{"id":5324,"date":"2022-09-13T20:58:22","date_gmt":"2022-09-13T12:58:22","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=5324"},"modified":"2022-09-13T20:58:22","modified_gmt":"2022-09-13T12:58:22","slug":"dns%e6%95%b0%e6%8d%ae%e5%88%86%e6%9e%90","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/5324.html","title":{"rendered":"DNS\u6570\u636e\u5206\u6790"},"content":{"rendered":"\n<p>=Start=<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\u7f18\u7531\uff1a<\/h4>\n\n\n\n<p>\u524d\u51e0\u5929\u82b1\u4e86\u70b9\u65f6\u95f4\u505a\u4e86\u4e00\u4e0b\u529e\u516c\u7f51DNS\u6570\u636e\u7684\u5206\u6790\uff0c\u6ca1\u6709\u53ca\u65f6\u8bb0\u5f55\uff0c\u6015\u8fc7\u6bb5\u65f6\u95f4\u5c31\u5168\u5fd8\u4e86\uff0c\u4eca\u5929\u6709\u65f6\u95f4\u5c31\u6574\u7406\u8bb0\u5f55\u4e00\u90e8\u5206\uff0c\u65b9\u4fbf\u4ee5\u540e\u53c2\u8003\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\u6b63\u6587\uff1a<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\">\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n\n\n\n<p>\u5148\u7b80\u5355\u8bf4\u4e00\u4e0b\u5206\u6790DNS\u6570\u636e\u7684\u610f\u4e49\u548c\u76ee\u7684\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"0\"><li>DNS\u7684\u4f5c\u7528\u975e\u5e38\u7b80\u5355\u2014\u2014\u6839\u636e\u57df\u540d\u67e5\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4f46\u975e\u5e38\u91cd\u8981\u2014\u2014DNS\u662f\u4e92\u8054\u7f51\u6838\u5fc3\u534f\u8bae\u4e4b\u4e00\u3002<\/li><li>\u5f53\u4e00\u53f0\u8bbe\u5907\u63a5\u5165\u516c\u53f8\u7684\u7f51\u7edc\u4e4b\u540e\uff0c\u5b83\u7684\u6d41\u91cf\u90fd\u4f1a\u6d41\u7ecf\u516c\u53f8\u5185\u7684\u7f51\u7edc\u8bbe\u5907\uff0c\u4f46\u56e0\u4e3aHTTPS\u7b49\u52a0\u5bc6\u534f\u8bae\u7684\u539f\u56e0\uff0c\u5373\u4fbf\u4f60\u7684\u6d41\u91cf\u7ecf\u8fc7\u4e86\u516c\u53f8\u7684\u7f51\u7edc\u8bbe\u5907\u4f46\u516c\u53f8\u4e5f\u6ca1\u529e\u6cd5\u77e5\u9053\u4f60\u5728\u8fd9\u4e9bHTTPS\u7f51\u7ad9\u5185\u7684\u5177\u4f53\u884c\u4e3a\uff08\u9664\u975e\u6709\u5bf9\u5e94\u7684\u5bc6\u94a5\u80fd\u5bf9\u6d41\u91cf\u8fdb\u884c\u89e3\u5bc6\uff09\uff0c\u8fd9\u5bf9\u4e8e\u666e\u901a\u4eba\u6765\u8bf4\u662f\u597d\u4e8b\uff0c\u56e0\u4e3a\u66f4\u5b89\u5168\u4e86\uff0c\u4f46\u9ed1\u5ba2\u548c\u4e00\u4e9b\u4e0d\u6000\u597d\u610f\u7684\u4eba\u4e5f\u5728\u5229\u7528\u8fd9\u4e00\u70b9\u505a\u574f\u4e8b\u2014\u2014\u6b64\u65f6\u5b89\u5168\u4eba\u5458\u65e0\u6cd5\u8fdb\u884c\u6709\u6548\u68c0\u6d4b\uff0c\u4e5f\u5c31\u65e0\u6cd5\u5feb\u901f\u54cd\u5e94\u5b89\u5168\u4e8b\u4ef6\u3002\u867d\u7136\u6b64\u65f6\u6211\u4eec\u62ff\u4e0d\u5230\u8bf7\u6c42\u548c\u54cd\u5e94\u5185\u5bb9\u4e86\uff0c\u4f46\u5e76\u4e0d\u4ee3\u8868\u6211\u4eec\u4ec0\u4e48\u90fd\u505a\u4e0d\u4e86\uff0c<strong>DNS\u6570\u636e\u6b64\u65f6\u5c31\u63d0\u4f9b\u4e86\u4e00\u4e9b\u53c2\u8003\u2014\u2014\u5b83\u80fd\u7c97\u7565\u77e5\u9053\u4f60\u5927\u6982\u8bbf\u95ee\u4e86\u54ea\u4e9b\u57df\u540d<\/strong>\uff0c\u56e0\u4e3a\u4f60\u8981\u501f\u52a9DNS\u6765\u67e5\u627e\u5b9e\u9645\u63d0\u4f9b\u670d\u52a1\u7684IP\u5730\u5740\uff0c\u9664\u975e\u4f60\u5b8c\u5168\u653e\u5f03\u4fbf\u5229\u548c\u53ef\u9760\u6027\uff0c\u76f4\u63a5\u7528\u56fa\u5b9aIP\u8fdb\u884c\u901a\u4fe1\u3002<\/li><li>\u5f53\u4f60\u80fd\u62ff\u5230\u76f8\u5e94\u7684DNS\u6570\u636e\u4e4b\u540e\uff0c\u901a\u8fc7\u5206\u6790\uff0c\u4f60\u5c31\u53ef\u4ee5\u6e05\u695a\u5730\u77e5\u9053\u5728\u4f60\u7684\u7f51\u7edc\u8303\u56f4\u5185\u54ea\u4e9bIP\uff08\u540e\u9762\u5bf9\u5e94\u7684\u662f\u8bbe\u5907\/\u8d26\u53f7\uff09\u5206\u522b\u5728\u4ec0\u4e48\u65f6\u95f4\u67e5\u8be2\u4e86\u54ea\u4e9b\u57df\u540d\uff0c\u5f53\u65f6\u67e5\u8be2\u8fd4\u56de\u7684IP\u662f\u4ec0\u4e48\u3002<\/li><li>\u4e5f\u5c31\u53ef\u4ee5\u77e5\u9053\u5728\u7f51\u7edc\u653b\u51fb\/\u9493\u9c7c\u884c\u52a8\u4e2d\u54ea\u4e9b\u5185\u90e8\u7528\u6237\u53d7\u5230\u4e86\u5f71\u54cd\uff0c\u4ece\u800c\u5c31\u53ef\u4ee5\u6709\u7684\u653e\u77e2\u7684\u8fdb\u884c\u5b89\u5168\u5e94\u6025\u4e86\u3002<\/li><\/ol>\n\n\n\n<p>==<\/p>\n\n\n\n<p>\u5177\u4f53\u7684\u5206\u6790\u6d41\u7a0b\u5c31\u662f\uff0c\u5148\u627e\u5230\u516c\u53f8\u5185\u548c\u529e\u516c\u7f51DNS\u76f8\u5173\u7684\u6570\u636e\u8868\uff08\u6ca1\u6709\u7684\u8bdd\u8d76\u7d27\u627eIT\u540c\u5b66\u505a\u8bb0\u5f55\u548c\u63a5\u5165\uff0c\u8981\u4e0d\u7b49\u5230\u51fa\u4e8b\u7684\u65f6\u5019\u5c31\u665a\u4e86\uff09\uff0c\u7136\u540e\u5206\u522b\u62bd\u6837\u770b\u770b\u90fd\u8bb0\u5f55\u4e86\u54ea\u4e9b\u5b57\u6bb5\uff0c\u597d\u6709\u4e2a\u5927\u6982\u7684\u5370\u8c61\uff1b\u7136\u540e\u62bd\u51fa\u91cd\u70b9\u5b57\u6bb5\u8fdb\u884c\u5206\u6790\u548c\u5173\u6ce8\u3002<\/p>\n\n\n\n<p>\u4ece\u62bd\u6837\u6570\u636e\u6765\u770b\u53ef\u4ee5\u5f97\u5230\u4ee5\u4e0b\u51e0\u4e2a\u4fe1\u606f\uff1a<br>1\u3001\u65e5\u5fd7\u662f\u7531 dnsmasq \u8fd9\u4e2a\u7a0b\u5e8f\u8bb0\u5f55\u7684\uff1b<br>2\u3001\u6838\u5fc3\u5b57\u6bb5\u67095\u4e2a\uff08timestamp\/type\/domain\/action\/hostip\uff09\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\u5b57\u6bb5\u540d \u5b57\u6bb5\u503c<br>timestamp 2022-09-07 23:59:58<br>type query&#91;AAAA]<br>domain www.google.com<br>action from<br>hostip 172.30.87.146<\/code><\/pre>\n\n\n\n<p>\u67e5\u8be2\u7c7b\u578btype\u5206\u6790<\/p>\n\n\n\n<p>\u53c2\u8003 WikiPedia \u5c31\u884c\uff0c<strong>\u529e\u516c\u7f51\u7684\u6848\u4ef6\u6eaf\u6e90\u4e00\u822c\u5173\u6ce8 query[A]\/query[AAAA]<\/strong><\/p>\n\n\n\n<p>\u67e5\u8be2\u64cd\u4f5caction\u5206\u6790<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>action=from \u8bb0\u5f55\u7684\u662f\u7531\u5ba2\u6237\u7aef\u53d1\u8d77\u7684DNS\u67e5\u8be2\u8bf7\u6c42\uff0c\u5373client_ip\u60f3\u77e5\u9053domain\u7684ip\u662f\u4ec0\u4e48<\/li><li>action=is \u8bb0\u5f55\u7684\u662fDNS\u67e5\u8be2\u7684\u7ed3\u679c\uff0c\u5373domain\u7684ip\u5b9e\u9645\u662f\u4ec0\u4e48<\/li><li>action=to \u4e3b\u8981\u8bb0\u5f55\u7684\u662f\u6307\u5b9aDNS\u670d\u52a1\u5668\u8fdb\u884c\u67e5\u8be2\uff0c\u5c06domain\u7684\u67e5\u8be2\u8f6c\u53d1\u5230\u6307\u5b9a\u7684dns\u670d\u52a1\u5668\u4e0a<\/li><\/ul>\n\n\n\n<p>action = &#8216;is&#8217; \u7684dns\u65e5\u5fd7\uff0c\u57fa\u672c\u4e0a\u662f\u56de\u590d\u67e5\u8be2\u5bf9\u8c61\u67d0\u4e2a\u57df\u540d\u7684IP\u662f\u591a\u5c11\uff0chostip\u5b57\u6bb5\u662f\u57df\u540d\u7684IP\u800c\u4e0d\u662f\u67e5\u8be2\u5bf9\u8c61\u7684IP\u3002type\u7684\u53d6\u503c\u8303\u56f4\u662f\uff08reply#\/etc\/hosts#config#cached\uff09\uff1a<\/p>\n\n\n\n<p>\u542b\u4e49\u5206\u522b\u4e3a\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>cached \u4ece\u7f13\u5b58\u4e2d\u8fd4\u56de\u4e4b\u524d\u67e5\u8be2\u5230\u7684\u7ed3\u679c<\/li><li>reply \u8fd4\u56de\u67e5\u8be2\u7ed3\u679c<\/li><li>config \u914d\u7f6e\u57df\u540d\u548cIP\u7684\u5bf9\u5e94\u5173\u7cfb\uff08\u80fd\u914d\u7f6e\u7684\u57fa\u672c\u90fd\u662f\u5185\u90e8\u57df\u540d\uff09<\/li><li>\/etc\/hosts \u4ece\u672c\u5730hosts\u6587\u4ef6\uff08\u90fd\u662f\u5185\u90e8\u57df\u540d\uff09\u4e2d\u67e5\u8be2\u5e76\u8fd4\u56de\u7ed3\u679c<\/li><\/ul>\n\n\n\n<p>action = &#8216;to&#8217; \u7684dns\u65e5\u5fd7\uff0c\u5176\u4e2d type=forwarded \u662f\u8f6c\u53d1\u64cd\u4f5c\u7684\u65e5\u5fd7\uff0c\u5373\u6307\u5b9adns\u670d\u52a1\u5668\u8fdb\u884c\u67e5\u8be2\uff0c\u6240\u4ee5hostip\u8bb0\u5f55\u7684\u662f\u90a3\u51e0\u4e2a\u5e38\u89c1\u7684dns\u670d\u52a1\u5668\u7684IP\uff0c\u6bd4\u5982Google\u7684 8.8.8.8 \u963f\u91cc\u7684 223.5.5.5 \u817e\u8baf\u7684119.29.29.29 \u7b49\u3002<\/p>\n\n\n\n<p>action = &#8216;to&#8217; \u7684dns\u65e5\u5fd7\u53ea\u6709 type=forwarded \u8fd8\u6709\u70b9\u7528\uff0c\u4f46\u5728\u8c03\u67e5\u7684\u65f6\u5019\u4e5f\u6ca1\u6709\u5927\u7528\uff0c\u56e0\u4e3a\u57fa\u672c\u90fd\u662fdns\u67e5\u8be2\u8f6c\u53d1\uff0c\u6ca1\u6709\u8bb0\u5f55\u53d1\u8d77dns\u67e5\u8be2\u8bf7\u6c42\u7684\u4e3b\u673aIP\u3002<\/p>\n\n\n\n<p><strong>\u603b\u4f53\u6765\u770b\uff1a\u53ea\u6709 action = &#8216;from&#8217; \u7684dns\u65e5\u5fd7\u8bb0\u5f55\u4e86\u53d1\u8d77dns\u67e5\u8be2\u8bf7\u6c42\u7684\u4e3b\u673aIP\uff08\u53ef\u4ee5\u7528\u4e8e\u8f85\u52a9\u5224\u65ad\u67d0\u4e2a\u4e3b\u673aIP\u6709\u6ca1\u6709\u4f7f\u7528\u8fc7\u7279\u5b9a\u670d\u52a1\uff09\uff0c\u4e14\u4e00\u822c\u662ftype\u53d6\u503c\u4e3a(&#8216;query[A]&#8217;,&#8217;query[AAAA]&#8217;)\u7684\u662f\u67e5\u57df\u540d\u5bf9\u5e94IP\u7684\u5e38\u89c4\u8bf7\u6c42\u3002<\/strong><\/p>\n\n\n\n<p>\u5c31DNS\u6570\u636e\u6765\u8bf4\uff0c\u6838\u5fc3\u7684\u529f\u80fd\u70b9\u5728\u4e8e\u63d0\u4f9b\u4ee5\u4e0b2\u7c7b\u4fe1\u606f\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>\u54ea\u4e2aIP\u5728\u4ec0\u4e48\u65f6\u95f4\u70b9\u67e5\u4e86\u54ea\u4e2a\u57df\u540d\uff08dns_log\uff09\uff1b<\/li><li>\u5728\u76f8\u5e94\u65f6\u95f4\u70b9\u88ab\u67e5\u8be2\u57df\u540d\u7684IP\u8fd4\u56de\u7684\u662f\u4ec0\u4e48\uff08dns_ip\uff09\u3002<\/li><\/ol>\n\n\n\n<p>\u4ece\u65e5\u5e38\u6848\u4ef6\u8c03\u67e5\u7684\u60c5\u51b5\u6765\u770b\uff0c\u4e3b\u8981\u5173\u6ce8\u7684query_type\u5728\u4e8e(&#8216;query[A]&#8217;,&#8217;query[AAAA]&#8217;)\uff0c\u5373\u67e5\u8be2\u76ee\u6807\u57df\u540dIP\u7684\u67e5\u8be2\u8bf7\u6c42\uff08dns_log\uff09\uff1b<br>\u4f46\u6700\u597d\u4e5f\u4fdd\u5b58\u4e00\u4e0b\u88ab\u67e5\u8be2\u57df\u540d\u7684IP\u67e5\u8be2\u7ed3\u679c\uff08dns_ip\uff09\uff0c\u5bf9\u4e8e\u6eaf\u6e90\u90a3\u4e9b\u5b58\u6d3b\u751f\u547d\u5468\u671f\u5f88\u77ed\u7684domain\/ip\u65f6\u5f88\u6709\u7528\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n\n\n\n<p>The Importance of DNS Logging in Enterprise Security<br><a href=\"https:\/\/nxlog.co\/whitepapers\/dns-logging\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/nxlog.co\/whitepapers\/dns-logging<\/a><\/p>\n\n\n\n<p>\u4ec0\u4e48\u662f DNS\uff1f | DNS \u7684\u5de5\u4f5c\u65b9\u5f0f<br><a href=\"https:\/\/www.cloudflare.com\/zh-cn\/learning\/dns\/what-is-dns\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.cloudflare.com\/zh-cn\/learning\/dns\/what-is-dns\/<\/a><\/p>\n\n\n\n<p>\u57df\u540d\u7cfb\u7edf<br><a href=\"https:\/\/zh.wikipedia.org\/zh-sg\/%E5%9F%9F%E5%90%8D%E7%B3%BB%E7%BB%9F\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/zh.wikipedia.org\/zh-sg\/%E5%9F%9F%E5%90%8D%E7%B3%BB%E7%BB%9F<\/a><br><a href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System<\/a><\/p>\n\n\n\n<p>List of DNS record types<br><a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_DNS_record_types\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/en.wikipedia.org\/wiki\/List_of_DNS_record_types<\/a><\/p>\n\n\n\n<p>=END=<\/p>\n","protected":false},"excerpt":{"rendered":"<p>=Start= \u7f18\u7531\uff1a \u524d\u51e0\u5929\u82b1\u4e86\u70b9\u65f6\u95f4\u505a\u4e86\u4e00\u4e0b\u529e\u516c\u7f51DNS\u6570\u636e\u7684\u5206\u6790\uff0c\u6ca1\u6709\u53ca\u65f6\u8bb0\u5f55\uff0c\u6015\u8fc7\u6bb5\u65f6\u95f4\u5c31\u5168\u5fd8\u4e86\uff0c\u4eca\u5929 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,25],"tags":[205,37,724,1191],"class_list":["post-5324","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-security","tag-dns","tag-security","tag-724","tag-1191"],"views":2219,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/5324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=5324"}],"version-history":[{"count":1,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/5324\/revisions"}],"predecessor-version":[{"id":5325,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/5324\/revisions\/5325"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=5324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=5324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=5324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}