DNS Understanding-Re-learning computer networks

Transferred from: http://www.ruanyifeng.com/blog/2016/06/dns.html

DNS is one of the core Internet protocols. Whether it's surfing the web or programming, you need to know a little bit about it.

This article describes in detail the principle of DNS and how to use the tool software to observe its operation. My goal is that after reading this article, you will be able to fully understand DNS.

First, what is DNS?

The role of DNS (the domain name System abbreviation) is very simple, which is to isolate the IP address based on the domain name. You can think of it as a huge phone book.

For example, if you want to access the domain name math.stackexchange.com , the first thing to do is to find out its IP address by DNS 151.101.129.69 .

If you do not know why you must find the IP address, in order to network communication, it is recommended to read my "Introduction to Internet Protocol."

Second, the inquiry process

Although only one IP address needs to be returned, the query process for DNS is complex and is divided into multiple steps.

The tool software dig can display the entire query process.

$ dig math.stackexchange.com

The above command outputs six pieces of information.

The first paragraph is query parameters and statistics.

The second paragraph is the query content.

The above results indicate that the query domain name math.stackexchange.com A record, A is the address abbreviation.

The third paragraph is the reply of the DNS server.

The results above show that math.stackexchange.com there are four A records, four IP addresses. 600is the TTL value (the abbreviation for Time to live), which means that the cache times are not re-queried within 600 seconds.

The fourth section shows stackexchange.com the NS Records (abbreviated by Name Server), which servers are responsible for managing stackexchange.com DNS records.

The results above show a stackexchange.com total of four NS records, four domain name servers, and what IP addresses to be known to any one of math.stackexchange.com the queries.

The fifth paragraph is the IP address of the above four domain name servers, which are returned with the previous paragraph.

The sixth paragraph is some transfer information for the DNS server.

The results above show that the DNS server for this machine is 192.168.1.253 , the query port is (the default port of the DNS server), and the response length is 305 bytes.

If you don't want to see so much content, you can use +short parameters.

+short math.stackexchange.com151.101.129.69151.101.65.69151.101.193.69151.101.1.69

The above command returns only math.stackexchange.com the corresponding 4 IP addresses (that is, A Records).

Third, DNS server

Below we according to the previous example, step by step restore, this machine exactly how to get math.stackexchange.com the IP address of the domain name.

First, the machine must know the IP address of the DNS server, or not on the network. Through a DNS server, you can know exactly what the IP address of a domain name is.

The IP address of the DNS server, which may be dynamic, is assigned by the gateway each time it is online, which is called the DHCP mechanism, or it may be a fixed address specified beforehand. Inside the Linux system, the IP address of the DNS server is saved in the /etc/resolv.conf file.

The DNS server in the example above is 192.168.1.253 , this is an intranet address. There are some public network DNS servers that can also be used, the most famous of which is Google 8.8.8.8 and Level 3 4.2.2.2 .

This machine only queries its own DNS server, and the dig command has a @ parameter that displays the results of queries to other DNS servers.

$ dig @4.2.2.2 math.stackexchange.com

The above command specifies a query to the DNS server 4.2.2.2 .

Iv. Hierarchy of domain names

How can a DNS server know the IP address of each domain name? The answer is a hierarchical query.

Take a closer look at the previous example, with one more point at the tail of each domain name.

For example, the domain name math.stackexchange.com is displayed as math.stackexchange.com. . This is not negligence, but the tail of all domain names, in fact, there is a root domain name.

For example, the www.example.com real domain name is www.example.com.root , abbreviated to www.example.com. . Because, the root domain name .root is the same for all domain names, so it is usually omitted.

The next level of the root domain name is called "Top-level domain" (top-level domain, abbreviated as TLD), for example .com , and .net next level is called "Secondary domain name" (second-level domain, abbreviated as SLD), such as www.example.com the .example , this level of domain name is the user can register, and then the next level is the hostname (host), such as the www.example.com inside www , also known as "three-level domain name", which is the user in their own domain for the server assigned name, is the user can be arbitrarily assigned.

To summarize, the hierarchical structure of the domain name is as follows.

主机名.次级域名.顶级域名.根域名# 即host.sld.tld.root

Five, root domain name server

The DNS server makes hierarchical queries based on the hierarchy of domain names.

It should be clear that each level domain has its own NS record, and NS records the domain name server that points to that domain name. These servers know the various records for the next level of domain names.

The so-called "hierarchical query", that is, starting from the root domain name, and then query the NS records of each level domain name, until the final IP address is found, the process is generally as follows.

1. NS Records and A records (IP addresses) for top-level nameservers from "Root name server"
2. NS Records and A records (IP addresses) for sub-domain name servers from top-level nameservers
3. Isolate the IP address of the hostname from the secondary domain name server

Looking closely at the process above, you may find that there is no mention of how the DNS server knows the IP address of the "Root name server". The answer is that the NS records and IP addresses of the "root nameservers" are generally unchanged, so they are built into the DNS server.

The following is an example of a built-in Root name server IP address.

In the list above, the .root three NS records of the root domain name (), A.ROOT-SERVERS.NET B.ROOT-SERVERS.NET and C.ROOT-SERVERS.NET their IP address (that is, the A record 198.41.0.4 ) 192.228.79.201 192.33.4.12 , are listed.

In addition, you can see that the TTL value for all records is 3.6 million seconds, which is equivalent to 1000 hours. That is, the list of root name servers is only queried once every 1000 hours.

Currently, there are 13 groups of root name servers in the world, from all A.ROOT-SERVERS.NET the time M.ROOT-SERVERS.NET .

Vi. Examples of graded queries

digThe parameters of the command +trace can display the entire hierarchical query process for DNS.

+trace math.stackexchange.com

The first paragraph of the above command lists . all NS records for the root domain name, which is all root name servers.

Based on the built-in Root name server IP address, the DNS server issues a query request to all these IP addresses, asking math.stackexchange.com for the NS records of the top-level domain Servers com. . The root name server that is first replied to will be cached and then sent only to this server for request.

Then the second paragraph.

The above results show .com 13 NS records for the domain name, along with the corresponding IP address for each record.

The DNS server then issues a query request to these top-level nameservers, querying math.stackexchange.com the NS records for the secondary domain name stackexchange.com .

The above results show stackexchange.com that there are four NS records, along with the corresponding IP address for each NS record.

The DNS server then queries math.stackexchange.com the host names of the four NS servers above.

The results above show that math.stackexchange.com there are 4 A records, that is, the four IP addresses can be accessed to the website. It also shows that the NS server that first returns the result is the ns-463.awsdns-57.com IP address 205.251.193.207 .

Seven, NS Records of the query

digcommand to view the NS records for each level of domain name separately.

$ dig ns com$ dig ns stackexchange.com

+shortThe parameters can display simplified results.

+short ns com$ dig +short ns stackexchange.com

Viii. record types for DNS

The correspondence between the domain name and the IP is called the record. According to the usage scenario, the "record" can be divided into different types (type), and the records and records are already seen in the previous section A NS .

The common DNS record types are as follows.

(1) A : Address record, which returns the IP address that the domain name points to.

(2) NS : Domain Name server record (name server), returns the server address that holds the next level of domain name information. The record can only be set to a domain name and cannot be set to an IP address.

(3) MX : Message record (mail eXchange), which returns the address of the server receiving the e-mail.

(4) CNAME : Canonical name record (Canonical name), return another domain name, that is, the domain name of the current query is another domain name jump, see below.

(5) PTR : Reverse query record (Pointer record), only used to query the domain name from the IP address, see below.

In general, for the security of the service, there should be at least two NS records, and Records A and MX records can have more than one, which provides the redundancy of the service to prevent a single point of failure.

CNAMERecords are used primarily for domain name internal jumps, providing flexibility for server configuration, which is not perceived by the user. For example, facebook.github.io this domain name is a CNAME record.

$ dig Facebook. GitHub, I-:facebook.github.io3370 in CNAME github.map .fastly.net.map.fastly .net600 in A 103.245.222.133             

The above results show that facebook.github.io the CNAME record points to github.map.fastly.net . That is, the facebook.github.io IP address that is actually returned when the user queries github.map.fastly.net . The advantage is that when changing the server IP address, as long as the github.map.fastly.net domain name can be modified, the user's facebook.github.io domain name without modification.

Since the CNAME record is a replacement, once the domain name is set, it CNAME is no longer possible to set up other records (such as A Records and MX Records) to prevent conflicts. For example, foo.com pointing bar.com , and two domain names each have their own MX records, if the two inconsistencies, it will create problems. Because top-level domains typically set MX records, users are generally not allowed to record top-level domain names CNAME .

PTRRecords are used to reverse the domain name from an IP address. digthe parameters of the command are -x used to query PTR records.

$ dig -x 192.30. 252.153.:153.252 30.192. In-addr.arpa Span class= "token number" >3600 in PTR pages.github            

The above results show that the 192.30.252.153 domain name of this server is pages.github.com .

One application of reverse query is to prevent spam, that is, to verify the IP address of the sending message, and whether it really has the domain name it claims to have.

digcommand to view the specified record type.

$ dig a github.com$ dig ns github.com$ dig mx github.com

Ix. Other DNS Tools

In addition, there are dig some other gadgets that you can use.

(1) Host command

hostCommands can be thought dig of as a simplified version of a command that returns various records of the current requested domain name.

$ host GitHub. Comgithub. com has address192.30.252.121github. com mail is handled by5 ALT2. Aspmx. L. GOOGLE. COM. GitHub. com mail is handled byTen ALT4. Aspmx. L. GOOGLE. COM. GitHub. com mail is handled byTen ALT3. Aspmx. L. GOOGLE. COM. GitHub. com mail is handled by5 ALT1. Aspmx. L. GOOGLE. COM. GitHub.com mail is handled by 1 Aspmx.com.$ host Facebook.github.comfacebook.github.com is an alias for github.fastly.net . Github.map.fastly .net has address 103.245 222.133             

hostCommands can also be used for reverse queries, that is, querying a domain name from an IP address, equivalent to dig -x <ip> .

192.30.252.153153.252.30.192.in-addr.arpa domain name pointer pages.github.com.

(2) nslookup command

nslookupCommands are used to interactively query a domain name record.

$ nslookup> Facebook. GitHub. ioserver:192.168.1.253Address:192.168. 1.253 #53Non -authoritative answer :facebook.github .io canonical name = GitHub .map.fastly.map .fastly.netaddress 103.245.222.133>        

(3) Whois command

whoiscommand to view the registration of a domain name.

$ whois github.com

X. Reference links

• Dns:the good Parts, by Pete Keen
• DNS 101, by Mark McDonnell

DNS Understanding-Re-learning computer networks