Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to install, configure and maintain the Linux DNS server. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

Each IP address can have a host name, which consists of one or more strings separated by a decimal point. With a hostname, don't memorize the IP address of each IP device, just remember the hostname that is relatively intuitive and meaningful. This is what the DNS protocol is supposed to do.

Today we will discuss the DNS server, especially the Linux DNS server, and how to install, configure, and maintain it.

/ etc/hosts file

In the absence of a DNS server, it makes sense for each system to keep a copy of its hostname and corresponding IP address list on the local network-especially on small sites that do not have an Internet connection.

On Linux systems, this list is the / etc/hosts file. Even if you do not have a DNS server or a DNS server is not available, the file can use the / etc/hosts file to convert the IP address to a name.

You may already have a DNS server, but you will also want to keep this file for other reasons. For example, the system may need to look up the IP address of the DNS server locally before querying externally; this means that the system retrieves the file before querying the DNS server, and if it finds the corresponding domain, it does not need to query any DNS server to convert it directly to the IP address.

Try editing the / etc/hosts file and adding the following information: 127.0.0.1 google.com.

Then, go back to your browser, type google.com, and see what the results are. If Apache is installed on your system and the local host is running, the browser will display the index page of localhost instead of the Google page.

As confirmation, you can map google.com to any other IP address of any website and view the results.

So what this file does is translate IP addresses into names, but only on the same interconnected network. So how are all records of external networks and many systems maintained?

Does everyone need to maintain their own / etc/hosts files and update them?

A more robust domain name service is the DNS server.

domain name

When you visit the website, you can enter FQDN (Fully Qualified Domain Name, fully qualified domain name) or a domain name like likegeeks.com or www.google.com. Each text between the two dots from right to left in the domain name is the top-level domain component, the second-level domain component, and the third-level domain component.

Therefore, com is the top-level domain component; google is the secondary domain component; and www is the tertiary domain component.

In fact, when you visit any website, the browser will add an invisible dot at the end of the domain by default, so the domain will look like www.google.com. Same thing. This point is called the root domain.

This point is managed by a large number of special servers called root domain name servers. As of the time of this article, there were 13 root domain name servers in the world. You can think of them as the brains of the Internet-if they fail, there will be no Internet in the world.

Why 13? Because an earthquake somewhere in the world could damage a root server, other servers can continue to provide services until the affected server comes back online.

These root name servers are named alphabetically, such as a.root-server.net, b.root-server.net, and so on.

Top-level domain name (or first-level domain name TLDs)

We have seen components of top-level domain names, such as com. It can be argued that top-level domain names provide a classified organization for the DNS namespace.

Top-level domain names (TLD) are divided into several categories according to geography or function.

As of this writing, there are more than 800 top-level domain names online.

The categories of top-level domain names are:

General top-level domain names such as org, .com, .net, .gov, .edu, etc.

Country code top-level domain names such as .us, .ca, etc., corresponding to the country codes of the United States and Canada, respectively

A new brand top-level domain name that allows organizations to create TLD of up to 64 characters, such as .Linux, .microsoft, .roomyname, etc.

Infrastructure top-level domain name such as .arpa

Subdomain name

When you visit a website like mail.google.com, the mail here is a subdomain of google.com.

Only mail.google.com 's name server knows all the hosts that exist under him, so Google will reply whether there is a subdomain called mail. The root name server does not know about this.

Type of DNS server

There are three types of DNS servers.

Primary DNS server

These servers store configuration files for specific domain names, and based on this, the addresses of specific domain names are authoritatively specified. The primary DNS server knows the addresses of hosts and subdomains that are all within its jurisdiction.

Secondary DNS server

As a backup of the primary DNS server, these servers also bear a certain load. The primary server is aware of the existence of the secondary DNS server and will push updates to them.

Cache DNS server

Configuration files for specific domain names are not stored on these servers. When a client requests a cache server to resolve a domain name, the server first checks its local cache. If no match is found, the primary server is asked. The response will then be cached. You can also easily use your system as a cache server.

Set up Linux DNS server

There are a lot of packages under Linux that implement DNS, but we only focus on the BIND DNS server. It is used by most DNS servers in the world.

If you are using a Linux based on a Red Hat distribution, such as CentOS, you can install it like this: $dnf-y install bind

If you use an operating system based on Debian, such as Ubuntu:$ apt-get install bind9

After the installation is complete, you can start it and let it start when the computer starts.

$systemctl start named

$systemctl enable named

Configure BIND

This service uses / etc/named.conf as the configuration file.

BIND uses statements like this in that file:

Options: used for global BIND configuration.

Logging: configure what needs to be recorded and which needs to be ignored. I recommend you take a look at Linux syslog server.

Zone: defines the DNS region.

Include: include another file in the named.conf.

You can see in the options statement that the working directory of BIND is in / var/named.

The zone statement can be used to define DNS areas, such as the domain name google.com, which contains subdomains mail.google.com and analytics.google.com.

Each of the above three domain names (primary and subdomain names) has a zone defined by the zone statement.

Define a primary domain server

We know that DNS server types include primary domain name server, secondary domain name server and cached domain name server. Unlike the cached domain name server, the primary domain name server and the secondary domain name server are in the same position in the response process.

In the configuration file of / etc/named.conf, you can define a primary domain server using the following syntax:

Zone "likegeeks.com" {

Type master

File likegeeks.com.db

}

The files containing the main area information are stored in the / var/named directory, which, as you can tell from options, is a working directory.

Note: the software server or hosting panel will automatically create a file name for your primary domain server information based on your domain name, so if your domain name is example.org, then your primary domain server information file will be / var/named/example.org.db.

The type is master, which means this is a primary domain server.

Define a secondary domain server

As with defining a primary domain server, the definition of a secondary domain server changes slightly:

Zone "likegeeks.com" {

Type slave

Masters IP Address list;

File likegeeks.com.db

}

For a secondary domain server, its domain name is the same as the primary domain server. The slave type in the above syntax indicates that this is a secondary domain server, and "masters IP Address list" means that the information in the zone file in the secondary domain server is copied through the information in the zone file in the primary domain server.

Define a cache server

Even if you have configured a primary or secondary domain server, it is still necessary (not necessary) to define a cache server because you can reduce the number of queries on the DNS server.

Before defining a cache server, you need to define three zone selectors, the first of which is:

Zone "." IN {

Type hint

File "root.hint"

}

Zone "." IN {

Type hint

File "root.hint"

}

Zone "." IN {

Type hint

File "root.hint"

}

Zone "localhost" IN {

Type master

File "localhost.db"

}

The third zone is defined to reverse find the local host. This reverse lookup directs the local IP address to the local host.

Zone "0.0.127.in-addr.arpa" IN {

Type master

File "127.0.0.rev"

}

Put these three zone information in the / etc/named.conf file, and your system can work as a cache server. But how do you reference files like likegeeks.com.db, localhost.db, and 127.0.0.rev?

These files contain DNS record types for each area with certain options. So what are these DNS record types and how are they written?

DNS record type

The database file contains record types such as SOA, NS, A, PTR, MX, CNAME, and TXT.

Let's take a look at how each type is recorded.

SOA: initial Authorization record

The SOA record begins to describe the DNS entry for a site in the following form:

Example.com. 86400 IN SOA ns1.example.com. Mail.example.com. (

2017012604; serial

86400; refresh, seconds

7200; retry, seconds

3600000; expire, seconds

86400; minimum, seconds

)

The first line starts with the domain name example.com and ends with a period-- this statement is consistent with the zone definition in the / etc/named.conf file. We should always remember that DNS configuration files are extremely picky.

IN told the domain name server: this is a network record.

SOA told the domain name server: this is a record of the initial authority.

Ns1.example.com. Is the fully qualified domain name (FQDN: Fully Qualified Domain Name) of the domain server in which the file is located.

Mail.host.com. Is the email address of the domain administrator. You will find that this email address does not have an "@" sign, but is replaced by a period, and there is a full stop at the end.

Line 2 is a sequence code that is used to tell the domain name server when the file was upgraded. Therefore, if you make a change to the area code, you must increment the sequence code. The format of this sequence code is YYYYMMDDxx, where xx starts at 00.

The third line is the refresh rate per second. This value is used to tell the second domain name server how often to query whether the record in the primary server has been updated.

Line 4 is the frequency of retries per second. If the second server tries to connect to the primary domain name server several times for update detection, but cannot connect, the second server will retry the specified number of times per second.

Line 5 is the timeout indication. The purpose is so that the second server can cache the zone data. This value tells these servers that if they cannot connect to the primary server for updates, they will discard the value after the specified number of seconds.

Line 6 tells the cache server how long they should wait before timeout if they cannot connect to the primary domain name server.

NS: Name Server Records (name server record)

NS records are used to specify which name server maintains records for the domain.

You can write a NS record like this:

IN NS ns1.example.com.

IN NS ns2.example.com.

You don't need to have two NS records, but you usually prefer to have a backup name server.

An and AAAA: Address Records (address record)

The A record is used to provide the mapping of support IN A 192.168.1.5 from the hostname to the IP address.

If you have a host on support.example.com at 192.168.1.5, you can enter it like the example above.

Please note that the host we wrote does not have a full stop.

PTR: Pointer Records (pointer recording)

The PTR record is used to perform reverse name resolution, allowing someone to specify an IP address and then find the corresponding hostname.

This is contrary to the function of A record: 192.168.1.5 IN PTR support.example.com.

Here, we type the full hostname with a period.

MX: Mail Exchange Records (Mail Exchange record)

MX records tell other sites about the mail server address of your domain: example.com. IN MX 10 mail.

Of course, this field ends with a full stop. The number 10 is a sign of the importance of mail servers. If you have multiple mail servers, the smaller number is less important.

CNAME: Canonical Name Records (authoritative name record)

The CNAME record allows you to create an alias for the host name. This is useful when you want to provide a name that is easy to remember.

Suppose a site has a Web server with the hostname whatever-bignameis.example.com, and because the system is a Web server, you can create a CNAME record or alias named www for the host.

You can create a domain name named www.example.com to create a CNAME record:

Whatever-bignameis IN A 192.168.1.5

Www IN CNAME whatever-bignameis

The first line tells the DNS server about the location of the alias. The second line creates an alias that points to www.

TXT record

You can store any information in a TXT record, such as your contact information or any other information you want people to get when querying the DNS server.

You can save the TXT record like this: example.com. IN TXT "YOUR INFO GOES HERE".

In addition, the RP record is created as an explicit container for host contact information: example.com. IN RP mail.example.com. Example.com .

DNS TTL value

At the top of the / etc/named.conf file, there is a $TTL entry.

This entry tells BIND the TTL value (time to live, time-to-live value) for each individual record.

It is a value in seconds, such as 14400 seconds (4 hours), so the DNS server caches your domain files for up to 4 hours and then re-queries your DNS server.

You can lower this value, but the default value is usually reasonable. Unless you know what you're doing.

Capture configuration error

When you write to a domain file, you may have forgotten a full stop or space or any other error.

You can diagnose Linux DNS server errors from the log. The BIND service can use the tail command to view the real-time error log through the errors on / var/log/messages, using the-f option: $tail-f / var/log/messages.

Therefore, when you write a domain file or modify / etc/named.config and restart the service, after displaying the error, you can easily identify the error type from the log.

Host command

After you have successfully added or modified records, you can use the host command to see if the host parses correctly.

The host command allows you to resolve the hostname to the IP address: $host example.com.

In addition, you can perform a reverse lookup: $host 192.168.1.5.

You can see more information about host and dig commands in this article by this.

Whois command

The whois command is used to determine the ownership of the domain name and its owner's e-mail address and contact number: $whois example.com.

Rndc command

The rndc tool can be used to securely manage name servers because all communication with the server is digitally signed for authentication.

This tool is used to control name servers and debugging problems. You can check the status of the Linux DNS server by: $rndc status.

In addition, if you change any zone files, you can reload the service without restarting the naming service: $rndc reload example.com.

Here, we reload the example.com domain file. You can reload all fields: $rndc reload.

Or you can add a new domain or change the configuration of the service. You can reload the configuration as follows:

$rndc reconfig.

Linux DNS parser

We already know how the Linux DNS server works and how to configure it. The other part is, of course, the client that interacts with the DNS server (which is communicating with the DNS server to resolve the hostname to the IP address).

On Linux, the parser is located on the client side of DNS. To configure the parser, check the / etc/resolv.conf configuration file.

On Debian-based distributions, you can check the / etc/resolvconf/resolv.conf.d/ directory.

The / etc/resolv.conf file contains the information that the client needs to obtain its local DNS server address.

The first represents the default search domain, and the second represents the IP address of the host name server (nameserver).

The name server line tells the parser which name server is available. As long as your BIND service is running, you can use your own DNS server.

Using the Linux DNS server is very simple. I hope you find this article very useful and easy to understand.

After reading the above, do you have any further understanding of how to install, configure and maintain the Linux DNS server? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.