foreword
This article is from the book "In-depth Analysis of Java Web Technology", because I am not particularly familiar with DNS, and the part about DNS in this book has been described in more detail, so I directly use the content in the book. The old rules, do not copy, do not paste, all content is hand-typed, learning and understanding while typing.
DNS domain name resolution
We know that the Internet publishes and requests resources through URLs, and the domain name in the URL needs to be resolved into an IP address to establish a connection with a remote host. How to resolve a domain name into an IP address belongs to the scope of DNS resolution.
It is no exaggeration to say that although we usually do not feel the existence of DNS resolution when surfing the Internet, once DNS resolution goes wrong, it may lead to a very serious Internet disaster. At present, the entire Internet in the world has several DNS root domain name servers. If any root server fails, the consequences will be very serious.
DNS domain name resolution process
When we enter www.abc.com in the browser, there will be nearly 10 steps in DNS resolution. This process can be roughly represented by a picture:
The whole process is generally described as follows, in which the first two steps are completed locally, and the last eight steps involve the real domain name resolution server:
1. The browser will check whether there is a resolved IP address corresponding to the domain name in the cache. If there is one in the cache, the parsing process will end. The browser cache domain name is also limited, not only the browser cache size is limited, but also the cache time is limited, usually ranging from a few minutes to a few hours. The time limit for the domain name to be cached can be set through the TTL attribute. The cache time is too long or too short. If the time is too long, once the IP address to which the domain name is resolved changes, the domain name cached by the client cannot be resolved to the changed IP address, so that the domain name cannot be normal. Analysis, some users cannot access the website during this period. If the setting time is too short, it will cause users to re-resolve the domain name every time they visit the website.
2. If there is no data in the user's browser cache, the browser will check whether there is a DNS resolution result corresponding to the domain name in the operating system cache. In fact, the operating system also has a process of domain name resolution. In Windows, it can be set through the C:\Windows\System32\drivers\etc\hosts file. In Linux, it can be set through the /etc/hosts file. Users can resolve any domain name. to any accessible IP address. For example, we can resolve a domain name to a test server during testing, so that we can test whether the business logic of the code on a separate server is correct without modifying any code. It is precisely because of this local DNS resolution procedure that a hacker may modify the user's domain name to resolve a specific domain name to his designated IP address, resulting in these domain names being hijacked.
3. When the first two processes cannot be resolved, the "DNS server address" in our network configuration must be used. The operating system will send the domain name to the LDNS, which is the domain name server for the local area. This DNS usually provides a DNS resolution service for the user's local Internet access. For example, if the user accesses the Internet in a school, then the user's DNS server must be in the school; if the user accesses the Internet in a community, then the user's DNS is the second The application provider that provides access to the Internet, namely China Telecom or China Unicom, also known as SPA, then the DNS is usually located in a certain corner of the city where the user is located, not very far. In the Windows environment, enter ipconfig through the command line, and in the Linux environment, you can query the configured DNS server through cat /etc/resolv.conf. The performance of this specialized domain name resolution server will be very good. They generally cache the domain name resolution results. Of course, the cache time is controlled by the expiration time of the domain name. About 80% of domain name resolution ends here, so LDNS is mainly responsible for domain name resolution.
4. If LDNS still does not hit, go directly to the Root Server domain name server to request resolution
5. The root domain name server returns a queried primary domain name server (gTLD Server) address to the local domain name server. gTLD is an international top-level domain name server, such as .com, .cn, .org, etc. There are only about 13 in the world
6. The local domain name server LDNS sends a request to the gTLD server returned in the previous step
7. The gTLD server that accepts the request finds and returns the address of the Name Server domain name server corresponding to the domain name. This Name Server is usually the domain name server registered by the user. For example, the domain name applied by the user in a domain name service provider, then this domain name resolution task It is done by the server of this domain name provider
8. The Name Server domain name server will query the stored mapping relationship table between domain names and IPs. Under normal circumstances, the target IP address will be obtained according to the domain name, and a TTL value will be returned to the DNS Server domain name server.
9. Return the IP and TTL value corresponding to the domain name. LDNS will cache the corresponding relationship between the domain name and IP. The cache time is controlled by the TTL value.
10. Return the result of the resolution to the user, the user caches it in the local system cache according to the TTL value, and the domain name resolution process ends
In the actual DNS resolution process, there may be more than these 10 steps. For example, the Name Server may have many levels, or there may be a GTM for load balancing control, which may affect the domain name resolution process.
Clear cached domains
We know that DNS domain name resolution will cache the resolution results, which are mainly cached in two places:
1、Local DNS Server
2. The user's local machine
These two caches are controlled by the TTL value and the size of the local cache, but the maximum cache time is the TTL value. Basically, the cache time of the Local DNS Server is controlled by the TTL. It is difficult to manually intervene, but our local cache can pass Clear as follows:
1. In the Windows environment, you can execute the ipconfig /flushdns command from the command line to refresh the cache, as shown in the figure
2. In the Linux environment, you can clear the cache through /etc/init.d/nscd restart, because the virtual machine installed on my home computer is relatively stuck, so I will not take screenshots
Rebooting is still the first choice for solving many problems.
In Java applications, the JVM will also cache the DNS resolution results. This cache is done in the InetAddress class, and the cache time is quite special. It has two cache strategies:
1. Correct parsing result cache
2. Failed to resolve the result cache
These two cache times are controlled by two configuration items. The configuration items are configured in the %JAVA_HOME%\lib\security\java.security file. These two configuration items are networkaddress.cache.ttl and networkaddress.cache.negative. ttl, their default values are -1 (never invalid) and 10 (cached for 10 seconds). You can directly modify these two values. You can also add -Dsun.net.inetaddr.ttl to the Java startup parameters. =xxx to modify the default value, or dynamically modify it through the InetAddress class.
Several domain name resolution methods
Domain name resolution records are mainly divided into A records, MX records, CNAME records, NS records and TXT records:
1. A record
A stands for Address, which is used to specify the IP address corresponding to the domain name. For example, assign item.taobao.com to 115.238.23.xxx, and assign switch.taobao.com to 121.14.24.xxx. A record can resolve multiple domain names to one IP address, but cannot resolve one domain name to multiple IP addresses
2. MX records
Mail Exchange means that you can point the mail server under a domain name to your own Mail Server. For example, the IP address of the A record of the taobao.com domain name is 115.238.25.xxx. If the MX record is set to 115.238.25.xxx, that is, xxx For the mail routing of @taobao.com, DNS will send the mail to the server where 115.238.25.xxx is located, and if it is requested through the web normally, it will still resolve to the IP address of the A record
3. CNAME record
Canonical Name, that is, alias resolution. The so-called alias resolution means that one or more aliases can be set for a domain name, such as resolving aaa.com to bbb.net, and resolving ccc.com to bbb.net, where bbb.net is aaa.com and ccc.com respectively alias
4. NS records
Specify a DNS resolution server for a domain name, that is, the domain name is resolved by the DNS server of the specified IP address
5. TXT record
为某个主机名或域名设置说明,如可以为ddd.net设置TXT记录为"这是XXX的博客"这样的说明