{"id":710,"date":"2020-04-13T13:58:03","date_gmt":"2020-04-13T11:58:03","guid":{"rendered":"http:\/\/tech.sosthe.sk\/?page_id=710"},"modified":"2020-04-13T13:58:03","modified_gmt":"2020-04-13T11:58:03","slug":"dns-domain-name-system","status":"publish","type":"page","link":"http:\/\/tech.sosthe.sk\/index.php\/sietove-technologie\/dns-domain-name-system\/","title":{"rendered":"DNS (Domain Name System)"},"content":{"rendered":"

Funkcia DNS<\/span><\/h3>\n

Domain Name System<\/span><\/strong>, zn\u00e1mej\u0161\u00ed pod svojou skratkou DNS, je internetov\u00fd \u0161tandard zahrnut\u00fd v TCP\/IP. Sl\u00fa\u017ei na preklad\u00a0<\/span>mien objektov<\/span><\/em><\/strong>\u00a0na\u00a0<\/span>IP adresy<\/span><\/em><\/strong>\u00a0\u010di in\u00e9 zdrojov\u00e9 z\u00e1znamy (resource records).\u00a0Men\u00e1 objektov sa ozna\u010duj\u00fa ako\u00a0<\/span>dom\u00e9nov\u00e9 men\u00e1<\/span><\/em><\/strong>\u00a0(domain name) a naj\u010dastej\u0161ie sa jedn\u00e1 o men\u00e1 hostite\u013eov (hostname), s\u00fa to alfanumerick\u00e9 re\u0165azce, ktor\u00e9 s\u00fa lep\u0161ie zapam\u00e4tate\u013en\u00e9 ako IP adresy.\u00a0Pr\u00edkladom dom\u00e9nov\u00e9ho mena je<\/span><\/p>\n

www.sosthe.sk<\/code> a k nemu patr\u00ed IP adresa <\/span>194.160.184.66<\/code>.<\/span><\/p>\n

DNS<\/span><\/strong>\u00a0pon\u00faka aj obr\u00e1ten\u00fa funkciu a to je preklad\u00a0<\/span>IP adries<\/span><\/em><\/strong>\u00a0na\u00a0<\/span>men\u00e1 objektov<\/span><\/em><\/strong>.\u00a0K tomu sa vyu\u017e\u00edvaj\u00fa tzv.\u00a0<\/span>PTR z\u00e1znamy<\/span><\/em><\/strong>.\u00a0Z\u00e1znamy v DNS dnes existuj\u00fa nielen pre\u00a0<\/span>hostname<\/span><\/em>, ale aj pre rad slu\u017eieb.\u00a0Najpou\u017e\u00edvanej\u0161\u00edm pr\u00edkladom je\u00a0<\/span>MX z\u00e1znam<\/span><\/em><\/strong>\u00a0pre po\u0161tov\u00fd server.\u00a0V\u010faka tomu nemus\u00edme pozna\u0165 ani meno servera ani jeho IP adresu, ale iba dom\u00e9nu, pre ktor\u00fa chceme po\u0161tov\u00fd server n\u00e1js\u0165.\u00a0To vyu\u017e\u00edvaj\u00fa in\u00e9 po\u0161tov\u00e9 servery, ke\u010f chc\u00fa doru\u010di\u0165 email (z emailovej adresy zist\u00ed dom\u00e9nu ak nej n\u00e1jdu MX z\u00e1znam, teda cie\u013e komunik\u00e1cie).<\/span><\/p>\n

V\u00fdhodou pou\u017e\u00edvania\u00a0<\/span>internetov\u00fdch mien<\/span><\/em><\/strong> je lep\u0161ia zapam\u00e4tate\u013enos\u0165 a tie\u017e to, \u017ee je mo\u017en\u00e9 zmeni\u0165 fyzick\u00e9 umiestnenie po\u010d\u00edta\u010da a jeho IP adresu a pritom pou\u017e\u00edva\u0165 st\u00e1le rovnak\u00e9 meno.\u00a0Pritom pre komunik\u00e1ciu pomocou TCP\/IP sa musia pou\u017e\u00edva\u0165 <\/span>IP adresy<\/span><\/em><\/strong>.\u00a0Funkciu internetu by sme si asi nedok\u00e1zali bez DNS predstavi\u0165.\u00a0Microsoft na DNS postavil aj funkciu svojho firemn\u00e9ho prostredia – dom\u00e9ny a vyu\u017e\u00edva ho napr\u00edklad pre lokaliz\u00e1ciu rady dom\u00e9nov\u00fdch slu\u017eieb.<\/span><\/p>\n

Protokol DNS<\/span><\/em><\/strong> vyu\u017e\u00edva pre komunik\u00e1ciu porty <\/span>TCP 53<\/code> a <\/span>UDP 53<\/code>.\u00a0Definovan\u00fd je v RFC 1035 (a r\u00f4zne funkcie v rade \u010fal\u0161\u00edch).<\/span><\/p>\n

Tvorba dom\u00e9nov\u00fdch mien<\/span><\/h3>\n

Menn\u00fd priestor<\/span><\/em><\/strong>\u00a0v internete je rozdelen\u00fd na<\/span>\u00a0dom\u00e9ny<\/span><\/em><\/strong>\u00a0(domain).\u00a0Zodpovednos\u0165 za spr\u00e1vu mien vn\u00fatri ka\u017edej dom\u00e9ny je delegovan\u00e1, typicky na syst\u00e9my vn\u00fatri tejto dom\u00e9ny.\u00a0Tomu zodpoved\u00e1 aj hierarchick\u00e1 organiz\u00e1cia serverov a sp\u00f4sob tvorenia dom\u00e9nov\u00fdch mien.\u00a0Pod\u013ea deleg\u00e1cie opr\u00e1vnenia sa e\u0161te hovor\u00ed o<\/span> z\u00f3nach<\/span><\/em><\/strong>.\u00a0V\u00e4\u010d\u0161inou je z\u00f3na rovn\u00e1 jednej dom\u00e9ne, ale m\u00f4\u017ee zah\u0155\u0148a\u0165 aj nieko\u013eko dom\u00e9n, ktor\u00e9 s\u00fa spravovan\u00e9 jednou autoritou.<\/span><\/p>\n

Podobne ako s\u00fa rozdelen\u00e9 rozsahy IP adries na\u00a0<\/span>siete<\/span><\/em>\u00a0a\u00a0<\/span>podsiete<\/span><\/em>, tak sa delia menn\u00e9 n\u00e1zvy na <\/span>dom\u00e9ny<\/span><\/em>\u00a0 a <\/span>subdom\u00e9ny<\/span><\/em>.\u00a0Ale napriek tomu tu nemus\u00ed by\u0165 pevn\u00e1 v\u00e4zba medzi rozsahmi IP adries a dom\u00e9nov\u00fdch mien. Napr\u00edklad dve r\u00f4zne men\u00e1 dom\u00e9n m\u00f4\u017eu odkazova\u0165 na rovnak\u00e9 adresy.<\/span><\/p>\n

Odbor dom\u00e9nov\u00fdch mien<\/span><\/em><\/strong>\u00a0DNS je tvoren\u00fd<\/span>\u00a0stromom<\/span><\/em><\/strong>\u00a0(hierarchick\u00e1 \u0161trukt\u00fara).\u00a0Ka\u017ed\u00fd uzol stromu obsahuje inform\u00e1cie o dom\u00e9ne (ktor\u00fa spravuje, teda r\u00f4zne z\u00e1znamy v danej dom\u00e9ne) a odkazy na subdom\u00e9ny.\u00a0Kore\u0148om stromu je<\/span> kore\u0148ov\u00e1 dom\u00e9na<\/span><\/em><\/strong>, ktor\u00e1 sa zapisuje ako<\/span>\u00a0bodka<\/span><\/em>\u00a0(.).\u00a0Pod \u0148ou nasleduj\u00fa<\/span>\u00a0dom\u00e9ny najvy\u0161\u0161ej \u00farovne<\/span><\/em><\/strong>\u00a0(TLD – Top Level Domain, napr\u00edklad com a cz).\u00a0\u010ealej<\/span>\u00a0dom\u00e9ny druhej \u00farovne<\/span><\/em><\/strong> (Second Level Domain, treb\u00e1rs microsoft.com) a pr\u00edpadne \u010fal\u0161ie subdom\u00e9ny.<\/span><\/p>\n

\"\"<\/p>\n

Ke\u010f sklad\u00e1me\u00a0<\/span>dom\u00e9nov\u00e9 meno<\/span><\/em><\/strong>, tak pou\u017e\u00edvame dom\u00e9ny od najni\u017e\u0161ej \u00farovne a zapisujeme ich z\u013eava doprava oddelen\u00e9 bodkou. Teda k obr\u00e1zku napr.\u00a0<\/span>www.samuraj-cz.com<\/code>.\u00a0Obr\u00e1zok nie je \u00faplne presn\u00fd, preto\u017ee\u00a0<\/span>www<\/code> nie je podriaden\u00e1 dom\u00e9na, ale z\u00e1znam v dom\u00e9ne\u00a0<\/span>samuraj-cz.com<\/code>.<\/span><\/p>\n

Pre\u00a0<\/span>reverzn\u00fd preklad<\/span><\/em><\/strong> IP adries na men\u00e1 objektov sa vyu\u017e\u00edvaj\u00fa pseudo dom\u00e9ny <\/span>IN-ADDR.ARPA<\/code>.\u00a0Z d\u00f4vodu radenia pod\u013ea v\u00fdznamu sa pou\u017e\u00edva reverzn\u00fd tvar IP adresy, napr. Pre IP <\/span>192.168.0.1<\/code> je DNS z\u00e1znam\u00a0<\/span>1.0.168.192. IN-ADDR.ARPA<\/code>.<\/span><\/p>\n

Z\u00f3nov\u00e9 s\u00fabory<\/span><\/h3>\n

Ako som spomenul, strom dom\u00e9nov\u00fdch mien sa del\u00ed na <\/span>z\u00f3ny<\/span><\/em><\/strong>, teda oblasti spravovan\u00e9 jedn\u00fdm spr\u00e1vcom (organiz\u00e1ciou). Z\u00f3na obsahuje jednu (naj\u010dastej\u0161ie) alebo viac dom\u00e9n.\u00a0V z\u00f3ne s\u00fa tie\u017e uveden\u00e9 autoritat\u00edvne inform\u00e1cie o spravovan\u00fdch dom\u00e9nach.\u00a0Tieto inform\u00e1cie poskytuje autoritat\u00edvne DNS server, teda server, ktor\u00fd je pova\u017eovan\u00fd za d\u00f4veryhodn\u00fd pre z\u00f3nu.<\/span><\/p>\n

Obsah z\u00f3ny, jednotliv\u00e9 zdrojov\u00e9 z\u00e1znamy, je ulo\u017een\u00fd v\u00a0\u00a0<\/span>z\u00f3novom s\u00faboru<\/span><\/em><\/strong>\u00a0(zone file).\u00a0To je v\u00e4\u010d\u0161inou textov\u00fd s\u00fabor.\u00a0Medzi niektor\u00fdmi DNS servermi m\u00f4\u017ee doch\u00e1dza\u0165 k replik\u00e1cii z\u00e1znamov (napr\u00edklad medzi prim\u00e1rnym a sekund\u00e1rnym NS), tomuto procesu sa hovor\u00ed <\/span>zone transfer<\/span><\/em><\/strong>.<\/span><\/p>\n

N\u00e1jdenie z\u00e1znamu v DNS<\/span><\/h3>\n

\u0160tandardne DNS server vykon\u00e1va rekurz\u00edvne (opakovan\u00e9) ot\u00e1zky.\u00a0Najprv potrebuje vedie\u0165, kde za\u010da\u0165 h\u013eada\u0165 men\u00e1 v prvej vrstve priestore n\u00e1zvov DNS.\u00a0Tieto inform\u00e1cie s\u00fa obsiahnut\u00e9 v tzv.\u00a0<\/span>Root hints<\/span><\/strong> , \u010do je zoznam \u00favodn\u00fdch z\u00e1znamov, ktor\u00e9 pou\u017eije DNS slu\u017eba, aby na\u0161la servery, ktor\u00e9 s\u00fa autoritat\u00edvne pre kore\u0148 stromu priestoru n\u00e1zvov DNS dom\u00e9ny (DNS domain namespace tree).\u00a0\u0160tandardne\u00a0<\/span>root hints<\/span><\/em>\u00a0obsahuj\u00fa odkazy na\u00a0<\/span>13 root serverov<\/span><\/em><\/strong> , ktor\u00e9 sa nach\u00e1dzaj\u00fa po celom svete a zabezpe\u010duj\u00fa technick\u00fa infra\u0161trukt\u00faru internetu.<\/span><\/p>\n

Vezmeme adresu, ktor\u00fa chceme prelo\u017ei\u0165 (napr. www.ssosthe.sk) a rozdel\u00edme ju na jednotliv\u00e9 dom\u00e9ny postupne sprava. Kore\u0148ov\u00e9mu serveru po\u0161leme dotaz na adresu DNS servera najvy\u0161\u0161ej \u00farovne (teda pre sk). Dostaneme adresu TLD NS a jeho sa op\u00fdtame na adresu autoritat\u00edvneho servera pre dom\u00e9nu druhej \u00farovne (sosthe.sk). A tak m\u00f4\u017eeme pokra\u010dova\u0165 \u010falej.\u00a0Na najni\u017e\u0161ej \u00farovni sa op\u00fdtame u\u017e na IP adresu z\u00e1znamu (www.sosthe.sk).<\/span><\/p>\n

Typy z\u00e1znamov v DNS<\/span><\/h3>\n

DNS podporuje mno\u017estvo r\u00f4znych typov z\u00e1znamov a pod\u013ea typu z\u00e1znamu uchov\u00e1va r\u00f4zne parametre. V\u0161eobecn\u00e9 parametre pre v\u0161etky typy z\u00e1znamov s\u00fa\u00a0<\/span>meno<\/span><\/em>,\u00a0<\/span>trieda<\/span><\/em>\u00a0(iba IN ako internet),\u00a0<\/span>TTL<\/span><\/em> (\u010das ako dlho m\u00f4\u017ee by\u0165 z\u00e1znam ulo\u017een\u00fd v ke\u0161i), <\/span>typ z\u00e1znamu<\/span><\/em>,\u00a0<\/span>d\u00e1ta z\u00e1znamu<\/span><\/em>.\u00a0Tu uv\u00e1dzam nieko\u013eko najd\u00f4le\u017eitej\u0161\u00edch typov.<\/span><\/p>\n

    \n
  • hos\u0165 – address (A)<\/span><\/strong>\u00a0– be\u017en\u00fd z\u00e1znam, obsahuje adresu po\u010d\u00edta\u010da<\/span><\/li>\n
  • alias – canonical name (CNAME)<\/span><\/strong>\u00a0– \u010fal\u0161ie meno (alias) pre existuj\u00faci z\u00e1znam v dom\u00e9ne<\/span><\/li>\n
  • mail exchanger (MX)<\/span><\/strong>\u00a0– adresa po\u0161tov\u00e9ho servera<\/span><\/li>\n
  • service location (SRV)<\/span><\/strong>\u00a0– adresa niektor\u00e9 slu\u017eby, ako ldap, kerberos, ftp, a \u010fal\u0161ie<\/span><\/li>\n
  • name server (NS)<\/span><\/strong>\u00a0– zoznam serverov, ktor\u00e9 zais\u0165uj\u00fa DNS slu\u017eby pre dom\u00e9nu, z\u00e1znam sa nach\u00e1dza v nadradenej dom\u00e9ne a v aktu\u00e1lnej dom\u00e9ne<\/span><\/li>\n
  • pointer (PTR)<\/span><\/strong> – pou\u017e\u00edvaj\u00fa sa pre reverzn\u00fd preklad<\/span><\/li>\n
  • start of authority (SOA)<\/span><\/strong>\u00a0– odkazuje na server, kde s\u00fa prim\u00e1rne \u00fadaje (prim\u00e1rny NS), a obsahuje \u00fadaje pre zone transfer<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

    Funkcia DNS Domain Name System, zn\u00e1mej\u0161\u00ed pod svojou skratkou DNS, je internetov\u00fd \u0161tandard zahrnut\u00fd v TCP\/IP. Sl\u00fa\u017ei na preklad\u00a0mien objektov\u00a0na\u00a0IP adresy\u00a0\u010di in\u00e9 zdrojov\u00e9 z\u00e1znamy (resource…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":14,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/pages\/710"}],"collection":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/comments?post=710"}],"version-history":[{"count":1,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/pages\/710\/revisions"}],"predecessor-version":[{"id":712,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/pages\/710\/revisions\/712"}],"up":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/pages\/14"}],"wp:attachment":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/media?parent=710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}