TCP/IP DNS

1. The public port of DNS protocol is 53, which is commonly used for UDP encapsulation (TCP encapsulation can also be used ).

DNS (Domain Name System) is a distributed database (IP-name)

2. concepts:

(1) The DNS domain name can contain a maximum of 63 characters, regardless of case. For example, top-level (level-1) domain names are at the rightmost of sun.tuc.noao.edu, and second-level domain names are at the left, third-level domain name .... A maximum of 128 domain names can be available (0-127; 0 domain names are blank)

(2) top-level domains have three components: one is the organizational domain (common domain), commonly used 7com, Edu, org, Int, net, Gov, mil (Gov, mil for the United States), second, National domain (such as CN), and third, Reverse Domain Name: ARPA, it has only one second-level domain name in-ADDR (used for name-to-IP conversion)

(3) The domain name ending with "." is called FQDN (absolute domain name ). (Generally, incomplete domain names have two or more segments. The default value is complete)

(4) For master-slave servers, the master server is responsible for maintaining the ing, while the slave server does not create update files, but regularly takes another server (master can be slave) the information is copied to the backup (this copy process is called regional transmission) to create a data backup. If a server is broken, there is something else.

3. Message format: the first 12 bytes plus variable data

(1) first, note that the field (2b) is identified, and the application's query and response match through this; the QR bit in the flag field (2B), 0 indicates the query, 1 indicates the response; AA bit, set by the response server. If it is set to 1, it indicates that the server is the authorized server for the domain name; TC bit. When the DNS uses UDP encapsulation, when the data exceeds B, the system truncates the following part and places the position 1; rd bit. When the value is set to 1, the customer wants a recursive response; RA bit, when the DNS response packet is returned and the name server is set to 1, it indicates recursion is available; 0

(2) question section in the query message: the format of each question is as follows: query name (4b), query type (2B), and query type (2b ). The total number of problems is recorded in the first problem segment.

The format of the query name is as follows: (take tuc.noao.edu as an example): 3tuc4noao3edu0

Query types are commonly used as follows: A (Query IP), PTR (query pointer records), NS (indicating that the Domain Name Server is an authorization server requiring a name)

Query Class: In (0x01 indicates the Internet address)

(3) partial response format: domain name (4b), type name (2B), Class (2B), survival time (4b), Data Length (2B ), data (given by the length value)

Specifically, the domain name, type name, and class field are queried Based on the message fill;
The survival time is measured in seconds, indicating the time the customer program remembers the record (this time can be placed in the cache ).
Data: (divided into three categories)
A. IP address (when the type is)
B. domain name (returned results in PTR type)
C. The offset pointer (the length is 2B, And the header 2bit is 11), which indicates the distance (generally 12, because the DNS header occupies 12 bytes) to the DNS data header, the next step is the DNS domain name). This is called compression.

4. Recursive parsing and iterative Parsing

Recursive resolution is: If server a knows the IP address of the domain name, the result is returned. If Server A does not know, it sends a request to other server B, and so on until the result is displayed.

Iterative resolution is: if a knows, return results; if not, return the address of another Domain Name Server B to the customer, let the customer access B, and so on.

5. query pointers (query domain names with known IP addresses)

The IP address is known. In the Domain Name field of the problem section, do this (take 220.181.6.19 as an example). The domain name is 19.6.181.220.in-ADDR. ARPA (The purpose of the top-level domain ARPA ). For a query whose sending type is PTR, the data part of the returned result is required.

6. in Linux, the DNS server address is in the/etc/resolv. conf file. The application calls the IP address and domain name through the local name interpreter, while the name interpreter process calls the domain name through the name server. (The host program can run the domain name parser process). In Windows, the NSLookup program is used to run the domain name parser process.

7. Notes:

High-speed cache: when the server receives a response from another server, it copies the response to the high-speed cache and marks it as unauthorized; the survival time field is used for this purpose, that is, the validity period is only the number of seconds in the survival time;