Shulou(Shulou.com)06/01 Report--

This article introduces you how to understand the principle of DNS and hijacking problem, the content is very detailed, interested friends can refer to, hope to be helpful to you.

What on earth are URL and IP? People move their fingers and click on the mouse, and pictures and videos are naturally displayed on the screen in real time. However, all this is not taken for granted, under the colorful Internet world, we are working day and night.

I am an ordinary network request. I am small, but I am always fulfilling my duty to find designated resources and deliver them to my master. Like thousands of unknown couriers in this city, shuttling between buildings to complete their mission.

The difference is that the real network environment is not as bright as modern cities. It is dark, damp, full of unknown dangers, like a dark forest. And all I have to do is take a real risk.

My adventure starts with a "sheepskin roll". That day, the browser uncle mysteriously called me over and told me that CPU had issued an order: send messengers to visit foreign countries. And I am the most capable student of the uncle, and I am the most suitable person for this kind of task. The uncle prepared a parchment roll for me, which recorded the necessary information I needed for this adventure.

Unyielding, I took it and set off immediately.

I slowly unrolled the parchment, and the first line read: URL: https://mail.google.com

What is "URL"? I quickly recalled in my head, by the way, URL is the abbreviation of Uniform Resource Locator, translated into Chinese is "uniform resource locator". Because there are countless resources in the Internet world, each resource needs a mark to locate it, just like the house number in a human city.

Some people may think that now that you have a house number, isn't it easy to find a designated location? I hope so, my friends, but the reality is often not so simple.

Even with URL, forgive my stupidity, I still can't directly understand the destination it points to. Because this is a human language, I can't translate it. (in fact, humans are too stupid to remember IP addresses and need to use domain names that are easy to remember.)

For me, the IP address is the only coordinate. What is IP?IP, the abbreviation of Internet Protocol, translated into Chinese as "Internet Protocol", a thunderous name, one of the cornerstones of the Internet, all software that relies on Internet communication has to follow this protocol.

So, how can I convert a domain name to an IP address?

After working on weekdays, the browser uncle is very careful. He collates a "domain name-IP corresponding list" of the sites that users have visited. If it is a recorded IP address, then he will tell me directly that I can immediately go to the target IP address, which is what the browser cache is for.

If the URL entered by the user is not within the browser's record range, the operating system looks for a file called "hosts". It is a text that records the mapping of domain names and IP addresses. If "hosts" can tell me the target IP address, it will also save me a lot of time. This is the system cache.

In addition, there is a router cache, I believe I do not need to introduce more, that is, the domain name-IP mapping saved in the router.

These caches can effectively help me find the corresponding IP address as quickly as possible. However, the Internet world is changing with each passing day, and all kinds of resources emerge in endlessly. In many cases, users will want to access a brand new domain name that has not been recorded by any cache.

For this reason, human beings have specially designed DNS. In this mission, my first stop is to rush to DNS. In order to have a shorter response time and a better user experience, I stepped up my horse.

Memories of DNS hijacking

What is DNS? The full name Domain Name System is a distributed database that maps domain names and IP to each other.

There are many DNS service centers around the world. If you care about your computer, you will find that there is a "DNS server" configuration item on your network card, which sets the destination I am going to arrive at.

What is DNS hijacking, poisoning, parsing? You can understand it by reading this article!

In a twinkling of an eye, I came to the 114.114.114.114DNS center.

I have been to this place many times. On the surface, it is calm, but in fact, the undercurrent is surging. I came to the office hall carefully and couldn't help thinking of my first experience when I was hijacked by DNS.

That day, I came to the office window, and the teller received me warmly.

"which address would you like to inquire about, sir?" At that time, I was still a newcomer to the Internet request, and I didn't know some unspeakable rules, so I answered unabashedly, "Hello, I'm going to the famous mail.google.com!"

The teller's expression froze. He looked me up and down, then forced a smile. "Yes, sir, just a moment, please." With that, he winked at his colleague next to him. I was wondering when burly guards sprang from both sides and dragged me forcefully.

It was only then that I realized that the big deal was not good. "what's going on?! why are you hijacking me?" I yelled like crazy.

"Hello, according to the regulations issued by this ISP (telecom operator), the site you mentioned does not exist in the world. It is suspected that you are a non-compliant network request and will be forwarded to the IP address of baidu.com. You have the right to remain silent!" The guard looked at me coldly.

I know that no matter how to explain and struggle now, it is useless to blame myself for being too young. I had no choice but to obey.

What is DNS hijacking, poisoning, parsing? You can understand it by reading this article!

Fortunately, the user who was using the computer at that time had some network knowledge, and when he found that he entered google and returned a baidu page, he did not blame me, probably because he had guessed the reason in his mind. So he configured the DNS of the network card to: 8.8.8.8, which is a DNS service center provided by an international "non-existent" company.

Is this the only way to have unimpeded access to the Internet? After being hijacked by DNS, I still dare not relax.

I've come across DNS poisoning.

Before taking a break, the browser uncle once again assigned me the task of continuing to try to request mail.google.com 's resources.

Humans need to go abroad by plane and apply for a passport. The same is true of our network requests. International exports are deployed only in several major cities across the country, and all network requests for access to overseas resources have to go through here for inspection.

Different from the last time, because the DNS server I want to visit this time is located overseas, so I first came to the Shanghai international exit of the Greater China LAN.

I was really tired and tired all the way to Shanghai, and just as I was in a hurry to get through the security check, a guy in uniform greeted me near the passageway.

Before I could speak, he greeted him enthusiastically: "my friend who has come from afar must be very tired." it's so hot, let's have a glass of water first! " I looked at him quietly to see that he was supposed to be a waiter.

"International exports are just different. The service is really in place!" As I was really thirsty, I let my guard down. "Oh, it's so cool, thank you." As I sighed, I took the water that the boy handed me.

But when I didn't say the second word "thank you", I immediately felt dizzy.

"No! if you meet a hacker, this is DNS poisoning!" My vision gradually blurred, and the boy's smile gradually seemed to turn into a grim smile. I tried to search my mind for all the knowledge related to all this, trying to know what I was looking for.

What is DNS hijacking, poisoning, parsing? You can understand it by reading this article!

DNS poisoning is called DNS cache poisoning in English, also known as DNS pollution. During the period from the client sends a request to the DNS server to query the IP, and the response is returned to the client, if a hacker or some other unspeakable facility forges a wrong DNS response, then the user will not be able to access the real resources.

When I think of this, I obviously feel that I can't control my body. As soon as it gets dark, I don't know anything.

DNS normal parsing

I have vivid memories of the dangerous situations that have happened before, and when I think about it now, I still have lingering fears. This time, in order to make sure that it is foolproof, I am in the spirit of twelve points.

This time, I have successfully come to the 8.8.8.8 DNS Service Center.

"Hello dear, what can I do for you?" the voice of a soft girl came from the work window.

"I want to look up the IP address of the domain name mail.google.com." I asked tentatively, still not daring to relax.

"OK, dear, through the tree search here, under the top-level domain name com, you can find the google directory, and under the google directory, you can find that the mail,IP address is xx.xxx.xx.xx."

What is DNS hijacking, poisoning, parsing? You can understand it by reading this article!

I breathed a sigh of relief and, thankfully, got the result. But I know that as a complete network request, this is just the beginning, and this is the first step of the long march. I have to bring this analysis result back quickly, and I will have to go back and forth three times to establish a connection.

On how to understand the principle of DNS and hijacking issues to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.