Centos7# DNS domain name resolution for basic services

Others 2020-10-27 08:56:02 views: null

Article Directory

One: Basic concepts of DNS

DNS is the abbreviation of Domain Name System, and is a core service of the Internet. It serves as a distributed database that can map domain names and IP addresses to each other, enabling people to access the Internet more conveniently without having to remember The IP number string that can be directly read by the machine
  www.example.aliyun.com..
  Root domain name
  . com. Top level domain name.
  Aliyun.com Primary domain name . Example.aliyun.com
  Subdomain name
  www.example.aliyun.com Subdomain name Subdomains

Local domain name resolution (only valid in the LAN, the domain name is a pseudo domain name, and one IP can correspond to multiple domain names)
  [root@localhost ~]# vim /etc/hosts
  106.15.202.53 sun
  106.15.202.53 li
  106.15.202.53 zhen
  [root@ localhost ~]# ping sun
  /etc/hosts files for local resolution (the correspondence between IP + domain name)

2. DNS resolution process

For example, the client resolves www.126.com (the cache is non-authoritative)
  1. Upon receiving the DNS resolution command, the client first queries the records in the cache and /etc/hosts, and returns the query answer to the client if it has it, and if not, it The query command is sent to the specified local DNS server in /etc/resolv.conf.
  2. If the local DNS server is authoritative for the query information, it will return an authoritative answer to the local. If it is not authoritative, it will query the records in its own cache. If there is query information, it will return a non-authoritative answer to the client.
  3. If there is no query information in the cache, DNS will start from the root server and query downwards in accordance with the DNS hierarchy until it finds an authoritative server for the query information, and returns an authoritative answer to the client.
  4. The DNS server sends the query information to the client, and the client keeps a copy in the cache for later query.

Three, DNS terminology

1. Recursive query
  means that the DNS server must return an accurate query result to the user when it receives a request initiated by the user. If the DNS server does not store the corresponding information locally, the server needs to query other servers and submit the returned query structure to the user.
  2. Iterative query
  means that when the DNS server receives the request initiated by the user, it does not directly reply to the query result, but tells the address of another DNS server, and the user submits the request to this DNS server. This is repeated in turn until Return the query result.
  3. DNS cache
  DNS cache is to store the analytical data close to the client who initiated the request. It can also be said that DNS data can be cached in any location. The ultimate goal is to reduce the recursive query process and allow users to obtain requests faster result.
  4. The
  full name of TTL in English is Time To Live. This value tells the local domain name server that the domain name resolution result can be cached for the longest time. After the cache time expires, the local domain name server will delete the data of the resolution record. After deletion, if there are users When a domain name is requested, the recursive query/iterative query process will be repeated.
  5. The
  full English name of TLD Server is Top-level domains Server, which refers to the top-level domain name server.
  6. DNS Resolver
  refers to the local domain name server. It is the first stop in DNS lookup and is the DNS server responsible for processing the initial request. The DNS assigned by the operator's ISP, Google 8.8.8.8, etc. belong to the DNS Resolver.
  7. Root Server
  refers to the root domain name server. When the local domain name server cannot find the resolution result locally, the first step will be to query it and obtain the IP address of the top domain name server.
  8. DNS Query Flood Attack
  Refers to domain name query attacks. The attack method is to manipulate a large number of puppet machines to send massive domain name query requests. When the number of domain name query requests per second exceeds the capacity of the DNS server, it will cause the domain name resolution timeout and directly affect the availability of the business.
  10. URL forwarding
  English Url Forwarding, also called address forwarding , is to point a domain name to another existing site through a special setting of the server.
  12.
  DNS Security Extensions (DNS Security Extensions), referred to as DNSSEC. It uses digital signatures to ensure the authenticity and integrity of DNS response messages, which can effectively prevent attacks such as DNS spoofing and cache pollution, and can protect users from being redirected to unexpected addresses, thereby increasing users' trust in the Internet.

Four, DNS record type

The first four (A, AAAA, CNAME, MX) and NS remember
A IPV4 records, support mapping domain names to IPV4 addresses using
AAAA IPV6 records, support mapping domain names to IPV6 addresses using
CNAME alias records, and support directing a domain name to a command A domain name
MX email interaction record, supports directing the domain name to the email address using
NS name server records, and supports sub-domain name delegation to other DNS servers for resolution

Insert picture description here

Five, DNS client verification domain name resolution

host command
  host command default is to use DNS hosts /etc/resolv.conf file to query. If this parameter is set, then use DNS to query the host set here.
  [root@aliyun ~]# host www.zhiqing.asia // host + domain name
  www.zhiqing.asia has address 159.138.63.152
  [root@aliyun ~]# host www.zhiqing.asia 8.8.8.8 //host + domain name+ Specify the DNS server address (you can specify a dns server to use, and the DNS server can also write the domain name)
  Using domain server:
  Name: 8.8.8.8
  Address: 8.8.8.8#53   Aliases
  :
www.zhiqing.asia has address 159.138.63.152
  [ root@aliyun ~]# host -a www.zhiqing.asia 8.8.8.8 // -a details

nslookup command
  [root@aliyun ~]# nslookup www.zhiqing.asia // resolve the IP address corresponding to the domain name
  Server: 114.114.114.114
  Address: 114.114.114.114#53
  Non-authoritative answer:
  Name: www.zhiqing.asia
  Address: 159.138 .63.152
  [root@aliyun ~]# nslookup server // View the DNS server under this machine's /etc/resolv.conf\Server
: 114.114.114.114
  Address: 114.114.114.114#53
  ** server can't find server: NXDOMAIN

Six, configure DNS

1. Modify the network card configuration file (take effect after restart, the content in /etc/resolv.conf will be overwritten)
2. Modify the DNS configuration file (take effect immediately, without affecting the content in the network card configuration file)

Guess you like

Origin blog.csdn.net/kakaops_qing/article/details/109297014
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com