Introduction

The purpose of this document is to provide some very basic vocabulary terms, definitions, and descriptions of how IP addresses, IP hostnames, and DNS are used by the current CARLI-provided online services. This document should put some of the processes and networking activity in perspective and tries to address the "what is it and why do I need it?" questions that many CARLI library staff have. If you would like more information about these topics, a recommended source is TCP/IP for Dummies by Candace Leiden and Marshall Wilensky, ISBN: 0764517600.

IP Addresses

Each device used by or for Internet access (e.g., servers, workstations, printers, routers, etc.) must be identifiable on the Internet by a globally unique number. These are IP addresses (IP stands for Internet Protocol - the foundation of TCP/IP). Ranges of IP addresses are assigned to an institution (upon request by the institution, or on the institution's behalf by its ISP) by a national clearinghouse (InterNIC). Every network, whether it's an educational institution, government office, or commercial organization requests IP addresses from InterNIC. The requesting entity is then responsible for further delegation of the addresses it receives.

IP addresses are 32 bit numbers, parsed into four sections of eight bits each (each section, separated from the others by a "." is called an "octet."). Most CARLI institutions have "Class C" IP addresses, which means that the first three octets describe the institution itself, and the last octet describes a particular server, workstation, etc.

The parts of the IP number are: octet1.octet2.octet3.octet4.

Example:  123.45.67.89

            |   |  |  |

1st octet -/    |  |  |

2nd octet -----/   |  |

3rd octet --------/   |

4th octet -----------/

In this example, 123.45.67.* was assigned to an individual institution by InterNIC. The institution can then assign the addresses available in the last octet (possible numbers are 1 - 254) to its networked devices any way it chooses. If an institution requests a range of IP addresses as shown above, its network can contain up to 254 numbered devices before it runs out of IP addresses.

Larger institutions can request a range such as 123.45.*.* which then gives them not only the 254 numbers available in the last octet, but, in addition, the 254 possible numbers in the third octet, giving the institution a total of 64,516 (254 x 254) possible IP addresses to assign.

Institutions that need somewhere between 254 and 64,516 IP addresses can request IP ranges in blocks of 254 as predicted or needed.

IP Names

Most institutions then assign a hostname to a machine. Names are typically alphanumeric and (at least to the network administrator) mnemonic or symbolic. For example, an e-mail server may be assigned a name such as "email." A hostname also includes the institution's name and type of institution it is. For example, 123.45.67.89's name may be email.university.edu. A library may use a scheme such as libpub1, libpub2, libpub3 to name its public access machines; the institution may then use southlab1, southlab2, southlab3, etc. to name the machines in its Computer Labs on the south campus or against the south wall of the lab.

The complete hostname, such as libpub3.university.edu (which might be the symbolic form of 123.45.67.109) is called a "Fully Qualified Domain Name." When looking at a machine's IP name and comparing it to its IP number, note that the name is read left-to-right to discern the lowest-to-highest hierarchy (libpub3 is the lowest name in the domain hierarchy; .edu is the highest). The IP address hierarchy is the reverse: 123.45.67 describes the institution, while .109 is the lowest domain annotation. The ".edu" aspect of the hostname is not reflected in the IP address at all.

There are a large number of directory and configuration files that go into supporting an institution's network and many of these files require lists of the machines that can use or are defined for a particular service. These directory and configuration files may be required or replicated on many servers throughout an institution. As these different servers need to be updated, it is much easier for the humans doing the updating to remember, recognize and interpret hostnames than IP addresses; alphanumeric hostnames are also less prone to typos than numbers.

As a number of CARLI libraries have already found out, IP addresses may change. This could be the result of changing ISPs (not all ISPs can re-use the IP addresses used by a previous ISP), or the institution may have found a reason to reallocate existing IP addresses among and between its departments. If this should happen, a particular machine’s hostname should not have to change (email.university.edu) although its IP address does change. In particular, the IP addresses of CARLI’s servers changed in 2004. This change was transparent to the institutions that accessed CARLI services via hostname and not IP address.

What is DNS?

DNS stands for Domain Name System (or Service). Online tables in an institution's DNS server contain a mapping between IP addresses and hostnames. DNS servers perform the function of translating hostnames into IP addresses and vice-versa. This process is called "resolving" the name. For example, DNS may resolve "email.university.edu" into 123.45.67.89 and 123.45.67.109 into "libpub3," etc. When an IP address (or, less frequently, a hostname) changes, a network administrator needs to change a table entry in the DNS. Though tedious, this process, done once, is much more efficient than changing addresses in multiple security and configuration files that do not refer to the DNS.

For its DNS to work properly-locally and as part of the Internet-an institution should use the DNS to "register" a hostname association with every IP address in use at the institution. Each institution (or its ISP: the ICN for example, administers its own DNS) has to maintain its own DNS server. DNS servers from different institutions share data, so that registered address information gets "propagated" around the Internet.

We rely on DNS for authentication on our CARLI servers. Our services, including I-Share, use DNS recognition, for example, to customize database offerings and set search scope. When a server receives a connection from a client, the server does a lookup on the IP address to find the client computer's DNS hostname. If the IP resolves to "something.xxx.edu" (where xxx is the domain name of a CARLI institution), then the server knows that the request is from a CARLI member library and reacts with the appropriate level of service.

While implementing this authentication scheme, we have noticed that some CARLI member institutions have "A Records" (hostname to IP address mappings), but do not have "PTR Records" (IP address to hostname mappings) in their DNS servers. Another problem often appears when institutions change Internet Service Providers. Much work is done to make sure DNS names can be resolved to the new IP Addresses, but arrangements are not made for their new ISP to forward PTR queries on to the appropriate DNS servers so that the IP Addresses can be resolved back to hostnames.

Why do CARLI systems perform a "Reverse DNS Lookup"?

CARLI does not require a unique log-in on its servers for public CARLI-provided systems. The DNS processes that CARLI and various online vendors use provide machine-level security for access to more restricted services. (Some online services require an individual's ID to provide enhanced services, such as to place a request in I-Share, but basic searching is available to unidentified "guests" in all systems.)

As a deterrent to ill-intentioned individuals (who presumably prefer anonymity), CARLI servers do a "reverse DNS lookup" to resolve the IP addresses of workstations connecting to them. Workstations whose addresses cannot be resolved, because they have not been defined in their institution’s (or ISP’s) DNS, will not be allowed to connect to certain CARLI-supported services. In other words, CARLI libraries should define all of their addresses in a DNS. If library services are to be made available through a campus-wide network, each machine that might use the library services should be defined in the campus' DNS servers.

How does DHCP fit in to the picture?

Dynamic Host Configuration Protocol is a common scheme used by network administrators to assign IP addresses to a pool of workstations. DHCP is a framework for passing configuration information to hosts on a TCP/IP network. It enables automatic allocation of reusable network addresses and additional configuration options. We are not opposed to sites using DHCP. However, since our servers use DNS Names for authentication, we do request that DNS Administrators give a DNS Name to all IP addresses that will be used by the DHCP server. An example of this would be to give the IP Address 10.20.30.100 the name 'dhcp100.xxx.edu' (where 'xxx' is an CARLI institution domain name), so that it resolves to that institution's domain.

Why do libraries still need to keep track of IP addresses?

For whatever reason, some institutions are not able to provide a reverse DNS mapping (PTR records) from a client’s IP address to a hostname. In this case, the institution would need to submit to CARLI the range of IP addresses that the institution uses to ensure uninterrupted access to all CARLI services that utilize reverse hostname lookups for authentication. Further, should your institution’s IP addresses change, and they still do not have a PTR records associated with them, you will need to provide CARLI with the new IP address range.

What do I do with this document?

If your library workstations are having problems accessing CARLI services, the problem could be related to DNS lookup failures. Library staff should give a copy of this document to the local campus staff member(s) responsible for network support. That person may need to register the library’s IP addresses for reverse DNS lookup to solve the access problems.

For additional help

If the information in this document does not solve the library’s access problems to CARLI services, the local staff member should send an email note to the CARLI Office at the address below, and describe the problem, including any error messages that may be received from the service. The CARLI staff member best able to troubleshoot and resolve the problem will respond to the email.