Shulou(Shulou.com)06/03 Report--

A brief introduction to DNS

The full name of DNS (Domain Name System) is the domain name system, also known as the domain name server, which maps IP addresses to domain names.

In this way, you don't have to remember the IP address to access the server, thus accessing the server through the domain name, which is usually easier to remember than the IP address.

Dns is usually implemented by one or more centralized servers, which have certain authority. When the client initiates a request to DNS, it usually accesses the server's UDP protocol port 53. If the server does not have the authority to resolve the domain name requested by the user, it will usually query the root domain name server and find that the resolution result is returned to the client.

1.1 Domain name area

On DNS servers, such as bind, all information is stored in underlying data elements called resource records (PR). Resource records are usually fully qualified domain name (FQDN) hosts and parsed into multiple parts to form a tree-like hierarchy. The hierarchical structure consists of trunk, main branch, secondary branch, etc.

Such as:

Www.baidu.com

In the above example domain name, it is divided into three parts, separated by "."

Com is its top-level domain name and cannot be modified after registration

Baidu is a second-level domain name and cannot be modified after registration

Www host name, which can be customized, that is, www can be changed to the string you need, such as ftp, mail, file, etc.

1.2 Domain name server type

1.2.1 authoritative Server (authoritative)

The answer of authoritative domain name servers is part of their regional resource records, including top-level domain names and second-level domain names.

1.2.2 Recursive Server (Recursive)

The recursive domain name server provides resolution services, but does not resolve areas, and all parsing answers are cached in memory.

Second, install bind (Berkeley Internet Name Domain)

2.1 installation

2.1.1 rhel/centos:

Yum install bind-y

2.1.2 debian/ubuntu:

Apt-get install bind

2.2 configure bind

2.2.Personality 1 profile path

The service after bind installation is called named

File path description

/ etc/named.conf

/ etc/named/

/ var/named/

Named main configuration file

Secondary directory containing configuration files

Zone profile

2.2.2 Editing the configuration file

2.2.2.1 the configuration file contains a set of statements containing nesting options and {} opens and closes. The named service cannot be started without syntax errors when editing.

Options {allow-query {localhost;}; # allow the requested host / any to represent all listen-on port 53 {127.0.0.1;}; # listen address and port listen-on-v6 port 53 {:: 1;}; max-cache-size 256m; # / maximum cache directory "/ var/named" # Zone file directory statistics-file "/ var/named/data/named_stats.txt"; recursion yes; dnssec-enable yes; dnssec-validation yes;}

2.2.2.2 add custom zone configuration

[root@master ~] # cat / etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named (8) DNS// server as a caching only nameserver (as a localhost DNS resolver only). / See / usr/share/doc/bind*/sample/ for example named configuration files.//options {/ / Global configuration options for servers and some default settings listen-on port 53 {any;} / / listening port, which can also be written as {127.0.0.1; 192.168.56.104;} # listen-on-v6 port 53 {:: 1;}; / / a pair of ip6 supports directory "/ var/named"; / / regional file storage directory dump-file "/ var/named/data/cache_dump.db"; / / dump cach directory directorystatistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;}; / / specify the host that is allowed to query, of course, all computers can check recursion yes; / / set to query recursively allow-transfer {192.168.56.105;}; / / specify the host that is allowed to accept regional transmission requests. To be clear, it is the ipdnssec-enable yes;dnssec-validation yes of the secondary dns. Dnssec-lookaside auto;/* Path to ISC DLV key * / bindkeys-file "/ etc/named.iscdlv.key"; managed-keys-directory "/ var/named/dynamic";}; logging {/ / specify the content of server log records and the source of log information channel default_debug {file "data/named.run"; severity dynamic;};}; zone "." IN {type hint;file "named.ca";}; include "/ etc/named.rfc1912.zones"; / / include the file, that is, load / etc/named.rfc1912.zones#include "/ etc/named.root.key" here

2.2.2.3 Editing the area file

$ORIGIN example.com.$TTL 86400 @ IN SOA dns1.example.com. Hostmaster.example.com. (2001062501; serial# sequence number 21600; refresh interval 3600; retry interval 604800; expire after 1 week 86400); minimum TTL of 1 day;; IN NS dns1.example.com. IN NS dns2.example.com.dns1 IN A 10.0.1.1 # A records IN AAAA aaaa:bbbb::1dns2 IN A 10.0.1.2 IN AAAA aaaa:bbbb::2;;@ IN MX 10 mail.example.com. IN MX 20 mail2.example.com.mail IN A 10.0.1.5 IN AAAA aaaa:bbbb::5mail2 IN A 10.0.1.6 IN AAAA aaaa:bbbb::6;;; This sample zone file illustrates sharing the same IP addresses; for multiple services: Services IN A 10.0.1.10 IN AAAA aaaa:bbbb::10 IN A 10.0.1.11 IN AAAA aaaa:bbbb::11ftp IN CNAME services.example.com.www IN CNAME services.example.com.

/ etc/named.conf needs to be added:

Zone "example.com" IN {type master; file "example.com.zone"; allow-update {none;};}

3. Start named service

Service named start

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.