DNS protocol detailed

Source: Internet
Author: User
Tags readable reserved domain name server name database truncated
DNS is an application-level protocol, and DNS provides a mechanism for translating a human-readable hostname or domain name into a computer or network-readable digital address, making it possible for the wide application of the interconnection network.

I. Basic concepts related to DNS
(1) Domain name and top-level domain
1) Domain name
Domain name is typically the host name where the user resides. The domain name format is composed of several parts, each of which is referred to as sub-domains, which are used between them. "Separate, each part consists of at least two letters or numbers. City names are usually constructed in a hierarchical structure, with each subdomain having its own specific meaning. From right to left, subdomains represent the names of different countries or regions (only the United States can omit top-level domain names that represent countries), organization types, organization names, sub-organization names, computer names, and so on, such as www.example.com, a typical example of a domain name.
2) The last part of the domain name address is called a high-level domain name (or top-level domain)
It can be broadly divided into two categories: one is the organizational top-level domain, and the other is the geographic top-level domain name.
The starting point for the ① organizational top-level domain is to illustrate the types of organizations that have and are responsible for those Internet hosts. Table 7-36 gives some of the organization's classifications and their corresponding organizational top-level domains.
 


Table 7-36 organizational top-level domain???? ② Organizational domain name in addition to the international organization domain name, other types of organizations have existed when the Internet was born, but with the increasing internationalization of the Internet, the organization of the top-level domain name has become difficult to meet the demand, so the emergence of a new geographical top-level domain name. A ground-level domain name is a two-letter abbreviation that completely represents a country and region.
(2) The composition of the domain Name System
The domain name addresses in the Internet are equivalent to IP addresses, which are mapped and transformed between them through the DNS of the domain Name System. In fact, the DNS system is a distributed address information database system, using client/server mode, the server contains a part of the entire database information, and for the customer to query. DNS allows partial control over portions of the entire database, but each part of the database can be queried through a full network.
Each host on the network has a domain name, pointing to host-related information, such as an IP address. A host can also have aliases for one or more domains, and it simply points from one domain name (alias) to another (the official domain name). DNS takes advantage of the hierarchy: Organizations are free to select domain names within their organizations, as long as the uniqueness of the organization is guaranteed, without worrying about conflicts with domain names in other organizations.
The domain Name system uses the client/server model, consisting of three parts: the domain name database, the domain name server, and the address resolver.
The respective functions are as follows:
• The address resolver is the client, responsible for querying the name servers, interpreting the responses returned from the server, and returning the information to the requester.
• The domain name server is a server party that stores and manages the domain name database of the jurisdiction, receives requests from the address resolver, and makes recursive and non-recursive queries according to the request type. The query results are also returned to the address resolver (each host in the network can be either a client or a server side).
• Domain name database
The domain name database is a large distributed database distributed across the entire network, storing the related data hierarchically, which can be understood as an inverted tree (see figure 10-2), where each node in the tree represents a domain and stores the region and resource records (RRS) associated with that domain. For use by a domain name server query. The composition of the domain Name system is shown in Figure 7-37.
 


Figure 7-37 DNS Structure???? (3) resource records
In a domain name server configuration file contains several resource records to help address resolver for address resolution. The information contained in the resource records in the configuration file is shown in table 7-38 resource record examples, and the contents and meanings of the records in the table are interpreted in relation to the DNS message format.
 


Table 7-38 sample resource records in the configuration file???? (4) Classification of domain name data
Domain name data is divided into two types of data: authorization data and buffered data.
1) Authorization data
Authorization data is an authorized data that is derived from the Domain name server responsible for storing the data, which is the most recently obtained new data and is considered to be the correct data. This kind of data is of high value, but it costs a lot of time to get authorization data. Usually the host in the message header in the address resolution request to indicate whether to require authorization data (see Figure 10-30 Message header format).
2) Buffered data
Buffered data is the response data of an earlier request or interaction and is stored by the host in a local buffer. This type of data is slightly less useful than authorization data, but the cost of time is low. In general, buffering data is also useful to some extent in the stable state of the Internet.
(5) Domain name area
If there is only one domain name server in the entire network and it stores all the DNS information, then the domain name conversion processing is much simpler, because the network of any host to the domain name query requests are sent to the only one domain name server, it is responsible for the query processing and feedback to the host to issue the query. However, this solution can not meet the changing needs of the network and users, whether from the data storage or data transmission speed requirements. In order to meet the change of the network and large data storage or transfer speed from the data, DNS uses a tree structure of the domain name database organization and management, each node in the tree represents the domain Name System. Domains can be further partitioned into subdomains, each of which has a domain name and is managed by different organizations, and defines its location in the database. We already know that in DNS, a full domain name is a string that consists of all the tokens from the domain up until the root, and the tokens are used between them. "Separate.
1) Definition of domain name area
In order to facilitate the effective management of the domain name information in the tree, the concept of domain name region is introduced. A domain name area is part of a namespace that a domain name server is responsible for managing. The domain name server is responsible for maintaining authorization data for its own administrative area. The domain name area composition is shown in Figure 10-2.
A domain name area is defined by a set of authorization data in a resource record. The contents are:
• Resource records for all nodes in the domain name area.
• Information for top-level nodes in the domain name area. As in Figure 7-39, the top node of the exam2.com zone is the exam2.com,exam2.com node that can hold information that manages all nodes in the zone.
• Delegate sub-region information (the area that is delegated to other sub-regions in the region).
 


Figure 7-39 DNS zone and sub-region schematic???? 2) Use domain name region information to resolve domain name address
When a host requests the IP address of the domain name payroll.h2.Exam2.com, its address resolver first obtains domain. com domain name information from the root node of the tree, Then, from the domain name server of. com to obtain the domain name information of the sub-zone exam2.com under its jurisdiction, so that the query is down-to-back until it reaches the domain name server in the Payroll.h2.Exam2.com sub-zone, obtains its corresponding IP address, and feeds back to the address resolver.
(6) Recursive query and non-recursive query
In summary, a single domain name server can not be a complete answer to each domain name query, but it could be the query path to make an accurate response. That is, when a domain name server stores all of the authorization information for a domain requested by a domain name query, it can directly give the desired query results, otherwise it must give the most recent name server with the required information in order to continue the query. The so-called recent domain name server is typically the name server of the parent node in the zone tree shown in Figure 7-39, and once the domain name server with the target domain name information is queried, the domain name server automatically sends the destination address information to the requester. Otherwise, the domain name server continues to recommend to the requester another name server that is closer to the target, which continues until the requester gets the correct results or when an error occurs while using the authorization information to access a domain name server. This query process may be repeated several times.
1) Recursive query
The so-called recursive query means that the first domain name server that receives the request must process the request from start to finish, or make a request to another domain name server and eventually obtain authorization data, and answer the request. When a recursive query is used, the domain name server returns the buffered data directly when the requested domain name information is in its own buffer. The recursive query request flag is not valid at this point (see DNS header Introduction). The recursive query is shown in Figure 7-40.
2) non-recursive query
The so-called non-recursive query means that the first domain name server that receives the request can return reliable data (itself sometimes), or it can return pointers to other servers (equivalent to passing the baton of the query to the nearest nameservers). The difference between a recursive query and a non-recursive query can be seen in Figure 7-40.
The host's address resolver can specify whether or not to use recursion to return non-recursive queries at query time. The non-recursive query method is faster than the recursive query method.
Second, the message format of the DNS
DNS messages consist of headers and body segments, and DNS has four types of body segments: query segments, answer segments, authorization segments, and additional segments. The concrete composition is shown in 7-41.
 


Figure 7-41 DNS message structure???? The query segment in the body segment is used for the host to make address resolution requests to the domain name server, the answer segment, authorization segment, and additional segments for the domain name server to return address resolution results to the host. The format of the DNS header and body segment is described in detail below.
(1) DNS message header format
The DNS message header format is shown in Figure 7-42.
 


7-42 DNS Header format???? The meanings of each field are summarized as follows:
ID: This is a 16-bit identifier specified by the program that generated the DNS query. The identifier is also used by subsequent response messages, which the applicant uses to match the answer to the original request.
qr: This field occupies 1 bits to indicate whether the DNS message is a request (0) or an answer (1).
opcode: This field occupies 4 bits and is used to specify the type of query. A value of 0 indicates a standard query, a value of 1 indicates a reverse query, a value of 2 means a query server state, a value of 3 is reserved, a value of 4 means notification, a value of 5 indicates an update message, and the value 6~15 is left as a new action.
aa: This field occupies 1 bits and is only set when answered. A value of 1 means that the domain name server being answered is the administrative authority of the queried domain name or the domain name server that is authorized.
TC: This field occupies 1 bits, which represents the truncation flag. The bit is set to 1 if the length of the message is fragmented than is allowed by the transmit channel.
Rd: This field occupies 1 bits and is optional, indicating whether recursion is required or not. If 1, this means that the DNS interpreter requires the DNS server to use a recursive query.
RA: This field is 1 bits, which means that the domain name server being answered can perform a recursive query regardless of the query segment.
• Z: This field occupies 3 bits, the reserved field, and its value must be 0 for query and answer.
Rcode: This field occupies 4 bits, which is set only when DNS replies. To indicate whether an error has occurred.
Allowable values range and meaning are as follows:
0: There is no error condition, the DNS response behaves as error-free.
1: Malformed, the DNS server cannot interpret the answer.
2: Fatal failure because an error occurred on the name server, the DNS server could not process the query.
3: Name error, if the DNS answer comes from an authoritative domain name server, it means that the name mentioned in the DNS request does not exist.
4: Not implemented. This DNS request message is not supported by the DNS server.
5: The DNS name server refuses to process the request because of a security or policy setting issue.
6 ~15: Reserved for later use.
qdcount: This field occupies 16 bits, indicating the number of query problems in the DNS query segment.
ancount: This field occupies 16 bits, indicating the number of resource records returned in the DNS answer segment, which is 0 in the query segment.
nscount: This field occupies 16 bits, indicating the number of resource records for the authoritative name server included in the DNS answer segment, which is 0 in the query segment.
arcount: This field occupies 16 bits, indicating the number of resource records contained in the additional segment, and the value is 0 in the query segment.
(2) DNS body segment
In the DNS message, its body segment is encapsulated in the DNS header shown in Figure 7-42. DNS has four types of body segments: query segments, answer segments, authorization segments, and additional segments.
1) format of the query segment
Figure 7-43 shows the format of the query segment. The meanings of each field are:
QName: This field is a variable-length field that contains a requested domain name, denoted by a series of labels, each of which consists of an octal followed by an octal number that represents the length.
qtype: This field occupies 16 bits, specifying the resource type (type) of the query, which matches a type value to a specified resource record (some common qtype values can be matched to multiple resource records), the value can be a (Request host IP address), NS (Request authorization Domain name server) or CNAME (Request return canonical name, or the real name that corresponds to the alias used by a host).
qclass: This field occupies 16 bits, specifying the category of the query (class), such as inet, to represent the Internet and IP address queries.
 


Figure 7-43 The format of the query segment in the DNS message???? 2) The format of the answer segment, authorization segment, additional segment
     query segment is the request message that the host sends to the domain name server to convert the domain name to an IP address. The domain name server follows the host query type, after querying the resource record database, returns the answer segment, authorization segment or additional segment containing the resource record, and the resource record tells the host the information queried. The answer segment, authorization segment, and additional segment have the same format, as shown in Figure 7-44. The meanings of the
     fields are described as follows:
      name: This field is a variable length field, The domain name corresponding to the resource record (same as QName in the query segment issued by the host).
      type: occupies 16 bits, which is the same as the Qtype in the query segment.
      class: occupies 16 bits, which is the same as the Qclass in the query segment.
      ttl: 32-bit, which represents the life cycle (in seconds) of a resource record, and is typically used when the address resolver takes a resource record to decide when to save and use the cached data.
      rdlenth: occupies 16 bits, which represents the length, in bytes, of the resource data.
      rdata: This field is a variable-length field that represents the data for the related resource records returned by query segment requirements. The type value is a, a 4-byte host IP address is returned, if the type value is NS, the domain name of the authoritative name server is returned, if the type value is a CNAME, the canonical name is returned, or the host uses the actual name that corresponds to the alias.


Figure 7-44dns The format of an answer segment, authorization segment, or additional segment???? Iii. working procedures and examples of DNS
(1) The working process of DNS
Domain Name System is a distributed system, and its management and control is also distributed. When a user A finds the domain name of another user B, the process of working with the domain Name system is shown in Figure 7-45.
 


Figure 7-45 DNS basic work process???? In the DNS lookup domain name process, the domain name server in order to obtain an IP address often need to query multiple domain name servers. So, while querying the address, the local domain name server also obtains many other domain name server's information, like their IP address, the responsibility area and so on, the local domain name server has stored this information together with the final query to the host IP address in its buffer, for future reference. The next time the parser queries the information related to these domain names, it can be referenced directly. In this way, the query time is greatly reduced.
(2) DNS working instance
The following is a DNS query instance that asks to find the IP address of the www.internet-standard.com domain name.
1) DNS Query message
The DNS query message sent by the query host is shown in Figure 7-46. The header meaning of its DNS query message is as follows:
qr=0: Expressed as a query segment.
opcode=0000: Expressed as a standard query.
aa=0: Expressed as not requiring authorization.
tc=0: Not truncated.
rd=1: Expressed as a requirement for recursive queries.
ra=0: This item is related to the reply, is not related to the query, and is therefore set to zero.
z=000: Reserved position
rcode=0000: This is the setting of the reply message, which is not related to the query, so it is set to 0.
Qdcount=1: This item represents only 1 query information.
ancount=0: The item represents the number of resource records returned when the answer is answered, and is set to 0 because it is a query information.
nscount=0: This item represents the number of authorization server resource records returned when answering, and should be set to zero for query segments.
arcount=0: The item represents the number of additional authoritative domain name server resource records returned when the answer is answered, and should be set to zero for the query segment.
qname=www.internet-standard.com: This item gives the domain name that is required to query.
Qtype=a: The entry indicates that a query IP address is required.
Qclass=inet: This item represents the IP address of the Internet query.
 


Figure 7-46 Querying DNS message content???? 2) DNS Response message
The related domain name server receives the DNS query message, carries on the solution packet analysis, through the determination, determines the general recursive query message, To query the domain name is www.internet-standard.com, and know that the request to return the corresponding IP address, after a series of query processing, obtained the corresponding resource record RRS, return to the above DNS query section corresponding to the DNS response message, the specific response message as shown in Figure 7-47.
①dns Answer Header Interpretation
In the DNS reply header, you only need to modify the fields related to the answer: QR, RA, RCODE, Ancount, Nscount, Arcount.
Qr=1: Expressed as an answer segment.
opcode=0000: Expressed as a standard query.
aa=0: Expressed as not requiring authorization.
tc=0: Not truncated.
rd=1: Expressed as a requirement for recursive queries.
ra=1: Indicates that the domain name server being answered can perform a recursive query.
z=000: Reserved position
rcode=0000: The item is a setting for the response condition with a value of zero indicating no error.
Qdcount=1: This item represents only 1 query information.
ancount=2: The item indicates that the number of return resource records is 2 when answering.
nscount=2: This item indicates that the number of authorization server resource records returned when answering is 2.
arcount=0: The item represents an answer when the number of additional authoritative domain name server resource records returned is 0.
qname=www.internet-standard.com: This item gives the domain name that is required to query.
Qtype=a: The entry indicates that a query IP address is required.
Qclass=inet: This item represents the IP address of the Internet query.
②dns Answer section query segment explanation
In the DNS reply message, the contents of the original query segment are still appended to the header. But the content does not change.
Explanation of the first resource record in the ③dns answer section
name= www.internet-standard.com: The domain name to query, that is, the corresponding domain name in the resource record.
type=cname: means that www.internet-standard.com is an alias.
class= inet: Said to be the Internet.
ttl=60: The lifetime of the resource record is 60 seconds (in seconds).
rdlenth=2: Indicates that the length of the resource data is 2 bytes, in bytes, where the pointer level is.
rdata= internet-standard.com: The host uses the real name that corresponds to the alias.
Explanation of the second resource record in the ④dns answer section
name= internet-standard.com: The real domain name of the host to be queried, the value of "RDATA" returned by the previous resource record.
type=a: Indicates the IP address to be queried for internet-standard.com.
class= inet: Said to be the Internet.
ttl=60: Ibid.
rdlenth=4: Indicates that the resource data has a length of 4 bytes (the IP address length represented by Rdata).
rdata=216.92.98.204: The IP address of the host's real domain name.
The first authorization resource record explanation in the ⑤dns answer section
Name= internet-standard.com: The real domain name of the host to query.
Type=ns: The returned resource record is the domain name of the authorization server.
class= inet: Said to be the Internet.
ttl=60: Ibid.
rdlenth=1: Indicates that the resource data has a length of 11 bytes.
rdata=ns00.ns0.com: The domain name of the authorization server that manages the request domain.
Explanation of the second authorization resource record in the ⑥dns answer section
name= internet-standard.com: The real domain name of the host to query.
Type=ns: The returned resource record is the domain name of the authorization server.
class= inet: Said to be the Internet.
ttl=60: Ibid.
rdlenth=13: Indicates that the resource data has a length of 13 bytes.
rdata= ns130.pair.com: The domain name of another licensing server that manages the request domain.
 


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.