Chapter 5 Domain Name Query details This chapter includes: • Iterative query and recursive query. The client can use two queries: iterative query and recursive query. This section describes their differences. • Send D n s queries. This section describes information interacting between D n s clients and servers. • Effective time. The effective time tells the client an answer that you can trust to determine how long it can cache this result. • Query process. How the entire query process works to meet the request of the D n S client. 5.1 Iterative query and recursive query iterative query and recursive query are two requests that can be sent to the domain name server. Recursive queries are the most common requests to send to the local domain name server. When the local domain name server accepts the client's query request, the local domain name server will try to find the answer on behalf of the client, and when the domain name server performs all the work, the client is just waiting. If the local domain name server can't answer directly, it will receive a search on each branch in the domain name tree to find the answer. It can be seen that an example of one N S L O O K UP track in Chapter 2. For a recursive query, the D N S server will continue to search until you receive an answer. This answer can be the I P address of the host, or you can answer the "host does not exist". No matter which result, the recursive domain name server will return the result to the client. If a domain name server is set to use forward servers, it will send recursive queries to the specified forward host. This host that receives the front query will also work in recursive mode to answer queries. If the local server is not a slave server, it will start the query process after a while, although it still wants to answer from its front host. If the local domain name server is set to a slave serve server, the work mode will be different. The client can send a recursive query to a slave server, but the slave server cannot be recursively queried, which will substantially be a client to wait for the client to wait for an answer. Chapter 3 has introduced the forward server and slave servers. Iterative query is different. The best example of iterative query is a local domain name server sends a request to the root server. When a company's local domain name server is queried to the root server, the root server does not necessarilypect the local domain name server to take responsibility for answering the query. Another saying is that the root server does not receive recursion queries. In fact, the root server is just one thing to parse queries: Guide the local domain name server to another host to answer an answer. This approach is often referred to as a heavy guidance, and is also the result of the iterative query desired. For example, when the root server is required to query the address of WW W. ISI. EDU, the root server does not go to the ISI Domain Name Server to query the address of the WWW host, it just returns a prompt to the local domain name server, tell the local domain name server to the ISI domain name server Continue to query and get the results. Therefore, iterative query on the domain name server can only get a prompt and continue to query. More information about iteration queries and recursive queries will be discussed in subsequent chapters. 5.2 Send D N s Query Users start domain name service queries when trying to access resources on the network. The user prepared to access the resources can be another host of the same local network, or it may be another side of the earth. In general, the user is typically type a remote hostname, or in the application, such as N e T S c a p e or Internet Explorer, the user does not need to know where the host has this name. Where is the location. The host name that loses people in this way must be converted to the I P address. Then, users don't have to know how the following facts are, that is, how the domain name is made. This host name can be parsed by different ways depending on the configuration of the user's local host. One way to analyze the hostname is the file of the local host. However, the information of the local host file is not very complete, so D N S is often the preferred method. If the DNS has been selected as a method of resolving the remote hostname, the local host will refer to its parser library to determine if a default domain has been selected, the search path is configured, the IP address of the domain name server is What is equal.
In Windows NT and 2 0 0 0, this information is configured and displayed in the D n S tab of the T C P / I P Properties dialog, as shown in Figure 5 - 1. (Chapter 1 4 discusses the settings on the client.) Figure 5-1 D N S tab of the TCP / IP Properties dialog Once this information is correctly input, the local host can use D N S to perform host name analysis. After obtaining the I P address of the domain name server, the local host can issue a query for the distal host I P address to the domain name server. The format of the I p packet sent to the domain name server contains 5 segments, as shown in Figure 5 - 2. Figure 5-2 Sending the content D n s message (whether query or answer) containing some special information bits. In the IP group, the header segment always exists, 56 Part 1 understands the domain name system • Question to the Domain Name Server • RR • Reply to the RR • Other Information RR containing information about this packet, including IP packets What kind of information, this group is used to query or answer, the type of query (standard, reverse, server status, etc.) answer whether to authorize. Figure 5 - 3 is the format of the H e A D e R segment. Figure 5-3 Format of the Header Segment Figure 5 - 2 Q u e s T I O n segment contains 3 part information: the domain name of the query, the type of query, and the category of the query. The domain name can actually be a host name, but also related to the type of query. If the user wants to connect to W W W W W. I S i. E d u, it belongs to the address query. At this time, the name portion of this paragraph should be the host name w w. I s i. E d u, the query type should be reflected as the code of the address or A record, the category should be reflected as the code of I N t e R n e t or the I n class. Figure 5 - 4 is the format of the grouping Q u e S T I O N segment. Figure 5-4 Format of Question Section Figure 5 - 2 The remaining 3 segments of the group shown in the group: answrer segment, the AuThority section, and the format of the Additional paragraph, each includes name, type, category, TTL, length (source data length) And some parts of source data. A N s W E R Name, type, and category portions should be the same as those of Q u E S T I O N. The T t L part indicates the effective time of the received record data, and R D A TI should be an actual answer. If still used the above example, the name portion should be W w w. I s i. E d u, the R D A t a part is the host I P address. Figure 5 - 5 is the format of the A N s W E R segment, the A U T H O R I T Y, and the A D D i T I O N A L, which is the same. Now, return to the entire query process. The client issues a query to the local domain name server. To better illustrate this problem, assume that all domain zone data, including the data that the server itself is authorized, and the data that has not been authorized earlier, is loaded into the memory and is already being used when the domain server starts working. "Cache". This domain name server began to find after receiving the query request. If the domain name server has the corresponding information in the cache, the T t1 has not exceeded, and the domain name server provides information directly to the client. In this case, the answer returns and the response is very fast. Such as detail, domain name query details 57
If the answer returned is unauthorized, the A A flag of the H e a d e R segment will not be set. Figure 5-5 ANSWER segment, an authority section and an Additional section Format If an answer is not found in the cache of the domain name server, the local domain name server will be traced to the root in the domain name tree, and then query other domain names, and then go to another Branch looks for answers. In this case, when the local domain name server finally returns an answer to the client, the A A flag is set to 1 to indicate that the answer will come from a license server. After the client gets answering, connect to the remote host. When the client gets a response from the domain name server, it will generally care if this response is authorized to answer, that is, if there is a problem when the connection is parsed, if a domain authorization domain server gives the unauthorized answer Problem. This is usually someone modified to the domain area file, or there have been other errors in the domain area file. The following two sections will be described in detail to describe the process of obtaining results by cache. 5.2.1 Cache Answer In the process of the client and domain server interaction information, if the result of the client query is in the local cache of the domain name server, the process of interacting is shown in Figure 5-6. The interaction order represented by the figure is: 1) The client sends a query to the domain name server. 2) The domain name server checks its local cache. 3) If the local cache of the domain name server has the corresponding 58 first part of understanding domain name system Figure 5-6 From the local cache answering client of the domain name server to answer the client server cache answer Query NameTypeClass answer, the domain name server directly returns the answer to the customer machine. 5.2.2 Cache Answer Answer In the process of the client and domain name server interactive information, if the result of the client query is not in the local cache of the domain name server, the process of interaction is shown in Figure 5-7. Figure 5-7 The order of interaction represented by the number represented by the Query diagram of the authorization server is: 1) The client sends a query to the domain name server. 2) The domain name server checks its local cache. If the answer is not in the local cache of the domain name server, the domain name server must find an answer to other places. 3) The domain name server can send the query to the root server and is guided by the root server to the authorization server of the query domain. 4) Once the local server gets the answer from the authorization server, it saves the answer in its cache and supplies the answer to the client. 5.3 Effective Time (T L) Effective Time (T T L) is equivalent to a timer to tell the domain name server When it gets answering from the authorization server, it is effective in how long it is effective. As will be said, the TTL value can be set to each record, or the TTL value can be set to each record, or the minimum effective time (M - TTL) in the SOA record of a domain as the default value for each record. . If a recorded T t L is set to be different from the default M-T L value, the T t L of each record will take this value until it is clearly set to the minimum T t1. If the value of T L is equal to 0, the client knows that it cannot cache this result. T t L is very simple. This local domain name server must query the relevant domain's authorization server to get an answer when the information required for the query received is not received. Once the local domain name server gets an answer, the result will be detailed in Chapter 5 Domain Name Query 59
The client answers the local server Cache Cache server to store the cache so that other local host queries the same information. T T L will determine that the local domain name server will save this result in the cache how long. Once the value of t tl has exceeded, the local domain name server removes the corresponding information from the cache, and if the corresponding query is received, the authorization server must be answered again. If T T L is set to 0, the result will be saved and used for unauthorized answers. 5.4 Query The following reviews the entire process of query parsing. But this time it is put it in the global, not just focusing on local work and the action and responsibility of D N S servers. 5.4.1 Removing D N S Query Removal Query Requirements The D n S server represents all of the responsibility to retrieve an authorization answer. Figure 5 - 8 shows this query, at which time the client P c. A c l n e. C O m release recursive query to D n s server a c m e. C O m. In Fig. 5-8, D n s servers A c m e. C O m From the client P c. A c m e. C O m Accept the recursive query, it itself has become an iterative D n s client / parser. Figure 5-8 Recursive query and iterative query must parse some client requests When the D n s server of B I g c o m p a n y.com gives an authorization answer, A c m e. C O m transmits it to P c. A c m e. C O m, complete parsing of queries. The parsing is over until the client is satisfied. If a reason is not authorized by a reason, the parsing process will not end only to the client satisfaction. If the customer has not received 60 first part of understanding the domain system
Acme.COMDNS server (steering ISP first uses its cache) Query 1 answer pc.acme.COMDNS client (parser) iterate to other DNS server iteratively query ns.myisp.com (ISP) DNS server Bigcompany.comDNS Server COM Domain DNS Server The root domain DNS server responded to the promise of the answer 2 Query 5 Query 4 Query 3 Start recursive query request to the Acme.com DNS server Query Host2.bigcompany.com to the authorization answer, it may once again contain it in its configuration Other DNS servers issued a query. If A c m e. C O m rejects P c. A c m e. C O m recursive query request, P c. A c m e. C O m has to complete all iterative queries, turn through each D n S server, like A c m e. C O m in Figure 5-8. The client parser releases recursive requests almost always exclusive, but it is also rejected. The answer to the recursive query from a D n S server can only be successful or failed. Before getting this answer, the client will wait. If the result is not the authorization I P address searched by the host, it is just a prompt or pointing to another D N S server, the client query the address of the prompt next time to obtain an authorized answer. Recursive query means that the D n S server wants to process queries on behalf of the client until the request is parsed. D N s servers use their own parsers, change the roles of the server and clients from time to time until itself or other server can provide an authorized answer. Interestingly, the DNS server for processing the client's recursive query often proposes an iterative query request, and searches up and down in the DNS domain name tree according to the results given to the results they give, and one server can match the name of the query, Otherwise terminate the query when you encounter the conditions such as timeout or error. Only the following conditions can be met to recuriate: • The client requires recursive queries. • D N S servers accept recursive queries (most of this, except for root servers). • The client's server cannot give an answer from its own cache or database. If the client's server can give an answer from its own cache or database, it can immediately give a valid answer without further query. Most parsers are first recursive queries. If the server refuses to recurrent queries, and it can't give an answer from your own cache or database, the client will try again. 5.4.2 Iterative D N s Query Iterative Query Enables the server to return a best search point, or a search prompt. The iterative query may not return the last result, and the recursive query can give the result. Iterate queries can return part of the result, or prompt to search for the next step. The client (parser) is gradually approached by the iterative query, and it is an iteratively queries other servers until the last answer, or an error, or timeout. Iterative query requires less work of the server, and requires more work more. Returning to Figure 5 - 8, the second query points to N s. M Y I S P. C O M, the returned prompt points to the A c M e. C O m, the root domain name D N S server. Then, a similar process is repeated until the fifth point is directed to the D n S server query of B I g c o m p a n y. C O m to return the required answer. If the iterative query of the first D n S server cannot return an address, it will tell which D n s server should be accessed next time. Generally, the best server for the next access will be removed from the domain name tree and closer to the root domain name server, or even root domain name servers. When the root domain name server is checked, it is generally only necessary to query several times in the domain name tree. You can get the final result: or reach the desired server to return the address of the query; or an error and terminate the query.
5.4.3 Reverse D n s Query The reverse query is completely another thing. Recursive queries and iterative queries are inquiry, that is, from a domain name to query the I P address. The reverse query is just the opposite: it receives the I P address from the client and then returns a whole domain name (F q D n). Chapter 5 Domain Name Query Details 61 To this end, a domain is created in the domain name space rather than the I P address, all registered I P addresses organizes the I n - a d r domain in the A R p domain. Depending on the domain name, the host can be divided into different domains or subdomains, so the host name is repeatable. There is no two hosts in I N t e R n e t to register the same I P address, so they can be members of the same domain according to the I P address. In this scenario, a unique I P address replaces the domain name in the domain name hierarchy. In in - add r. ARPA domain, the mainstation host 2. Acmecompan y. CoM will have a pointer (PTR) record: record this pointer, in the ACMECompan y. COM subdomain, the corresponding address record will be : In this example, the IP address of the host Host 2 is stored in the in-add r. ARPA field, and is sorted with other registered I NTERNET host addresses. The host H o S t 2 is reversed by I P, and the number of queries does not need. Simply query in in-add r. ARPA domain, you can return the entire domain name of Host 2, provided that all registered hosts are in the IP address in in - add r. ARPA domain Instead of being arranged in the domain name. 5.4.4 Introducing Query When the query is in progress, a client or even a query type used by a D N S server is more important to the administrator's comparison user. If you encounter difficulties during the query and parsing process, you can try to change the default settings. The client almost always tries to recurrent query. The default value of the Windows 2000 DNS server is to try to perform an iteration query when it reaches a forward server, and then iterates an iterative query when reaching other D n s servers. Chapter 11 discusses the settings for Windows 2000 DNS servers, including how to set iteration queries and how only iterative queries are accepted. As mentioned above, when the query is working properly, the entire process is transparent to the client. The following is a sample that tracks the reverse domain query, which starts with the ping command: You can notice that "querion name" is reverse IP address; 2 0. 4 0. 2 5. 1 9 8. In - Arpa, it is a PTR type. 62 Part 1 understands the domain system