Directory
1. DNS domain name resolution service
1. Introduction to DNS
2. Domain name structure
3. DNS domain name resolution method
4. DNS server type
Two, Linux configuration DNS server
Example 1: Configure forward parsing
Example 2: Configure reverse parsing
Example 3: Build a master-slave DNS server (for backup)
1. DNS domain name resolution service
1. Introduction to DNS
In daily life, people are accustomed to using domain names to access servers, but machines only recognize IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a complete domain name can only correspond to An ip address, the conversion between them is called domain name resolution, domain name resolution needs to be completed by a dedicated domain name resolution server, and the whole process is automatic. ? DNS is the abbreviation of “Domain Name System”. As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. ? The DNS service uses port 53 of TCP and UDP. Port 53 of TCP is used to connect to the DNS server, and port 53 of UDP is used to resolve DNS. ? The length limit of each level domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters.
2. Domain name structure
http://hostname.subdomain.second-level domain.top-level domain./
The topmost layer of the tree structure is called the root domain, represented by “.”, and the corresponding server is called the root server. The resolution right of the entire domain name space belongs to the root server, but the root server cannot bear the huge load. Some top-level domains are set up under the domain, and then the resolution rights of different top-level domains are delegated to the corresponding top-level domain servers. For example, the resolution rights of the com domain are delegated to the com domain server. In the future, whenever the root server receives a domain name resolution request ending in com , will be forwarded to the com domain server. Similarly, in order to reduce the pressure on the top-level domain, several second-level domains are set up under the second-level domain, and third-level domains or hosts are set up under the second-level domain.
Root domain is located at the top of the domain name space, generally represented by a “.”
Top-level domain generally represents a type of organization or country, such as .net (network provider), .com (business), .org (organization), .edu (educational institution) , .gov (government department), .cn (China National Domain Name)
Second-level domain is used to indicate a specific organization in the top-level domain. The second-level domain name under the national top-level domain is uniformly managed by the national network department. For example, the second-level domain name set under the .cn top-level domain name: .com .cn, .net.cn, .edu.cn
Subdomain The domains at all levels created under the second-level domain are collectively referred to as subdomains, and each organization or user can freely apply for and register their own domain name
Host location The host is located at the bottom of the domain name space, which is a specific computer, such as www and mail are specific computer names, you can use www.sina.com.cn., mail.sina.com. cn., this representation is called FQDN (Fully Qualified Domain Name, which refers to the host name that includes all domains, including the root domain), and is also the full name of this host in the domain name
3.DNS domain name resolution method
Forward resolution: Find the corresponding IP address according to the domain name
Reverse analysis: Find the corresponding domain name according to the IP address
4.DNS server type
(1) Primary domain name server: responsible for maintaining all domain name information in a region, and is the authoritative information source for all specific information, and the data can be modified. When building the primary domain name server, you need to create the address data file for the area you are responsible for.
(2) Secondary domain name server: When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server provides domain name resolution service as a backup service. The resolution result provided by the domain name server is not determined by itself, but from the main domain name server. When constructing the secondary domain name server, it is necessary to specify the location of the primary domain name server so that the server can automatically synchronize the address database of the zone.
(3) Caching Domain Name Server: It only provides the caching function of domain name resolution results, the purpose is to improve query speed and efficiency, but there is no domain name database. It fetches the result of each name server lookup from some remote server, caches it, and uses it in response to future queries for the same information. Caching nameservers are not authoritative because all information provided is indirect. When building a caching domain name server, you must set the root domain or specify other DNS servers as the resolution source.
(4) Forwarding domain name server: Responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache, and if it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns a result that cannot be mapped.
2. Linux configuration DNS server
Example 1: Configure forward parsing
1. Install bind, check the configuration file location
? [root@localhost ~]#yum install -y bind ? [root@localhost ~]#rpm -qc bind /etc/logrotate.d/named /etc/named.conf -- the main configuration file /etc/named.iscdlv.key /etc/named.rfc1912.zones -- zone configuration file /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /var/named/named.ca /var/named/named.empty /var/named/named.localhost -- zone data configuration file /var/named/named.loopback ?
2. Modify the main configuration file
[root@localhost ~]#vim /etc/named.conf
?
options {
listen-on port 53 { 192.168.116.10; }; --Listen to port 53, the ip address uses the local IP that provides the service, and any can also be used to represent all
#listen-on-v6 port 53 { ::1; }; --ipv6 line can be commented out or deleted if not used
directory "/var/named"; --The default storage location of zone data files
dump-file "/var/named/data/cache_dump.db"; --The location of the domain name cache database file
statistics-file "/var/named/data/named_stats.txt"; --The location of the status statistics file
memstatistics-file "/var/named/data/named_mem_stats.txt"; --The location of the memory statistics file
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.116.0/24; }; --The network segment that allows the use of this DNS resolution service, and any can also be used to represent all
... --The following content is omitted
};
?
zone "." IN { --forward parsing "." root zone
type hint; --The type is the root zone
file "named.ca"; --The zone data file is named.ca, which records information such as domain names and IP addresses of 13 root domain servers
};
?
include "/etc/named.rfc1912.zones"; - Include all configurations in the zone configuration file
3. Modify the regional configuration file
[root@localhost ~]#vim /etc/named.rfc1912.zones
?
// There is a template in the file, which can be modified after copying and pasting
zone "local.com" IN { --forward resolution "local.com" zone
type master; --type master area
file "local.com.zone"; --Specify the zone data file as local.com.zone
allow-update { none; };
};
4. Configure regional data files (forward analysis)
[root@localhost ~]#cd /var/named ? [root@localhost named]#ls data dynamic named.ca named.empty named.localhost named.loopback slaves ? //local.host is the original area data configuration file, which can be copied as a template (requires permission to copy) [root@localhost named]#cp -a named.localhost local.com.zone ? //This file is used as the zone data configuration file of our own configured domain name [root@localhost named]#vim local.com.zone ? $TTL 1D - The lifetime of a valid parsing record is 1 day @ IN SOA local.com.admin.local.com. ( -- "@" here is a variable, the current DNS zone name; --The update serial number in the SOA record is used to synchronize the area data of the master and slave servers. When the slave server judges that the area is updated, if the serial number in the master server is found to be the same as the serial number in the local area data, it will not proceed download. --"local.com." This is a fully qualified domain name (FQDN), followed by a "." that cannot be missed --"admin.local.com." indicates the administrator's mailbox. The "@" symbol after the original local has other meanings, so use "." instead (ie [email protected]) ? 0 ; serial --Update serial number, which can be an integer within 10 digits 1D ; refresh --refresh time, re-download address data interval 1H ; retry -- retry delay, retry interval after download failure 1W ; expire -- the expiration time, if the download fails after this time, it will give up 3H ) ; minimum lifetime of invalid parsing records ? NS local.com. --Record the name of the DNS server for the current zone A 192.168.116.10 --Record host IP address IN MX 10 mail.local.com. --MX is the mail exchange record, the higher the number, the lower the priority www IN A 192.168.116.10 --Record forward to resolve the ip corresponding to www.local.com mail IN A 192.168.116.15 --Record forward to resolve the ip corresponding to mail.benet.com ftp IN CNAME www --alias, ftp is the alias of www * IN A 192.168.116.50 --pan domain name analysis, "*" stands for any host name
5. Start the named service, turn off the firewall and selinux
? [root@localhost named]#systemctl start named [root@localhost named]#systemctl stop firewalld [root@localhost named]#setenforce 0 ?
6. Test the client to add the last configured DNS server ip and test the forward domain name resolution function
//The client adds the DNS server address
[root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33 ? DNS1=192.168.116.10 --add the configured DNS server address at the end of the file ? //Restart the network card to make the configuration take effect [root@localhost ~]#systemctl restart network ? //Test in sequence according to the configuration file, and the parsing is successful [root@localhost ~]#nslookup www.local.com ;; connection timed out; no servers could be reached ? [root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33 [root@localhost ~]#nslookup www.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? Name: www.local.com Address: 192.168.116.10 ? [root@localhost ~]#nslookup mail.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? Name: mail.local.com Address: 192.168.116.15 ? [root@localhost ~]#nslookup ftp.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? ftp.local.com canonical name = www.local.com. Name: www.local.com Address: 192.168.116.10 ? [root@localhost ~]#nslookup sdsd.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? Name: sdsd.local.com Address: 192.168.116.50
Example 2: Configure reverse parsing
1 and 2. Refer to the previous example for the first two steps
3. Modify the zone configuration file and add reverse zone configuration
?
[root@localhost ~]#vim /etc/named.rfc1912.zones
zone "116.168.192.in-addr.arpa" IN { --The address of reverse analysis is written upside down, representing the address of segment 192.168.116
type master;
file "local.com.zone.back"; --Specify the reverse zone data file as local.com.zone.back
allow-update { none; };
};
?
4. Configure the reverse zone data file
[root@localhost ~]#cd /var/named/
[root@localhost named]#cp -a named.localhost local.com.zone.back
?
[root@localhost named]#vim local.com.zone.back
$TTL 1D
@ IN SOA local.com.admin.local.com. (
0 ; serial
1D ; refresh
1H ;
1W ; expire
3H ) ; minimum
NS local.com.
A 192.168.116.10
10 IN PTR www.local.com. --PTR is a reverse pointer, and the result of reverse parsing 192.168.116.10 address is www.local.com
15 IN PTR mail.lcoal.com.
5. Refer to the previous example
6. Refer to the previous example for configuration, and test the reverse resolution of ip to domain name
[root@localhost ~]#nslookup 192.168.116.10 10.116.168.192.in-addr.arpa name = www.local.com.116.168.192.in-addr.arpa. ? [root@localhost ~]#nslookup 192.168.116.15 15.116.168.192.in-addr.arpa name = mail.lcoal.com.116.168.192.in-addr.arpa.
Example 3: Build a master-slave DNS server (for backup)
1. Modify the zone configuration file of the primary domain name server, and modify the forward and reverse zone configuration
?
//Modify the forward and reverse zone configuration files configured in the previous two instances
[root@localhost ~]#vim /etc/named.rfc1912.zones
?
//Forward zone configuration
zone "local.com" IN {
type master; --type master area
file "local.com.zone";
allow-transfer { 192.168.116.20; }; --Allow to download forward area data from the server, add the IP address of the slave server here
};
//Reverse zone configuration
zone "116.168.192.in-addr.arpa" IN {
type master;
file "local.com.zone.back";
allow-transfer { 192.168.116.20; };
};
?
2. Modify the main configuration file of the slave domain name server (same as step 2 of instance 1)
3. Modify the domain name server zone configuration file, add positive and negative zone configuration
[root@localhost ~]#vim /etc/named.rfc1912.zones
zone "lcoal.com" IN {
type slave; --The type is slave area
masters { 192.168.116.10; }; --Specify the IP address of the master server
file "slaves/local.com.zone"; --The downloaded zone data file is saved to the slaves/ directory
};
?
zone "116.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.116.10; };
file "slaves/local.com.zone.back";
};
4. Both the master and slave servers restart the service, and check whether the regional data file has been downloaded successfully
[root@localhost ~]#systemctl restart named [root@localhost ~]#ls -l /var/named/slaves/ local.com.zone local.com.zone.back
5. Add the slave DNS server address in the client network card configuration file
//The client adds the DNS server address [root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33 ? DNS2=192.168.116.20 --add the configured DNS server address at the end of the file ? //Restart the network card to make the configuration take effect [root@localhost ~]#systemctl restart network
6. Turn off the DNS service of the master server and test whether the slave server can also take effect
//forward test [root@localhost ~]#nslookup www.local.com ;; connection timed out; no servers could be reached ? [root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33 [root@localhost ~]#nslookup www.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? Name: www.local.com Address: 192.168.116.10 ? [root@localhost ~]#nslookup mail.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? Name: mail.local.com Address: 192.168.116.15 ? [root@localhost ~]#nslookup ftp.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? ftp.local.com canonical name = www.local.com. Name: www.local.com Address: 192.168.116.10 ? [root@localhost ~]#nslookup sdsd.local.com Server: 192.168.116.10 Address: 192.168.116.10#53 ? Name: sdsd.local.com Address: 192.168.116.50 ? //reverse test [root@localhost ~]#nslookup 192.168.116.10 10.116.168.192.in-addr.arpa name = www.local.com.116.168.192.in-addr.arpa. ? [root@localhost ~]#nslookup 192.168.116.15 15.116.168.192.in-addr.arpa name = mail.lcoal.com.116.168.192.in-addr.arpa.
The knowledge points of the article match the official knowledge files, and you can further learn relevant knowledge. CS introductory skill tree Introduction to LinuxFirst acquaintance with Linux31581 People are studying systematically