In recent years, the use of TCP/IP computer networks has become well known. In TCP/IP networks, host systems and other objects within the network are identified by thirty-two bit numbers, known as Internet Protocol Addresses (IP addresses). IP addresses provide a simple mechanism for identifying the source and destination of messages sent using TCP/IP networks. IP addresses are not, however, easy for humans to recognize or remember. As a result, objects within TCP/IP networks may be given human readable names that are associated with IP addressees. When a user wishes to access a particular object, the human readable name is used. That name is then translated into an IP address that may be understood by the various systems that make up the network. A symbolic name that correspond to an IP address is said to be "bound" to that address. More than one symbolic name may be bound to a single IP address.
The use of symbolic names creates a need for services or methods for translating symbolic names to corresponding IP addresses. One such method is implemented by providing each host system on a network with a database of symbolic names and corresponding IP addresses. When a symbolic name requires translation, the host system doing the translation simply looks up the required IP address in its database. This mechanism, although functional, suffers from a number of disadvantages. One of these disadvantages is the difficulty associated with maintaining separate databases on each host system. Generally, each of these databases must be separately updated each time a binding is changed in the network. Unfortunately, in many networks, bindings tend to change on an almost continuous basis, as network objects are added or deleted or as changes are made to symbolic names or IP addresses.
The difficulty associated with maintaining separate databases has led to the use of centralized databases that are located on one of more database server systems. A host system that needs to translate a symbolic name queries one of the database server systems which then provides the requested IP address. Use of networked databases of this type, such as provided by the Network Information Service of Sun Microsystems Inc., has greatly simplified the maintenance and administration of name databases.
In practice, most TCP/IP networks are organized using a hierarchical structure. For example, in a university environment, the systems in the engineering department may be linked using a TCP/IP network. Similarly, the mathematics systems may be linked using their own TCP/IP network. The engineering and mathematics networks may be linked using a university wide TCP/IP network and the university network may be part of a larger network, such as the Internet.
To accommodate the hierarchical structure of TCP/IP networks, the basic concept of a networked name database has been extended to function in a similar hierarchical fashion. Thus, a host system that needs to translate a symbolic name queries a local database server system. If the local database server recognizes the symbolic name for which a translation is required, the database server returns the requested IP address. In the alternative, under appropriate circumstances, the local database server will pass the symbolic name requiring translation to a name server located at the next level in the network hierarchy. This type of recursive translation may continue until a database server is reached that can perform the requested translation. In modern TCP/IP networks, this method for translating symbolic names is known as a Domain Name Service (DNS) with the database server providing the translation known as DNS servers.
One of the features of DNS is consistency. Thus, barring changes in the network, a DNS server will always return the same IP address for a given symbolic name. In some cases, however, this type of consistency has been found to be a disadvantage. For example, in many networks, mail is handled by a mail server. Systems that need to send or receive mail find the IP address of the mail server by querying the local DNS server. This is most conveniently done if symbolic name "mail" (or some similar name) is set to correspond to the IP address of the mail server. If the network includes a large number of host systems, however, it may not be practical to have a single mail server. Instead, a group of mail servers must be defined and the host systems must be divided between the different mail servers. Traditionally, this has been accomplished by assigning a different symbolic host name, such as "mail1" and "mail2" to each mail server. Each host system is then separately configured to use the symbolic name of one such mail server. In these cases, it would be more practical if the DNS server could handle the task of assigning host systems to mail servers without the host systems knowing a specific symbolic name for their particular mail server. The ability of the DNS server to assign host systems to mail servers would also simplify the task of moving mailboxes between mail servers.
Consistent name translation has also proven to be a disadvantage for allocation of preferred resources within a network. For example, many large networks include a group of news servers. To balance the workload of the various news servers, it is preferable to split the host systems between the news servers by assigning a preferred news server for each host system. When the preferred news server is unavailable, each host system may have an alternate new server. If the alternative news server is not available, each host may have an alternate to the alternate news server. Once again it would be convenient if the DNS server could handle the task of assigning host systems to their preferred news servers or alternate news servers without the host systems knowing a specific name for their particular news server or alternate news server.
Access control is yet another situation where consistent name translation has proven to be less than ideal. For example, it may be desirable to limit the access of some network users to host systems that are internal to the network. At the same time, it may be desirable to allow other users to access internal systems as well as host systems included in an external network, such as the Internet. Generally, this type of access control may be provided by using two proxy servers with each proxy server providing access control to one of the two classes of users. In traditional DNS systems, this would require each host to know the name of the correct proxy server. Once again, it would be convenient if the DNS server could handle the task of assigning host systems to proxy servers without the host systems knowing a specific name for their particular proxy server.