通过一次完整DNS从根域解析至主机的过程学习
通过dig从B根域服务器完成跟踪www.taobao.com完整解析过程,通过分析解析过程的交互来加深理解DNS体系知识。
dig输出主要内容解释:
QUESTION SECTION:查询的内容
ANSWER SECTION:相应的内容,一般会得到至少一条A记录,否则就还没定义
AUTHORITY SECTION:授权信息
ADDITIONAL SECTION:每个授权服务器的IP地址
SERVER:查询的dns服务器,可能会被缓存
解析流程主要解释:
1、将全球根域服务器b.root-servers.net.作为DNS查询服务器进行DNS查询
2、域名都是按照等级进行授权,比如www.taobao.com,
. 分配 com.
com. 分配 taobao.com.
taobao.com 分配 www.taobao.com
3、我们刚刚获得的根名称服务器列表中随机选择193.0.14.129(k.root-servers.net.)返回的是.根域;
4、由于K根域对taobao.com不具备权威性,会被委托给上一级com.服务器192.35.51.30
5、由于192.35.51.30(f.gtld-servers.net.)对www.taobao.com不具备权威性,会返回淘宝的ns4.taobao.com-ns7.taobao.com
6、最后请求给了ns5.taobao.com.服务器进行解析,www.taobao.com到底是哪台主机
下图显示从.com域名服务器至淘宝权威服务器之间的关系
下图显示淘宝的节点至后端缓存服务器之间的关系
一、dns解析流程
1、查询根域服务器 .
. IN NS
SERVER: 199.9.14.201#53(199.9.14.201)返回十三个全球根域服务器
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 199.9.14.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 199.7.91.13
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 198.97.190.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
2、通过根域服务器查询.com服务器
从K根域服务器SERVER: 193.0.14.129#53(193.0.14.129)返回13个.com服务器域名及IPv4和IPv6地址
a.gtld-servers.net. 172800 IN A 192.5.6.30
a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172800 IN A 192.33.14.30
b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172800 IN A 192.26.92.30
c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172800 IN A 192.31.80.30
d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30
e.gtld-servers.net. 172800 IN A 192.12.94.30
e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30
f.gtld-servers.net. 172800 IN A 192.35.51.30
f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30
g.gtld-servers.net. 172800 IN A 192.42.93.30
g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172800 IN A 192.54.112.30
h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 172800 IN A 192.43.172.30
i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30
j.gtld-servers.net. 172800 IN A 192.48.79.30
j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30
k.gtld-servers.net. 172800 IN A 192.52.178.30
k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30
l.gtld-servers.net. 172800 IN A 192.41.162.30
l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30
m.gtld-servers.net. 172800 IN A 192.55.83.30
m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30
3、通过.com根域F服务器返回查询taobao.com的NS服务器信息
SERVER: 192.35.51.30#53(192.35.51.30)
ns4.taobao.com. 172800 IN A 198.11.138.245
ns4.taobao.com. 172800 IN A 198.11.138.249
ns5.taobao.com. 172800 IN A 140.205.122.33
ns5.taobao.com. 172800 IN A 140.205.122.34
ns6.taobao.com. 172800 IN A 140.205.122.35
ns6.taobao.com. 172800 IN A 140.205.122.36
ns7.taobao.com. 172800 IN A 106.11.35.25
ns7.taobao.com. 172800 IN A 106.11.35.26
4、通过NS5.taobao.com域名服务器返回www.taobao.com的主机A记录的别名CNAME
SERVER: 140.205.122.33#53(140.205.122.33)
www.taobao.com. 600 IN CNAME www.taobao.com.danuoyi.tbcache.com.
二、完整命令执行过程
dig @199.9.14.201 www.taobao.com +trace +all
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> @199.9.14.201 www.taobao.com +trace +all
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60357
;; flags: qr aa; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS f.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN RRSIG NS 8 0 518400 20181121050000 20181108040000 2134 . eCST8zvT2zV1ZF49WzoGhjXhhrG6EbqyGPR6+znj7iWYgoc2j2q9DIbF 0pDHnsJPh49NR6ACWIEoGRl1ofNX/HeRfmUQzfAkScNZ4WazqzoQJQ/v vXOT3zKnEkgDbv59XTVIPzVrZtjwA0C/w2XDLMRtNKzzU+axMbre3qWd vm/XwjRcC2O6ixDa1EKoiployWcyLVPclitgYqyl+n10RaArtWVJBEgO uW9MxJ5oirh28lA4v0rsYQ2Zj7mcSiyMv2+L9z+/vJvPLHy0DmyCtpUs eKItTpx7KBy02hk1fJT4Y0evbcXK5+TGstPBUVYnkIPSbbSMIQ+Q/lOz w3OgHg==
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 199.9.14.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 199.7.91.13
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 198.97.190.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN AAAA 2001:500:200::b
c.root-servers.net. 3600000 IN AAAA 2001:500:2::c
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d
h.root-servers.net. 3600000 IN AAAA 2001:500:1::53
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 17 msec
;; SERVER: 199.9.14.201#53(199.9.14.201)
;; WHEN: Thu Nov 08 09:07:47 UTC 2018
;; MSG SIZE rcvd: 1097
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10525
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.taobao.com. IN A
;; AUTHORITY SECTION:
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20181121050000 20181108040000 2134 . yvtO7AoQuhlbqVSlX4dYAsA7CNAATztMNgMcKVz9/3fHlZEwsZCvbFYj Hd7CV9aPTR6+Dts4/DlWATXi9D3GbammD+i4iiaUXt2X9l9TlJsRm7Qk XYnvtxCuEBrsv2MkEABG8FPFbXLM7neDpxEegegnsi/21ehsiJfnNykV HJOzd6QsieOiG27NrCyyxBMj1wMxBey1h3CB93AIyKPsl2vUzvG6Zjiz FRFQWKgRFBCWZwWvzwj3jQN8lnLzrIyDJFJImlj4MRQu5IPr12sZZmnx 7pMIFnqeJAH7KJ4w1lNJClo7g5V8iDm9TQ4BOpmeUDtJN+mqldfrl+yp Erbrng==
;; ADDITIONAL SECTION:
a.gtld-servers.net. 172800 IN A 192.5.6.30
a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172800 IN A 192.33.14.30
b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172800 IN A 192.26.92.30
c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172800 IN A 192.31.80.30
d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30
e.gtld-servers.net. 172800 IN A 192.12.94.30
e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30
f.gtld-servers.net. 172800 IN A 192.35.51.30
f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30
g.gtld-servers.net. 172800 IN A 192.42.93.30
g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172800 IN A 192.54.112.30
h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 172800 IN A 192.43.172.30
i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30
j.gtld-servers.net. 172800 IN A 192.48.79.30
j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30
k.gtld-servers.net. 172800 IN A 192.52.178.30
k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30
l.gtld-servers.net. 172800 IN A 192.41.162.30
l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30
m.gtld-servers.net. 172800 IN A 192.55.83.30
m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30
;; Query time: 81 msec
;; SERVER: 193.0.14.129#53(193.0.14.129)
;; WHEN: Thu Nov 08 09:07:47 UTC 2018
;; MSG SIZE rcvd: 1174
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4853
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.taobao.com. IN A
;; AUTHORITY SECTION:
taobao.com. 172800 IN NS ns4.taobao.com.
taobao.com. 172800 IN NS ns5.taobao.com.
taobao.com. 172800 IN NS ns6.taobao.com.
taobao.com. 172800 IN NS ns7.taobao.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20181112054214 20181105043214 37490 com. VtU+mR9c9/KMSBR8+8jD4tBuYVI02LgCM0l6ajfg0IFDAqgk4pvkQeeu PUolFBvqUhq/skdRtlUSE2SLBl7NqXFu2gzeW+BGQ7qeW/H/C3S2xQfY y+vrQvZXtTGTDRSQ7iKbs+p60HkpC6yW1yO5ZkbB53GLVRmjQDGCRm0i STM=
D9N2ANM7BT92D9HP8CETPLBM45COQFF8.com. 86400 IN NSEC3 1 1 0 - D9N43TORDEE88HEQF8I7JCJ6FK80ND0G NS DS RRSIG
D9N2ANM7BT92D9HP8CETPLBM45COQFF8.com. 86400 IN RRSIG NSEC3 8 2 86400 20181112054415 20181105043415 37490 com. k/ZUuEsRxulsWC0uHeN7S/dF/LN4UfSfjDr/gTN34WnO15PL0Wn2/qzn Gue3uCaPZqGnBWRP0aGUZ7MNx6gbb3bcI4W/iWjXKsLE0n4OjlBRZf9m 95CfKHbjgDo7nLq3rimAoVwg7CBOXdbRxS/DoFSf5gCJ7LjjHnXay74w gV8=
;; ADDITIONAL SECTION:
ns4.taobao.com. 172800 IN A 198.11.138.245
ns4.taobao.com. 172800 IN A 198.11.138.249
ns5.taobao.com. 172800 IN A 140.205.122.33
ns5.taobao.com. 172800 IN A 140.205.122.34
ns6.taobao.com. 172800 IN A 140.205.122.35
ns6.taobao.com. 172800 IN A 140.205.122.36
ns7.taobao.com. 172800 IN A 106.11.35.25
ns7.taobao.com. 172800 IN A 106.11.35.26
;; Query time: 111 msec
;; SERVER: 192.35.51.30#53(192.35.51.30)
;; WHEN: Thu Nov 08 09:07:47 UTC 2018
;; MSG SIZE rcvd: 728
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8781
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.taobao.com. IN A
;; ANSWER SECTION:
www.taobao.com. 600 IN CNAME www.taobao.com.danuoyi.tbcache.com.
;; Query time: 10 msec
;; SERVER: 140.205.122.33#53(140.205.122.33)
;; WHEN: Thu Nov 08 09:07:47 UTC 2018
;; MSG SIZE rcvd: 91
三、精简输出dig方案
dig +additional +trace www.taobao.com. @8.8.4.4
