There are two ways of division. One is com. net, which was divided according to the nature of industry when the Internet was just emerging. Etc., one is divided by country such as CN., JP., etc.

You can find out how much you want. We don’t care.

Each domain has a domain name server, also known as an authoritative domain name server.

Baidu.com is a top-level domain name, but www.baidu.com is not a top-level domain name. It is a host called WWW in the domain of Baidu.com.

As long as I buy a top-level domain and set up my own BIND server (or other software) to register with the Internet, I can add as many fields as I want (of course, the length is limited).

For example, a.www.baidu.com, where www.baidu.com becomes a secondary domain instead of a host with the host name A.

3. Domain name server

A server that can provide domain name resolution. The record types can be A(Address) record, NS record (Name Server), MX record (mail), CNAME, etc.

(For details, see blog: Differences and connections between A record, CNAME, MX record and NS Record in domain name resolution)

What does A record mean? It is to record an IP address and A host name. For example, the domain test.baidu.com where my domain name server resides is A second-level domain name.

If I now want to query a.test.baidu.com, the top-level domain name server will find that the url you requested is in the test.baidu.com domain. I have recorded the NS IP address of the domain name server test.baidu.com of this secondary domain. I’ll give you this address and you can look up host A.

These domain name servers are called authoritative servers and directly provide DNS query services. (These servers don’t do recursion.)

Four. The parsing process

So how does our DNS resolve a domain name?


1. Now THAT I have a computer that is connected to the Internet through an ISP, THE ISP will assign me a DNS server. This DNS server is not an authoritative server, but a proxy DNS resolution server, which will iterate over the replies returned by the authoritative server for you and return the final IP address to you.

2. Now my computer will send a request to this ISPDNS to query the domain name www.baidu.com. For example, you may manually set 8.8.8.8.)

3.ISPDNS checks for the address in its cache and returns it if it does. The IP address received at this time will be marked as the reply of the non-authoritative server.

4. ISPDNS reads the 13 root DNS addresses from the configuration file if they are not in the cache (these addresses are not changed and are directly in the BIND configuration file).

5. Then make a request to one of them.

6. When the root server gets the request, it knows that it belongs to the com. top-level domain, so it returns the NS record of the COM domain, which is typically 13 host names and IP addresses.

7. Then ISPDNS initiates another request to one of them. The server in the COM domain finds that your request belongs to the domain of Baidu.com.

(Currently, Baidu has four Baidu.com top-level domain name servers).

8.ISPDNS took the trouble to send a request to the authoritative server of Baidu.com again. After receiving it, Baidu.com checked the host with WWW and returned the IP address to you.

9. ISPDNS then takes it, returns it to the client, and stores it in the cache.



Now let’s use nsLookup to elaborate on the parsing steps:




From the picture above, we can see:

The first line of Server is: DNS Server host name –210.32.32.1

The second line Address is: its IP Address –210.32.32.1#53

The following Name is: the resolved URL– www.jsjzx.com

Address: the parsed IP Address is 112.121.162.168









You will find that Baidu has an alias cname = www.a.shifen.com.

How does this work?

Let’s use the dig tool to track the (Linux system comes with)

———————————————————————————————————————— ——————————————————————————————————

The Dig tool iterates over the local machine and logs the query.


















The third step is to request a server in the com. domain 192.33.4.12,www.baidu.com, he returned the server IP (not shown) and name of baidu.com domain, Baidu has four top-level domain servers

[Here you can use dig @192.33.4.12 www.baidu.com to view the returned Baidu top-level domain server IP address].











———————————————————————————————————————— ———————————————————————————————————

As usual, when a DNS request is made to an alias, the query is aborted and the alias request is re-initiated, so www.a.shifen.com should be returned.

But why return NS for this field of A.shifen.com?

We can try the following command: dig +trace shifen.com to see what happens…




You will find in step 3 that the domain name server shifen.com is the same host as the domain name server baidu.com (dns.baidu.com)!


When I got the alias www.a.shifen.com of www.baidu.com, I needed to go back to the com domain to find the NS for the shifen.com domain, but since the two domains are on the same NS, I initiated directly to the native,

The shifen.com field found the requested www.a.shifen.com belongs to the a.shifen.com field,

I returned the NS and IP of a.shifen.com and asked me to query www.a.shifen.com on the domain name server of a.shifen.com.

So I got A record of A from NS X.a.shifen.com, which eventually turned out to be the IP address of www.baidu.com

Use a graph to illustrate this (only 13 units worldwide in step 3 of the graph are wrong)




The following is the experimental data obtained when the Local DNS server is set up on a VM to correct the previous conclusion

In the above analysis, we used dig tool to track, but DIG did not continue to track what happened after we got the IP of Cname and NS2.a.shifen.com from Baidu.com.

We conclude that the local DNS will request www.a.shifenc.om from ns2.a.shifen.com.

Create a local DNS server on your own, grab all the packages in the process of parsing.

The actual result is that although dns.baidu.com returns the server address and IP for the a.shifen.com domain,

But instead of directly requesting www.a.shifen.com, the local DNS requests the com domain again, and gets the shifen.com domain server (the four servers of Baidu.com).

Then request www.a.shifen.com, return to the server of the domain a.shifen.com, and finally request www.a.shifen.com,

Although the IP has been returned above, the result of the experiment is to walk through the shifen.com domain query again.











This figure fully illustrates that the return of cname also returns the IP of ns2.a.shifen.com.

So here’s the summary

① The local HOST sends a request to the local DNS server www.baidu.com

② The local DNS sends a request to the root domain for www.baidu.com, and the root domain returns com. IP address of the domain server

③ Request www.baidu.com from the com. domain. The com. domain returns the server IP address of the baidu.com domain

④ Request www.baidu.com from Baidu.com and return the server IP addresses of the cname www.a.shifen.com and a.shifen.com domains

⑤ Request www.a.shifen.com from the root domain

⑥ Request www.a.shife.com from the com. domain

⑦ Request shifen.com

⑧ Request the a.shifen.com domain

⑨ Get the IP address of www.a.shifen.com

⑩localdns Returns the IP addresses of the local host www.baidu.com cname www.a.shifen.com and www.a.shifen.com