[LINUX] Basic knowledge of DNS that can not be heard now

This time, I wanted to reconfirm the basic mechanism of DNS, so I summarized some of the contents of the following books. It was very easy to understand and I was able to acquire knowledge systematically.

What is DNS?

Hierarchy and delegation in DNS

The management range is layered according to the domain name, and the management is distributed by delegating the management. The area entrusted with management by delegation is called a "zone".

To delegate a zone, start by creating a subdomain. Subdomains are created by the delegator. The administrator of each zone manages information on a server called "name server".

The following two pieces of information are stored on the name server.

--The domain name and IP address of the host that exists in that zone --Delegation information --Information on the name server of the delegation destination

The parent has the role of managing the information of the child's delegation and guiding the delegation destination.

The basic operation is to follow the delegation destination in order from the root, and finally reach the name server that manages the IP address of the domain.

Relationship between DNS and registry

When a hierarchical structure based on domain names and DNS is introduced, an administrator (registry) that manages each hierarchy is required.

The responsibility of the registry is as follows.

--Manage the zone to which you are delegated --If you delegate a zone, manage who has delegated the zone

What is a registry?

The role of the registry

To use a domain name, apply to the registry for registration saying "I want to use this domain name".

The main roles of the registry are as follows.

--Operate a registry "registry database" that accumulates and manages registration information. --Whois service provision --The Whois service provides information on the domain name that you manage. --Name server operation

Whois and its role

Whois is a service that allows users to refer to the information managed by the registry of domain names and IP addresses on the Internet.

Registry registrar model

Domain name registration management will be separated as follows.

--Registry responsible for centralized management of domain names --Registrar that handles applications from domain name registrants

To ensure diversity in prices and services while keeping the registered domain name unique.

Make domain names available

In order to be able to access the website using the registered domain name, it is necessary to register the name server.

Recently, it is also common to use the services of businesses that provide name servers.

If you want to operate a name server (NS) yourself, follow the steps below.

--Run NS that handles your domain name on the Internet --This NS needs to be accessible from anywhere on the internet --Set the specified domain name information in NS --Check if NS can answer what is asked from the internet

Name resolution

In the case of a hierarchical structure, when referring to child information, it is necessary to return the information that the parent delegates to the child.

Actually following the hierarchical structure and resolving names takes a lot of load and time. Therefore, a mechanism was considered in which another server in charge of name resolution was prepared and the name resolution was performed on behalf of the server.

For a certain period of time, the proxy server retains name resolution information. If the request is made to the proxy server in time, the information held is returned.

What you need for name resolution

The NS information of the delegation destination (child) to which the delegation source (parent) responds is called delegation information.

If the correct mandate information is not registered, name resolution will not be possible.

DNS components

  1. People who want information
  2. Name resolution person
  3. The person who provides the information

Each of the above is referred to as the following.

  1. Stub resolver
  2. Full resolver, full service resolver
  3. Authoritative server

Stub resolver

It runs on PC and smartphone devices and asks the full resolver to resolve the name. Requesting name resolution from the stub resolver to the full resolver is called a "name resolution request". The stub has the meaning of "end".

Full resolver

The main roles are as follows.

--Perform name resolution --Accumulate the information obtained during name resolution ――The mechanism that accumulates for a while is called "cache".

Authoritative server

The authoritative server holds information about the zone it has delegated to and information about the zone it has delegated. The server that was formerly called NS is the authoritative server.

Respond only to the information you hold. Only respond with information within the zone and delegation information.

When making inquiries about stub resolvers and full resolvers, specify the name (domain name) and type (type) of the information you want to know.

The authoritative server holds the setting contents (zone data) of the zone in the form of "release record". A resource record is composed of three types of information: "domain name", "type", and "class".

Resource record

The most commonly used resource record types are:

Redundancy

It is common to have multiple authoritative servers. To improve redundancy and load distribution. You can get the same response by contacting any authoritative server in the same zone. This mechanism is called "zone transfer".

In zone transfer, the authoritative server that has the zone data becomes the copy source, and the zone data is copied to the authoritative server that is the copy destination. The copy source server is called the "primary server", and the copy destination server is called the "secondary server".

If there are multiple authoritative servers, which authoritative server should the full resolver access?

RTT (Round Trip Time) preferentially queries short authoritative servers.

Forward lookup and reverse lookup

Searching for the IP address corresponding to the domain name is called "forward lookup". The opposite is "reverse lookup".

Resource record information

SOA

The boundary between zones divided by delegation is called a zone cut, and on the small zone side of the zone cut, the domain name of the zone cut is called the zone vertex. If jp delegates ʻexample.jp, the domain name ʻexample.jp becomes the zone vertex. An SOA (Start of Authority) resource record is set at the zone vertex. Set the information needed to manage the delegated zone.

NS

Set information about delegation. It is necessary to set the zone on both the parent side and the child side of the zone cut.

Set both the NS resource record of your zone and the child side.

Set the host name of the authoritative server of the zone in the NS resource record. If there are multiple authoritative servers that manage the zone, list all of them.

For the authoritative server, register A record and AAAA record as needed.

MX

Information for receiving mail with the set domain name is also set in the authoritative server of the zone. The MX record has the mail server priority set to an unsigned number. Try to deliver mail in order from the mail server with the lowest value in the list.

Recommended Posts

Basic knowledge of DNS that can not be heard now
Basic knowledge of Python
Basic algorithms that can be used in competition pros
Python knowledge notes that can be used with AtCoder
Format summary of formats that can be serialized with gensim
Evaluation index that can be specified in GridSearchCV of sklearn
Investigation of DC power supplies that can be controlled by Python
Comparison of 4 styles that can be passed to seaborn with set_context
Basic knowledge of Linux and basic commands
Summary of basic knowledge of PyPy Part 1
Confirmation that rkhunter can be installed
Easy padding of data that can be used in natural language processing
Basic summary of scraping with Requests that beginners can absolutely understand [Python]
Maximum number of function parameters that can be defined in each language
Acoustic signal processing module that can be used with Python-Sounddevice ASIO [Basic]
[Python] The movement of the decorator that can be understood this time ② The decorator that receives the argument
Tensorflow, it seems that even the eigenvalues of the matrix can be automatically differentiated
A class for PYTHON that can be operated without being aware of LDAP
A personal memo of Pandas related operations that can be used in practice
Summary of scikit-learn data sources that can be used when writing analysis articles
Linux command that can be used from today if you know it (Basic)