Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to build the DNS domain name system in centos7. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

1. DNS: domain name system.

It is mainly used to record (register) the mapping relationship (correspondence) between domain names and IP addresses.

Function: domain name resolution.

Forward resolution: resolve the IP address according to the domain name. Domain name-> IP

Reverse resolution: the domain name is resolved according to the IP address. IP- > domain name

-

2. DNS parsing process

Recursive query: the query process between the server and the client. The main DNS server directly tells the client the IP address corresponding to the domain name.

Iterative query: the query process between the DNS server and the server. The DNS server sends query requests to the root domain, the top domain and the secondary domain in the Internet, and finally obtains the IP address corresponding to the domain name.

-

III. Deployment of DNS server

1. Software

DNS server software: bind, bind-chroot service name: named

DNS client software: bind-utils available commands: nslookup, dig, host

Note: the d in the service name is an abbreviation for the daemon daemon. For example, named is the abbreviation of name daemon.

2. Network topology:

DNS server: 192.168.10.7 (virtual machine)

DNS client: 192.168.10.8 (virtual machine), 192.168.10.1 (physical machine)

3. DNS server installation:

0), temporarily turn off the security function

Setenforce 0 # temporarily shuts down selinux

Getenforce # check selinux status

Systemctl stop firewalld # temporarily shuts down firewalld

Systemctl status firewalld # check firewalld status

1) check whether the software has been installed

Rpm-Q bind

2) install the software

Brief introduction of yum info bind # check bind Software

Yum install-y bind # install bind software

The query result of rpm-Q bind # is as follows

Bind-9.9.4-37.el7.x86_64

3), start the service

Systemctl restart named # restart the named service

Systemctl enable named # set named to boot

4), check the status

Systemctl status named

Lsof-iatnlp 53 or netstat-atnlp | grep: 53

5) be familiar with the configuration file

Rpm-qc bind # important configuration files are as follows

/ etc/logrotate.d/named # Log rotation policy file

/ etc/named.conf # main configuration file (save global settings parameters)

/ etc/named.iscdlv.key # key file

/ etc/named.rfc1912.zones # zone configuration file (save domain name information or network segment)

/ etc/named.root.key

/ etc/rndc.conf # configuration file for DNS remote administration

/ etc/rndc.key # key file for remote management

/ etc/sysconfig/named

/ var/named/named.ca # parsing file for the root domain server

/ var/named/named.empty

/ var/named/named.localhost # localhost Domain name forward Resolution profile (Resource record File)

Reverse resolution configuration file (resource record file) for / var/named/named.loopback # 127.0.0.0 network segment

-

Case: registering the domain name baidu.com (forward resolution) on the 192.168.10.7 DNS server requires the following administrative actions.

1. Modify the / etc/named.conf main configuration file and change all 127.0.0.1 and localhost in the file to any.

Cp-v / etc/named.conf {, .bak} back up this configuration file

Cp-v / etc/named.conf / etc/named.conf.bak (same as above)

The revised results of vim / etc/named.conf are as follows (scarlet letter, a total of 4 changes). Check the help manual with man named.conf.

Options {option Settings

Listen-on port 53 {any;}; # IPv4 listens on ports and IP addresses, with multiple IP separated by semicolons, and any listens on all IP addresses. The default is 127.0.0.1.

Listen-on-v6 port 53 {:: 1;}; # IPv6 listening port and IP address

Directory "/ var/named"; # parsed resource record configuration file working directory

Dump-file "/ var/named/data/cache_dump.db"; # caching backup files

Statistics-file "/ var/named/data/named_stats.txt"; # status file

Memstatistics-file "/ var/named/data/named_mem_stats.txt"; # memory status file

Allow-query {any;}; # the domain name that can be queried. The default is localhost.

Recursion yes; # allows recursive queries

# dnssec-enable yes; # enable dns security policy (comment this line out in this case)

# dnssec-validation yes; # enable valid security policy for dns (comment this line out in this case)

Bindkeys-file "/ etc/named.iscdlv.key"; # key file

Managed-keys-directory "/ var/named/dynamic"; # manage the working directory of the key

Pid-file "/ run/named/named.pid"; # process pid file

Session-keyfile "/ run/named/session.key"; # session key file

}

Logging {Log Settings

Channel default_debug {# channel is in debug debug mode

File "data/named.run"; # File path

Severity dynamic; # mode is dynamic

}

}

Zone "." IN {# Root Domain Settings

Type hint; # type is hint is the root domain, the type usually has hint, master master, slave slave (secondary).

File "named.ca"; # filename, located in the / var/named directory

}

Include "/ etc/named.rfc1912.zones"; # contains the subprofile, which is the zone profile

Include "/ etc/named.root.key"; # included key file

Restart the service: systemctl restart named

2. Add the configuration information of the baidu.com domain name at the end of the / etc/named.rfc1912.zones file.

Cp-v / etc/named.rfc1912.zones {, .bak}

Vim / etc/named.rfc1912.zones # adds the following

Zone "baidu.com" IN {# declares zone domain name (or locale setting)

Type master; # type is master primary DNS server

File "baidu.com.zx"; # parsed resource configuration file located in the / var/named directory

Allow-update {none;}; # does not allow update updates

Allow-transfer {none;}; # allows transfer. Usually refers to the IP address of the secondary DNS server.

}

Note: after this step is completed, the named service cannot be restarted normally because the parsed resource profile baidu.com.zx has not yet been created.

3. Create the resource record configuration file baidu.com.zx for forward resolution of the baidu.com domain name in the / var/named directory.

Cd / var/named

Ls

Cp-pv named.localhost baidu.com.zx # uses-p to copy with attributes (this must be done)

The revised reference content of vim baidu.com.zx # is as follows (the scarlet letter is the modified content)

$TTL 1D

@ IN SOA dns1.baidu.com. 12700696.qq.com. (

2017112701; serial version serial number, usually with a number of years, months and days (must be a number within 10 digits)

1D; refresh refresh time is 1 day

1H; retry retry time is 1 hour

1W; expire expiration time

3H); minimum minimum cache time (that is, the minimum value of TTL)

NS dns1.baidu.com. ; NS record (Name Server), which specifies the name of the DNS server

Dns1 A 192.168.10.7; A record (Address), which specifies the IP address corresponding to the domain name and host name

AAAA:: 1; A record of IPv6

Www A 192.168.10.7

Ftp A 192.168.10.8

Mail A 192.168.10.9

Linux A 192.168.10.1

W CNAME www; CNAME alias record (canonical name) in the format "alias CNAME original name"

Ww CNAME www

Web CNAME www

Tip: when the name to the left of the A record in the forward parsing configuration file is empty, it is the same as above.

Content explanation:

$TTL 1D: maximum life cycle is 1 day

@: is a variable that represents the domain name baidu.com. Baidu.com defined by zone "baidu.com" IN in the named.rfc1912.zones file.

SOA: an acronym for initial authority. The domain name baidu.com used to specify this example is stored in the host dns1.baidu.com.

12700696.qq.com: is the mailbox of the DNS server administrator. Because @ has a special meaning in the DNS resolution configuration file, the @ of the mailbox must be used. To show.

FQDN: full quality domain name Full Quality Domain Name (full domain name). Example: the rightmost point of dns1.baidu.com., is the root domain.

NS record: which DNS server on which domain name information is preserved?

A record: record the IP address corresponding to the hostname

CNAME: alias for hostnam

PTR record: pointer record, used for reverse resolution, in the format "host number PTR full domain name in IP address"

MX record: message exchange record, used to specify the mail server.

4. Restart the named service.

Systemctl restart named

5. Test forward parsing with dns client commands.

Rpm-Q bind-utils check bind client software

Yum install-y bind-utils installation

Temporary testing of DNS parsing:

Nslookup command: domain name or IP DNS server IP address to be resolved by nslookup

Note: the nslookup command is available on both linux and windows systems.

Example: nslookup www.baidu.com 192.168.10.7 # results are as follows

Server: IP of 192.168.10.7 # DNS server

Address: IP and port number of the 192.168.10.7room53 # DNS server

Name: www.baidu.com # domain name to be resolved

Address: IP address of the domain name parsed by 192.168.10.7 #

Example: execute the following parsing test command to see what the parsing result is.

Nslookup web.baidu.com 192.168.10.7

Nslookup dns1.baidu.com 192.168.10.7

-

Nslookup interactive operations:

Nslookup # Open the nslookup software and do the following

Server # View the current dns server IP in the Nic settings

Server 192.168.10.7 # temporarily set the IP of the dns server

Www.baidu.com # forward parsing test

Web.baidu.com # forward parsing test

127.0.0.1 # reverse parsing test

Exit # exit the software

-

Host command: host [option] domain name DNS server IP

Example: host www.baidu.com 192.168.10.7

Host web.baidu.com 192.168.10.7

-

Dig command: dig @ server domain query-type query-class

Note: dig @ server IP domain name query type network level

Function: send domain name query packet to domain name server.

Example: dig @ 192.168.10.7 www.baidu.com

-

Summary:

DNS forward parsing processes three configuration files:

1. / etc/named.conf main configuration file (mainly changed 4 lines of code, only need to change once)

2. / etc/nemed.rfc1912.zones zone configuration file (used to register the setting of the region name and its related parameters)

3. Resource record file parsed by / var/named/* region (used to register the correspondence between host name and IP address)

Note:

1. If the parsed resource record file is the complete domain name of FQDN, you must set the root domain. Click on it, otherwise the named service will not run.

2. The domain name corresponding to NS record must have the corresponding A record.

DNS client parsing test commands: nslookup, dig, host

-

Example: register the forward resolution function of the sina.com domain name on the 192.168.10.7 DNS server. The host name and IP address in the parsed resource record file are randomly determined by themselves. Finally, the forward parsing test is done with the nslookup command.

Step 1: vim / etc/named.rfc1912.zones # add the following

Zone "sina.com" IN {# declares zone domain name (or locale setting)

Type master # type is master primary DNS server

File "sina.com.zx"; # parsed resource configuration file located in the / var/named directory

Allow-update {none;}; # does not allow update updates

Allow-transfer {none;}; # allows transfer. Usually refers to the IP address of the secondary DNS server.

}

Step 2: do the following.

Cd / var/named

Cp-pv named.localhost sina.com.zx

The modified content of vim sina.com.zx is as follows

$TTL 1D

@ IN SOA dns1.sina.com. 12700696.qq.com. (

2017112701; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns1.sina.com.

Dns1 A 192.168.10.7

AAAA:: 1

Www A 1.1.1.1

Ftp A 1.1.1.2

Mail A 1.1.1.3

Linux A 1.1.1.4

W CNAME www

Ww CNAME www

Web CNAME www

Step 3: restart the named service smoothly

Systemctl reload named

Step 4: parse testing

Nslookup www.sina.com 192.168.10.7

Nslookup web.sina.com 192.168.10.7

After reading the above, do you have any further understanding of how to build the DNS domain name system in centos7? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.