Shulou(Shulou.com)06/03 Report--

DNS oversees the authoritative name server to store and provide the actual data for a zone (the entire DNS domain or part of the DNS domain). The types of authoritative name servers include Master, which contains raw zone data. Sometimes called the "primary" name server Slave: a backup server that transmits a copy of the zone data obtained from the Master server through the zone. Sometimes called "secondary" name server non-authoritative / recursive name server-through which the client looks for data from the authoritative name server. The types of recursive name servers include saving name servers: for lookup only, there is no authority for anything other than non-important data. The Stub parser on the DNS lookup client sends the query to the name server in / etc/resolv.conf. If the name server is authoritative about the requested information, it will send the authoritative answer to the client, otherwise If the name server has requested information in its cache, it will send the non-authoritative answer to the client, and if there is no information in the cache, the name server will search the authoritative name server to find the information, starting from the root zone, searching down according to the DNS hierarchy until there is an authoritative name server for the information to get the answer for the client. In this case, the name server passes the information to the client and keeps a copy in its own cache for later lookup. The DNS resource record DNS area stores information in the form of resource records. Each resource record has a type that indicates the data type it retains. -A: name to IPv4 address-AAAA: name to IPv6 address-CNAME: name to "canonical name" (including another name of the A/AAAA record)-PTR: IPv4/IPv6 address to name-MX: Mail exchanger for the name (where to send its email)-NS: name server for the domain name-SOA: "Authorization initiation" DNS zone information (management information) DNS troubleshooting it displays details from DNS lookups This includes why the query failed:-NOERROR: query success-NXDOMAIN: DNS server prompt does not exist such a name-SERVFAIL: DNS server downtime or DNSSEC response verification failed-REFUSED: DNS server refuses to answer (perhaps for access control reasons) the partial content title of the dig output indicates information about the query and answer This includes any special flags for response status and settings (aa for authoritative answers, etc.)-QUESTION: present the actual DNS query-ANSWER: response (if any)-AUTHORITY: name server responsible for the domain / zone-ADDITIONAL: other information provided It's usually about the name server-the comment at the bottom indicates that the recursive name server that sent the query and the time cache DNS server it took to get the response BIND is the most widely used open source name server. In RHEL, the firewall opening ports 53/TCP and 53/UDP are provided through the bind package. The main configuration file for BIND is / etc/named.conf. The / var/named directory contains the syntax of other data files used by the name server / etc/named.conf / or # until the end of the line is a comment; the text between / * and * / is also a comment (which can span multiple lines) instructions ending with a semicolon Many instructions assume that address matching lists are placed in curly braces, in a list of IP addresses or subnets in CIDR notation, or in named ACL (for example, any; [all hosts] and none; [No hosts]). The file starts with an options block that contains instructions to control how named works. The zone block controls how named looks up the root name server and zone that are authoritative to it. Some important options instructions isten-on control the IPv4 address that named listens on listen-on-v6 controls the IPv6 address that named listens on allow-query controls which clients can ask the DNS server for information forwarders contains the list of name servers to which the DNS query will be forwarded (instead of directly contacting the external name server; in the case of a fire wall

Very useful)

All of these instructions treat the semicolon-separated elements in parentheses as address matching lists. For example,-listen-on {any;};-allow-query {127.0.0.1; 10.0.0.0amp 8}

Construction of experimental environment

1. Reset desktop,server first

two。 Set the memory of the virtual machine to prevent the machine from jamming.

3. Server configuration

(1) # # configure the network

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0

[root@localhost ~] # systemctl restart network

(2) # # modify the server name

[root@localhost ~] # hostnamectl set-hostname dns-server.westos.com

[root@localhost ~] # hostname

Dns-server.westos.com

(3) # # configure yum source

[root@localhost ~] # vim / etc/yum.repos.d/rhel_dvd.repo

[root@localhost ~] # ifconfig

(4) # # install DNS

[root@dns-server ~] # yum search dns

[root@dns-server ~] # yum install bind.x86_64-y

(5) # # configure server

[root@dns-server ~] # systemctl stop firewalld # close the fire wall

[root@dns-server ~] # ll / etc/rndc.key # # View / etc/rndc.key file information

[root@dns-server ~] # systemctl start named # enable the service

[root@dns-server ~] # ll / etc/rndc.key # # View / etc/rndc.key file information

[root@dns-server ~] # cat / etc/rndc.key # # View the contents of / etc/rndc.key file

[root@dns-server ~] # netstat-antlpe | grep named

[root@dns-server ~] # vim / etc/named.conf # Edit configuration file

Options {# # Global Settings

Listen-on port 53 {any;}; # # listening on local port 53

Listen-on-v6 port 53 {:: 1;}; # # turn off ipv6 option

Directory "/ var/named"

Dump-file "/ var/named/data/cache_dump.db"

Statistics-file "/ var/named/data/named_stats.txt"

Memstatistics-file "/ var/named/data/named_mem_stats.txt"

Allow-query {any;}; # # allow networks directly connected to the local network to use

Forwarders {172.25.254.250;} # # points to dns

[root@dns-server ~] # systemctl start named # enable the service

[root@dns-server ~] # netstat-antlpe | grep named # filter all information about named

[root@dns-server ~] # cat / dev/random # View / dev/random content

A forward analysis

Server side

[root@dns-server ~] # cd / var/named

[root@dns-server named] # pwd

/ var/named

[root@dns-server named] # ls

Data named.ca named.localhost slaves

Dynamic named.empty named.loopback

[root@dns-server named] # cp-p named.localhost westos.com.zone

# # using templates to generate dns configuration files

[root@dns-server named] # vim westos.com.zone

[root@dns-server named] # vim / etc/named.rfc1912.zones

Zone "westos.com" IN {# specifies the domain name to be maintained

Type master

File "westos.com.zone"; # # specify A record file name

Allow-update {none;}; # # does not allow users to update

}

[root@dns-server named] # systemctl restart named # restart the service

Client

3 vim / etc/resolv.conf # Edit configuration file

4 dig dns.westos.com # # query

5 dig www.westos.com

Two multi-directional analysis

1. Configure the network card

Server side

Add a network card

Configure the network

48 ifconfig

50 cd / etc/sysconfig/network-scripts/ # change to the / etc/sysconfig/network-scripts/ directory

51 ls

52 cp ifcfg-eth0 ifcfg-eth2 # copy ifcfg-eth2 template

53 ls

54 vim ifcfg-eth2 # # Edit ifcfg-eth2 file

55 systemctl restart network # restart the network

56 systemctl restart named # restart the service

57 netstat-antlpe | grep named # filter all information about named

two

Server side

15 cd / var/named/

16 ls

20 cp-p westos.com.zone westos.com.inter # copy westos.com.inter template

21 vim westos.com.inter # # Edit westos.com.inter file

$TTL 1D

@ IN SOA dns.westos.com. Root.westos.com. (

| | |

Hostname of the dns server 0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns.westos.com. # # specify dns hosts

Dns A 172.25.254.144 # # specifies the A record of the dns server

Www A 172.25.254.244 # # A record to add

Music CNAME music.a.westos.com.

Music.an A 172.25.254.111

Music.an A 172.25.254.222

Westos.com. MX 1 172.25.254.244.

22 cp-p / etc/named.rfc1912.zones / etc/named.rfc1912.inter # copy / etc/named.rfc1912.inter template

23 vim / etc/named.rfc1912.inter # # Edit / etc/named.rfc1912.inter file

Zone "westos.com" IN {

Type master

File "westos.com.inter"

Allow-update {none;}

}

24 vim / etc/named.conf # # Edit / etc/named.conf file

View localnet {

Match-clients {172.25.254.0Universe 24;}; # # allow network use

Zone "." IN {

Type hint

File "named.ca"

}

Include "/ etc/named.rfc1912.zones"

}

View internet {

Match-clients {172.25.44.0swap 24;}; # # allow network use

Zone "." IN {

Type hint

File "named.ca"

}

Include "/ etc/named.rfc1912.inter"

}

25 man named.conf # description of named

26 fg

29 systemctl restart named

49 systemctl status firewalld

50 systemctl stop firewalld

3 client tests 254 and 44

45 mail root@westos.com # create a message

46 mailq # send email

(1) 172. 25.254.144

23 vim / etc/resolv.conf

24 dig music.westos.com

25 dig-t mx westos.com

(2) 172.25.44.11

1 vim / etc/resolv.conf

2 dig music.westos.com

3 dig-t mx westos.com

Three reverse parsing

Server

58 vim / etc/named.rfc1912.zones

48 zone "254.25.172.in-addr.arpa" IN {

49 type master

50 file "westos.com.ptr"

51 allow-update {none;}

52}

59 cp-p named.loopback westos.com.ptr

60 vim westos.com.ptr

$TTL 1D

@ IN SOA dns.westos.com. Root.westos.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns.westos.com.

Dns A 172.25.254.244

111 PTR www.westos.com

61 systemctl restart named

Client

Dig-x 172.25.254.111.

Four dns updates

Server side

Update

[root@dns-server] # cp-p / var/named/westos.com.zone / mnt/

[root@dns-server ~] # vim / etc/named.rfc1912.zones

Zone "westos.com" IN {

Type master

File "westos.com.zone"

Allow-update {172.25.254.144;}

}

[root@dns-server ~] # chmod 770 / var/named/

[root@dns-server ~] # setsebool-P named_write_master_zones 1

[root@dns-server ~] # systemctl restart named

View updates

[root@dns-server ~] # cd / var/named

[root@dns-server named] # vim westos.com.zone

[root@dns-server named] # systemctl restart named

[root@dns-server named] # vim westos.com.zone

Delete

[root@dns-server named] # rm-fr westos.com.zone westos.com.zone.jnl

[root@dns-server named] # cp-p / mnt/westos.com.zone.

[root@dns-server named] # ll-d

Drwxrwx---. 5 root named 4096 May 6 04:17.

[root@dns-server named] # ls-l

Total 32

Drwxrwx---. 2 named named 22 May 5 22:09 data

Drwxrwx---. 2 named named 4096 May 6 04:10 dynamic

-rw-r-. 1 root named 2076 Jan 28 2013 named.ca

-rw-r-. 1 root named 152 Dec 15 2009 named.empty

-rw-r-. 1 root named 152 Jun 21 2007 named.localhost

-rw-r-. 1 root named 168 Dec 15 2009 named.loopback

Drwxrwx---. 2 named named 6 Jan 29 2014 slaves

-rw-r-. 1 root named 410 May 6 03:35 westos.com.inter

-rw-r-. 1 root named 204 May 6 03:53 westos.com.ptr

-rw-r-. 1 root named 415 May 5 23:52 westos.com.zone

[root@dns-server named] # systemctl restart named

[root@dns-server named] # vim westos.com.zone

Client

Increase

[root@localhost ~] # nsupdate

> server 172.25.254.244

> update add hello.westos.com 86400 A 172.25.254.222

> send [ctrl+d]

[root@localhost ~] # dig hello.westos.com

Delete

[root@localhost ~] # nsupdate

> server 172.25.254.244

> update delete hello.westos.com 86400 A 172.25.254.222

> send [ctrl+d]

5. Encrypted upload dnskey update

Server side

one

[root@dns-server] # dnssec-keygen-a HMAC-MD5-b 32-n HOST westoskey # # make the key

Kwestoskey.+157+59437

[root@dns-server ~] # ls

Anaconda-ks.cfg Downloads Music Templates

Desktop Kwestoskey.+157+18814.key Pictures Videos

Documents Kwestoskey.+157+18814.private Public

two

[root@dns-server] # cp-p / etc/rndc.key / etc/westos.key

[root@dns-server ~] # vim / etc/westos.key # # configuration key file

[root@dns-server ~] # cat / etc/westos.key

Key "westoskey" {

Algorithm hmac-md5

Secret "HqglOQ=="

}

[root@dns-server ~] # cat Kwestoskey.+157+18814.key

[root@dns-server ~] # cat Kwestoskey.+157+18814.private

three

[root@dns-server ~] # vim / etc/named.conf # # configure DNS

42 include "/ etc/westos.key"

[root@dns-server ~] # vim / etc/named.rfc1912.zones

Zone "westos.com" IN {

Type master

File "westos.com.zone"

Allow-update {key westoskey;}

}

[root@dns-server ~] # systemctl restart named

four

[root@dns-server] # scp Kwestoskey.+157+18814.* root@172.25.254.144:/mnt/ # # lower the key

Client

[root@localhost ~] # cd / mnt/

[root@localhost mnt] # ls

Kwestoskey.+157+18814.key Kwestoskey.+157+18814.private

[root@localhost mnt] # nsupdate-k Kwestoskey.+157+18814.private

# # upload with key

10-May-2017 11:32:55.412 the key' westoskey' is too short to be secure

> server 172.25.254.244

> update add hello.westos.com 86400 A 172.25.254.111

> send

> [root@localhost mnt] dig hello.westos.com

Six trends

Server side

one

[root@dns-server ~] # yum install dhcp-y # # install dhcp

two

[root@dns-server ~] # cp/ usr/share/doc/dhcp-4.2.5/dhcpd.conf.example / etc/dhcp/dhcpd.conf

Cp: overwrite'/ etc/dhcp/dhcpd.conf'? Y

[root@dns-server ~] # vim / etc/dhcp/dhcpd.conf # # configure dhcp file

7 option domain-name "westos.com"

8 option domain-name-servers 172.25.254.244

14 ddns-update-style interim

30 subnet 172.25.254.0 netmask 255.255.255.0 {

31 range 172.25.254.50 172.25.254.60

32 option routers 172.25.254.250

33}

thirty-four

35 key westoskey {

36 algorithm hmac-md5

37 secret "HqglOQ=="

38}

39 zone westos.com. {

40 primary 127.0.0.1

41 key westoskey

42}

Client

[root@localhost ~] # hostnamectl set-hostname test.westos.com

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=dhcp

ONBOOT=yes

[root@localhost ~] # systemctl restart network

[root@test ~] # icconfig

[root@test ~] # dig test.westos.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.