Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "what are the basic operations of DNS". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

DNS (Domain Name System) is the abbreviation of "domain name system". It is a computer and network service naming system organized into a domain hierarchy. It is used in TCP/IP networks. The services it provides are used to convert host names and domain names into IP addresses.

Query process

Although only one IP address needs to be returned, the query process of DNS is very complex and is divided into several steps. The tool software dig can display the whole query process.

$dig math.stackexchange.com

The above command outputs six pieces of information.

The first paragraph is about query parameters and statistics.

The second paragraph is the content of the query.

The above result indicates that the A record of the domain name math.stackexchange.com is queried, and An is the abbreviation of address. The third paragraph is the reply from the DNS server.

The above results show that math.stackexchange.com has four A records, that is, four IP addresses. Time to live is the TTL value (abbreviation TTL), which indicates the cache time, that is, there is no need to re-query within 600 seconds. The fourth paragraph shows stackexchange.com 's NS records (an abbreviation for Name Server), that is, which servers are responsible for managing stackexchange.com 's DNS records.

The above results show that stackexchange.com has four NS records, that is, four domain name servers. Query any one of them to find out what the IP address of math.stackexchange.com is. The fifth paragraph is the IP address of the above four domain name servers, which is returned along with the previous paragraph.

The sixth paragraph is some transmission information from the DNS server.

The above results show that the native DNS server is 192.168.1.253, the query port is 53 (the default port for the DNS server), and the response length is 305 bytes. If you don't want to see so much, you can use the + short parameter.

$dig + short math.stackexchange.com151.101.129.69151.101.65.69151.101.193.69151.101.1.69

The above command returns only four IP addresses corresponding to math.stackexchange.com (that is, A record).

DNS server

Based on the previous example, we will restore step by step how the machine gets the IP address of the domain name math.stackexchange.com. First of all, the local machine must know the IP address of the DNS server, otherwise it will not be able to get on the network. Only through the DNS server can you know what the IP address of a domain name is.

The IP address of the DNS server may be dynamic and assigned by the gateway every time you surf the Internet, which is called the DHCP mechanism, or it may be a fixed address specified in advance. In the Linux system, the IP address of the DNS server is stored in the / etc/resolv.conf file. The DNS server in the above example is 192.168.1.253, which is an intranet address. There are some public network DNS servers that can also be used, the most famous of which are Google's 8.8.8.8 and Level 3's 4.2.2.2. The native machine only queries its own DNS server, and the dig command has an @ parameter that displays the results of queries to other DNS servers.

$dig @ 4.2.2.2 math.stackexchange.com

The above command specifies to query the DNS server 4.2.2.2.

The level of domain name

How does the DNS server know the IP address of each domain name? The answer is hierarchical query. Please take a closer look at the previous example, each domain name has an extra dot at the end.

For example, the domain name math.stackexchange.com is displayed as math.stackexchange.com. This is not negligence, but the tail of all domain names, there is actually a root domain name. For example, the real domain name of www.example.com is www.example.com.root, abbreviated to www.example.com. Because the root domain .root is the same for all domain names, it is usually omitted. The next level of the root domain name is called "top-level domain" (abbreviated as TLD), such as .com and .net; the next level is called "second-level domain" (abbreviated to SLD), such as .example in www.example.com, which users can register. The next level is the host name (host), such as the www in www.example.com, also known as the "third-level domain name". This is the name assigned to the server by the user in his own domain and can be assigned by the user at will. To sum up, the hierarchical structure of the domain name is as follows.

Hostname. Secondary domain name. Top-level domain name. Root domain name # that is, host.sld.tld.root root domain name server

The DNS server makes hierarchical queries according to the level of the domain name. It needs to be clear that each first-level domain name has its own NS record, and the NS record points to the domain name server of that level domain name. These servers know the various records of the domain name at the next level. The so-called "hierarchical query" is to start from the root domain name, and then query the NS record of each first-level domain name until the final IP address is found. The process is roughly as follows.

NS record and A record (IP address) from "root domain name server" to "top-level domain name server" NS record and A record (IP address) from "top-level domain name server" to "secondary domain name server" find out the IP address of "host name" from "secondary domain name server"

If you take a closer look at the above process, you may find that there is no mention of how the DNS server knows the IP address of the "root domain name server". The answer is that the NS record and IP address of the "root domain name server" generally do not change, so it is built into the DNS server. The following is an example of a built-in root domain name server IP address.

Introduction to DNS principle introduction to DNS principle

In the above list, three NS records A.ROOT-SERVERS.NET, B.ROOT-SERVERS.NET, and C.ROOT-SERVERS.NET of the root domain name (.root) are listed, as well as their IP addresses (that is, A record) 198.41.0.4, 192.228.79.201, 192.33.4.12. In addition, you can see that the TTL value for all records is 3600000 seconds, equivalent to 1000 hours. In other words, the list of root domain name servers is queried only every 1000 hours. Currently, there are thirteen root domain name servers in the world, from A.ROOT-SERVERS.NET to M.ROOT-SERVERS.NET.

Instance of hierarchical query

The + trace parameter of the dig command shows the entire hierarchical query process of DNS.

$dig + trace math.stackexchange.com

The first paragraph of the above command lists the root domain name. All NS records of, that is, all root domain name servers.

According to the built-in root domain name server IP address, the DNS server issues a query request to all these IP addresses, asking math.stackexchange.com 's top-level domain name server com. The NS record of. The root domain name server that replies first will be cached and only requests will be made to this server in the future. Then comes the second paragraph.

The above results show 13 NS records for the .com domain name, along with the corresponding IP address for each record. The DNS server then issues a query request to these top-level domain name servers, asking for the NS record of math.stackexchange.com 's secondary domain name stackexchange.com. The above result shows that stackexchange.com has four NS records, along with the IP address corresponding to each NS record. The DNS server then queries the above four NS servers for the hostname of math.stackexchange.com.

The above results show that math.stackexchange.com has four A records, that is, all four IP addresses can access the website. It also shows that the NS server that returns the result first is the ns-463.awsdns-57.com,IP address 205.251.193.207.

Query of NS record

The dig command can view the NS record of each first-level domain name separately.

The $dig ns com$ dig ns stackexchange.com+short parameter can display simplified results. $dig + short ns com$ dig + short ns stackexchange.com

8. The record type of DNS

The correspondence between a domain name and IP is called "record". According to the usage scenario, "records" can be divided into different types (type), and you have already seen A records and NS records. Common DNS record types are as follows.

(1) A: address record (Address), which returns the IP address pointed to by the domain name. (2) NS: domain name server record (Name Server), which returns the address of the server where the domain name information of the next level is stored. The record can only be set to a domain name, not an IP address. (3) MX: Mail record (Mail eXchange), which returns the address of the server that received the e-mail. (4) CNAME: standard name record (Canonical Name), which returns another domain name, that is, the domain name currently queried is a jump of another domain name. For more information, please see below. (5) PTR: reverse query record (Pointer Record), which is only used to query domain names from IP addresses. For more information, please see below.

In general, for the security and reliability of the service, there should be at least two NS records, and there can be multiple A records and MX records, which provides redundancy of the service and prevents a single point of failure. CNAME records are mainly used for internal jump of domain names, which provides flexibility for server configuration and is not perceived by users. For example, the domain name facebook.github.io is a CNAME record.

$dig facebook.github.io...;; ANSWER SECTION:facebook.github.io. 3370 IN CNAME github.map.fastly.net.github.map.fastly.net. 600 IN A 103.245.222.133

The above results show that the CNAME record of facebook.github.io points to github.map.fastly.net. That is, when users query facebook.github.io, they actually return the IP address of github.map.fastly.net. The advantage is that when you change the server IP address, you only need to modify the github.map.fastly.net domain name, and the user's facebook.github.io domain name does not need to be modified. Because the CNAME record is a replacement, once the CNAME record is set for the domain name, no other records (such as A record and MX record) can be set to prevent conflicts. For example, foo.com points to bar.com, and each domain name has its own MX record, which can cause problems if the two are not consistent. Because MX records are usually set for top-level domain names, users are generally not allowed to set CNAME records for top-level domain names. The PTR record is used to reverse the domain name from the IP address. The-x argument of the dig command is used to query PTR records.

$dig-x 192.30.252.153. ANSWER SECTION:153.252.30.192.in-addr.arpa. 3600 IN PTR pages.github.com.

The above results show that the domain name of 192.30.252.153 is pages.github.com. One application of reverse query is to prevent spam, that is, to verify that the IP address from which the email was sent really has the domain name it claims. The dig command can view the specified record type.

$dig a github.com$ dig ns github.com$ dig mx github.com other DNS tools

In addition to dig, there are other gadgets available.

(1) host command

The host command can be seen as a simplified version of the dig command, returning various records of the currently requested domain name.

$host github.comgithub.com has address 192.30.252.121github.com mail is handled by 5 ALT2.ASPMX.L.GOOGLE.COM.github.com mail is handled by 10 ALT4.ASPMX.L.GOOGLE.COM.github.com mail is handled by 10 ALT3.ASPMX.L.GOOGLE.COM.github.com mail is handled by 5 ALT1.ASPMX.L.GOOGLE.COM.github.com mail is handled by 1 ASPMX.L.GOOGLE.COM.$ host facebook.github.comfacebook.github.com is an alias for github. The map.fastly.net.github.map.fastly.net has address 103.245.222.133host command can also be used for reverse queries That is, query the domain name from the IP address, which is equivalent to dig-x. $host 192.30.252.153153.252.30.192.in-addr.arpa domain name pointer pages.github.com.

(2) nslookup command

The nslookup command is used to interactively query domain name records.

$nslookup > facebook.github.ioServer: 192.168.1.253Address: 192.168.1.253#53Non-authoritative answer:facebook.github.io canonical name = github.map.fastly.net.Name: github.map.fastly.netAddress: 103.245.222.133 >

(3) whois command

The whois command is used to view the registration of a domain name.

This is the end of the introduction of $whois github.com "what are the basic operations of DNS". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.