DNS and its main defects

DNSIt is composed of a parser and a Domain Name Server. A Domain Name Server is a server that stores the domain names and corresponding IP addresses of all hosts in the network and converts a domain name to an IP address. The domain name must correspond to an IP address, but the IP address does not necessarily have a domain name. The domain name system adopts a hierarchical structure similar to the directory tree.

At the beginning of, the main reason why dnsis constantly rising along with the number of connections on the Internet, it is increasingly difficult and unreliable to find the other party through the corresponding hosts.txt file. DNS has successfully solved this problem. In general, it is very robust and the scalability of large-scale applications is also very good, and it is easy to extend to some new fields (such as IPv6 and E.164 ).

DNS, as the key infrastructure of the Internet, still has four main problems:

Technical aspect: RFC1035 stipulates that the DNS protocol is based on UDP and can only be 512 bytes at most. At most, there are 13 root servers in the world. IP fragmentation is hard to process, and DNSSEC and IPv6 are hard to support. Two solutions are proposed. One is that although ENDS0 is expanded, there are few practical applications. The other is to encourage TCP-based DNS, but it may bring about more problems. Other problems include buffer zone poisoning, failure to know root server pollution caused by illegal gTLD and ccTLD, UDP spoofing attacks, and root key management and update problems in DNSSEC, when IPv6 coexist, DNS serial resolution adds new latency and uses similar characters for phishing.

Implementation: The commonly used name server software (BIND and Windows) has some security vulnerabilities that can be exploited in history, which can be used for attacks such as drugs, man-in-the-middle attacks, and DOS attacks, especially in recursive parsing. In addition, because of invalid TLD, repeated resolution, and source address errors (such as RFC1918), 75%-98% of the traffic on the root server is actually unnecessary, DNS is contaminated by the lack of caching, UDP loop monitoring, anycast, and over-deployed DNS. In addition, WEB browsers also like to add unresolvable names to applications.

Operation: for example, unqualified agencies, network differences, open parsing software, no SOA, complex mutual dependencies of name servers, TTL settings, and random extension of name space, use DNS as a server Load balancer technology.

Registration: there is no need to talk about the chaos in the market.

The following describes the DNS redirection defects:

This routing solution is considered an effective technology because it fully utilizes the existing network structure and has a simple structure, it is the main routing technology used in current CDN applications. However, its performance bottleneck is very prominent.

(1) The RTT of DNS redirection is much larger than the RTT of content provided by the content server. It takes a long round-trip to locate the content server that is very close to the user. The redirection process includes accessing the remote root DNS and redirecting the DNS server (figure 6 ). On the contrary, the last accessed content server is very close to the user. Obviously, the RTT consumed by DNS redirection is much greater than the RTT used by users to access the Content Server (figure 6 ). RTT has become one of the bottlenecks for CDN performance improvement.

(2) When we increase the network bandwidth, We will shorten the time for user requests to reach the root DNS and redirect the server. Massive DNS data query and redirection delay in the complex DNS locating and selection process, virtually leading to another bottleneck in improving network performance.

(3) CDN is distributed, while the redirection DNS technology is central server. As the centralized access to the root DNS and the redirection DNS forms a network congestion point, one of the CDN's design goals is to avoid network congestion points, which forms a conflict. Centralized access to the server will undoubtedly increase the server load and further lead to data query and processing latency. In addition, due to the use of the central server, the redirection DNS technology is not reliable. If the link to the central DNS is severely congested or even disconnected, you cannot access the content server that is adjacent to it.

Through the above analysis, we believe that you have a deeper understanding of DNS, which requires readers to pay more attention when learning network protocols.