Shulou(Shulou.com)06/02 Report--

Foreword:

The function and type of BIND domain name service basic DNS system installation and configuration file of BIND use BIND to build domain name server build cache domain name server build master and slave domain name server

Key steps: find the main configuration file, find the startup script

1: the role of DNS system 1.1 forward resolution: find the corresponding IP address 1.2 reverse resolution according to the host name (domain name): find the corresponding host domain name according to the IP address

Ip resolves domain names, mostly for testing

1.3 distributed data structure of DNS system

Www.sina.com.cn. The last point is the root, and the whole is a fully qualified domain name.

Www is the host name, sina secondary domain name, com.cn is the top-level domain name. It's root.

Second: DNS system type 2.1 cache domain name server, also known as cache server, by querying other domain name servers to obtain domain names-> IP address records, and caching domain name query results locally to improve the speed of repeated queries.

When the service is installed, it is the cache server

2.2 Primary Domain name Server (master) the official server of a specific DNS region of the master primary server, which is uniquely responsible for maintaining the mapping record of all domain name-> IP addresses in that area 2.3 from the domain name server (slave) slave server, also known as the secondary domain name server, which maintains the domain name-> IP address record. From primary domain name server 3: BIND domain name service 3.1 BIND service brief BIND (Berkeley Internet Name Daemon) Berkeley Internet domain name service related software package bind-9.9.4-37.el7.x86_64.rpmbind-untils-9.9.4-37.el7.x86_64.rpmbind-libs-9.9.4-37.el7.x86_64.rpmbind-chroot-9.9.4-37.el7.x86_64.rpm3.2 BIND domain Server program main execution program: / usr/sbin/named default listening port: 53 TCP is responsible for connection control UDP is responsible for quickly parsing the main configuration file: / etc/bind/named.conf the data file that saves the DNS resolution record is located in the / var/named/3.3 BIND domain name service program main configuration file / etc/bind/named.conf global configuration section to set the global parameters of the DNS server, including the listening address / port, the default location of the data file, etc. Use options {. }; configuration segment [root@localhost ~] # vim / etc/named.confoptions {'option' listen-on port 53 {any;}; 'listen address all' listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; 'directory under / var/named' dump-file "/ var/named/data/cache_dump.db" Statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {192.168.10.0 amp 24;} 'allow this network segment to be resolved 'zone configuration section / etc/named.rfc1912.zones sets the specific DNS areas for domain name resolution provided by this server, including domain names, server roles, data file names, etc., using the zone "zone name" IN {. Configuration segment # forward parsing zone "localhost" IN {'hostname, example kgc.com' type master;' master type, host server 'file "named.localhost";' zone data file name, A record, can resolve host header, 'allow-update {none;} 'allow updates to 'allow-transfer {173.16.16.2}' IP address of slave server'}; # reverse parsing zone "16.16.173.in-addr.arpa" IN {'ip address reverse 'type master;' master server 'file "named.loopback";' zone configuration file name 'allow-update {none;} 'allow updates'}

16.16.173.in-addr.arpa is the reverse of ip address and the positive is' 173.16.16.'. ,? As an option

3.4 Zone data configuration file (A record) in the zone configuration options, file "*" 3.4.1 Global TTL configuration item and $TTL (Time To Live, time to Live) record SOA (Start Of Authority, start of authorization information) record semicolon under the SOA record / var/named/ directory; "the first part represents the comment information $TTL 1D 'effective resolution record life cycle' @ IN SOA @ rname.invalid. ('SOA tag, @ domain name, administrator email' 0; serial 'update serial number, which can be an integer less than 10 digits. The current 01D Refresh 'refresh time, interval between re-downloading address data, 1 day' 1H Retry 'retry delay, retry interval after download failure, 1 hour' 1W Expire 'expiration time, give up if you can't download after the change time, 1 week' 3H) Minimum 'invalid resolution record life cycle of 3 hours' NS @'@ refers to the loopback address of'A 127.0.0.1'. The first bit of this line is not written, and the default is your own hostname, that is, enter your own hostname in ping 'AAAA:: 1 ~

If the master server cannot be found, it will be found every hour for a week.

3.4.2 Domain name resolution record NS domain name server (Name Server) record MX mail exchange (Mail Exchange) record An address (address) record, only in forward resolution area CNAME alias (Canonical Name) record $TTL 1D 'lifecycle of valid resolution record' @ IN SOA @ rname.invalid. ('SOA tag, @ domain name, administrator email' 0; serial 'update serial number, which can be an integer less than 10 digits. The current 01D Refresh 'refresh time, interval between re-downloading address data, 1 day' 1H Retry 'retry delay, retry interval after download failure, 1 hour' 1W Expire 'expiration time, give up if you can't download after the change time, 1 week' 3H) Minimum 'invalid resolution record lifetime of 3 hours' NS @ A 127.0.0.1 AAAA:: 1 @ IN NS ns1.bdqn.com. Your own domain name is ns1.bdqn.com.' IN MX 10 mail.bdqn.com. 'your own mail exchange system priority 10 is called mail.bdqn.com.'ns1 IN A 58.119.74.203', that is, when the host header is ns1, the corresponding ip address 58.119.74.203'www IN A 173.16.16.1' when the host name is www, the corresponding ip address is 173.16.16.1'mail IN A 173.16.16.4 ftp IN CNAME www 'cname, alias That is, entering ftp is equivalent to typing www'~ 3.5.Experimental: forward parsing build [root@dns named] # rpm-qc bind 'View the configuration file of the installed bind software' / etc/logrotate.d/named/etc/named.conf/etc/named.iscdlv.key/etc/named.rfc1912.zones/etc/named.root.key/etc/rndc.conf/etc/rndc.key/etc/sysconfig/named/ Var/named/named.ca/var/named/named.empty/var/named/named.localhost/var/named/named.loopback [root@dns named] # [root@dns named] # vim / etc/named.conf 'configuration main profile' options {listen-on port 53 {any }; 'listener address is modified to all' listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; 'default file storage location, no need to move' dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}; 'allow all hosts to parse' / * [root@dns named] # vim / etc/named.conf 'configuration main configuration file' zone "." IN {'root domain, do not touch it' type hint; file "named.ca";}; include "/ etc/named.rfc1912.zones"; 'zone configuration file, next configure it' include "/ etc/named.root.key" [root@dns named] # cd / var/named 'take a look at the default file storage path' [root@dns named] # lschroot data dyndb-ldap kgc.com.zone named.empty named.loopbackchroot_sdb dynamic kgc.com.local named.ca named.localhost slaves [root@dns named] # vim / etc/named.rfc1912.zones' configuration area profile'

Take ipv6 reverse parsing zone as the boundary, the above is forward parsing zone, and the following is reverse parsing zone

Zone "kgc.com" IN {'create a kgc.com forward parsing area' type master; file "kgc.com.zone"; 'store the file in the default directory / var/named, named kgc.com.zone file, if you don't need to create' allow-update {none;};} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master; file "named.loopback"; allow-update {none;};}; zone "0.0.10.in-addr.arpa" IN {type master File "kgc.com.local"; allow-update {none;};}; [root@dns named] # cp-p named.localhost kgc.com.zone' reserves permission to copy the template, renamed to kgc.com.zone' [root@dns named] # vim kgc.com.zone' 'modify region data, $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS kgc.com. A 127.0.0.1 IN MX 5 mail.kgc.com.mail IN A 10.10.10.10www IN A 9.9.9.9ftp IN CNAME www* IN A 8.8.8.8

@ represents a variable, in this case, the domain name

At this time, the forward parsing of DNS has been configured.

[root@dns named] # systemctl start named 'Startup Service' [root@dns named] # netstat-natp | grep named 'View Port status-n digits-an all-t tcp-p protocol Protocol' tcp 0 0192.168.139.132 root@dns named 53 0.0.0.0 LISTEN 40771/named tcp 0 127.0.0.1 netstat 53 0.0.0.0LISTEN * LISTEN 40771/named tcp 0 0127.0.0.1 LISTEN 953 0.0.0.0 LISTEN 0 0: 1:53:: * LISTEN 40771 / Named tcp6 0 0:: 1 named tcp6 953: * LISTEN 40771/named [root@dns named] # netstat-naup | grep named'- u udp'udp 0 192.168.139.132 named tcp6 53 0.0.0.0 * 40771/named udp 0 0127.0.0.1 40771/named udp6 53 0.0.0.0 40771/named udp 0 192.168.122.1 53 0.0.0.0:: 1:53: : * 40771/named [root@dns named] # systemctl stop firewalld 'turn off Firewall' [root@dns named] # setenforce 0 'disable Security Enhancement Service'

Verify it.

Create a new virtual machine, set the network card mode to nat mode, and then specify dns

C:\ Users\ GSY > nslookup mail.kgc.com server: UnKnownAddress: 192.168.139.132 name: mail.kgc.comAddress: 10.10.10.10C:\ Users\ GSY > nslookup qqq.kgc.com server: UnKnownAddress: 192.168.139.132DNS request timed out. Timeout was 2 seconds. Name: qqq.kgc.comAddress: 123.123.123.123' you can also enter the dns server name in the / etc/resolv.conf of the local machine to tell the host the location of the dns Perform local verification'[root@dns named] # echo "nameserver 192.168.139.132" > / etc/resolv.conf [root@dns named] # nslookup www.kgc.comServer: 192.168.139.132Address: 192.168.139.132#53Name: www.kgc.comAddress: 10.0.0.103.6 reverse domain name resolution record PTR3.6.1 domain name resolution record PTR pointer (Point) record You can use only the host address portion of the specified IP address in the first column recorded in the reverse resolution area for 14 IN PTR www.kgc.com.13 IN PTR ftp.kgc.com.

Reverse parsed zone data file configuration

The file name created by [root@dns named] # cp-p named.loopback kgc.com.local'is the same as the file name of zone reverse resolution configuration'[root@dns named] # vim kgc.com.local$TTL 1D @ IN SOA kgc.com. Admin.kgc.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS kgc.com. A 14.0.0.1414 IN PTR www.kgc.com.13 IN PTR ftp.kgc.com.2 IN PTR WWW.GSYDSG.com.~

You can test either nslookup or host.

[root@dns named] # systemctl restart named [root@dns named] # nslookup 14.0.0.2 'because it is uppercase WWW in the configuration file So it is not the domain name = '2.0.0.14.in-addr.arpa name = WWW.GSYDSG.com. [root@dns named] # host 14.0.0.1414.0.0.14.in-addr.arpa domain name pointer www.kgc.com. [root@dns named] # host 14.0.0.1313.0.0.14.in-addr.arpa domain name pointer ftp.kgc.com. [root@dns named] # 3.7 zone data configuration file Pan-domain name resolution 3.7.1 load balancing based on domain name resolution when the same domain name corresponds to multiple IP addresses 3.7.2 Pan-domain name resolution cannot find the exact corresponding A record Use "*" to match www IN A 9.9.9.9www IN A 7.7.7.7www IN A 6.6.6.6 * IN A 8.8.8.8

Verify that the same domain name corresponds to multiple IP addresses

C:\ Users\ GSY > nslookup www.kgc.com server: UnKnownAddress: 192.168.139.132DNS request timed out. Timeout was 2 seconds. Name: www.kgc.comAddresses: 6.6.6.6 7.7.7.7 9.9.9.93.8 named-checkconf3.8.1 named-checkconf tool [root@dns named] # named-checkconf / etc/named.conf [root@dns named] # named-checkconf / etc/named.rfc1912.zones

There is no response, because it is working normally, so I will correct the data in it and verify it.

Zoe "kgc.com" IN {'remove the letters' type master; file "kgc.com.zone"; allow-update {none;};}; [root@dns named] # named-checkconf / etc/named.rfc1912.zones / etc/named.rfc1912.zones:13: unknown option 'zoe'

Correct the mistake.

[root@dns named] # named-checkconf-z / etc/named.rfc1912.zones zone kgc.com/IN: loaded serial 0zone localhost/IN: loaded serial 0zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0zone 0.0.14.in-addr .arpa / IN: loaded serial 0zone 0.in-addr.arpa/IN: loaded serial 0

-z option, and check to see if the zone entry is incorrect

Without the-z option, just look at the overall syntax

3.8.2 named-checkzone tool [root@dns named] # named-checkzone kgc.com/ var/named/kgc.com.zone zone kgc.com/IN: loaded serial 0OK3.9 Lab: building a cached Domain name Server

3.10 build master and slave domain name servers

Slave slave server

Summarize the use of dns domain name resolution service

Just turn off the firewall first.

1. Bind* software needs to be installed

Main configuration file / etc/bind/named.conf

Data file / var/named

Program / usr/sbin/named

two。 Global profile configuration / etc/named.confoptions {'many options' listen-on port 53 {127.0.0.1;}; 'listen this address' listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; 'default directory under / var/named' dump-file "/ var/named/data/cache_dump.db" Statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {localhost;}; 'allow this hostname to be resolved' 3. Zone profile / etc/named.rfc1912.zones# forward parses zone "localhost" IN {"hostname" type master; 'master type, master server' file "named.localhost"; 'zone data file name, A record, can resolve host header' allow-update {none;}; 'allow updates' allow-transfer {173.16.16.2} 'slave server's IP address'}; zone "localhost" IN {"hostname" type slave; 'slave type, slave server' file "slaves/bdqn.com.zone"; allow-update {none;}; 'allow updates' masters {192.168.10.10 };'IP address of master server'}; # reverse parsing zone "16.16.173.in-addr.arpa" IN {'ip address reverse 'type master;' master server 'file "named.loopback";' zone configuration file name 'allow-update {none;};' allow updates'}; 3. Under the area data file / var/named/ directory

Copy with permission using the named.localhost as the template, and change the name to the name of the file parameter in the zone configuration file.

$TTL 1D 'effectively parses the life cycle of records' @ IN SOA @ rname.invalid. ('SOA tag, @ domain name, administrator email' 0; serial 'update serial number, which can be an integer less than 10 digits. The current 01D Refresh 'refresh time, interval between re-downloading address data, 1 day' 1H Retry 'retry delay, retry interval after download failure, 1 hour' 1W Expire 'expiration time, give up if you can't download after the change time, 1 week' 3H) Minimum 'invalid resolution record lifetime of 3 hours' NS @ A 127.0.0.1 AAAA:: 1 @ IN NS ns1.bdqn.com. IN MX 10 mail.bdqn.com.mail IN A 173.16.16.4ns1 IN A 58.119.74.203ftp IN CNAME wwwwww IN A 173.16.16.1

Nslookup can check it out.

You can enter the dns server hostname in the / etc/hosts and / etc/resolv.conf files

And confirm that it is used to quickly access the dns address.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.