| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
DNS Name Space Administrative Hierarchy Partitioning: DNS Zones of Authority (Page 2 of 3) DNS Zones of Authority DNS is specifically designed to allow these divisions between the name hierarchy and the authority structure to be created. The complete DNS name structure is divided by making cuts (as the standard calls them) between adjacent nodes to create groups of contiguous nodes in the structure. Each group is called a zone of authority, or more commonly, just a zone. Each zone is usually identified by the domain name of the highest-level node in the zone, that is, the one closest to the root. The zones in DNS are by definition non-overlappingevery domain or subdomain is in exactly one zone. The division of the name space into zones can be made in an arbitrary way. At one extreme, we could place a cut between every node, and thereby divide the entire name space so each domain (and subdomain, etc.) was a separate zone. If we did this, the name hierarchy and authority hierarchy would indeed be the same for the entire DNS tree. At the other end of the scale, we could use no cuts at all, defining a single zone encompassing the entire DNS structure. This would mean the root was the authority for the entire tree. Of course in practice, neither of these is particularly useful, as neither really reflects how the real-world administration of DNS works. Instead, we generally divide the name structure in a variety of places depending on the needs of different parts of the name space. There are many cases where we might want to create a subdomain that is responsible for its own DNS server operation; there are others where we might not want to do that. The significance of a cut in the name hierarchy is that making such a cut represents, in essence, a declaration of DNS independence by the node below the cut from the one above the cut. Returning to our example, if googleplex.edu is in charge of its own DNS servers, then there would be a cut in the name space between googleplex.edu and .EDU at the next higher level. This means that the DNS server for .EDU is no longer in charge of DNS for the googleplex.edu domain; instead, either the University itself or someone they hire as a third party must provide DNS for it. In this case, we are assuming Googleplex U. themselves run their own DNS. Without making any other cuts, the googleplex.edu domain would be a single zone containing everything below that name, including both finearts.googleplex.edu and compsci.googleplex.edu. In our example, however, we would make another cut, between googleplex.edu and compsci.googleplex.edu. This in effect liberates compsci.googleplex.edu, allowing its administrators to be in charge of their own DNS server. In so doing, we end up with two distinct zones: one encompassing googleplex.edu, finearts.googleplex.edu and admin.googleplex.edu (and everything underneath them) and another for compsci.googleplex.edu (and everything below it). This is illustrated in Figure 240.
Home - Table Of Contents - Contact Us The TCP/IP Guide (http://www.TCPIPGuide.com) Version 3.0 - Version Date: September 20, 2005 © Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. |