresses, also called fully qualified domain names, are relative to the root, while relative addresses are relative to a default domain (which may or may not be the root). This field may, optionally, be followed by a Time-to-Live (TTL) value, which indicates the length of time that the information in this field should be considered valid.

The second field indicates the address type. In today's DNS databases, the string "IN" is most likely to be found to indicate an Internet address. This field is present for historical purposes and compatibility with older systems.

The third field is a string that indicates the type of resource record. This field is followed by optional parameters that are specific to the RR.

TABLE 3. Sample file.
; Start of Authority (SOA) record   IN SOA  (
                    19960105   ; serial # (date format)
                       10800   ; refresh (3 hours)
                        3600   ; retry (1 hour)
                      604800   ; expire (1 week)
                       86400)  ; TTL (1 day)

; Name Server (NS) records.   IN NS
           IN NS

; Mail Exchange (MX) records.   IN MX   20
           IN MX   40

; Address (A) records.  IN A     IN A        IN A      IN A       IN A       IN A        IN A        IN A

; Aliases in Canonical Name (CNAME) records...        IN CNAME        IN CNAME     IN CNAME

The file (Table 3) contains information about the domain, including name lookup, mail exchange, and name server information. Specific resource records of note include:

TABLE 4. Sample file.
; Start of Authority (SOA) record IN SOA
                         (19960105   ; serial # (date format)
                             10800   ; refresh (3 hours)
                              3600   ; retry (1 hour)
                            604800   ; expire (1 week)
                             86400)  ; minimum TTL (1 day)

; Name Server (NS) records.  IN NS
                           IN NS

; Addresses point to canonical names (PTR) for reverse lookups    IN PTR    IN PTR    IN PTR    IN PTR    IN PTR    IN PTR

Reverse lookups are handled by the database file for the IP address domain. The records and their formats are essentially the same as above, except that PTR records are used instead of A records. PTR records contain a host name to associate with the IP address that is in the first field of the record. The file that corresponds to the FOO.COM network is listed in Table 4.

TABLE 5. Sample file.
localhost.              IN SOA (
                        19950910   ; serial # (date format)
                           10800   ; refresh (3 hours)
                            3600   ; retry (1 hour)
                          604800   ; expire (1 week)
                           86400)  ; minimum TTL (1 day)

localhost.                IN NS
                          IN NS

localhost.                IN A

TABLE 6. Sample localhost.rev file.
; Start of Authority (SOA) record  IN SOA (
                        19951106   ; serial # (date format)
                           10800   ; refresh (3 hours)
                            3600   ; retry (1 hour)
                          604800   ; expire (1 week)
                           86400)  ; minimum TTL (1 day)

; Name Server (NS) records.     IN NS
                          IN NS

; Only one PTR record   IN PTR   localhost.

Tables 5 and 6 show sample and localhost.rev files, respectively, providing forward and reverse address lookups for the loopback address. Tables 7 and 8 show sample files for the all zeros and all ones addresses. As mentioned above, these files are provided only for completeness and security.

TABLE 7. Sample file.         IN SOA (
                        19950910   ; serial # (date format)
                           10800   ; refresh (3 hours)
                            3600   ; retry (1 hour)
                          604800   ; expire (1 week)
                           86400)  ; minimum TTL (1 day)           IN NS
                          IN NS

TABLE 8. Sample file.       IN SOA (
                        19950910   ; serial # (date format)
                           10800   ; refresh (3 hours)
                            3600   ; retry (1 hour)
                          604800   ; expire (1 week)
                           86400)  ; minimum TTL (1 day)         IN NS
                          IN NS

Finally, if a name cannot be resolved by the local name server, the query will be forwarded to a name server higher up on the domain name tree. The named.cache file contains the addresses of the top-level DNS servers. This actual file should be downloaded periodically from the Internet Network Information Center (InterNIC) at; note that this file is also called named.root and Table 9 shows an abbreviated version of the current named.cache file (most comments have been removed in the interest of space). The single "." indicates the root domain, while the "3600000" is the TTL value, indicating that these entries should expire after about 6 weeks (3.6 million seconds).

TABLE 9. The November, 1995 named.cache file.
;       last update:    Nov 8, 1995
;       related version of root zone:   1995110800
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A
; End of File


Since most ISPs will maintain a DNS for you, why should a network manager consider operating their own? The most obvious and pressing reason is that not all ISPs will do this for you so, in some cases, you will have to do this yourself.

However, a site may want to run their own DNS anyway, primarily for better control and to ensure the database's accuracy. If your site is constantly moving systems around, changing host names, and/or changing IP addresses, your ISP may not be able to keep the DNS as up-to-date as you would like -- or need. Another issue is reverse name mapping; some ISPs keep reverse name information only for servers but not the individual host systems. In this case, users may not be able to connect to FTP or other information servers that attempt to reconcile the user's host name with the IP address. Furthermore, as your site grows in size and complexity, your ISP may be unable or unwilling to continue to meet your needs.


Running a DNS is not terribly hard but one must be very careful when creating the databases. The DNS files must be updated whenever a system name or address change is made. The serial number must be appropriately updated whenever a change is made. The most up-to-date named.cache file must be periodically downloaded from the InterNIC. Zone transfers, the procedure for moving DNS data between primary and secondary name servers, must be managed.

These procedures, and more, are not difficult but must be planned. The example shown in this article is a very simple case for a small LAN attached to the Internet; much more complex arrangements are possible. One of the best references for establishing, maintaining, and troubleshooting a DNS server is DNS and BIND by P. Albitz and C. Liu (O'Reilly & Associates, 1992). Several Request for Comments (RFCs) documents describe the basic background concepts of the DNS, including RFCs 1591 (Domain Name System Structure and Delegation), 1035 (Domain Names - Implementation and Specification), 1034 (Domain Names - Concepts and Facilities), and 974 (Mail Routing and the Domain System). Several other RFCs describe potential DNS pitfalls and tools, including RFCs 1912 (Common DNS Operational and Configuration Errors), 1713 (Tools for DNS Debugging), and 1536 (Common DNS Implementation Errors and Suggested Fixes).

There is also an Internet discussion list for DNS protocol-related issues; this list is not for DNS questions. To subscribe to the list, send mail to and put the word subscribe in the body of the message.

As a final note, IP version 6 (IPv6) will use a 128-bit address and an address architecture that is different from today's IP version 4. IPv6 and the new address structure are described in RFCs 1883 and 1884, respectively. RFC 1886 describes extensions to the DNS that will be necessary to accommodate IPv6, in particular the AAAA resource record and IP6.INT address domain.

ABOUT THE AUTHOR: At the time this article was published, Gary Kessler was a Senior Member of Technical Staff at Hill Associates, a telecommunications training and education firm headquartered in Colchester, VT. Gary is the author of over 50 papers for industry publications and the co-author of ISDN, 3rd. edition (McGraw-Hill, 1997). He may be reached on the Internet at