This time, I wanted to reconfirm the basic mechanism of DNS, so I summarized some of the contents of the following books. It was very easy to understand and I was able to acquire knowledge systematically.
The management range is layered according to the domain name, and the management is distributed by delegating the management. The area entrusted with management by delegation is called a "zone".
To delegate a zone, start by creating a subdomain. Subdomains are created by the delegator. The administrator of each zone manages information on a server called "name server".
The following two pieces of information are stored on the name server.
--The domain name and IP address of the host that exists in that zone --Delegation information --Information on the name server of the delegation destination
The parent has the role of managing the information of the child's delegation and guiding the delegation destination.
The basic operation is to follow the delegation destination in order from the root, and finally reach the name server that manages the IP address of the domain.
When a hierarchical structure based on domain names and DNS is introduced, an administrator (registry) that manages each hierarchy is required.
The responsibility of the registry is as follows.
--Manage the zone to which you are delegated --If you delegate a zone, manage who has delegated the zone
To use a domain name, apply to the registry for registration saying "I want to use this domain name".
The main roles of the registry are as follows.
--Operate a registry "registry database" that accumulates and manages registration information. --Whois service provision --The Whois service provides information on the domain name that you manage. --Name server operation
Whois is a service that allows users to refer to the information managed by the registry of domain names and IP addresses on the Internet.
Domain name registration management will be separated as follows.
--Registry responsible for centralized management of domain names --Registrar that handles applications from domain name registrants
To ensure diversity in prices and services while keeping the registered domain name unique.
In order to be able to access the website using the registered domain name, it is necessary to register the name server.
Recently, it is also common to use the services of businesses that provide name servers.
If you want to operate a name server (NS) yourself, follow the steps below.
--Run NS that handles your domain name on the Internet --This NS needs to be accessible from anywhere on the internet --Set the specified domain name information in NS --Check if NS can answer what is asked from the internet
In the case of a hierarchical structure, when referring to child information, it is necessary to return the information that the parent delegates to the child.
Actually following the hierarchical structure and resolving names takes a lot of load and time. Therefore, a mechanism was considered in which another server in charge of name resolution was prepared and the name resolution was performed on behalf of the server.
For a certain period of time, the proxy server retains name resolution information. If the request is made to the proxy server in time, the information held is returned.
The NS information of the delegation destination (child) to which the delegation source (parent) responds is called delegation information.
If the correct mandate information is not registered, name resolution will not be possible.
Each of the above is referred to as the following.
It runs on PC and smartphone devices and asks the full resolver to resolve the name. Requesting name resolution from the stub resolver to the full resolver is called a "name resolution request". The stub has the meaning of "end".
The main roles are as follows.
--Perform name resolution --Accumulate the information obtained during name resolution ――The mechanism that accumulates for a while is called "cache".
The authoritative server holds information about the zone it has delegated to and information about the zone it has delegated. The server that was formerly called NS is the authoritative server.
Respond only to the information you hold. Only respond with information within the zone and delegation information.
When making inquiries about stub resolvers and full resolvers, specify the name (domain name) and type (type) of the information you want to know.
The authoritative server holds the setting contents (zone data) of the zone in the form of "release record". A resource record is composed of three types of information: "domain name", "type", and "class".
The most commonly used resource record types are:
It is common to have multiple authoritative servers. To improve redundancy and load distribution. You can get the same response by contacting any authoritative server in the same zone. This mechanism is called "zone transfer".
In zone transfer, the authoritative server that has the zone data becomes the copy source, and the zone data is copied to the authoritative server that is the copy destination. The copy source server is called the "primary server", and the copy destination server is called the "secondary server".
If there are multiple authoritative servers, which authoritative server should the full resolver access?
RTT (Round Trip Time) preferentially queries short authoritative servers.
Searching for the IP address corresponding to the domain name is called "forward lookup". The opposite is "reverse lookup".
SOA
The boundary between zones divided by delegation is called a zone cut, and on the small zone side of the zone cut, the domain name of the zone cut is called the zone vertex.
If jp
delegates ʻexample.jp, the domain name ʻexample.jp
becomes the zone vertex.
An SOA (Start of Authority) resource record is set at the zone vertex.
Set the information needed to manage the delegated zone.
NS
Set information about delegation. It is necessary to set the zone on both the parent side and the child side of the zone cut.
Set both the NS resource record of your zone and the child side.
Set the host name of the authoritative server of the zone in the NS resource record. If there are multiple authoritative servers that manage the zone, list all of them.
For the authoritative server, register A record and AAAA record as needed.
MX
Information for receiving mail with the set domain name is also set in the authoritative server of the zone. The MX record has the mail server priority set to an unsigned number. Try to deliver mail in order from the mail server with the lowest value in the list.
Recommended Posts