"TCP/IP detailed Volume One" Reading notes-----DNS

1, DNS is a distributed database system used to provide the host name and IP address mapping between the reason is called distributed because there is no host on the internet to know all the information of such a mapping, of course, it is not possible, because the amount of data is too large

2. The application invokes the DNS service through a program called resolver (which can also be considered a client of DNS), usually under a Unix system by gethostbyname (IP address obtained by hostname) and GETHOSTBYADDR (host name obtained by IP address) These two library functions implement

3, not every name server knows how to communicate with all other name sever, but they all have to know how to communicate with root name server. For example, when they do not know the IP address of the requested host name Www.baidu.com, first need to communicate with the root name server, obtain the IP address of the top-level nameservers com, and then further communicate with it, thus constantly recursive lookup, Until the IP address of the target hostname is found

4, the DNS message format as shown, where the identification field is used to uniquely identify a message. The Flags field is the flag of the message, and several important fields are: 1) QA: When the QA is 0 for the inquiry message, the response message when qa=1, 2) The AA field means "autoritative answer", That is, the returned IP address is indeed within the domain name management of the server, not from other sources, 3) RD, "recursion desired", if the field is not set, and the domain name server being accessed does not have authoritative answer, Then the server will return a string of other domain name server information for the domain name resolution, 4 RA, "recursion available", set, indicating that the server supports recursive queries, usually in addition to servers other than the root domain name server support. Finally numbers of questions represents the number of questions, the specific content of the problem in the extended questions field, and the meaning of the other three fields such as answers are also class-like

5. The format of the questions field in the DNS message is shown, where query name is the queried hostname. The important thing to focus on is the question Type field, because the answer to the query is the one that corresponds to it. It is divided into several types, the most common of which is 1) A, which indicates the IP address that the query name corresponds to. 2) PTR, which indicates the host name corresponding to the IP address, and the last query class field is generally set to 1, which indicates the IP address

6, as for the final answers,authority,additional information field format is the same, as shown in, where domain name is the domain name to find, type corresponds to the previous question type, The Time-to-live field represents the time that this information can be saved in the client cache, typically 2 days. The last two fields represent the length and content of the results, respectively. For example, for a type of lookup, then the Length field is 4, the data is the queried domain name corresponding IP address

7. Caching: In order to reduce the network bandwidth consumption caused by duplicate DNS queries, the results of the first query are usually placed in the cache of name server instead of resolver, because resolver is bound to a specific application.

8, TCP or UDP: Usually the DNS query and response are transmitted through UDP, but UDP datagram length is often less than 512 bytes, when the length of the response message is greater than 512, the message will be truncated. You need to use TCP for transmission at this point, because TCP can be transmitted in a packet segment, and there is no limit on the length of the data

"TCP/IP detailed Volume One" Reading notes-----DNS