This is the 14th day of my participation in the August More Text Challenge. For details, see: August More Text Challenge

At the end of the book, after introducing how DNS works, let’s look at how the DNS protocol works in conjunction with the actual addressing process.

Install the DIG query tool

The tool used in this article is the DIG command, which is a dedicated DNS query command that cannot be invoked directly on Windows systems and needs to be installed separately.

Dig execution program is in the Bind software package, first download Bind software, download address www.isc.org/downloads/ download the corresponding version

After decompressing, you can open the folder directly through CMD and run dig

You can also add the directory where dig is located to the environment variable, so that it can be called directly from any directory:

Addressing process

Enter: dig www.amazon.com.au +trace on the command line, and return the full addressing process from the root domain name.

  1. The client first queries the local DNS (172.20.10.1#53) and receives the LDNS response. It receives a 239-byte response within 34ms and lists the 13 root DNS ns records returned, where the IP addresses are hidden

  1. LDNS sent query requests to 13 root DNS servers and obtained 921byte responses from a.root-servers.net. Within 201ms, the response result was au. NS records and IP addresses of the corresponding nine TOP-LEVEL DOMAIN name servers

  1. LDNS continues to send requests to the nine TLD’s and gets com.au. ‘s query results from the C.AU server.

  1. In the end, we got a CNAME record for www.amazon.com.au from the authoritative DNS server ns4.p31.dynect.net, which pointed to another domain name: tp.04f01a85e-frontier.amazon.com.au.

  1. In other words, when we visit www.amazon.com.au, we are actually visiting tp.04f01a85e-frontier.amazon.com.au. Let’s query the IP address of this domain again.

  1. Results show that this is still not the final destination, it points to is d10yke8mddzjba.cloudfront.net. AWS DNS cloud resolution service is applied. We continue to query this domain name and get the final result: 65.8.141.206

  1. To verify our results, enter the IP address into your browser

As a result, the access was refused. It seems that they have done some permission control. If you are interested, you can try the domain name of Google or Baidu, it can be opened.

This is the actual process of DNS query. Next, we will introduce the ANYcast mechanism of DNS and the root DNS server

Thank you for reading. If there are any inaccuracies or errors, please leave a message and correct them. I will correct them immediately.




Summary is not easy, please do not reprint privately, otherwise don’t blame the old man you are welcome

Welcome technical friends to communicate with me, wechat 1296386616