Shulou(Shulou.com)06/02 Report--

Common concepts of DNS server

1. Overview of DNS service:

DNS (Domain Name System-- Domain name system), which plays a very important role in TCP/IP network, can provide domain name and IP address resolution service.

DNS is a distributed database. The naming system adopts a hierarchical logical structure, like an inverted tree. This logical tree structure is called domain name space. Because DNS divides domain name space, each organization can use its own domain name space to create DNS information.

Note: in the DNS domain name space, the maximum depth of the tree must not exceed 127. each node in the tree can store up to 63 characters.

Two. the interpretation of some nouns:

1. Domain and domain name

Each node of the DNS tree represents a domain. Through these nodes, the entire domain name space is divided into a hierarchical structure.

The name of each domain in the domain name space is represented by the domain name.

Domain name: usually identified by a fully qualified domain name (FQDN). FQDN can accurately indicate its position relative to the root of the DNS domain, that is, the complete expression from the node to the root of the DNS tree, using reverse writing from the node to the root of the tree, and using "." Separated, for the DNS domain google, its fully official domain name (FQDN) is google.com.

For example, google is a subdomain of the com domain and its representation is google.com, while www is a subdomain of the Google domain and can be represented by www.google.com.

Note: in general, FQDN has strict naming restrictions, the length can not exceed 256byte, only allow the use of characters Amurz Zand minus sign (-). The dot (.) can only be used between domain name flags (for example, "google.com") or at the end of FQDN.

Domain names are not size sensitive.

From top to bottom, it can be divided into root domain, top domain, secondary domain and subdomain.

The top layer of the Internet domain space is the root, which records the important DNS information of the Internet and is managed by the Internet domain name registration authority, which assigns the management responsibility of each part of the domain name space to the organizations connected to the Internet.

"." There are 13 root servers around the world

Below the DNS root domain is the top-level domain, which is also managed by the Internet domain name registration authority. There are three types of top-level domains.

Organizational domain: a 3-character code indicating the main functions or activities of the organization contained in the DNS domain. For example, com is a commercial organization, edu is an educational organization, gov is a government organization, mil is a military organization, net is a network organization, org is a non-profit organization, and int is an international organization.

Address domain: a two-character country or region code. For example, cn is China, kr is Korea, and us is the United States.

Reverse domain: this is a special domain named in-addr.arpa, which is used to map IP addresses to names (reverse queries).

For the subordinate domains of the top-level domain, the Internet domain name registration authority authorizes various organizations of Internet. When an organization is authorized to a certain part of the domain name space, the organization is responsible for naming the assigned domain and its subdomains, including computers and other devices in the domain, and managing the mapping information between host names and IP addresses in the assigned domain.

2. Zone (Zone)

A zone is part of an DNS namespace that contains a set of resource records stored on a DNS server.

Using the concept of zone, the DNS server answers queries about the hosts in its own zone, and each zone has its own authorization server.

three。 Primary domain name server and secondary domain name server

When the secondary server of the zone starts, it connects with the master server of the zone and starts a zone transmission. The auxiliary server of the zone communicates with the master server of the zone regularly to see if the data of the zone has changed. If it changes, it initiates a data update transfer. Each zone must have a primary server, and each zone must have at least one secondary server, otherwise if the primary server of the zone crashes, the name of the zone cannot be resolved.

Advantages of the secondary server:

1) Fault tolerance

After configuring the secondary server, the client can still resolve the name of the zone if the primary server of the zone crashes. Generally, the primary server of the zone and the secondary server of the zone are installed on different subnets, so that if the connection to one subnet is broken, the DNS client can directly query the name server on another subnet.

2) reduce the traffic of wide area links

If a zone has a large number of clients remotely, users can remotely add secondary servers for the area and configure remote clients to query these servers first, thus preventing remote clients from making DNS queries over slow link communications.

3) lighten the load on the primary server

The secondary server can answer queries in the area, thus reducing the number of queries that must be answered by the primary server in the area.

IV. Related concepts of DNS

(1) DNS server

A computer running a DNS server program that stores DNS database information. The DNS server attempts to parse the client's query request.

When answering the query, if the DNS server can provide the requested information, it responds directly to the resolution result, and if the DNS server does not have the corresponding domain name information, it provides the client with another server address that can help resolve the query. If the above two methods fail, the client does not have the requested information or the requested information does not exist.

(2) DNS cache

When the DNS server parses the client request, if it does not have the DNS information locally, it can ask other DNS servers. When the other domain name server returns the query result, the DNS server will record the result in the local cache and become the DNS cache. The next time the client submits the same request, the DNS server can parse directly using the DNS information in the cache.

(3) DNS query process:

Look at a DNS query process:

The domain name is resolved in eight steps, but in practical applications, this process is usually very fast.

The client submits a domain name resolution request and sends the request to the local domain name server.

When the local domain name server receives the request, it first queries the local cache.

If there is a DNS information record of the query, the result of the query is returned directly.

If there is no record, the local domain name server sends the request to the root domain name server.

The root domain name server returns to the local domain name server the address of the top-level domain name server of the queried domain.

The local server sends a request to the returned domain name server.

The domain name server that receives the query request queries its cache and records, and returns the query result of the client if there is any relevant information, otherwise it notifies the address of the domain name server of the subordinate of the client.

The local domain name server sends the query request to the returned DNS server.

The domain name server returns the query result of the local server (if the domain name server does not contain the DNS information of the query, the query process will be repeated until the resolution information or the response of resolution failure is returned).

The local domain name server saves the returned results to the cache and returns the results to the client.

five。 There are two query methods:

(1) Recursive query

Recursive query is a query mode of DNS server. In this mode, the DNS server receives the client request and must reply to the client with an accurate query result. If the DNS server does not store query DNS information locally, the server will ask other servers and submit the returned query results to the client.

(2) iterative query

Another query mode of the DNS server is iterative query. When the client sends the query request, the DNS server does not reply to the query result directly, but tells the client the address of another DNS server, and the client submits the request to the DNS server and loops until the query result is returned.

six。 Forward and reverse parsing

1) forward parsing

Forward resolution refers to the resolution process from domain name to IP address.

2) reverse parsing

Reverse resolution is the resolution process from IP address to domain name. The function of reverse resolution is authentication of the server.

Configuration file for DNS service

one。 Master configuration file

/ etc/named.conf

Function: control the whole system

two。 Zone profile

/ etc/named.rfc1912.zones

Function: control specific individual area

three。 Zone data profile

/ etc/named/named.localhost

Function: area information

Forward parsing construction of DNS service

1. Install the bind package using yum install bind-y

two。 Modify the global configuration file vim / etc/named.conf

3. Modify the zone configuration file vim / etc/named.rfc1912.conf

4. Copy area data file template

5. Modify the area data file vim / etc/named/kgc.com.zone

6. Turn off the firewall and turn on the service

7. Modify dns configuration file

8. Use host domain name for resolution verification

DNS reverse parsing configuration process

1. Modify the zone configuration file vim / etc/named.rfc1912.zones

two。 Copy area data file template

3. Modify the area data file vim / etc/named/yun.com.local

4. Restart the service systemctl restart named

5. Verify host

Master-slave synchronization of DNS server

1. Turn on another virtual machine as the secondary server, turn off the firewall, and install bind

two。 Modify the global configuration file vim / etc/named.conf

3. Modify the zone configuration file vim / etc/named.rfc1912.zones

4. Switch to the master server to modify the zone configuration file vim / etc/named.rfc1912.zones

5. Restart the primary server service

6. Modify the slave server dns configuration file and start the service

7. Verification

The slave server has the parsing function equivalent to the master server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.