Domain Name Service (DNS)
DNS (Domain Name System) is an Internet protocol which maps names to IP addresses and IP addresses to names. It is a distributed, hierarchical naming system for resources on the Internet.
DNS services for the Lab are administered by a coordination of ITD Networking and Unix services. They provide core infrastructure functions on a Lab-wide scale. Our DNS system provides service for the domains BNL.GOV, BNL.LOCAL, BNL.ORG, USATLAS.ORG, NSS-MIC.ORG, and TERAPATHS.ORG.
Each of the network distribution layers within BNL are assigned a pair of name servers. This is to provide redundancy and better performance for properly configured clients.
Every IP address within our network must have an associated name with it.
The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backwards compatibility.
DNSSEC is a set of extensions to DNS which uses public-key cryptography to provide:
DNSSEC will help prevent attacks such as:
As of late October 2009, the BNL.GOV zone has been signed. This met a Department of Energy mandate for any zones under .gov to use DNSSEC by 2010.
To reach ITD Unix Services for any support issues, please contact the ITD Helpdesk via email (firstname.lastname@example.org) or call x5522. In any communications, please include the name of the machine(s) in question, as well as their operating system, software package and other relevant information which will allow ITD to help you more effectively.