Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Set up DNS server to realize domain name resolution

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Set up DNS server to realize domain name resolution

Configure a private network DNS server in the company, which can resolve the domain name www.linux.com to IP:192.168.24.200; in the private network. In addition, in order to ensure the stability of the DNS server, it is also necessary to build a slave DNS server to provide redundancy for the DNS server.

Test content: configure the DNS server addresses of the PC client are 192.168.24.200 and 192.168.24.201; when the simulated 192.168.24.200 DNS service shuts down unexpectedly, ping www.linux.com can also resolve the domain name normally through dns2-server.

Experimental environment

Main DNS server dns1-server: 192.168.24.200

From the DNS server dns2-server: 192.168.24.201

Client windows

Install the service and start

[root@DNS1-server~] # yum-y install bind bind-chroot bind-utils [root@DNS1-server~] # chkconfig named on [root@DNS1-server~] # service named startbind-9.7.3-8.P3.el6.x86_64.rpm # this is the main package for the DNS service. Bind-chroot-9.7.3-8.P3.el6.x86_64.rpm # improves security. # bind-chroot is a feature of bind that enables bind to run in a chroot mode. In other words, the / (root) directory of the bind runtime is not the real / (root) directory of the system, but just a subdirectory in the system. The purpose of this is to improve security. Because in chroot mode, the scope of bind access is limited to this subdirectory and cannot be further promoted. Bind-utils-9.7.3-8.P3.el6.x86_64.rpm # this package is a client tool, installed by default, and is used to search domain name instructions.

1. Set up a master DNS server dns1.cn. The configuration is as follows:

[root@DNS1-server ~] # vim / var/named/chroot/etc/named.conf

Options {listen-on port 53 {any;}; # listening on IP listen-on-v6 port 53 {any;} of all network segments; # listening on IP directory "/ var/named" of all network segments; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;}; # allow request recursion no for all IP address ranges of IP; # Recursive query is supported by default, and recursive query dnssec-enable yes is turned off here # whether the DNSSEC switch is supported. The default is yes dnssec-validation yes; # whether to perform the DNSSEC confirmation switch. The default is yes dnssec-lookaside auto; # when dnssec-lookaside is set, it provides another method for the verifier to verify DNSKEY at the top level of the network area. / * Path to ISC DLV key * / bindkeys-file "/ etc/named.iscdlv.key";}; logging {channel default_debug {file "data/named.run"; severity dynamic;};} zone "." IN {type hint; file "named.ca";}; zone "linux.com" IN {# defines the zone file dns1.cn type master; # defines the role as the primary DNS file "linux.com.zone"; # reads the domain configuration file also-notify {192.168.24.201;} # when the configuration of the master server is modified, notify the slave server to automatically update allow-transfer {192.168.137.0 DNS 24;}; # specify which slave server of the network segment is allowed, and the master DNS server zone file can be synchronized. If not written, the default is all. (none stands for disallowed)}; include "/ etc/named.rfc1912.zones"

Check the configuration file

[root@DNS1-server /] # named-checkconf

2. Create a zone file:

Note: there should be two NS records in the master DNS record, one is the NS record of the master DNS and the other is the domain name record of the slave DNS server.

[root@DNS1-server ~] # cd / var/named/chroot/var/named/

[root@DNS1-server named] # vim linux.com.zone

The contents of the linux.com.zone are as follows:

1$ TTL 86400 2 @ IN SOA ns1.linux.com. Root.linux.com. (3 2015060101 41D 5 1H 6 1W 7 3H) 8 IN NS ns1.linux.com. 9 IN NS ns2.linux.com. 10 ns1 IN A 192.168.24.200 11 ns2 IN A 192.168.24.201 12 www IN A 192.168.24.200 13 web IN CNAME www.linux.com.

Profile parameter description:

$TTL 86400; set the default cache time for valid address resolution records, which defaults to 1 day, that is, 1D=86400 seconds.

Linux.com.IN SOAdns1.linux.com. Root.linux.com.

# the original @ indicates the current domain linux.com. In order to make it easier for you to remember, we write it directly as linux.com here.

# set SOA record as: dns1.linux.com

# when you write a domain name in this configuration file, you put the root. Write it down, too.

# Domain management mailbox root.linux.com. Since @ has other meanings, it uses "." Instead of @.

201506010; update the serial number to mark the transformation of the database, which can be less than 10 digits. If there is a secondary DNS area, it is recommended to manually add 1. 1 each time you update the database.

1D; refresh time, the interval between updating the address database file from the domain name server. Default is 1 day.

1H; retry delay, how long to wait after the domain name server failed to update the address database? default is 1 hour.

1W; expiration, expiration time, after which the address database cannot be updated, then it will not be tried again. The default is one week.

3H; sets the default cache time for invalid address resolution records (addresses that do not exist in the database). Invalid record is set. The minimum cache time is 3 hours.

Restart the service

[root@DNS1-server ~] # service named restart

Stop named:. [OK]

Start named: [OK]

3. Configuration of slave DNS server

# # Master-slave time must be consistent

Installer:

[root@DNS1-server2] # yum-y install bind bind-chroot bind-utils [root@DNS1-server2 ~] # chkconfig named on [root@DNS1-server2 ~] # service named startGenerating / etc/rndc.key: [OK] start named: [OK] [root@DNS1-server2 ~] # cd / var/named/chroot/etc/ [ Root@DNS1-server2 etc] # vim named.confoptions {listen-on port 53 {any }; listen-on-v6 port 53 {any;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;}; # recursion no Recursion yes; # dnssec-enable yes; # dnssec-validation yes; # dnssec-lookaside auto; bindkeys-file "/ etc/named.iscdlv.key";}; logging {channel default_debug {file "data/named.run"; severity dynamic;};}; zone "." IN {type hint; file "named.ca";}; zone "linux.com.zone" IN {type slave; file "slaves/linux.zone.file"; masters {192.168.24.200;}; # specify master server}; include "/ etc/named.rfc1912.zones"

The first restart from the slave DNS server will automatically create a file linux.com.zone.file under the: / var/named/chroot/var/named/slaves folder. This file is the data obtained from the DNS server to the master DNS server.

Check the configuration file

[root@DNS1-server /] # named-checkconf restart test: [root@DNS1-server2 ~] # service named restart stop named:. [OK] start named: [OK] # ls / var/named/chroot/var/named/slaves/linux.com.zone.file [root@DNS1-server2 ~] # ll / var/named/chroot/var/named/slaves/ Total usage 4Murray Rafael-1 named named 370 August 3 01:09 linux.com.zone.file # see this file Description: [root@DNS1-server2 ~] # cat / var/named/chroot/var/named/slaves/linux.com.zone.file # file specific content [root@DNS2-server slaves] # cat linux.com.zone.file $ORIGIN. $TTL 86400 1 daylinux.com IN SOA ns1.linux.com. Root.linux.com. (2015060101; serial 86400; refresh (1 day) 10800; retry (3 hours) 604800; expire (1 week) 10800 Minimum (3 hours)) NS ns1.linux.com. NS ns2.linux.com.$ORIGIN linux.com.ns1 A 192.168.24.200ns2 A 192.168.24.201web CNAME wwwwww A 192.168.24.200

Verify that the slave server is notified to update automatically when the master server configuration is modified

1$ TTL 86400 2 @ IN SOA ns1.linux.com. Root.linux.com. (3 2015060101 41D 53H 61W 7 3H) 8 IN NS ns1.linux.com. 9 IN NS ns2.linux.com. 10 ns1 IN A 192.168.24.200 11 ns2 IN A 192.168.24.201 12 www IN A 192.168.24.200 13 web IN CNAME www.linux.com. 14 bbs IN CNAME www.linux.com. # newly added entry

Restart the main DNS service

[root@DNS1-server ~] # service named restart

View the zone zone file from the server

[root@DNS1-server2] # cat / var/named/chroot/var/named/slaves/linux.com.zone.file $ORIGIN. $TTL 86400; 1 daylinux.com IN SOA ns1.linux.com. Root.linux.com. (2015060101; serial 86400; refresh (1 day) 10800; retry (3 hours) 604800; expire (1 week) 10800 Minimum (3 hours)) NS ns1.linux.com. NS ns2.linux.com.$ORIGIN linux.com.bbs CNAME wwwns1 A 192.168.24.200ns2 A 192.168.24.201web CNAME wwwwww A 192.168.24.200

# you can see that the serial number is updated to modify, and the web record just added is added

By shutting down the main DNS resolution service and simulating the hanging of the main DNS server, the domain name of linux.com can be resolved normally from the DNS.

Configure the client

Ping the www.linux.com before closing the main server network card to see if it can be parsed properly.

Then shut down the named service servive named stop of the main DNS server

Then ping the www.linux.com to see if it can be parsed properly.

It can be seen that it can be parsed normally.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report