How DNS Server Works Attack Basics

How DNS Works

DNS is divided into Client and Server. Client plays the role of asking questions, that is, asking Server a Domain Name, and Server must answer this Domain Name. Real IP address. The local DNS will first check its own database. If your database does not exist, you will ask the DNS set up on the DNS, and after receiving the answer, save the answer and answer the customer.

The DNS server records the name data of the domain under the domain according to different authorization zones (Zone). This data includes the secondary domain name and host name under the domain.

There is a cache buffer (Cache) in each name server. The main purpose of this cache buffer is to record the name and relative IP address queried by the name server in the cache. In the cache area, so that the next time there is another client to query the same name on the secondary server, the server does not need to go to another host to find, but can directly find the name record data from the cache area, and send back Give the client a speed to speed up the client's name query.

For example: When the DNS client queries the specified DNS server for a host name on the Internet, the DNS server will look up the name specified by the user in the database. If not, the server will first be in the database. Check whether there is any record in the cache area. If the record is found, the corresponding IP address will be directly sent back to the client from the DNS server. If the name server is not found in the data record and is fast. When there is no cache in the cache, the server will first query the other name servers for the desired name.

For example, the DNS client queries the specified DNS server for a host name on the Internet. When the DNS server cannot find the name specified by the user in the data record, it will switch to the cache cache of the server. If the area is looking for the information, when the cache area is not found, it will ask the nearest name server for help to find the IP address of the name, and the same action query on the other server. After the call, the server that originally requested the query is returned. After receiving the result of the query by another DNS server, the DNS server records the queried host name and corresponding IP address into the cache buffer area, and finally at the office. The result of the query is replied to the client.
Example

Let us give an example. Let's say we want to query the Internet for a name of www.test.com.cn. From this name, we know that this host is in China CN, and the name of the organization to be found. Test.com.cn www host under this domain, the following is the step of the name resolution process.

Step 1 in the DNS client (Reslover) type the command to query the host, such as:

c:\\ping www.test.com.cn < Br>

pinging www.test.com.cn [192.72.80.36]with 32bytes of data

reply from 192.72.80.36 bytes time <10ms ttl 253

"Step2" The designated DNS server first queries whether it belongs to the host name under the domain. If the name of the host is not within the scope of the domain, the record data of the cache area will be queried again to check whether there is a name of the machine.

After the "Step3" query, it is found that there is no such record in the cache area, one of the servers in the root domain will be obtained, and the request to find www.test.com.cn will be issued.

"Step 4" asks the Root Name Server in the root domain. The Root Name Server records which DNS servers are responsible for each Top Domain, so he will respond to the closest Name Server to control the CN. Domain DNS server.

"Step 5" Root Name Server has told Local DNS Server which NameServer is responsible for the .cn domain, and then LocalDNS is responsible for issuing the name Request for www.test.com.cn.

"Step6" in the domain of .cn, the specified DNS server does not find the record of this name on the machine, so it will respond to the DNS server that originally issued the query request, where the nearest server is. ? He will respond to the recent host to control the DNS server host for the com.cn domain.

The DNS server host that was originally inquired by Step 7 will send a search for the name of www.test.com.cn to the DNS server of the domain of com.cn after receiving the IP address of the continuation query. Requirements.

In the domain of Step 8 com.cn, the designated DNS Server did not find a record of this name on the local machine, so the DNS Server that responded to the query request tells him where the closest server is. ? He responded to the DNS host closest to the domain controlling test.com.cn.

The DNS Server that was originally inquired by Step 9 sent a request for www.test.com.cn to the DNS Server of the test.com.cn domain at the location where it should continue to query. Finally, the DNS server of the domain of test.com.cn will find the IP of this host at www.test.com.cn.

"Step 10" So the DNS server that originally issued the query request, after receiving the IP address of the query result, responds back to the DNS client of the original query name.
Two real DNS query modes

There are two kinds of query principles, which are divided into Recursive and Interactive. The former is asked by the DNS proxy. The method of asking is to use the Interactive method, and the latter is to directly make Interactive queries by the machine. As can be seen from the above example, in the process of querying names in general, in fact, the two query modes are interactive.

Recursive: The query mode of the DNS client to the DNS

Server. This method is to send the packet to be queried and wait for the correct response of the correct name. The method only handles whether the response returned packet is correct or the error message for the name is not found.

Interview: The query mode between DNS servers is sent by the client or the DNS server. In this way, the packet is sent out and the information returned is not necessarily correct. The name of the location, but not the response mentioned above is an error message, he responded back to tell you the closest IP location, then went to the nearest IP to find the name to be resolved, repeated actions until the correct location was found.