Linux network DNS service

Table of Contents

1. Introduction to DNS service

1. Basic concepts

2.Domain name classification

3.DNS server type

2. DNS principle

1. Query method

2. Query principle process

3. Configuration file

1. Configuration file location

①. Main configuration file

②. Regional configuration file

③. Database configuration file

2. Resource records

4. Forward analysis steps

1. Experimental preparation

2. Configure the DNS resolution address of the ens33 network card

3. Modify the main configuration file and reload the DNS service

4. Configure the zone configuration file

5. Edit database files

6.Experimental results

1. Introduction to DNS service

1.Basic concepts

DNS: is a system used to convert domain names into IP addresses, and it plays an important role in the Internet.

In the browser, you usually enter the domain name to access the website, rather than the IP address of the website. DNS is the system responsible for resolving these domain names into corresponding IP addresses.

Server side: 53/udp, 53/tcp

2.Domain name classification

Domain names adopt a hierarchical management model and can be divided into: first-level domain names (or top-level domain names), second-level domain names, third-level domain names, fourth-level domain names, etc.

  • Root domain: represented by “.”

  • First-level domain name: generally managed by a country or region

  • Second-level domain names: Generally managed by national subordinate departments

  • Third-level domain name: generally managed by an organization

  • Up to 127 level domain names can be reached

3.DNS server type

Root domain name server: The root domain name server is the highest level domain name server.

Top-level domain name servers: These domain name servers are responsible for managing all second-level domain names registered with that top-level domain name server.

Authoritative name servers: These name servers are responsible for managing domain names in a certain zone.

Local domain name server: The local domain name server does not belong to the above-mentioned domain name server hierarchy. The IP address of the local domain name server needs to be configured directly on the host that requires domain name resolution.

2.DNS Principle

1. Query method

Recursive query:

When the client sends a request to the DNS server, if the DNS server itself can resolve it, it will give the client a positive or negative result of the resolution. This query only requires one query to be issued for results.

Iterative query:

When the client sends a request to the DNS server, if the DNS server itself cannot resolve it, it will query again to the next DNS server until the query result is returned. The goal of this query is constantly changing, and multiple queries need to be launched to obtain the query results.

2. Query principle process

① First check the cache record of this machine

②Query hosts file

③Query the dns domain name server and hand it over to the dns domain name server for processing.

The above process becomes a recursive query: I want an answer and you will give me the result directly.

④This dns server may be a local domain name server and also has a cache. If there is a result, the result will be returned directly. If not, proceed to the next step.

⑤ Ask the root domain server for help. The root domain server returns the top-level domain server that may know the result and asks him to find the top-level domain server.

⑥Ask the top-level domain server for help. The top-level domain server returns the second-level domain server that may know the result, and then he goes to the second-level domain server.

⑦ Ask the secondary domain server for help. The secondary domain server queries and finds that it is my host, and returns the queried IP address to the local domain name server.

⑧The local domain name server records the results into the cache, and then returns the corresponding relationship between the domain name and IP to the client.

Three. Configuration File

1. Configuration file location

Software name: bind

Service name: named

①. Main configuration file

/etc/named.conf

②. Regional configuration file

/etc/named.rfc1912.zones management domain name

③. Database configuration file

/var/named/domain name

2. Resource record

SOA records

Notice:

  1. Forward resolution of the current zone’s primary DNS server. You can also use the name of the current zone.

  2. The email address of the current regional administrator; however, the @ symbol cannot be used in the address, and is generally replaced with .

  3. Master-slave service area transmission related definitions and unified TTL for negative answers

name [TTL] IN rr_type value
Domain Name Cache Internet Protocol Resource Type Value


1. TTL can inherit the cache time from the global
2. Use the "@" symbol to refer to the domain name of the current zone
3. The same name can be defined with multiple different values through multiple records; at this time the DNS server will respond in a polling manner.
4. The same value may also have multiple different definition names; multiple different names point to the same value for definition; this only means that the same host can be found through multiple different names.


$TTL 1D (unified ttl definition is 1 day, if D is not written, it is seconds)
@ IN SOA master.kgc.com. admin.kgc.com. (
                 Current server name Email address
                                        0; serial #Whether there is an update, version number, update file, manually add 0 to 1
                                        1D; refresh #refresh time pull time
                                        1H ; retry #Try again one hour after failure
                                        1W; expire #Expiration time, always unable to be retrieved, expires after 1 week
                                        3H ) ; minimum #Always check the wrong resolution address. If cached within 3 hours, the user will return directly to the error that it cannot be found

NS records

Notice:

  1. When the names of two adjacent resource records are the same, the subsequent ones can be omitted.

  2. For NS records, any server name following an ns record should be followed by an A record.

  3. A zone can have multiple NS records

master IN NS kgc.com.

master IN NS kgc.com.


         NS master

MX records

Notice:

  1. There can be multiple MX records in a region; but there should be a number (0-99) before the value of each record, indicating the priority of this server; the smaller the number, the higher the priority.

  2. For MX records, any server name following an MX record should be followed by an A record.

mail IN MX 10 mx1.kgc.org.
      IN MX 20 mx2.kgc.org.
mx1 A 192.168.91.10
mx2 A 192.168.91.10

A record

name: Domain name resolution of a certain host, for example: www.kgc.com

value: The IP address of the host corresponding to the host name

To avoid giving wrong answers when users write wrong names, they can be resolved to a specific address through pan-domain name resolution.

www.kgc.com. IN A 1.1.1.1
www.kgc.com. IN A 2.2.2.2
www.kgc.com. IN A 3.3.3.3
www.kgc.com. IN A 4.4.4.4
* IN A 5.5.5.5
# represents the domain name
@ IN A 6.6.6.6
# stands for no name

PTR record

3.2.1.in-addr.arpa. IN PTR www.kgc.org.
#For example, 1.2.3 is the network address, which can be abbreviated as:
4 IN PTR www.kgc.com

CNAME alias record

name: FQDN of the alias
value: FQDN of the real name

ftp.kgc.com. IN CNAME www.kgc.com
#Fixed format
name [TTL] IN rr_type value
        Cache time internet record regional parsing library value


$TTL 1D
@ IN SOA master.kgc.com. admin.kgc.com. (
                                        0;serial
                                        1D; refresh
                                        1H; retry
                                        1W; expire
                                        3H ) ;minimum
        NS master.kgc.com.
master A 192.168.91.100
www A 192.168.91.103
dbA 192.168.91.101
IN MX 10 mail.kgc.com.
mail A 192.168.91.10
ftp CNAME www



$TTL 1D #Effective parsing record lifetime
@ in SOA benet.com. admin.benet.com. ( #The "@" symbol represents the current DNS zone name
                     0; serial #Update serial number, which can be an integer within 10 digits
                    1D; refresh #Refresh time, interval for re-downloading address data
                    1H; retry #Retry delay, retry interval after download failure
                    1W; expire #Expiration time, if it cannot be downloaded after this time, give up#
3H) ; minimum #The lifetime of invalid parsing records,
        NS benet.com. #Record the name of the DNS server in the current zone
        A 192.168.80.10 #Record the host IP address
IN MX 10 mail.benet.com. #MX is the mail exchange record. The larger the number, the lower the priority.
www IN A 192.168.80.10 #Record the IP corresponding to forward resolution www.benet.com
mail IN A 192.168.80.11 #MX is the mail exchange record. The larger the number, the lower the priority.
ftp IN CNAME www #CNAME uses aliases, ftp is the alias of www
* IN A 192.168.80.100 #Pan domain name resolution, "*" represents any host name

Four. Forward analysis steps

1. Experiment preparation

Turn off the firewall and security mechanism and install bind software

yum install bind* -y

yum install bind bind-utils -y

2. Configure the DNS resolution address of the ens33 network card

vim /etc/sysconfig/network-scripts/ifcfg-ens33

systemctl restart network

3. Modify the main configuration file and reload the DNS service

vim /etc/named.conf

rndc reload

4. Configure regional configuration file

vim /etc/named.rfc1912.zones

5.Edit database file

cd /var/named/

cp named.localhost ./ky33.com.zone -p

6. Experimental results

The knowledge points of the article match the official knowledge files, and you can further learn relevant knowledge. CS entry skill treeLinux introductionFirst introduction to Linux 38136 people are learning the system