The principle of DNS and its analytic process "wonderful anatomy" 2012-03-21 17:23:10
Tags: dig wireshark bind nslookup DNS original works, allow reprint, when reproduced please be sure to use hyperlinks in the form of the original source of the article, author information and this statement. Otherwise, the legal liability will be investigated. http://369369.blog.51cto.com/319630/812889
The principle of DNS and its parsing process
Wonderful anatomy
Most of the network traffic is based on TCP/IP, and TCP/IP is based on the internet, so when the computer communicates on the network, it can only recognize IP addresses such as "202.96.134.133" and not know the domain name. We can not remember more than 10 IP addresses of the site, so when we visit the site, more is to enter the domain name in the browser address bar, you can see the required page, this is because there is a "DNS server" computer automatically put our domain name "translated" into the corresponding IP address, Then bring up the page that corresponds to the IP address.
What is DNS?
DNS, the domain Name System, is the acronym for a domain-organized hierarchy of computers and network service naming systems that are used in TCP/IP networks that provide services that are used to convert host names and domain names to IP addresses. DNS is such a "translator", its basic principles of work can be expressed.
DNS domain name
The domain Name system is a hierarchical and distributed database that contains various types of data, including host names and domain names. The names in the DNS database form a hierarchical tree structure called the domain namespace. The domain name contains a single label divider, for example: im.qq.com.
The fully qualified domain name (FQDN) uniquely identifies the location of the host in the DNS hierarchy tree, separating the list of names from the root-referenced host by the specified path. Shows an example of a qq.com DNS tree with a host called IM. The FQDN of the host is im.qq.com.
Name hierarchy of the DNS domain
How DNS domain name spaces are organized
The five categories that describe DNS domain names in their functional namespaces are described in the following table, as well as examples with each name type.
DNS and Internet domains
The Internet domain Name System is maintained by the name Registration Authority, which is managed by the organization and the top-level domain of the country/region on the Internet. These domains are in accordance with international standard 3166. Some of the many existing abbreviations that are reserved for use in organizations, as well as two-letter and three-letter country/region abbreviations are shown in the following table. Some common DNS domain names are called:
Resource records
The resource record (RR) that is contained in the DNS database. Each RR identifies a specific resource in the database. When we set up a DNS server, records such as soa,ns,a are often used, and mx,cname records are used when maintaining a DNS server.
Common RR See:
The working process of the DNS service
When a DNS client needs a name that is used in a query program, it queries the local DNS server to resolve the name. Each query message sent by the client includes 3 messages to specify the question the server should answer.
Specifies the DNS domain name, expressed as a fully qualified domain name (FQDN).
Specifies the type of query that can specify resource records by type, or as a specialized type for query operations.
The specified category of the DNS domain name.
For DNS servers, it should always be specified as the Internet category. For example, the specified name can be a fully qualified domain name for the computer, such as im.qq.com, and the specified query type is used to search for address resource records by that name.
DNS queries are parsed in a variety of different ways. Clients can sometimes answer queries in place by using the cached information obtained from previous queries. The DNS server can use its own resource record information cache to answer queries, or it can query or contact other DNS servers on behalf of the requesting client to fully resolve the name and then return the answer to the client. This process is called recursion.
Alternatively, the client can attempt to contact another DNS server to resolve the name itself. If the client does this, it uses stand-alone and additional queries based on server answers, called iterations, where an interactive query between DNS servers is an iterative query.
The process for DNS queries is as shown.
1, enter the www.qq.com domain name in the browser, the operating system will first check their local hosts file whether there is this URL mapping relationship, if there is, first call this IP address mapping, complete the domain name resolution.
2, if the hosts do not have this domain name mapping, then find the local DNS resolver cache, whether there is this URL mapping relationship, if there is, direct return, complete the domain name resolution.
3, if the hosts and the local DNS resolver cache does not have the corresponding URL mapping relationship, first will find the TCP/IP parameters set in the preferred DNS server, where we call it a local DNS server, when the server receives the query, if the domain name to query, included in the Local Configuration zone resources, The parsing result is returned to the client and the domain name resolution is completed, which is authoritative.
4, if the domain name to be queried is not resolved by the local DNS server zone, but the server has cached this URL mapping relationship, call this IP address mapping, complete the domain name resolution, this resolution is not authoritative.
5, if the local DNS server local zone file and cache resolution are invalidated, according to the local DNS server settings (whether set forwarders) to query, if not in the forwarding mode, local DNS will send the request to 13 root DNS, the root DNS server receives the request will determine the domain name (. com) Who is authorized to administer and returns an IP that is responsible for the top-level domain name server. After the local DNS server receives the IP information, it will contact the server responsible for the. com domain. After the server that is responsible for the. com domain receives the request, if it cannot resolve itself, it will find a management. com domain's next-level DNS server address (qq.com) to the local DNS server. When the local DNS server receives this address, it will find the qq.com domain server, repeat the above action, query until the www.qq.com host is found.
6, if the use of a forwarding mode, this DNS server will forward the request to the first level of DNS server, from the previous level of the server to resolve, the previous level of the server if it can not resolve, or find root DNS or transfer requests to the upper ancestor, in this cycle. Whether the local DNS server uses either forwarding or root hints, the result is returned to the local DNS server, which is then returned to the client.
From the client to the local DNS server is a recursive query, and the DNS server is an interactive query between the iterative query.
********************************************************************************************************
The principle and process of DNS parsing.
When a user visits a webpage on our site, he needs to go through the following steps:
1) Find the storage server for this webpage;
2) The server will access the user's request information ;
3) The server locates the user request webpage through the file path (URL);
4) The user downloads the content of the webpage to their computer.
The DNS resolution we are talking about is primarily the first step, which is to let the user find the server where the file resides via a URL.
1, why should have DNS
parsing?
To make the user's computer and the server (Web-hosting computer) connected is not by the domain name, the network between the computer to achieve connectivity through each computer in the network has a unique IP address to complete. But the IP address is not easy to remember, this needs to be easy to remember the address and the computer can recognize the address between a resolution, the user is easy to remember the address is the domain name, and the DNS server acts as a user request domain name "translated" into the corresponding IP address to facilitate the connection between the computer role.
2
, DNS
What is the analytic principle?
DNS resolution mainly has a recursive query, that is, in a DNS server cache to find the corresponding domain name and IP address corresponding relationship, automatically jump to the next step through the next DNS server to find. The following two figures are visible:
3
, DNS
What is the parsing process?
DNS parsing process is the focus is also difficult, below I follow my own understanding step by step to explain, there may be errors, please correct me.
The following steps, the DNS cache exists in the domain name corresponding IP DNS resolution is successful, the user's computer will directly access the server, if the DNS server cache does not exist in the domain name corresponding IP, then automatically go to the next step.
1) Browser Cache
When a user accesses a domain name through a browser, the browser will first look in its own cache for the IP address of that domain name (if it has ever visited the domain and has not emptied the cache);
2) System Cache
When the browser cache does not have a domain name corresponding IP will automatically check the user computer system Hosts file DNS cache if there is a corresponding IP domain name;
3) Router Cache
When the browser and the system cache do not have the domain name corresponding IP into the router cache Check, the above three steps are the client side of the DNS cache;
4) ISP (Internet service provider) DNS Cache
When the domain name corresponding IP address is not found on the customer service side, it will be queried in the ISP DNS cache. For example, you use a telecommunications network, you will enter the telecommunications DNS cache server to find;
5) ROOT name server
When none of the above is complete, a query is entered into the root server. There are only 13 root name servers, 1 primary root nameservers, and the remaining 12 are secondary root nameservers. When a root domain receives a request, the zone file record is viewed and, if none, the top-level domain name (such as. com) server IP within its jurisdiction is told to the local DNS server;
6) top-level domain name servers
When a top-level domain name server receives a request to view the zone file record, it tells The local DNS server the IP address of the primary domain name server within its jurisdiction;
7) primary Domain Name server
The primary domain server accepts the request and queries its own cache, and if not, goes to the next -level domain name server to find it and repeats the step until it finds the correct record;
8 ) Save the results to the cache
The local domain name server saves the returned results to the cache for the next use, and feeds the results back to the client, which is linked to the Web server via this IP address.
4
, DNS
How is optimization implemented?
The general domain name provider or server provider will provide a free DNS service, however, in many cases these free DNS servers are slow, so you can do some optimization, specifically from the following aspects:
1 ) Increase DNS Number of servers
Reduce server pressure, faster when the number of DNS requests that the unit server needs to process is low;
2 ) nationwide distribution of DNS Server
User network access speed and user computer to the distance between the server, if you can give users access to the local province of the server can speed up the DNS resolution;
3 ) Identify the user line feedback corresponding line IP
When the user network line with the Server network line is faster, and inconsistent when the slower, such as: the user to use the telecommunications line but the server is connected to the line, which will cause users to visit the site speed down, If you can identify the user access line and feedback the corresponding IP will speed up the site access.
********************************************************************************************************
Appendix:
Local DNS configuration forwarding and non-configured forwarding packet analysis
Create a new DNS, specifically how to build me here no longer described, see my previous post, "Install bind in Win2003" Deploy smart DNS "
1, the DNS server does not set the forwarding
Install the Wireshark software on the 192.168.145.228 server, and open it, set the packet to UDP filtering, 192.168.145.12 client on the nslookup command to query www.sohu.com, immediately see the local DNS server directly to the global 13 units A few of the root domains, and then step-by-step parsing, through a recursive way, until the www.sohu.com corresponding IP is found to be 220.181.118.87.
After the local DNS server obtains the www.sohu.com IP, it returns the IP to the 192.168.145.12 client and completes the parsing.
2. DNS Server settings forwarding
Because www.sohu.com domain name in the first step of the verification used, there is a cache, in order not to be affected by the previous step experiment, we 192.168.145.12 on the client nslookup www.baidu.com. From the figure, the local DNS forwarded the request to the 192.168.133.10 server, the 133.10 server returned the resulting IP to the local DNS, and then the local DNS IP to the DNS client, complete the resolution.
This article is from the "System network operation and Maintenance" blog, please be sure to keep this source http://369369.blog.51cto.com/319630/812889
The principle of DNS and its analytic process "wonderful anatomy"