Introduction to the DNS query process

Reprint Please specify Source: http://blog.csdn.net/luotuo44/article/details/45545059

DNS (domain Name System), readers have heard more or less that the domain name can be converted to an IP system. Makes it possible for us to access a website simply by remembering the domain name rather than the IP. When we enter a URL in the browser, the browser will send a query request to the local DNS server, the local DNS server will return the IP address corresponding to the browser. Note: More specifically, it is not a local DNS server, but a DNS server that is configured inside a Windows network connection. Generally we will not configure, so this article uses the local DNS server by default.

In addition to using a browser, we can also query the IP of a URL via the command line. For example, use the nslookup command. The IP address of www.weibo.com is queried by the nslookup command to Ali's public DNS server 223.5.5.5. You can see that the final query result is 121.194.0.221

From the above narrative and command used, it can be learned from the domain name to the IP participant: DNS client (browser or nslookup command); DNS server (local DNS server or Ali's public server). In fact, another participant was hidden here: Name server. There are three participants: a DNS client (domain name systemclient), a DNS server (domain Name System server), and a name server.

What's the use of a name server? What's the difference between it and a DNS server? To understand this, first of all to solve a problem, Ali's public DNS is how to know the micro-bo IP? It remembers, indeed it is remembered (the return is a non-authoritative answer, which means to remember). But it can't remember the IP of all the sites around the world. What does it do when a user queries it for a URL that it doesn't remember? We do not know the IP of a URL, you can resort to the DNS server, then the DNS server does not know? Hey.

Perhaps the reader has heard that the DNS is layered, do not know the words, the upper query. DNS is indeed tiered, and there are 13 root name servers (root name server) worldwide. Ali's public DNS does not know the IP address of a URL to the root domain server (or may not ask the root server), do not know to ask. But it is also impossible for the root nameservers to record the IP of all URLs around the world (it may be a bit of a possibility for IPv4, but not for IPv6). What if the root domain server doesn't know the IP of a URL? In fact, although the root name server can not tell you the IP of a URL, but it will provide very useful information to the query (that is, Ali public DNS server or local DNS server).

Before continuing to explain the query, you should first introduce the concept of domain, because the URL is governed by the domain. The domain Name System is layered just like the file directory we normally use. The first is the root, then the top-level domain (primary domain), then the two-level domain, the three-level domain 、......。 The top-level domains We know are: com, net, Org, CN. The parent domain assigns an identifier (such as CN) to the subdomain, and then the subdomain CN is solely responsible for the specific allocation of the two-level domain under CN. For CN, well-known two-level domains have com.cn, edu.cn these. Of course for edu.cn will be responsible for the three-level domain name assignment (for example, each university assigns one). One of the benefits of layering is that it is easy to manage. is an example of a DNS hierarchy.

Figure from "DNS and BIND" Figure 2-5

In addition to domain, there is another important conceptual area (zone). If a is a domain, and a has subdomains A and B. If domain A's manager authorizes A and b to be managed by another person, then A and B each form an area (zone). In other words, A and B are regions, but if you look at a or B, it's a domain. This is similar to the tree, a child of the tree node itself is a tree. This is illustrated in a diagram below:

Figure from DNS and bind

Each zone will have a name server (name server) [1], which is used to manage this area. Management includes dividing the domain into smaller sub-domains and IP parsing of subdomains (that is, converting the domain name to IP). For a region, the name server of the zone is the authority of the region, the authority can assume that: the name of the server given the domain name to the IP conversion result is authoritative (in addition to the domain name to the IP conversion, there are other conversions).

You can use the nslookup command to query a zone (zone) or a host's name server (name server), as shown in. Where-qt=ns indicates that the type to query is the name server, and 223.5.5.5 is the public DNS server of Ali.

As you can see, the name server for zone qq.com is ns[1-4].qq.com, and the host www.qq.com is ns-tell.qq.com.

It is important to note that zones and domains (domain) are a range rather than a single host. For example qq.com it is not a host, and QQ's World Wide Web server host name is www.qq.com, and v.qq.com is the host name of the video server.

With those introductions above, it is much easier to explain the DNS query process by clarifying what physical entities are in the DNS.

Use Ali's 223.5.5.5 as the DNS server to query the www.qq.com IP. It is assumed that in the query process, Ali's DNS server's cache does not have any records about www.qq.com.

1. My PC to 223.5.5.5 query request, query www.qq.com corresponding IP address
   
2. 223.5.5.5 to the ROOT name server query request, query www.qq.com. The IP address of the root domain server is fixed, and each DNS server is read from the configuration file
   
3. The root name server tells 223.5.5.5: "x.x.x.x is the IP address of the. com name server, you go to. com's name server query. Brother can only help you here. ”
   
4. 223.5.5.5 get this reply is not angry, but the fart to the name of the. COM server issued a query request: "Please tell me www.qq.com IP address?" ”
   
5. The. com name server replied, "Give you the IP address of the qq.com zone's name server ns1.qq.com y.y.y.y, you go there and check it out." ”
   
6. After eating cold shoulder, 223.5.5.5 again set out to ns1.qq.com ask for inquiries, "You always tell me www.qq.com IP address it?" This is your domain name.
   
7. Ns1.qq.com Hey a sound, said: "You go to ns-tel1.qq.com, it's IP is z.z.z.z"
   
8. 223.5.5.5 not hope to ask ns-tel1.qq.com: "Can you tell me www.qq.com IP?"
   
9. Ns-tel1.qq.com said: "Yes, it's IP is 14.17.42.40"
   
10. 223.5.5.5 get the results, save a copy of the backup, lest later people asked me again when asked to ask. Finally 223.5.5.5 to tell me the result of the PC

is a graphic image of the DNS and bind book:

The parser in the diagram is equivalent to the browser or nslookup program inside the PC. The name server on the left is equivalent to the local DNS server or Ali's public DNS server.

one thing to note : Ali public DNS servers each time a query is issued, the content of the request query is www.qq.com, not a part of it. Also shows this. This is because there may be www.qq.com in the cache of a name server on the way, and [2] may be missed if querying only qq.com.

It should be noted that there are two types of DNS queries: recursive queries and iterative queries [3]. The previous presentation is a recursive query, the query work by the local DNS server or Ali public DNS server in this article to complete the majority of tasks, the original query only need to wait for the results. In an iterative query, if the local DNS server or the public DNS server has a queried domain name in the cache, it returns. If not, then just like the name server on the right, tell the query author, "You go there and check it out," and of course you can return an error message directly.

Recursive queries make it impossible to observe the entire process, and you can use the Dig command to force an iterative query through +trace to view the entire process. Shows the entire process. Es New Roman "; mso-bidi-theme-font:minor-bidi;mso-ansi-language:en-us;mso-fareast-language:zh-cn; Mso-bidi-language:ar-sa ' >a and B are zones, but if you look at a or B, then it's a domain. This is similar to the tree, a child of the tree node itself is a tree. Here is a diagram to illustrate this (@223.5.5.5 means using Ali public DNS server):

Reference:

[1] Http://en.wikipedia.org/wiki/Name_server#Authoritative_name_server

[2] DNS and bind 5th edition 32 pages

[3] Http://en.wikipedia.org/wiki/Domain_Name_System#DNS_resolvers

Introduction to the DNS query process