Shulou(Shulou.com)06/02 Report--

Basic concepts of DNS

Domain Name System domain name resolution system

Forward resolution named.localhost: domain name è IP

Reverse resolution of named.loopback: IP è domain name

Software: bind

Service: named

Port: UDP 53 è data communication (positive and negative domain name resolution)

TCP 53 è data synchronization (master-slave domain server synchronously parses files)

Configuration file: / etc/named.conf main configuration file

/ etc/named.rfc1912.zones zone profile

/ var/named/named.localhost forward parsing profile

/ var/named/named.loopback reverse parsing configuration file

Division of domain names:

DNS is a distributed database, the naming system uses a hierarchical logical structure, like an inverted tree, this logical tree structure is called domain name space, because DNS divides domain name space, so each organization can use its own domain name space to create DNS information.

In the DNS domain name space, the maximum depth of the tree must not exceed 127layers, and each node of the tree can store up to 63 characters.

(1) DNS server

A computer that runs a DNS server program that stores DNS server database information. When the local DNS server receives the DNS resolution request from the local client, it first queries the database information about the mutual resolution of the corresponding "domain name and IP": if it is found, it responds to the client, and if it does not find it, it starts to query down layer by layer from the root DNS server, and the root server stores the relevant first-level domain name resolution data. The local DNS gets the first-level domain name information and queries the next-level DNS server for the secondary domain name resolution data. Then take the resolution data of the second-level DNS server to the next-level three-level DNS server to query the resolution data of the third-level domain name; query down in turn until you find the domain name resolution data required by the local client, and then respond to the local client!

(2) DNS cache

When the DNS server parses the client request, if the local DNS server does not have the DNS information, it will ask other DNS servers. When other DNS servers return information, the local DNS server will record the results in the local cache and become the DNS cache. The next time the client submits the same request, the DNS server can respond to the client using the information parsing in the cache!

(3) Primary domain name server and secondary domain name server

When the secondary DNS server of the zone starts, it synchronizes the data of the domain name resolution file with the primary DNS server of the local zone. If there is no change, it will connect to the main server after a period of time to check whether the parsing file is updated, if it is updated, data synchronization will be carried out, and if there is no update, the connection will be checked for updates repeatedly!

Each destination has at least one primary DNS server and one secondary DNS server, otherwise the zone will not be able to resolve domain names after the primary server goes down.

Advantages of a secondary DNS server:

1. Fault tolerance

2. Reduce the load pressure on the main server

3. Reduce the traffic of the wide area link

Domain name resolution process:

Query process of DNS: recursive query and iterative query

Example-visit www.163.com

1. The network client needs the corresponding IP to access the www.163.com and issues a resolution request to the local DNS server.

2. The local DNS server queries the database and cache for relevant parsing data. If any, it responds directly to the client. If not, it sends a query request to the root DNS server.

3. The root domain name server returns the address of a top-level domain name server to the local DNS server.

4. The local DNS server sends a request to the top-level domain name server.

5. The top-level domain name server queries its own database and cache for relevant resolution data. If any, it responds directly to the client. If not, it returns a second-level domain name server address.

6. The local DNS server sends a request to the second-level domain name server.

7. The second-level domain name server queries its own database and cache for relevant resolution data. If it has, it responds directly to the client. If not, it returns a third-level domain name server address.

8. The local DNS server sends a request to the third-level domain name server

By analogy, the local client knows to get the domain name resolution data they need, and takes the corresponding IP to access the corresponding resource server.

Construction of DNS master server

Close iptables SElinux

2.1. Configure the network card

Select the network card mode: VMnet8 (NAT mode), remove the DHCP of VMnet8, and change the network segment to 192.168.100.0

Configure the local network card eth0: 192.168.100.10 netmask 255.255.255.0

Restart the network card service: service network restart

2.2. install the DNS service

2.2.1. Query whether the software is installed

Rpm-Q bind

If not, install and configure local yum source installation (/ etc/yum.repo.d/rhel-source.repo)

Yum-y install bind

2.2.2, main configuration file / etc/named.conf description and configuration

Configure the main configuration file / etc/named.conf

2.2.3. Zone profile / etc/named.rfc1912.zones description and configuration

Make a backup copy of the configuration file to avoid errors

Cp / etc/named.rfc1912.zones / etc/named.rfc1912.zones.bak

Explanation and explanation

Configure the area file, leaving only the following two areas, and the others are deleted

Modified file

2.2.4. Modify forward and reverse parsing files xdl.zheng and xdl.fan

Copy / var/named/named.localhost to xdl.zheng

/ var/named/named.loopback is copied to xdl.fan

Modify xdl.zheng

Modify to

Modify xdl.fan

2.2.5. Restart DNS service, service named restart

Check whether there is any content in the / etc/resolv.conf file. If the parsing is successful, there will be a corresponding parsing IP.

If not, you need to add it manually!

Use another client, set the same network segment, DNS as the server IP, and use nslookup to test whether the resolution is successful.

DNS is built from the server

Function: relieve the pressure on the main DNS server and improve the access speed

Configure the yum source and install the bind software

Yum-y install bind

3.2.Configuring named main configuration file / etc/named.conf

3.3.Configuring named zone configuration file / etc/named.rfc1912.zones

Back up cp-a / etc/named.rfc1912.zones / etc/named.rfc1912.zones.bak first

Vim / etc/named.rfc1912.zones

After modification

Note the following points in the next step:

A, type specifies the type of DNS server: master masters, slave slave

B. Masters is the added field. You must specify the IP of the primary server.

C, file "" which file you need to learn from the DNS server to this server

Format: file "slaves/ File name"

Check whether the slave server synchronizes the xdl.zheng zdl.fan file of the master server

Ls / var/named/slaves/

Set the DNS of the client to the IP--192.168.100.40 of the DNS server, and use nslookup for domain name resolution view and verification

Construction of DNS cache server

Use the client PC3 that has visited the DNS server as the cache server, and use the fourth client PC4 for DNS parsing access

IP--192.168.100.30,DNS--192.168.100.10 of PC3 (main DNS server IP)

IP--192.168.100.60,DNS--192.168.100.30 of PC4 (IP of PC3)

4.1. PC3 as the cache server, install dnsmasq soft armor

Yum-y install dnsmasq

4.2.Modification of dnsmasq configuration file / etc/dnsmasq.conf

You only need to modify three of the keywords:

The domain name e.g: domain=xdl.com that domain= needs to resolve

Server= main DNS server IP e.g: server=192.168.100.10

Cache-size= declares the number of cache entries e.g:cache-size=3000

The specific modification results are as follows:

Domain= (bottom line)

Server= (bottom line)

Cache-size= (bottom line)

4.3.Use PC4 to verify using nslookup to resolve the domain name and IP of the main DNS

IP--192.168.100.60,DNS--192.168.100.30 of PC4 (IP of PC3)

Verification results:

Construction of DNS internal and external network separation and resolution server

5.1. Conceptual design

Principle: use the intranet PC1 to access the company's internal WEB server, and the DNS server is placed on the external network to facilitate the rest of the community to visit the company's WEB web page!

Now use three virtual machines to build the above services:

PC1: directly use computers on the intranet to install httpd services as WEB servers

PC2: directly use computers on the public network to install DNS services as DNS servers

GW: configure dual network cards, enable address forwarding, and act as gateway servers

5.2. Process steps

5.2.1. Step 1: GW configuration

Install two network cards, configure the network card eth2 and select VMnet10--192.168.100.0/24

Configure IP to 192.168.100.254

Configure the network card eth3 and select VMnet11--192.168.200.0/24

Configure IP to 192.168.200.254

The configuration results are as follows:

Eth2

Eth3

Enable address forwarding function vim / etc/sysctl.conf and refresh configuration file sysctl-p

5.2.2. Step 2: configure private network PC1

Configure the Nic IP (private gateway and DNS must be configured)

Configure the yum source and install the httpd service

1. Mv rhel-source.repo rhel-source.repo.bak

Vim rhel-aa.repo

2. Connect the CD image and mount it under / mnt

Mount / dev/sr0 / mnt

Yum-y install httpd

3 、 cd / var/www/html

Vim index.html

Cao ni da yede!

4 、 elinks 192.168.100.10

5.2.3. Step 3: public network DNS configuration

1. Configure the network card (the gateway address and DNS address of the external network must be configured)

2. Configure the yum source and install the named service

2.1The mv rhel-source.repo rhel-source.repo.bak

Vim rhel-aa.repo

2.2. Connect the CD image and mount it under / mnt

Mount / dev/sr0 / mnt

Yum-y install bind (domain name service software)

2.3.Starting named service

Service named restart

3. Configure the domain name main configuration file / etc/named.conf

4. The configuration files that generate lan and wan are copied by the original parsing file.

Cp-a / etc/named.rfc1912.zones / etc/lan

Cp-a / etc/named.rfc1912.zones / etc/wan

Configure private network resolution file / etc/lan public network resolution file / etc/lan

Private network parsing file / etc/lan

5. Generate forward and reverse parsing files of lan.zheng, lan.fan, wan.zheng and wan.fan in the internal and external network, which are copied by / var/named/named.localhost and / var/named/named.loopback.

Cp-a / var/named/named.localhost / var/named/lan.zheng

Cp-a / var/named/named.loopback / var/named/lan.fan

Cp-a / var/named/named.localhost / var/named/wan.zheng

Cp-a / var/named/named.loopback / var/named/wan.fan

Configure four files

Vim / var/named/lan.zheng

Vim / var/named/lan.fan

Vim / var/named/wan.zheng

Vim / var/named/wan.fan

6. Restart the named service

Test parsing nslookup

Test whether the WEB server can be parsed and opened

Elinks 192.168.100.10

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.