DNS Details (II.)

A DNS resource record (this section is from the computer network: top-down method)

Resource records are the way that domain names and IP mapping information are stored in a DNS server, that is, how the server organizes, stores, and manages this information. He is a 4-tuple containing the following fields:

(Name, Value, Type, TTL)

The TTL is the lifetime of the record, which determines when the resource record should be removed from the cache. The values for name and value depend on type:

(1) Type = A, the name is the hostname, and value is the corresponding IP. This is the standard hostname-to-IP mapping, and obviously the lowest-level authoritative server is filled with this type of record.

(2) Type = NS, the name is a domain, and value is the host name of the DNS server that manages the domain, and the NS record is followed by an IP that follows a record of the host name of the DNS server. High-level authoritative servers typically store this type of record.

(3) Type = CNAME, then name is the alias of the host, andvalue is the corresponding canonical hostname.

(4) Type = MX, value is the canonical host name of the mail server with name alias

By using MX records, a company's mail server and other servers can use the same alias. In order to obtain the canonical hostname of the mail server, the DNS client should request an MX record, and the DNS client should request a CNAME record in order to obtain additional access to the other canonical host names.

Second, the DNS protocol

The DNS protocol is an application-layer protocol that runs over UDP and uses port 53rd. Another day will write an article analysis of what is called the Application layer protocol, here you can simply understand the DNS protocol as a rule: the support of the application layer of DNS software communication methods and corresponding actions. The means of communication is the so-called message. DNS has only query and answer messages, and their format is the same. Such as:

A DNS message is divided into several fields, each of which has a different function, saying only a few more important:

(1) The "authoritative" flag for the Flag field: If an answer is exactly the authoritative server requesting the domain name, then the flag will be set to 1 (I am not sure, but not 1 is 0).

(2) The "recursive" flag bit for the flag field: There are two types of query actions, that is, iterative queries are also recursive queries. For example, A to B ask the way, b although do not know, but he will ask C and then tell a, this is recursion, and if b do not know to a said you yourself to ask C, and then a from the C there to get the answer, this is the iteration. In general, the queries initiated by the client to the local cache server are recursive, while the queries initiated by the local cache server to the authoritative server are iterative.

(2) Problem area: A query is stored here, including the domain name to be queried and the type of record required.

Third, the DNS query detailed process

On the Linux system, you can directly use the nslookup command to resolve a domain name of the IP, such as: Nslookup www.baidu.com, will give the domain name of the IP.

I use the dig command at the terminal to track the parsing process, such as:

Figure, 127.0.1.1 is my local cache server IP, this server will configure the root name server IP, these IP basically will not change;

With the IP of the root domain server, one of them (in this case, g.root-servers.net.) initiates the query, and the answer is the IP of the COM top-level domain DNS server;

Initiate a query to one of the COM servers (k.gtld-servers.net)to obtain the DNS server IP of the baidu.com two domain name;

To one of the Baidu server launched a query (ns4.baidu.com), get a canonical name bk.n.shifen.com. In other words, baike.baidu.com is just an alias;

Then had to use dig again, the parameters changed to bk.n.shifen.com. Then you can get the final answer (move your hand, please).

Then there are a few questions that are not clear:

(1) The root domain server contains only the top-level DNS server IP, but the top-level domain name is actually relatively small, so its storage should be small. But the root name server is made into a system. A total of 13 IP, each IP has at least dozens of servers, around the world more than 1000 units. Why does it take so much? Not exactly for backup purposes?

(2) The host of the network will be assigned IP,DNS server itself is no exception. In the 4th step, the DNS servers in the top-level domain generally hold the IP of the DNS servers for their subdomains, not the IP of a non-DNS server, that is, only the NS records and the corresponding DNS servers ' A records, which are mentioned in the resource record. But I'm not quite sure yet.

(3) does the DNS servers in different COM top-level domains hold the same content? If not, which COM server should you send the request to? If the same, which IP should be sent in the fourth step of the request? Choose "Recent" from yourself?

(3) Each time the local cache server receives a reply from the authoritative server, it will save the record (as if all DNS servers do), such as just executing dig +trace Baike.baidu.com, will save from the root name server to Baidu's own DNS server IP, then execute dig +trace bk.n.shifen.com again, it will start from the root name server query it or directly ask Baidu DNS server?

Later found that the root domain name can generally be bypassed, the example is a DDoS attack, which would have been pointing to the root domain server, but the local cache already has a cache of top-level domain IP, so the attack directly bypass the root domain name server and to the top-level domain server initiated. But can the top-level domain also be bypassed? How does the local cache server control and implement the query depth? Language recognition? Smart match?

DNS Details (II.)