![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2019-03-22
目錄
- Resource Record (RR)
- SRV records (RFC 2782)
- PTR record
- TXT record
- DNS Packet
Resource Record (RR)
每一隻 DNS record 都叫 RR (
它們會有屬性: type, TTL, data [A, 300, n.n.n.n]
有效的 Domain
- ASCII letters A-Z
- digits 0-9
- hyphen -
- case-insensitive
SRV records (RFC 2782)
Format
_service._proto.domain-name. TTL class SRV priority weight port target.i.e.
# SRV for provision of SIP (VoIP) services
_sip._udp IN SRV 1 0 5523 sip2.example.com.
# autodiscover
_autodiscover._tcp 3600 IN SRV 0 0 443 autodiscover autodiscover 3600 IN A n.n.n.n
Service
Defines the "symbolic service name"
symbolic service name:
- _http - web service
- _ftp - file transfer service
- _ldap - LDAP service
- _imap - IMAP mail service
Proto
- _tcp - TCP protocol
- _udp - UDP protocol
owner-name:
Defines the base domain (or zone) name
一般情況不用填 (leaving the entry blank (without a dot) will substitute the current the zone root)
TTL
Optional
class
Optional. Standard CLASS parameter. (IN)
pri
The relative Priority of this service (Lowest is highest priority)
weight
Used when more than one service has the same priority. (highest is most frequently delivered)
0 indicates no weighting should be applied.
target
FQDN
PTR record
又稱 rdns record, IP -> domain name 的反解來
Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned.
TXT record
The size of the TXT record value to 255 characters
=> you can’t enter the DKIM key as a single entry in the DNS records
=> split the key into multiple quoted text strings and enter them together in the TXT record value field.
i.e.
dkim._domainkey 3600 IN TXT ( "v=DKIM1; p=" "..." "..." "..." "...")
DNS Packet
response fits into a single UDP datagram
large responses => lookup can be retried over TCP
+------------+ | Header | +------------+ | Question | the question for the name server (QNAME, QTYPE , QCLASS ...) +------------+ | Answer | RRs answering the question (TTL, RDATA ...) +------------+ | Authority | RRs pointing toward an authority +------------+ | Additional | RRs holding additional information +------------+
Authority section
may contain a list of resource records, pointing to authoritative name servers (某 Somain NS Server)
Additional section
may contain additional information to answers (i.e. NS Record IP)
Header section
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QDCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ANCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | NSCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ARCOUNT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
ID:
16-bit value, that is kept same in the response.
Flags:
- QR: 0=Query, 1=response
- OPCODE: 0000=query
- AA: Authoritative Answer (set by the server)
- TC: message is TrunCated (set by the server)
-
RD: Recursion Desired (set by the client and copied to the response) (Disable: +nordflag)
if the server is not authoritative, it will do a recursive query to find the answer. - RA: Recursion Available (set by the server)
- RCODE, 4-bits: 0000=NOERROR.
DNSSEC flag:
-
AD: Authenticated Data (set by the server)
no Authenticated Data (ad) => a validation problem with one or more records returned -
CD: Checking Disabled (set by the client, copied to the response)
1 => if the RRs cannot be verified, they should still be returned.
XXCOUNT:
number of records in each section
