Source: http://book.51cto.com/art/200801/64743.htm
Http://www.xxeb.com/site/domain/20070314/23.html
Author: Release Date:
When the DNS client needs to query the name used in the program, it queries the DNS server to resolve the name. Each query message sent by the client contains three messages, specifying the server's answer:
| • | The specified DNS domain name, defined as a fully qualified domain name (FQDN) |
| • | The specified Query type. You can specify a Resource Record Based on the type or a specific type of query operation. |
| • | The specified category of the DNS domain name. For Windows DNS servers, it should always be specified as an Internet (in) type. |
For example, the specified name can be the FQDN of a computer, for example
Host-a.example.microsoft.com, and the specified Query type is used to search for address (a) resource records with this name. Change DNS
The query is considered as a client asking the server a question consisting of two parts, for example, "Do you have a computer named 'hostname .example.microsoft.com '?"
Resource Records ?" When the client receives a response from the server, it reads and interprets the resource record for the response and obtains the IP address of the computer based on the name.
DNS queries are parsed in different ways. Sometimes, the client can use the cache information obtained from the previous query to respond to the query locally. DNS
The server can use its own resource record information cache to respond to queries. The DNS server can also request a client to query or contact another DNS.
Server to completely resolve the name and then return the response to the client. This process is called recursion.
In addition, the client can also try to contact another DNS server to resolve the name. When the client performs this operation, it uses other independent queries based on the reference answers from the server. This process is called iteration.
In short, the DNS query process is divided into two parts:
| • | The name query starts from the client computer and is transmitted to the DNS Client Service Program for resolution. |
| • | When you cannot perform local resolution queries, You can query the DNS server as needed to resolve the name. |
The two processes are described in more detail below.
Part 1: Local parser
Displays the complete overview of the DNS query process.
As shown in the initial steps of the query process, the DNS domain name
Used by local programs. The request is subsequently transmitted to the DNS Client Service to use the local cache information for resolution. If the query name can be parsed, the query is answered and the process is completed.
The cache of the local parser can include the name information obtained from two possible sources:
• |
If the host file is configured locally, any host name from the file maps to the address, which will be preloaded to the cache when the DNS Client Service is started. |
| • | The resource records obtained from the previous DNS query response are added to the cache and retained for a period of time. |
If the query does not match the items in the cache, the resolution process continues and the client queries the DNS server to resolve the name.
Part 1: querying DNS servers
As shown in the preceding figure, the client queries the preferred DNS server. The actual servers used in the initial Client/Server query of the process are selected from the global list.
When the DNS server
When receiving a query, first check whether it can make an authoritative response based on the resource record information obtained in the local configuration area of the server. If the query name matches the corresponding resource record in the local region information, this information is used to parse the query name, and the server gives an authoritative response.
If no query name exists in the region information, the server checks whether the name can be resolved through the local cache information from the previous query. If the matching information is found, the server uses this information to respond to the query. Then, if the preferred server can use a fully matched response from its cache to respond to the client sending the request, the query is complete.
If no matching response from the cache or region information is found in the query name on the preferred server, the query process can continue and use recursion to completely parse the name. This involves other DNS
Server support to help resolve names. By default, DNS
The client service requires the server to use recursive procedures to completely resolve the name of the client before returning a response. In most cases, the DNS server is configured to support recursive procedures by default, as shown in.
To make the DNS server correctly execute the recursion process, you must first use some useful contact information about other DNS servers in the DNS domain namespace. This information usesRoot prompt
It is an initial resource record list. The DNS service can use these records to locate other DNS servers. They have absolute control over the root of the DNS domain namespace tree. The root server has absolute control over the root domain and top-level domain in the DNS domain namespace tree.
Use the root prompt to find the root server. The DNS server can be used recursively. Theoretically, this process will enable DNS servers to locate servers that have absolute control over any other DNS domain names used at any level of the domain namespace tree.
For example, when a client queries a single DNS server, consider using recursive procedures to locate the name host-b.example.microsoft.com. In
DNS
When the server and client are started for the first time, and there is no local cache information to help resolve the name query, the above process will be performed. Based on the configured region, it is assumed that the name queried by the client is a domain name, and the server
Local does not contain information about this domain name.
First, the server is preferred to analyze the full name and determine the location of the server with absolute control over the top-level domain "com. Then, for "com" DNS
The server uses iterative query to obtain the reference information of the "Microsoft.com" server. Then, refer to the response sent from the "Microsoft.com" server
"Example.microsoft.com" DNS server.
Finally, it works with the server example.microsoft.com
Create a contact. Because the server includes the query name that is part of its configuration area, it gives an authoritative response to the source server that initiates recursion. When the source server receives the request, it indicates that it has obtained the authority to query the request.
The response is forwarded to the client that sends the request, so that the recursive query process is complete.
Although the execution of the above recursive query process may require a large amount of resources, it still has some performance advantages for the DNS server. For example, when performing recursive queries
The DNS server can obtain the relevant DNS
Domain namespace information. This information is cached by the server and can be used again, so as to speed up the use of this information or the response to subsequent queries matching it. Over time, the cache information will continue to increase and
Occupies a large amount of server memory resources, although this information is cleared every time the DNS service is restarted.
Optional query response
In the previous discussions on DNS queries, it was assumed that this process would return a positive response to the client at the end. However, the query can return other responses. The most common responses are:
| • | Authoritative response |
| • | Yes |
| • | Reference response |
| • | Negative Response |
An authoritative response is a positive response returned to the client and sent along with the "Authorization authority" bit set in the DNS message. The message indicates that the response is obtained from a server with a direct authority.
A positive response can be composed of the queried RR or RR list (also called rrset), which is consistent with the queried DNS domain name and the record type specified in the query message.
Reference response includes other resource records that are not specified in the query name or type. If recursive procedures are not supported, such responses are returned to the client. These records are used to provide some useful reference responses. The client can use the reference response to continue recursive queries.
Reference response contains other data, such as resource records (RR) that are not of the query type ). For example, if the query host name is "www" and the RR of the name is not found in this region, but the cname RR of "www" is found, the DNS server can contain this information when responding to the client.
If the client can use the iteration process, it can use the reference information to perform other queries for itself to completely resolve this name.
A negative response from the server indicates that when the server attempts to process and thoroughly parse the query Authority, one of the two possible results is:
• |
Authoritative Server Report: No query name in the DNS namespace. |
| • | Authoritative Server Report: the query name exists, but the name does not exist for a specified type of record. |
In the form of a positive or negative response, the parser returns the query result to the request program and caches the Response Message.
Note:
| • | If the final response to the query is too long to be sent and parsed in a UDP message packet, the DNS server can send a Failover Response Message on TCP port 53, to fully respond to the client in a TCP connection session. |
||||
| • | When On the DNS console of the corresponding server, you can configure the "advanced" attribute to disable recursion. |
||||
| • | If recursion is disabled on the DNS server, you cannot use a forwarder on the same server. |
||||
| • | By default, when performing recursive queries and contacting other DNS servers, the DNS server uses several default time settings. They are:
In most cases, these parameters do not need to be adjusted. However, if recursive queries are used on slow WAN links, you may slightly adjust the settings to improve server performance and speed up query completion. |
Iteration is the name resolution type used between the DNS client and the server when the following conditions take effect:
| • | The client applies for recursive procedures, but disables recursion on the DNS server. |
| • | When querying the DNS server, the client does not apply for recursion. |
An iterative request from the client informs the DNS server that the client wants to obtain the best response directly from the DNS server without contacting other DNS servers.
During iteration, the DNS server responds to the client based on its specific knowledge about the namespace related to the queried name data. For example
When the server receives a query from the local client "www.microsoft.com", it may return a response from its name cache. If the query name is not currently stored on the server
In the cache, the server may respond to the client by providing reference information, that is, the NS and a of other DNS servers that are closer to the name queried by the client
Resource Record list.
When the reference information is formed, it is assumed that the DNS Client is responsible for forwarding data to other configured DNS
The server continues the recursive query to parse the name. For example, in most cases, the DNS Client may extend its search to the Internet.
To locate the DNS server with absolute control over the "com" domain. Once you contact the Internet
The root server, which starts from these DNS servers that direct to the "Microsoft.com" Domain
The server obtains further recursive responses. When the client receives records from these DNS servers
The server sends other iterative queries, which can provide positive and authoritative responses.
In addition to providing the best response to the client during iteration, the DNS server can also provide further help in name query and resolution. For most iterative queries, if the primary DNS cannot identify the query, the client uses the locally configured DNS server list to contact other name servers in the entire DNS namespace.
How cache worksWhen DNS servers use recursion or iteration to process client queries, they will discover and obtain a large amount of important information about DNS namespaces. The information is then cached by the server.
The cache provides a way to accelerate the performance of subsequent queries for DNS resolution of popular names, while greatly reducing the DNS-related query traffic on the network.
When DNS servers perform recursive queries on behalf of clients, they temporarily cache resource records (RR ). The cached RR contains
The information obtained by the server. For iterative queries to search for and fully respond to the DNS records obtained during recursive queries performed by the client
For domain names, this information is absolutely authoritative. Later, when other clients send new queries and request RR information that matches the cached RR, the DNS server can use the cached rr
To respond to them.
When information is cached, the TTL value applies to the RR of all caches. As long as the TTL of the cache RR does not expire, the DNS server can continue to cache and use it again.
RR is used to respond to the queries raised by clients that match these RR. Set the cache TTL used by RR in most regions.
The minimum (default) TTL value is set as the starting authorization Organization (SOA) resource record for the region. By default, the minimum TTL value is 3,600 seconds (1
But it can be adjusted. That is to say, you can set the cache TTL for each RR.
Note:
| • | You can install the DNS server as a cache server only. |
| • | Mo |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
