DNS

📢 If you’re interested, check out Hiro’s blog

Why does this article exist?

To explain the reason, from that day, I just into the department in the daily work summary, to the department manager, want to have the technology to share, and then improve the technology atmosphere in the group, then, every Friday in the group, will in turn share, architecture, from the project to flutter, front end, network, much (little bb: actually I don’t understand…).

So, last Friday, I shared… Share what? The front end? Forget it… So set a topic, share the network, but the network is also very big ah, behind to think, share DNS, because I do not understand DNS deep, just through this, to understand DNS ~ so there is this article ~

See? This is classic digging for yourself

Get a flu shot

I can’t guarantee that you can learn anything, just around DNS, and then talk about a front-end understanding of DNS, if I write wrong, you can put forward ha, of course, big guy please detour ~

This isn’t a headline, either. I put the word “dry” in double quotation marks

This article only represents the author of an understanding of DNS ~ the writing order of this article is a “time line”, I hope you can carefully read ha ~ below enter the body 👇

introduce

(Actually do not want to introduce, because this is also my Baidu encyclopedia…)

DNS full Name: Domain Name System, it as the Domain Name and IP address mapping each other a distributed database, can make people more convenient access to the Internet.

Since it’s the domain name Service system, we have to know, what is a domain name? For example, the following can be said to be the domain name 👇

www.pengdaokuan.cn
www.pdk.com
www.seewo.com
www.class.seewo.com
www.cvte.com
Copy the code

So, let’s start with a simple question: how is a domain name registered?

Domain name Registration Process

• A domain name registrant purchases domain name services from a reseller
• The reseller registers on behalf of the registrant but does not have a contractual relationship with ICANN
• An ICANN-approved organization (reseller) handles domain name registrations and sends the requested domain name, along with its contact information and technical information, to the registrar
• The registrar records Whois’ contact information on the registry and adds the domain name file to the master server.
• By updating all information, this domain name is considered registered and ready for use.

👉 you can read about it here: WHOIS

Why does DNS identify communication objects by IP address

Ok, according to the above process, we registered a domain name www.pengdaokuan.cn (there is no money to maintain, it has already died), and then we know that we can access our destination website by entering IP or domain name in the browser. In this case, why not confirm the communication object by domain name? But through IP?

Don’t tell me, because TCP/IP protocol requires to know the destination IP address, so choose IP to confirm communication ~ of course, this should also be one of the reasons, but the specific reasons are as follows 👇

📢 from the operational efficiency, THE IP address is 32 bits, that is, 4 bytes, and the domain name, the shortest also to a dozen bytes, the longest time, may reach 255 bytes, in other words, the use of IP address only need to deal with 4 bytes of numbers, now with the domain name, will deal with more than a dozen or even 255 bytes of characters, This seriously affects efficiency. It also adds to the burden on the router and takes longer to transmit data.

For example, IF I send a 2KB string, it may be transmitted through fiber optics, or it may be transmitted through other means, such as the early copper cable. Different connection materials have different bandwidths. It is possible that the maxSize of a package is only 1KB. During communication, data at the application layer is divided into many packets according to the bandwidth of communication devices. An HTTP request does not send only one packet; it can be broken into many packets at a time. So if you use a domain name, the amount of data that the network requests will increase a lot.

At this time, the keyboard man came out and said, “Can’t you solve this problem by using a high-performance router?”

Ok, but know that routers have a speed limit and are already overwhelmed by the amount of data flowing through the Internet. While router performance will continue to improve with the development of technology, at the same time, the amount of data is also increasing at a faster rate. Therefore, it is not a wise choice to use the domain name to confirm the communication object

Can DNS use TCP

We often say that DNS uses UDP for transport, but can DNS use TCP?

DNS uses port 53, which can be transmitted through TCP and UDP. Most of the time, UDP is used, but in the following two cases, TCP protocol will be transmitted:

• The response returned exceeds 512 bytes.
• Regional transport

Regional transport

Maybe at this moment, you are thinking, I know what region transfer is what use, I am a front-end son, as long as I know the DNS url resolution process is done, ok, if so, can directly scroll to the bottom of the ~

DNS zone transfer is a process in which a standby server uses data from the master server to refresh its own zone database for redundancy and to prevent DNS resolution from becoming unavailable if the master server fails.

📌 regional traffic is the part of the data that the master DNS server sends to the secondary DNS server. The secondary DNS server periodically checks with the master DNS server to see if the data has changed. If there are changes, a sub-transmission is performed for data synchronization.

Now that we’re talking about transferring variable data, we have to mention locale files… Let’s introduce the concept

DNS ZONE: A contiguous tree in the DNS domain name space. The domain name space is divided into smaller management units as required. On a DNS server, you must create a domain, create subdomains in the domain, and add host records in the domain or subdomain. A file that stores area data is called a zone file. A DNS server can store multiple zone files, and a zone file can be stored on multiple DNS servers. The zone file contains the host name and corresponding IP address, refresh interval, and expiration time.Copy the code

A region file is usually configured with only one domain name. The region name is the domain name. It can contain multiple records. It is expressed as: A record is a single mapping from a resource to a name.

Zone File Indicates the start authorization record of the SOA

We can take a look at the SOA initiation authorization record. Notice that the secondary DNS server periodically checks with the primary DNS server. How long is the timing and how do we know if the data has changed?

pengdaokuan.cn.  IN SOA pdk.com. pdk.qq.com. (
                                12083   ; serial number
                                3h      ; refresh interval
                                30m     ; retry interval
                                3w      ; expiry period
                                1h      ; negative TTL
)
Copy the code

A quick word about 👇

• Pengdaokuan.cn. : This is the root of the region. This specifies that the zone file is for pengdaokuan.cn. For this domain name

• IN SOA: The “IN” part means Internet (which appears IN many records). SOA is the indicator used to indicate that this is an SOA record.

• Pdk.com. : This defines the primary name server for this domain name. A name server can be a master or slave server. If dynamic DNS is configured, a primary server is required. If you don’t have dynamic DNS configured, this is just your primary name server.

• Pdk.qq.com. : Zone Email address of the regional administrator. The @ in the email address is replaced with a dot. If the email address has a bit in it then use a “” backslash instead, such as [email protected] (write \ \ XXX.qq.com).

• 12083: This is the serial number of the zone file. Each time you edit a zone file, you must increment the number of the file to get it propagated correctly. The slave server checks whether the zone file on the master server has a greater serial number than the one already on their system. If so, it requests a new zone file, otherwise it continues with the old one. (That’s how you know the numbers have changed)

• 3h: This is the interval for refreshing zone files. The slave waits for this time period and then polls the host to check for zone file changes. (This is to send a query periodically to see if the data changes)

• 30M: This is the interval between zone files being retried. If the slave fails to connect to the host after the refresh time, it waits a while and tries polling again.

• 3W: Expiration time. If a nameserver slave is unable to connect to the server during this time period, it cannot respond as the authority for this zone

• 1H: This is the amount of time for the name server to cache a name error if it cannot find the requested name in the file.

Other records

A record

• Record type type=A
• The value is an IPv4 address
• TTL records the lifetime, that is, the expiration time of the resource record in the cache. The default value is 600 seconds

www.pengdaokuan.cn IN A 174.15.41.94 www.pdk.handsome.cn IN A 168.168.168.168 (just kidding)Copy the code

AAAA record

• Record type type=AAAA
• The value is an IPv6 address
• TTL records the lifetime, that is, the expiration time of the resource record in the cache. The default value is 600 seconds

www.pengdaokuan.cn IN AAAA IPv6_address
www.pdk.handsome.cn IN AAAA IPv6_address
Copy the code

CNAME record (this is very important, later CDN will talk about)

• Record type CNAME
• The record value is the domain name pointed to by CNAME. You can only enter the domain name
• TTL records the lifetime, that is, the expiration time of the resource record in the cache. The default value is 600 seconds

www.cname1.pdk.cn IN CNAME www.cname2.pdk.cn
www.cname2.pdk.cn IN CNAME www.pengdaokuan.cn
www.pengdaokuan.cn IN A 174.15.41.94
Copy the code

NS records

• Record type type=NS
• Generic parsing is not supported
• The record value is the domain name of the DNS server to be authorized. To ensure service reliability, add at least two groups of DNS services
• TTL records the lifetime, that is, the expiration time of the resource record in the cache. The default value is 600 seconds

        IN  NS     pdk1.root.com.
        IN  NS     pdk2.root.com.
pdk1    IN  A      174.15.41.94
pdk2    IN  A      168.168.168.168
Copy the code

What are the methods of DNS zone transmission

It also said that region transfer will take place, so the question is again, what is the mode of region transfer?

• Complete area transmission
• Incremental region transmission

When a new DNS server is added to a zone and configured as a backup server, it performs full zone forwarding to obtain a complete copy of the resource records on the primary server. At the same time, to ensure data synchronization, the active DNS server also queries the backup server for updates (incremental zone transmission).

So excuse me, DNS domain transmission will not exist vulnerabilities?

The answer is yes!!

✨ If the DNS server is improperly configured, anonymous users may obtain all records of a domain. The entire network topology is exposed to potential attackers. One important tool that is commonly used is to use Private DNS. Isolate the internal network from the external Internet.

On Windows, test DNS traffic through nsLookup

1. This is to usenslookupExample Query the IP address of Baidu

2. I tried to list some relevant records of Baidu, etc., and was turned down

3. Attempts to access some A records or NS records were rejected

All rejected or timeout, this…… Well, this has no way to continue the demonstration, of course, for the more use of NSLookup, we can go to check, here is not to say, under normal circumstances, if there is a domain transfer vulnerability, then it will expose some important information, such as 👇 :

An attacker can obtain the following information: 1. Network topology and address segments in the server set (for example, throughtype=CNAME Record) 2. IP address of the database servertype3. Information related to other sensitive servers 4.....Copy the code

DNS hierarchy

The DOMAIN name system (DNS) is a service that converts domain names into IP addresses. It is a distributed server implemented by a layered DNS server while. It is also an application layer protocol that enables hosts to query distributed databases.

The following diagram should be clearer, drawing too tired 😥

DNS resolution process (highlighted)

(Drawing is really tired, I’m too difficult…)

The above process is very obvious, I will not explain the text, for this, I also specially under a capture package software for verification

Wireshark: Wireshark

If there is no host mapping, it will check the local DNS cache. If there is a cache, it will not send a DNS query packet.

How does a DNS parser work

If the host is not mapped, and the local DNS server is not cached, then you need to initiate a DNS query

We all know that DNS resolves domain names to IP, so how does it do that?

A parser is a program that resides in the operating system’s Socket library. The Socket library is a collection of program components that invoke network functions. When an IP address is queried based on a domain name, the browser invokes a parser in the Soket library.

Typically, applications are written to operate from the top down, and when they reach the part that calls the parser, the corresponding line is executed and the application is paused. The Socket library parser starts running.

So this is what gethostbyName () is doing, and if you want to see more detail, you can see it here

• gethostbyname
• resolve

If you don’t want to see it, you can see here, this is the gethostByName function prototype and hostent

struct hostent {
  char  *h_name;            Official name of host */
  char **h_aliases;         /* alias list, host alias */
  int    h_addrtype;        /* host address type, IP address type */
  int    h_length;          /* length of IP address */
  char **h_addr_list;       /* list of addresses addresses */
  #define h_addr h_addr_list[0]
}

struct hostent *gethostbyname(const char *name);

struct hostent *myhost = gethostbyname(argv[1]).

printf("%s\n", inet_ntoa(*(struct in_addr *)myhost->h_addr));

Copy the code

Do you understand? If you don’t understand, you can go to Baidu or Google for more detailed information

Authoritative DNS/ recursive DNS

After invoking the parser, the parser sends a query request to the DNS server, and the DNS server returns a response. The response contains the queried IP address, which the parser retrieves and writes to the memory address specified by the browser. After the IP address query is complete, the browser will then fetch the IP address from the memory address and hand it to the operating system along with the HTTP request message when sending a message to the Web server. ——— from the book How The Web Is Connected

Look at the flow chart, we know, DNS query has two ways, one is iterative query, the other is recursive query, as for the two kinds of query before speaking, we first to understand, what is authoritative DNS and recursive DNS

Authoritative DNS

The authoritative DNS is a DNS server configured on the registrar of a specific domain name (for example, pdk.com) to manage (add, delete, and modify) the specific domain name itself.

The authoritative DNS server resolves only the domain names it owns and denies access to the domain names that are not its own. For example, you cannot query the domain name of Baidu.com from the authoritative DNS server of PDk.com.

Recursive DNS

Recursive DNS (also known as local DNS or cache DNS) is used for domain name lookup. Recursive DNS iterates over the response returned by the authoritative server until the IP address is finally queried, which is returned to the client and cached locally.

Recursive DNS must give a final IP address result for domain name resolution requests from users. The complete recursive DNS query process requires a DNS server from the root domain name “. Server, top-level domain name server (for example, “.com “), level one domain name server (for example, “pdk.com”) and other level one recursive query, until finally found the authoritative server to obtain the results, and returned to the customer. In addition, the recursive server caches the query results according to the TTL (Time to Live) of the domain name, facilitating repeated query of the same domain name.

Iterative and recursive queries

For these two kinds of queries, I will not say more, I drew two diagrams, and for the process steps are in the diagram, directly look at the diagram 👇

Recursive query

Iterative query

After recursive or iterative query, the query results are cached in the local DNS, which reduces the query times and speeds up the domain name resolution process.

When configuring DNS resolution, you need To specify the TTL(Time To Live) parameter for DNS resolution. This parameter tells the local DNS server the maximum cache Time of the domain name. When the cache time expires, the local DNS server deletes the record, and the complex process is repeated if a user accesses the domain name.

🔔 tips: If you do not change IP addresses frequently, you can set the TTL to the maximum value of the protocol, that is, 24 hours. The advantage is that domain name resolution records can be stored in the local DNS server for a longer time, which speeds up the access of all users.

DDNS, NAT, and Intranet penetration

In fact, I really don’t want to talk about these things, but DNS is really involved in too wide, of course, I do not have a very good understanding, just to say that to query this aspect of the information (no way, not check I share gg)

Before we get to that, let’s review what is Intranet, what is extranet, public IP address, private IP address…

Inside, outside net is relative to firewall character, inside firewall is called Intranet, conversely is outside net. To some extent, the extranet is the same as the public network, and the Intranet is the same as the private network.

Currently, IPv4 addresses are still commonly used, which can be divided into five categories: A, B, C, D and E. Among them, A, B and C are common IP address segments. In these three types of addresses, most are public addresses, which need to be registered with the International Internet Information Center. In IPv4 addresses, three IP address segments are reserved as private addresses for internal networking, such as families, enterprises, and schools.

Such as

IP address segment	IP number	Classification Network Description
10.0.0.0 – those	16777216	A single Class A network
Along – 172.31.255.255	1048576	16 continuous class B networks
19.168.0.0-192.168.255.255	65536	256 continuous class C networks

Except the three IP address segments, the other IP addresses are public IP addresses. In general, a private address segment is selected based on the number of hosts to be accommodated. The home network is relatively small, and a class C address, 192.168.1.x, can hold 254 terminals, which is sufficient for use.

For example, the IP address of the wifi connected to my mobile phone is:

Or my computer’s IP address is:

There are people here who think that you are Posting these two diagrams for the purposes of, for example, centering on the route to the Internet in your home, all the devices in your home that use a router, most of their IP addresses starting with 192, 172, 10, go through the router before they connect to the Internet.

What is the relationship between Intranet IP and extranet IP? On modern networks, public IP addresses, also called external IP addresses, are IP addresses used on the Internet, while internal IP addresses are IP addresses used on the LAN. Because the public IP is relatively tight, so many network devices in the world can not meet, the emergence of Intranet is to solve this problem!

Everyone has been to an Internet cafe (anyway, I skipped class every day in junior high school to play CF). In fact, an Internet cafe has N computers, but in fact, it only needs one public IP address to provide Internet access for the computers below, and so many machines have different Intranet IP addresses. If one of the machines wants to access the Internet, NAT technology is needed.

NAT technology

NAT Address network translation: A router is installed with NAT software so that it has at least one valid public IP address. The NAT router translates an internal private IP address into a public IP address. The problem is that the NAT device automatically shields the connections initiated by non-intranet hosts. That is, the NAT device discards the packets sent from the Internet to the Intranet. As a result, hosts located behind different NAT devices cannot exchange information directly.

The most common method is port mapping. The principle is to map a port of the IP address of an external host to a machine on the internal network to provide corresponding services. When a user accesses this port of the IP, the server automatically maps the request to a machine within the corresponding LAN.

👇 below is a schematic of NAT technology

PPP0 is a link interface created during PPP dial-up over Ethernet interfaces to establish PPP dial-up connections. PPP dial-up is the virtual dial-up mode for broadband connections. The virtual dial-up mode supports the PPPOE protocol and allocates an IP address.

I know, we don’t want to hear this principle directly, but let’s use a diagram to explain it.

I believe you can all understand this picture. At this time, the host IP is the internal IP, while the router IP in the upper layer is the IP assigned by the carrier through DHCP. It is not a public IP, but an internal IP, or a large LAN IP. If we want external hosts to access our home servers, we need a public IP address, not a large LAN IP address.

Of course, you might want to say that using NAT technology, that is, port mapping to get an external IP address, but! After we do the port mapping, the IP we get is not the IP of the public network, but the IP of a large LAN. Because we only do NAT forwarding once, that is why the port mapping fails.

Because the port mapping is done on the router, but not on the carrier server, you tell me, can this be correct?

Of course, if you are awesome and can penetrate the operator side of the operation, that is great, but!! Do you want to do a layer of port mapping on your carrier’s server when it’s already completely controlled? Make a hammer…

So, in the case of large Intranet, do port mapping, obviously this road will not pass, so what to do, can not eat and wait for death? No, there are other ways. To map correctly, you need something that penetrates. This is Intranet penetration.

Intranet through

Intranet penetration is also called NAT penetration. The purpose of NAT traversal is to ensure that packets with a specific source IP address and port number are routed to Intranet hosts without being masked by the NAT device.

That is, an external host can communicate with a host on the LAN through the network.

Intranet penetration has to involve something called a domain name. For example, www.pdk.com, after applying for the domain name, we need to bind the domain name to the IP. Because there is no public IP, we need to have a service software that penetrates the Intranet on our terminal or the main router. Through this service, you can connect the domain name bound server with the server of your own terminal.

After contact, the port on the computer will be directly mapped to the domain name. The domain name we apply for is on the side of the service provider, which has its own server and public IP. We project this domain name out, onto the Internet, so the domain name is my public IP address, and by accessing the domain name, it’s connected to the software on the computer, and it’s directly connected to the internal server that’s blocked by the big Intranet. (Need to purchase domain name and install penetration software)

💢 note: here is a personal understanding and cognition, if there is a big guy to understand more detailed or I speak incorrect, please point out, thank you ~

DDNS

What about DDNS? First of all, DDNS is not for an Intranet user, but for a public IP. If you dial PPPOE directly, you have a public IP at home. With a public IP, you don’t need Intranet penetration (you are a public IP, what the fuck?).

Why do I need DDNS when I already have a public IP address? Because the carrier does not give a stable IP address, it can change, for example, today you dial this address, then two days later, it resets, it redials your PPPOE, so you get another IP address. If we do a port mapping, normally, it’s oJBK, but if the IP address changes, sorry, the port mapping doesn’t work.

Therefore, if port mapping is effective in the case of IP address change, how can port mapping be effective? You need a domain name. DDNS and Intranet penetration are essentially the same. Using domain name technology to achieve stable Intranet penetration, the domain name is unchanged, and the connection between software and server is also stable. DDNS targets public IP addresses. If PPPOE dial-up obtains an unstable IP address (today’s IP address is different from tomorrow’s IP address), the normal port mapping will change. If the IP address changes, the port mapping will become invalid.

When the IP address changes, for example, today it is XXX.XXx. x.1 and tomorrow it will be XXX.XXx. x.2, after the DNS Settings are made on the router, we will do continuous scanning, such as once every 10 minutes, and then upload the information of the IP change to the purchased server. In this case, the IP address mapped to the domain name is modified. Then, the domain name can obtain a correct public IP address to implement port mapping.

It might be a little confusing… So the bottom line is, if you get a public IP, you need DDNS, if you’re on a large LAN, an internal IP, you need Intranet penetration.

CDN

May this time you have again have a question, MD, is not talking about DNS, how to run to CDN, because I like ~

CDN, content distribution network, and DNS enable users to access the node with the lowest latency. When users request resources, the resources cached on the node are returned to the nearest node instead of each user request being sent to the source site. This avoids network congestion and relieves the source site pressure, ensuring the speed and experience of user access to resources.

Let’s take a look at a picture first. Have you all bought something before? Which one will arrive faster by express?

This nonsense? Must be jingdong ah, why, because jingdong has a warehouse in the edge of the node, ah, through online shopping to see the principle of CDN, a picture wins a thousand words, directly see the picture, pro ~

What are the advantages of CDN? (It can be found on Baidu)

• Improve page loading speed
• Local Cache acceleration accelerates the access speed
• Remote acceleration: Automatically selects the cache server
• Bandwidth optimization to share network traffic and reduce pressure
• Cost savings

DNS Load Balancing

A domain name is resolved to multiple IP addresses. When a user initiates a request to our domain name, the DNS server automatically returns an APPROPRIATE IP address to the user based on the preset scheduling policy (such as polling). The user then initiates a request to this IP address.

For example, now we configure multiple A records

www.pdk.com IN A 175.12.84.47 www.pdk.com IN A 175.12.84.48 www.pdk.com IN A 175.12.84.49....Copy the code

DNS is used as the first-level load balancer, and A records the IP address of the server

However, A better solution would be to use DNS as A first-level load balancer, where A records the IP address of the internal load balancer and distributes requests to the real Web server.

Most websites always part using the DNS domain name resolution, using the domain name resolution as the first level load balance method, get a set of the DNS server is not the actual physical server to provide services, but also provides load balancing server internal server, this group of internal load balancing server to load balance, the request to the real server, Finally complete the request.

Advantages:

• The DNS server handles load balancing, which saves the trouble of load balancing server maintenance and improves performance.
• The domain name can be resolved to the nearest server address to speed up access.

Disadvantages:

• At present, the DNS is resolved at multiple levels. Each level of DNS may cache records A. After A server goes offline, it takes A period of time for the record to take effect after modifying records A.
• The load cannot be allocated according to the processing capacity of the server. DNS load balancing uses a simple polling algorithm and cannot distinguish the differences between servers

If you want to know more about DNS load balancing, you can do your own research.

DNS hijacking

Internet attack means, by attacking DNS, or forgery DNS method, the domain name of the target website is resolved to the wrong address so as to achieve the purpose of users can not access the target website.

What are the common phenomena?

You input url = http://www.pdk.com, and then come out is some bad URL (sexy dealer, online licensing of that kind)

So how does domain name hijacking work?

So how do you prevent domain name hijacking?

The answer is: call the police!!

(Just kidding, how to prevent domain name hijacking, Baidu can also know ~)

Two last words

As a front-end, in fact, DNS really understand is not very deep, but through a share (share before understanding and data query), at least I know the Intranet penetration, DDNS these things, although can not say the content of this article much high, but at least, know some basic knowledge about DNS ~

If you think there’s something wrong with this article, please leave it in the comments and I’ll fix it

This is a record, we have a good look ha ~

💢 allow me to break a rough mouth, drawing true ji son of tired, in order to prevent being stolen map, I also in each map added “small peng” keywords, ah ha ha ha, sorry, I too dog

First post: 📢 Hiro’s blog