First of all,

the rule of thumb (Best Current Practice) of maintaining a DNS, is to contact someone who understands DNS! Unfortunately, not many local network administrators understand DNS too well. Fortunately, even a not-so-well configured DNS will work without significant problems (most of the time :-).

OK, that is it! Contact (and contract :-) someone who understands DNS! Therefore, you might want to stop (reading this page) here! But if you still insist, you might want to visit several DNS related webpages, including these following sections that are recommended by the DNS Resources Directory http://www.dns.net/dnsrd/ :

• comp.protocols.tcp-ip.domains: Frequently Asked Questions with answers,
• documents -- including RFCs,
• BIND documentation from the Internet Software Consortium.
• 14 recommended books,
• how to register a DNS, and
• Top Level Domains.
• Dullatip's home-brew-page has some configuration examples.

Also, you may want to visit "Ask Mr. DNS" at ACME Byte and Wire. But remember, there is no fast way to understand DNS; you may need hours to digest those websites. Well, read on...

So what the heck is a DNS? It is basically a hierarchical distributed database system, which translates a domain name (e.g. www.vlsm.org) into a unique IP address (e.g. 207.106.122.248) and vice versa. It is so distributed that someone easily can get lost! The TOP level of this hierarchy is called the "root" which is administrated by IANA or perhaps ICANN. Under the root, there are the Top Level Domains (TLDs), like "edu" (Education), "net" (Network), "org" (Organization), "com" (Commercial), "id" (Indonesia), etc. These top level domains are maintained by domain registries.

Under a top level domain are second level domains. For example, the second level domain "webindonesia.com" is under top level domain is ".com" (dot com). There are several tricks to find out who "owns" (maintains?) which domain. Let's find out who is in charge of "webindonesia.com". For second level domains in ".com", ".edu", ".net", and ".org", we can query the whois database (but until when?). The standard Unix query command is (all in lower cases):

	% whois webindonesia.com

The result of that query will look somewhat like this following:

Registrant:
   International Web Services, Inc (WEBINDONESIA2-DOM)
   9435 Vernon Drive
   Great Falls, VA 22066
   US

   Domain Name: WEBINDONESIA.COM

   Administrative Contact, Technical Contact, Zone Contact:
      Larry, Louis  (LL2016)  louis@WEBINDONESIA.COM
   Billing Contact:
      Billing, WebIndonesia  (BW3-ORG)  billing@WEBINDONESIA.COM

   Domain servers in listed order:
   NS1.REGEX.COM                207.106.122.3
   NS2.REGEX.COM                207.106.122.4
   KEDIRI.WEBINDONESIA.COM      209.106.122.14

Each domain can have multiple contacts, i.e.: Administrative Contact, Technical Contact, Zone Contact, and Billing Contact. In this example, the contact's NIC-HANDLE for administrative, zone, technical is LL2016 ; whereas the billing contact is BW3-ORG . To get more information about NIC-Handles, use the same query command, viz.:

	% whois ll2016
	% whois bw3-org

RECOMMENDATION #1

The zone / technical contact should be in charge for the technical aspect of the DNS operation. In case the administrative / billing contact does not understand DNS, the zone/ technical contact should be delegated to someone that understands DNS.

RECOMMENDATION #2

Any issue that is related to DNS, should be reported to the administrative / billing contact. However, any real setup should be done and coordinated by the zone / technical contact.

RECOMMENDATION #3

The zone / technical contact should make sure that the system works properly.

A zone (e.q. "webindonesia.com") is usually served by more than one name servers (NS). A NS with the master record will be called as primary server. Each other NS will have a copy of the primary, and will be called as secondaries. ALL NS, however, are equal, in the sense of getting external queries. This is somewhat confusing, because it is commonly assumed that the primary server is the one which gets more queries.

Each NS will have the complete zone information including a list of how many NSs themselves. From the whois webindonesia.com query above, we also get a list of which NSs that are supposed to have the whole zone information. The order of the NS are:

• NS1.REGEX.COM (IP address 207.106.122.3)
• NS2.REGEX.COM (IP address 207.106.122.4)
• KEDIRI.WEBINDONESIA.COM (IP address 207.106.122.14)

Caution:

The whois database contains information about where the name servers information are supposed to be. However, this is neither a warranty that the name servers exists, nor a warranty that the name servers have been configured properly. This is one of the most confusing problem of DNS! As I have mentioned, this is one of the most confusing problem of DNS! Have I mentioned, that this is one of the most confusing problem of DNS?

RECOMMENDATION #4

Regularly, a common DNS utility like DNSWalk should be performed for sanity check. Occasionally, each name server should be checked manually (nslookup, or dig) for consistency check.

1. ) This short essay is dedicated to Sanjay H. Pathak in Mumbai, IN and Christopher J.S. Vance. Sanjay gave me a brief "DNS-101" introduction in Mumbai (1993). Then, Christopher enhanced my DNS knowledge in Canberra (1994).