Shulou(Shulou.com)06/02 Report--

A brief introduction to DNS

1. DNS:Domain Name System (Domain name system) is a distributed hierarchical database of mutual resolution between IP and domain names on the Internet. The emergence of DNS can make users better and more convenient to access the Internet, do not need to remember the IP address to access the Internet, through the human easier to remember the domain name to access the Internet.

2. DNS is a Cramp S server, the client is used for an address corresponding to the name, and the server provides the client with a query, which is made up of two mechanisms: iterative query and recursive query.

Iterative query: usually the query method between DNS server and DNS server

Recursive query: it is generally the way of query between client and server.

3. DNS is a DNS database built by parsing records, and the analytical records in the database are divided into forward parsing and reverse parsing. Forward resolution is the process from domain name to IP, while reverse resolution is from IP to domain name. So what are the main parsing records?

Common records:

A: it is the abbreviation of address, followed by the address of ipv4

AAAA: corresponds to the address of Iipv6

NS: followed by the DNS server

SOA: an abbreviation for start of autority.

PTR: followed by the host name resolved in the reverse direction

CNAME: host alias. A host can have more than one host name.

MAX: address of the mail server

Let's learn about DNS services through a few simple configurations

2. Configuration of forward parsing

To zhanglang. Take the com domain as an example to use ns1.zhanglang.com server:

Prepare before the lab: install the bind package

Yum install bind

(1) define the area

Implemented in the main configuration file (/ etc/named.conf) or in the main configuration file secondary configuration file (/ etc/named.rfc1912.conf)

Modify the main configuration file vim / etc/named.conf

Modify / etc/named.rfc1912.conf, add zone (file in / var/named/*.zone)

(2) establish regional data files (mainly An or AAAA records)

Create a zone data file in the / var/named directory

The file is: / var/named/zhanglang.com.zone

(3) permission and group modification:

# chown: named/ var/named/zhanglang.com.zone

# chmod o = r/named/zhanglang.com.zone

(4) check for syntax errors:

(5) allow the server to reload configuration files and zone data files

# rndc reload

(6) testing

Forward parsing configuration succeeded

Configure and parse a reverse area

(1) define the area

Implemented in the main configuration file or in the main configuration file secondary configuration file

Modify the main configuration file vim / etc/named.conf

Modify / etc/named.rfc1912.conf, add zone (file in / var/named/*.zone)

(2) define the region resolution library file (mainly recorded as PTR) vim / var/named/192.168.zone

(3) permission and group modification:

# chgrp named/ var/named/192.168.zone

# chmod o = / var/named/192.168.zone

(4) check for syntax errors and overloading:

# named-checkzone 168.192.in-addr.arpa / var/named/192.168.zone

# named-checkconf

# rndc reload

(5) testing

3. Master-slave server:

In example 1, we use ns1.zhanglang.com to resolve the master server, then we use ns2.zhanglang.com as the slave server, and we can modify the ns2.zhanglang.com configuration directly. As follows:

(1) modify the configuration file

Modify the main configuration file vim / etc/named.conf

(2) define the area vim / etc/named.rfc1912.conf

(3) check for syntax errors and overloading:

# named-checkconf

# rndc reload

(4) testing

Parsing on the slave server

Successful parsing

IV. Subdomain

The method of forward parsing zone authorization subdomain:

Parent domain configuration

(1) create a regional data file under the / var/named directory; vim / var/named/zhanglang.com.zone

(2) check for syntax errors and overloading:

# named-checkzone zhanglang.com / var/named/zhanglang.com.zone

# named-checkconf

# rndc reload

Subdomain configuration

(1) configure in subdomain

Master profile (open listening port) vim / etc/named.conf

Create the domain vim / etc/named.rfc1912.zones

(3) create domain analysis library vim / var/named/ops.zhanglang.com.zone

(4) modify permissions and groups

(5) check for syntax errors and overloading:

# named-checkzone ops.zhanglang.com / var/named/ops.zhanglang.com.zone

# named-checkconf

# rndc reload

(6) Detection

Subdomain check

Parent domain detection

Successfully configure subdomain authorization

5. Define forwarding (define forwarding in sub-domain):

Note: the forwarded server must be allowed to do recursion for the current service

In the example above, the sub-domain server configures forwarding

(1) configuration file / etc/named.rfc1912.zones

(2) Syntax checking and overloading

(3) Detection

Detect parent domain "zhanglang.com"

Successful parsing

VI. Basic safety control

Acl: access control list; merges one or more addresses into a named set by which all hosts in the set can be uniformly called

Bind has four built-in acl

None: there is no host

Any: any host

Local: native

Localnet: the network to which the local IP belongs

Common access control instructions

Allow-query {}; hosts allowed to be queried; whitelist

Allow-transfer {}; to which hosts are allowed to do zone delivery; default is to all hosts; should be configured to allow only slave servers

Allow-recursion {}; which host is allowed to initiate a recursive query request to the current DNS server

Allow-update {}; DDNS, which allows you to dynamically update the contents of the regional database file

1. Allow-query is on the primary server (ns1.zhanglang.com)

(1) the main configuration file vim / etc/named.conf creates an access control list (controlled to be resolved only by 192.168.109.101 hosts)

(2) create the domain vim / etc/named.rfc1912.zones

(3) and method detection and overloading

(4) Detection (the command used in the test is the same as the server address)

192.168.109.101 detection

Successful parsing

192.168.109.100 detection

Parsing failed, control setting was successful

2. Allow-transfer is on the master server (ns1.zhanglang.com)

(1) the main configuration file vim / etc/named.conf creates an access control list (only 192.168.109.100 hosts can only be transferred in areas)

(2) create the domain vim / etc/named.rfc1912.zones

(3) and method detection and overloading

(4) testing

192.168.109.101 detection

Transmission failed

192.168.109.100 test

Transfer successful, control setting successful

3. Allow-recursion is on the master server (ns1.zhanglang.com)

(1) the main configuration file vim / etc/named.conf creates an access control list (the control can only be recursive in the network segment of 192.168.109.101)

(2) and method detection and overloading

(4) testing

192.168.109.101 detection

Success

4. Allow-update {}; DDNS, which allows you to dynamically update the contents of the regional database file

Generally speaking, we do not allow dynamic updating of the contents in the regional database file; because allowing dynamic updating of the contents in the regional database file poses a security risk; therefore, we prohibit dynamic updating.

Edit configuration file: vim / etc/named.rfc1912.zones

Add allow-update {none;}; to each zone

Then reload the service.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.