(精品)1-3 DNS解析

Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,2007 Infoblox Inc.All Rights Reserved.,Name Resolution,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,Name Resolution-,*,2007 Infoblox Inc.All Rights Reserved.,第三节,:,域名解析是如何工作的？,DNS,协议,一个域名是如何得到解析的,?,Name Resolution-,2,2007 Infoblox Inc.All Rights Reserved.,知道一些,DNS,的知识是非常重要的,首先要明白哪些是,DNS,可以做的，哪些不行,DNS Resolver,的地址是,?,的地址是,192.253.253.8.,你确定么,?,这个信息多久了,?,谁告诉你的,?,还有别的可以告诉我们,?,只是,的别名,.,我刚好知道,的地址是,192.253.253.8.,?You really want http:/ Resolution-,3,2007 Infoblox Inc.All Rights Reserved.,DNS,消息采用高度一致的格式,Header,Question:A record for,?,Answer,Authority,Additional,NameServer,Header,Answer:,is 192.253.253.8,Authority,Additional,Question:A record for,?,DNS,使用,UDP and TCP port 53,Name Resolution-,4,2007 Infoblox Inc.All Rights Reserved.,id,authority count,additional count,answer count,question count,qr,opcodestd=0,tc,rd,ra,0,status,aa,ad,cd,The Header Tells You Whats In the Message,Identifier generated by query program,question count-number of entries in question section,answer count-number of answers to questions in answer section,authority count-number of pointers to authorities in authority section,additional count-number of other RRs in additional section,Theres more.See,http:/ bit field for kind of operation:standard query(0),notify(4),update(5),qr:Specifies if this message is a Query(0)or Response(1),aa:Answer is Authoritative(1)(response only),tc:Truncation(1)(response only),rd:Recursion Desired(1)(query only),ra:Recursion Available(1)(response only),ad,cd:used for crypto operations,status:4 bit field for kind of response:no error(0,NOERROR)format error(1,FORMERROR)server failure(2,SRVFAIL)name does not exist(3,NXDOMAIN)not implemented(4,NOTIMP)refused(5,REFUSED),Name Resolution-,5,2007 Infoblox Inc.All Rights Reserved.,A Typical,Query,Gets a Typical Response,Header,Question:A record for,?,Answer,Authority,Additional,id,authority count,additional count,answer count,question count,qr,opcode,tc,rd,ra,0,status,aa,ad,cd,dig+qr a,;DiG 9.2.2 +qr a,;global options:printcmd,;Sending:,;-HEADERHEADER-opcode:QUERY,status:NOERROR,id:29400;flags:qr aa rd ra;QUERY:1,ANSWER:1,AUTHORITY:2,ADDITIONAL:2,;QUESTION SECTION:;.IN A,;ANSWER SECTION:.3600 IN A 128.242.99.236,;AUTHORITY SECTION:.3600 IN NS .3600 IN NS .,;ADDITIONAL SECTION:.3600 IN A .3600 IN A 128.242.99.211,Name Resolution-,7,2007 Infoblox Inc.All Rights Reserved.,什么叫解析器,?,Resolver,Application,“”,解析器负责与域名服务器的对话以获得所需要的,DNS,应答,域名服务器知道如何一步一步沿着域名空间找到知道答案的服务器,“,default”name server,alternate name server,也可以使用,ipconfig/all,Name Resolution-,8,2007 Infoblox Inc.All Rights Reserved.,根服务器会告诉你委派服务器的地址,com,north,south,a,“,default”name server,这是,com,域名服务器列表,Query:,rd=1,?,地址是,.,?,rd=0,“”,事实上有,13,个根,域名服务器找其中一个最近的做初始查询,所有的域名服务器都预先加载了,13,个根服务器的地址，称之为,“hints”,.3600000 NS A.ROOT-SERVERS.NET.,A.ROOT-SERVERS.NET.3600000 A 198.41.0.4,.3600000 NS B.ROOT-SERVERS.NET.,B.ROOT-SERVERS.NET.3600000 A 192.228.79.201,.3600000 NS C.ROOT-SERVERS.NET.,C.ROOT-SERVERS.NET.3600000 A 192.33.4.12,.3600000 NS D.ROOT-SERVERS.NET.,D.ROOT-SERVERS.NET.3600000 A 128.8.10.90,this dot is“the root”,and so on,“,com”,a.gtld-,Name Resolution-,9,2007 Infoblox Inc.All Rights Reserved.,上一级的域名服务器知道下一级的服务器,com,“,com”,a.gtld-,“,default”name server,Query:,rd=1,?,有,13,个顶级服务器,这是,域名服务器列表,地址是,?,rd=0,north,south,a,“”,“,”,;AUTHORITY SECTION:,.172800 IN NS .,;ADDITIONAL SECTION:,.172800 IN A 192.253.253.10,回答包含了额外信息指明了服务器的地址作为参考,Name Resolution-,10,2007 Infoblox Inc.All Rights Reserved.,这个流程逐级进行，直到得到最终答案,“,”,com,“,default”name server,Query:,rd=1,?,cache,域名服务器会将查询结果缓存下来，这样下次做同样访问时，就不用再次查询,north,south,a,“”,rd=0,地址是,?,Here are the addresses of,:,.172800 IN A .172800 IN A .172800 IN A 192.253.253.27,当存在多个地址时，大多数的域名服务器都会采用轮询的方式给予回答,Response:,ra=1,Name Resolution-,11,2007 Infoblox Inc.All Rights Reserved.,The Low-down on Recursive vs.Iterative Queries,Recursive Query,A name server that receives and accepts*a recursive query must provide an answer(which is sometimes an error)in response,In particular,it cant respond with a referral,This implies that it may have to follow one or more referrals to find the answer,Nearly all,resolvers,send recursive queries by default(because they dont have the intelligence to follow a referral),Iterative Query,You can only get answers the name server knows-either because it is authoritative,or it has it in cache,A name server that receives an iterative query responds with the best answer it already has,Including referrals,Name servers,send iterative queries by default,qr,opcode,tc,rd,ra,0,status,aa,ad,cd,qr,opcode,tc,rd,ra,0,status,aa,ad,cd,*,BIND 9 name servers with recursion disabled will respond to recursive queries as though they were iterative queries rather than returning an error,