DNS Domain name resolution system

The Domain Name System (DNS) is used to Name computers and network services that are blocked to the Domain hierarchy.Copy the code

Reasons for using IP addresses instead of domain names for communication:

  • IP addresses are of fixed length, 32-Bit for IPv4 and 128-bit for IPv6, while domain names are of variable length and are inconvenient for computers to process

  • IP addresses are not easy to remember, but domain names are easy to use

In simple terms, IP is host oriented and domain name is user oriented.

Hierarchical structure of domain names

Because of the large number of Internet users, the naming method of hierarchical tree structure is adopted in the Internet. Any host or router connected to the Internet has a unique hierarchical name, called a domain name. Here, a domain is a managed partition of a namespace. Syntactically, each domain name consists of a sequence of labels separated by dots (.). Separated. Domain names can be divided into subdomains, and subdomains can be divided into subdomains of subdomains, thus forming top-level domains, master domains, and subdomains.

The domain name system must be unique.

Features:

  • Each domain name is a sequence of symbols, consisting of letters (case equivalent), numbers (0-9), and hyphens (-)

  • The total length of the label sequence cannot exceed 255 characters, which is separated by the. Divide it up into labels

  • Each label should be no more than 63 characters long, and each label can be considered a level of domain name

  • The lowest level domain name is written on the left, and the highest level domain name is written on the right

The domain name service is implemented based on UDP and the server port number is 53.

Take www.example.google.com for example:

  • .com: is a top-level domain name

  • Google.com: is the main domain name (or hosted level 1 domain name), mainly referring to the enterprise name

  • Example.google.com: Is a subdomain name (also called a hosted secondary domain name)

  • www.example.google.com: is a subdomain of a subdomain (also known as a managed level 3 domain)

A domain name can be divided into subdomains, and subdomains can be divided into subdomains of subdomains, thus forming a top-level domain, a second-level domain, a third-level domain, and so on.

Top-level domain names logo
Country top-level domain China cn; The us; The British UK
Generic top-level domain Company enterprise COM; Educational institutions edu; Department gov; International organizations int; Military mIL; Network net; Nonprofit org
Reverse domain name ARPA for PTR queries (IP address to domain name)

Hierarchical structure of DNS

A domain name is a hierarchical structure, and the DNS server is also a hierarchical structure. With the domain name structure, you also need DNS servers to resolve domain names, and you need DNS servers all over the world to resolve domain names, DNS servers are actually hosts that have the domain name system installed. Domain name resolution involves four DNS servers, as follows:

classification role
Root DNS Server The Root nameserver. If the local DNS server cannot query the resolution result on the local server, the system queries the local DNS server and obtains the IP address of the TOP-LEVEL DNS server.
Top-level domain name server TLD (Top-level) Nameserver. Responsible for managing secondary domain names registered under the TOP-LEVEL domain name server, for examplewww.example.com、.comWhen you query a top-level domain name server, you can return the address of the authoritative DNS server where secondary domain name example.com resides
Authoritative domain name server Authoritative nameserver. It is unique in a specific region and maintains the mapping between domain names and IP addresses in the region, for example, the cloud DNS.
Local domain name server DNS resolver or Local DNS. A local DNS server is a DNS server that responds to recursive requests from clients and eventually traces them until the resolution result is obtained. For example, the DNS automatically assigned by the user’s local computer, the DNS assigned by the ISP, and the Google /114 public DNS
  • Each layer has its own DNS server on top of the domain name, with the root DNS server at the top
  • Each level – 1 DNS server knows the IP address of the lower-level DNS server

DNS record type

In the DNS system, the most common resource record is Internet class record, which consists of four fields: Name, Value, Type, and TTL. Name and Value can be interpreted as a pair of key-value pairs, but their meanings depend on the Type of Type. TTL records the time when the record should be deleted from the cache. Among the types of resource records, the most common and important types are:

  • A: The domain Name points to an IPv4 address. A record describes the mapping between the target domain Name and the IP address. The target domain Name matches the Name field in A record, and the Value field (IP address) of the matched record is output to the DNS response packet.

  • CNAME: The CNAME record is used to describe the mapping between the destination domain name and the alias. If A record can convert the destination domain name to the IP address of the corresponding host, then the CNAME record can convert one domain name (alias) to another domain name. If multiple CNAME records point to the same domain name, Multiple requests from different domain names can be directed to the same server host. Also, the CNAME record usually corresponds to an A record that provides the IP address of the domain name being converted.

  • NS: The subdomain Name points to another DNS server for resolution. NS records are used to describe the mapping between the target domain Name and the DNS responsible for resolving the domain Name. The Name field of NS records is matched according to the target domain Name. Output the Value field (the IP address of the DNS that resolves the target domain name) of the successfully matched record to the DNS response packet.

  • AAAA: Indicates that the domain name points to an IPv6 address

  • MX: Points the domain name to the mail server address

  • SRV: Records the server that provides a specific service

  • TXT: text length limit 512, usually do SDF record (anti-spam)

  • CAA: authenticates the CA certificate authority

  • Explicit URL: Redirects a domain name to another address

  • Invisible URL: Similar to an explicit URL, but conceals the actual destination address

DNS Resolution Process

DNS is a protocol that uses UDP to query domain names. The main goal of DNS is to convert domain names into IP addresses.

DNS query results are usually cached on the local DNS server. If there is cache on the local DNS server, the system skips the following DNS query steps and returns the resolution result quickly. The following example Outlines the eight steps required for a DNS query if the local DNS server does not have caching:

  1. When a user enters www.taobao.com in the address box of the Web browser, the local DNS server performs recursive query.

  2. The local DNS server uses iterative query to query the root DNS server.

  3. The root DNS server tells the local DNS server that the IP address of the top-level DNS server.com TLD should be queried next

  4. The local DNS server queries the top-level DNS server. Com TLD

  5. The.com TLD server tells the local DNS server to query the IP address of www.taobao.com authoritative DNS server

  6. The local DNS server sends queries to www.taobao.com authoritative DNS server

  7. www.taobao.com The authoritative DNS server informs the local DNS server of the host IP address queried

  8. The local DNS server finally responds with the query’s IP address to the Web browser. Once the eight steps of a DNS query return the IP address of www.taobao.com, the browser can make a request to the Web page:

  9. The browser makes an HTTP request to the IP address

  10. The Web server at that IP returns the web page to render in the browser

1.

For example, to query the IP address corresponding to www.taobao.com, the operating system first attempts to resolve the IP address locally. For example, the well-known hosts file is used. At the same time, if there is a resolution cache, the operating system will also search for the IP address. If you are querying in a browser, the browser sometimes has its own parsing cache.

  • User equipment

    • Browsers may cache domain name resolution

    • Users can have their own domain name mapping tables in the system

  • Public domain name server

    • Usually provided by an ISP

    • Caches the results of the upper-level DNS server

If no result is found, the device sends query requests to the DNS server. A public domain name server is typically provided by a user’s ISP. This public domain server usually caches the query results, so if the cache hits, the query ends there. Of course, the cache itself has a time limit, which is called TTL. The DNS server has the obligation to resend query results that exceed the validity period. But the query itself is a heavy traffic drain, so there are some public servers that don’t strictly abide by TTL, timeout caching.

For unnamed cached queries, the public server queries the top-level domain name server. In the above example, because the public domain name server does not know who the resolution authority of Taobao.com belongs to, it sends a request to the com domain name server, the top-level domain name server, to find the corresponding domain name server of Taobao.com. Top-level domain name servers (TLNS) are generally maintained by domain name operators, and some are even managed by national authorities, such as country domain names. In theory, there is a root DNS server on top of the TOP-LEVEL DNS server, but it’s hard to be aware of in normal times.

  • Public domain name server

    • The cascading nature of DNS allows more DNS servers to be deployed

  • Top-level domain name server

    • It is maintained by a top-level domain name provider

    • Can be subdivided into and national, general

After you find the domain name server for Taobao.com, you can query the domain name server for the IP address of www.taobao.com. This process is specified from the top down, so this type of DNS can be called authoritative DNS. For developers, we usually in the domain name server to buy the domain name, input their own domain name corresponding IP, in fact, is to the authoritative domain name server input information. Some large enterprises maintain their own authoritative domain name servers to protect against targeted attacks and to better optimize the speed of resolution.

  • Public domain name server

  • Authoritative domain name server

    • Usually provided by a professional domain name service

    • Domain names are usually provided when they are purchased

DNS troubleshooting and optimization

Q&A

  • The DNS server itself is faulty and responds slowly and stably

  • Alternatively, the network latency from the client to the DNS server is high

  • Or, in some cases, the DNS request or response packet is lost by a network device in the link

Troubleshooting Sequence

  1. Run the cat /etc/hosts command to check local hosts

  2. Conf file: cat /etc/resolv.conf. After the DNS address in resolv.conf was changed on Redhat7 / Centos7, the DNS address disappeared after the network service was restarted. Therefore, check the nic configuration file.

  3. Check nic configuration file: cat /etc/sysconfig/network-scripts/ifcfg-< nic name > to see if it contains DNS configuration information.

Common Optimization techniques

  1. HttpDNS: The client sends domain name resolution requests to the DNS server specified by the CDN service provider based on HTTP to avoid domain name hijacking and cross-network access caused by LocalDNS

  2. Http 302 redirect: The CDN vendor maintains the CDN domain name IP library, selects the most appropriate CDN node according to the TERMINAL ACCESS IP address and CDN edge node status, and sends the Http 302 return code to redirect user requests to the appropriate CDN edge node.

Common optimization methods

  • Cache the result of DNS resolution. Caching is the most effective method, but be aware that once the cache expires, you still have to go to the DNS server to retrieve new records. However, this is acceptable for most applications.

  • Prefetch the result of DNS resolution. This is the most common method used in Web applications such as browsers, which automatically resolve the domain name in the background and cache the results before the user clicks on a hyperlink on the page.

  • Use HTTPDNS instead of regular DNS resolution. This is the method many mobile applications will choose, especially nowadays domain name hijacking is common, using HTTP protocol to bypass the DNS server in the link, can avoid domain name hijacking problem.

  • DNS based global load balancing (GSLB). This not only provides load balancing and high availability for the service, but also returns the nearest IP address based on the user’s location.

  • For mobile clients, the domain name to be resolved is pre-resolved when the APP starts, and then the resolution result is cached in a local LRU cache. So when we want to use the domain name, we just need to get the IP address directly from the cache. If the cache does not exist, we will go through the whole DNS query process. At the same time, we can start a timer to update the data in the cache periodically to avoid the data invalidation caused by the change of DNS resolution results.

DNS contamination solution

It is generally considered to have as much control over DNS resolution as possible, such as using a dedicated DNS server, HTTPDNS, or even using IP addresses directly to skip resolution

DNS term

Recursive query

Recursive query is a query mode of the DNS server. In this mode, the DNS server must reply to the client with an accurate query result after receiving the client’s request. If the DNS server does not store the query DNS information locally, the server queries other servers and submits the returned query results to the client. Therefore, the query between the server and the Intranet DNS or direct DNS is usually performed recursively.

Iterative query

The DNS server provides another DNS server address that can resolve the query request to the client. When the client sends a query request, the DNS server tells the client the address of another DNS server instead of directly replying to the query result. The client submits the request to the DNS server and loops until the result of the query is returned. Therefore, the Intranet DNS and extranet DNS are generally queried iteratively.

DNS cache

DNS cache is to store the resolution data close to the client that initiates the request. It can also be said that DNS data can be cached in any location. The ultimate purpose is to reduce the recursive query process and enable users to obtain the request results faster.

TTL

Time To Live indicates the maximum duration that the local DNS server can cache domain name resolution results. When the cache duration expires, the local DNS server deletes the resolution records. If a user requests a domain name after the deletion, the local DNS server performs recursive or iterative query again.

DNS Query Flood Attack

This attack is a domain name query attack, in which a large number of puppet machines are manipulated to send massive domain name query requests. When the number of domain name query requests per second exceeds the capacity of the DNS server, domain name resolution times out and service availability is affected.

URL forwarding

English Url Forwarding, also known as address Forwarding, refers to a domain name pointing to another existing site through the special Settings of the server

DNSSEC

DNS Security Extensions, or DNSSEC for short. It uses digital signatures to ensure the authenticity and integrity of DNS response packets, effectively preventing ATTACKS such as DNS spoofs and cache contamination, and preventing users from being redirected to unexpected addresses, thus enhancing users’ trust on the Internet.