Shulou(Shulou.com)06/03 Report--

The function of DNS system

The function of DNS system in the network is to maintain an address database, which records the corresponding relationship between various host domain names and IP addresses, in order to provide forward or reverse address query services for clients.

Forward resolution: look up the corresponding IP address according to the host name (domain name) reverse resolution: look up the corresponding host domain name according to the IP address DNS system type cache domain name server also known as the cache server by querying other domain name servers to obtain the domain name-> IP address record to cache the domain name query results locally to improve the speed of repeated queries the official server in a specific DNS area of the primary domain name server Uniqueness is responsible for maintaining the mapping record of many domain names-> IP addresses in the region from the domain name server, also known as the secondary domain name server, and the domain name-> IP address record is from the primary domain name server BIND domain name service.

BIND is not the only DNS program that can provide domain name services, but it is the most widely used, and BIND can run on most Linux hosts.

Install BIND software [root@localhost] # yum install bind-y / / CentOS 7 to connect to the network You can install the BIND server program directly using yum: / usr/sbin/named default listening port 53 main configuration file / etc/named.conf saving DNS parsing record data file / var/named/ main configuration file global configuration settings DNS server global parameters include listening address / port, default location of data files using options {.} The configuration side of options {listen-on port 53 {local IP address}; / / listening address and port directory "/ var/named"; / / default location of regional data files allow-query {192.168.1.0 shock 24x 173.16.16.0 allow-query;}; / / allow the use of the network segment of this DNS service

Area configuration section

Set the specific DNS area where this server provides domain name resolution

Including domain name, server role, data file name, etc.

Use the zone area name IN {. }; forward parsing of zone "yun.com" IN {/ / forward "yun.com" region type master; / / main region file "yun.com.zone"; / / region data file is "yun.com.zone" allow-transfer {173.16.16.2} / / allow downloading slave server address}; reverse parse zone "16.16.173.in-addr.arpa" IN {/ / reverse "173.16.16.0and24" zone type master; file "173.16.16.arpa"; / / the zone data file is "173.16.16.arpa" allow-update {none;};}

Zone data profile

Global TTL configuration items and SOA records SOA: resource start record

$TTL 1D / / the life cycle of valid resolution records @ IN SOA @ rname.invalid. (/ / SOA tag, domain name, administrative mailbox 0; serial / / update sequence number, which can be an integer of less than 10 digits 1D; refresh / / refresh time, interval between redownloading address data 1H; retry / / retry delay, 1W retry interval after download failure Expire / / invalidation time, after which 3H will be abandoned if it cannot be downloaded); minimum / / invalid resolution record life cycle

​ domain name resolution record

NS: domain name server record (Name Service) MX: Mail exchange record (Mail Exchange) A: address record, only used in forward resolution area (Address) CNAME: alias record (Canonical Name) "*" IN IP: pan-domain name resolution PTR: pointer record, only use the first column recorded in the reverse resolution area to specify the host address part of the IP address to DNS the configuration file

/ etc/named.conf main configuration file controls the system global (include includes)

/ etc/named.rfc1912.zones zone profile controls specific individual regions

/ var/named/named.localhost zone data configuration file zone information build DNS service forward parsing configuration

1. Install BIND software

[root@localhost ~] # yum install bind-y loaded plug-in: fastestmirror Langpacksbase | 3.6 kB 00:00:00 extras | 3.4 kB 00:00: 00 updates | 3.4 kB 00:00:00 (1 kB 4): base/7/x86_64/group_gz | 166 kB 00 : 00:00 (2thumb 4): extras/7/x86_64/primary_db | 215 kB 00:00:00. / / omit some contents. Installed: bind.x86_64 32 74.el7_6.2 bind-libs-lite.x86_64 9.9.4-74.el7_6.2 is upgraded as a dependency: bind-libs.x86_64 32 VR 9.4-74.el7_6.2 bind-libs-lite.x86_64 32 VR 9.9.4- 74.el7_6.2 bind-license.noarch 32 74.el7_6.2 9.9.4-74.el7_6.2 bind-utils.x86_64 32 74.el7_6.2 9.9.4-over!

2. Check the location of the configuration file to make it easier for us to edit the configuration file

[root@localhost named] # rpm-qc bind/etc/logrotate.d/named/etc/named.conf / / main profile location / etc/named.iscdlv.key/etc/named.rfc1912.zones / / Zone profile location / etc/named.root.key/etc/rndc.conf/etc/rndc.key/etc/sysconfig/named/var/named/named.ca/var/named/named.empty/var/named/named .localhost / / Zone data configuration file / var/named/named.loopback

3. Change the main configuration file (here you mainly modify the listening address and permission development)

[root@localhost named] # vim / etc/named.conf... / / omit part of the content. / / See the BIND Administrator's Reference Manual (ARM) for details about the// configuration located in / usr/share/doc/bind- {version} / Bv9ARM.htmloptions {listen-on port 53 {192.168.144.133;}; / / modify the address to listen on your own local address listen-on-v6 port 53 {:: 1;} Directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots" Allow-query {any;}; / / permission is relaxed, allowing any host to use the DNS service / *-If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. ... / / omit part of the content. Pid-file "/ run/named/named.pid"; / / do not change the location of the process files, session-keyfile "/ run/named/session.key";}; logging {channel default_debug {file "data/named.run"; severity dynamic;};}; zone "." IN {/ / the resolution of the root domain server, do not change the type hint; file "named.ca";}; include "/ etc/named.rfc1912.zones"; / / do not change the include "/ etc/named.root.key" with the data file information contained in the configuration file

4. Modify the zone profile information contained in the main configuration file

[root@localhost named] # vim / etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1: localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c) 2007 R W Franks//// See / usr/share/doc/bind*/ Sample/ for example named configuration files.//zone "localhost.localdomain" IN {type master / / configuration template for forward parsing file file "named.localhost"; allow-update {none;};}; / / forward parsing zone configuration file location zone "localhost" IN {type master; file "named.localhost"; allow-update {none;};} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master; / / ipv6 parsing file configuration template file "named.loopback"; allow-update {none;};} / / reverse parsing zone configuration file location zone "1.0.0.127.in-addr.arpa" IN {type master; file "named.loopback"; / / configuration template allow-update {none;} of reverse parsing file ... / / See / usr/share/doc/bind*/sample/ for example named configuration files.//zone "localhost.localdomain" IN {type master; file "named.localhost"; allow-update {none;};}; zone "localhost" IN {type master; file "named.localhost"; allow-update {none;};} Zone "kgc.com" IN {/ / copy template, change zone domain name type master; file "kgc.com.zone"; / / change zone data file name allow-update {none;};} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master; file "named.loopback"; allow-update {none;};}; zone "1.0.0.127.in-addr.arpa" IN {type master ... / / omit part of the content.

5. Create a zone data file so that the area file can read the data file

[root@localhost named] # cd / var/named/ enter the region data file storage directory [root@localhost named] # ls / / View directory information data dynamic named.ca named.empty named.localhost named.loopback slaves [root@localhost named] # cp-p named.localhost kgc.com.zone / / Recursive copy Create kgc.com.zone file [root@localhost named] # ls / / check whether to create kgc.com.zone file data dynamic kgc.com.zone named.ca named.empty named.localhost named.loopback slaves [root@localhost named] # vim kgc.com.zone / / Edit area data file $TTL 1D @ IN SOA kgc.com. Admin.kgc.com. (/ / change the domain name, manage the mailbox, mainly after the "." No less than 0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS kgc.com. / / change the domain name server record address A 192.168.144.133 / change the forward resolution entry address IN MX 10 mail.kgc.com. / / add mail exchange record address www IN A 192.168.100.99 / / add www domain name resolution address ftp IN A 192.168.100.88 / / add ftp domain name resolution address smtp IN CNAME www / / add alias resolution record * IN A 8.8.8.8 / / add pan-domain name resolution Analyze the address ~: wq / / Save exit

6. Turn off the firewall and enhance the security function to facilitate client access, and then start the DNS service.

[root@localhost named] # systemctl stop firewalld.service / / turn off firewall [root@localhost named] # setenforce 0 / / turn off enhanced security more [root@localhost named] # systemctl start named / / start DNS service [root@localhost named] # systemctl status named / / View service ● named.service-Berkeley Internet Name Domain (DNS) / / DNS start Loaded normally : loaded (/ usr/lib/systemd/system/named.service) Disabled; vendor preset: disabled) Active: active (running) since four 2019-09-05 17:36:31 CST; 11s ago Process: 7425 ExecStart=/usr/sbin/named-u named-c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 7422 ExecStartPre=/bin/bash-c if [! "$DISABLE_ZONE_CHECKING" = "yes"]; then / usr/sbin/named-checkconf-z "$NAMEDCONF"; else echo "Checking of zone files is disabled" Fi (code=exited Status=0/SUCCESS) Main PID: 7427 (named) CGroup: / system.slice/named.service └─ 7427 / usr/sbin/named-u named-c / etc/ named.confession 05 September 17:36:31 localhost.localdomain named [7427]: managed-keys-zone: loaded serial 09.05 17:36:31 localhost.localdomain named [7427]: zone 0.in-addr.arpa/IN: loaded serial 05 17:36:31 localhost.localdomain named [7427]: zone 1.09 .0.127.in-addr.arpa/IN: loaded serial 09.05 17:36:31 localhost.localdomain named [7427]: zone kgc.com/IN: loaded serial 09.05 17:36:31 localhost.localdomain named [7427]: zone localhost.localdomain/IN: loaded serial 09.05 17:36:31 localhost.localdomain named [7427]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0...ial September 05 17:36:31 localhost.localdomain named [7427]: zone localhost/IN: loaded serial September 05 17:36:31 localhost.localdomain named [7427]: all zones loaded9 month 05 17:36:31 localhost.localdomain named [7427]: running9 month 05 17:36:31 localhost.localdomain systemd [1]: Started Berkeley Internet Name Domain (DNS). Hint: Some lines were ellipsized Use-l to show in full. [root@localhost named] # echo "nameserver 192.168.144.133" > / etc/resolv.conf / / overwrite domain name resolution address file information Because our own DNS server has to resolve our own address, we directly overwrite the domain name resolution address file [root@localhost named] # cat / etc/resolv.conf nameserver 192.168.144.133 / / to overwrite the original information.

7. Use the host command to see whether the DNS parsing service is built successfully.

[root@localhost named] # host www.kgc.com / / resolve domain name www.kgc.comwww.kgc.com has address 192.168.100.99 / / successfully resolve IP address [root@localhost named] # host ftp.kgc.com / / resolve domain name ftp.kgc.com ftp.kgc.com has address 192.168.100.88 / / successfully resolve IP address [root@localhost named] # host aaa.kgc.com / / Pan-domain name resolution aaa.kgc.com has address 8.8.8.8 / successfully resolved IP address [root@localhost named] # host smtp.kgc.com / / alias resolution smtp.kgc.com is an alias for www.kgc.com. Www.kgc.com has address 192.168.100.99 / / successfully resolved IP address reverse resolution configuration

1. Continue the above configuration and go to the zone configuration file to change the zone configuration and reverse parse the zone template.

[root@localhost named] # vim / etc/named.rfc1912.zones...// omit part... zone "kgc.com" IN {type master; file "kgc.com.zone"; allow-update {none;};} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master; file "named.loopback"; allow-update {none;};}; zone "1.0.0.127.in-addr.arpa" IN {type master File "named.loopback"; / / copy the template here allow-update {none;};}; zone "100.168.192.in-addr.arpa" IN {/ / change the region address and fill in the type master; file "yun.com.local" backwards; / / change the region data file name allow-update {none;};} Zone "0.in-addr.arpa" IN {type master; file "named.empty"; / / omit part of the content.

2. Enter the storage directory of the regional data file to establish the regional data file, keep the same name with the more given regional data file in the regional file, and enter the changed regional data file.

[root@localhost named] # cd / var/named/ enter the directory [root@localhost named] # ls / / View data dynamic kgc.com.zone named.ca named.empty named.localhost named.loopback slaves [root@localhost named] # cp-p kgc.com.zone yun.com.local / / Recursive copy [root@localhost named] # vim yun.com.local / / enter the edit data information $TTL 1D @ IN SOA yun.com. Admin.yun.com. (/ / here kgc is changed to yun 0; serial 1D; refresh 1H; retry 1W Expire 3H); minimum NS yun.com. / / here kgc is changed to yun A 192.168.144.133 99 IN PTR www.yun.com. / / change to direction resolution address 88 IN PTR ftp.yun.com. / / change to the direction resolution address. / / omit part of the content.

3. Restart the DNS service and check whether the reverse resolution is created successfully.

[root@localhost named] # systemctl restart named / / restart service [root@localhost named] # host 192.168.100.99 / / resolve IP address 99.100.168.192.in-addr.arpa domain name pointer www.yun.com. / / successfully resolved the domain name [root@localhost named] # host 192.168.100.88 / / resolved the IP address 88.100.168.192.in-addr.arpa domain name pointer ftp.yun.com. / / successfully resolve the domain name configuration from the domain name server

1. Above we have successfully created a master server. At this time, we re-open a CentOS 7 system as a slave server of DNS, check the IP address of the slave server, and turn off the firewall function and enhanced security features to make it convenient for clients to connect with the master server.

[root@localhost ~] # ifconfig / / View network card information ens33: flags=4163 mtu 1500 inet 192.168.144.135 netmask 255.255.255.0 broadcast 192.168.144.255 inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20 inet6 fe80::ad78:663f:1f02:22e4 prefixlen 64 scopeid 0x20 ether 00:0c:29:75:9f:c8 txqueuelen 1000 (Ethernet) RX packets 1049 bytes 1282518 (1.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0. / / omit part of the content. [root@localhost ~] # systemctl stop firewalld.service / / turn off the firewall [root@localhost ~] # setenforce 0 / / turn off enhanced security features

2. Install the BIND software from the server and change the DNS configuration file information

[root@localhost ~] # yum install bind-y / / install DNS service software BIND loaded plug-in: fastestmirror Langpacksbase | 3.6kB 00:00:00 extras | 3.4kB 00:00:00 updates | 3.4kB 00:00:00 (1go 4): Base/7/x86_64/group_gz | 166kB 00:00:00: extras/7/x86_64/primary_db | 215kB 00:00:00. / / omit part of the content. [root@localhost ~] # vim / etc/named.conf / / enter the editing main configuration file / named .conf / Provided by Red Hat bind package to configure the ISC BIND named (8) DNS// server as a caching only nameserver (as a localhost DNS resolver only). / See / usr/share/doc/bind*/sample/ for example named configuration files.//// See the BIND Administrator's Reference Manual (ARM) for details about the// configuration located in / usr/share/doc/bind- {version} / Bv9ARM.htmloptions {listen-on port 53 {192.168.144.135 }; / / change the listening address to the native address listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt" Recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}; / / permission liberalization, allowing any host to use the DNS service / *-If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. -If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. ... [root@localhost ~] # vim / etc/named.rfc1912.zones / / modify the zone configuration file / / RFC 1912 section 4.1: localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c) 2007 R W Franks//// See / usr/share/doc/bind*/sample/ for example named configuration files . / / zone "localhost.localdomain" IN {type master File "named.localhost"; allow-update {none;};}; zone "localhost" IN {type master; file "named.localhost"; / / copy this template allow-update {none;};}; zone "kgc.com" IN {/ / paste and update the domain name the same as the master server / / set the type to slave file "slaves/kgc.com.zone"; / / We will synchronize the zone data file address from the master server to the slaves directory masters {192.168.144.133;}; / / delete the original entry and change it to the address pointing to the master server} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master; file "named.loopback"; allow-update {none;};} . / / omit part of the content. [root@localhost ~] # cd / var/named / / enter the regional data file storage directory [root@localhost named] # ls / / check to determine whether there is a slaves command data dynamic named.ca named.empty named.localhost named.loopback slaves [root@localhost named] # ls slaves/ enter the directory Check to see if there is any content [root@localhost named] # / / No content yet

3. Go back to the master server, change the configuration file, synchronize the master server with the slave server, and restart the DNS service after completion

[root@localhost named] # vim / etc/named.rfc1912.zones / / Edit main servant region configuration file / / zone "localhost.localdomain" IN {type master; file "named.localhost"; allow-update {none;};}; zone "localhost" IN {type master; file "named.localhost"; allow-update {none;};}; zone "kgc.com" IN {type master File "kgc.com.zone"; allow-transfer {192.168.144.135;}; / / changed here to point to the address of the slave server}; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master File "named.loopback"; allow-update {none;};}; zone "1.0.0.127.in-addr.arpa" IN {type master;...// omits part of the content. [root@localhost named] # systemctl restart named / / restart the DNS service

4. Go back to the slave server, start the DNS service, check whether there is a synchronized zone data file in the slaves directory, and then edit the content to overwrite the domain name resolution address file information as the master service.

[root@localhost named] # systemctl restart named / / start the DNS service [root@localhost named] # ls slaves/kgc.com.zone [root@localhost named] # echo "nameserver 192.168.144.135" > / etc/resolv.conf [root@localhost named] # cat / etc/resolv.confnameserver 192.168.144.135

5. Use the slave service to resolve the domain name to see if it can be resolved and whether the resolution result is the same. If the same means that the master-slave server we have established is successful.

[root@localhost named] # host www.kgc.com / / Resolution domain name www.kgc.comwww.kgc.com has address 192.168.100.99 / / the resolution address is the same as the main server [root@localhost named] # host ftp.kgc.com / / resolution domain name ftp.kgc.comftp.kgc.com has address 192.168.100.88 / / the resolution address is the same as the master server [root @ localhost named] # host aaa.kgc.com / / Anti-domain name resolution aaa.kgc.com has address 8.8.8.8 / / the resolution address is the same as the main server [root@localhost named] # host smtp.kgc.com / / alias resolution smtp.kgc.com is an alias for www.kgc.com.www.kgc.com has address 192.168.100.99 / / the resolution address is the same as the master server

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.