Linux Training

Linux training for private, public & voluntary sector.

0800 024 8425

City LinUX Training Courses

Section 19.


"The Domain Name Server (DNS) is the Achilles heel of the Web. The important thing is that it’s managed responsibly."

Tim Berners Lee - Weaving the Web.

19. Hostnames & hostname resolution.

In order to communicate with a remote device across a TCP/IP network a host must be able to obtain the remote device’s IP address. In TCP/IP version 4 the address consists of 4 binary octets. This is represented as four decimal numbers separated by period (.) or dot. To make it easier to find and remember the IPv4 address we can map symbolic names to the IP address.

In UNIX and Linux this can be done with a simple text file /etc/hosts.

This file is created when the system is installed and at a minimum should contain the local host name and the loopback address.

sa101$ cat /etc/hosts
# hosts        This file describes a number of hostname-to-address
#         mappings for the TCP/IP subsystem.  It is mostly
#         used at boot time, when no name servers are running.
#         On small systems, this file can be used instead of a
#         "named" name server.  Just add the names, addresses
#         and any aliases to this file...
# By the way, Arnt Gulbrandsen <> says that
# should NEVER be named with the name of the machine.  It causes problems
# for some (stupid) programs, irc and reputedly talk. :^)

# For loopbacking.
# This next entry is technically wrong, but good enough to get TCP/IP apps
# to quit complaining that they can’t verify the hostname on a loopback-only
# Linux box. localhost aog qsi dan

# End of hosts.

A data entry is made for each host. The entry consists of a single line with a minimum of 2 fields separated by white space.

Any text following the hash character (#) is ignored.

Host names must start with an alphabetic character. The final character must be alphanumeric. The other characters may be alphanumeric a minus (-) or a dot (.).

The symbolic name first enumerated in the record is the canonical name. Subsequent names are aliases.

Traditionally the domain name was not included in the /etc/hosts file as this could be obtained elsewhere but it is increasingly common practice to include the local, network information service (nis), or domain name system (DNS) domain as part of the canonical name.

19.1. Good practice.

The canonical name should be chosen to identify the host itself. This name should remain with the piece of kit throughout it’s service life.

The aliases can then be used as functional names which can then be transferred to any other host as services require.

19.2. Example.

Suppose we have an host with the canonical name "caswallon" that is configured as a network file server providing the disk space for production users home directories.  caswallon nfs01     home

For reasons of space or following an office relocation we might want to move production users home directories to another server.  ambrosius nfs02     home-prod

Ambrosius is to be upgraded so temporarily we move home-prod back to caswallon.  caswallon nfs01     home home-prod

The host table can be used as a quick fix to access hosts anywhere on the internet that for one reason or another are not resolvable through other means or for which you need a shorter alias.

Be warned however that having multiple systems administrators modifying local hosts tables on non-exclusive boxes can wreak havoc.

19.3. Exercise

Find the IPv4 address of each host in the training room and extend your local host table with the address and canonical name of each host.

Set some aliases for each host perhaps starting by using the primary users name eg. john, colin etc.

Experiment with moving aliases around to other hosts. After each change check that the new name resolves correctly by using ping and ssh.

19.4. DNS Resolver

The internet domain name system (DNS) resolver is implemented in set of C library routines.

Configuration is simple. By editing the configuration file /etc/resolv.conf we can set the DNS servers to be used and the order in which domains are searched.

sa101$ sudo vi /etc/resolv.conf

The limit on the search path for domains is currently 255 characters and a total of 6 domains.

If no domain is set, the resolver obtains the local fully qualified domain name and sets the search path by removing the characters up to and including the first dot (.).

Testing the domainname set does get confusing. There are 5 well known commands

sa101$ hostname -d
sa101$ domainname
sa101$ nisdomainname
sa101$ ypdomainname
sa101$ dnsdomainame

but all of them are now usually symbolic links to hostname.

The command hostname -d returns the dns domainname if set, as does dnsdomainname The remaining 3 return the nis or yellow pages domainname if set. There are however 2 other files that come into play /etc/host.conf and /etc/nsswitch.conf

19.5. Examples

sa101$ sudo bash
sa101$ cat /etc/resolv.conf

sa101$ cat /etc/host.conf
order bind, hosts
multi on

sa101$ grep hosts /etc/nsswitch.conf
hosts:    dns files

The file /etc/hosts.conf is specific to the resolver whereas /etc/nsswitch.conf informs various functions in the C library. This follows a method created by Sun MicroSystems in Solaris 2.

Before configuring and testing hostname resolution stop the cache daemon nscd.

19.6. NIS / NIS+

The Network Information Service (nis), was created by Sun MicroSystems as a directory service protocol to distribute configuration data across a network. The service allows any host attached to a subnet to resolve hostnames, look up ip addresses, check user names and passwords and netgroup membership by making rpc calls to the nis server. (The commands commence with yp e.g. yppasswd) as initially the service was called yellow pages.

The system had security vulnerabilities and did not scale for very, very large installations as the complete table was returned to the calling host.

Sun developed a replacement service NIS+ which addressed these problems but at a cost of much greater complexity in configuration and management. As a consequence NIS+ has never been widely adopted.

19.7. LDAP and Kerberos

Kerberos was developed by the Massachusetts Institute of technology to provide a mechanism for strong authentication and authorisation of applications in a networked client server environment.

The protocol was adopted and then changed by Microsoft.

19.8. Exercises.

Install the rpc port mapper.

Find a nis installation and configuration guide and install nis for passwords, hosts and mail aliases.

19.9. Domain Name System.

DNS server configuration is available as a separate training module. Over the years as functionality and security have been added configuration has become something of an art.

Configuration is normally done through /etc/named.conf. The source files for the host tables are usually kept in /var/named

In Ubuntu the default configuration file as described in the Ubuntu forums is /etc/bind/named.conf.local and some information has been moved to /etc/bind/named.conf.options.

The layout and associated style sheets for this page are taken from the World Wide Web Consortium and used here under the W3C software licence.