Learn DNS Series (10) Diagram, example detailed DNS recursive and iterative query principle and process (1)

The previous section mentioned some of the content of the recursive query, but said very little, but also very general, this section will be based on the principle and the case two aspects of DNS recursion and iterative query.

Before that, we need to learn some background to better understand today's topic.

In the Internet, a smooth resolution of a domain name is inseparable from two types of domain name servers, only by the two types of domain name servers can provide "authoritative" domain name resolution.

The first category is the international Domain name Management Agency, also InterNIC, mainly responsible for international domain name registration and resolution, the second category is the domestic domain name registration management agencies, in China is cnnic, mainly responsible for domestic domain name registration and analysis, of course, although divided into international and domestic, but the two main one auxiliary, mutual synchronization of information, After all, the ultimate goal is to have a network anywhere in the world can be a smooth access to any valid legal domain name, during which the connection is evident.

Some friends may have this question, domain name server not have a lot of? Why do you say there are only 2 categories? Yes, how many ISPs? When we enter a URL (or domain name), the system sends the domain name to the DNS server that needs to be configured to convert it to an IP address, usually a local public DNS server (the intranet environment may be submitted directly to the firewall or router for further forwarding). The public network DNS server receives this request, not immediately processing, such as forwarding to the previous level of the DNS server (in the first section of DNS has a very strict logical hierarchical relationship), but will first view its own DNS cache, if there is the IP of this domain name, then directly back to the user, The system receives this IP and gives the browser to do further processing. In this cycle, the client's response to DNS is "not authoritative", which means that the result is not a DNS server directly authorized by the domain name, but a copy of the record. Simply put, the "non-authoritative" response is replicated from other DNS servers, corresponding to the "authoritative" answer, which is the answer from the server where the domain name is located, sounds difficult to understand, let's take a look at an example.

I am located in Shenzhen, where the public DNS server is 202.96.134.133, we have to check.

The following figure:

Here the nslookup command is used to query the DNS servers on which the current native resolution domain name depends, from the Chinese name above to know that the current default DNS resolution server is ns.szptt.net.cn, the corresponding IP address is 202.96.134.133, that is, the network program running on this machine, if you need to use DNS domain name resolution, will request to this server, seek resolution.

Of course, if you are in the intranet, or other types of LAN, in the parsing time may not be able to successfully get the results of the above, most of the agent or firewall. ADSL users are advised to test a bit, deepen the impression. Now we're going to parse a Web site's alias record to see what "Unauthorized records" are.

Take NetEase as an example. The following figure: