域名系统(Domain Name System)( DNS ) 是(DNS)万维网(World Wide Web)( WWW )最关键的组件之一。它可以帮助您从在浏览器中输入网址到在屏幕上看到正确的网站。
今天,这个过程发生得如此之快,以至于很容易将其视为理所当然。但是,幕后正在发生一组复杂的过程,以帮助您浏览诸如此类的精美网站!
一些互联网基础知识
互联网(The internet)本质上是通过网络电缆、无线电信号和其他各种传输数字信号的方法连接在一起的许多计算机。将所有这些设备和网络技术统一在一起的是互联网协议(Internet Protocol)(IP)。
通信协议描述了设备用于相互通信的规则和语言。任何两个设备(无论是智能冰箱、笔记本电脑、智能手机还是机器人吸尘器)只要使用相同的协议,就可以在彼此之间发送和接收信息。
IP 网络为每个设备分配一个唯一编号,称为其 IP 地址。IP 地址的存在使得通过网络发送的数据包具有明确的目的地。
您的互联网网关设备(通常是无线路由器)有一个公共 IP 地址,互联网上的任何人都可以看到。由于 IP 地址也代表网络上的物理位置,这意味着 IP 地址也显示您的大致位置!但是,您无需输入 IP 地址即可访问网络上的内容。这正是DNS突然介入以挽救局面的地方。
谢天谢地的网址
诸如https://www.online-tech-tips.com之类的 Internet 地址称为URL(URLs)或统一资源定位器(Uniform Resource Locators)。这些地址很容易被人们记住,因为它们通常被选择为令人难忘的。这是您在网络浏览器(如 Chrome 的地址栏)中键入以访问该站点的文本字符串。
但是,包含您访问的网站和其他内容的实际计算机具有 IP 地址,而不是URL。事实上,一个URL可以指向多个 IP 地址,因为全球多台服务器可以托管相同的网站和数据。
DNS 服务器将 URL 转换为 IP 地址(DNS Servers Turn URLs Into IP Addresses)
DNS服务器是网络上的一台计算机,它接收您输入的URL ,(URL)然后将其与 IP 地址数据库进行比较,以查看哪个与URL相关联。
这就像在电话簿中查找电话号码一样。找到此人的姓名和首字母缩写后,旁边会列出一个电话号码。它是使电话响铃的号码和使您的计算机与它正在寻找的网络服务器保持联系的 IP 地址。
DNS如何逐步工作
让我们看看打开 Web 浏览器、输入URL并按Enter后会发生什么。
- 首先,您的浏览器会检查DNS 缓存(DNS cache),以前的请求已存储为DNS记录。因此,如果您重复访问同一个网站,您不必每次都等待DNS响应。(DNS)浏览器还将检查您计算机的Hosts文件。这是一个手动URL(URLs)列表,其中记录了它们匹配的 IP 地址(称为主机名)。Hosts文件优先于所有内容,因此您的浏览器将转到那里列出的 IP 地址(如果有)。
- 如果信息在本地不可用,您的 Web 浏览器会向DNS解析器发送请求。这是大多数人称为DNS名称服务器的服务器。但实际上,解析器只是更广泛的DNS系统的一部分。解析器通常由您的Internet 服务提供商(Internet Service Provider)( ISP ) 运营。
- 假设 ISP 的本地DNS解析器(通常至少两个)在其缓存中没有您需要的信息。在这种情况下,它必须将请求进一步发送到DNS根名称服务器。根名称服务器没有关于 IP 地址和URL(URLs)的信息。相反,它具有顶级域(Top-level Domain)( TLD ) 名称服务器的信息,并将请求重定向到它们的位置。顶级域是您在网址末尾看到的 .com、 .org和其他后缀。(.org)如果您的URL是 .com,则处理 .com 域的TLD服务器是下一站。
- 然后,TLD名称服务器将提供二级域。例如,这就是“google.com”中的“google”。TLD服务器知道哪个名称服务器具有该二级域及其子域的 IP 地址信息,并将DNS查找请求转发到该目的地。此服务器称为权威名称服务器。权威DNS服务器提供实际 IP 地址,然后将其发送回您的浏览器最初联系的DNS解析器。(DNS)
这是一段漫长的旅程,但DNS查询通常花费的时间在几分之一秒到几秒之间。
DNS可以改变您的互联网(Internet)体验
并非所有DNS解析器都是一样的。一些ISP(ISPs)管理其DNS服务器不善的情况并不少见。它们可能会给它们不充分的缓存、缓慢的硬件、不足的带宽或有缺陷的软件。
从您的角度来看,这会导致网页生成DNS错误,或者第一次打开需要很长时间。这就是为什么许多人选择将他们首选的DNS服务器更改为替代服务器的原因。例如,Google在 8.8.8.8 和 8.8.4.4运行DNS服务器。(DNS)OpenDNS在 208.67.222.222 和 208.67.220.220 提供服务器。除了这两个示例之外,还有很多其他示例,提供了大多数网络用户甚至不知道他们拥有的许多选择。
选择正确的DNS服务可以改变您的浏览体验。有些提供比您的ISP(ISP)更快、更可靠的查找,而另一些可能具有特殊功能,例如阻止恶意站点。
智能 DNS 服务
智能 DNS服务是公共(Smart DNS)DNS服务器的另一种替代方案。这些通常是付费订阅服务,并提供对您的DNS(DNS)请求的细粒度控制。它们通常用于规避地理限制。
尽管如此,与VPN不同的是,智能 DNS(Smart DNS)可以选择性地将您重定向到其他国家/地区的服务器,仅针对您指定的服务,而您的其余浏览内容则保持不变。在VPN上,您必须实施一种称为拆分隧道的方法才能获得类似的结果,但拆分隧道的设置比智能DNS更复杂。
反向 DNS 查找
到目前为止,我们描述的DNS过程称为“正向DNS查找”,大多数DNS请求都属于这种类型。但是,也可以执行反向查找。在这里您知道服务器的 IP 地址,但您不知道哪个URL与该地址相关联。当您只能在网络日志中看到服务器的 IP 地址并想知道它属于谁时,这会很有用。
DNS 和隐私
公共 DNS(Public DNS)服务通常容易受到窃听,DNS服务本身可能会保留您所请求的网站的日志。这意味着第三方可以准确地知道您访问过哪些网站以及您何时访问过它们。
DNS系统从来没有被设计成本质上是私有的,但是当今互联网的状态使隐私成为每个连接到网络的人的关键问题。这就产生了私有 DNS 服务(Private DNS services)。有些是付费的,但有些公司(例如Cloudflare)提供免费的私有DNS服务器。这些服务器被配置为不保存日志,使外来者更难窃听或插入DNS 通信(communications)。这将我们带到您应该了解的关于DNS的最后一件重要事情。
黑客可以使用 DNS 攻击你
DNS系统可能有阴暗面。通过称为DNS欺骗或DNS缓存中毒的做法,恶意行为者可以通过冒充服务器并将虚假DNS数据发送回解析器
来破坏您的ISP的DNS缓存。(DNS)
所以这意味着当你的计算机发出一个DNS查询请求时,它可以被一个中毒的缓存重定向到一个恶意站点。最危险的是,您无法采取任何措施来防止这种情况发生。因此,您必须依靠您的互联网安全系统,并认真对待任何有关网站认证不正确的警告。
缓存(Cache)中毒也是使用Google和Cloudflare等公司的主要(Cloudflare)DNS服务的绝佳理由,因为它们不太可能成为欺骗的受害者。然而,DNS解析过程仍然是任何人发明的快速有效地浏览网络的最佳方式。因此,您必须利用DNS带来的所有好处来应对罕见的黑客攻击。
What is DNS and How Does It Work?
The Domain Name System (DNS) is one of the most critіcal componеnts оf the World Wide Web (WWW). It helps you go from typing a web аddress into your browser to seeing the correct website on the screen.
Today this process happens so quickly it’s easy to take it for granted. However, a complex set of processes is happening behind the scenes to help you browse fine websites such as this one!
Some Internet Basics
The internet is essentially many computers tied together with network cables, radio signals, and various other methods of carrying a digital signal. What unifies all these devices and network technologies together is Internet Protocol (IP).
A communications protocol describes the rules and language devices use to talk to each other. Any two devices (whether a smart fridge, laptop, smartphone, or robot vacuum cleaner) can send and receive information between each other as long as they use the same protocol.
IP networks assign a unique number to every device known as its IP address. The IP address exists so that the packets of data sent across the network have a clear destination.
Your internet gateway device, usually a wireless router, has a public IP address that anyone on the internet can see. Since IP addresses also represent physical locations on a network, it means that an IP address also shows your approximate location! However, you don’t have to type in an IP address to access things on the web. That’s exactly where DNS swoops in to save the day.
Thank Goodness for URLs
Internet addresses such as https://www.online-tech-tips.com are known as URLs or Uniform Resource Locators. These addresses are easy for humans to remember because they’re usually chosen to be memorable. This is the string of text you type into a web browser like Chrome’s address bar to visit that site.
However, the actual computer that contains the website and other content you access has an IP address, not a URL. In fact, a single URL can point to multiple IP addresses since multiple servers worldwide can host the same websites and data.
DNS Servers Turn URLs Into IP Addresses
A DNS server is a computer on a network that takes the URL you type in and then compares it to a database of IP addresses to see which one is associated with the URL.
It’s like looking up a phone number in a phonebook. Once you find the person’s name and initials, there’s a phone number listed next to it. It’s the number that makes the phone ring and the IP address that puts your computer in touch with the web server it’s looking for.
How DNS Works Step-By-Step
Let’s look at what happens after you open your web browser, type in a URL, and press Enter.
- First, your browser checks the DNS cache, where previous requests have been stored as DNS records. So if you’re visiting the same website repeatedly, you don’t have to wait for a DNS response every time. The browser will also check your computer’s Hosts file. This is a list of manual URLs with a record of their matching IP addresses known as hostnames. The Hosts file takes priority over everything, so your browser will go to the IP address listed there, if any.
- If the information isn’t available locally, your web browser sends a request to a DNS resolver. This is the server that most people refer to as a DNS name server. But actually, the resolver is just part of the more extensive DNS system. The resolver is typically operated by your Internet Service Provider (ISP).
- Suppose the ISP’s local DNS resolvers (usually at least two) don’t have the information you need in its cache. In that case, it has to send the request further up the chain to a DNS root name server. A root name server has no information on IP addresses and URLs. Instead, it has information on Top-level Domain (TLD) name servers and redirects requests to their location. The top-level domain is the .com, .org, and other suffixes you see at the end of a web address. If your URL is a .com, the TLD server that handles .com domains is the next stop.
- The TLD nameserver will then supply the second-level domain. That’s the “google” in “google.com,” for example. The TLD server knows which name server has the IP address information for that second-level domain and its subdomains and forwards the DNS lookup request to that destination. This server is known as an Authoritative name server. The authoritative DNS server provides the actual IP address and then sends it back to the DNS resolver that your browser originally contacted.
That’s quite a journey, but the amount of time a DNS query usually takes is between a fraction of a second to a few seconds.
DNS Can Change Your Internet Experience
Not all DNS resolvers are created equal. It’s not uncommon for some ISPs to manage their DNS servers poorly. They may give them inadequate caches, slow hardware, insufficient bandwidth, or buggy software.
From your perspective, this results in a web page that generates DNS errors or simply takes a long time to open the first time. This is why many people opt to change their preferred DNS servers to alternative servers. For example, Google runs DNS servers at 8.8.8.8 and 8.8.4.4. OpenDNS offers servers at 208.67.222.222 and 208.67.220.220. There are many more apart from these two examples, offering many choices most web users don’t even know they have.
Choosing the right DNS service can transform your browsing experience. Some offer faster and more reliable lookups than your ISP, and others may have special features such as blocking malicious sites.
Smart DNS Services
Smart DNS services are another alternative to public DNS servers. These are usually paid subscription services and offer fine-grained control over your DNS requests. They are often used to circumvent geographical restrictions.
Still, unlike a VPN, a Smart DNS can selectively redirect you to servers in other countries only for services you specify and leave the rest of your browsing untouched. On a VPN, you’d have to implement a method known as split-tunneling to get a similar result, but split-tunneling is more complex to set up than a smart DNS.
Reverse DNS Lookups
The DNS process we’ve described so far is known as a “forward DNS lookup,” and most DNS requests are of this type. However, it’s also possible to perform a reverse lookup. This is where you know the IP address of a server, but you don’t know which URL is associated with that address. This can be useful when you can only see the IP address of a server in your network logs and want to know who it belongs to.
DNS and Privacy
Public DNS services are generally vulnerable to eavesdropping, and the DNS service itself may keep logs of which websites you’ve asked for. This means that third parties can know exactly which websites you’ve visited and when you’ve visited them.
The DNS system was never designed to be inherently private, but the state of the internet today makes privacy a key issue for everyone who connects to the web. This has given rise to Private DNS services. Some are paid, but some companies, such as Cloudflare, offer free private DNS servers. These servers are configured not to keep logs and make it harder for outsiders to eavesdrop or interject DNS communications. This brings us to the final important thing you should know about DNS.
Hackers Can Use DNS Against You
There can be a dark side to the DNS system. Through a practice known as DNS spoofing or DNS cache poisoning, malicious actors can corrupt your ISP’s DNS cache by impersonating the server and sending fake DNS data back to the resolver.
So what this means is that when your computer sends out a DNS lookup request, it can be redirected by a poisoned cache to a malicious site. The most dangerous thing about this is that there’s nothing that you could do to prevent this. So you’ll have to rely on your internet security systems and take any warnings that a site’s certification isn’t correct seriously.
Cache poisoning is also an excellent reason to use major DNS services from companies like Google and Cloudflare since they are less likely to fall victim to spoofing. However, the process of DNS resolution is still the best way anyone has invented to quickly and efficiently navigate the web. So you must take the rare hacking attack with all the good that DNS brings.