| Reverse queries | ||
|---|---|---|
|
Chapter 2. Berkley Internet Name Daemons (BIND) |  |
| Reverse queries | ||
|---|---|---|
|
|
Chapter 2. Berkley Internet Name Daemons (BIND) | |
we've discussed the forward query process where the names are converted into IP addresses.
we've still not discussed the reverse process - that of converting IP addresses back into names. Why would we need this functionality? Well, in the simplest case, we may wish to record in the log files of our web server, the names of the hosts that are visiting our webcam site.
Since the Internet only really talks at the network layer, the web server will only get 'hits' from an IP address. This is not very handy for the poor web administrator. She'll simply have to give her boss a list of IP addresses of the hosts that visited, with little or no knowledge of where those visitors came from.
With reverse DNS mapping, the web server could simply look up the name of the visiting IP address and replace the IP by the name in its log files.
This would make reporting a whole lot easier and provide valuable information. let's use dig again, this time to convert an IP address into a name.
Reverse mapping is similar to name to IP mapping described above, except for the following differences:
The first tier domain is arpa, short for the Advanced Research Projects Agency, the people responsible for first conceiving and building the Internet.
The second tier domain is in-addr, short for Internet Address (IP address is the term we've used till now)
Consider the IP address 196.25.102.2.
Here there is a host ".2" on a network "196.25.102". As before, the 196.25.102 is the least specific entry in this tree (there could in fact be many hosts on this network), while the most specific entry would be the host address ".2".
Refer to the Figure 2.6.
As before, we can reverse map this using the dig command.
Begin by typing:
dig in-addr.arpa NS
|
which, should return all the root servers:
;; ANSWER SECTION:
in-addr.arpa. 84974 IN NS M.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS A.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS B.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS C.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS D.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS E.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS F.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS G.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS H.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS I.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS K.ROOT-SERVERS.NET.
in-addr.arpa. 84974 IN NS L.ROOT-SERVERS.NET.
|
Notice that they (the root servers) all know about the in-addr.arpa domain, and so they should!
Now try:
dig 196.in-addr.arpa NS
|
which, should yield:
;; ANSWER SECTION:
196.in-addr.arpa. 84987 IN NS henna.ARIN.NET.
196.in-addr.arpa. 84987 IN NS indigo.ARIN.NET.
196.in-addr.arpa. 84987 IN NS epazote.ARIN.NET.
196.in-addr.arpa. 84987 IN NS figwort.ARIN.NET.
196.in-addr.arpa. 84987 IN NS ginseng.ARIN.NET.
196.in-addr.arpa. 84987 IN NS chia.ARIN.NET.
196.in-addr.arpa. 84987 IN NS dill.ARIN.NET.
|
And again:
dig 25.196.in-addr.arpa NS
|
yielding:
;; ANSWER SECTION:
25.196.in-addr.arpa. 74403 IN NS igubu.saix.net.
25.196.in-addr.arpa. 74403 IN NS sangoma.saix.net.
|
And again:
dig 102.25.196.in-addr.arpa NS
|
yields:
;; ANSWER SECTION:
102.25.196.in-addr.arpa. 31112 IN NS \
quartz.mindspring.co.za.
102.25.196.in-addr.arpa. 31112 IN NS \
agate.mindspring.co.za.
|
Finally,
dig 2.102.25.196.in-addr.arpa PTR
|
yields:
;; ANSWER SECTION:
2.102.25.196.in-addr.arpa. 42951 IN PTR \
quartz.mindspring.co.za.
|
Why did we write the IP address in reverse here?
Well, it was not really in reverse, it followed the same convention as with the name, using the most-specific part of the name first, and the least specific part at the end (www.QEDux.co.za). Referring to figure 5 again, you've just done a similar thing as with the name, only now using the IP address and ending the name with "in-addr"."arpa".""
|
|
 |
|
| Caching replies |  |
Masters and slaves |
