Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to build DNS and server under Linux". In daily operation, I believe many people have doubts about how to build DNS and server under Linux. Xiaobian consulted all kinds of information and sorted out simple and easy operation methods. I hope to help you answer the doubts of "how to build DNS and server under Linux"! Next, please follow the small series to learn together!

DNS Basic Concepts

The concepts in this section, if known, can jump directly to building DNS servers

In fact, no matter whether it is development or operation and maintenance, how many have been exposed to DNS, a domain name is so long, a dot is a domain, up to four domains, the way to mark a URL with a domain name is a string, is to make it easier for people to remember, the computer does not care if it is IP or domain name!

Top-level domains can be divided into three categories:

Generic top-level domains (.com businesses,.org nonprofits,. net web services, etc.)

Country top-level domains (.cn China,.uk UK,.us USA,.jp Japan)

Reverse domain (infrastructure top-level domain,.arpa)

If we register a domain name ourselves, we don't have to care which top-level domain name to use at all. It's just an unspoken rule to let others know what your website may be used for. The domain name we usually apply for in ICP is a second-level domain name. After applying, we can add third-level and fourth-level domain names at will, because many people's top-level domain names are the same. What they apply for is a second-level domain name. Then you can add all third-level and fourth-level domain names by yourself. They all belong to you. In this logic, the domain name system is like a tree.

Anyone of us can apply for a domain name. We can use it to build a website for dozens of yuan. For example, the domain name coding3min.com I applied for on Tencent Cloud is 60 yuan a year.

Domain name resolution

There are many types of domain name resolution, www,@, *, mail, secondary domain names, mobile phone websites correspond to different usages.

You can see the prompt on Tencent Cloud (Cloud). Usually the www prefix is the main domain name, but the input is troublesome. I redirected it to coding3min.com, that is,@ mode. The functions of each are shown in the figure.

Record types are divided into the following categories

Commonly used is A type, directly pointing to a server ip, CNAME type is pointing to another domain name, such as we use github to provide us with a statement website service can build up a free blog will provide a domain name for transit, we can also use their own domain name to resolve to MX type, build their own suffix mail server.

The following is a detailed domain name resolution process, marking the focus! There's an exam here.

As shown above,

Enter the domain name www.baidu.com in the browser. The operating system will first check whether its local hosts file has this URL mapping relationship. If there is, it will first call this IP address mapping to complete the domain name resolution.

If there is no mapping of this domain name in hosts, look up the local DNS resolver cache to see if there is a mapping relationship of this URL. If there is, return directly to complete the domain name resolution.

If there is no corresponding URL mapping relationship between hosts and local DNS resolver cache, the preferred DNS server set in TCP/IP parameters will be found first. Here, we call it local DNS server. When this server receives the query, if the domain name to be queried is contained in the local configuration zone resources, it will return the resolution result to the client to complete the domain name resolution. This resolution is authoritative.

If the domain name to be queried is not resolved by the local DNS server zone, but the server has cached the URL mapping relationship, call this IP address mapping to complete the domain name resolution, which is not authoritative.

If the local DNS server local zone file and cache resolution are invalid, query according to the settings of the local DNS server (whether the forwarder is set). If the forwarding mode is not used, the local DNS sends the request to the "root DNS server". After receiving the request, the "root DNS server" will judge who is authorized to manage the domain name (.com) and return an IP responsible for the top-level domain name server. When the local DNS server receives the IP information, it contacts the server responsible for the.com domain. When the server responsible for the.com domain receives the request, if it cannot resolve it, it will find a DNS server address (baidu.com) that manages the.com domain one level lower to the local DNS server. When the local DNS server receives this address, it will find the baidu.com domain server and repeat the above actions until it finds the www.baidu.com host.

If forwarding mode is used, this DNS server will forward the request to the upper DNS server, which will resolve the request. If the upper server cannot resolve the request, it will either find the root DNS or forward the request to the upper level.

Either local DNS server

Either forward or root hints are used, and the result is ultimately returned to the local DNS server, which then returns it to the client.

DNS query methods include recursion and iteration, and resolution methods include forward resolution and reverse resolution. We know the principle, let's see it in action!

Set up a local DNS server

If you deploy services using kubernetes, its kube-dns component will automatically do domain name resolution, allowing service discovery to be done automatically between services using specific name rules.

DNS is just a protocol, the real service is bind software, so now to install it:

sudo yum install bind-utils bind bind-chroot

There are a few directories or files to remember after installation:

/etc/named.conf: Main configuration file

/etc/sysconfig/named: Configure whether to start chroot and additional parameters

/var/named: directory where database files are stored, storing files corresponding to ip of host name

/var/run/named: named The directory where the pid-file is stored when the program is executed (in ubuntu, the directory is/run/named)

After knowing these important configuration files and directories, the following configuration begins. We try to hijack the traffic of baidu.com.

An important habit before modifying the configuration file is to copy a copy first, so that it is easy to correct the error.

Change the main configuration file named.conf, find the corresponding configuration location, change it to mine

listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; allow-query { any; }; recursion yes;

It means opening port 53 to monitor any address, allowing all hosts to access us, rejecting recursive queries, using iterative queries, and increasing resource utilization.

Pull down to the bottom to see include this configuration file, where you can define the positive (negative) solution area.

include "/etc/named.rfc1912.zones";

Add the following at the bottom of/etc/named.rfc1912.zones.

zone "baidu.com" IN { //First-level domain name is.com, second-level domain name is.baidu type master; //Type Primary DNS Server file "named.baidu.com"; named.baidu.com requested URL/var/named/was not found on this server.

Modify/var/named/named.baidu.com file as follows, where 127.0.0.1 IP you can change to what you want.

$TTL 600 ; defines the time at which all of the following records are cached on the client @ IN SOA dns.yu.com. root.localhost ( 0 ; serial #Serial number, used to judge whether it is the latest version in master-slave dns 1H ; refresh Update once an hour 15M ; retry #If the connection fails, wait 15 minutes and try again 1W ; expire #If you can't download for more than a week, give up downloading 3D ) ; minimum #When the client asks the server to do DNS resolution, the cache time for negative answers is 3 days @ IN NS dns.baidu.com. The NS record indicates that the SDQN of the dns server is dns.baidu.com. dns.baidu.com. IN A 127.0.0.1 The following three A records indicate the IP address of the host in the domain www.baidu.com. IN A 127.0.0.1 ftp IN A 127.0.0.1

Restart the service, check SELinux and turn on the dns service of the firewall

systemctl restart named #restart services setenforce 0 #Turn off SELinux firewall-cmd --add-service=dns #Turn on firewall dns service

Change DNS server pointing

In linux, DNS server configuration points to a fixed file, the following file has a primary server, a backup server, and so on after building a good DNS server is to change this file.

$ cat /etc/resolv.conf nameserver 192.168.3.1 nameserver 114.114.114.114

test

ping www.baidu.com PING www.baidu.com (127.0.0.1) 56(84) bytes of data. 64 bytes from VM-0-11-centos (127.0.0.1): icmp_seq=1 ttl=64 time=0.006 ms 64 bytes from VM-0-11-centos (127.0.0.1): icmp_seq=2 ttl=64 time=0.021 ms ^C --- www.baidu.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.006/0.013/0.021/0.008 ms

You can also use nslookup to view the domain name resolution, if you have changed the location of the new DNS server, you can use this command to query.

$ nslookup coding3min.com Server: 192.168.3.1 Address: 192.168.3.1#53 Non-authoritative answer: coding3min.com canonical name = coding3min.com.cdn.dnsv1.com. coding3min.com.cdn.dnsv1.com canonical name = 6yucorit.dispatch.spcdntip.com. Name: 6yucorit.dispatch.spcdntip.com Address: 112.67.251.116 Name: 6yucorit.dispatch.spcdntip.com Address: 113.105.165.183 Name: 6yucorit.dispatch.spcdntip.com Address: 113.96.98.77 Name: 6yucorit.dispatch.spcdntip.com Address: 125.78.252.121

Server is the DNS server address.

Because I used CDN, DNS resolved multiple addresses. The following Address, such as 112.67.251.116, is the real ip resolved.

DNS protocol runs on UDP protocol, so port 53 is used. When there is no way to query complete information, TCP protocol will be used again. Therefore, firewall needs to release TCP and UDP port 53. Port number can be viewed in/etc/services file:

cat /etc/services | grep domain domain 53/tcp # name-domain server domain 53/udp domaintime 9909/tcp # domaintime domaintime 9909/udp # domaintime

noun explanation

DNS Server: A computer running a DNS server program that stores DNS database information.

DNS cache: DNS server in the resolution of the client domain name request, if there is no local record of the domain name, it will query other DNS servers, when other domain names will return the resolution results to the DNS server, DNS will store the corresponding record locally, generate DNS cache, the next time the client requests again, DNS server can directly use the DNS records in the cache.

DNS query methods: recursive query and iterative query

Recursive query: When a client initiates a domain name resolution request to a DNS server, the DNS server first looks at its own DNS records, and if not, initiates a resolution request to other DNS servers. Iterative query: When a client initiates a domain name resolution request to a DNS server, the DNS server does not resolve the address for the client, but tells the client to another DNS server, and the client initiates an address resolution request to this server.

Forward resolution and reverse resolution Forward resolution: refers to the process of domain name resolution to IP address resolution. Reverse resolution: refers to IP address resolution to domain name resolution process.

At this point, the study of "how to build DNS and server under Linux" is over, hoping to solve everyone's doubts. Theory and practice can better match to help everyone learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.