一、记录类型¶
1.1 PTR记录¶
与A记录的功能相反,从IP地址解析到域名。
1.2 SRV记录¶
指向域里的资源。比如我想知道我们公司某个域里有哪些DC。
1.3 CNAME记录¶
又称Alias记录,就是别名的意思。
二、查询方式¶
2.1 递归查询¶
概括为"敌动我不动",意思是客户端请求了,服务器端会自动回复。其特点是客户端完全依赖服务器直接返回结果。
2.2 迭代查询¶
概括为"敌不动我动",意思是客户端请求了,服务器端会只会给客户端回复从哪儿可以找到正确答案,然后客户端自己再去找,直到找到为止。其特点是客户端先查到根服务器的地址,再从根服务器查到权威服务器,然后从权威服务器查看,查到后返回想要的结果。可以使用dig www.baidu.com +trace强制客户端采用迭代查询。
[root@localhost server]# dig www.baidu.com +trace
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> www.baidu.com +trace
;; global options: +cmd
. 25749 IN NS f.root-servers.net.
. 25749 IN NS a.root-servers.net.
. 25749 IN NS m.root-servers.net.
. 25749 IN NS l.root-servers.net.
. 25749 IN NS d.root-servers.net.
. 25749 IN NS j.root-servers.net.
. 25749 IN NS g.root-servers.net.
. 25749 IN NS e.root-servers.net.
. 25749 IN NS h.root-servers.net.
. 25749 IN NS b.root-servers.net.
. 25749 IN NS i.root-servers.net.
. 25749 IN NS k.root-servers.net.
. 25749 IN NS c.root-servers.net.
. 25749 IN RRSIG NS 8 0 518400 20220818170000 20220805160000 20826 . lbJcg5+wRpMof0UBbFVmP9XYv/6H3fnnUW63BKuYVNUU937qD+YTRlj8 /K8wgOvLb97N9e+BQFB/x4laPGJv/nhB/SWQiN0kbh/NbpH1iFOxh41u x791MNco8vlByLzqX2GiwS+H4MSAZRRf9sxn9JVeAOGxRW7QODkLBSjK XyHUb1lFgZ/3sdPboKMogmucKc5wY3H7XRn2dbnjpaUxjE5X8GVM/aZ/ FY4H3ZhDtfMYqgWhISvfePfbRCaBn8iRgkaAZVuEJLntpKoPMd7DfIm7 eDKSNbzBqrjTiOWAiGEopiVV6wXik4Iop9ABza0dlH8hoceKsSnl5zBP 4xQXvQ==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 4349 ms
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20220818170000 20220805160000 20826 . C1ImS7aYgqvj89FlKmSSer89RCfy7WmTvzaDyyupEqrGXIlgyoeQNKNN 5B7kunOjLr+xZw6WY30XLNL7YxUcKMwLcsO4zV7IM7EpJw+B4cArgQ1n sd9/8iUye8Am1nr88tXDgpPVYvsqhLWO4DHXRsU9yH3Iw8xoBPcLbELN vPj0IzqTc/eNyHFlHHzZBv46tB9aLoxYqArupqFOWP9QHMlumvVIdsZ0 6WTVL1UfoL9a5t3gydRNavtAcb7pIgGgIFypR3IuCCx3nU16u74RpHg4 m84Ks0n3/Nj9QQJS0DvsqF9KIRiLwqx6pAZNH4vWjugyrLYx+mIlqFwd 0q5/dg==
;; Received 1204 bytes from 192.36.148.17#53(i.root-servers.net) in 125 ms
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns1.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20220811042410 20220804031410 32298 com. ZMftfQcR6wmfHpNY9WQ445HBEHMATv5qavt4PQApfd3bTy8uW5cYBlKb 1pXWpseJJFzN+VM4vSbYomrOsPfLciqAZTX82VzG43R2UC1W869jqWJR kwbxq+ll4g3y4e2sZOeT4Nrl90tPSdQzrmqhS0Mv0xYrBfrNyOLKY9d6 mGEss3Sw3ZyqehvHn0pTspCtCwG8QJdlF+5Yz6sqyNUNNw==
HPVUVSGH5TFIA7CM6SS6SMPOS87OE0CE.com. 86400 IN NSEC3 1 1 0 - HPVV8SARM2LDLRBTVC5EP1CUB1EF7LOP NS DS RRSIG
HPVUVSGH5TFIA7CM6SS6SMPOS87OE0CE.com. 86400 IN RRSIG NSEC3 8 2 86400 20220811054114 20220804043114 32298 com. AP3Kvo2aOnqrdaVutcbz5l8uu1WNo9T1HUtp+xeRLWHWpD2mExIX+kxI 7gNxAp39Z2U4eQJCHhIlflU81p59n60M3kS28LW5rKFGiGxnL6M2k2Ct kYYB5NJKMQ9I1uEI5yzx40XyVJnqA4mf8PJ0UMDKwSN3sB/wgysCJF7k nkpYulG0jgHzZVFf64QXXJxNBDjsNtXE9cYrD8HuP8Fnmg==
;; Received 817 bytes from 192.33.14.30#53(b.gtld-servers.net) in 232 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
;; Received 100 bytes from 220.181.33.31#53(ns2.baidu.com) in 32 ms
三、DNS特性¶
循环工作(round-robin)模式,这个特性可以广泛应用于负载均衡。
四、DNS缺点¶
1、DNS存在许多山寨域名。 2、DNS服务器被恶意修改。 3、即使配了正规的DNS服务器,也有可能遭遇缓冲投毒。 4、DNS除了能用来欺骗,还能当作攻击性武器。