Reference blog post: https://blog.csdn.net/zxl1990_ok/article/details/125432123
Table of contents
- References
- Introduction to DNS
- /etc/hosts local domain name IP mapping
- Linux raceroute command to query network paths
- Example of query process
- Display DNS addressing results directly
- address a specific DNS server
- Query A record
- Query AAAA records
- CNAME record
- MX records
- NS records
- PTR record
- SOA record
- View the master-slave relationship of the DNS server
References
http://ruanyifeng.com/blog/2016/06/dns.html
https://blog.csdn.net/a583929112/article/details/66499771
https://www.jianshu.com/p/813918846788
Introduction to DNS
DNS (Domain Name System) is the domain name system. The function is to find out the IP address based on the domain name.
/etc/hosts local domain name IP mapping
The so-called local domain name IP mapping refers to establishing the mapping relationship between the domain name and IP locally, without going through the domain name resolution server, and directly performing domain name resolution locally. In the Linux system, the domain name to IP mapping is described through the file /etc/hosts.
In the Linux system, the domain name to IP mapping description is written in the file /etc/hosts, and the format is as follows:
IP地址 域名[ 域名别称]
For example, we know that the IP of Code Cloud is 212.64.62.174, so we can write the IP mapping of Code Cloud domain name in the file /etc/hosts. Even if the domain name resolution server fails, it will not prevent us from accessing assets.gitee.com and gitee.com Examples of these two domain names are as follows:
127.0.0.1 localhost
127.0.1.1 xia-pc
# 新加入码云域名IP映射
212.64.62.174 assets.gitee.com gitee.com
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Linux raceroute command to query network paths
Through traceroute, we can know what path the information takes from your computer to the host at the other end of the Internet.
Linux Network Communication: Detailed Explanation of the traceroute Command
Analysis of traceroute command results
Example of query process
We usedig(Dig is a tool for querying DNS including NS records, A records, MX records and other related information in Unix-like command line mode) to display wwww.baidu.com DNS query process.
dig www.baidu.com
The above command will output six pieces of information:
The first paragraph is query parameters and statistics:
; <<>> DiG 9.10.6 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17163
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 7
in
; <<>> DiG 9.10.6 <<>> www.baidu.com
;; global options: +cmd
It is the dig version (version 9.10.6) and the input parameter information.
The rest is some DNS header information. The status value is NOERROR, which means the query is successful.
The second paragraph is the query content:
;; QUESTION SECTION:
;www.baidu.com. IN A
The above results show that when querying the A record of the domain name www.baidu.com, A is the abbreviation of address
and IN is a fixed keyword.
The third paragraph is the reply from the DNS server:
;; ANSWER SECTION:
www.baidu.com. 600 IN CNAME www.a.shifen.com.
www.a.shifen.com. 600 IN A 14.215.177.38
www.a.shifen.com. 600 IN A 14.215.177.39
The above results show that www.baidu.com has a CNAME record, and CNAME means that the information queried for www.baidu.com is actually the A record returned by www.a.shifen.com; there are two A records, that is, two IP addresses. 600 is the TTL value (abbreviation for Time to live), indicating the cache time, that is, no need to re-query within 600 seconds
The fourth paragraph is to display the NS records of www.baidu.com (abbreviation of Name Server), that is, which servers are responsible for managing the DNS records of www.baidu.com:
;; AUTHORITY SECTION:
a.shifen.com. 714 IN NS ns1.a.shifen.com.
a.shifen.com. 714 IN NS ns5.a.shifen.com.
a.shifen.com. 714 IN NS ns2.a.shifen.com.
a.shifen.com. 714 IN NS ns4.a.shifen.com.
a.shifen.com. 714 IN NS ns3.a.shifen.com.
The above results show that www.baidu.com has 5 NS records, that is, 5 domain name servers, and you can know the IP address of www.baidu.com by querying any one of them.
NS refers to the server host name, inAUTHORITY SECTIONThe hostname of the server inside will be inADDITIONAL SECTIONThe IP address of the host is given here.
The fifth paragraph is the IP address of the above five domain name servers, which is returned together with the previous paragraph:
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 165 IN A 110.242.68.42
ns2.a.shifen.com. 162 IN A 220.181.33.32
ns3.a.shifen.com. 396 IN A 112.80.255.253
ns4.a.shifen.com. 101 IN A 14.215.177.229
ns5.a.shifen.com. 589 IN A 180.76.76.95
ns5.a.shifen.com. 119 IN AAAA 240e:940:603:a:0:ff:b08d:239d
ns5.a.shifen.com. 119 IN AAAA 240e:bf:b801:1006:0:ff:b04f:346b
The A (Address) record is used to specify the IP address record corresponding to the domain name. At the same time, it can also set the subdomain name of the domain name. The target address of the A record can only use the IP address.
AAAA is used to specify the IPv6 address record corresponding to the host name (or domain name)
The sixth paragraph is some transmission information of the DNS server:
;; Query time: 5 msec
;; SERVER: 202.103.24.68#53(202.103.24.68)
;; WHEN: Thu Jun 23 10:48:49 CST 2022
;; MSG SIZE rcvd: 316
The above results show that the query takes 5ms, the local DNS server is 202.103.24.68, the query port is 53 (the default port of the DNS server), the query is performed at 2022-06-23 10:48:49, and the length of the response is 316 bytes
Display DNS addressing results directly
Use the +short parameter, so that the console directly returns the IP address corresponding to the domain name
dig +short www.baidu.com
www.a.shifen.com.
14.215.177.39
14.215.177.38
The above command only returns 1 cname alias and 2 IP addresses corresponding to www.baidu.com (ie A record)
address a specific DNS server
This machine only queries its own DNS server. The dig command has an @ parameter, which displays the results of queries to other DNS servers. We use Google's 8.8.8.8 public DNS server to find the DNS resolution result of the www.baidu.com domain name:
dig @8.8.8.8 www.baidu.com
The execution results (partial) are as follows:
;; ANSWER SECTION:
www.baidu.com. 14 IN CNAME www.a.shifen.com.
www.a.shifen.com. 197 IN CNAME www.wshifen.com.
www.wshifen.com. 197 IN A 103.235.46.40
From the returned results, we can see that when we addressed the 8.8.8.8 DNS server, it returned 2 CNAMEs and 1 IP address. It is different from the result returned when we address the local DNS server. This shows that the resolution records stored by different DNS servers are different, and it does not mean that a certain DNS server is wrong.
If you only want to display the content of "ANSWER SECTION", you can use +noall +answer
Query A record
The A (Address) record is used to specify the IPv4 address record corresponding to the domain name. At the same time, the subdomain name of the domain name can also be set. The target address of the A record can only use the IP address.
When there are multiple A records for the same domain name, it means round robin, which can achieve the purpose of load balancing.
dig a www.baidu.com
The execution results (partial) are as follows:
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 600 IN CNAME www.a.shifen.com.
www.a.shifen.com. 600 IN A 14.215.177.39
www.a.shifen.com. 600 IN A 14.215.177.38
As you can see, one CNAME, two IP addresses
Query AAAA records
AAAA records are DNS records used to resolve domain names to IPv6 addresses, and are the same as A records in other respects.
dig aaaa ns5.a.shifen.com.
The execution results (partial) are as follows:
; <<>> DiG 9.10.6 <<>> aaaa ns5.a.shifen.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28220
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns5.a.shifen.com. IN AAAA
;; ANSWER SECTION:
ns5.a.shifen.com. 600 IN AAAA 240e:940:603:a:0:ff:b08d:239d
ns5.a.shifen.com. 600 IN AAAA 240e:bf:b801:1006:0:ff:b04f:346b
You can see that ns5.a.shifen.com has two AAAA records
CNAME record
CNAME records are used to assign a domain namemapTo another domain name, when DNS encounters a CNAME record, it will restart the query with the mapped target. The target address of the CNAME record can only use the domain name, not the IP address. The A record takes precedence over the CNAME record. If a domain name has both the A record and the CNAME record, the CNAME record does not take effect.
dig cname www.baidu.com
The execution results (partial) are as follows:
;; ANSWER SECTION:
www.baidu.com. 600 IN CNAME www.a.shifen.com.
It can be seen that the CNAME is www.a.shifen.com.
That is to say, when the user queries www.baidu.com, the IP address of www.a.shifen.com is actually returned.The advantage of this is that when changing the server IP address, you only need to modify the domain name www.a.shifen.com, and the user’s www.baidu.com domain name does not need to be modified。
Since the CNAME record is a replacement, once the CNAME record is set for the domain name, no other records (such as A record and MX record) can be set, this is to prevent conflicts. For example, foo.com points to bar.com, and both domains have their own MX records. If the two domains do not match, there will be problems. Because top-level domains usually need to set MX records, users are generally not allowed to set CNAME records for top-level domains.
MX records
The MX record is used to specify the mail server responsible for processing the mail sent to the recipient's domain name. The MX record allows setting a priority. The smaller the number, the higher the priority. When multiple mail servers are available, the delivery will be determined based on this value mail server. The target address of the MX record can use domain name or IP address.
The domain name in the MX record must be able to map to one or more address records of type A or AAAA in DNS, and according to RFC2181, pointing to CNAME records is prohibited in principle.
dig mx www.baidu.com
The execution results (partial) are as follows:
;; ANSWER SECTION:
www.baidu.com. 350 IN CNAME www.a.shifen.com.
;; AUTHORITY SECTION:
a.shifen.com. 600 IN SOA ns1.a.shifen.com. baidu_dns_master.baidu.com. 2206230007 5 5 2592000 3600
You can see that it returns a record of type SOA, which indicates that the MX record of www.baidu.com does not exist.
NS records
The NS record is used to specify which server the domain name is resolved by, and the target address of the NS record can use a domain name or an IP address.
dig ns baidu.com
The execution results (partial) are as follows:
;; ANSWER SECTION:
baidu.com. 86400 IN NS ns7.baidu.com.
baidu.com. 86400 IN NS ns4.baidu.com.
baidu.com. 86400 IN NS ns2.baidu.com.
baidu.com. 86400 IN NS ns3.baidu.com.
baidu.com. 86400 IN NS dns.baidu.com.
You can see that baidu.com has a total of 5 NS resolution results, namely: ns7.baidu.com, ns4.baidu.com, ns2.baidu.com, ns3.baidu.com, dns.baidu.com.
Note: Entering dig ns www.baidu.com will not find any NS records, because only the first-level domain name (or top-level domain name) has NS records
PTR record
PTR records are used to look up domain names from IP addresses. The -x parameter of the dig command is used to query the PTR record
dig -x 192.30.252.153
The execution results (partial) are as follows:
;; ANSWER SECTION:
153.252.30.192.in-addr.arpa. 3315 IN PTR lb-192-30-252-153-iad.github.com.
Above we query the domain name corresponding to 192.30.252.153, and the query result shows that the domain name corresponding to this IP is: lb-192-30-252-153-iad.github.com., which is a second-level domain name of github
SOA record
SOA (start of authority) authority records, recording which of the ns is the main server
In the previous NS query, 5 servers that can resolve subdomain names under baidu.com are displayed. The SOA can be used to query which is the main server of the authority.
dig soa baidu.com
The execution results (partial) are as follows:
;; ANSWER SECTION:
baidu.com. 7200 IN SOA dns.baidu.com. sa.baidu.com. 2012145453 300 300 2592000 7200
View the master-slave relationship of the DNS server
In the dig command above, we can see that when resolving a domain name, we often find that there are multiple DNS servers providing resolution services. This is because DNS servers generally require at least two.Prevent server downtimeThe case where domain name resolution cannot be provided. So many servers, who will respond to this DNS request? It depends on how the server administrator sets the master-slave relationship (Master-Slave) of each server. You can also view the master-slave relationship of the DNS server through the dig command.
dig -t soa www.baidu.com
The execution results are as follows:
SOA (start of authority) provides information about the DNS master server. After soa, we can see 7 parameters, in order:
- DNS primary server name;
- Administrator's E-mail, here is [email protected], because @ has a special role in the database file, so here is replaced by .;
- Update sequence number. Indicates whether the database file is new or old, and is generally expressed by time. Here 2206230007 means that an update was carried out on June 23, 2022, and the update number of the day is 0007;
- update frequency. Indicates that every 5 seconds, the slave server will request update information from the master server;
- Failure retry time, when the slave server cannot request information from the master server due to some reasons, it will retry once every 5 seconds;
- Expiration time. If the retry fails all the time, when the cumulative retry time reaches 2592000 seconds, no more information will be requested from the main server;
- cache time. Default TTL cache time