Cornell's Domain Name policy, effective June 2004, requires three-part cornell.edu domain names to be registered, and domain names purchased with university funds to be recorded, at http://DNSdomain.cit.cornell.edu. Non-cornell.edu names served by Cornell's domain name servers must also be registered, and domain names running on university-owned hosts must be recorded.
DNS, which stands for Domain Name System, provides translation of a networked machine's (host's) name to a machine-readable IP address so that packets are routed over the network correctly. Conversely, for security reasons, a server on the network may use "reverse lookup" in order to assure its administrators that the proper people are connecting to it. Some Web or ftp servers will not allow a connection unless they can reverse-map the IP address to a registered hostname. A lookup on a domain name looks like this:>nslookup www.cornell.edu
Server: CUDNS.CIT.CORNELL.EDU
Address: 132.236.56.250
Name: CUINFOB.CIT.CORNELL.EDU
Address: 132.236.218.13
Aliases: www.cornell.edu
In the example above, I used the command 'nslookup' and asked for information about the host name www.cornell.edu. The DNS server CUDNS told me that, according to its records, www.cornell.edu is an alias for the machine CUINFOB and has an IP address of 132.236.218.13. I then did a reverse lookup on the IP address, 132.236.218.13, below and got back the "official" name of the machine:
> nslookup 132.236.218.13
Server: CUDNS.CIT.CORNELL.EDU
Address: 132.236.56.250
Name: CUINFOB.CIT.CORNELL.EDU
Address: 132.236.218.13
In general, a host name should consist of at least four parts; for example:
Naming the machines on your subnet is a standard practice that makes administration much simpler. Giving each machine a meaningful label allows for easy tracking and inventory of IP addresses. It also allows for easier problem tracking and resolution when network trouble occurs. Host registration is also the only way to give your machines a name on the Internet.
No. Hackers typically scan whole subnets, using the IP addresses, to find vulnerabilities. They're not concerned with hostnames at all.
If you are not the network administrator, contact your department's network administrator with your request. If you don't know who your network administrator is, you can look it up by finding your subnet (the first three numbers in your IP address) on the Subnet Administration page.
If you are the network administrator, you can make your own host changes on the DNSDB main page. If you can't get access to your subnet's pages, another network administrator in your unit who does have access can add you to the list of administrators , or you may send email asking hostmaster@cornell.edu to add you to the list of network administrators for your subnet.
The host name should be in lowercase, should start with a letter, and can consist of alphanumeric characters and dashes. Underscores and special characters should be avoided. The host name must be unique within the subdomain (see What is a subdomain? below). The network administrator should use common sense in assigning names.
Reading from right to left, the subdomain is the third part of the fully qualified domain name. In the example bigred.cit.cornell.edu, cit.cornell.edu is the full subdomain name. Creating a subdomain with a meaningful name, such as cit.cornell.edu for Cornell Information Technologies, assists the Network Operations Center in locating the responsible party should there be a problem with the subnet or any host(s) on that subnet.
A subnet, also known as a LAN (Local Area Network) is a network within a network; it typically contains all the computers and printers within a convenient geographical location, such as a building or department.
It used to be that IP address space was allocated in Class B and Class C blocks. Cornell owns three Class B addresses within the Ithaca campus: 128.84.0.0, 128.253.0.0 and 132.236.0.0. In the early 1990's, the Internet was experiencing a booming growth and, as a result, running out of addresses and memory space on routers which had to carry enormous routing tables in order to route traffic properly. The Internet Engineering Task Force was called upon to create a new scheme for distributing IP addresses more efficiently. They developed the Classless Inter-Domain Routing (CIDR) scheme which replaces the node number with a prefix. If we look at an IP address in its binary form:
| decimal | 128 | 253 | 180 | 0 | |
| binary | 10000000 | 11111101 | 10110100 | 00000000 |
we can see that each part of the address consists of 8 bits. If we were to create a subnet called 128.253.180.0/24, this would mean that the left-most 24 bits (10000000 11111101 10110100) become the subnet and the 8 remaining bits are the host's node address. You can see more examples of this on the subnet page.
Since a three-part name is, in effect, a subdomain, it's usually wise to reserve these for well-known services at Cornell--such as calendar.cornell.edu--or for services that will be known outside of Cornell--such as cunews.cornell.edu. Please refer to Cornell's Domain Name policy for clarification.
First, acquire the domain name by applying to one of the many registrars listed by InterNIC at http://www.internic.net/regist.html. You will be asked to submit your proposed domain name along with contact information; you will then become the authority (contact person) for that domain. If the domain name is to be served by Cornell's domain name servers, name the Network Operations Center as the technical contact and the department requesting the domain name as administrative/billing contact for the domain. The mailing address for the NOC is:
Network Operations Center
757B Rhodes Hall
Cornell University
Ithaca, NY 14853
607-255-9900
noc@cornell.edu
Once you've received confirmation from whatever registration service you choose, use Cornell's Domain Name registration database to register the domain name at Cornell.
There are a number of registrars that will host your domain name for "free"; that is, they don't charge anything above and beyond InterNIC's fee. InterNIC charges a yearly fee of $35 with a minimum charge of $70 (first two years).
Yes. With permission from the vendor or ISP, we can either point a host name (Example: www.cuhost.cornell.edu) at an address in their (the vendor's) IP space or create a CNAME (Example: www.cuhost.cornell.edu) that points at the vendor's host name (Example: webhost.something.com).
Getting permission to point into someone else's IP space is a best practice rather than a policy. The network administrator can send, or have the vendor send, written permission via e-mail to hostmaster@cornell.edu.
No. Creating additional top-level .edu domains is not consistent with Internet and Cornell policy. Please refer to the policy document for more information.
An A (Address) record translates a hostname to an IP address. This is the base from which DNS works. An example of an A record would be:www.webhost.cit.cornell.edu 86400 A 128.253.180.254
The CNAME (canonical name) record maps the aliases to the "official" name of a machine. The official name is stored in the A record. Aliases are most often used when a single machine hands out several different services. For example, one machine may be used for a Web server, an FTP site, and a mail server. Its CNAME would look something like this:
wwwhost.cit.cornell.edu 86400 CNAME myhost.cit.cornell.edu ftphost.cit.cornell.edu 86400 CNAME myhost.cit.cornell.edu mailsvr.cit.cornell.edu 86400 CNAME myhost.cit.cornell.edu
An MX (Mail eXchange) record is put in place to redirect email sent to a user's machine to another designated mailhost. For a more detailed explanation, see the MX (Mail eXchange) FAQ.
Technically, no. You can have one hostname and multiple aliases for that one hostname, as shown in the A and CNAME examples above.
Yes; it's known as round-robin DNS and is useful for load balancing between two or more machines. DNS will cycle from one IP address to the next each time the hostname is called for. There is a provision for entering secondary IP addresses on the host page. A cautionary note: this type of registration is not a solution for a fail-over situation. That is, should one machine go down, DNS will continue to cycle and one IP address will fail every other time. If you have two network interfaces on different subnets on a single machine, you will need to ask the NOC for help with registering because of filtering issues on the network equipment.
Yes. The DNS Database's batch interface includes a chghost command that moves a hostname and all of its attributes to a new IP address; a chgname command that replaces one hostname with another, keeping all of the attributes; and a delhost command that removes a hostname and all its associated CNAME and MX records. The batch interface also has other commands to simplify DNS maintenance.
Back to top
There is no way to map an IP address to a specific subdirectory on a Web site. In other words, you cannot register the above URL with an IP address. You can register the hostname part--that is, "webhost.cit.cornell.edu"--which is the machine on which the web site resides, but we cannot put an entry into DNS that will point to a particular directory on that machine. This must be done with "virtual hosting".
A virtual host is usually registered as a CNAME (alias). An excellent explanation and resource for virtual hosting is available at Apache's own site.
This protocol was developed with the idea that there would be a server on the network that would "hand out" IP addresses and configurations of individual machines. You can set this up on your own subnet, or use CIT's campus-wide DHCP service. Please consult the DHCP documentation for assistance with this. For more information, an excellent FAQ can be found at http://www.dhcp-handbook.com/dhcp_faq.html#widxx.
The Windows 2000 Dynamic DNS page has information about this.
Changes to the DNSDB database are uploaded to the campus DNS servers every 3 hours. The designated hours are midnight, 3am, 6am, 9am, noon, 3pm, 6pm and 9pm. The data is collected from the DNSDB database at 10 minutes past the hour and the collected data is sent to the campus DNS servers at 40 minutes past the hour. So, depending on when in this cycle you make your changes, they will show up in the database up to three hours later.
Anyone with permissions to change DNS entries for your networks/domains can add or remove net admins. Go to the subnet inspect/modify page for each subnet and remove the netID and email address of the person or people leaving your department. Then, go to the domain inspect/modify page and do the same for any domains in your department. These changes will take effect immediately.
Technical Support Providers
DNS Database
DNS FAQ
Last updated: June 04, 2007