Overview: DNS
Hosts on the Internet are identified by their IP address. However, it would be impossible for a human to remember the IP addresses of the all the hosts they communicate with on a regular basis. In order for humans to more easily specify hosts, the domain name system (DNS) enables a domain name to be associated with a host. A fully-qualified domain name is a period-delimited list of labels, strings of (usually) alphanumeric characters, followed by another period. For instance, www.example.com. is a domain name containing the labels www, example, and com. A domain is the abstract object identified by a domain name. A domain name that is associated with a host is often called a hostname. Many domain names, like com. and org., are not associated with hosts.
Domains are organized hierarchically in a tree structure. It can be thought of as a reverse trie organized by label, not character. The root domain, named ., is the root of the tree. All other domains are descendants of the root domain. The name of a child domain is formed by prepending a single label to the name of its parent. Thus, the domain a.foo. may have children x.a.foo. and y.a.foo. but not foo. or z.b.foo.. Children of the root domain are referred to as top-level domains (TLDs). Examples include com., org., and uk..
It can be convenient to specify domain names relative to some parent domain. For instance, within the subtree starting at example.com., the relative domain name www can be used to refer to www.example.com.. Relative names never end in a period, since that is the mark of a fully-qualified name. The final period in a fully-qualified domain name is usually omitted, but context usually make it clear whether the domain is relative or fully-qualified.
Data about a domain is contained within resource records (also called DNS records). A record is associated with a domain and describes some aspect of it. For example, an A (address) record contains the IPv4 address to which that domain name corresponds.
A DNS server can be authoritative for a collection of domains, which means that it is the official source of information about them. A zone is a connected section of the DNS tree under the authority of a single DNS server. A zone begins at an SOA (start of authority) record on its topmost domain and ends where other zones start.
Cyder's terminology differs somewhat from the standards documents on which its object model is based. This section attempts to disambiguate a term if its common usage differs from Cyder's usage.
Most DNS records correspond to a Cyder model with the same name. The exception is AddressRecord, which represents either an A or an AAAA record (depending on the value of the ip_type field) together with a PTR record.
A Cyder container is used to restrict the creation, modification, and deletion of certain objects. A container can have zero or more users, and a user can be in zero or more containers. A container is related to zero or more Domain objects.
A Cyder Domain object corresponds to a DNS domain. It stores a foreign key to its parent domain (master_domain) to facilitate tree traversal.
A leaf domain (one with no children) does not need a Domain object, but all other domains do. This is a side-effect of the Cyder permission system. The Cyder models AddressRecord, CNAME, MX, SRV, SSHFP, and TXT each have a label string field and a domain foreign key field to the Domain model. If an object's label field is not blank, it contains the first label of the object's DNS domain and the domain field points to the parent Domain; in this case, the object's DNS domain does not exist as a Domain object. For instance, if a record has a label field of foo and a domain field of bar.qux, its actual DNS domain is foo.bar.qux. If an object's label field is empty, its domain is the same as its domain field. So, if a record has an empty label field and a domain field of asdf.ghjk, then its DNS domain is asdf.ghjk. The models mentioned also have an fqdn field, which holds an object's DNS domain name.
In general, to be able to create, modify, or delete an AddressRecord, CNAME, MX, SRV, SSHFP, or TXT object, a user must be a member of the container to which the object's domain belongs.
To allow for round-robin DNS, it's permitted for multiple AddressRecord objects to have the same name and different IPs, in which case each AddressRecord will generate its own A/AAAA record.
- RFC 1034
- RFC 1035