Shulou(Shulou.com)06/02 Report--

DNS domain name system

DNS: domain name system domain name system. The DNS system records the corresponding (mapping map) relationship between domain names and IP addresses. IP address is used to identify the uniqueness of one's identity in the Internet. IP is difficult to remember, so there is the DNS domain name system.

DNS domain name resolution is divided into:

Forward resolution (commonly used): implements the resolution of domain names to IP addresses.

Reverse resolution (not commonly used): implements the resolution of IP addresses to domain names.

DNS server identity:

Master DNS server (master master): an authoritative service used in the DNS system to record the correspondence between domain names and IP addresses (resource configuration files).

Secondary DNS server (slave standby): the resource configuration file on the secondary DNS server comes from the primary DNS server. Automatically downloads the resource profile from the primary DNS server, or periodically synchronizes the resource profile data with the primary DNS server. The secondary DNS server can help the primary DNS server share a certain amount of domain name resolution.

Naming rules for domain names:

Example: www.baidu.com

Domain name format: host name. Second-level domain name. First-level domain name. Root domain]

The domain name adopts hierarchical structure.

Root domain: use. The dot means. The root domain is the top level of the domain name system. There are 13 root domain servers worldwide. Most root domain servers are in the United States.

First-level domain name: used to identify the category of the organization. As follows:

Com enterprise, company net network organization org non-profit organization cn China hk Hong Kong gov government agency edu education institution tw Taiwan

Secondary domain name: used to identify the name of the organization. Usually, a company or individual applies to the domain name system administration for a name to identify. Common secondary domain names of Internet companies are as follows:

Ali: ali Taobao taobao 58.com 58 Tencent qq, tencent NetEase 163Sina sina

Third-level domain name (or host name): a common term used by group companies to identify companies in different regions. For example, 58.com 's companies are: wh.58.com, hz.58.com, bj.58.com.

Deployment of the DNS server:

Server software: bind service name: named client software: bind-utils

Network topology configured by the DNS service:

Main DNS server: 192.168.11.11

Secondary DNS server: 192.168.11.12

DNS client: 192.168.11.12

Server deployment ideas:

1. Check whether the software is installed: rpm-Q bind bind-utils (client)

2. Install the software: yum-y install bind bind-utils (client)

3. Start the service and allow boot to start automatically: systemctl restart named & & systemctl enable named

4. Check the status of the server and the port of the network process: systemctl status named or lsof-inetstat 50 or netstat-atunlp | grep: 53

5. Commands for syntax detection of DNS server configuration files:

Named-checkconf Detection / etc/named.conf main profile Syntax

Named-checkzone localhost / var/named/named.localhost detects the syntax of the localhost zone configuration file

6. Check the configuration file: rpm-qc bind

/ etc/logrotate.d/named DNS Log Roll Policy File

Main configuration file for / etc/named.conf DNS

/ etc/named.rfc1912.zones DNS locale profile (forward parsing, reverse parsing locale)

7. Modify the configuration file / etc/named.conf of DNS

Cd / etc

Ls named*

Cp-v named.conf named.conf.bak

Vim named.conf

Options {

Listen-on port 53 {any;}

Listen-on-v6 port 53 {:: 1;}

Directory "/ var/named"

Dump-file "/ var/named/data/cache_dump.db"

Statistics-file "/ var/named/data/named_stats.txt"

Memstatistics-file "/ var/named/data/named_mem_stats.txt"

Recursing-file "/ var/named/data/named.recursing"

Secroots-file "/ var/named/data/named.secroots"

Allow-query {any;}

Recursion yes

Dnssec-enable yes

Dnssec-validation yes

/ * Path to ISC DLV key * /

Bindkeys-file "/ etc/named.iscdlv.key"

Managed-keys-directory "/ var/named/dynamic"

Pid-file "/ run/named/named.pid"

Session-keyfile "/ run/named/session.key"

}

Logging {

Channel default_debug {

File "data/named.run"

Severity dynamic

}

}

Zone "." IN {

Type hint

File "named.ca"; file path is / var/named/named.ca

}

Include "/ etc/named.rfc1912.zones"

Include "/ etc/named.root.key"

Option settin

Listening port is 53, listening IPv4 is 127.0.0.1, and it can also be any IP of any.

Working directory of the DNS service

Cache file

Status information file

Internal state information file

Query is allowed. Localhost means that only the local machine is allowed to check it. If you want any host in the network to query, use any. (whitelist)

Allow recursive queries

Enable DNS security featur

PID file for the DNS service

Root domain settings

Type is hint root domain

Resource record file name for hostname and IP address mapping

Specifies the included profile, where named.rfc1912.zones is the zone profile

8. Configure the region information for forward parsing.

Cd/etc

Cp-v named.rfc1912.zones {, .bak}

Vim named.rfc1912.zones

Cd / etc

Cp-v named.rfc1912.zones {, .bak}

Vim named.rfc1912.zones

Zone "localhost.localdomain" IN {

Type master

File "named.localhost"

Allow-update {none;}

}

Configure the localhost.localdomain name area

Type is master main area

The resource record file is named named.localhost, and the full path is / var/named/named.localhost

Updates are allowed, but none is not allowed

Exercise: create a forward resolution zone named wang.com in the named.rfc1912.zones zone configuration file.

1 、 vim / etc/named.rfc1912.zones

Zone "wang.com" IN {

Type master

File "wang.com.zone"

Allow-update {none;}

Allow-transfer {192.168.11.12;}

}

2. Create a resource record (mapping relationship between domain name and IP address) file wang.com.zone for wang.com forward resolution area

Cd / var/named

Ls

Cp-av named.localhost wang.com.zone

Vim wang.com.zone

The contents of the modified file are as follows

$TTL 1D

@ IN SOA dns.wang.com. 2604086010.qq.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS @

A 127.0.0.1

NS dns.wang.com.

Dns A 192.168.11.11

AAAA:: 1

Www A 1.1.1.1

Ftp A 1.1.1.2

Mail A 1.1.1.3

Web CNAME www.wang.com.

The life cycle value of cached data is 1 day.

SOA record, specifying authoritative DNS server name and administrator mailbox

The version number of the modified file, usually written with the number of year, month and day, such as 20190213001

Refresh time is 1D (that is, 1 day)

The retry time is 1H (i.e. 1 hour)

Expiration time is 1W (that is, 1 week)

The default cache time is 3H (that is, 3 hours)

NS record, or name server record

NS record, specifying the DNS server name

A record, which specifies the IP address corresponding to the domain name

A record, the IP address corresponding to the specified www hostname is 1.1.1.1

A record, address record

A record

CNAME alias record, which defines the alias as web.wang.com for the www.wang.com domain name

Meaning: @ in the configuration file is a variable, and the value of the @ variable is the "domain name" in the line of zone code in / var/named.rfc1912.zones.

3. Check the syntax of the two configuration files of DNS, restart the named service, and do the inside of DNS.

Named-checkconf

Named-checkzone www.wang.com / var/named/wang.com.zone

Systemctl restart named

Nslookup

Server

Server 192.168.11.11

Www.wang.com

Ftp.wang.com

Web.wang.com

Manual deployment of reverse resolution

1. Create the configuration information of the 192.168.5.0 reverse parsing area

Vim / etc/named.rfc1912.zones

Zone "5.168.192.in-addr.arpa" IN {

Type master

File "192.168.5.fx"

Allow-update {none;}

}

2. Create the resource record (mapping relationship between domain name and IP address) file 192.168.5.fx for 192.168.5.0 forward resolution area

Cp-av named.loopback 192.168.5.fx

Vim / var/named/192.168.5.fx

$TTL 1D

@ IN SOA dns.xiongyi.com. 2604086010.qq.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H; minimum

NS @

A 127.0.0.1

AAAA:: 1

PTR localhost

NS dns.xiongyi.com.

Dns A 192.168.11.11

2 PTR www.xiongyi.com.

3 PTR ftp.xiongyi.com.

4 PTR mail.xiongyi.com.

Note: @ in the configuration file is a variable, and the value of the @ variable is the "domain name" in the zone code in / var/named.rfc1912.zones.

3. Check the syntax of the two configuration files of DNS, restart the named service, and do the inside of DNS (local test).

Named-checkconf

Named-checkzone 192.168.5.2 / var/named/192.168.5.fx

Systemctl restart named

Nslookup

Server

Server 192.168.11.11

192.168.5.2

192.168.5.3

192.168.5.4

Exit

Deploy a secondary DNS server

Secondary DNS server: 192.168.11.12

Experimental operation on 192.168.11.12IP address host

1. Install the software

Rpm-Q bind bind-utils

Yum install-y bind bind-utils

Systemctl restart named

Systemctl enable named

Rpm-qc bind

2. Back up the specified configuration file

Cp-av named.conf {, .bak}

Cp-av named.rfc1912.zones {, .bak}

3. Modify the / etc/named.conf main configuration file to change all 127.0.0.1 and localhost in the file into any

Detect named.conf syntax: named-checkconf

4. Create DNS parsing parameters for xiongyi.com in the zone configuration file / etc/named.rfc1912.zones

Vim / etc/named.rfc1912.zone

Zone "xiongyi.com" IN {

Type slave

File "slaves/xiongyi.com"

Allow-update {none;}

Masters {192.168.11.11;}

}

5. Check whether there are xiongyi.com.zx files in the / var/named and / var/named/slaves directories, restart the named service, and then see if there are xiongyi.com.zx resource record files.

Ls / var/named/ var/named/slaves

Systemctl restart named

Ls / var/named/ var/named/slaves

Found the xiongyi.com.zx file in the / var/named/slaves directory, which was downloaded from the main DNS server 192.168.11.11

Local parsing test for DNS (internal test):

Nslookup www.xiongyi.com 127.1

Host web.qq.com 127.1

Dig mail.xiongyi.com @ 127.1

View function of DNS

DNS view: through the view function, you can resolve different IP addresses from intranet and extranet. That is, when resolving the same domain name, the clients of different network segments will query the IP addresses of different results.

Warning: on DNS servers that use DNS views, delete or comment out the configuration information of the root domain in / etc/named.conf, comment out the named.rfc1912.zones and root.key code, or you will make an error.

DNS view code: vim / etc/named.conf

Acl dianxin {defines the access control list name as dianxin Telecom

192.168.11.0 ram 24 specifies the network address and subnet mask, 24 is the subnet mask of 255.255.255.0

}

View "dianxin" {the first view name is dianxin Telecom

Match-clients {dianxin}; the network segment that matches the client side is dianxin (that is, the name defined by acl)

Recursion yes; starts a recursive query

Zone "test.com" IN {Register test.com matching configuration

Type master; type is master primary DNS server

Parse resource profile for file "dianxin.test.com.zone" area

}

}

The following is the comment:

# zone "." IN {

# type hint

# file "named.ca"

#}

# include "/ etc/named.rfc1912.zones"

# include "/ etc/named.root.key"

Cp-av / var/named/named.localhost / var/named/dianxin.test.com.zone

Vim / var/named/dianxin.test.com.zone

$TTL 1D

@ IN SOA dns1.test.com. 2604086010.qq. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns1.test.com.

Dns1 A 192.168.11.11

AAAA:: 1

Www A 192.168.11.14

Ftp A 192.168.11.12

Mail A 192.168.11.13

Local resolution test:

Systemctl restart named

Nslookup dns1.test.com 192.168.11.11

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.