DNS (Domain Name Service)


主要是 DNS 概念筆記。


DNS 概念整理

基本的 DNS Record 屬性

  • A: IPv4 位址, e.g. 192.168.1.1
  • AAAA: IPv6 位址, e.g. 2001:0db8:85a3:0:0:8a2e:0370:7334
  • CNAME: 全名 Canonical Name, 也可叫 domain name aliases. 就是 A Record 指定名稱的另一個別名。CNAME 不可以指向 IP 或者 MX record.
  • MX: 全名是 Mail Exchange, 指向郵件主機的位址, 位址必須是 A or AAAA record, 不可以是 CNAME. 網域 mail rely 的位址, 一般就是 SMTP.
  • NS: 指向 DNS Server 位址. 格式與網域名稱相同,是用來設定網域名稱的名稱服務主機。NS 與 SOA 是 Hosted Zone 基本 Record。Route 53 自動產生四筆 NS Record,把上層 NS 指向這四台。
  • PTR: IP 與 NS 的反解
  • SOA: 全名叫 start of authority, 提供基本的網域名稱資訊,有七個欄位:
    • 第一欄:主要的 name server 名稱,像是 dns.example.com
    • 第二個欄位:管理者資訊, 因為不可以使用 @, 所以大多都會用 . 取代。很容易誤解的欄位。
    • 剩下的五個欄位以十進制數字表示,分別序列編號、更新時間、重試時間、有效時間與 TTL。
  • SPF: 全名 Sender Policy Framework (SPF), 不過 AWS Route53 文件建議使用 TXT 取代此 record.
  • SRV: 以四個以空白隔開的值。前三個十進制數字表示優先權、權重與通訊埠。第四個值為網域名稱。
  • TXT: 用來放至描述、說明等訊息。但是後來被拿來當作設定檔使用,像是前面提到的 SPF 格式、DKIM …等

參考文件:

DNS 相關名詞

  • Zone Apex / Root Domain / Naked Domain: 網域名稱的根節點. 像是 www.google.com 的 root domain 就是 google.com
  • TLD: Top level domain, 就是第一層的名稱,像是 .com, .org, .gov, .edu, .net … 等
  • TTL: Time to live
  • Delegation: 網域代理, 有些網站翻譯成 “授權”. 就是子網域名 (sub domain)稱交由另一台機器管理.
  • DKIM: DomainKeys Identified Mail

DNS 限制

DNS 相關工具

nslookup

  • 一般 NS/IP 查詢: nslookup www.google.com
  • 查詢 record by type: set type=${type}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
~$ nslookup
> set type=mx
> gmail.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com.

> set type=soa
> google.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
google.com
origin = ns1.google.com
mail addr = dns-admin.google.com
serial = 117708571
refresh = 900
retry = 900
expire = 1800
minimum = 60

使用 debug mode: set d2, 可以清楚地看到 DNS 查詢每一個 SendRequest / Response packet 的內容。

可以用來找尋未知 Record TTL, 通常是要做 DNS 切換時需要.

以下例子是使用 windows 的版本,分別會查詢 ipv4, ipv6 的資訊。如果網域中有字尾 domain, 那麼就會先查字尾 domain 的 DNS.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
C:\Users\rickhwang>nslookup
Default Server: dc1.gtcafe.corp
Address: 10.1.0.5

> set d2
> www.google.com

------------
SendRequest(), len 32
HEADER:
opcode = QUERY, id = 12, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
www.google.com, type = A, class = IN

------------
------------
Got answer (48 bytes):
HEADER:
opcode = QUERY, id = 12, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
www.google.com, type = A, class = IN
ANSWERS:
-> www.google.com
type = A, class = IN, dlen = 4
internet address = 216.58.200.196
ttl = 70 (1 min 10 secs)

------------
Non-authoritative answer:
------------
SendRequest(), len 32
HEADER:
opcode = QUERY, id = 13, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
www.google.com, type = AAAA, class = IN

------------
------------
Got answer (60 bytes):
HEADER:
opcode = QUERY, id = 13, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
www.google.com, type = AAAA, class = IN
ANSWERS:
-> www.google.com
type = AAAA, class = IN, dlen = 16
AAAA IPv6 address = 2404:6800:4004:800::2004
ttl = 174 (2 mins 54 secs)

------------
Name: www.google.com
Addresses: 2404:6800:4004:800::2004
216.58.200.196
不曉得為什麼,unix 版的 debug 資訊都沒有 format 過,只是把 function stack 印出來,不管是 OS X or Linux 都是如此.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
~$ nslookup
> set d2
> www.google.com
addlookup()
make_empty_lookup()
looking up www.google.com
start_lookup()
setup_lookup(0x7f91e9821208)
resetting lookup counter.
cloning server list
clone_server_list()
make_server(10.11.1.5)
make_server(8.8.8.8)
using root origin
recursive query
add_question()
starting to render the message
done rendering
create query 0x10d7fade8 linked to lookup 0x7f91e9821208
create query 0x10d800008 linked to lookup 0x7f91e9821208
do_lookup()
send_udp(0x10d7fade8)
bringup_timer()
have local timeout of 1
working on lookup 0x7f91e9821208, query 0x10d7fade8
sockcount=1
recving with lookup=0x7f91e9821208, query=0x10d7fade8, sock=0x10d801000
recvcount=1
sending a request
lock_lookup /Library/Caches/com.apple.xbs/Sources/bind9/bind9-45.101/bind9/bin/dig/dighost.c:2332
success
send_done()
sendcount=0
check_if_done()
list empty
unlock_lookup /Library/Caches/com.apple.xbs/Sources/bind9/bind9-45.101/bind9/bin/dig/dighost.c:2361
recv_done()
lock_lookup /Library/Caches/com.apple.xbs/Sources/bind9/bind9-45.101/bind9/bin/dig/dighost.c:3057
success
recvcount=0
lookup=0x7f91e9821208, query=0x10d7fade8
before parse starts
after parse
printmessage()
Server: 10.11.1.5
Address: 10.11.1.5#53

Non-authoritative answer:
printsection()
Name: www.google.com
Address: 216.58.197.164
still pending.
cancel_lookup()
check_if_done()
list empty
clear_query(0x10d800008)
clear_query(0x10d7fade8)
sockcount=0
check_next_lookup(0x7f91e9821208)
try_clear_lookup(0x7f91e9821208)
destroy
freeing server 0x7f91e9804608 belonging to 0x7f91e9821208
freeing server 0x7f91e9822808 belonging to 0x7f91e9821208
start_lookup()
check_if_done()
list empty
shutting down
dighost_shutdown()
unlock_lookup /Library/Caches/com.apple.xbs/Sources/bind9/bind9-45.101/bind9/bin/dig/dighost.c:3534
>

dig

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# look up by type
~ $dig gmail.com -t mx

; <<>> DiG 9.8.3-P1 <<>> gmail.com -t mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61679
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com. IN MX

;; ANSWER SECTION:
gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 10 alt1.gmail-smtp-in.l.google.com.

;; Query time: 23 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 21 22:22:40 2016
;; MSG SIZE rcvd: 150

其他工具

  • whois: 查詢 DNS 註冊資訊
  • tracert (windows)
  • tractroute (unix)

延伸閱讀 (站內)

參考資料


Comments