DNS (Zones and Records)/Mechanism of DNS Lookup

DNS (zones and records)

Each node manages data called a DNS zone, which is name resolution information about its own domain.

 The unit of data contained in a zone is called a "record", and there are types as shown in the table below. Records handle not only the information on the correspondence between host names and IP addresses, but also various information such as host name aliases.

Specify the zone information as follows.

● Zone information

$TTL  86400
@    IN    SOA    dns.company.co.jp.  postmaster.company.co.jp.  (
     20091218001   ;  Serial
     10800         ;  Refresh
     3600          ;  Retry
     604800        ;  Expire
     3600 )        ;  Negative cache TTL
             IN    NS         dns.company.co.jp.
             IN    NS         dns2.company.co.jp.
             IN    MX   10    dns.company.co.jp.
             IN    MX   20    mail.company.co.jp.
localhost    IN    A          127.0.0.1
dns          IN    A          192.168.1.1
dns2         IN    A          192.168.1.2
mail         IN    A          192.168.1.3
sv01         IN    CNAME      dns
sv02         IN    CNAME      dns2
sv03         IN    CNAME      mail

The record types are as follows.

Record typeDefinition example / Meaning
SOAexample)
@ IN SOA dns.company.co.jp. postmaster.company.co.jp.
20091218001 ; Serial
10800 ; Refresh
3600 ;
604800 ; Expire
3600 ) ; Negative cache TTL
●@
A domain name that is exactly the same as the ORIGIN is described with "@".
Specify the ORIGIN value on the line starting with $ORIGIN. If you don't explicitly set $ORIGIN, the zone name set in "named.conf" will be used.
●MNAME (dns.company.co.jp.)
Represents the DNS server name that manages the domain.
● RNAME (postmaster.company.co.jp.)
Email address of the domain administrator
Represents the email address of the domain administrator. E-mail expresses "." instead of "@".
● SERIAL (serial number)
A number representing the version of the zone file. A higher number means a newer version. It is usually expressed as a 10-digit number YYYYMMDDnn.
REFRESH (update interval)
Specifies the time in seconds before refreshing the zone information.
RETRY (transfer retry time)
Specifies the retry period in seconds when zone information cannot be updated by REFRESH.
● EXPIRE (record valid time)
Specifies the validity period of the zone information in seconds when the zone information cannot be refreshed.
● MINIMUM (Negative cache TTL)
Specifies the expiration time in seconds to cache non-existent information.
NSExample) (domain name) IN NS dns.example.com.

Specifies the DNS server name of the domain. If the domain name is blank, the name of the previous record applies. SOA record of the previous record in the example above.
A.Example) www IN A 192.168.1.10

host IP address
PTRExample) 192.168.1.10 IN PTR www.company.co.jp.

Host name for IP address
CNAMEsExample) www IN CNAME www1.company.co.jp.

Alias ​​of host name
MXExample) (domain name) IN MX 10 mail.company.com.
domain mail server name
HINFOMoreExample) www IN HINFO HP DL320 G6 Linux

host information. Describe host hardware, OS information, etc.
WKSExample) www IN WKS tcp http ftp smtp Describe

the service information running on the host.
TXTExample) www IN TXT "This is company server" Write

text information to the host.

 Zones can be abbreviated. The basic abbreviation rule is that "if you don't write it explicitly, the previous description is set."

A zone can be defined concisely by describing the zone according to the rules of abbreviation.

Mechanism of DNS lookup (forward lookup)

Using DNS to subtract the IP address from the domain name is called forward lookup.

As described in "DNS Domain Tree", DNS name resolution works along the domain tree.

 For example, to obtain the IP address from the host name "www.sales.company.co.jp", an inquiry is made from the root name server that exists above the top level domain (TLD).

 At first glance, there seems to be nothing above "jp", but in fact there is a higher hierarchy, and there is a root domain represented by "root" or ". (dot)".

The query flow is as follows.

 "Root name server" → "DNS server for jp domain" → "DNS server for co.jp domain" → "DNS server for company.co.jp domain" → "DNS server for sales.company.co.jp subdomain"

 In this way, you can reach the target record by following the lower layers from the root name server to the record you need.

DNS discovery (resolver and recursive)

 "Reverse DNS lookup" refers to the act of searching for a domain name from an IP address using DNS. I think that the act of finding the IP address from the domain name of "forward DNS lookup" is necessary, but you may question the necessity of "reverse DNS lookup".

 Reverse lookup is useful for log analysis of servers, etc. What if the logs only knew the IP address of the access source?

 The IP address alone is just a series of numbers, and it is not convenient when analyzing which computer or site the access came from.

 If you know from which site you accessed and from which server or client you accessed, you can perform analysis and troubleshooting smoothly.

 In addition, the domain name that can be reverse-lookup is displayed with the "traceroute" command. It is also useful for debugging when the domain name is displayed.

 "Reverse DNS lookup" is used for authentication by performing reverse DNS lookup and for blocking spam. In this way, reverse DNS lookup is just as important as forward lookup.

In this way, with DNS, it is possible to obtain an IP address from a domain name and vice versa.

 An IP address is expressed by separating each octet with a "." (period), such as "192.168.1.10". Therefore, in "reverse DNS lookup", each octet corresponds to one subdomain name in DNS.

 "10.1.168.192" arranged in the opposite order to the IP address is added with the subdomain name "in-addr.arpa" representing the reverse zone, and is written as "10.1.168.192.in-addr.arpa" It looks like

The diagram below illustrates the flow of forward and reverse DNS lookup.

 In this way, reverse lookups look like they are lined up in the opposite direction when you look at the notation, but by tracing the DNS tree in order from the top, you can resolve names in the same way as with forward lookups.

For forward lookups, we searched for A records, but for reverse lookups, we look for PTR records.