代码之家 › 专栏 › 技术社区 › Wonter

DNS中的“附加部分”是什么?它是如何工作的?

bind dns

Wonter · 技术社区 · 6 年前

dig

$ dig www.google.com

; <<>> DiG 9.10.6 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59489
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.            IN  A

;; ANSWER SECTION:
www.google.com.     23  IN  A   69.171.247.71

;; AUTHORITY SECTION:
google.com.     124333  IN  NS  ns4.GOoGLE.cOM.
google.com.     124333  IN  NS  ns1.GOoGLE.cOM.
google.com.     124333  IN  NS  ns3.GOoGLE.cOM.
google.com.     124333  IN  NS  ns2.GOoGLE.cOM.

;; ADDITIONAL SECTION:
ns1.google.com.     300146  IN  A   216.239.32.10
ns1.google.com.     308505  IN  AAAA    2001:4860:4802:32::a
ns2.google.com.     303470  IN  A   216.239.34.10
ns2.google.com.     124333  IN  AAAA    2001:4860:4802:34::a
ns3.google.com.     303470  IN  A   216.239.36.10
ns3.google.com.     124333  IN  AAAA    2001:4860:4802:36::a
ns4.google.com.     302836  IN  A   216.239.38.10
ns4.google.com.     302716  IN  AAAA    2001:4860:4802:38::a

有一个 ADDITIONAL SECTION .

+---------------------+
| Header              |
+---------------------+
| Question            | the question for the name server
+---------------------+
| Answer              | Answers to the question
+---------------------+
| Authority           | Not used in this project
+---------------------+
| Additional          | Not used in this project
+---------------------+

附加部分 .

来自(授权服务器?)它是用来做什么的?

2 回复 | 直到 6 年前

Patrick Mevzek James Dean 6 年前

看到了吗 RFC 1035 它涉及DNS,特别是第4.1节“消息格式”。

你会看到:

问题。

您还可以在RFC1034第6.2节和第6.3节中找到一些查询和答复的示例,您将看到如何填写附加部分。

在“回答”中,您的查询的确切记录(dig执行 A 默认情况下,如果未指定任何内容)
在“Additional”中,您将获得上一节中名称服务器的IP地址,特别是在这里,因为您处于“in bailiwick”情况(通常称为“glues”),所以您(作为递归名称服务器)将无法连接权威名称服务器。

让我们直接使用权威名称服务器重做查询,然后与另一个案例进行比较:

$挖掘谷歌网站NS@a.gtld公司-服务器.net

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> google.com NS @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12149
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.            IN  NS

;; AUTHORITY SECTION:
google.com.     172800  IN  NS  ns2.google.com.
google.com.     172800  IN  NS  ns1.google.com.
google.com.     172800  IN  NS  ns3.google.com.
google.com.     172800  IN  NS  ns4.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.     172800  IN  AAAA    2001:4860:4802:34::a
ns2.google.com.     172800  IN  A   216.239.34.10
ns1.google.com.     172800  IN  AAAA    2001:4860:4802:32::a
ns1.google.com.     172800  IN  A   216.239.32.10
ns3.google.com.     172800  IN  AAAA    2001:4860:4802:36::a
ns3.google.com.     172800  IN  A   216.239.36.10
ns4.google.com.     172800  IN  AAAA    2001:4860:4802:38::a
ns4.google.com.     172800  IN  A   216.239.38.10

;; Query time: 68 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Sep 03 19:23:20 EST 2018
;; MSG SIZE  rcvd: 287

.COM google.com . 结果与之前的结果相似。

$ dig ultradns.com NS @a.gtld-servers.net

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> ultradns.com NS @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54105
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 10, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ultradns.com.          IN  NS

;; AUTHORITY SECTION:
ultradns.com.       172800  IN  NS  pdns196.ultradns.com.
ultradns.com.       172800  IN  NS  pdns196.ultradns.net.
ultradns.com.       172800  IN  NS  pdns196.ultradns.org.
ultradns.com.       172800  IN  NS  pdns196.ultradns.info.
ultradns.com.       172800  IN  NS  pdns196.ultradns.biz.
ultradns.com.       172800  IN  NS  pdns196.ultradns.co.uk.
ultradns.com.       172800  IN  NS  ari.alpha.aridns.net.au.
ultradns.com.       172800  IN  NS  ari.beta.aridns.net.au.
ultradns.com.       172800  IN  NS  ari.gamma.aridns.net.au.
ultradns.com.       172800  IN  NS  ari.delta.aridns.net.au.

;; ADDITIONAL SECTION:
pdns196.ultradns.com.   172800  IN  A   156.154.64.196
pdns196.ultradns.com.   172800  IN  AAAA    2001:502:f3ff::e8
pdns196.ultradns.net.   172800  IN  A   156.154.65.196
pdns196.ultradns.net.   172800  IN  AAAA    2610:a1:1014::e8

;; Query time: 72 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Sep 03 19:25:24 EST 2018
;; MSG SIZE  rcvd: 432

请密切注意“Authority”部分中的namserver列表和 A / AAAA .com .net (因为这是两个tld都由同一个注册表处理的特殊情况)这里有IP地址,因为 网站 / .NET 对其他TLD中的名称和IP地址一无所知。

这个例子更能说明这一点:

$ dig aridns.com NS @a.gtld-servers.net

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> aridns.com NS @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2552
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aridns.com.            IN  NS

;; AUTHORITY SECTION:
aridns.com.     172800  IN  NS  dns1.ausregistry.net.au.
aridns.com.     172800  IN  NS  dns1-1.ausregistry.net.au.
aridns.com.     172800  IN  NS  dns1-2.ausregistry.net.au.
aridns.com.     172800  IN  NS  dns2-1.ausregistry.net.au.

;; Query time: 68 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Sep 03 19:28:07 EST 2018
;; MSG SIZE  rcvd: 139

krisku 6 年前

这个 ADDITIONAL SECTION 包含您没有明确要求的数据,但服务器还是提供给了您。

就像互联网上的草稿一样 “在DNS响应中返回其他答案” https://tools.ietf.org/id/draft-fujiwara-dnsop-additional-answers-00.html