Windows 主机名解析
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3743581/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Windows host name resolution
提问by Trevor
I was wondering how the windows host-name resolution system works.
More precisely I wonder about the use, or lack thereof, of local cachingin the process.
According to Microsoft TCP/IP Host Name Resolution Order, the process is as follows:
我想知道 windows 主机名解析系统是如何工作的。
更准确地说,我想知道在此过程中是否使用本地缓存。
根据Microsoft TCP/IP Host Name Resolution Order,流程如下:
- The client checks to see if the name queried is its own.
- The client then searches a local Hosts file, a list of IP address and names stored on the local computer.
- Domain Name System (DNS) servers are queried.
- If the name is still not resolved, NetBIOS name resolution sequence is used as a backup. This order can be changed by configuring the NetBIOS node type of the client.
- 客户端检查查询的名称是否是它自己的名称。
- 然后客户端搜索本地主机文件、本地计算机上存储的 IP 地址和名称列表。
- 查询域名系统 (DNS) 服务器。
- 如果名称仍未解析,则使用 NetBIOS 名称解析序列作为备份。可以通过配置客户端的 NetBIOS 节点类型来更改此顺序。
What I was wondering is, whether stage (2) is cached in some way.
The sudden interest arose this last few days, as I installed a malware protection (SpyBot) that utilizes the HOSTSfile. In fact, it is now 14K entries big, and counting...
The file is currently sorted according to host name, but this of course doesn't have to be.
lg(14K), means 14 steps through the file for each resolution request. These request probably arrive at a rate of a few every second, and usually to the same few hundred hosts (tops).
我想知道的是,阶段 (2) 是否以某种方式缓存。
最近几天突然引起了兴趣,因为我安装了利用该HOSTS文件的恶意软件保护 (SpyBot) 。事实上,它现在有 14K 个条目,而且还在不断增加……
文件目前是根据主机名排序的,但这当然不是必须的。
lg(14K),表示为每个解析请求通过文件 14 步。这些请求可能以每秒几个的速度到达,并且通常到达相同的几百个主机(顶部)。
My view of how this shouldwork is like this:
我对这应该如何工作的看法是这样的:
- On system startup the windows DNS-resolution mechanism loads the HOSTS file a single time.
- It commits a single iteration over it that sorts file. A working copy is loaded into memory.
The original HOSTS file, will not be further read throughout the resolution's process' life. - All network-processes (IE, Firefox, MSN...) work via this process/mechanism.
No other process directly interfaces/reads HOSTS file. - Upon receiving a name resolution request, the process check its memory-resident cache.
If it finds the proper IP then is answers appropriately. - Otherwise (it's not cached), the resolution process continues to the memory resident (sorted) HOSTS file, and does a quick binary search over it. From here on, the process continues as originally described.
The result of the resolution is cached for further use.
- 在系统启动时,Windows DNS 解析机制会一次性加载 HOSTS 文件。
- 它提交对文件进行排序的单个迭代。工作副本被加载到内存中。
原始 HOSTS 文件将不会在解析过程的整个生命周期中被进一步读取。 - 所有网络进程(IE、Firefox、MSN...)都通过这个进程/机制工作。
没有其他进程直接连接/读取 HOSTS 文件。 - 收到名称解析请求后,该进程会检查其内存驻留缓存。
如果它找到了正确的 IP,则是适当的回答。 - 否则(它没有被缓存),解析过程继续内存驻留(排序)HOSTS 文件,并对其进行快速二进制搜索。从这里开始,该过程将按照最初的描述继续进行。
解析的结果被缓存以供进一步使用。
Though I am not sure as to the significance of these, I would really appreciate an answer.
I just want to see if my reasoning is right, and if not, why so?
I am aware that in this age of always-on PCs the cache must be periodically (or incrementally) purged. I ignore this for now.
虽然我不确定这些的重要性,但我真的很感激答案。
我只是想看看我的推理是否正确,如果不正确,为什么会这样?
我知道在这个永远在线的 PC 时代,必须定期(或逐步)清除缓存。我暂时忽略了这一点。
采纳答案by wj32
In the DNS Client service (dnsrslvr) you can see a function called LoadHostFileIntoCache. It goes something like this:
在 DNS 客户端服务 (dnsrslvr) 中,您可以看到一个名为LoadHostFileIntoCache. 它是这样的:
file = HostsFile_Open(...);
if (file)
{
while (HostsFile_ReadLine(...))
{
Cache_RecordList(...);
...
}
HostsFile_Close(...);
}
So how does the service know when the hosts file has been changed? At startup a thread is created which executes NotifyThread, and it calls CreateHostsFileChangeHandle, which calls FindFirstChangeNotificationWto start monitoring the drivers\etcdirectory. When there's a change the thread clears the cache using Cache_Flush.
那么服务如何知道主机文件何时被更改呢?在启动时创建一个线程,它执行NotifyThread,并调用CreateHostsFileChangeHandle,调用FindFirstChangeNotificationW开始监视drivers\etc目录。当有变化时,线程使用Cache_Flush.
回答by Turbo J
Your method does not work when the ip address of a known hostname is changed in hostswithout adding or changing the name.
当已知主机名的 IP 地址被更改hosts而不添加或更改名称时,您的方法不起作用。
Technetsays that the file will be loaded into the DNS client resolver cache.
Technet表示该文件将被加载到 DNS 客户端解析器缓存中。
IMO this is mostly irrelevant: A lookup in a local file (once its in the disk cache) will still be several orders of magnitude faster than asking the DNS servers of your ISP.
IMO 这几乎是无关紧要的:在本地文件(一旦它在磁盘缓存中)中的查找仍然比询问您的 ISP 的 DNS 服务器快几个数量级。
回答by jay.lee
I don't think that each process maintains it's own cache. If there is a cache, it probably exists in the TCP/IP stack or kernel somewhere, and even then, only for a very short while.
我不认为每个进程都维护自己的缓存。如果有缓存,它可能存在于 TCP/IP 堆栈或内核中的某处,即使如此,也只是很短的一段时间。
I've had situations where I'll be tinkering around with my hosts file and then using the addresses in a web browser and it will update the resolved names without me having to restart the browser.
我曾遇到过这样的情况,我会修改我的主机文件,然后在 Web 浏览器中使用地址,它会更新解析的名称,而无需重新启动浏览器。
