ITD Home

Groups & Services

A-Z Index

Unix Services

Homepage

Contact Us

General Information

Helpdesk

FAQs

BNL Site Index

Need Help

Helpdesk Homepage Call the Helpdesk for 24x7 support
Bus: 631.344.5522
Fax: 631-344-2140
Email: itdhelp@bnl.gov

Unix Services

Domain Name Service (DNS)

Top of Page DNS Services at BNL

DNS (Domain Name System) is an Internet protocol which maps names to IP addresses and IP addresses to names. It is a distributed, hierarchical naming system for resources on the Internet.

DNS services for the Lab are administered by a coordination of ITD Networking and Unix services. They provide core infrastructure functions on a Lab-wide scale. Our DNS system provides service for the domains BNL.GOV, BNL.LOCAL, BNL.ORG, USATLAS.ORG, NSS-MIC.ORG, and TERAPATHS.ORG.

Each of the network distribution layers within BNL are assigned a pair of name servers. This is to provide redundancy and better performance for properly configured clients.

Every IP address within our network must have an associated name with it.

Top of Page DNS or IP Service Requests

To request IP addresses or changes to DNS entries http://info.itd.bnl.gov/ipreg or you can open a ticket with the ITD Help Desk at x5522 (or email itdhelp@bnl.gov).

Top of Page Domain Name System Security Extensions (DNSSEC)

The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backwards compatibility.

DNSSEC is a set of extensions to DNS which uses public-key cryptography to provide:

  • Origin authentication of DNS data
  • Data integrity
  • Authenticated denial of existence
  • Message authentication and integrity verification through cryptographic signatures.

DNSSEC will help prevent attacks such as:

  • DNS Cache Poisoning
  • Forgery: respond before the intended nameserver
  • Redirection of a domain's nameserver
  • Redirection of NS records to another target domain
  • DNS Hijacking
  • Response to non-existent domains
  • Rogue DNS servers

Top of Page What DNSSEC does not provide

  • DNSSEC does not provide confidentiality of data.
  • DNSSEC does not provide protection against Distributed Denial of Service (DDoS) attacks.

Top of Page DNSSEC at BNL

As of late October 2009, the BNL.GOV zone has been signed.  This met a Department of Energy mandate for any zones under .gov to use DNSSEC by 2010.

Top of PageLast Modified: February 14, 2011

To reach ITD Unix Services for any support issues, please contact the ITD Helpdesk via email (itdhelp@bnl.gov) or call x5522.  In any communications, please include the name of the machine(s) in question, as well as their operating system, software package and other relevant information which will allow ITD to help you more effectively.