DNS principle and parsing process analysis (text) _dns server

Network communication is mostly based on TCP/IP, while TCP/IP is based on IP address, so the computer can only recognize the IP address such as "202.96.134.133" when communicating on the network, but cannot know the domain name. We can't remember sites with more than 10 IP addresses, so when we visit the site, more is in the browser address bar to enter the domain name, you can see the required page, this is because there is a call "DNS server" computer automatically put our domain name "translation" into the corresponding IP address, Then bring up the page corresponding to the IP address.

What is DNS?
DNS (domain Name System) is the abbreviation for the name systems, a computer and network service naming system that is organized into a domain hierarchy that is used by TCP/IP networks and provides services for converting host names and domain names to IP addresses. DNS is such a "translation officer", its basic principle of work can be shown in the following figure.

DNS domain name
As a hierarchical and distributed database, the domain Name system contains various types of data, including host names and domain names. The name in the DNS database forms a hierarchical tree structure called the domain namespace. The domain name contains a single label divider, for example: im.qq.com.
The fully qualified domain name (FQDN) uniquely identifies the location of the host in the DNS hierarchy tree, separating the list of names of hosts referenced from the root by the specified path. The following illustration shows an example of a host called the qq.com DNS tree in IM. The FQDN of the host is im.qq.com.
Name hierarchy for DNS domains

How to organize DNS domain name space
A description of the five categories used to describe the DNS domain name in its functional namespace is described in the following table, along with an example of each name type.

DNS and Internet domains
The Internet Domain name registration Authority is responsible for maintaining the allocation of the top-level domain of the organization and the country/region for management on the Internet. These domain names are in accordance with international standards 3166. Some of the existing abbreviations, reserved for use in the organization, as well as two-letter and three-letter countries/regions, are shown in the following table. Some common DNS domain names are described in the following illustration:

Resource records
Resource records (RRs) that are contained in the DNS database. Each RR identifies a specific resource in the database. When we set up a DNS server, we often use records such as Soa,ns,a, and Mx,cname records are used when maintaining DNS servers.
Common RRs are shown in the following figure:

The work process of the DNS service
When a DNS client needs to query the name used in a program, it queries the local DNS server to resolve the name. Each query message sent by the client includes 3 messages to specify the question the server should answer.
The specified DNS domain name, which is represented as a fully qualified domain name (FQDN).
The specified query type, which can specify resource records based on type or as a specialized type of query operation.
The specified category for the DNS domain name.
For DNS servers, it should always be specified as an Internet category. For example, the specified name can be a fully qualified domain name for the computer, such as im.qq.com, and the specified query type is used to search for an address resource record through that name.
DNS queries are parsed in a variety of different ways. Clients can sometimes answer queries in place by using cached information obtained from a previous query. The DNS server can use its own resource record information cache to answer queries, or to query or contact other DNS servers on behalf of the requesting client, to fully resolve the name, and then return the answer to the client. This process is called recursion.
In addition, the client itself can try to contact other DNS servers to resolve the name. If the client does so, it uses a separate and additional query based on the server answer, called an iteration, that is, the interactive query between DNS servers is an iterative query.
The procedure for DNS queries is shown in the following illustration.

1, in the browser input www.qq.com domain name, the operating system will first check their own local Hosts file has this URL mapping relationship, if there is, first call this IP address mapping, complete domain name resolution.

2, if the hosts do not have this domain name mapping, then look for the local DNS parser cache, whether there is this URL mapping relationship, if any, direct return, complete the domain name resolution.

3, if the hosts and the local DNS resolver cache have no corresponding URL mapping relationship, first find the TCP/IP parameters set in the preferred DNS server, where we call it a local DNS server, when the server receives a query, if the domain name to query, included in the Local Configuration zone resources, Then return the result to the client, complete the domain name resolution, this resolution is authoritative.

4, if you want to query the domain name, not by the local DNS server zone resolution, but the server has cached this URL mapping relationship, then call this IP address mapping, complete domain name resolution, this resolution does not have authority.

5, if the local DNS server local zone file and cache resolution are invalid, queries are based on the local DNS server's settings (whether to set up forwarders), and if the forwarding mode is not used, local DNS sends the request to 13 root DNS, and the root DNS server determines the domain name (. com) when it receives the request. Who is authorized to administer and will return an IP that is responsible for the top-level domain server. When the local DNS server receives IP information, it will contact this server responsible for the. com domain. When the server that is responsible for the. com domain receives the request, if it cannot resolve it, it will find a next-level DNS server address (qq.com) to the local DNS server that manages the. com domain. When the local DNS server receives this address, it finds the qq.com domain server, repeats the above action, and queries until the www.qq.com host is found.

6, if the use of forwarding mode, the DNS server will forward the request to the first level of DNS server, by the previous server to resolve, if the server can not be resolved, or to find root DNS or transfer requests to the superior, to this cycle. Whether the local DNS server is forwarded or root prompted, the result is returned to the local DNS server, which is then returned to the client.

The client to the local DNS server is a recursive query, and the interactive query between DNS servers is the iterative query.

Appendix:
Local DNS configuration forwarding and not configured forwarding packet analysis
Create a new DNS, concrete how to build me here is no longer described, see my last Blog "Install the Bind" in Win2003 "Deploying smart DNS"
1, the DNS server does not set forward
Install the Wireshark software on the 192.168.145.228 server and turn it on, set the packet to UDP filter, 192.168.145.12 the client on the nslookup command to check www.sohu.com, and immediately see the local DNS server directly to the global 13 units A few units in the root domain, and then parse it step-by-step, by way of recursion until you find the www.sohu.com corresponding IP is 220.181.118.87.
When the local DNS server gets www.sohu.com IP, it returns the IP to the 192.168.145.12 client and completes parsing.

2. DNS Server settings forwarding

Because www.sohu.com domain name is used in the first step verification, has the cache, in order not to be interfered by the step experiment, we 192.168.145.12 on the client on the Nslookup www.baidu.com. From the diagram, local DNS forwards the request to the 192.168.133.10 server, the 133.10 server returns the resulting IP to the local DNS, and then the local DNS IP to the DNS client to complete parsing.

This article is from the "System Network Operation Dimension" blog, please be sure to keep this source http://369369.blog.51cto.com/319630/812889