What is DNS?

What is DNS?
DNS stands for Domain Name System. You see, humans understand words and numbers, however, computers understand one’s and zero’s. The next quote is a technical explanation,  “DNS is the mechanism that translates Internet domain names, such as example.com, into IP addresses, such as 192.168.0.2.” In other words, DNS is the white pages of the internet, it translates our human words into 1′s and 0′s the computers language.

When you type the website address of example.com into the browser window, the computer knows that you want to go to the IP address of 192.168.0.2, because of DNS. You then expect to see a website in your browser window. This website is downloaded from a server. How does your computer and the internet know that it should download that particular website from that particular server? The answer is two fold; first, there is a a network layer of the Internet that uses one or more IP addresses to identify each server; the second, is DNS allows websites to be mapped to those IP addresses, so that when a particular website is requested, the right IP address is recovered, and the right server is asked for the correct website files.

DNS is maintained by special servers called nameservers, Servers of Authority, or SOA for short. Nameservers contain a zone file for each website or domain. The zone file lists the IP addresses that each website or domain uses for web requests, sub-domains, email, etc. Yes, I’m sorry that some of that language got out of hand, but I’ll will go over it all soon enough. A nameserver is like our phone book for your website or domain, where the IP address is your phone number. The zone file is like the actual printed listing in the phone book. Today I’d like to dissect a DNS Zone File so as to provide a better understanding of DNS and how DNS works.

Zone files consist of comments, directives and resource records. Comments start with ‘;’ (semicolon) and are assumed to continue to the end of the line. Comments can occupy a whole line or part of a line. Directives start with ‘$’ and are standardized, like  $ORIGIN  and $TTL. There are a number of Resource Record (RR) types such as, A records, NS records, and SOA records. There are many more.
The window below is an example of a very generic DNS zone file.

(Sorry about the formatting)

$TTL 86400 ; 24 hours could have been written as 24h or 1d
$ORIGIN example.com.
@ 1D IN SOA ns1.example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ IN NS ns1.example.com. ; in the domain
@ IN NS ns2.example.com. ;
@ IN MX 10 mail.example.com. ; internal mail provider
ns1 IN A 192.168.0.1 ;name server definition
www IN A 192.168.0.2 ;web server definition
mail IN A 192.168.0.2 ; internal mail address

We are just going to go down the line.

TTL or Time To Live, in the DNS context defines the duration in seconds that the resource record may be cached. The units used are seconds. A common TTL value for DNS is 86400 seconds, which is 24 hours. A TTL value of 86400 would mean that if a DNS record was changed, DNS servers around the world could still be showing the old value from their cache for up to 24 hours after the change.

Origin is a directive, this is the domain for which the zone file “originates” from. The origin is replaced by the “@” symbol in  a resource record or can also be left blank.

Now we come to our first resource record, the SOA or Server of Authority. This record must always come first and is the most important. The SOA specifies authoritative information, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. In our example, the @ replaces the domain named by the origin directive, our TTL is 1 day, and the resource class is the internet (IN). Our type is SOA and ns1.example.com is our primary name server. The email address of the person responsible for this zone and to which email may be sent to report errors or problems, hostmaster@example.com. The serial number is defined to be a 10 digit field. This value MUST increment when any resource record in the zone file is updated. Slave DNS servers compare this number to a number they saved for the resource record and decides whether it updates the record or not. The convention is to use a date based serial number value to simplify the task of incrementing, the most popular convention being yyyymmddss where yyyy = year, mm = month and dd = day ss = a sequence number in case you update it more than once in the day. “refresh” indicates the time when the slave will try to refresh the zone from the master by reading the master DNS SOA resource record. “retry” defines the time between retries if the slave (secondary) fails to contact the master when refresh” (above) has expired. “expiry” indicates when the zone data is no longer authoritative. Used by slave or (secondary) servers only. “minimum” is the negative caching time – the time a NAME ERROR = NXDOMAIN result may be cached by any resolver. Now we’re on to the rest of the resource records.

Your first resource record after the SOA record should always be your NS record or nameserver. In my example here, our nameserver is the domain for the Zone File, that is not always the case. You will see later, a Zone File for a domain using a Master domain to control or handle DNS. The next record is the NS record for the secondary nameserver, it can be the same or an external nameserver. A few records below you can see there is a corresponding A record that associates the nameserver domain to an IP address. You can see the mistake I made here, by not including an A record for the secondary nameserver, ns2.example.com. Now lets read the records, the “@” we know stands for the origin, example.com in our example, the IN is the class which stands for internet protocol. There are other classes but they are antiquated, I don’t think anyone uses them, but I could be mistaken. NS is for nameserver, then we have the nameservers domain name, same for the secondary nameservers record. We’ll skip the MX record for now, but note the origin resolves to a sub-domain, mail.example.com, and that sub-domain has a corresponding A record. The first A record resolves the primary nameserver to the IP address of 192.168.0.1. Remember our “White Pages” analogy, the IP is the “computer” address for the domain or human readable address. You could also go as far to say that the IP address for the nameserver domain is the IP address of the physical server, as well. The next A record is that for our actual website, www.example.com. WWW here is a subdomain of example.com. You could also include an A record for just example.com without the WWW. When you type www.example.com in your browser this DNS record tells you the IP address of the web server, 192.168.0.2.  Then last, but not least our mail records A record that resolves the mail servers IP address to 192.168.0.2.

That was a lot to digest. I think my next post will be about setting up Google Apps to work with your website.

(ve) Project: LNMP (Linux Nginx MySQL PHP-FPM)

NginX

As you know, I work for (mt) Media Temple, a great web hosting company. Recently, I procured a (ve) 512 MB server to practice some server administrator tasks. I was looking for a project to really challenge me so I decided to provision a VPS and is as bare-bones as a VPS gets. My server came as a completely raw system with nothing installed but the operating system. No users except the root user, making it somewhat of a true VPS, for me to make whatever I want of it.

So for my challenge I decided to install a LNMP stack: Linux, Nginx, MySql, and PHP-FPM. At the time, I chose PHP-FPM over PHP. I wanted to do something I had very little knowledge about. I started using a few guides from several websites and Wiki’s. So I was able to limp this project along over the span of a few days and frustrations. I had seen a video from WordPress WordCamp 2011 where a co-worker held a presentation about Nginx(engine-X) as a web server, as apposed to a resource intensive Apache configuration. I only had a 512MB server, therefore, I didn’t want any rolling memory binges.

Having not that much knowledge of the differences between Apache and Nginx, I read that Nginx is significantly stripped down, in comparison to Apache. Nginx, which is asynchronous, keeps a low and steady memory-footprint — regardless of traffic . I was able to find plenty of articles, documentation, forums, and Wiki’s to assist me. I have a basic understanding of Linux, and I can use the command line. Nano/vim are my preferred command-line text editors, and I know how to SSH to a bash shell from a remote system using the Terminal application, on my MacBook Pro. I decided not to setup mail on my server, as it’s a hassle and can suck resources. Instead I’m going to setup Google Apps to handle my mail. (Post on that to follow later.)

I went with Ubuntu 10.04 LTS Lucid, as it’s an easy to use Linux distribution, and has a strong community following. LTS has more stable packages, and 10.04 includes the most recent software versions. So I started out with a fresh OS install and a root login. First thing I had to do was secure my server and create an administrator user. I gave my user sudo access, I didn’t disable root access till after I finished my task. I waited until the end of the config, in the small chance that I had to use root for some reason. Good thing, because I did. For security reasons, my (ve) server’s /tmp and /var/tmp directories are mounted as nonexec. However, this causes issues with apt-get/aptitude, as it uses /tmp as a “temporary” directory to pre-install scripts. To resolve this issue, I configured apt to not use /tmp and use /var/local/tmp instead. (I needed root to have permissions to write to the apt configuration directory) I could then update Unbuntu with apt-get. I then began to secure my server.


root@ve:~# adduser jabo
root@ve:~# visudo
jabo@ve:~$ sudo apt-get update
jabo@ve:~$ sudo apt-get -u upgrade

Once done, I installed Nginx using apt-get. Restarted, with no errors. I then checked my IP address and I got the happy Nginx ‘Welcome Page.’ Next, I had to prepare the web directory where my sites would be served from. Then add them to the www-data group, as well as my administrator user. I setup the Virtual Hosting of two more domains in Nginx. I then created a virtual host file for Nginx in the sites-available directory, essentially telling Nginx what ports to server traffic and the location of log files for each domain. Restarted Nginx again, and no errors. On to ‘M,’ for MySQL.


jabo@ve:~$ sudo apt-get install nginx
jabo@ve:~$ sudo /etc/init.d/nginx start
jabo@ve:~$ sudo usermod -a -G www-data user1
jabo@ve:~$ sudo chown -R www-data:www-data /var/www
jabo@ve:~$ sudo chmod -R 775 /var/www

MySQL is easy. With Apt-get of MySQL, all I had to do was configure a root user and password. I also created two database users and two databases for my later install of WordPress. PHP was not so easy.


jabo@ve:/var/www$ sudo apt-get install mysql-server php5-mysql mysql-client

In my subconscious, I understood PHP-FPM to mean that I needed to install PHP first, then the PHP-FPM module. This is wrong. With a scratch install you should just go straight to PHP-FPM. I reinstalled my server three times, and changed operating systems. Luckily, I had made back-ups of all the configuration files, so the reinstall, or reverting my server back to default, was painless. Finally, I got it figured out and got the PHP5-FPM service to restart without any errors!


jabo@ve:/var/www$ sudo aptitude install python-software-properties
jabo@ve:/var/www$ sudo add-apt-repository ppa:brianmercer/php
jabo@ve:/var/www$ sudo aptitude -y update
jabo@ve:/var/www$ sudo aptitude -y install php5-cli php5-common php5-mysql php5-suhosin php5-gd
jabo@ve:/var/www$ sudo aptitude -y install php5-fpm php5-cgi php-pear php5-memcache php-apc
jabo@ve:/var/www$ sudo service php5-fpm start

The last step in the whole process was to install WordPress and configure it to talk with the MySQL databases I had created earlier for my domains. After that I did a little bit of Nginx and MySQL tuning. However, I’m leaving that for a later post because I have had my fill of “geek-speak” for the evening. Please enjoy the new domain I created, .

Update: This Blog and the rest of jabokevin.net are running on my (ve) 512MB Server.

Launch Day is here!

I launched my website today. Took a week to edit all the files, establish the portal structure, secure my server, and create a blog. I’m still missing my contact page and Gallery, but those pages can wait. I got the essentials. Plus I ran into an issue with the contact form script and I think I’m going to start over. The Gallery just needs pictures. So, at the moment I’m amassing as many web friendly photographs I can find, edit them, and FTP them to my server. Once done I can create the Gallery with SimpleViewer.

I’m using (mt) Media Temple (dv) Dedicated-Virtual Server to power both my site and Blog. My (dv) Dedicated-Virtual Servers is powered by a Hewlett-Packard Proliant DL-Series machines featuring multi-core Intel Xeon processors and high-performance SCSI/SAS disk drives in a RAID-5 configuration. Currently WordPress CMS software runs my Blog. If your interested in a website, hosting, a blog, drop me a line at jabo@jabokevin.net.

Making ground beef Burritos tonight for dinner. Yum! Seasoned with my special “taco” seasoning.

Please, take a look around. Leave a comment. “Kick the tires and Light the Fires” if you will.

jabo

New Day

Today is a new day. Work flew by, I did some great work on my site, and even exercised (little as it was).  I’m using this new app called “RunKeeper,” it’s pretty easy to use and lets you track stats for a different activities; running, jumping, climbing trees, etc. This is going to be fun.

Guess what tomorrow is …?

A new Day.

Hello world!

Welcome to My Blog. This is my first post. I uploaded a bunch of Plugins to test the optimization of my Server. I work in the I.T. industry as a Customer Service Agent. I feel like I should tell you more about myself, but then you wouldn’t come back….

Stay tuned for Updates to myHome Page

Jabo

Return top