Shulou(Shulou.com)06/03 Report--

Introduction to DNS:

The address in the Internet is the IP address of a number, and the domain name that we usually use to visit the website is mainly for easy memory. The function of domain name resolution is to point the domain name to the IP address of the website, so that people can easily access a service of the website through the registered domain name. Domain name resolution is the process of translating domain names to IP addresses. The domain name resolution is done by the DNS server.

The role of the DNS system:

Forward resolution: look up the corresponding IP address based on the host name (domain name).

Reverse resolution: find the corresponding host domain name according to the IP address.

DNS system type:

Cache domain name server: also known as cache server, which obtains the domain name and IP address records by querying other domain name servers, and then caches the domain name query results locally to improve the speed of repeated queries.

Primary domain name server: the official server of a specific DNS region, which is unique. Responsible for maintaining the mapping records of all domain names and IP addresses in this area.

Slave domain name server: also known as the secondary domain name server, the domain name and IP address records maintained by the slave domain name server come from the primary domain name server.

Domain name explanation:

The domain name we usually enter, such as the address of our blog: blog.51cto.com, is actually incomplete. It omits the root domain "." at the end. It is a "dot", and the complete domain name should be "blog.51cto.com." Let's use this address to explain what each part represents.

"." represents the root domain. There are only 13 root domain servers in the world.

".com": represents the top-level domain. There are many top-level domains, and there are different top-level domains for different purposes. The ".com" that we see more often is for commercial organizations, ".net" is mostly used for Internet service providers, ".edu" is used for educational institutions, and ".cn" is a top-level domain divided by region, representing the mainland of our country.

".51cto": represents a second-level domain name. This is generally defined by the user itself, and the principle is simple and easy to remember. Of course, a third-level domain name can be added in front of the second-level domain name according to individual needs.

"blog": indicates the host name. Like "www", which we usually see most often, is also the host name.

Forward parsing:

1. Install the program bind of the DNS server, and install it directly from the yum source. Note: installation needs to be in a networked environment.

two。 After installation, use the "rpm-qc bind" command to check the configuration file of the program.

Among these profiles, there are three main profiles.

/ etc/named.conf-- main profile (control system global) / etc/named.rfc1912.zones- zone profile (control specific individual zone) / var/named/named.localhost- zone data profile (zone information)

3. Configure the main configuration file "/ etc/named.conf" with the vim editor. Change "127.0.0.1" to your IP address "192.168.52.131" and the following "localhost" to "any".

Options {listen-on port 53 {192.168.52.131;}; listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt" Recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}

4. Configure the zone configuration file "/ etc/named.rfc1912.zones" with the vim editor.

Add a forward parsed area configuration content, you can copy the above template and change it directly on the template.

Zone "yun.com" IN {type master; file "yun.com.zone"; allow-update {none;};}

5. Use the "cd" command, enter the "/ var/named" directory, and then use the "cp-p" command to copy a "named.localhost" file named "yun.com.zone".

Input: cd / var/named/ input: cp-p named.localhost yun.com.zone

6. Configure the "yun.com.zone" file with the vim editor. (CNAME is an alias for setting the hostname, and * indicates pan-domain name resolution)

$TTL 1D @ IN SOA yun.com. Admin.yun.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS yun.com. A 192.168.52.131IN MX 10 mail.yun.com.www IN A 192.168.100.100ftp IN A 192.168.99.99stmp IN CNAME www* IN A 8.8.8.8

7. Turn off the firewall and enhanced security features, and then turn on the DNS service.

Input: systemctl stop firewalld.service input: setenforce 0 input: systemctl start named

8. Change the local DNS server IP address to your own IP address, and use your own DNS server to resolve the domain name. Check to see if the change was successful.

Enter: echo "nameserver 192.168.52.131" > / etc/resolv.conf

Input: cat / etc/resolv.conf

9. Use the "host" command to test whether the DNS server can resolve the domain name. We can see that all the domain names we set can be resolved successfully.

Input: host www.yun.com input: host stmp.yun.com input: host ftp.yun.com input: host abc.yun.com

Reverse resolution:

1. Configure the zone configuration file "/ etc/named.rfc1912.zones" with the vim editor again.

By adding a reverse parsed zone configuration content, you can copy the above template and change it directly on the template.

Zone "100.168.192.in-addr.arpa" IN {type master; file "yun.com.local"; allow-update {none;};}

two。 Use the "cd" command, enter the "/ var/named" directory, and then use the "cp-p" command to copy a "yun.com.zone" file named "yun.com.local".

Input: cd / var/named/ input: cp-p yun.com.zone yun.com.local

3. Configure the "yun.com.local" file with the vim editor.

$TTL 1D @ IN SOA yun.com. Admin.yun.com. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS yun.com. A 192.168.52.13199 IN PTR www.yun.com.88 IN PTR ftp.yun.com.

4. Once configured, restart the DNS service.

Input: systemctl restart named

5. Use the "host" command to detect whether the DNS server can do reverse parsing. You can see that the IP address we set can reverse resolve the domain name.

Input: host 192.168.100.99 input: host 192.168.100.88

Master-slave synchronization:

1. First turn off the firewall and enhanced security features, then open a CentOS 7, and use the yum source to install the DNS service program. Used as a slave domain name server.

Input: systemctl stop firewalld.service input: setenforce 0 input: yum install bind-y

two。 Use the vim editor to configure the master configuration file "/ etc/named.conf" of the slave domain name server. Change "127.0.0.1" to your IP address "192.168.52.132" and the following "localhost" to "any".

Options {listen-on port 53 {192.168.52.132;}; listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt" Recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}

3. Use the vim editor to configure the zone profile "/ etc/named.rfc1912.zones" from the domain name server.

Add a forward parsed area configuration content, you can copy the above template and change it directly on the template. Note: you need to change the type from "master" to "slave"

Zone "yun.com" IN {type slave; file "slaves/yun.com.zone"; masters {192.168.52.131;};}

4. Then use the vim editor to configure the zone configuration file "/ etc/named.rfc1912.zones" of the primary domain name server. Replace "allow-update {none;};" with "allow-transfer {192.168.52.132;};".

Zone "yun.com" IN {type master; file "yun.com.zone"; allow-transfer {192.168.52.132;};}

5. After the configuration of the primary domain name server, you need to restart it, and then go back to starting the service from the domain name server.

Primary domain name server: input: systemctl restart named slave domain name server: input: systemctl start named

6. Change the DNS server IP address of the domain name server to your own IP address. And check to see if the change was successful.

Input: echo "nameserver 192.168.52.132" > / etc/resolv.conf input: cat / etc/resolv.conf

7. Use the "host" command to test whether the domain name can be resolved from the domain name server. We can see that all the domain names we set up in the master domain name server can be resolved, so the master-slave synchronization is successful.

Input: host www.yun.com input: host stmp.yun.com input: host ftp.yun.com input: host abc.yun.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.