Sun GUONIAN, Yuan Wei, technology department, China Internet Network Information Center (CNNIC)
(1) Basic concepts of Domain Name Service
Domain Name System (DNS) is a new name resolution mechanism developed by the host name resolution solution. In September 1984, ARPANET began to use DNS, which became the standard method for accessing host name-to-IP address ing. The most common DNS server on the Internet is the BIND (Berkeley Internet Name Domain) software. The latest BIND release version is 9.3.1.
the Domain Name System parses the host name into an IP address and uses it to a global Hierarchical Distributed Database System. The system contains information about all domain names and IP addresses on the Internet. The database hierarchy allows the Domain Name Space to be divided into independent management parts, called domain ). The distributed feature of the database allows different parts of the database to be allocated to domain name servers on different networks, so that each Domain Name Server can be managed independently.
the DNS domain is a distributed hierarchical system. This structure is very similar to the UNIX file system hierarchy. The root name is represented by an empty tag, it is also called the root domain ). The structure shown in Figure 1 is a typical example. The next level of the root domain is the top-level domain. Top-level domains can be divided into two methods: Geographic domains and general-purpose domains. Geographic regions are set for every country or region in the world, defined by ISO-3166, such as China is CN, the United States is us, and Japan is JP. A general domain is a top-level domain set by institution category, including COM (commercial organization) and edu (educational institution. In addition, with the continuous development of the Internet, the new general top-level domain names are also expanded to the existing domain name system according to actual needs. The newly added general top-level domain names are Biz (commercial ), info (Information Industry. Under a top-level domain name, you can also define a second-level domain name as needed. For example, in China's top-level domain name CN, another domain name is com, net, org, Gov, Edu, for example, BJ represents Beijing and sh represents Shanghai.
Figure 1 Domain Name System Hierarchy
Domain Name Space refers to the reverse tree hierarchy of the DNS Distributed Database. The complete domain name is separated by all nodes in a path from the leaf node to the root node. "connected in order, such as http://www.sina.com.cn /., ". "represents the root domain (when". "When it appears on the rightmost side of the domain name, it actually indicates that there is an empty tag" "representing the root on the right side of the domain name. You can also use the rightmost". ")," cn "is the top-level domain," com "is the second-level domain," Sina "is the third-level domain, and" www "is the host name.
The DNS service management hierarchy allows the management tasks of the entire domain name space to be divided into multiple parts, each of which is managed by itself, and the delegated subdomain has its own Domain Name Server, this server maintains information about all hosts belonging to this subdomain. The domain name server of the parent domain does not retain all information about the subdomain, but only the pointer to the subdomain. The actual information of the domain and subdomain is contained in the zonefile. The domain and subdomain are the logical partitions of the domain name space, A Zone refers to the complete information of a part of the domain name space contained by the Domain Name Server. A domain can have multiple zones. A zone data file is a set of text that contains machine information in a certain domain. Its format is resource record ). The ing method between the host and its IP addresses in these records. Most resource records are as follows: name [TTL] class type data. The name is the domain name. TTL indicates the "survival time", which indicates the interval for the Domain Name Server to update records. The class field indicates the level of the record, generally in, indicating Internet data. The Type field specifies the record type. Parameters required for storing resource records in the data domain. The main resource records are as follows:
|| Start of authority
|| the domain in which the information stored in the data file of a zone is to be applied
|| define the ing between host names and IP addresses
|| canonical name
|| define an alias for the host name
|| mail exchanger
|| specify a host for email exchange
|| define the ing between reverse IP addresses and host names
|| A free text string describing a host
Table 1 main resource record types
(2) Domain Name Server
The domain name resolution process is completed by the domain name resolution server, using the Client/Server mode. Run a service process on the Domain Name Server (named process is generally used in UNIX systems), which resolves the IP address by name. The domain name server stores information about hosts in one or more zones.
Multiple servers are usually set up in one region. This is mainly to improve the reliability of the domain name resolution system, that is, when one of the domain name servers fails, all Domain Name requests can be forwarded to other domain name servers. In addition, domain name requests can be evenly distributed to multiple servers to improve the system's domain name resolution capability and resolution efficiency, in addition, multiple domain name servers can be placed in different places as needed to provide users with nearby resolution of geographical locations.
When there are multiple domain name servers in a region, the Domain Name Server includes the Primary Domain Name Server and the secondary Domain Name Server. The primary Domain Name Server directly loads the information of the region from the Local Zone data file (zonefile, the zone data file contains the host names and corresponding IP addresses of the hosts in the server region. The secondary Domain Name Server contacts the Primary Domain Name Server in charge of the zone at startup, the database of the master server is copied during a "intra-zone transmission" process. After that, you will periodically check whether the data of the Primary Domain Name Server has been modified to keep the data in your database in the latest version.
2. the principle and process of CN Domain Name Service resolution
after introducing the Domain Name Service System's hierarchical structure and the concept of Domain Name Server, we can easily understand the working principle and process of CN Domain name resolution. The working principle and process are divided into the following steps:
Step 1: The user submits a domain name resolution request, and send the request to the Local Domain Name Server.
Step 2: when the local domain name server receives the request, it first queries the local cache. If this record exists, the Local Domain Name Server directly returns the query result.
Step 3: If this record is not found in the local cache, the Local Domain Name Server directly sends the request to the root domain name server, then, the root domain name server returns the address of the Primary Domain Name Server of the Local Domain Name Server for the queried domain (root subdomain, such as CN.
Step 4: the local server sends a request to the domain name server returned in the previous step, and then the server that receives the request queries its cache, returns the address of the record corresponding to this request or the subordinate Domain Name Server. The Local Domain Name Server saves the returned results to the cache.
Step 5: Repeat Step 4 until a correct record is found.
Step 6: The Local Domain Name Server saves the returned results to the cache for the next use and returns the results to the client.
the following example visually describes the process of resolving a CN Domain Name. Assume that the client wants to obtain the IP address of the server with the domain name "www.sina.com.cn". The Local Domain Name Server of this client is nm.cnnic.cn (188.8.131.52). The domain name resolution process is as follows:
(1) the client sends a request to resolve the domain name www.sina.com.cn.
(2) after receiving the request, the Local Domain Name Server queries the local cache. If this record is not found, the Local Domain Name Server nm.cnnic.cn sends a request to the root domain name service to resolve the domain name www.sina.com.cn.
(3) after receiving the request, the Root Domain Name Server determines that the domain name belongs. in the CN Domain, six NS records and corresponding a records (or AAAA records used by IPv6) are queried. The following results are obtained and returned to the server nm.cnnic.cn:
CN. 172800 in NS ns.cnc.ac.cn.
CN. 172800 in NS dns2.cnnic.net.cn.
CN. 172800 in NS ns. CERNET. net.
CN. 172800 in NS dns3.cnnic.net.cn.
CN. 172800 in NS dns4.cnnic.net.cn.
CN. 172800 in NS dns5.cnnic.net.cn.
Ns.cnc.ac.cn. 172800 in AAAA 2001: dc7: 1
Ns.cnc.ac.cn. 172800 in a 184.108.40.206
Dns2.cnnic.net.cn. 172800 in AAAA 2001: dc7: 1000: 1
Dns2.cnnic.net.cn. 172800 in a 220.127.116.11
NS. CERNET. net. 172800 in a 18.104.22.168
Dns3.cnnic.net.cn. 172800 in a 22.214.171.124
Dns4.cnnic.net.cn. 172800 in a 126.96.36.199
Dns5.cnnic.net.cn. 172800 in a 188.8.131.52
(4) After the Domain Name Server nm.cnnic.cn receives a response, it first caches the above results and sends a request to one of the servers in the. CN domain, such as ns.cnc.ac.cn, to resolve the domain name www.sina.com.cn.
(5) After receiving the request, the Domain Name Server ns.cnc.ac.cn determines that the domain name belongs to the .com.cn domain and queries the local records. The following six NS records and corresponding a records are found:
Com.cn. 172800 in NS sld-ns1.cnnic.net.cn.
Com.cn. 172800 in NS sld-ns2.cnnic.net.cn.
Com.cn. 172800 in NS sld-ns3.cnnic.net.cn.
Com.cn. 172800 in NS sld-ns4.cnnic.net.cn.
Com.cn. 172800 in NS sld-ns5.cnnic.net.cn.
Com.cn. 172800 in NS cns.cernet.net.
Cns.cernet.net. 68025 in a 184.108.40.206
Sld-ns1.cnnic.net.cn. 172800 in a 220.127.116.11
Sld-ns2.cnnic.net.cn 172800 in a 18.104.22.168
Sld-ns3.cnnic.net.cn. 172800 in a 22.214.171.124
Sld-ns4.cnnic.net.cn. 172800 in a 126.96.36.199
Sld-ns5.cnnic.net.cn. 172800 in a 188.8.131.52
Then return the result to the server nm.cnnic.cn.
(6) The Domain Name Server nm.cnnic.cn after receiving the response, first cache the above results, and then to one of the .com.cn Domain Server, such as sld-ns1.cnnic.net.cn. sent a request to resolve the domain name www.sina.com.cn message.
(7) Domain Name Server sld-ns1.cnnic.net.cn. After receiving the request, judge that the domain name belongs to the .sina.com.cn domain, start to query local records, find 3 NS records and the corresponding a records:
Sina.com.cn. 43200 in NS ns1.sina.com.cn.
Sina.com.cn. 43200 in NS ns2.sina.com.cn.
Sina.com.cn. 43200 in NS ns3.sina.com.cn.
Ns1.sina.com.cn. 43200 in a 184.108.40.206
Ns2.sina.com.cn. 43200 in a 220.127.116.11
Ns3.sina.com.cn. 43200 in a 18.104.22.168
Then, return the result to the server nm.cnnic.cn.
(8) after receiving a response from nm.cnnic.cn, the Server caches the preceding results and sends a request to one of the domain name servers in the sina.com.cn domain, such as ns1.sina.com.cn.
(9) The Domain Name Server ns1.sina.com.cn. After receiving the request, start to query local records and find the following cname records and corresponding a records, additional NS records and corresponding a records:
Www.sina.com.cn. 60 in cname jupiter.sina.com.cn.
Jupiter.sina.com.cn. 60 in cname libra.sina.com.cn.
Libra.sina.com.cn. 60 in a 22.214.171.124
Libra.sina.com.cn. 60 in a 126.96.36.199
Libra.sina.com.cn. 60 in a 188.8.131.52
Libra.sina.com.cn. 60 in a 184.108.40.206
Libra.sina.com.cn. 60 in a 220.127.116.11
Libra.sina.com.cn. 60 in a 18.104.22.168
Libra.sina.com.cn. 60 in a 22.214.171.124
Libra.sina.com.cn. 60 in a 126.96.36.199
Libra.sina.com.cn. 60 in a 188.8.131.52
Libra.sina.com.cn. 60 in a 184.108.40.206
Libra.sina.com.cn. 60 in a 220.127.116.11
Libra.sina.com.cn. 60 in a 18.104.22.168
Libra.sina.com.cn. 60 in a 22.214.171.124
Libra.sina.com.cn. 60 in a 126.96.36.199
Libra.sina.com.cn. 60 in a 188.8.131.52
Libra.sina.com.cn. 60 in a 184.108.40.206
Sina.com.cn. 86400 in NS ns1.sina.com.cn.
Sina.com.cn. 86400 in NS ns2.sina.com.cn.
Sina.com.cn. 86400 in NS ns3.sina.com.cn.
Ns1.sina.com.cn. 86400 in a 220.127.116.11
Ns2.sina.com.cn. 86400 in a 18.104.22.168
Ns3.sina.com.cn. 86400 in a 22.214.171.124
Return the result to the server nm.cnnic.cn.
(10) The server nm.cnnic.cn saves the obtained results to the local cache and returns the results to the client. This completes a domain name resolution process and describes the resolution process:
Figure 2Www.sina.com.cnDomain name resolution process
3. Structure of the CN Domain Name Resolution Service
CNNIC, as the registration and management institution of China's top-level domain name CN, is responsible for running the CN Domain Name root server. To improve the reliability and efficiency of System DNS resolution, the CN top-level domain ("cn" Domain) and CN second-level domain (including 39 such as "com.cn". For more information, see references 3, the same below) domain name servers use multiple domain name resolution servers in different regions of China.
(1) Relationship between primary and secondary updates of CN Domain name servers
CNNIC has 6 "cn" Domain servers to provide formal DNS services. There are also six servers in the CN second-level domain for formal DNS service. See figure 3 and figure 4.
Figure 3 "cn" Domain primary/secondary data update relationship
Figure 4 Relationship between primary and secondary data updates in the CN second-level domain
(2) data file updates in the CN Domain name resolution Area
The primary DNS of the "cn" domain and the CN second-level domain obtains the data file from the zone file server, checks the data file to ensure that the data file is correct, and then loads the data file, the "cn" domain and 39 second-level domains are updated.
1. rfc1034, rfc1035
2. ISO-3166-3, 1999, refer to the web page:
3. The Ministry of Information Industry on China's Internet Domain Name System announcement, 2002.11.22, reference page: http://www.cnnic.cn/html/Dir/2003/10/29/1101.htm
4. DNS and bind (Chinese Translation of version 4) Paul albitz & cricket Liu translated by Lei Yingchun et. China Power Press 2002
5. Bind official website (http://www.isc.org)
6. Practical tutorial on UNIX network management, edited by Xu guoping, Tsinghua University Press 2002