{"id":293,"date":"2020-04-05T23:33:09","date_gmt":"2020-04-05T21:33:09","guid":{"rendered":"http:\/\/tech.sosthe.sk\/?p=293"},"modified":"2020-04-05T23:33:09","modified_gmt":"2020-04-05T21:33:09","slug":"2-7-dns","status":"publish","type":"post","link":"http:\/\/tech.sosthe.sk\/index.php\/2020\/04\/05\/2-7-dns\/","title":{"rendered":"2.7. DNS"},"content":{"rendered":"<p><strong>DNS: domain name system<\/strong>, komplexn\u00fd syst\u00e9m spom\u00ednan\u00fd v\u00a0<a href=\"http:\/\/www.zoneedit.com\/doc\/rfc\/\">mnoh\u00fdch RFC<\/a>, z\u00e1kladn\u00fd protokol na z\u00edskanie DNS z\u00e1znamov je pop\u00edsan\u00fd v\u00a0<a href=\"http:\/\/www.ietf.org\/rfc\/rfc1035.txt\">RFC 1035<\/a>.<\/p>\n<p>DNS je syst\u00e9m, spravuj\u00faci distribuovan\u00fa datab\u00e1zu DNS z\u00e1znamov (anglicky RR: resource record). Datab\u00e1za DNS z\u00e1znamov je organizovan\u00e1 v hierarchickej \u0161trukt\u00fare dom\u00e9nov\u00fdch serverov (DNS serverov, name serverov).<\/p>\n<p>Hlavnou \u00falohou DNS je preklad dom\u00e9nov\u00fdch mien na IP adresy a sp\u00e4\u0165. IP adresy pou\u017e\u00edva sie\u0165ov\u00e1 vrstva Internetu na adres\u00e1ciu datagramov a identifik\u00e1ciu zariaden\u00ed v sieti. Ke\u010f\u017ee IP adresy s\u00fa 32-bitov\u00e9 \u010d\u00edsla (alebo, v pr\u00edpade IPv6, 128-bitov\u00e9 \u010d\u00edsla), s\u00fa pre \u013eud\u00ed \u0165a\u017eko zapam\u00e4tate\u013en\u00e9. \u013dudia teda pou\u017e\u00edvaj\u00fa na adres\u00e1ciu zariaden\u00ed v sieti dom\u00e9nov\u00e9 men\u00e1. Samotn\u00e1 komunik\u00e1cia na internete s dan\u00fdm zariaden\u00edm je mo\u017en\u00e1 a\u017e po preklade na IP adresu.<\/p>\n<p>DNS pon\u00faka aj \u0161ir\u0161ie mo\u017enosti ako len preklad z dom\u00e9nov\u00fdch mien na IP adresy:<\/p>\n<ul>\n<li><strong>nevynucuje reverzn\u00e9 dom\u00e9nov\u00e9 men\u00e1<\/strong>\n<ul>\n<li>Nie ka\u017ed\u00e1 IP adresa mus\u00ed ma\u0165 pridelen\u00e9 dom\u00e9nov\u00e9 meno. Niekedy sa st\u00e1va, \u017ee sa preklad z dom\u00e9nov\u00e9ho mena na IP adresu podar\u00ed, ale opa\u010dn\u00fd preklad u\u017e nie. Ak chceme zabezpe\u010di\u0165 aj opa\u010dn\u00fd smer prekladu, tak pre dan\u00fa IP adresu mus\u00edme prideli\u0165 reverzn\u00e9 dom\u00e9nov\u00e9 meno.<\/li>\n<\/ul>\n<\/li>\n<li><strong>host aliasing<\/strong>\n<ul>\n<li>Viac dom\u00e9nov\u00fdch mien m\u00f4\u017ee ma\u0165 pridelen\u00fa rovnak\u00fa IP adresu. Toto je \u010dasto vyu\u017e\u00edvan\u00e9 vo webhostingu, kde na jednom po\u010d\u00edta\u010di (aj v jednom webovom serveri) s\u00fa k dispoz\u00edcii webov\u00e9 str\u00e1nky r\u00f4znych z\u00e1kazn\u00edkov s r\u00f4znymi dom\u00e9nov\u00fdmi menami.<\/li>\n<\/ul>\n<\/li>\n<li><strong>mail server aliasing<\/strong>\n<ul>\n<li>Mailov\u00fd server pre dan\u00fa dom\u00e9nu m\u00f4\u017ee s\u00eddli\u0165, a \u010dasto aj s\u00eddli, na inom po\u010d\u00edta\u010di ako webov\u00fd server, aj ke\u010f s rovnak\u00fdm dom\u00e9nov\u00fdm menom v mailovej adrese (za zavin\u00e1\u010dom) a pre web. Tie\u017e je mo\u017en\u00e9 \u0161pecifikova\u0165 aj n\u00e1hradn\u00e9 mailov\u00e9 servery pre jednu dom\u00e9nu.<\/li>\n<\/ul>\n<\/li>\n<li><strong>distrib\u00facia z\u00e1\u0165a\u017ee<\/strong>\n<ul>\n<li>T\u00e1to met\u00f3da umo\u017e\u0148uje viacer\u00fdm IP adres\u00e1m prideli\u0165 rovnak\u00e9 dom\u00e9nov\u00e9 meno. Vyu\u017eitie je pri ve\u013emi za\u0165a\u017een\u00fdch serveroch, kedy je potrebn\u00e9 vytvori\u0165 viac replikovan\u00fdch serverov poskytuj\u00facich rovnak\u00fa slu\u017ebu. DNS klient potom dostane zoznam IP adries t\u00fdchto serverov v n\u00e1hodnom porad\u00ed (pre ka\u017ed\u00e9ho klienta n\u00e1hodnom). Klient si obvykle vyberie prv\u00fa IP adresu a dan\u00fd server kontaktuje. Ke\u010f\u017ee sa na prvom mieste zoznamov pre klientov vyskytuj\u00fa jednotliv\u00e9 IP adresy podobne \u010dasto, klienti oslovuj\u00fa v\u0161etky servery s rovnakou pravdepodobnos\u0165ou, \u010d\u00edm sa rozklad\u00e1 z\u00e1\u0165a\u017e viac-menej rovnomerne.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Infra\u0161trukt\u00fara DNS je tvoren\u00e1 celosvetovou hierarchiou serverov. Na vrchole hierarchie sa nach\u00e1dza presne 13\u00a0<strong>kore\u0148ov\u00fdch DNS serverov<\/strong>, z ktor\u00fdch ka\u017ed\u00fd m\u00e1 svoju IP adresu (niektor\u00e9 z nich u\u017e aj IP adresu verzie 6). Nejde v\u0161ak iba o 13 po\u010d\u00edta\u010dov. Mnoh\u00e9 z t\u00fdchto serverov maj\u00fa svoje k\u00f3pie s rovnakou IP adresou po celom svete. Umo\u017e\u0148uje to smerovacia sch\u00e9ma anycast smerovacieho protokolu BGP, ktor\u00e1 paket s danou cie\u013eovou IP adresou nasmeruje iba k \u201enajbli\u017e\u0161iemu\u201c po\u010d\u00edta\u010du s touto IP adresou. Preh\u013ead v\u0161etk\u00fdch lokal\u00edt kore\u0148ov\u00fdch serverov si m\u00f4\u017eete pozrie\u0165 na adrese\u00a0<a href=\"http:\/\/www.root-servers.org\/\">http:\/\/www.root-servers.org\/<\/a><\/p>\n<p>V hierarchii pod kore\u0148ov\u00fdmi DNS servermi sa nach\u00e1dzaj\u00fa\u00a0<strong>TLD (Top Level Domain) DNS servery<\/strong>. Ide o servery zodpovedn\u00e9 za posledn\u00fa \u010das\u0165 n\u00e1zvu dom\u00e9ny napr.\u00a0<em>com<\/em>,\u00a0<em>net<\/em>,\u00a0<em>org<\/em>,\u00a0<em>edu<\/em>,\u00a0<em>sk<\/em>,\u00a0<em>cz<\/em>,\u00a0<em>eu<\/em>, a tak \u010falej. Ka\u017ed\u00fd z t\u00fdchto \u201eserverov najvy\u0161\u0161ej \u00farovne\u201c je zodpovedn\u00fd za jednu z koncoviek. Z\u00e1znamy o tom, ktor\u00fd z TLD serverov je zodpovedn\u00fd za ktor\u00fa koncovku, spravuj\u00fa pr\u00e1ve kore\u0148ov\u00e9 servery. Samozrejme, \u017ee pre ka\u017ed\u00fa koncovku je prev\u00e1dzkovan\u00fdch viac TLD DNS serverov, aby pri v\u00fdpadku niektor\u00e9ho z nich boli k dispoz\u00edcii \u010fal\u0161ie, ktor\u00e9 vedia poskytn\u00fa\u0165 rovnak\u00e9 inform\u00e1cie. TLD DNS servery spravuj\u00fa z\u00e1znamy o\u00a0<strong>DNS serveroch prvej \u00farovne<\/strong>\u00a0napr.\u00a0<em>upjs.sk<\/em>,\u00a0<em>sme.sk<\/em>, at\u010f., ktor\u00e9 m\u00f4\u017eu ma\u0165 pod sebou \u010fal\u0161iu hierarchiu serverov druhej a \u010fal\u0161\u00edch \u00farovn\u00ed. Okrem toho servery prvej a \u010fal\u0161\u00edch \u00farovn\u00ed u\u017e spravuj\u00fa aj z\u00e1znamy o IP adres\u00e1ch konkr\u00e9tnych cie\u013eov\u00fdch po\u010d\u00edta\u010dov. DNS servery, ktor\u00e9 spravuj\u00fa dan\u00fa dom\u00e9nu pre cie\u013eov\u00e9 po\u010d\u00edta\u010de, sa naz\u00fdvaj\u00fa aj autoritat\u00edvne DNS servery.<\/p>\n<p>Okrem DNS serverov zapojen\u00fdch v hierarchii sa be\u017ene prev\u00e1dzkuj\u00fa aj\u00a0<strong>lok\u00e1lne DNS servery<\/strong>, ktor\u00e9 nie s\u00fa spr\u00e1vcom \u017eiadnej dom\u00e9ny, ale sl\u00fa\u017eia ako predvolen\u00e9 DNS servery koncov\u00fdch stan\u00edc z rovnakej siete, aby za nich komunikovali s DNS servermi v hierarchii pri zis\u0165ovan\u00ed prekladu dom\u00e9na\/IP adresa. Tieto DNS servery si ukladaj\u00fa v\u0161etky zisten\u00e9 DNS z\u00e1znamy do svojho lok\u00e1lneho cache \u00falo\u017eiska. \u010casto po\u017eadovan\u00e9 DNS z\u00e1znamy sa tak nemusia v\u017edy zis\u0165ova\u0165 z internetu, ale ak s\u00fa v cache, aj priamo od lok\u00e1lneho DNS servera, \u010do od\u013eah\u010duje hlavne DNS servery vy\u0161\u0161\u00edch \u00farovn\u00ed. Tak\u00e9to odpovede z cache DNS servera sa naz\u00fdvaj\u00fa neautoritat\u00edvne. Z\u00e1znamy v cache maj\u00fa svoju \u017eivotnos\u0165 a po \u010dase musia by\u0165 obnovovan\u00e9. Obvykle je t\u00e1to \u017eivotnos\u0165 jeden de\u0148.<\/p>\n<p>Sp\u00f4sob z\u00edskania po\u017eadovan\u00e9ho DNS z\u00e1znamu m\u00f4\u017ee by\u0165 rekurz\u00edvny a nerekurz\u00edvny. Pri\u00a0<strong>rekurz\u00edvnom<\/strong>\u00a0sp\u00f4sobe popros\u00edme osloven\u00fd DNS server, nech n\u00e1m priamo on zist\u00ed h\u013eadan\u00fd DNS z\u00e1znam. Tento DNS server pre n\u00e1s zist\u00ed v hierarchii po\u017eadovan\u00fd z\u00e1znam a vr\u00e1ti n\u00e1m ho. Rekurz\u00edvny sp\u00f4sob teda nech\u00e1 h\u013eadanie z\u00e1znamu z hierarchie serverov na in\u00fd (typicky lok\u00e1lny) DNS server. Pri\u00a0<strong>nerekurz\u00edvnom<\/strong>\u00a0sp\u00f4sobe, ktor\u00fd je typick\u00fd na komunik\u00e1ciu lok\u00e1lneho DNS servera s in\u00fdmi DNS servermi v hierarchii, sa postupne p\u00fdtame kore\u0148ov\u00e9ho servera na IP adresu TLD servera, n\u00e1sledne oslovujeme TLD DNS server na z\u00edskanie z\u00e1znamu o serveri prvej \u00farovne a tak \u010falej, pokia\u013e nez\u00edskame od posledn\u00e9ho z osloven\u00fdch serverov h\u013eadan\u00fd DNS z\u00e1znam. Ak tento server u\u017e pozn\u00e1 niektor\u00fd zo serverov v tomto zozname kontaktovan\u00fdch serverov, nemus\u00ed svoje h\u013eadanie realizova\u0165 cez kore\u0148ov\u00fd server. Postup nerekurz\u00edvneho h\u013eadania z\u00e1znamu uve\u010fme na pr\u00edklade h\u013eadan\u00e9ho prekladu dom\u00e9nov\u00e9ho mena web.ics.upjs.sk:<\/p>\n<ol>\n<li>Ak m\u00e1m aktu\u00e1lny z\u00e1znam prekladu web.ics.upjs.sk v svojej cache, vr\u00e1tim ho ako odpove\u010f.<\/li>\n<li>Ak m\u00e1m aktu\u00e1lny z\u00e1znam o autoritat\u00edvnom dom\u00e9novom serveri pre dom\u00e9nu web.ics.upjs.sk (ak tak\u00fd DNS server v\u00f4bec existuje), op\u00fdtam sa ho na preklad dom\u00e9nov\u00e9ho mena web.ics.upjs.sk a vr\u00e1tim ho ako odpove\u010f.<\/li>\n<li>Ak m\u00e1m aktu\u00e1lny z\u00e1znam o autoritat\u00edvnom dom\u00e9novom serveri pre dom\u00e9nu ics.upjs.sk (ak tak\u00fd DNS server v\u00f4bec existuje), op\u00fdtam sa ho na preklad dom\u00e9nov\u00e9ho mena web.ics.upjs.sk. Ak ho m\u00e1, vr\u00e1tim ho ako odpove\u010f, ak nie, pop\u00fdtam sa na adresu autoritat\u00edvneho dom\u00e9nov\u00e9ho servera pre dom\u00e9nu web.ics.upjs.sk a pokra\u010dujem bodom 2.<\/li>\n<li>Ak m\u00e1m aktu\u00e1lny z\u00e1znam o autoritat\u00edvnom dom\u00e9novom serveri pre dom\u00e9nu upjs.sk (ak tak\u00fd DNS server v\u00f4bec existuje), op\u00fdtam sa ho na preklad dom\u00e9nov\u00e9ho mena web.ics.upjs.sk. Ak ho m\u00e1, vr\u00e1tim ho ako odpove\u010f, ak nie, pop\u00fdtam sa na adresu autoritat\u00edvneho dom\u00e9nov\u00e9ho servera pre dom\u00e9nu ics.upjs.sk a pokra\u010dujem bodom 3.<\/li>\n<li>Ak m\u00e1m aktu\u00e1lny z\u00e1znam o TLD dom\u00e9novom serveri pre koncovku sk (ak tak\u00fd DNS server v\u00f4bec existuje), pop\u00fdtam sa na adresu autoritat\u00edvneho dom\u00e9nov\u00e9ho servera pre dom\u00e9nu upjs.sk a pokra\u010dujem bodom 4.<\/li>\n<li>Pop\u00fdtam sa niektor\u00e9ho kore\u0148ov\u00e9ho servera na adresu TLD dom\u00e9nov\u00e9ho servera pre koncovku sk a pokra\u010dujem bodom 5.<\/li>\n<\/ol>\n<p>DNS z\u00e1znamy obsahuj\u00fa meno, hodnotu, typ a \u010das \u017eivota. Po uplynut\u00ed \u010dasu \u017eivota kon\u010d\u00ed platnos\u0165 tohto z\u00e1znamu v cache DNS servera a nem\u00f4\u017ee sa u\u017e pou\u017ei\u0165 na neautoritat\u00edvne odpovede, ale mus\u00ed by\u0165 op\u00e4tovne vy\u017eiadan\u00fd z hierarchie. Z\u00e1kladn\u00e9 typy DNS z\u00e1znamov s\u00fa nasledovn\u00e9:<\/p>\n<ul>\n<li>Typ A \u2013 Hodnota je IP adresa stanice, meno je dom\u00e9nov\u00e9 meno stanice. T\u00e1to stanica m\u00f4\u017ee by\u0165 DNS server, ale aj nemus\u00ed. Z\u00e1znamy typu A s\u00fa potrebn\u00e9 na z\u00e1kladn\u00fa funkcionalitu DNS serverov t.j. preklad dom\u00e9nov\u00fdch mien na IP adresy a sp\u00e4\u0165.<\/li>\n<li>Typ AAAA \u2013 To ist\u00e9 ako typ A, len pre IPv6.<\/li>\n<li>Typ NS \u2013 Menom je dom\u00e9na a hodnotou je meno (autoritat\u00edvneho alebo TLD) DNS servera spravuj\u00faceho t\u00fato dom\u00e9nu. Tieto z\u00e1znamy sa pou\u017e\u00edvaj\u00fa na n\u00e1jdenie DNS servera v hierarchii serverov.<\/li>\n<li>Typ CNAME \u2013 Menom je alias pre \u201eskuto\u010dn\u00e9\u201c dom\u00e9nov\u00e9 meno, ktor\u00e9mu je prim\u00e1rne ur\u010den\u00e1 dan\u00e1 IP adresa. Hodnotou je to skuto\u010dn\u00e9 dom\u00e9nov\u00e9 meno.<\/li>\n<li>Typ MX \u2013 Tento typ sa pou\u017e\u00edva na identifik\u00e1ciu mailov\u00fdch serverov na z\u00e1klade mailovej adresy. Meno v z\u00e1zname obsahuje dom\u00e9nov\u00e9 meno, ktor\u00e9 sa v mailovej adrese vyskytuje za zavin\u00e1\u010dom. Hodnota v z\u00e1zname je skuto\u010dn\u00e9 meno servera, na ktorom be\u017e\u00ed mailov\u00fd server.<\/li>\n<\/ul>\n<p>DNS server po\u010d\u00fava na porte 53 a je mo\u017en\u00e9 s n\u00edm komunikova\u0165 s pou\u017eit\u00edm protokolu TCP aj UDP. \u017diadosti o preklad sa obvykle realizuj\u00fa cez UDP. TCP komunik\u00e1cia sa pou\u017e\u00edva na stiahnutie celej mno\u017einy z\u00e1znamov, typicky za \u00fa\u010delom synchroniz\u00e1cie viacer\u00fdch autoritat\u00edvnych DNS serverov pre t\u00fa ist\u00fa dom\u00e9nu. DNS protokol pou\u017e\u00edva bin\u00e1rne po\u017eiadavky a odpovede. Je pop\u00edsan\u00fd v\u00a0<a href=\"http:\/\/www.ietf.org\/rfc\/rfc1035.txt\">RFC 1035<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>DNS: domain name system, komplexn\u00fd syst\u00e9m spom\u00ednan\u00fd v\u00a0mnoh\u00fdch RFC, z\u00e1kladn\u00fd protokol na z\u00edskanie DNS z\u00e1znamov je pop\u00edsan\u00fd v\u00a0RFC 1035. DNS je syst\u00e9m, spravuj\u00faci distribuovan\u00fa datab\u00e1zu&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"_links":{"self":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/293"}],"collection":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/comments?post=293"}],"version-history":[{"count":1,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/293\/revisions"}],"predecessor-version":[{"id":294,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/293\/revisions\/294"}],"wp:attachment":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/media?parent=293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/categories?post=293"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/tags?post=293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}