DNS: 基本概念

[lihongjie0209]

Zone

DNS的全部数据被分为了不同的Zone交给不同的服务器管理

A DNS zone is any distinct, contiguous portion of the domain name space in the Domain Name System (DNS) for which administrative responsibility has been delegated to a single manager.

The domain name space of the Internet is organized into a hierarchical layout of subdomains below the DNS root domain. The individual domains of this tree may serve as delegation points for administrative authority and management. However, usually it is furthermore desirable to implement fine-grained boundaries of delegation, so that multiple sub-levels of a domain may be managed independently. Therefore, the domain name space is partitioned into areas (zones) for this purpose. A zone starts at a domain and extends downward in the tree to the leaf nodes or to the top-level of subdomains where other zones start.[1]

A DNS zone is implemented in the configuration system of a domain name server. Historically, it is defined in the zone file, an operating system text file that starts with the special DNS record type Start of Authority (SOA) and contains all records for the resources described within the zone. This format was originally used by the Berkeley Internet Name Domain Server (BIND) software package, and is defined in RFC 1034 and RFC 1035.

[lihongjie0209]

Authoritative Name Servers

Each zone is served by at least one authoritative name server, which contains the complete data for the zone. To make the DNS tolerant of server and network failures, most zones have two or more authoritative servers, on different networks. Responses from authoritative servers have the "authoritative answer" (AA) bit set in the response packets. This makes them easy to identify when debugging DNS configurations using tools like dig (Section 3.3).

[lihongjie0209]

The Primary Master

The authoritative server where the master copy of the zone data is maintained is called the primary master server, or simply the primary. Typically it loads the zone contents from some

localfileeditedbyhumansorperhapsgeneratedmechanicallyfromsomeotherlocalfilewhich is edited by humans. This file is called the zone file or master file. In some cases, however, the master file may not be edited by humans at all, but may instead be the result of dynamic update operations.

Slave Servers

Theotherauthoritativeservers,theslaveservers(alsoknownassecondaryservers)loadthezone contents from another server using a replication process known as a zone transfer. Typically the data are transferred directly from the primary master, but it is also possible to transfer it from another slave. In other words, a slave server may itself act as a master to a subordinate slave server. Periodically,theslaveservermustsendarefreshquerytodeterminewhetherthezonecontents have been updated. This is done by sending a query for the zone’s SOA record and checking whether the SERIAL field has been updated; if so, a new transfer request is initiated. The timingoftheserefreshqueriesiscontrolledbytheSOAREFRESHandRETRYfields,butcanbe overrriddenwiththemax-refresh-time,min-refresh-time,max-retry-time,andmin-retry-time options. If the zone data cannot be updated within the time specified by the SOA EXPIRE option (up to a hard-codedmaximum of 24weeks) then theslave zone expiresand will nolonger respond to queries.

[lihongjie0209]

Zone Database

[lihongjie0209]

解析过程

[lihongjie0209]

递归查询

[lihongjie0209]

迭代查询

[lihongjie0209]

反向映射

[lihongjie0209]

What is a DNS A record?

The ‘A’ stands for ‘address’ and this is the most fundamental type of DNS record: it indicates the IP address of a given domain. For example, if you pull the DNS records of cloudflare.com, the A record currently returns an IP address of: 104.17.210.9.

A records only hold IPv4 addresses. If a website has an IPv6 address, it will instead use an ‘AAAA’ record.

Here is an example of an A record:

example.com	record type:	value:	TTL
@	A	192.0.2.1	14400

The ‘@’ symbol in this example indicates that this is a record for the root domain, and the ‘14400’ value is the TTL (time to live), listed in seconds. The default TTL for A records is 14400 seconds. This means that if an A record gets updated, it takes 240 minutes (14400 seconds) to take effect.

The vast majority of websites only have one A record, but it is possible to have several. Some higher profile websites will have several different A records as part of a technique called round robin load balancing, which can distribute request traffic to one of several IP addresses, each hosting identical content.

When are DNS A records used?

The most common usage of A records is IP address lookups: matching a domain name (like 'cloudflare.com') to an IPv4 address. This enables a user's device to connect with and load a website, without the user memorizing and typing in the actual IP address. The user's web browser automatically carries this out by sending a query to a DNS resolver.

DNS A records are also used for operating a Domain Name System-based Blackhole List (DNSBL). DNSBLs can help mail servers identify and block email messages from known spammer domains.

If you want to learn more about DNS A records, you can see the original 1987 RFC where A records and several other DNS record types are defined here. To learn more about how the Domain Name System works, see What is DNS?

[lihongjie0209]

What is a DNS CNAME record?

The ‘canonical name’ (CNAME) record is used in lieu of an A record, when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. Imagine a scavenger hunt where each clue points to another clue, and the final clue points to the treasure. A domain with a CNAME record is like a clue that can point you to another clue (another domain with a CNAME record) or to the treasure (a domain with an A record).

For example, suppose blog.example.com has a CNAME record with a value of ‘example.com’ (without the ‘blog’). This means when a DNS server hits the DNS records for blog.example.com, it actually triggers another DNS lookup to example.com, returning example.com’s IP address via its A record. In this case we would say that example.com is the canonical name (or true name) of blog.example.com.

Oftentimes, when sites have subdomains such as blog.example.com or shop.example.com, those subdomains will have CNAME records that point to a root domain (example.com). This way if the IP address of the host changes, only the DNS A record for the root domain needs to be updated and all the CNAME records will follow along with whatever changes are made to the root.

A frequent misconception is that a CNAME record must always resolve to the same website as the domain it points to, but this is not the case. The CNAME record only points the client to the same IP address as the root domain. Once the client hits that IP address, the web server will still handle the URL accordingly. So for instance, blog.example.com might have a CNAME that points to example.com, directing the client to example.com’s IP address. But when the client actually connects to that IP address, the web server will look at the URL, see that it is blog.example.com, and deliver the blog page rather than the home page.

Example of a CNAME record:

blog.example.com	record type:	value:	TTL
@	CNAME	is an alias of example.com	32600

In this example you can see that blog.example.com points to example.com, and assuming it is based on our example A record we know that it will eventually resolve to the IP address 192.0.2.1.

Can a CNAME record point to another CNAME record?

Pointing a CNAME record to another CNAME record is inefficient because it requires multiple DNS lookups before the domain can be loaded — which slows down the user experience — but it is possible. For example, blog.example.com could have a CNAME record that pointed to www.example.com's CNAME record, which then pointed to example.com's A record.

CNAME for blog.example.com:

blog.example.com	record type:	value:	TTL
@	CNAME	is an alias of www.example.com	32600

Which points to a CNAME for www.example.com:

www.example.com	record type:	value:	TTL
@	CNAME	is an alias of example.com	32600

This configuration adds an extra step to the DNS lookup process and should be avoided if possible. Instead, the CNAME records for both blog.example.com and www.example.com should point directly to example.com.

What restrictions are there on using CNAME records?

MX and NS records cannot point to a CNAME record; they have to point to an A record (for IPv4) or an AAAA record (for IPv6). An MX record is a mail exchange record that directs email to a mail server. An NS record is a 'name server' record and indicates which DNS server is authoritative for that domain.

Learn more about MX records or NS records.