Thanks for the feedback. I have a lot more learning ahead. I will try to concisely post questions, only when needed, in future. I appreciate your collective help.
Sincerely, Joseph 23 Nov 2020, 10:14 am by [email protected]: > On Mon, 23 Nov 2020 09:20:57 -0500 (EST) > "D. Hugh Redelmeier via talk" <[email protected]> wrote: > >> I have no time for a careful answer. But it is important that you >> understand these points: >> > I can also spend a few minutes to add to the points below, if > that helps anyone... > >> - DNS is a distributed tree, with nodes that are authoritative for >> particular domains. >> > Yes, and not at all - names = not so much, possibly, a little like a > one or two branch tree - Numbers = always four or six "branches" > > DNS is mostly a fixed single easy thing. (although you do get weird > 'trees' like de.li.cio.us (or whatever that was) > > For names it could resemble a tree with one sometimes two or thee > branches, hardly ever more than that... (in theory it could have > millions of branches - but IRL (in real life) two or three... > > An example - would be example.com > .com says which NS server(s) is/are authorative for example > > That NS server(s) may further say where is www.example.com > > but not often do you find www.www.www.www.example.com > (although you could, in theory, have a "tree", I guess...) > > for numbers though, the delegation is only 4 "branches" deep for ipv4 > and 6 "branches" deep for ipv6 - unless you count the main .in-addr.arpa > as another two? > > So, DNS may be a bit like a very small bonsai? hehehehe > > >> - there is caching (recursive servers) if you trust them (almost >> always one does). Unless you are using DNSSec, the caching server >> can lie, sometimes usefully. >> >> - the forward domain is technically unrelated to the reverse domain. >> > yes, reverse and forward lookup is not related, but when they match, as > in for use as an email server, this is another layer in the onion of > trust. > > and, technically - it is ALL forward lookups (even a reverse lookup :) > the 'reverse' is actually you/inquirer 'reversing' the number and > adding .in-addr.arpa ) > >> The forward domain lookup uses a conventional domain name as the >> key. >> > > You can have 192.168.1.100.com - so the only 'convention' is that > forward and reverse both has 'sub domains' > > it is all really 'forward' lookups :) > > forward works from the back > 123 -> com for 123.com > > reverse works by "reversing the number" and adding .in-addr.arpa > > 192.168.1.1 -> 192 for 168 > so: 1.2.168.192.in-addr.arpa > > for example: dig NS 136.100.in-addr.arpa tells you how 136.100 is > delegated, etc etc. > >> The reverse lookup uses the IP address (in a funny format) as the >> key. >> > not so funny, just the normal ip number format > > but the reverse is from the start of the number and not the end > >> - Reverse example: to lookup the reverse for IPv4 address 1.2.3.4, >> your system actually queries 4.3.2.1.in-addr.arpa. I think you can >> see how that is constructed. >> > yes, this is all it is :) > >> - the reverse domain is a mystery to most people (because it mostly >> doesn't matter to most users). If you run a mail server, it does >> matter. >> - whoever provided you with your IP address controls the reverse >> domain for that IP address. Generally, if you pay for a static IP >> address, they will let you specify what you want them to put in the >> reverse domain for that IP address. Most ordinary consumers don't >> have static addresses and are not given a say in what the reverse >> says. >> > if whomever provided you with the number did not hijack it from > somewhere and it is in fact properly delegated, then they could, in > their own auth NS, add whatever 'name' you like to the IP number :) > >> - if your provider provides you with a CIDR of network addresses, >> static, they may delegate the reverse domain for that CIDR to a DNS >> of your choosing. This is not the normal home case. >> > > --- > Post to this mailing list [email protected] > Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk >
--- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
