DNS & CDN & HTTPDNS Principle Analysis

Others 2022-04-22 02:40:26 views: 0

1.1. DNS & CDN & HTTPDNS Principle Analysis

background:

域名系统 DNS (Domain Name System ): As a distributed database that maps domain names and IP addresses to each other, DNS can quickly resolve domain names to corresponding IP addresses, so that we can easily access any host (or website) on the Internet.

CDN(Content Delivery Network): The basic idea is to avoid bottlenecks and links that may affect the speed and stability of data transmission on the Internet as much as possible, so that content transmission is faster and more stable.

HTTPDNS: use HTTP requests to simulate DNS requests

1.1.1. 0x00 DNS principle

DNS server type:

  • Internal DNS: It is located in the intranet, provides intranet DNS services, and also has Internet DNS caching and forwarding capabilities
  • External DNS: located in the Internet, providing Internet DNS services (including DNS caching and forwarding)
  • Primary DNS: Provides DNS services (including queries, cache writes)
  • Secondary DNS: only provides DNS query service, and synchronizes the database with the primary DNS
  • Cache-only DNS: It does not have DNS resolution capabilities, but has a DNS cache database
  • Forward DNS: With forwarding feature, it can forward DNS requests to other DNS servers
  • Authoritative DNS: There is a mapping corresponding to the DNS request in its own database
  • Non-authoritative DNS: There is no corresponding mapping, but there is a corresponding cached query result

本地 DNS: i.e. in the host's DNS settings

域名组成: [host name].[second-level domain name].[top-level domain name], so you can  树形结构 find a path from the root to the leaf according to the domain name, the leaf node is the authoritative DNS

 

Tree DNS structure.PNG

Function of DNS server:

  • Authoritative DNS, with its own resolution capabilities
  • Forward DNS
  • Cache DNS

In a local area network composed of routers, the local DNS is set to obtain automatically (router), the router DNS is set to (DNS provided by ISP), and the DNS request-response situation when the host accesses through a browser  :http://www.jianshu.com 

dns-process.png

The text description of the above image is as follows:

  1. 192.168.110.252 Access in browser http://www.jianshu.com
  2. 192.168.110.252 Check whether the  www.jianshu.com corresponding IP exists in the local hosts file
  3. If not, 192.168.110.252 continue to check whether the  www.jianshu.com corresponding IP exists in the local DNS cache
  4. If not,  192.168.110.252 initiate a DNS query request to the local DNS server
  5. After the router receives the DNS query request, it checks the router DNS cache
  6. If not, the router sends  202.202.202.202 a DNS query request to the local DSN server (ISP DNS) from the external network address.
  7. After receiving the DNS query request, the ISP DNS finds that it is not an authoritative DNS and has no corresponding cached data, so it forwards the request to  其他 DNS 服务器 :happy:
  8. 其他 DNS 服务器 After receiving the request, I also found that I was not an authoritative DNS and had no corresponding cached data, so I started to perform DNS iterative query: send the request to 根域名服务器
  9. 根域名服务器 After receiving the request, send the  顶级域名服务器 (.com) IP to 其他 DNS 服务器

10. 其他 DNS 服务器 Send DNS query requests to 顶级域名服务器

11. 顶级域名服务器 After receiving the request, send the  二级域名服务器 (jianshu.com) IP to 其他 DNS 服务器

12. 其他域名服务器 Send DNS query requests to 二级域名服务器

13. 二级域名服务器 After receiving the request, I found myself to be the authoritative DNS server, so I sent the  www.jianshu.com mapped IP  120.132.92.21 to 其他域名服务器

14. 其他域名服务器 After receiving the parsing result, it will be  120.132.92.21 passed back and forth layer by layer, until finally 192.168.110.252

15. 192.168.110.252 Receive the  www.jianshu.com parsing result  120.132.92.21 ,  www.jianshu.com establish a TCP connection with the IP, and then initiate an HTTP request for the homepage content

1.1.2. 0x01 DNS Protocol Structure

For details, see: Analyze DNS protocol with Wireshark

 

wireshark-dns.PNG

 

wireshark-cname.PNG

According to the above wireshark analysis results, it can be seen that the DNS server does not necessarily return an IP. When the domain name is an alias in the DNS request, the DNS server will return its A record;

As shown in the figure above  cdn-qn0.jianshu.io , the domain name resolution returns the CNAME type result  cname iduvrz0.qiniudns.com , which indicates that it  cdn-qn0.jianshu.io is an alias, and its cname points (A record) is iduvrz0.qiniudns.com

Because the A record is mapped to the IP, the host initiates a  iduvrz0.qiniudns.com DNS request to the DNS server again

1.1.3. 0x02 DNS Round Robin and CDN

DNS round robin:  When the authoritative DNS finds that a domain name is mapped to multiple IPs, it will use IP round robin to evenly distribute the IPs to multiple DNS requests, so as to achieve the effect of load balancing

CDN :  Due to the even distribution of DNS round-robin, the distribution cannot be optimized according to the load conditions of different servers. Even if one server goes down, DNS cannot know the situation in time and allocate the IP of the server, which will cause inaccessibility; therefore , it is necessary to add a CDN layer between the authoritative DNS and the server; on the basis of the ability to schedule and allocate servers, the CDN can synchronize the operation of the server, and then adjust the scheduling strategy in a timely manner according to the situation, so as to balance the load ability is greatly improved;

CDN features:

  • Scheduling and assigning hosts; load balancing, according to IP, network traffic, and assigning the closest CDN node with the most smooth network to achieve acceleration
  • reverse proxy
  • Static caching; caching of static resources (html, images, music, videos, etc.)
  • Prevent DDOS attacks

CDN schematic:

 

cdn.PNG

images.jianshu.com Point to (A record) by the cname  configured in the authoritative DNS server  asabc.qiniudns.com

abc.qiniudns.com Will map with  110.110.110.110, 220.220.220.220, 330.330.330.330three IPs in CDN DNS 

It is possible to images.jianshu.com accelerate the domain name through CDN

For more CDN knowledge, see:  CDN knowledge

1.1.4.  0x03 HTTPDNS

In order to prevent DNS hijacking in the traditional DNS resolution process, the DNS cache version is too old, and the user's location cannot be accurately located due to the forwarding function of the DNS server, so  HTTPDNS 为主,传统DNS为辅 the mechanism used is used to achieve fast, real-time and accurate DNS resolution, So as to provide users with a fast, safe and stable, up-to-date website access experience

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324765332&siteId=291194637
Recommended
Apache Doris version 2.0.10 is officially released!
Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs
Ranking
JS inheritance and monitoring
[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...
Java threads sharing static variable
balancap/SSD-Tensorflow使用及训练预测自己的数据集
Detailed core ES6
JS --- reverse traversal achieved Array array, the array is connected string
How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell
Linux modify the hostname method
Charging Specification BC v1.2
node的性能和java对比分析
Daily
More
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)

Code World

© 2018 codetd.com