Skip to main content

dns, dns over http(doh), dns over tls(dot)

· 2 min read
Spark light

参考文章

DNS TERM

  • RRSet (Resource Record Set) Resource Record group
  • DNSSEC(Domain Name System Security Extensions)(域名查询结果签名机制,防止伪造 串改) ref RR record(DNSKEY,DS,RRSIG,NSEC)
  • DNSSEC: ref:https://medium.com/iocscan/how-dnssec-works-9c652257be0
  • TLD,TLDN(top level domain), like:(.com,.cn)
  • SLD,2LD(second level domain), like:(googl.com,china.cn)

Master files?

$ORIGIN Directive, #define set current domain to a domain, 后续的各种RR记录都是相对于此domain的 $ORIGIN uk.example.com. @ | domain.com. #(apex record)(naked domains)(the current domain)(the current $origin)

  • IN A 222.222.222.222 #(any undefined domain,泛域名与泛解析)

RR (Resouce Record) TYPE ref

A (ipv4)
AAAA (ipv6)
CNAME (alias)
TXT(任意文本备注)
NS(authoritative name server list)  nslookup -type=ns test.com
SOA(Start Of authority), the very(first) importent one in NS list(name server).
HINFO(host information)
SRV(record for microsoft active directory)
PTR (ip -> domain query)    nslookup -q=ptr 8.8.8.8
MX(mail exchange)
DNSKEY()contains the public signing key
DS(Delegation Signer),contains the hash of DNSKEY
RRSIG(resource record signature)contains the cryptographic signature for an associated record set
NSEC()contains a denial-of-existence record

RR (Resouce Record) Class

  • IN,1 the Internet
  • CS 2 the CSNET class (Obsolete)
  • CH 3 the CHAOS class
  • HS 4 Hesiod [Dyer 87]

nslookup

8.8.8.8
8.8.4.4
223.5.5.5
223.6.6.6
119.29.29.29

DOH(DNS over http)

x# https://dns.google/dns-query
https://doh.pub/dns-query
https://dns.alidns.com/dns-query
x# https://cloudflare-dns.com/dns-query
x# https://doh.dns.sb/dns-query
https://doh.sb/dns-query
https://45.11.45.11/dns-query
https://185.222.222.222/dns-query
x# https://dns.twnic.tw/dns-query

DOT(dns over tls)

tls://8.8.4.4:853
tls://162.14.21.56  #tls_auth_name dot.pub
tls://162.14.21.178 #tls_auth_name dot.pub
tls://223.5.5.5     #tls_auth_name dns.alidns.com
tls://223.6.6.6     #tls_auth_name dns.alidns.com