验证因特网DNS查询方式是递归查询还是迭代查询。

猜想(图片来源于这里):

img

1. 终端到本地域名服务器

终端到本地域名服务器,DNS查询方式为递归。DNS查询报文标志位RD为1,表示客户端希望得到递归回答。

img

2. 本地域名服务器到最后结果

(1)在本地域名服务器上抓包验证

使用BIND 9搭建一台本地域名服务器,在服务器抓包,进行验证。

(2)使用dig命令

使用dig命令,并带上参数+trace,追踪整个域名解析过程。举例:

# dig +trace @8.8.8.8 baidu.com

; <<>> DiG 9.16.1-Ubuntu <<>> +trace @8.8.8.8 baidu.com
; (1 server found)
;; global options: +cmd
.                       67229   IN      NS      h.root-servers.net.
.                       67229   IN      NS      b.root-servers.net.
.                       67229   IN      NS      k.root-servers.net.
.                       67229   IN      NS      m.root-servers.net.
.                       67229   IN      NS      c.root-servers.net.
.                       67229   IN      NS      a.root-servers.net.
.                       67229   IN      NS      f.root-servers.net.
.                       67229   IN      NS      j.root-servers.net.
.                       67229   IN      NS      d.root-servers.net.
.                       67229   IN      NS      i.root-servers.net.
.                       67229   IN      NS      g.root-servers.net.
.                       67229   IN      NS      e.root-servers.net.
.                       67229   IN      NS      l.root-servers.net.
.                       67229   IN      RRSIG   NS 8 0 518400 20230416170000 20230403160000 60955 . hj9gK83RWBmQTmc+RymB2R8ku81+TA9iKY680btiUlh7EjXa/yLH3eH7 b6EbLqvAM83He8+9YEa+4+6ymLYCAn1CpwwyjD8h52zTRB++zUmUAxhU OqqQbJ0eYPpjpqEJFboXi/Ccw/qYlhqfkt+qNfFYmXkVbafgJkyM9sfu vHPsWWvSd7fDNd+9Xb4qJk583s8EET1zaySZ6OO+qSwCy/LoiAmp4Pjd W+tld7726MBu+qwox7AFD+D5+T/ZIq3zj8jEuwHzf+x5pq25TVfBoLhe +JDdgv7PKlImXhlZc/goShg1GyGaixjV3rmfowisoBm8QIbhVHHUbvFa db0hFg==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 8 ms

com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.                    86400   IN      RRSIG   DS 8 1 86400 20230417050000 20230404040000 60955 . YK8GB0+pwNsrXGYh0G9gGpjg1j9vkfHZo00muQgAm8JFPfj7+7S8hGpg xfzRcVnujAAWIslvu8UlYGfr1TN1e2SrzJ65j3rrHp+X3Qj1moD6v94U x9tvt47x1h5BxIz6WNCtvQAnt2uCvEseYBAD3aigULCmYyQ5FFlp1W0B CFeqjU/0/ShwpIqsTfuSpKYR5Y3l0TVk78OkGGg5rm5Rl4jSg/Umd136 dUCPhgOa3pR7Qudw24SJaWRWOwhFHjW/PjBsywvowyAaBdyHYNA67Adi wfWPRpNcqQIY0d7DmjXkmxUwS8TGcNH9J3VAQqSNtbJetpHVoQ4A0zVW g7zIgw==
;; Received 1197 bytes from 192.112.36.4#53(g.root-servers.net) in 268 ms

baidu.com.              172800  IN      NS      ns2.baidu.com.
baidu.com.              172800  IN      NS      ns3.baidu.com.
baidu.com.              172800  IN      NS      ns4.baidu.com.
baidu.com.              172800  IN      NS      ns1.baidu.com.
baidu.com.              172800  IN      NS      ns7.baidu.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230408042249 20230401031249 36739 com. IFJyeiOcZBkgzG7GOY4qZPf4kekcKItClNXycgFuAjKBt4WIRWG63sJX bfnkOY6162zgB/AkbqgwrBeeWZy3HIUzq9xaow4zkpYgYsKpJvjEXo5V MdBw/JntXWVbym0a3uvxTanwep5C8XcCo/1euq/buIEjljfwQMnJO0wW GtKVH1vQcaDB2zAySyVfEkxTF3OFKbrVVpIlczy5/vuRtg==
HPVV0C47Q7CQMTAJM90K1FBFJBRP4B4D.com. 86400 IN NSEC3 1 1 0 - HPVVAN8CFKHHHMEIDVJHFNQEOI5G6C89 NS DS RRSIG
HPVV0C47Q7CQMTAJM90K1FBFJBRP4B4D.com. 86400 IN RRSIG NSEC3 8 2 86400 20230411060450 20230404045450 36739 com. Koli+FY7Kswa2ku6fPnWF3IPBLjqnv9/f2IR8vdjewY4oDWN8Wsj9WRq 3vriFQ2DuBislo1jXNI9jSI4oOemYulBojf65J8Talzvi5cpwn5qTklI AoJ2jtuOs0nZUrfBaC8Mud0tFOHXtkBZKDkiPOOYLdmdJobk6BWVCVan slzC7+M7MpG3tYix0QM4z07LZWUdId2VokKJbOUW3QMCrQ==
;; Received 845 bytes from 192.33.14.30#53(b.gtld-servers.net) in 100 ms

baidu.com.              600     IN      A       39.156.66.10
baidu.com.              600     IN      A       110.242.68.66
baidu.com.              86400   IN      NS      ns3.baidu.com.
baidu.com.              86400   IN      NS      dns.baidu.com.
baidu.com.              86400   IN      NS      ns7.baidu.com.
baidu.com.              86400   IN      NS      ns2.baidu.com.
baidu.com.              86400   IN      NS      ns4.baidu.com.
;; Received 356 bytes from 111.45.3.226#53(ns4.baidu.com) in 8 ms

3. 一些讨论

BIND 9配置文件named.conf可以配置DNS查询方式,

recursion yes;

如果这样设置,是否就是递归查询呢?

本文系Spark & Shine原创,转载需注明出处本文最近一次修改时间 2023-04-04 23:34

results matching ""

    No results matching ""