Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

DNS (Domain name system) and BIND (Berkeley Internet name Domain)

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

There has always been great confusion about the address entered in the browser's address bar. Why did you enter www? Why does it end with .com? Why use "." To separate the three parts (in most cases)? Well, I didn't know until after college that the scientific name is a domain name, not a web address called by netizens; the domain name makes it easier for us to access, rather than trying to remember that long string of numbers: ip address.

First, take a look at this namespace, which can also be called the ta namespace. Spatially, we vividly regard ta as an inverted tree, and the tree structure in the data structure, you know, is similar to that.

Like www.baidu.com.

Root domain (.) Left out at the end, com is its top-level domain, baidu is the second-level domain, and www is the third-level domain name, also known as hostname

The domain name space is described in detail below:

The first is the root domain (.)

Below the root domain is the top-level domain, which is also managed by the Internet domain name registration authority. There are three types of top-level domains.

1. The organizational domain, using a 3-character code name, represents the main functions or activities of the organization contained in the DNS domain, and the commonly used organizational domain name.

two。 Geographical domain. Use two-character country or regional codes, such as cn for China, kr for South Korea, and us for the United States.

3. Reverse domain. This is a special domain named in-addr.arpa, which is used to map IP addresses to names.

For the subordinate domains of the top-level domain, the Internet domain name registration authority authorizes various Internet organizations. When an organization obtains authorization for a certain part of the domain space, the organization is responsible for ordering the assigned domain and its subdomains, including other devices of computers in the domain, and manages the mapping information between host names and IP addresses in the assigned domain.

The domain name system is responsible for name resolution, including forward resolution and reverse resolution. As the name implies, is the name known by the IP or by the IP?

2. There are two types of complete DNS queries:

1. The query from the host to the local domain name server usually uses recursive query. The so-called recursive query is: if the local domain name server asked by the host does not know the IP address of the domain name being queried, then the local domain name server, as a DNS client, will continue to send query request messages to other root domain name servers (that is, continue to query for the host), instead of letting the host make the next query. Therefore, the query result returned by the recursive query is either the IP address to be queried or an error is reported, indicating that the required IP address cannot be queried.

2. Iterative query from the local domain name server to the root domain name server. The characteristics of iterative query: when the root domain name server receives the iterative query request message sent by the local domain name server, it either gives the IP address to be queried, or tells the local server: "which domain name server should you query next?" Then let the local server make subsequent queries. The root domain name server usually tells the local domain name server the IP address of the top-level domain name server, and then asks the local domain name server to query the top-level domain name server. After receiving the query request from the local domain name server, the top-level domain name server either gives the IP address to be queried, or tells the local server which permission domain name server should query next. Finally, you know the IP address you want to resolve or report an error, and then return the result to the host that initiated the query.

Take a chestnut:

Suppose the host with the domain name m.xyz.com wants to know the IP address of another host, y.abc.com. For example, the host m.xyz.com is going to send a message to y.abc.com. At this point you must know the IP address of the host y.abc.com. Here are several query steps in figure an above:

1. The host m.abc.com first makes a recursive query to the local server dns.xyz.com.

2. Iterative query is used in the local server. It first queries a root domain name server.

3. The root domain name server tells the local server that the IP address of the top-level domain name server dns.com should be queried next time.

4. The local domain name server queries the top-level domain name server dns.com.

5. The top-level domain name server dns.com tells the local domain name server that the IP address of the permission server dns.abc.com should be queried next.

6. The local domain name server queries the permission domain name server dns.abc.com.

7. The permission domain name server dns.abc.com tells the local domain name server the IP address of the host to be queried.

8. The local domain name server finally tells m.xyz.com the query result.

3. Resource record RR

There are several types:

A,AAAA,PTR,SOA,NS,CNAME,MX

The following describes each resource type and its specific format in the database

1.SOA:Start Of Authority, initial authorization record

There can be only one SOA record in any database, and it must be the first record in the database.

Name: the domain name of the current domain, such as qhdlink.com.;, or you can use "@" instead.

Value:

1. FQDN of the primary DNS server in the current zone

two。 The email address of the administrator of the current regional database; but use "." Instead of "@"

Such as: mailmaster. (@) whjlab.com

3. The related time definition of regional transmission by master-slave server and the unified TTL of negative answer

(Serial 1H 15m 1W 1D)

The meaning of the field in parentheses is:

Serial

On behalf of the version of the zone file, whenever the content of the zone file changes, the name server manager should increase this number, because the slave will compare this number with the share of its copy to decide whether to copy again (that is, zone transfer).

Refresh

Slave server checks the serial number on the master server at intervals (in seconds). However, a problem that occurs here is that it may take a long time for master server to update after the completion of update data to slave server, so there may be inconsistencies in zone files between master/slave DNS server during this period. So the "notify" function is added in the newer version of Bind, and the user adds the "notify" setting to the required zone in the "named.conf" setting, then the master server will take the initiative to send a message (NOTIFY) after the update completes the data of a zone file, in order to notify the other slave servers, so if the slave servers also supports this "notify" function, slave servers can immediately do zone transfer to update data.

When slave server is unable to serial check with master, retry every few seconds.

Expire

When the time exceeds the number of seconds set by Expire and slave server is unable to contact master, then slave will delete its own copy.

Minimum

When representing the default TTL value of all the record in this zone file, that is, the record of other DNS server cache, the maximum time should not exceed this time.

Example:

@ 86400 IN SOA ns1.whjliab.com. Mail.whjlab.com. (

2017081001 serial

1H _ refresh

15m space retry

1W _ expire

1D;) ttl

2.A:Address, host record

Identifies the mapping from fully qualified domain names to IP addresses; FQDN-- > IPv4

Name: the FQDN or hostname of a host in the domain

Value: the IPv4 address corresponding to the hostname

Example:

Www.whjlab.com. 86400 IN A 192.168.1.1

Www IN A 192.168.1.1

3. AAAAVOR AddressMagneFQDN-- > IPv6

4.NS record:

Name: the domain name of the current domain

Value: the fully qualified domain name of a DNS server in the current region, such as ns#.qhdlink.com

Note:

1. There can be multiple NS resource records in a domain

two。 Every NS resource record must have an A record corresponding to it.

For example:

Whjliab.com. 86400 IN NS ns1.whjlab.com.

5.MS record:

Name

Value: the hostname of a valid mail server in the current domain

Note:

1. There can be multiple entries in a domain

two。 Each MX must have a corresponding A record.

For example

Whjlab.com. 86400 IN MX 10 mail1.whjlab.com

@ IN MX 20 mail2

6.CNAME:

FQDN or simple name of the name alias

The FQDN of the real name of value or its simple name

Example:

Web.qhdlink.com. 86400 IN CNAME www.qhdlink.com.

Web IN CNAME www

7.PTR record:

The name:IP address is written in reverse, with the reverse domain standard suffix added to its suffix

For example: 1.72.16.172.in-addr.arpa.

4. Master-slave DNS server:

Master DNS: the principal server that maintains the parsed regional database files, that is, administrative operations such as additions, deletions and modifications can be carried out in the regional database, and read and write operations can be carried out.

Slave DNS: secondary DNS server that replicates each other's zone database by zone transfer from the master DNS-server or other slave DNS-server; so the slave DNS does not have the function of managing operations

To ensure that the databases of the two are consistent, you need to ensure that:

The serial number is consistent: Serial, that is, the version number in the database; if the database content of the primary DNS server changes, the serial number should increase itself. If a new database is received from the server, it will be ignored if its serial number has not changed; if it is found that its serial number is larger than its current database serial number, it will be updated

Refresh interval: refresh, how often does the DNS server go to the main DNS server to check the serial number changes and updates

Retry interval: retry, after the request for synchronization data from the DNS server from the primary DNS server fails, the time between reinitiating the attempt request

Expiration time: expire. When the master DNS server can never be contacted from the DNS server, how long will it take to stop the service?

Cache duration of negative answer: minimal TTL

Fifth, the implementation method-Bind software

The program that implements the DNS protocol is BIND, and the main program of the BIND server is named.

Bind:

Main configuration file: / etc/named.conf

You can use the include command to include other profiles in this profile

/ etc/named.lscdlv/key

/ etc/named.rfc1912.zones

Declaration area

/ etc/named.root.key

Format of the main configuration file:

1. Annotation method:

/ or / *. /

two。 Characteristics of segmented configuration

a. Access control list definition field

Acl ACL_NAME {...}

b. Global options section:

Options {...}

c. Log configuration segment:

Logging {...}

d. Zone configuration segment:

Zone "ZONE_NAME" IN {...}

e. View configuration segment:

View VIEW_NAME {...}

F.include contains segments:

Include / PATH/TO/SOME_CONFIG_FILE

Options {

Listen-on port 53 {127.0.0.1;}

/ / the ipv4 address that the named process listens to after starting the DNS service

Listen-on-v6 port 53 {:: 1;}

/ / the ipv6 address that the named process listens to after starting the DNS service

Directory "/ var/named"

/ / the root directory of the specified parsing library

Dump-file "/ var/named/data/cache_dump.db"

Statistics-file "/ var/named/data/named_stats.txt"

Memstatistics-file "/ var/named/data/named_mem_stats.txt"

Allow-query {localhost;}

/ / access control statement, which hosts are allowed to send query requests to this server; default is localhost, that is, only query request processing is provided for the server itself

Recursion yes

/ / enable recursive query globally; all clients enable recursive query by default

Dnssec-enable yes

Dnssec-validation yes

Dnssec-lookaside yes

/ / it is recommended that beginners disable this dnssec function

/ * Path to ISC DLV key * /

Bindkeys-file "/ etc/named.iscdlv.key"

Managed-keys-directory "/ var/named/dynamic"

Pid-file "/ run/named/named.pid"

Session-keyfile "/ run/named/session.key"

}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report