本文介绍了DNS的基本工作流程,包括域名解析的过程、绝对域名的概念、使用UDP进行DNS查询的特点等。并通过实例展示了如何通过不同工具获取DNS记录,如使用host、nslookup及dig等命令查询域名对应的IP地址。
1. Applications contact resolvers to convert a hostname to an IP address, and vice versa. Resolvers then contact a local name
server, and this server may contact one of the root servers or other servers to fulfill the request.
gethostbyname and gethostbyaddr
2. A domain name that ends with a period is called an absolute domain name or a fully qualified domain name (FQDN), for example, sun.tuc.noao.edu.
3. DNS use UDP, port 53
4. how to get a DNS pcap? try capture "telnet youkuaiyun.com"
4.1 type is A in DNS query, means require a IP address.
4.2 There can be many repetitions of domain names in a reply, so a compression scheme is used. Anywhere the label portion of a domain name can occur, the single count byte (which is between 0 and 63) has its two high-order bits turned on instead. This means it is a 16-bit pointer and not an
8-bit count byte. The 14 bits that follow in the pointer specify an offset in the DNS message of a label to continue
with. (The offset of the first byte in the identification field is 0.)
>> cat /etc/resolv.conf
domain cn.lxx.com
nameserver 135.252.34.156
nameserver 135.252.128.166
>> host youkuaiyun.com
youkuaiyun.com has address 211.100.26.77
>> nslookup youkuaiyun.com
Server: 135.252.34.156
Address: 135.252.34.156#53
Non-authoritative answer:
Name: youkuaiyun.com
Address: 211.100.26.77
>> dig youkuaiyun.com
; <<>> DiG 9.2.4 <<>> youkuaiyun.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1516
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;youkuaiyun.com. IN A
;; ANSWER SECTION:
youkuaiyun.com. 488 IN A 211.100.26.77
;; Query time: 1 msec
;; SERVER: 135.252.34.156#53(135.252.34.156)
;; WHEN: Thu Nov 11 16:47:18 2010
;; MSG SIZE rcvd: 42
5. Pointer Queries
>> host 135.252.34.158
158.34.252.135.in-addr.arpa domain name pointer a.cn.lxx.com.
6. Caching
To reduce the DNS traffic on the Internet, all name servers employ a cache. With the standard Unix implementation, the
cache is maintained in the server, not the resolver.
扫一扫
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
添加红包
