Shulou(Shulou.com)06/02 Report--

Unit 3 cache DNS

General Manager of 1.DNS

(1) authoritative name server

-stores and provides actual data for an area (the entire DNS domain or part of the DNS domain). The types of authoritative name servers include

Master: contains the original zone data. Sometimes called "primary" name server

Slave: a backup server that transmits copies of zone data obtained from a Master server through a zone. Sometimes called a "secondary" name server

(2) non-authoritative / recursive name server

-the client looks for data from the authoritative name server. The types of recursive name servers include

Cache name server only: for lookup only, there is no authority for anything other than non-important data

(3) DNS search

The Stub parser on the client sends the query to the name server in / etc/resolv.conf. If the name server is authoritative about the requested information, it will send the authoritative answer to the client. Otherwise, if the name server has the requested information in its cache, it will send the non-authoritative answer to the client. If the cache can only have no information, the name server will search the authoritative name server to find the information, starting from the root zone, searching down according to the DNS hierarchy, to the name server with authority on the information, so as to get the answer for the client. In this case, the name ch said that the server passed the information to the client and kept a copy in its own cache for later search.

2.DNS resource record

The DNS area stores information in the form of resource records. Each resource record has a type indicating the type of data it retains

-A: name to IPv4 address

-AAAA: name to IPv6 address

-CNAME: name to "canonical name" (contains another name of the A/AAAA record)

-PTR: IPv4/IPv6 address to name

-MX: the mail exchanger for the name (where to send its email)

-NS: name server of the domain name

-SOA: "start of authorization", information of DNS area (management information)

3.DNS troubleshooting

It displays details from DNS lookups, including

Why the query failed:

-NOERROR: query succeeded

-NXDOMAIN: DNS server prompts that such a name does not exist

-SERVFAIL: DNS server is down or DNSSEC response verification failed

-REFUSED: the DNS server refuses to answer (perhaps for access control reasons)

Part of the 4.dig output

The title indicates information about queries and answers, including any special markers for response status and settings (aa for authoritative answers, etc.)

-QUESTION: put forward the actual DNS query

-ANSWER: response (if any)

-AUTHORITY: the name server responsible for the domain / zone

-ADDITIONAL: additional information provided, usually about the name server

-the comment at the bottom indicates the recursive name server that sent the query and the time it took to get the response

5. Cache DNS server

BIND is the most widely used open source name server; in RHEL, it is provided through the bind software package; the firewall opens ports 53/TCP and 53 UDP; the main configuration file of BIND is the / etc/named.conf; / var/named directory that contains other data files used by the name server

Syntax of 6./etc/named.conf

/ / or # to the end of the line is a comment; the text between / * and * / is also a comment (which can span multiple lines); the instruction ends with a semicolon (;); many instructions think that the address matching list is placed in curly braces in a list of IP addresses or subnets in CIDR, or in named ACL (such as any; [all hosts] and none ([no host]); the file starts with an options block, which contains instructions to control how named works; the zone block controls how named looks up its authoritative root name server and zone

7. Some important options instructions

Listen-on controls the IPv4 address that named listens on

Listen-on-v6 controls the IPv6 address that named listens on

Allow-query controls which clients can ask the DNS server for information

Forwarders contains a list of name servers to which DNS queries will be forwarded

(instead of contacting the external name server directly; in the case of a fire wall

Very useful)

All of these instructions treat the semicolon-separated elements in parentheses as address matches

List. Such as

-listen-on {any;}

-allow-query {127.0.0.1; 10.0.0.0 Universe 8}

8. Configure the name server

(1) install bind software package

-yum install-y bind

(2) Editing / etc/named.conf

Listen-on port 53 {any;}

Listen-on-v6 port 53 {any;}

Allow-query {any;}

Forwarders {172.25.254.254;}

[root@dns-server named] # cp-p named.localhost westos.com.zone

Edit / var/named/westos.com.zone

(3) start and enable the DNS server

Systemctl start named

Systemctl enable named

(4) Test from desktopX

-dig cla***oom.example.com

# # firewalld needs to be disabled in the experiment, and related services need to be restarted before each test #

I. Information description of DNS service

A: forward recording

PTR: reverse, IP to domain name

Host-l example.com: view all hosts in the domain

Dig-t soa example.com: secondary DNS

Software package: bind

DNS main configuration directory: / var/named/

DNS main configuration file: / etc/name.conf

DNS A record storage directory: / var/named/westos.com.zone

two。 How to configure DNS forward parsing:

1.vim / etc/named.conf # Edit the main configuration file

2.vim / etc/named.rfc1912.zones

3. Write A record file

Cp-p / var/named/localhost / var/named/westos.come.zone # generate A record template

Restart the service systemclt restart named after completion

On the client side vim / etc/resolv.conf = = > nameserver 172.25.254.218

Testing with dig www.westos.com

Auxiliary dns

Configure dual virtual network cards in the virtual console

Cd / etc/sysconfig/network-scripts/

Cp ifcfg-eth0 ifcfg-eth2

Vim ifcfg-eth2

Then restart the network and view it with ifconfig

Cp-p / etc/named.rfc1912.zones / etc/named.rfc1912.inter

Vim / etc/named.rfc1912.inter

Cp-p / var/named/westos.com.zone / var/named/westos.com.inter

Vim / var/named/westos.com.inter

Vim / etc/named.conf

Systemctl restart named

On the client side vim / etc/resolv.conf = = > nameserver 172.25.18.218

Carry out detection

Dns reverse parsing

Cp-p / var/named/loopback / var/named/westos.com.ptr

Vim / var/named/westos.com/ptr

Vim / etc/named.rfc1912.zones

Client vim / etc/resolv.conf = = > nameserver 172.25.254.218

Carry out inspection

DNS update

Cp-p / etc/named/westos.com.zone / mnt

Vim / etc/named.rfc1912.zones

Chmod 770 / var/named

Setsebool-P named_write_master_zones 1

Detect on the client side

DNS plus key

Rm-rf / var/named/westos.com.zone

Rm-rf / var/named/westos.com.zone.jnl

Cp-p / mnt/westos.com.zone / var/named/

Cd / mnt

Dnssec-keygen-a HMAC-MD5-b 256-n HOST westoskey

Cp-p / etc/rndc.key / etc/westos.key

Vim / etc/westos.key

V

Vim / etc/named.conf

43 include "/ etc/westos.key"

Vim / etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type master

27 file "westos.com.zone"

28 allow-update {key westoskey;}; # change here

29}

Inspection

Scp Kwestoskey.+157+48027.* root@172.25.254.118:/mnt

Dynamic DNS

Server yum install dhcp-y

Cp/ usr/share/doc/dhcp-4.2.5/dhcpd.conf.example / etc/dhcp/dhcpd.conf

Vim / etc/dhcp/dhcpd.conf

After deleting lines 27, 28 and 36,

Vim / etc/named.conf

Systemctl restart dhcpd

Systemctl restart named

Detection

Unplug the network cable and vim / etc/sysconfig/network-scripts/ifcfg-eth0 in the client

DEVICE=eth0

BOOTPROTO=dhcp

ONBOOT=yes

: wq

Systemctl resetart network

Hostnamectl set-hostname test.westos.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.