1 DNS name resolution

After the final domain name through DNS resolution, into IP addresses.

The project will not be exposed to the external real server address, the service can only be accessed within the network, so need to do on the outside Nginx reverse proxy.

Here Insert Picture Description

1.1 DNS name resolution process

The whole process generally described as follows, wherein the first two steps are done in the machine, after eight steps involve real DNS server:

1, the browser will check the cache has not been resolved IP address corresponding to the domain name, if there is a cache, the resolution process is over. Browser cache domain is limited, not only the browser cache size is limited, and buffer time is also limited, usually ranging from a few minutes to a few hours, the domain name is cached time limit can be set by TTL property. This cache is too long and too short, not very good, if too long, once the domain name is resolved to the IP changes will result in the customer-side caching domain name can not be resolved to an IP address after the change, so that the domain can not be normal resolution, some users can not access the site during this time. If time is too short, it can cause the user to be re-parsed each time you visit the site once a domain name.

2, if the user's browser cache without data, the browser will look for whether there are DNS domain name analytical results corresponding operating system cache. In fact, the operating system is also a process of name resolution in Windows via C: \ Windows \ System32 \ drivers \ etc \ hosts file to set, in Linux can be set by / etc / hosts file, the user can use any domain name resolution to any IP address can access. For example, we can resolve a domain name in the test on a test server, without modifying any code so you can test the business logic code on a separate server is correct. It is because of this local DNS resolution procedures, so a hacker could come to a particular domain name resolution by modifying the user's domain name to his specified IP address, domain name was hijacked cause these.

3, when the first two processes can not be resolved, we must use our network configuration "DNS server address" the. This operating system will be sent to this domain LDNS, which is the region's domain name server. The DNS is usually provided to a user's local DNS resolution service internet access, for example, users access the Internet at school, then the user's DNS server is certainly at the school; if the user is in the area of Internet access, the user's DNS is again provide access to the Internet application providers, namely Telecom or China Unicom, it is often said of the SPA, then the DNS will usually somewhere in your city, not very far. Windows environment via the command line ipconfig, the Linux environment by cat /etc/resolv.conf can query the DNS server configuration. The specialized domain name server performance will be fine, they are generally cached DNS result, of course, by the time the cache expiration time domain of control. About 80 percent of the domain name resolves to end here, so LDNS mainly responsible for the analytical work of the domain name.

4, if LDNS still not hit it directly to the Root Server domain name server to resolve the request.

5, the root name servers back to the primary domain name server local name server as a query (gTLD Server) address. gTLD is an international top-level domain servers, such as .com, .cn, .org and so on, the world is only about 13 units.

6, the local name server then up LDNS gTLD server sends a request to return step.

7, gTLD server accepts the request to find and return address corresponding to the domain name server Name Server, Name Server this is usually the user registered the domain name server, such as domain name users in a domain name service provider applications, then this task DNS this will be done by domain name provider's server.

8, Name Server domain name server queries the storage domain names and IP mapping table, have been the target IP address is normally based on the domain name, along with a TTL value is returned to the DNS Server Domain Name Server.

9, returns the corresponding IP and TTL value, the LDNS cached IP correspondence relationship between the domain name and the cache time is controlled by the TTL value.

10, the result of the analysis back to the user, the user on the local system cache, DNS cache TTL value in accordance with the process ends.

In the actual DNS resolution process, it may also be more than 10 steps, such as Name Server might have a lot of class, or have a GTM to load balance control, which are likely to affect the name resolution process.

2 outside the network mapping tool

In doing micro-channel development or docking interface to third-party payment, the callback interface may require external network access. This time when local developer testing, the need to use external network testing tool.

Commonly used outside the network test tools are: natapp, ngrok.

2.1 `NatApp`Introduction

Server Update: Full support HTTPSagreements and local SSLcertificate support WSSagreement. While supporting HTTP/2 WEBthe agreement, small micro-channel support local development programs.

Fully automatic support for pan-subdomain and visitors real IP address.

Address: https://natapp.cn/

Here Insert Picture Description