DNS and dcos-net/dcos_dns

THIS POST REPRESENTS ONLY PERSONAL OPINIONS.
DNS is used for transforming human-readable domain names to IP addresses. To get the result, we need to consider how can we find the server responsible for the resolution. This article shows you the way and DNS functions used in DC/OS.

Name servers

A DNS query contains a name filed which can be split by dots. the first part of the is the hostname, and left ones is the domain name. domain name directs the name server responsible for transforming the hostname into a specified IP address.
name servers are designed response to DNS Query and reply with the IP addresses if the domain is in its charge or authorization, or forward to query to other name servers to find the answer. These name servers are built on hierarchy as the picture shows.
All the DNS queries start from root DNS servers, and they will tell you the information about TLD name servers, and again you talk to TLD name server for furthering query, and so on, until your hostname is finally resolved, this is a recursive query.

examples

Let me show you some examples of how DNS is resolved in DC/OS. Before we start, I should introduce the dcos-net docs_dns and powerful DNS tool dig a bit.

dcos-net docs_dns

  • dcos_net_mesos_listeners subscribes with mesos master state or update to date resources states
  • dcos_dns_mesos maintains the records when on its initialization or getting notified from dcos_net_mesos_listeners. dcos_dns_mesos update/create or delete the task DNS records depending on whether the task is running or not. And the task DNS records are namely autoip, containerip and agentip which you can refer to DC/OS networking DNS for further explanation.
  • dcos_dns_mesos_dns talks with mesos-dns for more DNS records not related directly to tasks, like leader.master, marathon.mesos and so on originated from axfr endpoint of mesos-dns.
  • tcp_listener/udp_listenr, handle DNS queries.

Of course, we cannot lose VIP, the VIP DNS records are generated by another app of dcos-net, dcos-l4lb,
dcos-net 分析之 dcos-l4lb

dig

The first second echoed from the dig command includes dig version and response header The second part shows the question we posted, an A record for host-echo.marathon.containerip.dcos.thisdcos.directory.`
Next comes the answer, here we got two hosts for the host-echo service has 2 instances actually.
And finally is the stats of the query.

> dig A host-echo.marathon.containerip.dcos.thisdcos.directory

; <<>> DiG 9.10.2-P4 <<>> A host-echo.marathon.containerip.dcos.thisdcos.directory
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10336
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host-echo.marathon.containerip.dcos.thisdcos.directory.	IN A

;; ANSWER SECTION:
host-echo.marathon.containerip.dcos.thisdcos.directory.	5 IN A 9.0.3.131
host-echo.marathon.containerip.dcos.thisdcos.directory.	5 IN A 9.0.4.131

;; Query time: 0 msec
;; SERVER: 198.51.100.1#53(198.51.100.1)
;; WHEN: Wed Mar 06 13:34:28 UTC 2019
;; MSG SIZE  rcvd: 115

DNS record types

SOA

Start of Authority (SOA Record)—this record appears at the beginning of a DNS zone file, and indicates the Authoritative Name Server for the current DNS zone, contact details for the domain administrator, domain serial number, and information on how frequently DNS information for this zone should be refreshed.

the Authoritative Name Server is responsible for zone transfers, containing DNS record type AXFR, which will be replicated among the secondary servers for reliable DNS services.
DNS requests may end up with obtaining an SOA response, standing for negative response of no entry.

Example:
This example tries to get the SOA for
, and the dig returns ns.spartan. as the SOA MNAME.

> dig host-echo.marathon.containerip.dcos.thisdcos.directory SOA

; <<>> DiG 9.10.2-P4 <<>> host-echo.marathon.containerip.dcos.thisdcos.directory SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36524
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host-echo.marathon.containerip.dcos.thisdcos.directory.	IN SOA

;; AUTHORITY SECTION:
dcos.thisdcos.directory. 1	IN	SOA	ns.spartan. support.mesosphere.com. 1 60 180 86400 1

;; Query time: 0 msec
;; SERVER: 198.51.100.1#53(198.51.100.1)
;; WHEN: Wed Mar 06 13:26:02 UTC 2019
;; MSG SIZE  rcvd: 151

A

Address Mapping record (A Record)—also known as a DNS host record, stores a hostname and its corresponding IPv4 address.

The sample example used for introducing dig command.

> dig A host-echo.marathon.containerip.dcos.thisdcos.directory

; <<>> DiG 9.10.2-P4 <<>> A host-echo.marathon.containerip.dcos.thisdcos.directory
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10336
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host-echo.marathon.containerip.dcos.thisdcos.directory.	IN A

;; ANSWER SECTION:
host-echo.marathon.containerip.dcos.thisdcos.directory.	5 IN A 9.0.3.131
host-echo.marathon.containerip.dcos.thisdcos.directory.	5 IN A 9.0.4.131

;; Query time: 0 msec
;; SERVER: 198.51.100.1#53(198.51.100.1)
;; WHEN: Wed Mar 06 13:34:28 UTC 2019
;; MSG SIZE  rcvd: 115

AAAA

IP Version 6 Address record (AAAA Record)—stores a hostname and its corresponding IPv6 address.
As this service is based on the IPv4 network, so there is no resolution for AAAA. But don't worry, DC/OS supports IPv6 actually 😃

> dig AAAA host-echo.marathon.containerip.dcos.thisdcos.directory

; <<>> DiG 9.10.2-P4 <<>> AAAA host-echo.marathon.containerip.dcos.thisdcos.directory
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32724
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host-echo.marathon.containerip.dcos.thisdcos.directory.	IN AAAA

;; AUTHORITY SECTION:
dcos.thisdcos.directory. 1	IN	SOA	ns.spartan. support.mesosphere.com. 1 60 180 86400 1

;; Query time: 0 msec
;; SERVER: 198.51.100.1#53(198.51.100.1)
;; WHEN: Wed Mar 06 13:45:27 UTC 2019
;; MSG SIZE  rcvd: 151

SRV

Service Location (SRV Record)—a service location record, i.e. the hostname and port number of servers for specified services.
SRV record adheres to such strange formats, which maybe want to make a clear distinction with other types:
_service._proto.name. TTL class SRV priority weight port target.
The following example gives us two instances serving both on 8081 but different hostnames.

> dig SRV _web._host-echo._tcp.marathon.mesos.thisdcos.directory

; <<>> DiG 9.10.2-P4 <<>> SRV _web._host-echo._tcp.marathon.mesos.thisdcos.directory
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15078
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_web._host-echo._tcp.marathon.mesos.thisdcos.directory.	IN SRV

;; ANSWER SECTION:
_web._host-echo._tcp.marathon.mesos.thisdcos.directory.	5 IN SRV 1 1 8081 host-echo-aoded-s3.marathon.mesos.thisdcos.directory.
_web._host-echo._tcp.marathon.mesos.thisdcos.directory.	5 IN SRV 1 1 8081 host-echo-s9ahw-s2.marathon.mesos.thisdcos.directory.

;; Query time: 0 msec
;; SERVER: 198.51.100.1#53(198.51.100.1)
;; WHEN: Wed Mar 06 14:00:18 UTC 2019
;; MSG SIZE  rcvd: 227

CNAME

Canonical Name record (CNAME Record)—can be used to alias a hostname to another hostname. When a DNS client requests a record that contains a CNAME, which points to another hostname, the DNS resolution process is repeated with the new hostname.

> dig www.foo.com

; <<>> DiG 9.10.6 <<>> www.foo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16204
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.foo.com.			IN	A

;; ANSWER SECTION:
www.foo.com.		599	IN	CNAME	newdigiadmin-1201528726.us-east-1.elb.amazonaws.com.
newdigiadmin-1201528726.us-east-1.elb.amazonaws.com. 59	IN A 54.165.87.12
newdigiadmin-1201528726.us-east-1.elb.amazonaws.com. 59	IN A 50.16.45.133

;; Query time: 503 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Mar 07 16:50

Bibliography

List of DNS record types https://en.wikipedia.org/wiki/List_of_DNS_record_types

DNS: TYPES OF DNS RECORDS, DNS SERVERS, AND DNS QUERY TYPES
https://ns1.com/resources/dns-types-records-servers-and-queries

posted on 2019-02-25 14:06  mainred  阅读(388)  评论(0编辑  收藏  举报