Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

3-unit3 cache DNS

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

# # caching DNS####

# # Learning goals

Configure cached DNS

General Manager of 1.DNS

Authoritative name server

-stores and provides actual data for an area (the entire DNS domain or part of the DNS domain). The types of authoritative name servers include

Master: contains the original zone data. Sometimes called "primary" name server

Slave: a backup server that transmits copies of zone data obtained from a Master server through a zone. Sometimes called "secondary" name server

Non-authoritative / recursive name server

-the client looks for data from the authoritative name server. The types of recursive name servers include

Cache name server only: for lookup only, there is no authority for anything other than non-important data

DNS search

-the Stub parser on the client sends the query to the name server in / etc/resolv.conf

-if the name server is authoritative about the requested information, it sends the authoritative answer to the client

-otherwise, if the name server has the requested information in its cache, it will send the non-authoritative answer to the client

-if the cache can only have no information, the name server will search the authoritative name server for information, starting with the root zone, according to

DNS layer

The secondary structure searches down to the name server that is authoritative for the information, so as to get the answer for the client. In this case, the name ch said that the server passed the information to the client and kept a copy in its own cache for later search.

2.DNS resource record

The DNS area stores information in the form of resource records. Each resource record has a type indicating the type of data it retains

-A: name to IPv4 address

-AAAA: name to IPv6 address

-CNAME: name to "canonical name" (contains another name of the A/AAAA record)

-PTR: IPv4/IPv6 address to name

-MX: the mail exchanger for the name (where to send its email)

-NS: name server of the domain name

-SOA: "start of authorization", information of DNS area (management information)

3.DNS troubleshooting

It displays details from the DNS lookup, including why the query failed:

-NOERROR: query succeeded

-NXDOMAIN: DNS server prompts that such a name does not exist

-SERVFAIL: DNS server is down or DNSSEC response verification failed

-REFUSED: the DNS server refuses to answer (perhaps for access control reasons)

Part of the 4.dig output

The title indicates information about queries and answers, including any special markers for response status and settings (aa for authoritative answers, etc.)

-QUESTION: put forward the actual DNS query

-ANSWER: response (if any)

-AUTHORITY: the name server responsible for the domain / zone

-ADDITIONAL: additional information provided, usually about the name server

-the comment at the bottom indicates the recursive name server that sent the query and the time it took to get the response

5. Cache DNS server

BIND is the most widely used open source name server

In RHEL, it is provided through the bind package

Firewall opens ports 53/TCP and 53/UDP

The main configuration file for BIND is / etc/named.conf

The / var/named directory contains other data files used by the name server

Syntax of 6./etc/named.conf

/ / or # until the end of the line is a comment; the text between / * and * / is also a comment (can span multiple lines)

Instruction ends with a semicolon (;)

Many instructions assume that address matching lists are placed in curly braces, in a list of IP addresses or subnets in CIDR notation, or in named ACL (such as any; [all hosts] and none; [No hosts])

The file starts with an options block that contains instructions to control how named works

The zone block controls how named looks up the authoritative root name server and zone for it

7. Some important options instructions

Listen-on controls the IPv4 address that named listens on

Listen-on-v6 controls the IPv6 address that named listens on

Allow-query controls which clients can ask the DNS server for information

Forwarders contains a list of name servers to which the DNS query will be forwarded (instead of contacting the external name server directly; useful when there is a fire wall)

All of these instructions treat the semicolon-separated elements in parentheses as address matching lists. Such as

-listen-on {any;}

-allow-query {127.0.0.1; 10.0.0.0 Universe 8}

8. Configure the name server

Install the bind package

-yum install bind-y

Edit / etc/named.conf # # modify the configuration file

-listen-on port 53 {any;}; # # allow anyone to open the ipv4 port

-listen-on-v6 port 53 {any;}; # # allow anyone to open the ipv6 port

-allow-query {any;}; # # allow anyone to dns to query the address

-forwarders {172.25.254.254;}; # # visit 172.25.254.254

Start and enable the DNS server

Systemctl start named

Systemctl enable named

Test from desktopX:

-dig cla***oom.example.com

I. DNS service

1.yum install bind.x86_64-y

2.vim / etc/named.conf # # modify configuration file

11 listen-on port 53 {any;}; # # allow anyone to open the ipv4 port

17 allow-query {any;}; # # allow anyone to dns to query the address

55zone "westos.com" IN {

56 type hint

57 file "westos.com.zone"

58}

3.vim / etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type master

27 file "westos.com.zone"

28 allow-update {none;}

29}

4.cp-p / var/named/named.localhost / var/named/westos.com.zone

Vim / var/named/westos.com.zone

$TTL 1D

@ IN SOA dns.westos.com. Root.westos.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns.westos.com.

Dns A 172.25.254.60

Www A 172.25.254.162

Music CNAME music.a.westos.com.

Music.an A 172.25.254.111

Music.an A 172.25.254.222

Westos.com. MX 1 172.25.254.60.

5. test

*) vim / etc/resolv.conf

Nameserver 172.25.254.60

*) dig www.westos.com

*) dig-t mx westos.com

*) dig music.westos.com

two。 Forward analysis

1.cp-p westos.com.zone westos.com.inter

2.vim westos.com.inter

$TTL 1D

@ IN SOA dns.westos.com. Root.westos.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns.westos.com.

Dns A 172.25.62.60

Www A 172.25.62.162

Music CNAME music.a.westos.com.

Music.an A 172.25.62.111

Music.an A 172.25.62.222

Westos.com. MX 1 172.25.62.60.

3.cp-p / etc/named.rfc1912.zones / etc/named.rfc1912.inter

4.vim / etc/named.rfc1912.inter

Zone "westos.com" IN {

Type master

File "westos.com.inter"

Allow-update {none;}

}

5.vim / etc/named.conf

50 / *

51 zone "." IN {

52 type hint

53 file "named.ca"

54}

fifty-five

56 include "/ etc/named.rfc1912.zones"

57 include "/ etc/named.root.key"

58 * /

fifty-nine

60 view localnet {

61 match-clients {172.25.254.0lap24;}

62 zone "." IN {

63 type hint

64 file "named.ca"

65}

66 include "/ etc/named.rfc1912.zones"

67}

sixty-eight

69 view internet {

70 match-clients {172.25.62.0lap24;}

71 zone "." IN {

72 type hint

73 file "named.ca"

74}

75 include "/ etc/named.rfc1912.inter"

76}

6. test

*) vim / etc/resolv.conf

Nameserver 172.25.62.60

*) [root@dns-client162 ~] # dig www.westos.com

three。 Reverse parsing

1.vim / etc/named.rfc1912.zones

Zone "254.25.172.in-addr.arpa" IN {

Type master

File "westos.com.ptr"

Allow-update {none;}

}

2.cp-p / var/named/named.loopback / var/named/westos.com.ptr

3.vim / var/named/westos.com.ptr

$TTL 1D

@ IN SOA dns.westos.com. Root.westos.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS dns.westos.com.

Dns A 127.25.254.60

111 PTR www.westos.com.

222 PTR bbs.westos.com.

4. test

[root@dns-client162] # dig-x 172.25.254.222

IV. Dns updates

1. Backup westos.com.zone

Cp-p / var/named/westos.com.zone / mnt

two。 Allow 172.25.254.162 updates

Vim / etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type master

27 file "westos.com.zone"

28 allow-update {172.25.254.162;}

29}

3. Modify permissions

Chmod 770 / var/named/

4. Open the named_write_master_zones service

Setsebool-P named_write_master_zones 1

5. test

[root@dns-client162 ~] # nsupdate

> server 172.25.254.60

> update add .westos.com 86400 A 172.25.254.222

> send

5. DNS encryption update

1. Encrypt

Dnssec-keygen-a HMAC-MD5-b 128-n HOST westoskey # # name westoskey

two。 Secret key

Cp-p / etc/rndc.key / etc/westos.key

Vim / etc/westos.key

Key "westoskey" {

Algorithm hmac-md5

Secret "cO4YCYcToTDA7mWqZSRRtA=="

}

3. Configure the dns service

*) vim / etc/named.conf

43 include "/ etc/westos.key"

*) vim / etc/named.rfc1912.zones

25 zone "westos.com" IN {

26 type master

27 file "westos.com.zone"

28 allow-update {key westoskey;}

29}

4. test

*) scp / mnt/Kwestoskey.+157+37962.* root@172.25.254.162:/mnt

*) on 172.25.254.162 host

[root@dns-client162] # nsupdate-k / mnt/Kwestoskey.+157+37962.private

> server 172.25.254.60

> update add .westos.com 86400 A 172.25.254.222

> send

>

six。 Access query through hostname

1. Install the dhcp service

Yum install dhcp-y

two。 Establish dhcp service configuration

Cp/ usr/share/doc/dhcp-4.2.5/dhcpd.conf.example / etc/dhcp/dhcpd.conf

3. Modify the configuration file

Vim / etc/dhcp/dhcpd.conf

7 option domain-name "westos.com"

8 option domain-name-servers172.25.254.60

14 ddns-update-style interim

30 subnet 172.25.254.0 netmask255.255.255.0 {

31 range 172.25.254.46 172.25.254.55

32 option routers 172.25.254.250

33}

thirty-four

35 key "westoskey" {

36 algorithm hmac-md5

37 secret "cO4YCYcToTDA7mWqZSRRtA=="

38}

thirty-nine

40 zone westos.com {

41 primary 127.0.0.1

42 key westoskey

43}

*) vim / etc/named.conf # # modify the main configuration file

4. test

*) unplug the network cable

*) in the client host

Hostnamectl set-hostname .westos.com # # modify hostname

*) vim / etc/sysconfig//network-scripts/ifcfg-eth0 # # change the network to dynamic

DEVICE=eth0

BOOTPROTO=dhcp

ONBOOT=yes

: wq

*) restart the network

Systemctl restart network

*) query

*) hostnamectl set-hostname .westos.com # # change the hostname to .westos.com

*) dig .westos.com

*) hostnamectl set-hostname test.westos.com # # change the hostname to test.westos.com

*) dig test.westos.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report