Shulou(Shulou.com)06/02 Report--

1.DNS server concept

Communication on the Internet requires the help of IP addresses, but human beings are far less able to remember numbers than words, so it is a good way to convert IP addresses into text that is easy to remember, but computers can only recognize 0,1 codes, so a mechanism is needed to solve the problem of translation between IP addresses and host names. The full name of DNS is Domain Name System, that is, domain name system. Its function is to parse the "URL" that we often use into an IP address online distributed database system. Most of the names of DNS are parsed locally, and only a few need to communicate on the Internet, so it is efficient.

Related concepts of 2.DNS

DNS uses the tree directory structure to assign the management of hostnames to different levels, so that the hostname lookup can be completed more quickly, and it is more convenient to modify hostname resolution.

Domain:

TLD: Top Level Domain (top-level domain)

Organizational domain: .com, .org, .net, .edu, .gov, .mil, .cc, …

Country domain: .cn, .us, .tw, .iq, …

Reverse domain: .in-addr-arpa

FQDN:

The full name of FQDN is Fully Quali qualified ed Domain Name, which means fully qualified domain name.

FQDN consists of two parts: the hostname and the domain name.

Because DNS is managed step by step, the host name and domain name are different in different levels.

Take www.google.com as an example:

In the second layer, .com is the domain name and google is the host name.

And to the third floor,. Google.

Forward resolution: translation from FQDN to IP addresses is called forward resolution

Reverse resolution: translation from IP addresses to FQDN is called reverse resolution

Zone: in forward or reverse parsing, the record of each domain is a region

3.DNS server parsing

The main function of DNS is to resolve the host name.

Parsing:

According to one name provided by the user, query the parsing library to get another name. Domain name-> IP,IP- > Domain name

Resource records: rr (resource record) has the concept of types; attributes used for parsing this record

* SOA record: starting authorization record. A zone file can only have one * A record: it is used to specify the IP (ipv4) address record corresponding to the host name (or domain name). (AAAA ipv6) * CNAME record: alias resolution (domain name) * NS record: domain name server record, which is used to specify which DNS server is used to resolve the domain name. * MX record: Mail exchange record, pointing to mail server * PTR record: reverse DNS record, reverse A record * TTL value: survival time, DNS record caching time on DNS server

Principle of 4.DNS server

DNS uses two query mechanisms: recursion and iteration

The client initiates a query request to the DNS server, and the DNS server searches the local resolution library with no results, so it initiates a query request to the root domain. The root domain tells the DNS server that there are resources it needs on the .com server, and the DNS server initiates a query request to the .com server. The result is told that there is the desired result on the .google.com server, and finally the parsing record is found on the .google.com server. And returned to the client during the above query, the client only initiated a request and got the result, which is called recursion.

The DNS server keeps making requests during the query process until the desired results are found, which is called iteration.

5.DNS query order

Local hosts files local DNS cache local DNS server initiates iterative query

6.DNS server port TCP UDP 53

7.DNS server type

Primary DNS server:

The main area that provides domain name resolution for clients. If the primary DNS server goes down, services provided from the DNS server will be enabled.

From the DNS server:

1. The master server DNS does not reply for a long time, and the slave server will stop providing service 2. The synchronization between master and slave regions adopts the mechanism of periodic check + notification. The slave server periodically checks the records on the master server, and once changes are found, they will be synchronized. In addition, if any data on the master server is modified, the slave server will be notified to update the record immediately.

Cache server:

The server itself does not provide a parsing zone, only non-authoritative responses

Forwarding server:

When an authoritative response to the current request cannot be provided in the parsing area (including cache) of the DNS server, the request is forwarded to another DNS server, where the local DNS server is the forwarding server

Configuration:

Nslookup,dig dns client testing tool

# tcpdump,wireshark packet grab Analysis tool

DNS server is built, forward parsing and reverse parsing

1. Turn off the firewall & Selinux

Systemctl stop firewalld systemctl disable firewalld setenforce 0 getenforce

two。 Install DNS server software

Yum install bind-chroot # main configuration file / etc/named.conf# zone configuration file / etc/named.rfc1912.zones is used to save domain name and IP address correspondence # data configuration file directory / var/named is used to save the location of domain name and IP address correspondence

3. Modify the master configuration file

Vi / etc/named.conf listen-on port 53 {any;}; # all IP addresses on the server can provide DNS domain name resolution service allow-query {any;}; # allow everyone to send DNS query requests to this server # named-checkconf command to check syntax

4. Modify the zone profile

# the location used to save the correspondence between domain name and IP address. In this file, the resolution rules between domain name and IP address, the location of the saved file, and the type of service are defined, but the specific domain name and IP address correspondence are not included. There are three types of services, namely hint (root zone), master (primary zone) and slave (secondary zone). The commonly used master and slave refer to the master server and slave server zone "c74.com" IN {type master; # service type file "c74.com.zone"; # Domain name and IP address resolution rules save file allow-update {none;} # which clients are allowed to dynamically update parsing information}; # forward parsing parameter zone "1.168.192.in-addr.arpa" IN {# is represented as the reflection parsing area type master; file "192.168.1.arpa";}; # reverse parsing parameters of the 24 network segment

5. Forward analysis

5.1 vi / etc/named.rfc1912.zones

Can be modified on the basis of the original, can also be cleared to retain the only information zone "c74.com" IN {# service type type master; # domain name and IP address resolution rules save the file file "c74.com.zone"; # which clients are allowed to dynamically update the resolution information allow-update {none;};}; # named-checkzone detects the configuration of the zone file

5." Edit the data configuration file. Copy a forward parsed template file (named.localhost) from the / var/named directory, then fill in the corresponding data of the domain name and IP address into the data configuration file and save it. Remember to add the-a parameter when copying, which can retain the owner, group, permission attributes and other information of the original file.

Cd / var/namedcp-a named.localhost c74.com.zone # copies the file contents (templates) from named.localhost to c74.com.zone vi c74.com.zone $TTL 1D # has a life cycle of 1 day @ IN SOA c74.com. Root.c74.com. (# @ current domain name # Authorization Information start # DNS area address # Domain name administrator mailbox do not use the @ symbol 0; serial # update serial number 1D; refresh # update time 1H; retry # retry delay 1W; expire # expiration time 3H) Minimum # invalid parsing recording time NS ns.c74.com. # Domain name server record ns IN A 192.168.5.153 # address record ns.c74.com. IN MX 10 mail.c74.com. # mailbox exchange record 10: the smaller the priority number, the higher the level. Mail IN A 192.168.5.153 # address record mail.c74.com. Www IN A 192.168.5.153 # address record www.c74.com. News IN A 192.168.5.153 # address record news.c74.com.

5.3 start services and testing

Systemctl restart named yum install bind-utils-y # bind-utils uses nslookup for client test dns > www.c74.com Server: 192.168.5.153 Address: 192.168.5.153 test 53 # others are also tested, omitted here

6. Reverse parsing

# the function of reverse resolution is to resolve the IP address submitted by the user into the corresponding domain name information. It is generally used to block all domain names bound to a certain IP address and block spam sent by certain domain names.

6.1 vi / etc/named.rfc1912.zones

Zone "1.168.192.in-addr.arpa" IN {type master; file "192.168.1.arpa";}

6.2 Editing the profile

# copy a reverse parsed template file (named.loopback) from the / var/named directory, and fill in the following parameters into the file cd / var/named cp-a named.loopback 192.168.1.arpa vi 192.168.1.arpa $TTL 1D @ IN SOA c74.com. Root.c74.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H); minimum NS ns.c74.com. Ns A 192.168.5.153 153 PTR ns.c74.com. # PTR is a pointer record, which is only used for 153 PTR mail.c74.com in reverse parsing. 153 PTR www.c74.com. 153 PTR news.c74.com.

6.3 Test

Systemctl restart named nslookup

7.DNS Advanced Master-Slave Service

# since the master server has been deployed above, the slave server is mainly introduced below.

# in the DNS domain name resolution service, the slave server can obtain the specified zone data files from the master server, thus playing the role of backup resolution records and load balancing, so deploying the slave server can reduce the load pressure on the master server and improve the query efficiency of users.

# two servers are required for testing! Master 192.168.10.10, from 192.168.10.20

7. Update request of the slave server is allowed in the zone configuration file of the master server, that is, modify the host address of allow-update {allow update zone information;}; parameter, and then restart the DNS service program of the master server.

Vi / etc/named.rfc1912. Zones zone "c74.com" IN {type master; file "c74.com.zone"; allow-update {192.168.10.20;}; zone "10.168.192.in-addr.arpa" IN {type master; file "192.168.10.arpa"; allow-update {192.168.10.20;};}; systemctl restart named

7. Fill in the IP address of the master server and the zone information to be fetched in the slave server, and then restart the service. Note that at this point the service type should be slave (slave), not master (master). The masters parameter should be followed by the IP address of the primary server, and what is defined after the file parameter is the location to be saved after synchronizing the data configuration file. You can see the synchronized file in this directory later.

Vi / etc/named.rfc1912.zones zone "c74.com" IN {type slave; masters {192.168.10.10;}; file "slaves/c74.com.zone";}; zone "10.168.192.in-addr.arpa" IN {type slave; masters {192.168.10.10;}; file "slaves/192.168.10.arpa";} The # file parameter is followed by the location to be saved after synchronizing the data configuration file. You can see the synchronized file}; systemctl restart named in this directory later.

7.3 # verify the parsing results. When the slave server's DNS service program is restarted, the data configuration file is generally automatically synchronized from the master server, and the file is placed by default in the directory location defined in the zone configuration file. Then modify the network parameters of the slave server, changing the DNS address parameter to 192.168.10.20, so that you can use the DNS domain name resolution service provided by the slave server itself. After that, you can use the nslookup command to see the parsing result smoothly.

Cd / var/named/slaves ls # Note that the slave server synchronizes the files of the master server! Nslookup www.c74.com 192.168.10.10

The above is the editor to introduce to you the Linux build DNS server detailed integration, I hope to help you, if you have any questions, please leave me a message, the editor will reply to you in time. Thank you very much for your support to the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.