Shulou(Shulou.com)06/01 Report--

According to the example analysis of realizing DNS function through Bind under RHEL 5, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

The role and related concepts of DNS are not discussed in this article, but only how to implement the common functions of DNS through the BIND of RHEL 5.1.

BIND required package: bind (BIND server package, which is not installed in the RHEL5 system by default), bind-utils (provides testing tools for DNS server, system default installation), bind-chroot, caching-nameserver.

Install BIND through yum

The following installation package is an example of a configuration file:

Configure chroot

Chroot is an installation mechanism for BIND. After using chroot, it will virtualize a directory for BIND such as / and / etc that BIND needs to use. This virtual directory can be modified through the / etc/sysconfig/named file, but you can generally use the default virtual directory directly.

1: located on the * * line of the file. It means that / var/named/chroot is / for BIND. For example, if / etc/named.conf is written in a BIND configuration file, the actual path to this file should be var/named/chroot/etc/named.conf.

All subsequent BIND configurations are done in / var/named/chroot

BIND configuration steps

The use of BIND first obtains the DNS-related options through the global configuration file and determines the main configuration file that needs to be enabled. The querable area and the corresponding zone configuration file are defined in the main configuration file, and the related resource records are defined in the zone configuration file.

Global configuration

There is an example file for global configuration in the etc directory. Make a copy of it and rename it named.conf. Be sure to add-a when copying as shown below, because the BIND service cannot run if the global profile owning group is not named.

Modify the global configuration file

1: the options are configured as follows:

◆ listen-on port 53 {127.0.0.1;}; this is the port on which DNS listens and the IP. The setting here means that only the address 127.0.0.1 is listened on. If this option is not defined, it means listening on all networks.

◆ directory "/ var/named" refers to the main profile path, which is also a relative path, and its absolute path / var/named/chroot/var/named

◆ query-source port 53; the client must use 53 as the source port when performing DNS queries

◆ allow-query {localhost;}; allows clients to submit queries. If this option is not defined, all queries are allowed.

◆ allow-recursion {192.168.0.0Action24Tract192.168.0.1Universe 24}: allows clients to submit recursive queries. If this option is not defined, all are allowed.

◆ allow-transfer {192.168.0.254;}: a DNS server (secondary DNS) that allows zone transfer, not writing means allowing all

Forwarders {192.168.0.9;}: transponder

◆ forward only | first:only: if it cannot be found in the specified transponder, the root will not be queried. First means fast forwarding (default).

2: define the main configuration file. There can be more than one in this section. Only the name localhost_resolver is required not to be duplicated.

◆ match-clients {localhost;}; source IP of the client

Match-destinations {localhost;}; parsed target IP

Recursion yes; if the FQDN submitted by the client does not exist on this server, then the server will help the client to query

◆ include "/ etc/named.rfc1912.zones"; specify the main profile

All the specified address ranges in the above parameters (such as listen-on, match-clients, etc.) can be written as follows:

◆ single IP:192.168.0.1

◆ network segment: 192.168.0.0Mab 24

◆ specifies multiple IP:192.168.0.1;192.168.0.2

◆ segment: 192.168.0.

It can still be used! Indicates that it does not include

◆ none: does not match all

◆ any: matches all

◆ localhost:DNS host

◆ localnet: same network segment as DNS host

A collection of computers can be defined at the top of the global configuration file through the following files, or the collection name can be used in the specified address range.

The following is a master configuration file that has been configured:

1: listen for all local IP DNS requests, but only respond to clients with network segments of 192.168.0.0 and 192.168.1.0 / 24.

2: enable the main configuration file / etc/example0.com when the customer's IP belongs to the 192.168.0.0 IP 24 network segment; enable the / etc/example1.com master profile when the customer's IP belongs to the 192.168.0.1 Universe 24 network segment.

Master configuration file

There is an example file for the main configuration in the etc directory, and you will make a copy of it and rename it example0.com. Be sure to add-a when copying as shown below, because the BIND service will not run if the owning group of the main profile is not named.

The other contents of the main configuration file do not need to be modified, as long as you make a copy of the existing forward and reverse area contents for modification

Zone: specify the region name; type: specify the type

Types

Description

Master

Master DNS server: owns the zone data file and provides management data for this area

Slave

Secondary zone: owns a copy of the primary DNS server zone data file, and the secondary DNS server synchronizes all zone data from the primary DNS server

Stub

A stub zone is similar to slave, but it replicates only the NS records on the primary DNS server, unlike the secondary DNS server, which replicates all zone data

Forward

An forward zone is a major part of the configuration forwarding for each domain. The type forward in a zone statement can include a forward and or forwarders clause, which is queried in the domain given the region name. If there is no forwarders statement or the forwarders is an empty table, then the domain will not be forwarded, eliminating the forwarding configuration in the options statement

Hint

The initialization group of the root domain name server specifies the trail area hint zone that is used, and when the server starts, it uses the root thread to find the root domain name server and find the nearest list of root domain name servers. If no thread area for class IN is specified, the server uses the default root server thread at compile time. Categories that are not IN do not have a built-in default thread server

File: specifies the zone profile in which resource records are defined

Allow-update: specifies the type of dynamic update. None indicates that dynamic update is not allowed.

It is indicated here that the zone profile for the example.com zone is named example.com.zone,192.168.0.0/24 and the reverse zone profile is named zone.example.com. The two files should be located in the / var/named (defined in the global configuration file) directory, this path is also a relative path, its absolute path / var/named/chroot/var/named.

Zone profile

There are a forward example and a reverse example in / var/named. Make a copy of these two examples and modify them. For example, the following figure must be copied with-a, because if the owning group of the zone configuration file is not named, the BIND service cannot run.

Edit forward profile

When writing a resource record, @ means inheriting the region name in the main configuration file, and the leftmost column does not write the contents of the previous line. This is just for convenience, and you can write all of them at a time.

$TTL:DNS cache time (in seconds)

SOA record

◆ primary domain name server: the FQDN of the DNS server in the zone

◆ administrator: @ is used in the administrator's email address. Replace

◆ serial number: the region is copied according to. Each time the data of the main area is modified, its value should be increased manually.

◆ refresh interval: the default is in seconds, or you can use the time unit shown in the figure above to assist the DNS server to request the waiting time to synchronize with the source server. When the refresh interval expires, the secondary DNS server requests a copy of the SOA record of the source server. The secondary DNS server then compares the sequence number of the SOA record of the source server with the sequence number of its local SOA record, and if different, the secondary DNS server requests zone transmission from the primary DNS server. The default time for this domain is 900 seconds

◆ retry time: by default, the unit of time is in seconds. You can also specify how long the auxiliary DNS server will wait for a retry after the request fails. Usually this should be shorter than the refresh time. The default is 600 seconds.

◆ expiration time: by default, the unit of time is in seconds, as shown in the figure above. When this time expires, if the secondary DNS server is unable to transfer to the source server, the secondary DNS server will treat its local data as unreliable data. The default value is 86400 seconds

◆ TTL: default is in seconds. You can also specify the default survival time of the time unit area and the * interval of the cache negative reply name query as shown in the figure above. The default value is 3600 seconds

NS record

A resource record

CNAME resource record

MX resource record

Edit reverse profile

Configure the secondary area

In the main area described above, the zone transfer of 192.168.0.254 has been allowed, and only the zone configuration file of BIND on 192.168.0.254 is required.

Masters: specify the primary server.

Files: refers to the secondary zone configuration file, which must be stored in the slaves (absolute path / var/named/chroot/var/named/slaves) directory. Secondary zone profiles do not need to be established, and the contents of these two secondary zone profiles will be copied from the primary server as long as the named service is restarted.

Manual area transmission

Dig-t axfr | ixfr zone name @ secondary DNS server

Axfr: full transfer

Ixfr: incremental transmission

Dig-t axfr example.com @ 192.168.0.254 means that the zone example.com content is fully transferred to the DNS server 192.168.0.254 where the secondary zone is located.

Configure forwarding

◆ fully forwarded

Modify the main global configuration file.

◆ conditional forwarding

The query mode of the forwarding server must allow recursive queries.

If the forwarding server list is multiple DNS servers, it will try in turn until the query information is obtained.

Configure delegation

Delegate the subdomain wh.example.com of the zone example.com on 192.168.0.14 to 192.168.0.254.

Add the following to the example.com zone configuration file in 192.168.0.14

Establish a regional wh.example.com on 192.168.0.254

Cache server

Just add the following configuration to the global configuration file

This is the answer to the sample analysis question on the implementation of DNS function through Bind under RHEL 5. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.