I. Overview
DNS is an acronym for Domain Name System (DomainNameSystem), the system used to name the organization hierarchy to the domain computer and network services. Domain names are separated by dots composed of a string of words or abbreviations, each domain name corresponds to a unique IP address on the Internet between domain names and IP addresses is one to one, DNS domain name server is to be resolved. DNS name for the Internet and other TCP / IP network, find the computers and services through user-friendly names. DNS is an Internet service core, it acts as a distributed database of domain names and IP addresses can be mapped each other.
DNS protocol is used to resolve domain names into IP addresses of a protocol, of course, also possible to convert an IP address into a domain name of the protocol.
The system authority of an organization, maintaining correspondence between the IP and hostname of each host within the system
If the new computer access network, this information will be registered in the database
When users enter the domain name will automatically query the DNS server, the DNS server searches the database to obtain the corresponding IP address
We can see your hosts file from the command: cat / etc / hosts, priority will still be to find the contents of the hosts file in the process of domain name resolution.
DNS protocol it based on the UDP and TCP protocols, port number 53, the user to the server using UDP, DNS server communicate using TCP
Large operators, Internet agencies will provide free DNS service to the public, for example, Google's Alibaba 223.5.5.5 223.6.6.6 8.8.8.8 8.8.4.4
If the DNS server is down, you can only access the service through the IP address of the
1.1 domain structure
Domain name system must be unique.
In order to achieve the purpose of the uniqueness of the Internet naming when using the naming hierarchy:
1. Each domain (discussed herein only English name) is a sequence of labels (Labels), letters (AZ, az, case equivalent), numbers (0-9) and the hyphen (-) Composition
2. Reference numeral sequences be no more than 255 characters, which is divided into a number of dot label (label)
3. Each label should be within 63 characters of each grade level can be seen as a domain name.
4. lowest level domain names written on the left, the highest level domain names written on the right
The domain name of the hierarchy, as shown below:
Description: www.baidu.com
1. com:. Level domain indicates that this is a business domain name. As well as the same level of "net" (network providers), "org" (comes in handy non-profit organization) and so on.
2. baidu: secondary domain name, referring to the company name.
3. www: just an idiom.
1.2, domain classification
For example: xxx.yyy.zzz.com
From the com top-level domain is the right to left are: two domain names, domain name three, four domain names
Classification domain: domain can be divided into various sub-domains, subdomains can continue to be divided into sub-domain sub-domain, thus forming a top-level domains, two fields, three fields, etc.
Where the top-level domain is divided into: national top-level domains, gTLDs, reverse domain name.
Where the top-level domain is divided into: national top-level domains, gTLDs, reverse domain name.
| Top-level domain | China: cn, United States: us, the British uk ... |
|---|---|
| GTLDs | com companies, edu educational institutions, gov government, int international organizations, mil military, net net, org non-profit organization ... |
| Reverse Domain Name | arpa, for PTR query (IP address into a domain name) |
1.3, Domain Name Server
A domain name is hierarchical structure, but also the corresponding domain name server hierarchy.
With domain structure, also need to have a thing to resolve domain names throughout the world by the need to resolve the domain name server, domain name server is actually equipped with a host domain name system.
From high to low hierarchical can be divided into the following categories:
1, the root name servers
The main root server used to manage the home directory of the Internet.
All the root servers are managed by the US government granted Internet Corporation for Assigned Names and Numbers ICANN number of unified management, responsible for the global Internet domain name root servers, domain name system and IP address management.
There are 13 root servers worldwide. A main root server architecture as a root server, placed in the United States. The remaining 12 were supplemented by the root servers, 9 placed in the United States, two in Europe, the UK and Sweden, 1 in Asia, in Japan. It is said that in the main root server system and a more advanced, hidden master server, of course, also in the United States, and all the world's top-level domain is the parent of this server determined.
Chinese do not have a root server. Inside mainland China is only 6 group root server mirroring (F, I (3 units), J, L). When you send a request to a root server, the request is routed to the root server of your nearest mirror server.
2, the top-level domain name server
Responsible for managing all of the second-level domain
3, domain name server authority
Responsible for managing a region. When a domain name server authority can not give a final answer to the query, it will tell the DNS client processes the query request, which the next step should be to find a domain name server authority;
4, the local domain name server
After can be seen as the default domain name server, DNS client process receives a domain name sent from the host, will first send a query request to the domain name server
Note: The United States controls the root DNS server, it controls all of the corresponding domain name and IP address, it is clear that other countries, there is mortal danger. If one day the United States shielding the domain name of a country, then their IP addresses will not be resolved out of these domain names pointing to a site will disappear from the Internet. Thus the association, if the ".cn" domain name is deleted from the system, even in China will be assigned to use the IP address to cancel it, China will become the backbone of international spectators.
So, from the national security point of view the Internet, we need a root server. Despite Chinese government blocked foreign websites do not say, for national security of our country as a whole, the right to speak in the Internet, China Internet Network Information Center, CNNIC has been trying to apply to ICANN for a root server, the Chinese website can be protection.
Second, DNS
2.1, the resolution process
DNS in general can be divided into two steps,
The first step is that the unit makes a DNS request packet to the local domain name server, where the message carries the domain name to be queried;
The second step is a local domain name server response to a DNS native response packet, which contains the IP address corresponding to the domain name. From the following jocent.medomain name resolution packets it will be apparent these two steps. Note: The second big step uses an iterative query, in fact, contains a lot of small steps, as detailed in the following process analysis.
DNS can be divided into general about the process:
(1) enter the domain name, first look for the domain name server host their own corresponding domain name server to look up data their own databases.
(2) if not, to find the superior domain name server, and so on
(3) Up back to the roots domain name server, be sure to find the IP address of the domain name
(4) domain name server itself will do some caching, who visited the domain name and corresponding IP address cached, it can speed up the discovery process
DETAILED be described as follows:
1. Host recursive queries Xianxiang local domain name server
2. The local domain name server uses an iterative query, the query to a root name server
3. root name server tells the local name server should query the next top-level domain server's IP address
4. local domain name server queries the TLD name server
5. the top-level domain server told local domain name server, the next server's IP address query authority
6. local authority domain name server queries to the server
7. the server tells the host local authority domain name server query IP address
8. Finally, the local domain name server query results tell the host
Recursive queries, and iterative queries
(1) recursive query: it emits a query request, waiting for the final results to the local domain name server. If the local domain name server can not resolve their own queries to other name servers as a DNS client, until final IP address to the machine
(2) iterative query: local domain name server queries the root name servers, root name servers to tell it Next go inquiry, then go check it every time it is the identity of the client server to each query.
Three, DNS packet format
You can view the actual packet capture via wireshark case, dns filter
3.1, the headers and data
3.1.1 head
1、会话标识(2字节):是DNS报文的ID标识,对于请求报文和其对应的应答报文,这个字段是相同的,通过它可以区分DNS应答报文是哪个请求的响应
2、标志(2字节):
| QR(1bit) | 查询/响应标志,0为查询,1为响应 |
| opcode(4bit) | 0表示标准查询,1表示反向查询,2表示服务器状态请求 |
| AA(1bit) | 表示授权回答 |
| TC(1bit) | 表示可截断的 |
| RD(1bit) | 表示期望递归 |
| RA(1bit) | 表示可用递归 |
| rcode(4bit) | 表示返回码,0表示没有差错,3表示名字差错,2表示服务器错误(Server Failure) |
3、数量字段(总共8字节):Questions、Answer RRs、Authority RRs、Additional RRs 各自表示后面的四个区域的数目。Questions表示查询问题区域节的数量,Answers表示回答区域的数量,Authoritative namesversers表示授权区域的数量,Additional recoreds表示附加区域的数量
3.1.2、正文
1、Queries区域
a》查询名:长度不固定,且不使用填充字节,一般该字段表示的就是需要查询的域名(如果是反向查询,则为IP,反向查询即由IP地址反查域名),一般的格式如下图所示。
b》查询类型
| 类型 | 助记符 | 说明 |
| 1 | A | 由域名获得IPv4地址 |
| 2 | NS | 查询域名服务器 |
| 5 | CNAME | 查询规范名称 |
| 6 | SOA | 开始授权 |
| 11 | WKS | 熟知服务 |
| 12 | PTR | 把IP地址转换成域名 |
| 13 | HINFO | 主机信息 |
| 15 | MX | 邮件交换 |
| 28 | AAAA | 由域名获得IPv6地址 |
| 252 | AXFR | 传送整个区的请求 |
| 255 | ANY | 对所有记录的请求 |
c》查询类:通常为1,表明是Internet数据
2、资源记录(RR)区域(包括回答区域,授权区域和附加区域)
该区域有三个,但格式都是一样的。这三个区域分别是:回答区域,授权区域和附加区域
a》域名(2字节或不定长):它的格式和Queries区域的查询名字字段是一样的。有一点不同就是,当报文中域名重复出现的时候,该字段使用2个字节的偏移指针来表示。比如,在资源记录中,域名通常是查询问题部分的域名的重复,因此用2字节的指针来表示,具体格式是最前面的两个高位是 11,用于识别指针。其余的14位从DNS报文的开始处计数(从0开始),指出该报文中的相应字节数。一个典型的例子,C00C(1100000000001100,12正好是头部的长度,其正好指向Queries区域的查询名字字段)。
b》查询类型:表明资源纪录的类型,见1.2节的查询类型表格所示
c》查询类:对于Internet信息,总是IN
d》生存时间(TTL):以秒为单位,表示的是资源记录的生命周期,一般用于当地址解析程序取出资源记录后决定保存及使用缓存数据的时间,它同时也可以表明该资源记录的稳定程度,极为稳定的信息会被分配一个很大的值(比如86400,这是一天的秒数)。
e》资源数据:该字段是一个可变长字段,表示按照查询段的要求返回的相关资源记录的数据。可以是Address(表明查询报文想要的回应是一个IP地址)或者CNAME(表明查询报文想要的回应是一个规范主机名)等。
3.2、基础命令
- Windows环境下清空DNS缓存的命令是
ipconfig/flushdns也可以通过重启DNS client 和 DHCP client 两项服务清空DNS缓存 - Windows环境下可以用命令
ipconfig /displaydns来查看DNS缓存的内容 nslookup命令可以用来查看域名对应的IP地址