Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

DNS query process and simple construction of DNS server

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

1. Describe the DNS query process and the DNS server category.

DNS query process:

The process that a complete query request goes through:

Client-- > hosts file-- > DNS Local Cache-- > DNS Server (recursion)-- >

The domain you are responsible for parsing: query the database directly and return the answer

Not responsible for the resolution domain: ServerCache-- > iteration (iteration)

DNS server category:

Primary-secondary DNS server:

Master DNS server: the server that maintains the domain database parsed by the server; both read and write operations can be performed

Slave DNS server: "copy" a parse library from the master DNS server or other DNS server; but only read

How to implement the copy operation:

Serial number: serial, that is, the version number of the database; when the content of the main server database changes, the version number increases

Refresh interval: refresh, how often does the server go to the main server to check the serial number update status

Retry interval: retry, the time between which a request from the slave server to synchronize the parse library fails to initiate the request again

Expiration time: expire: when the slave server cannot reach the master server, how long will it take to give up synchronizing data from the master server; stop providing services

The cache duration of the negative answer:

2. Set up a DNS server, which is responsible for resolving magedu.com domain names (set host name and IP by yourself)

(1) some hostnames can be parsed forward and reverse.

(2) perform subdomain authorization to the subdomain cdn.magedu.com, and the subdomain is responsible for resolving the hostname in the corresponding subdomain.

(3) in order to ensure the high availability of DNS service system, please design a set of scheme and write out the detailed implementation process.

First install and configure bind:

Yuminstall bind-y

Servicenamed start

Systemctlstart named.service (centos7)

Ss-tunl | grep 53

Bind:

Main configuration file: / etc/named.conf

Or include other files

/ etc/named.iscdlv.key

/ etc/named.rfc1912.zones

/ etc/named.root.key

Parse the library file:

/ var/named/ directory

The general name is: ZONE_NAME.zone

Note: (1) one DNS server can provide resolution for multiple regions at the same time.

(2) there must be a root zone resolution library file: named.ca

(3) there should also be two regional parsing libraries: localhost and 127.0.0.1 forward and backward parsing libraries.

Forward: named.localhost

Reverse: named.loopback

a. Analyze a positive region

1. Configuration of the cache name server:

[root@localhost~] # vim / etc/named.conf

/ /

/ / named.conf

/ /

/ / Provided by Red Hat bind package to configure the ISC BIND named (8) DNS

/ / server as a caching only nameserver (as a localhost DNS resolver only).

/ /

/ / See / usr/share/doc/bind*/sample/ for example named configuration files.

/ /

/ / See the BIND Administrator's Reference Manual (ARM) for details about the

/ / configuration located in / usr/share/doc/bind- {version} / Bv9ARM.html

Options {

/ / listen-on port 53 {127.0.0.1;}; # logging off this line means listening to all addresses

/ / listen-on-v6 port 53 {:: 1;}; # Log off this line

Directory "/ var/named"

Dump-file "/ var/named/data/cache_dump.db"

Statistics-file "/ var/named/data/named_stats.txt"

Memstatistics-file "/ var/named/data/named_mem_stats.txt"

/ / allow-query {localhost;}; # disable local queries only

Recursion yes

/ / dnssec-enable yes; # # when learning, it is recommended to turn off dnssec,DNS security certification

/ / dnssec-validation yes; # # when learning, it is recommended to turn off dnssec

Check the syntax errors of the configuration file after the modification is completed

Named-checkconf [/ etc/named.conf]

[root@localhost~] # named-checkconf

two。 Define area

Implemented in the main configuration file or in the main configuration file secondary configuration file

[root@localhost~] # vim / etc/named.rfc1912.zones # Edit the configuration file and add the following

Add zone "magedu.com" IN {# #

Type master

File "magedu.com.zone"

}

3. Establish a regional data file (mainly An or AAAA records)

Create a zone data file in the / var/named directory

[root@localhostnamed] # vim / var/named/magedu.com.zone

$TTL86400 # cache validity period 86400 seconds = 1 day

$ORIGINmagedu.com.

@ IN SOA ns1.magedu.com.dnsadmin.magedu.com. (

2017060601 # Serial number

1H # refresh time

10m # # retry time

3D # # expiration time

1D) # negative answer time

IN NS ns1

IN NS ns2

IN MX 10 mx1

IN MX 20 mx2

Ns1 IN A 192.168.0.104

Ns2 IN A 192.168.0.105

Mx1 IN A 192.168.0.106

Mx2 IN A 192.168.0.107

Www IN A 192.168.0.104

Web IN CNAME www

~ Syntax check:

[root@localhostnamed] # named-checkconf

[root@localhostnamed] # named-checkzone magedu.com / var/named/magedu.com.zone

Zonemagedu.com/IN: loaded serial 2017060601

OK

Permission modification:

[root@localhostnamed] # chown: named/ var/named/magedu.com.zone # modify the subordinate group to named

Chmodo= / var/named/magedu.com.zone # modify others without permission

4. Have the server reload configuration files and zone data files

# rndc reload or

# systemctl reload named.service

Test:

Dig-t A www.magedu.com @ 192.168.0.104

Similarly, the configuration parses a reverse area

1. Define area

Implemented in the main configuration file or in the main configuration file secondary configuration file

[root@localhost/] # vim / etc/named.rfc1912.zones

Zone "0.168.192.in-addr.arpa" IN {

Typemaster

File "192.168.0.zone"

}

two。 Define the zone resolution library file (mainly recorded as PTR)

[root@localhostnamed] # vim / var/named/192.168.0.zone

$TTL86400

$ORIGIN0.168.192.in-addr.arpa.

@ IN SOA ns1.magedu.com.nsadmin.magedu.com (

2017060601

1H

10M

3D

1D)

IN NS ns1.magedu.com.

104 IN PTR ns1.magedu.com.

105 IN PTR ns2.magedu.com.

106 IN PTR mx1.magedu.com.

107 IN PTR mx2.magedu.com.

104 IN PTR www.magedu.com.

Permission modification:

[root@localhostnamed] # chgrp named/ var/named/192.168.0.zone

[root@localhostnamed] # chmod o = / var/named/192.168.0.zone

Syntax check:

[root@localhostnamed] # named-checkconf

[root@localhostnamed] # named-checkzone 0.168.192.in-addr.arpa / var/named/192.168.0.zone

Zone0.168.192.in-addr.arpa/IN: loaded serial 2017060601

OK

# rndc reload or

# systemctl reload named.service

3. Have the server reload configuration files and zone data files

# rndc reload or

# systemctl reload named.service

Test

Dig-x 192.168.0.104 @ 192.168.0.104

b. Subdomain authorization

1. Add subdomains to the magedu.com parsing library.

[root@localhost~] # vim / var/named/magedu.com.zone

$TTL86400

$ORIGINmagedu.com.

@ IN SOA ns1.magedu.com.dnsadmin.magedu.com. (

2017060612

1H

10M

3D

1D)

IN NS ns1

IN NS ns2

IN MX 10 mx1

IN MX 20 mx2

Ns1 IN A 192.168.0.104

Ns2 IN A 192.168.0.150

Mx1 IN A 192.168.0.106

Mx2 IN A 192.168.0.107

Www IN A 192.168.0.104

Web IN CNAME www

Pop3 IN A 192.168.0.108

Cdn IN NS ns1.cdn # add subdomains

Cdn IN NS ns2.cdn # add subdomains

Ns1.cdnIN A 192.168.0.103 # add A record

Ns2.cdnIN A 192.168.0.155 # add A record

two。 Install bind on the sub-domain server and change the configuration file and add the parsing library.

[root@localhost~] # yum install bind-y # Sub-domain server installation

[root@localhost~] # vim / etc/named.conf

/ / Provided by Red Hat bind package to configure the ISC BIND named (8) DNS

/ / server as a caching only nameserver (as a localhost DNS resolver only).

/ /

/ / See / usr/share/doc/bind*/sample/ for example named configuration files.

/ /

Options {

Listen-onport 53 {127.0.0.1; 192.168.0.103;}; # add the address of the host communicating with the outside

Listen-on-v6port 53 {:: 1;}

Directory "/ var/named"

Dump-file "/ var/named/data/cache_dump.db"

Statistics-file "/ var/named/data/named_stats.txt"

Memstatistics-file "/ var/named/data/named_mem_stats.txt"

/ / allow-query {localhost;}; # disable local queries only

Recursionyes

Dnssec-enableno; # changed to no

Dnssec-validationno; # changed to no

.

[root@localhost~] # service named start

Generating/etc/rndc.key: [OK]

Start named:

[root@localhost~] # vim / etc/named.rfc1912.zones # Edit configuration file and add parsing library

Zone "cdn.magedu.com" IN {

Type master

File "cdn.magedu.com.zone"

}

[root@localhost ~] # vim / var/named/cdn.magedu.com.zone # Edit parse library data

$TTL3600

$ORIGINcdn.magedu.com.

@ IN SOA ns1.cdn.magedu.com. Nsadmin.cdn.magedu.com. (

2017060601

1H

10M

1D

2H)

IN NS ns1

Ns1 IN A 192.168.0.103

Www IN A 192.168.0.10

[root@localhost~] # chgrp named/ var/named/cdn.magedu.com.zone # modify the subordinate group to named

[root@localhost~] # chmod o = / var/named/cdn.magedu.com.zone # modify others without permission

[root@localhost~] # rndc reload

Serverreload successful

Testing using dig

[root@localhost~] # dig-t A www.cdn.magedu.com @ 192.168.0.103

Define forwarding

[root@localhost~] # vim / etc/named.rfc1912.zones # Edit configuration file to add zone forwarding

Zone "magedu.com" IN {

Type forward; # define forwarding

Forward only; # forward only

Forwarders {192.168.0.104; 192.168.0.150;}

}

[root@localhost~] # named-checkconf # check

[root@localhost~] # rndc reload # overload

[root@localhost~] # dig-t A www,magedu.com @ 192.168.0.103 # Test child domain resolution parent domain

; DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2-tA www.magedu.com @ 192.168.0.103

;; global options: + cmd

;; Got answer:

;;-> > HEADER

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report