Route53:SOA记录、NS记录存放在哪里?
Route53: Where are SOA records, NS records stored?
根据 AWS 文档,Route 53 应该是权威名称服务器。如果 example.com 是我购买的域名,并且我有 www.example.com 指向 IP 192.0.2.4,那么,Top Level D omain Name Server(“.com”的 NS)存储 A权威 N 之间的映射域名 S 服务器 (ANS) example.com 和域名 example.com 如下所示:
example.com。 172800 NS ns1.awsdns.com
所以,这是 NS 记录,这个 NS 记录 位于“.com”的 TLD 名称服务器中。我的理解对吗?如果是,那么为什么我也会在 Route 53 控制台中看到相同的记录? Route 53 应该是权威名称服务器。为什么权威名称服务器需要保留有关由其自身服务的 example.com 域的指针?域 example.com 的 ANS 是 ns1.awsdns.com 的事实不是需要让 . com TLD NS 而不是 Route53 本身?
此外,SOA 记录位于何处?它会驻留在 ANS 本身吗?下面是一条 SOA 记录:
ns1.awsdns.com admin.awsdns.com 2013022001 86400 7200 604800 300
这有:
域的主名称服务器:ns1.awsdns.com
域名责任方:admin.awsdns.com
每当您更新域时更改的时间戳:2013022001
区域刷新前的秒数:86400
重试刷新失败前的秒数:7200
区域被认为不再具有权威性之前的上限秒数:604800
否定结果TTL:300
如果这个 SOA 记录位于 ANS 本身,也就是 ns1.awsdns.com 机器本身,那么这个 SOA 记录告诉 ANS 有什么意义ns1.awsdns.com ns1.awsdns.com 是主名称服务器?
有人可以解决这里的困惑吗?我一头雾水。
Why does an Authoritative Name Server need to keep pointers about the example.com domain being served by itself?
您的问题既不特定于亚马逊,也不特定于特定的 TLD,也不特定于 DNS 树中的 TLD 位置,以下内容适用于 DNS 中的任何地方。
给定的名称服务器(实际上是一组名称服务器)在区域中具有权威性。因此它具有完整的区域内容,其中包括区域的 SOA 和 NS 记录。它是权威的。
但是,要解析区域,其 parent 需要知道名称服务器集,因此该集在 parent 上发布。
所以你在两个地方有一个信息,但是 child 在这方面是权威的。
可能会发生两者都失去同步的情况,这称为跛脚委派。
但解析器应该相信内容的 child 版本,而不是 parent 版本。
在 RFC1034 中你有这个:
Though logically part of the authoritative data, the RRs that describe
the top node of the zone are especially important to the zone's
management. These RRs are of two types: name server RRs that list,
one per RR, all of the servers for the zone, and a single SOA RR that
describes zone management parameters.
以及关于分裂和哪一方是权威的:
The RRs that describe cuts around the bottom of the zone are NS RRs
that name the servers for the subzones. Since the cuts are between
nodes, these RRs are NOT part of the authoritative data of the zone,
and should be exactly the same as the corresponding RRs in the top
node of the subzone. Since name servers are always associated with
zone boundaries, NS RRs are only found at nodes which are the top node
of some zone. In the data that makes up a zone, NS RRs are found at
the top node of the zone (and are authoritative) and at cuts around
the bottom of the zone (where they are not authoritative), but never
in between.
DNS 术语文档 (RFC 8499) 也试图减少混淆:
Authoritative data: "All of the RRs attached to all of the nodes
from the top node of the zone down to leaf nodes or nodes above
cuts around the bottom edge of the zone." (Quoted from [RFC1034],
Section 4.2.1) Note that this definition might inadvertently also
cause any NS records that appear in the zone to be included, even
those that might not truly be authoritative because there are
identical NS RRs below the zone cut. This reveals the ambiguity
in the notion of authoritative data, because the parent-side NS
records authoritatively indicate the delegation, even though they
are not themselves authoritative data.
至于
what is the point of this SOA record telling the ANS ns1.awsdns.com that ns1.awsdns.com is the primary name server?
这是另一个问题。
在 SOA 记录中列出并被认为是主要的名称服务器实际上与操作没有什么关系,除了在动态更新的情况下。当有 DNS 动态更新时,如果客户端想要更新此 SOA 记录所描述的区域中的某些内容,则需要将其数据包发送到此主机。
但除此之外,这里的名称有点相关。甚至可能无法访问。
例如比较 SOA fr. 和 NS fr.:您将看到 SOA 记录中列出的主要名称服务器甚至不属于该区域的权威名称服务器集。
DNS 术语文档是这样说的:
Primary master: "The primary master is named in the zone's SOA
MNAME field and optionally by an NS RR." (Quoted from [RFC1996],
Section 2.1) [RFC2136] defines "primary master" as "Master server at
the root of the AXFR/IXFR dependency graph. The primary master is
named in the zone's SOA MNAME field and optionally by an NS RR.
There is by definition only one primary master server per zone."
The idea of a primary master is only used in [RFC1996] and
[RFC2136]. A modern interpretation of the term "primary master"
is a server that is both authoritative for a zone and that gets
its updates to the zone from configuration (such as a master file)
or from UPDATE transactions.
这并不完全反映现实,因为如果您尝试联系 fr. SOA 记录中列出的名称服务器,您将不会得到任何回复,因为该名称无论如何都不会公开解析(这是通常称为 "hidden master" 设置)。
根据 AWS 文档,Route 53 应该是权威名称服务器。如果 example.com 是我购买的域名,并且我有 www.example.com 指向 IP 192.0.2.4,那么,Top Level D omain Name Server(“.com”的 NS)存储 A权威 N 之间的映射域名 S 服务器 (ANS) example.com 和域名 example.com 如下所示:
example.com。 172800 NS ns1.awsdns.com
所以,这是 NS 记录,这个 NS 记录 位于“.com”的 TLD 名称服务器中。我的理解对吗?如果是,那么为什么我也会在 Route 53 控制台中看到相同的记录? Route 53 应该是权威名称服务器。为什么权威名称服务器需要保留有关由其自身服务的 example.com 域的指针?域 example.com 的 ANS 是 ns1.awsdns.com 的事实不是需要让 . com TLD NS 而不是 Route53 本身?
此外,SOA 记录位于何处?它会驻留在 ANS 本身吗?下面是一条 SOA 记录:
ns1.awsdns.com admin.awsdns.com 2013022001 86400 7200 604800 300
这有:
域的主名称服务器:ns1.awsdns.com
域名责任方:admin.awsdns.com
每当您更新域时更改的时间戳:2013022001
区域刷新前的秒数:86400
重试刷新失败前的秒数:7200
区域被认为不再具有权威性之前的上限秒数:604800
否定结果TTL:300
如果这个 SOA 记录位于 ANS 本身,也就是 ns1.awsdns.com 机器本身,那么这个 SOA 记录告诉 ANS 有什么意义ns1.awsdns.com ns1.awsdns.com 是主名称服务器?
有人可以解决这里的困惑吗?我一头雾水。
Why does an Authoritative Name Server need to keep pointers about the example.com domain being served by itself?
您的问题既不特定于亚马逊,也不特定于特定的 TLD,也不特定于 DNS 树中的 TLD 位置,以下内容适用于 DNS 中的任何地方。
给定的名称服务器(实际上是一组名称服务器)在区域中具有权威性。因此它具有完整的区域内容,其中包括区域的 SOA 和 NS 记录。它是权威的。
但是,要解析区域,其 parent 需要知道名称服务器集,因此该集在 parent 上发布。
所以你在两个地方有一个信息,但是 child 在这方面是权威的。 可能会发生两者都失去同步的情况,这称为跛脚委派。 但解析器应该相信内容的 child 版本,而不是 parent 版本。
在 RFC1034 中你有这个:
Though logically part of the authoritative data, the RRs that describe the top node of the zone are especially important to the zone's management. These RRs are of two types: name server RRs that list, one per RR, all of the servers for the zone, and a single SOA RR that describes zone management parameters.
以及关于分裂和哪一方是权威的:
The RRs that describe cuts around the bottom of the zone are NS RRs that name the servers for the subzones. Since the cuts are between nodes, these RRs are NOT part of the authoritative data of the zone, and should be exactly the same as the corresponding RRs in the top node of the subzone. Since name servers are always associated with zone boundaries, NS RRs are only found at nodes which are the top node of some zone. In the data that makes up a zone, NS RRs are found at the top node of the zone (and are authoritative) and at cuts around the bottom of the zone (where they are not authoritative), but never in between.
DNS 术语文档 (RFC 8499) 也试图减少混淆:
Authoritative data: "All of the RRs attached to all of the nodes from the top node of the zone down to leaf nodes or nodes above cuts around the bottom edge of the zone." (Quoted from [RFC1034], Section 4.2.1) Note that this definition might inadvertently also cause any NS records that appear in the zone to be included, even those that might not truly be authoritative because there are identical NS RRs below the zone cut. This reveals the ambiguity in the notion of authoritative data, because the parent-side NS records authoritatively indicate the delegation, even though they are not themselves authoritative data.
至于
what is the point of this SOA record telling the ANS ns1.awsdns.com that ns1.awsdns.com is the primary name server?
这是另一个问题。
在 SOA 记录中列出并被认为是主要的名称服务器实际上与操作没有什么关系,除了在动态更新的情况下。当有 DNS 动态更新时,如果客户端想要更新此 SOA 记录所描述的区域中的某些内容,则需要将其数据包发送到此主机。 但除此之外,这里的名称有点相关。甚至可能无法访问。
例如比较 SOA fr. 和 NS fr.:您将看到 SOA 记录中列出的主要名称服务器甚至不属于该区域的权威名称服务器集。
DNS 术语文档是这样说的:
Primary master: "The primary master is named in the zone's SOA MNAME field and optionally by an NS RR." (Quoted from [RFC1996],
Section 2.1) [RFC2136] defines "primary master" as "Master server at the root of the AXFR/IXFR dependency graph. The primary master is named in the zone's SOA MNAME field and optionally by an NS RR.
There is by definition only one primary master server per zone."The idea of a primary master is only used in [RFC1996] and [RFC2136]. A modern interpretation of the term "primary master" is a server that is both authoritative for a zone and that gets its updates to the zone from configuration (such as a master file) or from UPDATE transactions.
这并不完全反映现实,因为如果您尝试联系 fr. SOA 记录中列出的名称服务器,您将不会得到任何回复,因为该名称无论如何都不会公开解析(这是通常称为 "hidden master" 设置)。