Domain name resolution application knowledge

Domain name resolution application knowledge

 

Generally, the gethostbyname system function is used to resolve the domain name to obtain the IP address. However, in Linux, gethostbyname is insecure due to multiple threads. This function uses internal static variables, therefore, using this function in multiple threads will lead to unpredictable problems (such as crash or parsing failure). We recommend that you use gethostbyname_r or gethostbyaddr, which have the same functions as gethostbyname, except for multi-thread security.

In Linux, The gethostbyname system function works as follows: the implementation of this function is extracted from the bind, simplified, and executed according to the RFC standard.

The network service module is initialized first and initialized as follows (1) and (2 ).

1: Read the parsing configuration file specified by the RESOLV_HOST_CONF environment variable. By default, this environment variable does not exist. If not, read the/etc/host. conf file (see the description of this file). The configuration file is the domain name resolution sequence configuration file, and set the resolution sequence. The file change takes effect only after the service is restarted.

2: Read the/etc/resolv. conf configuration file, which is used to specify the DNS server for resolution and related parameters during DNS bind resolution, such as the number of retries and timeout time. Changes to this file take effect immediately.

Gethostbyname function execution:

3: Read/etc/nsswitch. conf: If the hosts file is read first, it will be searched in the hosts file by name. If it is found, it will be returned. The hosts file will not be cached, so changes in the hosts file will take effect immediately; if not, use the DNS bind client for domain name resolution.

4: when using the DNS bind client for domain name resolution,/etc/resolv will be used. the conf configuration file is used for domain name resolution. The resolution method is resolve. the conf file is determined. In addition, the parsing option parameter can also be specified through the Environment Variable res_options.

 

 

Appendix: DNS configuration files in Linux

 

1,/Etc/host. conf

When both DNS domain name resolution and/etc/hosts host table mechanism exist in the system, the/etc/host. conf determines the host name interpretation order, as shown in

Order hosts, bind # name interpretation order

Multi on # Allow the host to have multiple IP addresses

Nospoof on # Disable IP Address Spoofing

Order is the keyword. It is defined to first interpret the name in the host table of the local host. If it cannot be interpreted, search for the BIND name server (DNS ).

In the Multi Document, in/etc/hosts, multiple IP addresses can be configured for one domain name, but it seems that it cannot be implemented.

Nospoof prevents IP Address Spoofing

 

2,/Etc/resolv. conf

Configure the DNS client, which contains the domain name search sequence of the host and the address of the DNS server. Each line should contain one keyword and one or more parameters separated by spaces. The following is an example file:

Search dns.alisoft.com
Nameserver 172.16.22.128

Nameserver 60.190.232.99

Options ndots: 5 Timeout: 1 attempts: 1
Valid parameters and their meanings are as follows:
Nameserver indicates the IP address of the DNS server. There can be multiple rows of nameserver, each with an IP address. The following nameserver is queried only when the first nameserver does not respond.
Domain declares the host domain name. Many programs use it, such as the mail system. DNS queries are also required for hosts without domain names. If no domain name exists, the host name will be used and all content before the first vertex (.) will be deleted.
Multiple parameters of search indicate the domain name query order. When you want to query hosts without domain names, the hosts will be searched separately in the domain declared by search. Domain and search cannot coexist. If both exist, the domain and search will be used later.
Sortlist allows specific sorting of the obtained domain name results. Its parameters are network/mask pairs, which can be arranged in any order.

OptionsThis parameter is rarely set. It can be set to multiple option values in the form of a "key: Val" pair. There can be multiple "key: Val" pairs, as shown in the preceding example. You can set the following keys:

Ndots timeout attempts debug inet6 ip6-bytestring no-ip6-dotint ip6-dotint rotate no-check-names edns0

The most important parameters are timeout and attempts, which specify the resolution timeout and number of retries.

3,/Etc/nsswitch. conf

Name Service Switch. A common function is to dynamically switch the domain name resolution sequence. It is based on the/etc/hosts file or DNS. By default, the/etc/hosts file name resolution is read first.

 

4,/Etc/ssh/sshd_config
If it is found that SSH is slow on a server, it may be caused by DNS problems. You can view the/etc/ssh/sshd_config file and change usedns yes to usedns no in/etc/ssh/sshd_config, edit/etc/nsswitch at the same time. conf: Find the hosts line and change it to hosts: Files DNS [notfound = return].