DNS二三事

什么是DNS?

"The Domain Name Systems (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources."

- 根DNS服务器:返回顶级域DNS服务器的IP地址 - 顶级域DNS服务器:返回权威DNS服务器的IP地址 - 权威DNS服务器:返回相应主机名对应的IP地址

一次完整的DNS查询过程

REF:至少Chromium是先看缓存的

现实中不会只部署一台服务器

我们来看下github.com


;; QUESTION SECTION:
;github.com.			IN	NS

;; ANSWER SECTION:
github.com.		505	IN	NS	ns-1707.awsdns-21.co.uk.
github.com.		505	IN	NS	ns-421.awsdns-52.com.
github.com.		505	IN	NS	ns-520.awsdns-01.net.
github.com.		505	IN	NS	ns1.p16.dynect.net.
github.com.		505	IN	NS	ns2.p16.dynect.net.
github.com.		505	IN	NS	ns3.p16.dynect.net.
github.com.		505	IN	NS	ns4.p16.dynect.net.
github.com.		505	IN	NS	ns-1283.awsdns-32.org.
						

这8台各自为营?NO

SOA - Start of authority

SOA master file content example


domain.com.  IN SOA ns1.domain.com. admin.domain.com. (
					12083   ; serial number
					3h      ; refresh interval
					30m     ; retry interval
					3w      ; expiry period
					1h      ; negative TTL
)
						

看看github.com的SOA记录


joe:note/ (master) $ dig github.com soa

;; ANSWER SECTION:
github.com.		3600	IN	SOA	ns1.p16.dynect.net. hostmaster.github.com. 1553204324 3600 600 604800 60
						

如何同步数据?

Zone transfers over TCP

那根域名服务器呢?

Root server: "我有13台 :)"

为什么只有13台根域名服务器?

先看一下DNS响应数据


;; QUESTION SECTION:
;.              IN  NS

;; ANSWER SECTION:
.           518400  IN  NS  a.root-servers.net.
.           518400  IN  NS  b.root-servers.net.

...

;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN  A   198.41.0.4
b.root-servers.net. 3600000 IN  A   192.228.79.201

...
						
### 再说几个关键数字 - [576 bytes - MTU](https://tools.ietf.org/html/rfc791#section-3.1) - [512 bytes - UDP payload](https://tools.ietf.org/html/rfc1035#section-4.2.1) - [12 bytes - DNS message Header](https://tools.ietf.org/html/rfc1035#section-4.1.1) - [5 bytes - DNS message Question](https://tools.ietf.org/html/rfc1035#section-4.1.2) - [31 bytes - DNS message Answer](https://tools.ietf.org/html/rfc1035#section-4.1.3) - [15 bytes - DNS message Answer with compression](https://tools.ietf.org/html/rfc1035#section-4.1.4) - [16 bytes - DNS message Question with compression](https://tools.ietf.org/html/rfc1035#section-4.1.4)
### 我们有如下计算 ``` 512 - 12 - 5 = 31 + 15n + 16m m = n + 1 ```

n ≈ 14.45

Bill Manning: "我们给未来留一点回旋的余地。"

其实,到目前为止

根服务器数量远超13台

- Border Gateway Protocol - Anycast

Great Firewall是咋回事?

DNS劫持

缓存投毒