Computer Network Learning 07 (Detailed Explanation of DNS Domain Name System)

DNS(Domain Name System) domain name management system is the first important protocol used when users use a browser to access a website. What DNS needs to solve is the mapping problem between domain names and IP addresses.

In actual use, there is a situation where a browser can learn the mapping between a domain name and an IP address without using DNS. The browser maintains a hostslist locally. Generally speaking, the browser first checks whether the domain name to be accessed is in hoststhe list, and if so, directly extracts the corresponding IP address record. If there is no domain name-IP correspondence record in the local hosts list, then DNS will come into play.

The current DNSdesign adopts that 分布式、层次数据库结构DNS is an application layer protocol, based UDPon the protocol, and the port is 53.

DNS servers can be divided into the following levels from bottom to top (all DNS servers belong to one of the following four categories):

• Root DNS server. Root DNS servers provide the IP addresses of the TLD servers. At present, there are only 13 groups of root servers in the world, and there is still no root server in my country.
• Top-level domain DNS servers (TLD servers). The top-level domain refers to the suffix of the domain name, such as com, org, net, and edu. Countries also have their own top-level domains, such as uk, fr, and ca. The TLD server provides the IP address of the authoritative DNS server.
• Authoritative DNS server. Every organization with publicly accessible hosts on the Internet must provide publicly accessible DNS records that map the names of those hosts to IP addresses.
• Local DNS server. Every ISP (Internet Service Provider) has its own local DNS server. When a host makes a DNS request, the request is sent to a local DNS server, which acts as a proxy and forwards the request up the DNS hierarchy. Strictly speaking, not part of the DNS hierarchy.

1. DNS workflow

The following figure is taken as an example to introduce the DNS query resolution process. The query resolution process of DNS is divided into two modes:

• iteration
• recursion

The figure below is the method often used in practice. The query from the requesting host to the local DNS server is recursive, and the rest of the queries are iterative.

Now, the host cis.poly.edu wants to know the IP address of gaia.cs.umass.edu. Assume that the local DNS server for host cis.poly.edu is dns.poly.edu and the authoritative DNS server for gaia.cs.umass.edu is dns.cs.umass.edu.

1. First, the host cis.poly.edu sends a DNS request to the local DNS server dns.poly.edu, and the query message contains the converted domain name gaia.cs.umass.edu.
2. The local DNS server dns.poly.edu checks the local cache, and finds that there is no record, and does not know where the IP address of gaia.cs.umass.edu should be, so it has to send a request to the root server.
3. The server notices that the request message contains the edu top-level domain, so it tells the local DNS that you can send a request to the TLD DNS of edu, because the IP address of the target domain name is likely to be there.
4. The local DNS obtains the TLD DNS server address of edu, sends a request to it, and asks for the IP address of gaia.cs.umass.edu.
5. The edu TLD DNS server still doesn't know the IP address of the requested domain name, but it notices that the domain name has a umass.edu prefix, so it returns to tell the local DNS that the authoritative server for umass.edu may have recorded the IP address of the target domain name.
6. This time, the local DNS sends the request to the authoritative DNS server dns.cs.umass.edu.
7. Finally, because gaia.cs.umass.edu has filed with the authoritative DNS server, and there is its IP address record here, the authoritative DNS successfully returns the IP address to the local DNS.
8. Finally, the local DNS obtains the IP address of the target domain name and returns it to the requesting host.

In addition to iterative query, there is also a recursive query as shown in the figure below. The specific process is similar to the above, but the order is different.

Also, the DNS cache is located on the local DNS server. Because there are very few root servers in the world, only more than 400, divided into 13 groups, and the number of top-level domains is also within a countable range, so the local DNS usually has cached many TLD DNS servers, so in the actual search process , without access to the root server. Root servers are usually skipped and not requested.

2. DNS message format

The DNS message format is shown in the following figure:

DNS packets are divided into query and reply packets, and the two types of packets have the same structure .

• identifier. 16 bits used to identify the query. This identifier is copied into the reply message to the query so that the client can use it to match the sent request with the received reply.
• sign. 1-bit "query/answer" flag, 0 means query message, 1 means answer message; 1-bit "authoritative" flag (when a certain DNS server is the authoritative DNS server of the requested name, and it is the answer message, using the "authoritative" flag); the 1-bit "desired recursion" flag explicitly requires the execution of a recursive query; the 1-bit "recursive available" flag is used in the reply message to indicate that the DNS server supports Recursive query.
• Number of questions, number of answer RRs, number of authoritative RRs, number of additional RRs. The numbers of occurrences of the following 4 types of data areas are respectively indicated.
• problem area. Contains the name of the host being queried, and the type of question being asked.
• answer area. Contains the resource record for the name originally requested. Multiple RRs can be included in the reply area of ​​the reply message, so a host name can have multiple IP addresses.
• authority area. Contains records from other authoritative servers.
• additional area. Contains other helpful documentation.

3. DNS records

When the DNS server responds to the query, it needs to query its own database, and the entries in the database are called resource records (Resource Record, RR). RR provides the mapping of host names to IP addresses. RR is a quadruple containing four fields: Name, Value, Type, and TTL.

TTL is the record's time to live, which determines when the resource record should be removed from the cache.

The values ​​of the Name and Value fields depend on the Type:

• If Type=A, Name is the hostname information, and Value is the IP address corresponding to the hostname. Such an RR records a mapping of hostnames to IP addresses.
• If Type=AAAA (much like A records), the only difference is that A records use IPv4, while AAAA records use IPv6.
• If Type=CNAME (Canonical Name Record, real name record), Value is the canonical host name corresponding to the host whose alias is Name. Value is the canonical host name. A CNAME record maps one hostname to another. CNAME records are used to create aliases for existing A records. Examples are below.
• If Type=NS, Name is a domain and Value is the hostname of an authoritative DNS server that knows how to obtain the IP addresses of hosts in the domain. Usually such RRs are issued by TLD servers.
• If Type=MX, Value is the canonical hostname of the mail server named Name. Now that you have an MX record, your mail server can use the same alias as other servers. In order to obtain the canonical hostname of a mail server, an MX record needs to be requested; in order to obtain the canonical hostname of another server, a CNAME record needs to be requested.