Prev. Page: Domain Name System (DNS)

On the Internet, a database of domain names with IP addresses maintained providing service of translating a domain name to IP addresses. When a query placed on nameserver, it looks for the IP address of a domain name. A nameserver uses several configuration files to enable it to answer requests. On Linux systems, the Berkeley Internet Name Domain (BIND) provides specifically designed server software called resolvers, distributed by the Intenet Software Consortium. It obtains addresses from the nameservers. The local resolver configured as /etc/host.conf or /etc/nsswitch and /etc/resolv.conf files.

host.conf

  • order: specifies the sequence of name resolution methods
    hosts – checks for a name in the local /etc/host file
    bind – queries DNS nameserver for an address
    nis – uses Network information Service protocol to obtain an address
  • alert: Check addresses of remote sites attempting to access system, it has on and off options
  • nospoof: Confirms addresses of remote sites trying to access the system
  • trim: Checks the localhost file, removes the domain name, and checks only the hostname. It enables to use the only hostname in host file for an IP address
  • multi: Checks localhost file, and allows a host to have several IP addresses. It has on and off options
# host.conf
# lookup names in host file and then check DNS
order bind host
# there is no multiple addresses
multi off

Name Server Switch /etc/nsswitch
On Linux System, different functions to operate in standard C Library configured by a scheme Name Service Switch (NSS) based on methods of the same name used by Sun Microsystems Solaris 2 OS. A database like services like password support and name services (NIS, DNS) directly access these functions using a fixed search order.

The database sources and lookup order listed in the /etc/nsswitch.conf configuration file. NSS supports configuration files:

  • aliases: Mail aliases, used by Sendmail
  • ethers: Ethernet numbers
  • group: Group of users
  • hosts: Hostnames and numbers
  • netgroup: Networkwide list of hosts and users, used for access rules; C libraries before glibc 2.1 only support netgroups over NIS
  • network: Network names and numbers
  • passwd: User passwords
  • protocols: Network protocols
  • publickey: Public and secret keys for SuperRPC used by NFS and NIS+
  • rpc: Remote procedure call names and numbers
  • services: Network services
  • shadow: Shadow user passwords

An entry has two fields, the service, and the configuration specifications. It holds instructions on how the lookup procedure works; it contains specifications and action items. Valid specification service includes: nis, nisplus, files, db, dns and compat. The action specifies the action to take for a specific service

  • files: checks corresponding /etc file for the configuration
  • db: checks corresponding /var/db databases for the configuration, valid for all except netgroup
  • compat: valid only for passwd, group and shadow files
  • dns: checks the DNS service, valid only for hosts file
  • nis: checks the NIS, valid for all files
  • nisplus: NIS version 3
  • hesoid: Uses hesoid for lookup

History

Initially, in the late 1960s, Jon Postel kept the records kept on a floppy disk. By 1998, as he and others pointed out that just one person shouldn't hold such a significant amount of power. The U.S. Department of Commerce lays out a plan to transition control to a new private nonprofit organization, the Internet Corporation for Assigned Names and Numbers (ICANN) under a contract to manage internet addresses around the world. In 2016, after the expiry of the same, governance shifted to a board of representatives from more than 100 countries.