A domain, in the context of networking, refers to any group of users, workstations, devices, printers, computers and database servers that share different types of data via network resources. There are also many types of subdomains.
A domain has a domain controller that governs all basic domain functions and manages network security. Thus, a domain is used to manage all user functions, including username/password and shared system resource authentication and access. A domain is also used to assign specific resource privileges, such as user accounts.
In a simple network domain, many computers and/or workgroups are directly connected. A domain is comprised of combined systems, servers and workgroups. Multiple server types may exist in one domain - such as Web, database and print - and depend on network requirements.
In a more complex network domain, the domain is comprised of a forrest of domains or sub domains, also comprised of combined systems, servers and workgroups with an intecirate trust and secruity policy allowing them all to work together as seamlessly as users who work on the same single or simple domain.
Windows Domain Controller (DC)
A domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain.
It is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources.
A domain controller is the centerpiece of the Windows Active Directory service. It authenticates users, stores user account information and enforces security policy for a Windows domain.
It allows hierarchical organization and protection of users and computers operating on the same network.
In simpler terms, when a user logs into their domain, the DC authenticates and validates their credentials (usually in the form of username, password and/or IP location) and then allows or denies access.
A domain controller gives access to another domain in a trust relationship so that a user logging into a domain can access resources in another domain.
Early versions of Windows such as Windows NT had one domain controller per domain, which was called a primary domain controller.
All other domain controllers were backup domain controllers.
Beginning with Windows 2000, the primary domain controller and backup domain controller roles were replaced by Active Directory.
The domain controllers in these domains are considered to be equal, as all controllers have full access to the accounts database stored on their machines.
When a network is comprised of hundred of computers, managing the authentication of each individual machine may be too complicated.
To simplify this task a single computer (the domain controller) can be dedicated to manage all the authentications for all the others (the clients).
All login credentials of all client computers and devices connected to the network are stored in the DC’s Active Directory. The Active Directory is shared by all computers on the network, and whenever a user tries to login, their credentials are checked against those saved in this master directory database.
To strengthen security, no one except the administrator of the DC has the authority to change security or login information or add new computers to the domain.
A DC is usually a key target during a cyberattack since it represents a primary entry point to the entire infrastructure. To prevent serious data breaches, they are usually protected with robust cybersecurity measures.
To ensure that network resources are always stable and readily available, DCs are often deployed as a cluster.
The network administrator may designate a single primary domain controller (PDC) as well as additional backup domain controllers (BDCs). Periodically, the PDC automatically creates a backup copy of the Active Directory database on all BDCs that is stored in read-only format.
If the server performing the domain controller role is lost, the domain can still function. If the PDC is not available or fails, the administrator can designate an alternate BDC to assume the role.
BDCs are also used to ease the workload when the network is too busy.
A broadcast domain is a logical part or division of a computer network. In a broadcast domain, all the nodes can be reached via broadcast at the datalink layer. Broadcast domains are located within a network or multi-network segment. Multi-network segments require a bridge, such as the networking device. A broadcast domain member can also be any device or computer that is directly connected to the same switch or repeater. Networking devices, such as routers, are used to separate the boundaries of broadcast domains.
A broadcast domain provides high-level communication and reliability via a simple Ethernet connection. An assigned broadcast domain or destination receives addressed and transmitted data frames, which are detected by each node. However, data frames are only received by addressed nodes. The best broadcast domain example is the virtual local area network (VLAN) in which multiple computers establish a broadcast domain via a virtual connection, they are not physically connected. A broadcast domain provides fast and reliable communication for offices in different locations. One broadcast domain disadvantage is its tendency to drop Web data signals after reaching network router interface borders. Additionally, issues occur when a router links two or more broadcast domain networks, as described in the following example: Let networks A and B be connected via a router. Network A, which has a Dynamic Host Configuration Protocol (DHCP) server, broadcasts Internet Protocol (IP) addresses to all attached computers. The DHCP service also tries to broadcast IP addresses to all computers attached to network B. However, the router drops incoming messages and network B’s computers do not get configured properly. Such issues occur in broadcast domains. Current routers are manufactured with enhanced features, such as the no DHCP request blocking.
Domain Name System (DNS)
Domain Name System (DNS)
Domain name system (DNS) is a hierarchical naming system built on a distributed database. This system transforms domain names to IP addresses and makes it possible to assign domain names to groups of Internet resources and users, regardless of the entities' physical location.
The domain name system includes a tree of domain names. Every leaf, or node, in the tree has zero or more resource records, which include information associated with the domain name. The tree further subdivides into zones, starting at the root zone. DNS zones may have one domain, or many domains and subdomains depending on the administrative authority delegated to managers. The client side of DNS, the DNS resolver, is responsible for initiating and sequencing queries that lead to full resolution of the resources sought. These queries are either recursive or nonrecursive.
DNS assigns domain names and maps the names to IP addresses by designating an authoritative name server for each domain. These servers are responsible for particular domains and can assign the authoritative name servers to subdomains. As a result of this process, DNS is both distributed and fault tolerant.
DNS stores a list of mail servers that accept email for an Internet domain. Identifiers such as radio frequency identification tags, universal product codes (UPCs), international characters in email addresses and host names also use DNS.
Dynamic Domain Name System (DDNS)
Dynamic DNS (DDNS or DynDNS) is a mechanism by which the name server in the Domain Name System (DNS) is automatically updated with the custom domain name and the ever-changing IP addresses. The DNS method is helpful in the case of dynamic IP addresses, where the IP address is mapped to a custom domain that changes frequently. However, in the case of a static IP address mapped to a custom domain, DDNS is not required. In general, a dynamic IP address is provided to residential or small business users. Big enterprises generally use static IP with their domain names.
In the early days of DNS, databases were small and it was easy to manage them manually. However, when a domain database grows, it becomes difficult to manage and update globally. The DNS system and domain name registers are distributed in nature, so it could take hours to update. In this scenario, The DNS system is suitable for static IP addresses mapped with custom domains.
But problems arise when the IP address changes frequently. Dynamic DNS is introduced to address this issue of rapid IP changes. When a domain name is searched, a dynamic IP address mapped with that domain is returned. This dynamic IP is provided by the internet service provider. At a later point of time when that same domain is searched again, a different IP address could be returned, because the ISP may be provided a different IP address from the IP address pool. Here, the DDNS system updates the DNS database every time the IP changes, and always keeps it updated with the domain-IP mapping. That way the outside world can access the domain name all the time without worrying about the IP changes.
A subdomain is a domain that is a part of a larger domain under the Domain Name System (DNS) hierarchy. It is used as an easy way to create a more memorable Web address for specific or unique content with a website. For example, it could make it easier for users to remember and navigate to the picture gallery of a site by placing it in the address gallery.network.domains, as opposed to network.domains/media/gallery. In this case, the subdomain is gallery.network, whereas the main domain is network.domians.
A subdomain is basically a child domain under a larger parent domain name. In the larger scheme of the Domain Name System, it is considered a third-level domain used to organize site content. In the Web address example above (gallery.network.domains), the suffix ".domains" is the first-level domain often refered to as the TLD (top level domain), "network" is the second-level domain and "gallery" is the third-level domain.
Example of Sub Domain Uses:
Organizing website content according to category, i.e., office.network.domains, faq.network.domains and store.network.domains
Sharing the allotted domain space with other users by providing them subdomains and their own username and password with varying levels of feature access. For example, admin.network.domains, user1.network.domains and guest.network.domains
Shortening long links and making them easy to remember. For example, the link "http://network.domains/offers/bonus/referal_id^56$#9?.asp" can be placed into the subdomain "referral.network.domains" to make it easier to navigate and remember.