From Wiki99

↑ Computers ↑
← prev: TCP/IP Addressing next: TCP/IP Ports →

---

Contents 1 DNS: How Humans Address Computers on the Internet 2 Why You Need to Care about DNS 3 Domain Registrars 3.1 Provision of DNS services 3.2 Provision of mail routing services 3.3 Provision of web hosting services= 3.4 Other services 4 Dynamic DNS; The Last Important Missing Link 5 Enough Theory. Tell Me What To Do 5.1 (Step 1) Figure out a domain name 5.2 (Step 2) Register your domain name 5.2.1 Which domain registrar should you use? 5.3 Install DNSUpdate 5.3.1 DNSUpdate startup item 5.4 Improving the performance of your system 5.4.1 About process priorities 5.4.2 Giving DNSUpdate a lower priority

DNS: How Humans Address Computers on the Internet

OK, that was IP addresses, but most of the time when we interact with the internet we use strings like www.google.com, or mail.comcast.net, we don't use numbers. The numbers are the most basic level of the internet, but on top of them is something called DNS, the domain name system. DNS matches strings like www.google.com or mail.comcast.net with the IP address of some google or comcast server. Google or comcast might replace their machines, or move them to a different location, and the IP addresses might change, but then the table that maps www.google.com to x.x.x.x IP address will simply be updated and your web browser will send your requests to the new google server with its new IP address.

How this implemented is that, when you set up your IP info for a particular network interface, in addition to the two essential IP numbers you have to set that we have already discussed (the interface's IP address and its router address), there is one more (in theory merely convenient, but in practical terms essential) item you have to set, which is the IP address of a DNS server.

Now suppose you type www.google.com in your web browser. The very first thing that happens is that your web browser asks the DNS server (for which it has the IP address) what is the IP address of www.google.com. The DNS server either knows this or (using some complicated process we don't need to understand) knows how to ask some other DNS server for this IP address. Eventually some server knows the information we want and it gets returned to your web browser. At this point the web browsers sends its HTTP request to that IP address.

If you are setting up your IP info manually, the IP address of a DNS server is just one more piece of information that the system administrator will give to you. If you are using DHCP, the DHCP server will fill this in for you automatically. (Note that you only need to know the IP address of one DNS server for everything to work. It is, however, common to fill in the IP addresses of two [or more] different DNS servers so that if one of them is down or overloaded, the second can be used as a backup.)

Why You Need to Care about DNS

Suppose you have just set up your server; and let's say you want to serve up web pages.
How are people from the outside world going to contact this server?

At the lowest level, of course, IP addresses will be used. In fact people can use an IP address in their browsers; you can tell them to type http://10.0.33.101 or whatever, to reach your web server. But this is unsatisfactory in two ways:

1. The obvious reason it is unsatisfactory is that it looks lame. Other people want to remember your web address as something catchy like www.name99.org; they don't want to remember a string of numbers.

2. Less obvious, but more important, is that your IP address may change. If you are running a little server at home, then the DHCP run by your ISP that assigns your home server its IP address may change that IP address at any time.
   Even if you pay your ISP for a fixed IP address, if you move then your computer will connect to a different network in the new city you have moved to, and the ISP there probably cannot give you the same IP address you were using in your previous city.

The way we solve these problems is by:

1. obtaining a domain name, and then
2. connecting that domain name our computer's IP address.

These are done through a domain name registrar. The first is trivial, the second a little more interesting.

Domain Registrars

The way you interact with a domain name registrar is pretty simple. You figure out the domain name you want, like name99.org, you make sure no-one else is using it, then you pay some money to register the domain as yours. At the most basic level, what you get when you register a domain is simply a legal right to use that domain name, and that is all. Note, in particular, that point (2) above is not covered by this most basic level of obtaining a domain. However most domain registrars throw in various extra services for the dollars you pay them. Of these extra services, those dealing with point (2) above are the most important. Let's look at this in more detail.

(It should be clear to you, if not read everything above again, that an IP address is a technical concept, and that the IP address a computer uses is determined by the network it is connected to, it is not something you have much control over. Dealing with an IP address is the job of your ISP. On the other hand a DNS name is a legal and human-level concept, a string you can choose as you wish. Dealing with a DNS name is the job of your domain registrar.)

The linking of a domain name with an IP address, and the making available that domain name/IP address pair to random users on the internet is done through a DNS server.

Provision of DNS services

The first extra service most domain name registrars provide is to allow you to use their DNS servers to tell the world what IP address your domain name corresponds to. You don't have to do this through your domain name registrar. You can run your own DNS server, and that's what larger organizations do. However running a DNS server is a lot of hassle that, for a small home server, really provides no real benefits.

Provision of mail routing services

The next common service most domain name registrars provide is handling of mail. Let's suppose you own domain bluecloud.com.

• One thing many people do with their domain name is use it to give themselves multiple email addresses. For example every time you send mail to Microsoft, you might use the address microsoft@bluecloud.com. Then if you ever get spam to that address, you know that Microsoft, in spite of what they promised you, sold your email address.

• Even if you don't care about this, by using a domain name you own, you can give yourself an email address that will remain valid for the rest of your life.

  If you use an email address based on your ISP, say fred1@home.net, that will become useless if you move to a different city where athome has no presence and you have to sign up with earthlink, meaning your email address changes to fred23@earthlink.net.

  Even if you don't move, cable and telco companies seem to change their names every five years (usually because they have established so much hatred towards them under the old name, and they hope that a new name will fool the people they screwed over a few years ago into dealing with them again). This company name change means your email address will change from say fred23@home.net to fred39@comcast.net.

The very simplest email solution is this: the domain registrar can forward all mail for bluecloud.com to some other email address, say fred1@comcast.net. Now when you move to earthlink as your ISP, you simply tell the domain registrar to forward mail on to fred23@earthlink.net instead of fred1@comcast.net, and life continues as before; mail sent to the address fred@bluecloud.com gets sent invisibly to your new ISP.

This is fine but limits the power you have because your email ultimately is stored and manipulated by your ISP. You can't install your own spam filtering programs, you may have limited mail storage space, you don't have the IMAP ability to view your mail from multiple locations and so on. The alternative is to run your own mail server. In this case you tell the domain registrar to send all mail for bluecloud.com to your server's address.

(Most registrars offer a safety backup email address to which to send mail which allows you to specify that if the email can't go to your home server (maybe power went out while you were on vacation), after trying for a while the domain registrar should send the mail to some alternative address.
Usually you'll set that address to whatever email address your ISP gave you, fred1@comcast.net or whatever. Under ideal circumstances, that email address will never be used, but it's nice to have the backup, if necessary, so that no mail ever gets lost. Obviously if this backup is used you'll lose whatever convenience you were getting from home server, until you can get home to fix it, but at least you won't lose your mail.)

Provision of web hosting services=

Along with the above essential services, another service offered by some domain registrars is web hosting. This might be useless to you if you want to run your own web server, but may perhaps turn out to be useful if your web site becomes more popular and your home bandwidth can no longer sustain the traffic.

Other services

Most of the other convenience services offered are probably irrelevant to you if you are not doing things like running multiple servers or multiple domain names, so don't feel bad if you don't understand what they are.

Dynamic DNS; The Last Important Missing Link

There is, however, one final service that the domain registrar must offer if it is to be useful to most home users, and that is dynamic DNS support.

So far we have described how you get an IP address from your ISP (through DHCP), and we have talked about you registering a domain name. What connects these two is that, once you have registered your domain name, you tell the registrar (through a web page) what IP address to associate with your domain name.

This is fine if you own a static IP address. But what if you do not?
Enter dynamic DNS. Dynamic DNS is not a protocol, more just an idea. The idea is that some background program will be running full time on your server, waking up every few minutes to monitor your IP address. When it notices that this IP address has changed, it contacts your domain registrar and tells it to update your domain name entry to the new IP address.

This sounds like (and is) a simple enough idea, but there are no standards yet which causes problems. There are two tricky areas:

1. Suppose your server is not directly connected to the internet, but is sitting behind a router. (In other words your DSL modem is connected to an Airport base station, and your server communicates with that Airport base station.) In this situation, how, then can the server efficiently learn that the IP address of the base station has changed?
   (If you don't see why this is a problem, think a little and read back on everything that we have said. What will have changed is the IP address of the interface of the router that is connected to the DSL modem. That will have changed from say 68.125.65.16 to 68.125.65.187. But the IP address of the router (say 10.0.1.1) presented on its other connection, to your server and your home LAN, will not have changed, neither will the address, say 10.0.1.100, given to your server by the DHCP server built into the router.)

2. Once the dynamic DNS software running on the server has learned that the IP address of our connection to our ISP has changed, how does it tell the domain registrar about this so that our DNS entry is updated?

Because these issues are not yet standardized, you aren't completely free to just use any domain registrar you want. You need to be sure that

• the domain registrar offers dynamic DNS support,
• and that you have dynamic DNS software that runs on your server,
  • that knows how to deal with any router you may have [problem (1) ],
  • and knows how to talk to your domain registrar [problem (2)].

I use the program DNSUpdate for dynamic DNS since it handles the Airport base station as a router just fine. I'm afraid I've no idea how well it works with routers that are not Airport base stations, or if there are any other programs available for your particular router. As always the internet is your friend in searching for this sort of information.

Let me add here that I was very disappointed that dynamic DNS is a facility still not built directly into Tiger. It's pretty lame that such basic network functionality requires a third party program.

Enough Theory. Tell Me What To Do

(Step 1) Figure out a domain name

The best site for finding out whether the domain name you want is available or not seems to http://www.registerfly.com. It is sometimes a bit slow, but it allows you to see whether or not multiple variations of the domain name you want are registered or not, and suggests variants of the domain name you want that are still available.

(Step 2) Register your domain name

Here you go to the domain registrar's web site, register the domain name you have chosen (which will require a credit card) and then fill in, through a web interface, various information about yourself, the domain, and how you want mail handled. The cost of domain registration varies depending on what other services your registrar provides, but is around say $25 a year. You may see as low as $15 a year, but anything above $50 a year better be providing some mighty fine extra services to justify that cost.

Which domain registrar should you use?

http://www.registerfly.com which I mentioned above are very cheap and offer a ton of services; maybe they are a good domain registrar, I don't know.

I use EasyDNS at http://www.easydns.com as my registrar because

• my brother has been with them for a few years, and has been very happy with his experience; and

• because I know that they offer dynamic DNS, and that DNSUpdate works with EasyDNS.

There are people who do their dynamic DNS not through their DNS registrar but through the free web site http://www.dyndns.org. I'm afraid I know nothing about how well www.dyndns.org works, so I can't comment on that. Again try a google search if you want to go that route.

So you need to go to www.easydns.com and fill in all the details to acquire your domain name. For the middle package of services (which is what I use) this will cost about $35 a year.

Install DNSUpdate

You can install DNSUpdate through darwin ports.

Or you can use the pre-build installer from http://www.dnsupdate.org/.

Both options will land up installing three things on your server:

1. The background command-line application that runs all the time and that tests, every few minutes, if your IP address has changed. This gets installed in /usr/local/sbin as dnsupdate.

2. A folder of stuff in /Library/StartupItems called DNSUpdate that makes dnsupdate start running every time your server is rebooted.

3. A standard GUI application called DNSUpdate that you can file anywhere you want on the server, maybe in /Applications/Utilities, that you use to set some basic preferences for DNSUpdate.

With everything installed, run the GUI app to set preferences. You need to set

• the mode to run in (in other words are you connected directly to the internet or is your internet connnection through an Airport base station),

• what your dynamic DNS service is,

• and your userID and password for easyDNS so that, as necessary, it can log in to EasyDNS on your behalf and update your DNS info.

You should probably read the full DNSUpdate docs (they're not very long) just to make sure you understand how to convert the theoretical explanation I've given here into the exact details of what to do for your type of internet connection and your DNS registrar.

DNSUpdate startup item

When a computer running any modern operating system starts up, it needs to start a number of programs that perform various background services. DNSUpdate is an example of this sort of utility program that runs in the background so quietly you hardly know it's there.

In the old days (ie pre-Tiger) a folder containing some particular files was added to various places, most commonly /Library/StartupItems, to tell the OS that the program needed to run once the system was booted.

In Tiger the details of this have changed. While the old StartupItems scheme continues to work, the preferred way of handling this issue uses a new program called launchd. If you are interested,you can read an overview of launchd and why it was invented here.

There are substantial advantages to this new scheme.

The first is simply a single way to do things, rather than the variety of different schemes used in the past. This same scheme (which we are using simply to launch a background application at startup) can be used to launch applications to handle specific incoming network requests (ie to handle xinetd functionality), to run applications at particular times (ie to handle cron functionality), to run applications when particular files or directories change, and so on.

The second is that this scheme provides a central point for viewing and controlling background applications (sometimes called demons, sometimes called servers).

Right now the launchd scheme is only partially underway.
Specifically, as of Leopard,Apple does not provide a nice application for listing and controlling (and editing, and creating) launchd files. This should be contrasted with Microsoft which does provide the equivalent app for managing what Windows calls services on the various Windows platforms.

Fortunately, however, open source has risen to the challenge, and the very good application Lingon does everything you need.
Unfortunately, the author of Lingon, for incomprehensible reasons, has chosen to completely cripple the application for its version 2.0; and the original, good version, does not run on Leopard. So, at least for now, on Leopard it's back to using the command line to control launchd.

launchd looks in various places for config files to tell it what to launch and when.
The config files in /System/Library are for Apple's exclusive use.
The config files in / Library are meant for our use, to describe services running for the entire compute rather than for a single user.
The two places launchd looks in /Library are /Library/LaunchDaemons and /Library/LaunchAgents, but the only one of these we care about is /Library/LaunchDaemons.

When you install DNSUpdate (assuming you install version 2.8 or later), the file org.dnsupdate.daemon.plist will be created in the directory /Library/LaunchDaemons.

If this file was not installed, create it yourself:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>org.dnsupdate.daemon</string>
        <key>LowPriorityIO</key>
        <true/>
        <key>Nice</key>
        <integer>1</integer>
        <key>OnDemand</key>
        <false/>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/dnsupdate</string>
                <string>daemon</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StandardErrorPath</key>
        <string>/var/log/dnsupdate.log</string>
        <key>StandardOutPath</key>
        <string>/var/log/dnsupdate.log</string>
        <key>UserName</key>
        <string>root</string>
</dict>
</plist>

and delete the folder in /Library/StartupItems:

To check that everything went fine, reboot, and see if dnsupdate is running in the background:

ps -auxw | grep dnsupdate

If everything is good, you should see two lines. The one you care about is the first one which should look something like

(You can ignore all the stuff in the first few columns, what you care about is the last two columns.)

At this point you can now toss the folder you saved above from StartupItems:

If you run Lingon, then click on the Users Daemons tab, you will see this file listed there (along with any other such files that may have been installed by other software). Double click on this file in the Lingon window to view its various properties. (But obviously don't change anything unless you know what you are doing.)

Improving the performance of your system

DNSUpdate is only the first of a number of demons we'll be running to handle mail, serve up web pages, access databases and so on. We can edit its configuration file to improve system performance in a very minor way.

What we are doing here is pretty much pointless for the DNSUpdate demon, but it does provide place to discuss general principles that are more relevant for other demons.

About process priorities

The processes running on your computer have priorities, with higher priority processes getting a larger fraction of the CPU than lower priority processes. It is important to understand the limits to what priorities give you.

• Priorities can't make IO, whether network or disk, happen any faster. Apple's current IO architecture is severely limited in many ways, and this is only one of them. The best you can do, right now, is specify that some processes qualify for low-priority IO, which is fine for specifying background processes, but you can't do the reverse of qualifying some processes for higher priority IO.

• Priorities, likewise, don't do anything to lock your memory pages in RAM rather than swapping them out to disk.

• Finally priorities only have any sort of effect when there is more than one process that is capable of running on the computer. At any given time there are many many processes running on your computer, but pretty much all of them are blocked waiting for something to happen. Under such circumstances, whether the one process that is capable of running has the highest or lowest priority makes no difference; as long as there is only one process capable of running, that process will run full-throttle consuming 100% of the CPU. Priorities have an effect only in how the CPU will be split up across multiple processes that are all currently capable of running.

As far as the user is concerned, the priority of a process is specified by its niceness value. Why is this word used?
Suppose you have a long computation you want to run overnight, driven by a command-line program called simulateGR. The standard way you would run such a program in the old days of many users sharing a computer is with the command line

The nice -n +10 before the main command line tells the OS to run the system with 10 extra units of "niceness", ie to make it run at lower priority than normal programs, so that the system doesn't slow down for everyone else.

A consequence of this history is that, as a user, the way the system presents system priorities to you is in terms of their niceness values, which are essentially backwards from what you'd think of as priorities --- a process with a high niceness value is one with low priority. As a practical matter, niceness values run from -10 (the highest priority) to +10 (the lowest). (This is not quite true but you can't, as a user, easily get outside this range, only software making special API calls can do so.)
Only the superuser can increase the priority of processes (ie give them a negative niceness value), but anyone can decrease the priority of their own processes.

You can see the niceness of all the processes running on your system by typing

You'll see that by far the bulk of them run, as you'd expect, at the default of niceness 0. You may see some, like the efax software that handles faxing on your computer, running at a higher priority (-10 niceness).

With all this background, what we will want to do is run various servers at either elevated or depressed priorities, depending on what they do.
On my system, I run all mail servers and web servers at elevated priority, and various backup code at depressed priority. As already mentioned, this won't have any effect when a mail server or web server is the only runnable code anyway, but it will mean that if the computer is doing something else at the same time as the mail server or web server becomes active, (maybe downloading podcasts into iTunes or whatever), mail and web will get priority.

DNSUpdate is a low priority item. Since it only runs once every fifteen minutes and does pretty much nothing during that brief period when it runs, it hardly matters what priority we give it, but to see how this works in practice, let's say we will give it one unit of niceness, ie we will depress its priority from 0 niceness to +1 niceness.

Giving DNSUpdate a lower priority

Open Lingon, select the Users Daemons tab, and double click the org.dnsupdate.daemon line. In the sheet that comes up click on the Limits tab. Now check the box at the top marked LowPriorityIO, and move the slider below it from the 0 position right one unit, so that the Nice value reads 1. Now click the Save and Reload button, and you're done.

Reboot your system and DNSUpdate should now be running at this new priority. You can see this by typing

The third column from the right is the niceness value, and you should see that it's set to 1 for dnsupdate.

---

← prev: TCP/IP Addressing next: TCP/IP Ports →