最新评论 (0)


The Internet: IP Addresses and DNS

互联网科普系列 IP地址和DNS(域名解析)
The Internet: IP Addresses and DNS
大家好 我是葆拉 微软公司的一名软件工程师
Hi! My name is Paola, and I am a software engineer
at Microsoft. Let’s talk about how the internet works. My job relies on networks being able
但在20世纪70年代之前 它没有一种标准方法
to talk with one another, but back in the 1970s there was no standard method for this.
是Vint Cerf和Bob Kahn发明了网络连接协议
It took the work of Vint Cerf and Bob Kahn to invent the internetworking protocol, to
使得交流成为可能 这项发明基于我们现在称之为互联网的东西
make communication possible. This invention laid the groundwork for what we now call the
互联网是网格状的网络 它同时连接了全球数以亿计的设备
internet. The internet is a network of networks. It links billions of devices together all
因此通过WIFI 你可能与笔记本或手机连接
around the globe. So maybe you’re connected with a laptop or a phone through wifi, then
that wifi connection connects to an internet service provider (or ISP), and that ISP connects
you to billions and billions of devices around the world through hundreds of thousands of
利用成千上万互相连接的网络 大多数人所不能接受的是
networks that are all interconnected. One thing that most people do not appreciate is
that the internet is really a design philosophy and an architecture expressed in a set of
protocols. A protocol is a well known set of rules and standards, that if all parties
如果所有当事人同意 则他们可以无问题的交流
agree to use it will allow them to communicate without trouble. How the internet actually
physically works is less important than the fact that this design philosophy has allowed
the internet to adapt and absorb new communication technologies. This is because in order for
因为如果要在互联网上启用某种新技术 那么只需要明确其使用的相关协议即可
a new technology to use the internet in some fashion, it just needs to know which protocols
在互联网上 所有不同的设备都拥有独一无二的网址
to work with. All the different devices on the internet have unique addresses. An address
这些网址其实就是一组数字 就像电话号码或街道地址一样
on the internet is just a number, similar to a phone number or a sort of street address,
对于处在互联网边缘节点的电脑和设备来说 它是独特的
that’s unique to each computer or device at the edge of the network. This is similar to
how most homes and businesses have a mailing address. You don’t need to know a person to
你不必知道收件人 但你需要知道他们的地址并且准确填写地址
send them a letter in the mail, but you do need to know their address and how to write
the address properly so the letter can be carried by a mail system to its destination.
在互联网上 电脑的编址系统是类似的
The addressing system for computers on the internet is similar and it forms part of one
它形成了最重要的协议之一 – 互联网协议或IP协议
of the most important protocols used in internet communication simply called the internet protocol
or IP. A computer’s address then is called its IP address. Visiting a website is really
just your computer asking another computer for information. Your computer sends a message
to the other computer’s IP address and it also sends along its origin address, so the
other computer knows where to send its response. You may have seen an IP address. It’s just
它就是一串数字 这些数字用一种层级结构来组织
a bunch of numbers! These numbers are organized in a hierarchy. Just like a home address has
就像家庭地址包含国家城市街道门牌号 IP地址也有相关部分
a country, a city, a street, and a house number, an IP address has many parts. Just like all
就像所有的数据一样 这些数字以二进制数字形式表现
digital data, each of these numbers is represented in bits. Traditional IP addresses are 32 bits
传统的IP地址有32位字节 其中8字节是地址的每一部分 前面的数字通常代表
long, with 8 bits for each part of the address. The earlier numbers usually identify the country
设备所在的国家和地区 接着是子网 最后是特定设备的地址
and regional network of the device. Then come the subnetworks, and then finally the address
这种IP地址的形式叫做IPv4 设计于1973年
of the specific device. This version of IP addressing is called IPv4. It was designed
in 1973 and was widely adopted in the early 80s, and provides for more than 4 billion
unique addresses for devices connecting to the internet. But the internet has turned
但是互联网越来越流行 超出了Vint Cerf的想象
out to be much more popular than even Vint Cerf imagined and 4 billion unique addresses
40亿个地址是不够的 经过多年的过度 我们现在使用的是叫做IPv6形式的地址
won’t be enough. We’re now in the middle of a multi-year transition to a longer IP address
每个地址使用128字节 且支持超过340涧(2的128次方)个地址
format called IPv6, which uses 128 bits per address and provides over 340 undecillion
unique addresses. That’s more than enough for every grain of sand on Earth to have its
own IP address. Most users never see or care about internet addresses. A system called
the domain name system or DNS associates names like www.example.com with the corresponding
addresses. Your computer uses the DNS to look up domain names and get the associated IP
address which is used to connect your computer to the destination on the internet. And it
它有点像这样走 (声音一)嘿 这儿 我想去www.code.org
goes a little something like this: (voice 1) “Hey, hi there, I want to go to www.code.org.”
(声音二)恩 但是我不知道那个域名的IP地址 让我问问
(voice 2) “Mm.. yeah I don’t know the IP address for that domain let me ask around. Hey, do
嘿 你知道怎样到达code.org吗 (声音三)是的 我知道它在174.129.14.120
you know how to get to code.org?” (voice 3) “Yeah, I got it right here it’s”
(声音二)好的 太棒了 谢谢 我会存下来以防我再次需要它
(voice 2) “Oh okay, great, thanks. I’m gonna write that down and save it for later in case
嘿 这是你想去的地址 (声音一)太好了 谢谢
I need it again. Hey here’s that address you wanted.” (voice 1) “Awesome! Thank you.” So
那么我们如何设计一个系统 使得数以亿计的设备能够找到数以亿计中的任何一个网址呢
how do we design a system for billions of devices to find any one of billions of different
没有任何一种方法 DNS服务器能够处理来自所有设备的请求
websites? There is no way one DNS server can handle all the requests from all devices.
因为DNS服务器以分散的层次系统连接 并划分区域
The answer is that DNS servers are connected in a distributed hierarchy, and are divided
把响应分散到主要的域 例如org. com. net等
into zones, splitting up responsibility for the major domains such as .org, .com, .net,
etc. DNS was originally created to be an open and public communication protocol for government
因为它的开放性 DNS易受网络攻击的影响
and educational institutions. Because of its openness, DNS is susceptible to cyber attacks.
典型的攻击是域名冒名顶替 当黑客访问DNS服务器
An example attack is DNS spoofing. That’s when a hacker taps into a DNS server and changes
改变服务器的域名 用一个错误的IP地址来匹配域名 这样攻击者可以将人们送到假的网址
it to match a domain name with the wrong IP address. This lets the attacker send people
如果你遭遇了这些 你将易遭遇更多的问题
to an imposter website. If this happens to you, you are vulnerable for more problems
因为你使用了像是真的一样的假网址互联网是巨大的 并且每天都在壮大
because you are using that fake website as if it’s real. The internet is huge and getting
bigger everyday. But the domain name system and internet protocol are designed to scale,
no matter how much the internet grows.