DNS服务器记录类型DNSRecords(A_CNAME_MX_NS_SRV_TXT).
2010-08-28 18:52:16 
阿炯
The most common types of DNS records are:
* SOA record described below.
* Address records (A) that map the name of a machine to its numeric IP address. In clearer terms, this record states the hostname and IP address of a certain machine. To "resolve" a hostname means to find its matching IP address.
* CNAME records allow a machine to be known by more than one hostname. There must always be an A record for the machine before aliases can be added. The host name of a machine that is stated in an A record is called the canonical, or official name of the machine. Other records should point to the canonical name
* MX (Mail eXchanger) resource record identifies the mail server that is responsible for handling e-mails for a given domain name. When more than one MX record is entered for any single domain name that is using more than one mail server, the MX record can be prioritized with a preference number that indicates the order in which the mail servers should be used. This enables the use of primary and backup mail servers, which makes mail delivery more reliable. Please, keep in mind the following rules about MX records:
o MX record must point to hosts defined by A records, not CNAMEs.
o MX record cannot point to IP addresses.
o If you create a single MX record, the priority doesn't matter If you create multiple MX records, your primary mail server must have the lowest preference.
* Name Server records (NS) state the authoritative name servers for the given domain. There must be at least two NS records in every DNS zone.
* SRV-records are used to specify the location of a service. They are recently were used in connection with different directory servers such as LDAP (Lightweight Directory Access Protocol). In addition, SRV records can be used for advanced load balancing and to specify specific ports for services - for example that a web-server is running on port 8080 instead of the usual port 80 (theoretical example - this is not yet supported by any major browsers). The "service location" is specified through a target, priority, weight, and port:
o Target is the domain name of the server (referencing an A-record).
o Priority is a preference number used when more servers are providing the same service (lower numbers are tried first).
o Weight is used for advanced load balancing.
o Port is the TCP/UDP port number on the server that provides this service.
* TXT records - strictly informational, not functional. Used to provide up to 255 characters of free form text (quoted string). Provides the ability to associate some text with a host or other name.
To add a DNS record to a zone file:
1). You can type the sub-domain name into the Name field. Since the form we are talking about is designed for adding different types of records, we can say that the Name field should contain the subject of the query, e.g., the address you want to use as your Internet e-mail address (for MX record), or the alias name (for CNAME record), etc. However, to avoid any mistakes, please remember that:
- If you leave the Name field empty, the record will affect just the original domain name, not a sub-domain. In this case, after you save the record you will see the @ symbol in the record name column.
- If you type the @ symbol into the Name field, this will mean the same as described above.
- If you type the sub-domain with the trailing dot into the Name field (e.g., subdomain.domain.com.) the record will affect the sub-domain named subdomain.domain.com.
- If you type the sub-domain without the trailing dot into the Name field, (e.g., subdomain.my), the domain name indicated in this record (i.e., the contents of the Host field for example, domain.com) will be automatically appended to the record name and, as a result the record will affect the sub-domain named subdomain.my.domain.com.
2). Into the TTL field you can type in seconds how long other name servers should cache, or save, this record (TTL is short for time-to-live). For example, the 86400 value corresponds to one day.
Note: The minimal default TTL for all the resource records containing in the zone file is indicated in the SOA record. And this default TTL can be re-defined for every record containing in the zone file. Thus, if you leave the TTL field empty, then the default minimal TTL will be applied to this record.
3). Select the type of the resource record (A, CNAME, MX, or NS) from the Type drop-down menu. Please see the short description of the record types in the beginning of this section. For more information, please refer to the DNS documentation, for example, you can look at the Web.
4). The Priority field is needed to add MX and SRV records, namely, to specify a mail server priority. Thus, this field becomes active only in case you have selected the MX record type from the Type drop-down menu. Mailers attempt to deliver to the mail exchanger with the lowest preference value (highest priority). This seems a little counterintuitive at first - the most preferred mail exchanger has the lowest preference value. But since the preference value is an unsigned quantity, this lets you specify a "best" mail exchanger at preference value 0. Generally, the mailer priority is the digit within the range from 0 to 65535. If delivery to the most preferred mail exchanger(s) fails, mailers should attempt delivery to less preferred mail exchangers (those with higher preference values), in order of increasing preference value. That is, mailers should try more preferred mail exchangers before they try less preferred mail exchangers. More than one mail exchanger may share the same preference value, too. This gives the mailer its choice of which to send to first. The mailer should try all the mail exchangers at a given preference value before proceeding to the next higher value, though.
5). In the Value field you should indicate the answer to the query. Records are always read from left to right, with the subject to be queried about on the left and the answer to the query on the right. For example, for MX record you should indicate the mail server name, for CNAME record - the canonical name of the machine indicated before in the relevant A record, etc.
6). You can add a free-form comment into the Comment field.
Examples:
* To add the A record looking like:
first.mydomain.com. IN A 192.168.40.34
which means that the first.mydomain.com domain is mapped into the 192.168.40.34 IP address you should indicate the following in the form fields:
o first.mydomain.com. in the Name field (do not forget the trailing dot)
* To add the CNAME record looking like:
mail.first.mydomain.com. IN CNAME first.mydomain.com.
Note: Remember that there must always be an A record for the machine before aliases can be added.
* To add the MX record looking like:
mydomain.com. IN MX 10 mail.first.mydomain.com.
* To add the NS record looking like:
first.mydomain.com. IN NS ns3.mydomain.com.
* To add the SRV record looking like:
_http._tcp.example.com 86400 IN SRV 0 5 5060 httpserver.example.com.
that points to a server named httpserver.example.com listening on TCP port 80 for HTTP protocol connections. The priority given here is 0, and the weight is 5, specify the following in the form fields:
o _http._tcp in the Name field.
o 86400 in the TTL field
o select SRV.
o Type 0 5 5060 httpserver.example.com. into the Value field.
* To add a TXT record looking like:
example.com IN 86400 TXT "Hostname used for examples only"
DNS SRV:一种基于DNS做服务发现的方法
SRV是DNS记录中一种,用来指定服务地址。与常见的A记录、cname不同的是,SRV中除了记录服务器的地址,还记录了服务的端口,并且可以设置每个服务地址的优先级和权重。访问服务的时候,本地的DNS resolver从DNS服务器查询到一个地址列表,根据优先级和权重,从中选取一个地址作为本次请求的目标地址。
rfc-2782给出DNS SRV的建议标准。(rfc-2782在2000年的时候提出,替换了Rfc-2052)。
应用场景
一个能够支持SRV的LDAP client可以通过查询域名,得知LDAP服务的IP地址和服务端口:
_ldap._tcp.example.com
这个域名的格式是rfc-2782中推荐的格式,_ldap表示LDAP服务,_tcp表示通过TCP协议访问LDAP服务。
SRV的DNS类型代码为33。
SRV的记录格式为:
_Service._Proto.Name TTL Class SRV Priority Weight Port Target
Service:服务名称,前缀“_”是为防止与DNS Label(普通域名)冲突。
Proto:服务使用的通信协议,_TCP、_UDP、其它标准协议或者自定义的协议。
Name:提供服务的域名。
TTL:缓存有效时间。
CLASS:类别。
Priority:该记录的优先级,数值越小表示优先级越高,范围0-65535。
Weight:该记录的权重,数值越高权重越高,范围0-65535。
Port:服务端口号,0-65535。
Target:host地址。
客户端查询到多条记录的时候,使用优先级最高的记录。
对相同优先级的记录,按照权重选择,记录的权重越高,被选择的可能性越高。
选择的时候,将所有记录的权重值累加,得到一个选择区间[0,sum],每个记录在[0,sum]中占据一段连续的、长度为自身权重值区间。然后生成一个[0,sum]中的随机数,随机数落在的区间所属的记录就是被选择的记录。
注意事项
在使用DNS SRV的时候,要注意DNS Client是否按照预期的方式处理收到的SRV记录。当前DNS SRV只能够负责提供服务地址列表,对这个列表如何解读,完全取决于Client的实现。
Rfc-1035中规定,通过UDP协议传输DNS响应时,UDP报文的负载不能超过512字节,在添加SRV记录的时候,要特别注意(通过TCP传输时没有512字节的限制)。
当一个服务地址有多个相同优先级的SRV记录的时候,Client会按照这些SRV的权重分配请求。下一次向服务发起的请求可能是发送到了另一个地址。
在通过SRV记录的权重来分配请求的时候,使用的是本地缓存的DNS记录,所以不能实时地感知到服务的地址列表变化。除非将TTL设置的非常短暂,但这样将会频繁地查询DNS服务器。
Client查询服务地址的过程
Rfc-2782中已经做了很好地介绍,这里就不表述了。
安全考虑
使用SRV后,用户是通过DNS查询动态获得服务端口,网络管理员无法通过“禁止某一个端口的报文通过”的方式来阻止内部用户访问外部的服务。
配置举例
下面是DNS中master file,可以看到有example.com域名提供了一个名为_foobar._tcp的服务,这个服务有两个SRV记录,分别指向了sysadmins-box.example.com:9和server.example.com:9
$ORIGIN example.com.
@ SOA server.example.com. root.example.com. (
1995032001 3600 3600 604800 86400 )
NS server.example.com.
NS ns1.ip-provider.net.
NS ns2.ip-provider.net.
; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.
_foobar._tcp SRV 0 1 9 old-slow-box.example.com.
SRV 0 3 9 new-fast-box.example.com.
; if neither old-slow-box or new-fast-box is up, switch to
; using the sysdmin’s box and the server
SRV 1 0 9 sysadmins-box.example.com.
SRV 1 0 9 server.example.com.
server A 172.30.79.10
old-slow-box A 172.30.79.11
sysadmins-box A 172.30.79.12
new-fast-box A 172.30.79.13
; NO other services are supported
*._tcp SRV 0 0 0 .
*._udp SRV 0 0 0 .
参考
Rfc-135
Rfc-2782
* SOA record described below.
* Address records (A) that map the name of a machine to its numeric IP address. In clearer terms, this record states the hostname and IP address of a certain machine. To "resolve" a hostname means to find its matching IP address.
* CNAME records allow a machine to be known by more than one hostname. There must always be an A record for the machine before aliases can be added. The host name of a machine that is stated in an A record is called the canonical, or official name of the machine. Other records should point to the canonical name
* MX (Mail eXchanger) resource record identifies the mail server that is responsible for handling e-mails for a given domain name. When more than one MX record is entered for any single domain name that is using more than one mail server, the MX record can be prioritized with a preference number that indicates the order in which the mail servers should be used. This enables the use of primary and backup mail servers, which makes mail delivery more reliable. Please, keep in mind the following rules about MX records:
o MX record must point to hosts defined by A records, not CNAMEs.
o MX record cannot point to IP addresses.
o If you create a single MX record, the priority doesn't matter If you create multiple MX records, your primary mail server must have the lowest preference.
* Name Server records (NS) state the authoritative name servers for the given domain. There must be at least two NS records in every DNS zone.
* SRV-records are used to specify the location of a service. They are recently were used in connection with different directory servers such as LDAP (Lightweight Directory Access Protocol). In addition, SRV records can be used for advanced load balancing and to specify specific ports for services - for example that a web-server is running on port 8080 instead of the usual port 80 (theoretical example - this is not yet supported by any major browsers). The "service location" is specified through a target, priority, weight, and port:
o Target is the domain name of the server (referencing an A-record).
o Priority is a preference number used when more servers are providing the same service (lower numbers are tried first).
o Weight is used for advanced load balancing.
o Port is the TCP/UDP port number on the server that provides this service.
* TXT records - strictly informational, not functional. Used to provide up to 255 characters of free form text (quoted string). Provides the ability to associate some text with a host or other name.
To add a DNS record to a zone file:
1). You can type the sub-domain name into the Name field. Since the form we are talking about is designed for adding different types of records, we can say that the Name field should contain the subject of the query, e.g., the address you want to use as your Internet e-mail address (for MX record), or the alias name (for CNAME record), etc. However, to avoid any mistakes, please remember that:
- If you leave the Name field empty, the record will affect just the original domain name, not a sub-domain. In this case, after you save the record you will see the @ symbol in the record name column.
- If you type the @ symbol into the Name field, this will mean the same as described above.
- If you type the sub-domain with the trailing dot into the Name field (e.g., subdomain.domain.com.) the record will affect the sub-domain named subdomain.domain.com.
- If you type the sub-domain without the trailing dot into the Name field, (e.g., subdomain.my), the domain name indicated in this record (i.e., the contents of the Host field for example, domain.com) will be automatically appended to the record name and, as a result the record will affect the sub-domain named subdomain.my.domain.com.
2). Into the TTL field you can type in seconds how long other name servers should cache, or save, this record (TTL is short for time-to-live). For example, the 86400 value corresponds to one day.
Note: The minimal default TTL for all the resource records containing in the zone file is indicated in the SOA record. And this default TTL can be re-defined for every record containing in the zone file. Thus, if you leave the TTL field empty, then the default minimal TTL will be applied to this record.
3). Select the type of the resource record (A, CNAME, MX, or NS) from the Type drop-down menu. Please see the short description of the record types in the beginning of this section. For more information, please refer to the DNS documentation, for example, you can look at the Web.
4). The Priority field is needed to add MX and SRV records, namely, to specify a mail server priority. Thus, this field becomes active only in case you have selected the MX record type from the Type drop-down menu. Mailers attempt to deliver to the mail exchanger with the lowest preference value (highest priority). This seems a little counterintuitive at first - the most preferred mail exchanger has the lowest preference value. But since the preference value is an unsigned quantity, this lets you specify a "best" mail exchanger at preference value 0. Generally, the mailer priority is the digit within the range from 0 to 65535. If delivery to the most preferred mail exchanger(s) fails, mailers should attempt delivery to less preferred mail exchangers (those with higher preference values), in order of increasing preference value. That is, mailers should try more preferred mail exchangers before they try less preferred mail exchangers. More than one mail exchanger may share the same preference value, too. This gives the mailer its choice of which to send to first. The mailer should try all the mail exchangers at a given preference value before proceeding to the next higher value, though.
5). In the Value field you should indicate the answer to the query. Records are always read from left to right, with the subject to be queried about on the left and the answer to the query on the right. For example, for MX record you should indicate the mail server name, for CNAME record - the canonical name of the machine indicated before in the relevant A record, etc.
6). You can add a free-form comment into the Comment field.
Examples:
* To add the A record looking like:
first.mydomain.com. IN A 192.168.40.34
which means that the first.mydomain.com domain is mapped into the 192.168.40.34 IP address you should indicate the following in the form fields:
o first.mydomain.com. in the Name field (do not forget the trailing dot)
* To add the CNAME record looking like:
mail.first.mydomain.com. IN CNAME first.mydomain.com.
Note: Remember that there must always be an A record for the machine before aliases can be added.
* To add the MX record looking like:
mydomain.com. IN MX 10 mail.first.mydomain.com.
* To add the NS record looking like:
first.mydomain.com. IN NS ns3.mydomain.com.
* To add the SRV record looking like:
_http._tcp.example.com 86400 IN SRV 0 5 5060 httpserver.example.com.
that points to a server named httpserver.example.com listening on TCP port 80 for HTTP protocol connections. The priority given here is 0, and the weight is 5, specify the following in the form fields:
o _http._tcp in the Name field.
o 86400 in the TTL field
o select SRV.
o Type 0 5 5060 httpserver.example.com. into the Value field.
* To add a TXT record looking like:
example.com IN 86400 TXT "Hostname used for examples only"
DNS SRV:一种基于DNS做服务发现的方法
SRV是DNS记录中一种,用来指定服务地址。与常见的A记录、cname不同的是,SRV中除了记录服务器的地址,还记录了服务的端口,并且可以设置每个服务地址的优先级和权重。访问服务的时候,本地的DNS resolver从DNS服务器查询到一个地址列表,根据优先级和权重,从中选取一个地址作为本次请求的目标地址。
rfc-2782给出DNS SRV的建议标准。(rfc-2782在2000年的时候提出,替换了Rfc-2052)。
应用场景
一个能够支持SRV的LDAP client可以通过查询域名,得知LDAP服务的IP地址和服务端口:
_ldap._tcp.example.com
这个域名的格式是rfc-2782中推荐的格式,_ldap表示LDAP服务,_tcp表示通过TCP协议访问LDAP服务。
SRV的DNS类型代码为33。
SRV的记录格式为:
_Service._Proto.Name TTL Class SRV Priority Weight Port Target
Service:服务名称,前缀“_”是为防止与DNS Label(普通域名)冲突。
Proto:服务使用的通信协议,_TCP、_UDP、其它标准协议或者自定义的协议。
Name:提供服务的域名。
TTL:缓存有效时间。
CLASS:类别。
Priority:该记录的优先级,数值越小表示优先级越高,范围0-65535。
Weight:该记录的权重,数值越高权重越高,范围0-65535。
Port:服务端口号,0-65535。
Target:host地址。
客户端查询到多条记录的时候,使用优先级最高的记录。
对相同优先级的记录,按照权重选择,记录的权重越高,被选择的可能性越高。
选择的时候,将所有记录的权重值累加,得到一个选择区间[0,sum],每个记录在[0,sum]中占据一段连续的、长度为自身权重值区间。然后生成一个[0,sum]中的随机数,随机数落在的区间所属的记录就是被选择的记录。
注意事项
在使用DNS SRV的时候,要注意DNS Client是否按照预期的方式处理收到的SRV记录。当前DNS SRV只能够负责提供服务地址列表,对这个列表如何解读,完全取决于Client的实现。
Rfc-1035中规定,通过UDP协议传输DNS响应时,UDP报文的负载不能超过512字节,在添加SRV记录的时候,要特别注意(通过TCP传输时没有512字节的限制)。
当一个服务地址有多个相同优先级的SRV记录的时候,Client会按照这些SRV的权重分配请求。下一次向服务发起的请求可能是发送到了另一个地址。
在通过SRV记录的权重来分配请求的时候,使用的是本地缓存的DNS记录,所以不能实时地感知到服务的地址列表变化。除非将TTL设置的非常短暂,但这样将会频繁地查询DNS服务器。
Client查询服务地址的过程
Rfc-2782中已经做了很好地介绍,这里就不表述了。
安全考虑
使用SRV后,用户是通过DNS查询动态获得服务端口,网络管理员无法通过“禁止某一个端口的报文通过”的方式来阻止内部用户访问外部的服务。
配置举例
下面是DNS中master file,可以看到有example.com域名提供了一个名为_foobar._tcp的服务,这个服务有两个SRV记录,分别指向了sysadmins-box.example.com:9和server.example.com:9
$ORIGIN example.com.
@ SOA server.example.com. root.example.com. (
1995032001 3600 3600 604800 86400 )
NS server.example.com.
NS ns1.ip-provider.net.
NS ns2.ip-provider.net.
; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.
_foobar._tcp SRV 0 1 9 old-slow-box.example.com.
SRV 0 3 9 new-fast-box.example.com.
; if neither old-slow-box or new-fast-box is up, switch to
; using the sysdmin’s box and the server
SRV 1 0 9 sysadmins-box.example.com.
SRV 1 0 9 server.example.com.
server A 172.30.79.10
old-slow-box A 172.30.79.11
sysadmins-box A 172.30.79.12
new-fast-box A 172.30.79.13
; NO other services are supported
*._tcp SRV 0 0 0 .
*._udp SRV 0 0 0 .
参考
Rfc-135
Rfc-2782