Shulou(Shulou.com)06/01 Report--

Today, the editor will share with you the relevant knowledge points of DNS server positive and negative regional example analysis, the content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.

DNS: Domain Name System Domain name system is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it makes it more convenient for people to use the Internet.

Domain name query tool Nslookup command > server 202.106.0.20 # specify DNS server > set qendA # specify the type to be queried (A Magi PTRMeng MX _ CNAMEML NS) > www.baidu.com # specify the domain name to be queried dig command

This command comes with the DNS toolkit and can be used to query domain name related information.

Dig [- t type] [- x addr] [name] [@ server]-t A www.baidu.com @ 202.106.0.20 # View the IP address of the domain name and specify the DNS server. By default, use the local DNS address-t NS www.baidu.com # to view the NS server of the domain name-t NS. # View the root NS server-t NS com # View com. NS server-t MX baidu.com # view domain mail domain name-t SOA baidu.com # view SOA record of authoritative server of domain-t CNAME www.baidu.com # view alias of domain name-x 192.168.60.200 @ 192.168.60.10 # reverse resolution query

Example:

[root@localhost] # dig-t a www.baidu.com; > DiG 9.8.3-P1 >-t a www.baidu.com;; global options: + cmd;; Got answer:;;-> > HEADER# shows the questions raised by dig; www.baidu.com. IN A;; ANSWER SECTION: # reply to dig's question www.baidu.com. 448 IN CNAME www.a.shifen.com.www.a.shifen.com. 0 IN A 115.239.211.112www.a.shifen.com. 0 IN A 115.239.210.27; Query time: 15 msec; SERVER: 192.168.5.1: 53 (192.168.5.1); WHEN: Sat Jul 2 21:30:06 2016; MSG SIZE rcvd: 103

Dig query results show that in addition to QUESTION SECTION and ANSWER SECTION, you will encounter the following two types of information:

AUTHORITY SECTION # shows the authoritative server of A record ADDITIONAL SECTIONdd # shows several other common uses of A record Dig of authoritative server of A record # see if 202.106.0.20 is given recursive [root@localhost] # dig + recurse-t www.baidu.com @ 202.106.0.20 # shows the detailed process of querying www.baidu.com using local DNS [root@localhost] # dig + trace-t www.baidu.comDNS resource records

There are two parsing functions of DNS server, one is forward parsing and the other is reverse parsing. Forward and backward parsing techniques are different, so they should not be stored in the same database file. Each kind of parsing needs a corresponding database file on the DNS server. Each item in the database file is a resource record, which has a type and is used to represent the function of the resource. The common records are as follows:

SOA (Start Of Authority) # initial Authorization record NS (Name Server) # Domain name Server record Indicate that you are the DNS server MX (mail eXchanger) # Mail exchanger record A (Address) # Domain name to IPv4 address (forward resolution) PTR (PoiTeR) # IP address conversion (reverse resolution) AAAA (Address) # Domain name to IPv6 address CNAME (Canonical Name) # official name (alias record) forward zone file $TTL 600 @ IN SOA dns.ywnds.com. Root.ywnds.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum@ IN NS dns

TTL 60000: the time to Live field defines how long the information in the resource record will be stored in the DNS cache in seconds.

Resource record format NAME IN TYPE ValueNAME: name field. This field is the name of the domain object referenced by the resource record. It can be a separate host (such as www) or an entire domain (such as wangfeng7399.com); the field value "." Represents the root, and "@" indicates that the default domain is the current domain. IN: this field is used to identify the current record as an Internet DNS resource record. TYPE: resource record type, which introduces several commonly used types, as follows: SOA (start OF authority): starting authorization record, where the NAME field must be a region name such as ywnds.com. Or "@" indicates that the Value field must be the FQDN of the primary DNS server, for example: @ IN SOA dns.ywnds.com. Root.ywnds.com. Among them, root.ywnds.com. It is an administrator mailbox, and it is not indicated by @ because @ has a special meaning. The meaning of these parameters is that the auxiliary DNS updates the flag of the primary DNS to update the data, such as: serial = 2913 (serial number = 2913), which is used when the secondary domain name server copies the file. Copy if the number is added) refresh = 10800 (3 hours) (refresh = 10800 seconds, the secondary domain name server queries a primary server every 3 hours) retry = 3600 (1 hour) (retry = 3600 seconds, when the secondary domain name service tries to query the primary server for updates, but the connection fails The secondary domain name server accesses the primary domain name server every hour) expire = 604800 (7 days) (expiration = 604800 seconds. After the secondary domain name server fails to update to the primary service, delete the record in 7 days. ) default TTL = 3600 (1 hour) (the default time to live is 3600 seconds, and the cache server saves records for 1 hour. That is, tell the cache server to save the domain resolution record as 1 hour) NS (Name Server): domain name server, where the NAME field must be a zone name such as ywnds.com. Or "@" indicates that the Value field is the FQDN (which can be a relative name) of the DNS server, for example: @ IN NS dnsMX (mail eXchanger): Mail exchanger, where the NAME field must be a zone name to identify the smtp server. The Value field has priority (0-99, the smaller the number, the higher the level) and FQDN. For example: @ IN MX 10 mailA (Address): domain name to IPv4 address (forward resolution), where the NAME field is FQDN (you can use a relative name) and the Value field is the IP address. For example: dns IN NS 192.168.60.10CNAME: used to set aliases. Type of area

The area type is used to define a valid identity for this field in the following format:

Zone "." IN {type hint; file "named.ca";}; hint: indicates the prompt area, which is generally used by the root. Master: the zone identity used by the primary DNS server. Slave: the zone identity commonly used by secondary DNS servers. Forward: the zone identification used by the forwarding area. Install DNS

There are several kinds of software that provide DNS services on Linux systems, the best of which is bind software. At present, Linux6 is already bind9.8. Install the following RPM package directly.

[root@bogon ~] # yum install bind bind-utils bind-libs [root@bogon ~] # service iptables stop [root@bogon ~] # setenforce 0

Explain the meaning of each package:

Bind-libs: library files provided bind-utils: provided DNS client tools bind: server main package bind-devel: provide header files and library files for secondary development (may be omitted) bind-chroot: DNS configuration as root switch (may be omitted) bind-dyndb-ldap: files / etc/named.conf # configuration for saving DNS zone files to database or Ldap (may be omitted) Bind File / etc/rc.d/init.d/named # service script / var/named/name.ca # root domain zone profile / var/named/named.localhost # localhost zone profile / var/named/named.loopback # reverse parsing profile cache DNS

Cache DNS server: 192.168.60.10

After the DNS installation is complete, it is actually a cached DNS server, but to provide services, you also need to adjust the listening address and allow access to the host. Here's a look at the Bind master configuration file / etc/named.conf (permissions 640 named owner; root group).

[root@bogon ~] # cat / etc/named.confoptions {listen-on port 53 {any;}; # IPv4 listening address, changed to "any" or commented out means listening to all. The default is "127.0.0.1" listen-on-v6 port 53 {:: 1;}; directory "/ var/named" # default location of zone files dump-file "/ var/named/data/cache_dump.db"; # cache file statistics-file "/ var/named/data/named_stats.txt"; # memory usage statistics memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;} # A query is allowed, changed to "any" or commented out means all is allowed. The default is "localhost" recursion yes; # allows other users to recursively enable allow-recursion {192.168.60.0amp 24;} # access control, which can only be recursive to users of network segment 192.168.60.0. Can be omitted. }; dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key * / bindkeys-file "/ etc/named.iscdlv.key"; managed-keys-directory "/ var/named/dynamic"; # define logs (try not to open logs because DNS queries are too frequent) logging {channel default_debug {file "data/named.run"; severity dynamic;};}; # default DNS root domain file zone "." IN {type hint; file "named.ca";}; # contains the file include "/ etc/named.rfc1912.zones"; / / include "/ etc/named.root.key"; # comment out this file when doing the experiment, otherwise it will not affect the normal results of the experiment. It is on by default. [root@bogon ~] # service named start [root@bogon ~] # dig-t A www.baidu.com @ 192.168.60.1 testing cache server (DNS server must have access to the Internet) forward parsing DNS

Do forward parsing DNS server on the basis of cached DNS server

Add the forward parsing region [root@bogon ~] # vim / etc/named.confzone "ywnds.com" IN {type master; file "ywnds"; allow-transfer {none;};} in the / etc/named.conf file; add the forward zone file [root@bogon ~] # vim / var/named/ywnds$TTL 1D @ IN SOA dns.ywnds.com under / var/named/. Root.ywnds.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum@ IN NS dnsdns IN A 192.168.60.10 @ IN MX 10 mailmail IN A 192.168.60.100www IN A 192.168.60.200 [root@bogon ~] # chown root:named / var/named/ywndsdig verify that anyway parsing DNS adds a forward parsing region [root@bogon ~] # vim / etc/named to the / etc/named.conf file. Confzone "60.168.192.in-addr.arpa" IN {type master File "ywnds.com"; allow-transfer {none;};}; add the reverse zone file [root@bogon ~] # vim / var/named/ywnds$TTL 1D @ IN SOA dns.ywnds.com under / var/named/. Root.ywnds.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum IN NS dns.ywnds.com.200 IN PTR www.ywnds.com.100 IN PTR mail.ywnds.com. [root@bogon ~] # chown root:named / var/named/ywnds

PS: reverse parsing must write FQDN

Verify [root@bogon ~] # dig-x 192.168.60.200 @ 192.168.60. These are all the contents of the article "Analysis of positive and negative Zone examples of DNS Server". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.