002.DNS parsing Process Detailed

Source: Internet
Author: User
Tags domain name server domain server in domain mx record nslookup tool

Let's talk about some of the basic concepts of DNS:

A Root domain

The so-called ".", in fact, our URL www.baidu.com in the configuration should be www.baidu.com. (one last point), we usually omit the point when we type in the browser, and this has become a habit.

Root domain Server We know there are 13, but this is the wrong point of view.

The root domain server only has 13 IP addresses, but the number of machines is not 13, because these IP addresses with the use of anycast technology, so we can set up the global mirror site of these IPs, you access to this IP is not the only host.

The specific image distribution can refer to Wikipedia. The contents of these hosts are the same

Two Domain is the root domain is the top-level domain or a first-level domain,

There are two ways to divide the Internet, a kind of com.,net, which is divided according to the nature of the industry. etc., one is divided by country such as CN.,JP.

You can check it out for yourself, we don't care here.

Each domain will have a domain name server, also known as an authoritative domain name server.

Baidu.com is a top-level domain, and www.baidu.com is not a top-level domain name, he is in the baidu.com domain of a host called www.

There are two levels of domain after the first level domain, three level domain, as long as I bought a top-level domain, and I set up my own BIND server (or other software built) registered to the Internet, then I can arbitrarily add a few fields in front (of course, the length is limited).

For example, a.www.baidu.com, in this URL, www.baidu.com into a two-level domain instead of a host, the hostname is a.

Three Domain Name server

The server that can provide the domain name resolution, the record type above can be a (address) record, NS record (name server), MX (mail), CNAME and so on.

(See also blog: A record, CNAME, MX record, NS record difference and contact in Domain name resolution)

What is the meaning of a record, is to record an IP address and a host name, such as my domain name server is located test.baidu.com, we know this is a level two domain name, and then I have a record in it, recorded the host as a IP, found on the return to you.

If I want to baidu.com this domain name server query a.test.baidu.com Now, then this top-level domain server will find the URL you requested in test.baidu.com this domain, I recorded this two-level domain name server test.baidu.com NS I P. I return to you this address you to check the host for a host.

Domain name servers in these domains are called authoritative servers and provide DNS query services directly. (These servers are not recursive.)

Four Parsing process

So how does our DNS parse a domain name?

1. Now I have a computer, through the ISP access to the Internet, then the ISP will assign me a DNS server, this DNS server is not an authoritative server , but the equivalent of a proxy DNS resolution server, he will help you iterate the authoritative server return of the answer, And then put the final IP back to you.

2. Now my computer to this ISPDNS initiated request query www.baidu.com this domain name, (after netizens reminded: here is actually not ispdns, but should be the user's own computer network settings in the DNS, and not necessarily ispdns. For example, you may have set the 8.8.8.8 manually)

3.ISPDNS get the request, first check your own cache has this address, some words directly back. The IP address that is received at this time will be marked as a non-authoritative server response .

4. If not in the cache, Ispdns will read the address of the 13 root nameservers from the configuration file (these addresses are unchanged, directly in the bind configuration file),

5. Then like one of the initiating requests.

6. After the root server gets this request, it knows that he is a COM. This top-level domain, so the NS records in the COM domain are returned, typically 13 host names and IPs.

7. Then ispdns to one of the requests, the COM domain server found you this request is baidu.com this domain, I found the NS of this domain, then I returned to you, you check again.

(Baidu currently has 4 baidu.com top-level domain servers).

8.ISPDNS again to baidu.com this domain authoritative server initiated the request, Baidu.com received, looked under the host of WWW, this IP returned to you,

9. Then Ispdns gets it back to the client and saves it in the cache.

Let's use the Nslookup tool to take a detailed look at the parsing steps:


From what we can see:

The first row of server is: DNS server hostname--210.32.32.1

The second address is: its IP address--210.32.32.1#53

The following name is: parsed url--www.jsjzx.com

Address is: Resolved ip--112.121.162.168

But there are also more complex DNS analysis such as Baidu:

You will find that Baidu has a CNAME = www.a.shifen.com alias.

How is this a process?

We'll use the Dig tool to track it. (Linux system comes with)

--------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------

The dig tool iterates over the local computer and then logs the query process.


The first step is to get the ispdns of this machine to the root domain service area of the 13 IP and hostname [b-j].root-servers.net.

The second step is to send a www.baidu.com query request to one of the root domain servers (servername, which is inside the closing parenthesis), and he returns the COM. server IP (not shown) and name of the top-level domain,

The third step, a server 192.33.4.12 request to COM. domain, www.baidu.com, he returned the server IP (not shown) and name of the baidu.com domain, Baidu has four top-level domain Servers

"Here you can use dig @192.33.4.12 www.baidu.com to view the returned Baidu top-level domain server IP address."


Fourth step, to Baidu's top-level domain server (202.108.22.220) request www.baidu.com, he found this www has an individual name, not a host, alias is www.a.shifen.com.

--------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- ---

In general logic, when the DNS requests to the alias, the query terminates, but the request to re-initiate the query alias, so here should return is www.a.shifen.com.

But why is the NS of this domain returned to a.shifen.com?

We can try the following command: Dig +trace shifen.com See what the results are ...


You will find that the third step is to shifen.com the domain name server of this top-level domain and baidu.com the domain name server is the same host (ie: dns.baidu.com)!

When I got Www.baidu.com's alias www.a.shifen.com, I would have to go back to the COM domain to find the NS for the shifen.com domain, but because the two domains were on the same NS, they were launched directly to the local computer,

The www.a.shifen.com of the shifen.com domain discovery request belongs to the a.shifen.com domain.

So put a.shifen.com this NS and IP back, let me to a.shifen.com this domain domain name server query www.a.shifen.com.

So I got a record from the NS X a.shifen.com, and eventually the www.baidu.com IP address. "You can also use Dig +trace www.a.shifen.com here to track

Use a diagram to illustrate (the third step of the world only 13 units is wrong)


This conclusion is corrected by the experimental data obtained from the local DNS server in the virtual machine.

In the above analysis, we tracked it with the dig tool, but dig didn't keep track of what happened when we got the CNAME and ns2.a.shifen.com IP from baidu.com.

We conclude that the local DNS will request Www.a.shifenc.om to ns2.a.shifen.com.

In fact, this idea is wrong, build a local DNS on your own locally, crawl the entire parsing process is all package, see on understand pull.

The actual result is that although dns.baidu.com returns the server address and IP for the a.shifen.com domain,

But the local DNS is not directly to the IP request returned above www.a.shifen.com, but once again to request the COM domain, get the shifen.com domain server (that is, the baidu.com of the four units),

Then request www.a.shifen.com, return the server of a.shifen.com domain, the last is to request www.a.shifen.com,

Although the above has returned the IP, but the result of the experiment is to go again shifen.com domain query.


is localdns in the analysis of www.baidu.com the whole process of grasping the package. The blue one is to continue to request shifen.com from the COM domain after receiving the a.shifen.com domain name server IP address of the CNAME and the response.

This diagram fully illustrates the return of the CNAME and also returns the IP of the ns2.a.shifen.com.

So summing up is

① native to local DNS request www.baidu.com

②local DNS requests www.baidu.com to the root domain, the root domain returns COM. domain server IP

③ to COM. domain request www.baidu.com,com. Domain returns the server IP of the baidu.com domain

④ requests www.baidu.com to Baidu.com, returns the server IP of the CNAME www.a.shifen.com and a.shifen.com domains

⑤ request www.a.shifen.com to the root domain

⑥ to COM. domain Request www.a.shife.com

⑦ Request to Shifen.com

⑧ Request to a.shifen.com Domain

⑨ got Www.a.shifen.com's IP.

⑩localdns returns the native www.baidu.com CNAME www.a.shifen.com and www.a.shifen.com IP

002.DNS parsing Process Detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.