My girlfriend suddenly asked me what DNS is...

[[357457]]

This article is reprinted from the WeChat public account "Random Knocking Code", the author is Random Knocking Code. Please contact the Random Knocking Code public account to reprint this article.

Tonight I was lying on the bed and browsing my phone, and my girlfriend suddenly said her computer was broken. She said she couldn't get online even with the WiFi, and asked me to check it for her. (Is this the benefit of having a programmer boyfriend??)

Then I took the computer and found that there would be a DNS resolution error when accessing the webpage, and I immediately located the problem. The solution was very simple. I just changed the DNS resolution address and then typed ipconfig /flushdns in CMD to solve it. But she suddenly asked me what DNS was. So I told her...

text

Just like when we make a phone call, if you want to call your friend, you must know his mobile phone number before you can establish communication. The mobile phone number here refers to the IP address, because TCP/IP is used for communication in computer networks, and TCP/IP determines the communication object through the IP address, and the IP address is composed of numbers and dots 12.11.12.11. If you don't have an IP address, it's like you don't know your friend's mobile phone number but want to call him. Is this reasonable?

But when you visit a website, you don't enter the IP address, but a name to visit the website. This name is used to convert the machine name that is convenient for people to use into an IP address, and the full name of DNS is Domain Name System. Why use domain names instead of IPs? In fact, it is because IPs are difficult to remember. If you don't believe me, try to remember ten IPs for me.

The Domain Name System is actually a name system. Why is it called a "domain name" instead of a "name"? This is because many "domains" are used in this Internet naming system, so the term "domain name" appears. The "Domain Name System" clearly indicates that this system is used in the Internet.

For example, if you want to visit the domain name www.baidu.com, you need to entrust the operating system to help you query the IP address of the target website, which is invisible to the user. According to the above example, if you are asked to remember your friend's mobile phone number, it will definitely be difficult. At this time, if you have a phone book, you only need to add a note to each mobile phone number. If you want to contact someone, you only need to check his mobile phone number in the phone book. You can think of DNS as a huge phone book. This kind of DNS is not only applicable to IPV4 but also to IPv6. At the same time, DNS belongs to the application layer and provides help for application layer software.

Interaction process:

Domain name structure

Domain name naming adopts a hierarchical tree structure naming method. For example, Baidu's domain name should be www.baidu.com.root is generally abbreviated as www.baidu.com. The . represents the root of the domain name. The subsequent structure is divided into top-level domain names, second-level domain names, third-level domain names, etc. Domain names after the second level are generally called subdomains. As shown in the figure:

From the above picture, we can see that the domain name is composed of multiple parts. Each part is separated by . and then connected together. The rightmost part is the root domain name. The root domain name is invisible to users. Generally, the domain names we see are like this:

Each level of domain name does not exceed 63 characters (mainly for easy memorization). In addition, domain names are not case-sensitive, but generally use lowercase. DNS does not define the meaning of each level of domain name nor limit the level of domain names. Domain names at each level are managed by the domain name organization at the next level, and the highest top-level domain name is managed by ICANN. The advantage of this is that each domain name is unique on the Internet and it is easy to design a mechanism to query domain names.

Previously, domain names were divided into three categories:

• National top-level domain name nTLD: for example, .cn represents China, .us represents the United States, .uk represents the United Kingdom, etc.
• Generic top-level domain name gTLD: The earliest top-level domain name is
  • com represents companies and enterprises
  • net stands for network service organization
  • org Non-profit organization
  • edu educational institution
  • gov government department
  • int American military organization
• Infrastructure domain name: There is only one infrastructure domain name, which is arpa used for reverse resolution, generally referred to as the reverse domain name.

Considering that the domain name system is a hierarchical tree structure, the structure of the domain name system on the Internet is as follows:

Now there is another question. As mentioned above, there are many domain names, so how do you search for them? If it is a com domain name, do you search for it on the com domain name? If it is a net domain name, do you search it on the net server?

DNS Server

If we follow the domain name structure above, each domain name needs a server. Now there are many domain names on the Internet, so many domain name servers are needed. And too many servers will also affect the speed of domain name query. And it is impossible to store all domain names in one server. Therefore, in DNS, the server adopts the partition method to solve the above problems.

In DNS, the scope of a server is called a zone. Each unit divides its own zone according to its own situation. Every node in the zone under its jurisdiction can be connected. Then each zone has its own authoritative domain name server, which is used to store the mapping of all domain names and IPs.

Therefore, DNS does not use domains as units but zones as units. It is relatively simple to understand the concept of zones.

In fact, the root domain name can be regarded as a country and the top-level domain name is a province. Similarly, the second-level domain name is a city-level unit, and the third-level domain name is a county-level unit and a town unit.

From the above picture, we can see that a.com is a city and the nodes below it are under the jurisdiction of a.com. Then they only need one authoritative domain name server to complete the resolution of all subdomains under a.com. Therefore, in the DNS server, the category is not based on the domain but on the zone. The zone is the actual jurisdiction of the DNS server. In the above picture, the relationship between a zone and a domain is equal. Then look at the picture below.

At this time, cacom is also divided into a zone, but it belongs to the a.com domain. At this time, their relationship is that the domain is greater than the zone. Because they belong to the a.com domain, and under the a.com domain, there is another cacom zone. One zone requires one server, so now there are two zones, which means two authoritative domain name servers are needed. Now there is another question: what is an authoritative domain name server?

In fact, there are also distinctions between servers in DNS

It is divided into three categories: root domain name server, top-level domain name server, and authoritative domain name server.

• The root domain name server is the highest level domain name server. The root domain name server knows the addresses of all top-level domain name servers. During the resolution process, if the local DNS server cannot resolve, it will go to the root server for query. So if the root server is paralyzed, all DNS servers will not work. The root server does not do the resolution work, it is only responsible for telling you which top-level server to query next time.
• The top-level domain name server is responsible for managing the second-level domain names registered on the top-level domain name server.
• The authoritative domain name server is mainly responsible for managing a zone's servers.

How to query DNS

After the browser gets the input domain name, it will first check whether there is a record in the browser's DNS cache. If it exists, it will return directly. If not, it will query the cache of the operating system. If the operating system has no cache, it will check the local HOST file. If there is no record in the HOST file, it will go to the local DNS service. If the local DNS server also has no record, it can only go to the root server to query. These DNS servers are generally provided by network operators, or you can set them manually. There are a total of 13 root servers in the world, and the domain name servers are named "A" to "M". One main root server is in the United States, and the other 12 are auxiliary root servers, including 9 in the United States, 2 in Europe, located in the United Kingdom and Sweden, and 1 in Asia, located in Japan. All servers are managed by ICANN.

Let's complete the query steps:

1. Client browser cache, if there is no cache, query the operating system cache, if not, query the HOST file, if still not, query the local DNS server

2. The local DNS server queries whether there is a local cache. If not, it queries the root server.

3. The root server returns the query domain to the local DNS server, and then the local DNS server queries again

4. The local DNS server returns the query results to the client and caches the results.

The following figure is a flowchart for querying a.com:

There are two ways for DNS to query the IP address of a domain name: recursive query and iterative query.

Iteration query

Iterative query is when the local server queries the root server. It is usually done by iterative query. The characteristic of iterative query is that when the root domain name server receives the query request from the local DNS server, it will tell the local server to query the top-level server, and then the local DNS server will go to the top-level server. If the top-level server tells the local server the address of the authority server it knows, then the local server will query the authority server. After the query, the local DNS server will return the result to the client.

Recursive query

Recursive query is relatively simple. The client queries the local DNS server using recursive query. If the local DNS server does not know the domain name queried by the client, it will query other domain name servers as a DNS client.

Manual query

Next, we will manually query the DNS of a certain domain name in the operating system. Linux has dig, and the dig command is mainly used to query the host address information from the DNS domain name server.

The default output information of the dig command is relatively rich and can be roughly divided into 5 parts.

• The first part shows the version of the dig command and the parameters entered.
• The second part shows some technical details returned by the service, the most important of which is status. If the value of status is NOERROR, it means that the query has been completed successfully.
• The third part "QUESTION SECTION" shows the domain name we want to query.
• The fourth part "ANSWER SECTION" is the query result.
• The fifth part is some statistical information of this query, such as how long it took, which DNS server was queried, when the query was performed, etc.

The default query of dig is A record. The A in the result returned in the fourth part above means that the query is A record. There are many materials on the Internet for explaining the dig command, so I won't explain it in detail here. If you want to know more about the dig command, I recommend Ruan Da's article here.

https://www.ruanyifeng.com/blog/2016/06/dns.html

Types of DNS records

at last

At the same time, it should be noted that DNS has a cache mechanism, and the purpose of the cache is to improve the efficiency of the query. Therefore, after modifying the DNS server, you must remember to flush the DNS cache. Just like the ipconfig /flushdns command at the beginning of my article is to clear the local DNS cache.

Shoulders of Giants

TCP/IP Diagram

https://www.ruanyifeng.com/blog/2016/06/dns.html

https://tojohnonly.github.io/68-DNS%E5%8E%9F%E7%90%86%E5%8F%8A%E8%A7%A3%E6%9E%90%E8%BF%87%E7%A8%8B.html

How is the network connected?

https://zhuanlan.zhihu.com/p/61394192

https://blog.csdn.net/m0_37263637/article/details/85157611

https://baike.baidu.com/item/%E5%9F%9F%E5%90%8D%E7%BA%A7%E5%88%AB/15536218?fr=aladdin

https://www.cnblogs.com/sparkdev/p/7777871.html