全球主机交流论坛

标题: 如何自建域名解析DNS [打印本页]

作者: linode-jspinosi 时间: 2020-10-16 14:51
标题: 如何自建域名解析DNS
本帖最后由 linode-jspinosi 于 2020-10-16 16:42 编辑

有程序或者源码吗

作者: 微笑着吃饭 时间: 2020-10-16 14:53
有源码，名字忘记了，你github搜一下

作者: iks 时间: 2020-10-16 14:54
你说的是权威DNS还是递归DNS

作者: 某猫猫 时间: 2020-10-16 14:54

境内自建DNS之网安爱上我?

作者: 海苔 时间: 2020-10-16 15:05
coredns overture

作者: Cstudent 时间: 2020-10-16 15:08
国内云都不允许你部署dns服务查到就停机你只有在家庭的局域网中组一个dns服务器

作者: 老坛酸菜 时间: 2020-10-16 15:12
提示: 作者被禁止或删除内容自动屏蔽

作者: jqbaobao 时间: 2020-10-16 15:40
ADguardHome吗

作者: hxq 时间: 2020-10-16 15:45
大厂DNS满足不了你吗

作者: wangjianjilei 时间: 2020-10-16 15:48
有，coredns，内网自建dns，甚至可以从上游解决污染问题

作者: ainuoyan 时间: 2020-10-16 16:18
unbound dnsdist

作者: tir 时间: 2020-10-16 16:20
那种？域名解析DNS还是像114.114.114 8.8.8.8 的权威DNS？？

作者: iks 时间: 2020-10-16 17:42

tir 发表于 2020-10-16 16:20
那种？域名解析DNS还是像114.114.114 8.8.8.8 的权威DNS？？

114.114.114.114, 8.8.8.8 等 Public DNS 是递归 DNS，ns3.dnsv3.com, ns4.alidns.com 等才是权威 DNS

作者: 骚货 时间: 2020-10-16 18:00
提示: 作者被禁止或删除内容自动屏蔽

作者: 大屁股 时间: 2020-10-16 18:03
提示: 作者被禁止或删除内容自动屏蔽

作者: Tracker 时间: 2020-10-16 18:04
提示: 作者被禁止或删除内容自动屏蔽

作者: hkwu 时间: 2020-10-16 18:05

骚货发表于 2020-10-16 06:00
并不会，又不是什么违法的，

大陆安排 dns 服务是需要资质的

作者: iks 时间: 2020-10-16 18:14

Tracker 发表于 2020-10-16 18:04
114.114.114.114, 8.8.8.8 等是权威 DNS，198.41.0.4、199.9.14.201 等是根DNS

Name servers
The Domain Name System is maintained by a distributed database system, which uses the client–server model. The nodes of this database are the name servers. Each domain has at least one authoritative DNS server that publishes information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy is served by the root name servers, the servers to query when looking up (resolving) a TLD.

Authoritative name server
An authoritative name server is a name server that only gives answers to DNS queries from data that has been configured by an original source, for example, the domain administrator or by dynamic DNS methods, in contrast to answers obtained via a query to another name server that only maintains a cache of data.

An authoritative name server can either be a primary server or a secondary server. Historically the terms master/slave and primary/secondary were sometimes used interchangeably but the current practice is to use the latter form. A primary server is a server that stores the original copies of all zone records. A secondary server uses a special automatic updating mechanism in the DNS protocol in communication with its primary to maintain an identical copy of the primary records.

Every DNS zone must be assigned a set of authoritative name servers. This set of servers is stored in the parent domain zone with name server (NS) records.

An authoritative server indicates its status of supplying definitive answers, deemed authoritative, by setting a protocol flag, called the "Authoritative Answer" (AA) bit in its responses. This flag is usually reproduced prominently in the output of DNS administration query tools, such as dig, to indicate that the responding name server is an authority for the domain name in question.

Address resolution mechanism
Domain name resolvers determine the domain name servers responsible for the domain name in question by a sequence of queries starting with the right-most (top-level) domain label.

A DNS resolver that implements the iterative approach mandated by RFC 1034; in this case, the resolver consults three name servers to resolve the fully qualified domain name "www.wikipedia.org".
For proper operation of its domain name resolver, a network host is configured with an initial cache (hints) of the known addresses of the root name servers. The hints are updated periodically by an administrator by retrieving a dataset from a reliable source.

Assuming the resolver has no cached records to accelerate the process, the resolution process starts with a query to one of the root servers. In typical operation, the root servers do not answer directly, but respond with a referral to more authoritative servers, e.g., a query for "www.wikipedia.org" is referred to the org servers. The resolver now queries the servers referred to, and iteratively repeats this process until it receives an authoritative answer. The diagram illustrates this process for the host that is named by the fully qualified domain name "www.wikipedia.org".

This mechanism would place a large traffic burden on the root servers, if every resolution on the Internet required starting at the root. In practice caching is used in DNS servers to off-load the root servers, and as a result, root name servers actually are involved in only a relatively small fraction of all requests.

Recursive and caching name server
In theory, authoritative name servers are sufficient for the operation of the Internet. However, with only authoritative name servers operating, every DNS query must start with recursive queries at the root zone of the Domain Name System and each user system would have to implement resolver software capable of recursive operation.

To improve efficiency, reduce DNS traffic across the Internet, and increase performance in end-user applications, the Domain Name System supports DNS cache servers which store DNS query results for a period of time determined in the configuration (time-to-live) of the domain name record in question. Typically, such caching DNS servers also implement the recursive algorithm necessary to resolve a given name starting with the DNS root through to the authoritative name servers of the queried domain. With this function implemented in the name server, user applications gain efficiency in design and operation.

The combination of DNS caching and recursive functions in a name server is not mandatory; the functions can be implemented independently in servers for special purposes.

Internet service providers typically provide recursive and caching name servers for their customers. In addition, many home networking routers implement DNS caches and recursors to improve efficiency in the local network.

Source: https://en.wikipedia.org/wiki/Domain_Name_System

作者: iks 时间: 2020-10-16 18:19
本帖最后由 iks 于 2020-10-16 18:22 编辑

Tracker 发表于 2020-10-16 18:04
114.114.114.114, 8.8.8.8 等是权威 DNS，198.41.0.4、199.9.14.201 等是根DNS

公共DNS是递归DNS，在域名注册商处为你的域名设置的 Name Server 才是（相对于你这个域名的）权威DNS

Windows 可以 nslookup hostloc.com 114.114.114.114 和 nslookup hostloc.com f1g1ns1.dnspod.net 找不同

C:\Users\app>nslookup hostloc.com 114.114.114.114
服务器: public1.114dns.com
Address: 114.114.114.114
非权威应答:
名称: hostloc.com
Address: 23.225.155.84
C:\Users\app>

复制代码

C:\Users\app>nslookup hostloc.com f1g1ns1.dnspod.net
服务器: UnKnown
Address: 61.151.180.44
名称: hostloc.com
Address: 23.225.155.84
C:\Users\app>

复制代码

只有向该域名的权威DNS查询DNS才不会显示非权威应答

作者: City2phobia 时间: 2020-10-16 18:20
提示: 作者被禁止或删除内容自动屏蔽

作者: pathc 时间: 2020-10-16 18:21

Tracker 发表于 2020-10-16 18:04
114.114.114.114, 8.8.8.8 等是权威 DNS，198.41.0.4、199.9.14.201 等是根DNS

别丢人了，看看楼上资料

作者: Tracker 时间: 2020-10-16 18:31
提示: 作者被禁止或删除内容自动屏蔽

作者: 某猫猫 时间: 2020-10-16 18:46

骚货发表于 2020-10-16 18:00
并不会，又不是什么违法的，

大佬直接53开干,回去找个好看的网安xgg/xjj

作者: tkn 时间: 2020-10-16 19:35
建权威或的非权威的不都一样吗？权威的也可以做成转发服务器或缓存服务器，只不过权威的多了一个你买的那个域名的查询权。要把你买的域名的 ns 记录设置成你的 dns 服务器域名，对于你买的域名，你建的 dns 服务器就是权威的了。

作者: pathc 时间: 2020-10-16 21:52

Tracker 发表于 2020-10-16 18:31
大家讨论问题哪里丢人了？你这种反应才丢人呢

你管百度一下就能找到解答的问题叫讨论？自己不懂不去查还张口就来，误导别人，这就是讨论？
楼上tir的态度就比你强

作者: Tracker 时间: 2020-10-17 09:12
提示: 作者被禁止或删除内容自动屏蔽

欢迎光临全球主机交流论坛 (https://loc.mjj8.eu.org/)