Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "the steps of installing and configuring DNS server on Linux system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Brief introduction

DNS is an abbreviation for computer domain name system (Domain Name System or Domain Name Service). It consists of a parser and a domain name server. A domain name server is a server that stores the domain names and corresponding IP addresses of all hosts in the network, and has the function of translating domain names into IP addresses. The domain name must correspond to an IP address, and the IP address does not necessarily have a domain name. The domain name system uses a hierarchical structure similar to a directory tree. The domain name server is the server side in the client / server mode, and it has two main forms: the master server and the forwarding server. The process of mapping a domain name to an IP address is called domain name resolution. There is an one-to-one (or many-to-one) relationship between domain names and IP addresses on Internet, and one-to-many can also be realized by DNS round robin. Although domain names are easy for people to remember, only IP addresses are recognized between machines. The translation between them is called domain name resolution. Domain name resolution needs to be done by a special domain name resolution server, and DNS is the server for domain name resolution. DNS naming is used in TCP/IP networks such as Internet to find computers and services through user-friendly names. When a user enters a DNS name in the application, the DNS service can resolve the name to other information related to it, such as the IP address. Because, when you are on the Internet, the URL you enter is to find the corresponding IP address through the domain name resolution system, so that you can surf the Internet. In fact, the final point of the domain name is IP. [1]

DNS is divided into Client and Server,Client to play the role of asking questions, that is, asking Server a Domain Name, and Server must answer the real IP address of this Domain Name. The local DNS will check its own database first. If you do not have your own database, you will ask the DNS server set up on the DNS. After getting the answer, you will save the received answer and answer the customer. The DNS server records the names under the domain according to different authorized areas (Zone), including the secondary domain name and host name under the domain. In each name server, there is a cache cache (Cache). The main purpose of this cache is to record the name and the relative IP address queried by the name server in the cache, so that the next time another client goes to this server to query the same name, the server does not have to look for it on another host. The name record data can be found directly from the cache and sent back to the client to accelerate the speed of the name query by the client. For example:

When the DNS client queries the designated DNS server for a host name on the Internet, the DNS server will look for the name specified by the user in the database. If not, the server will first query its own cache for the record. If the name record is found, it will directly send the corresponding IP address back to the client from the DNS server. If the name server cannot be found in the data record and is not available in the cache, it will ask the nearest name server to help find the IP address of the name. There is also a query with the same action on another server. When the query is received, it will reply to the server that originally requested the query. After receiving the query result from another DNS server, the DNS server will reply to the server that originally requested the query. First, the queried host name and the corresponding IP address are recorded in the cache area, and finally, the queried result is returned to the client.

Any domain name in operation has at least two DNS servers, one called the master domain name server (such as ns1) and the other called the slave domain name server (such as ns2). These servers are usually used for failover: if one goes down, the other becomes a DNS server. In fact, two or more DNS servers work together, and the second does not take over after the first is out of service. The parser randomly selects a DNS server to query, and if it times out, it will ask the next one, which is the fault tolerance mechanism for multiple DNS. More complex failover mechanisms can also be implemented, including load balancing, firewalls, and clustering.

All DNS entries for a domain are added to the primary domain name server, and the slave server only synchronizes all information from the master server according to the serial number parameters of the SOA record on the master server.

This tutorial will show you how to create a primary DNS server that runs on CentOS. Note that the DNS server mentioned in this tutorial will be an open DNS server, which means that it will respond to queries from any IP address. Access control for DNS servers is discussed in this tutorial.

Before I begin, I would like to mention that DNS can be configured in a chroot environment or in a non-chroot environment. The chroot environment restricts the DNS server to a specific directory in the system to avoid giving the server system-level access. In this environment, the security vulnerability of any DNS server will not lead to the destruction of the whole system. Placing the DNS server in a chroot environment is also useful for deployment testing.

target

We will configure a DNS server in the test environment based on the domain name example.tst, which is fake (not real). In this way, we will not accidentally interfere with other real domain names.

There are three servers in this domain.

We will configure a primary domain name server and add the necessary domain and DNS records in the table above.

Process

Set hostname

All hostnames must be correctly defined as fully qualified domain names, which can be set in the following ways.

The code is as follows:

# vim / etc/sysconfig/network

HOSTNAME=ns1.example.tst

Note: the hostname parameter specified in this file will not be enabled until the server is started, so this setting will not take effect immediately. The following command temporarily modifies the hostname immediately.

The code is as follows:

# hostname ns1.example.tst

Once set, the hostname can be verified by the following command.

The code is as follows:

# hostname

Ns1.example.tst

Before moving on to the next step, make sure that the hostnames on the above three servers are set correctly.

Install the package

We will use bind to configure the DNS service, which can be easily installed through yum.

Not using the chroot environment:

The code is as follows:

# yum install bind bind-chroot

Using the chroot environment:

The code is as follows:

# yum install bind bind-chroot

Prepare the configuration file

As mentioned earlier, bind can be configured in a chroot environment or in a non-chroot environment, and the path to the configuration file varies depending on whether or not to install the chroot package.

You can use the named.conf profile provided by default, but to make it easier to use, we will use another simple profile template.

Non-chroot environment:

The code is as follows:

# cp / usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones / etc/named.conf

Chroot environment:

The code is as follows:

# cp / usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones / var/named/chroot/etc/named.conf

Now back up and modify the configuration file.

Non-chroot environment:

The code is as follows:

# vim / etc/named.conf

Chroot environment:

The code is as follows:

# vim / var/named/chroot/etc/named.conf

Add / modify the following lines:

The code is as follows:

Options {

# # Regional File Storage Directory # #

Directory "/ var/named"

# # requests for non-local authoritative domains are forwarded to Google's public DNS server # #

Forwarders {8.8.8.8;}

}

# # declare a local example.tst # #

Zone "example.tst" IN {

Type master

File "example-fz"; # # store the file name and put it in / var/named # #

Allow-update {none;}

}

# # provide reverse resolution for IP segment 172.16.1.0 # #

Zone "1.16.172.in-addr.arpa" IN {

Type master

File "rz-172-16-1"; # # Storage file name, put in / var/named # #

Allow-update {none;}

}

Prepare the area file

Those default zone files are automatically created to / var/named or / var/named/chroot/var/named (chroot environment). If you can't find these files in these places, the template files are provided in the / usr/share/doc/bind directory, and you can copy them from here.

Assuming that the default zone file is not provided, we can copy the template file from / usr.

Non-chroot environment:

The code is as follows:

# cp / usr/share/doc/bind-9.8.2/sample/var/named/named.* / var/named/

Chroot environment:

The code is as follows:

# cp / usr/share/doc/bind-9.8.2/sample/var/named/named.* / var/named/chroot/var/named

Fine! Now that the default zone files are ready, we can create zone files for example.tst and the 172.16.1.0 network. The following points must be kept in mind.

The special character'@'in the zone file means empty. (translation note: it means to represent the domain. )

All fully qualified domain names must be dotted with'.' End. For example, example.tst. Without this point, you will have a problem. (translation note: that is, it will be treated as a subdomain of the domain currently represented by @. )

1. Forwarding area (local authoritative domain)

The forwarding area contains a name-to-IP address mapping. For the exposed domain, the domain name hosting provider's DNS server stores the forwarding zone file. (translation note: the forwarding area is the local authority domain, and the server itself provides authoritative parsing data.)

Non-chroot environment:

The code is as follows:

# vim / var/named/example-fz

Chroot environment:

The code is as follows:

# vim / var/named/chroot/var/named/example-fz

$TTL 1D

@ IN SOA ns1.example.tst. Sarmed.example.tst. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

IN NS ns1.example.tst.

IN A 172.16.1.3

Mail IN A 172.16.1.1

IN MX 10 mail.example.tst.

Www IN A 172.16.1.2

Ns1 IN A 172.16.1.3

Ftp IN CNAME www.example.tst.

Description: in the area file, SOA means Start Of Authority. The first paragraph of its value is the fully qualified domain name of the authorized name server. The fully qualified domain name is followed by an email address. Because the'@ 'symbol cannot be used in a format such as sarmed@example.tst. ), we rewrite the email address to sarmed.example.tst. This format.

The following are typical common DNS record types:

NS: domain name server

A: address record, recording the mapping of hostname to IP address. )

MX: Mail exchange records. Here we only use one mail exchange record and set its priority to 10. If there are multiple mail exchange records, we can use multiple numerical priorities, and the one with a small number has the highest priority. For example, MX 0 has a higher priority than MX 1.

CNAME: standard name. If multiple services are hosted on a single server, it is also possible to resolve multiple names to a single server. CNAME specifies other names that a server might have and points them to names with actual A records.

two。 Reverse region

The reverse area contains the IP address-to-name mapping. Here, we create a reverse area for the 172.16.1.0 network. In a formal domain, the DNS server owned by the owner of the public IP block stores the reverse zone file. (some services, such as mail services, require correct reverse resolution of IP addresses to work properly. On the other hand, the reverse parsing of IP is usually handled by the owner of IP, such as access provider or IDC. )

Non-chroot environment:

The code is as follows:

# vim / var/named/rz-172-16-1

Chroot environment:

The code is as follows:

# vim / var/named/chroot/var/named/rz-172-16-1

$TTL 1D

@ IN SOA ns1.example.tst. Sarmed.example.tst. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

IN NS ns1.example.tst.

1 IN PTR mail.example.tst.

2 IN PTR www.example.tst.

3 IN PTR ns1.example.tst.

Note: except for the following parameters, most of the parameters in the reverse zone file are the same as those in the forwarding zone file.

PTR: IP reverse resolution record, pointing to a reverse qualified domain name.

Finish the work

Now that the zone files are ready, let's adjust their permissions.

Non-chroot environment:

The code is as follows:

# chgrp named/ var/named/*

Chroot environment:

The code is as follows:

# chgrp named/ var/named/chroot/var/named/*

Now, let's set the IP address for the DNS server.

The code is as follows:

# vim / etc/resolv.conf

Nameserver 172.16.1.3

Finally, we can start the DNS service and make sure that it is added to the startup service.

The code is as follows:

# service named restart

# chkconfig named on

After the DNS server starts, it is recommended to pay attention to the log file / var/log/messages, which contains some useful information about running in the background. If no errors are found, we can start testing the DNS server.

Test DNS

We can use dig or nslookup to test DNS. First, we need to install the necessary software packages.

The code is as follows:

# yum install bind-utils

1. Use dig to test the forwarding area

When testing with dig, you must always pay attention to the status message: "NOERROR", and any other value indicates a problem.

The code is as follows:

# dig example.tst

;;-> > HEADERHEADERHEADER

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.