One dns concept
1. DNS definition
DNS is the acronym for “Domain Name System”. As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. The DNS service uses port 53 of TCP and UDP. Port 53 of TCP is used to connect to the DNS server, and port 53 of UDP is used to resolve DNS. The length limit of each level domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters
2. DNS role
Forward resolution: Find the corresponding IP address according to the domain name;
Reverse analysis: find the corresponding domain name according to the IP address
3. DNS domain name structure
The DNS system is structured as a distributed data structure
1. Root domain: located at the top of the tree structure, represented by “.”
2. Top-level domain: generally represents a type of organization or country; such as . government departments), .cn (China National Domain Name)
3. Second-level domain: used to indicate a specific organization in the top-level domain, and the second-level domain name under the national top-level domain is uniformly managed by the national department
4. Subdomains: all levels of domains created under the second-level domain are collectively referred to as subdomains, and each organization or user can freely apply for and register their own domain names
5. Host: The host is located at the bottom of the domain name space, which is a specific computer
4. DNS server type
Caching domain name server: only provides the caching function of domain name resolution results,
The purpose is to improve the query speed and efficiency, but there is no area address data under its own control.
When building a caching domain name server, you must set the root domain or specify other DNS servers as the resolution source.
Master domain name server: the server that manages and maintains the resolution library in the domain that is responsible for resolution
Slave nameservers: “replicate” (zone transfer) resolvebase copy from master or slave
Serial number: the version number of the parsing library, when the main server parses the library changes, its sequence is incremented
Refresh Interval: The time interval for the slave server to request synchronous resolution from the master server
Retry Interval: When the synchronization request from the server fails, the retry interval
Expiration time: when the slave server cannot contact the master server, how long does it take to stop the service
Notification mechanism: When the parsing library of the master server changes, it will actively notify the slave server
2 The purpose and steps of building a DNS domain name resolver
bind is an open source software, which is used to divide the DNS in the internal network. Unlike the external network, the DNS of the internal network does not need to be registered, and it is an effective means to facilitate internal use and access.
Bind service program introduction
The zone configuration file (/etc/named.rfc1912.zones) of the bind service program is used to save the location of the corresponding relationship between the domain name and the IP address.
In this file, the file location and service type of the domain name and IP address resolution rules are defined.
It does not include information such as specific domain names and IP address correspondences.
There are three service types, namely hint (root area), master (main area), and slave (auxiliary area). The commonly used master and slave refer to the master server and slave server.
One configuration forward parsing
1. First check the configuration file that needs to be modified
[root@localhost ~]# rpm -qc bind /etc/logrotate.d/named /etc/named.conf #main configuration file /etc/named.iscdlv.key /etc/named.rfc1912.zones #Zone configuration file /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /var/named/named.ca /var/named/named.empty /var/named/named.localhost #Region data configuration file (template file, cannot be changed directly in the original file /var/named/named.loopback [root@localhost ~]#
2. Modify the main configuration file
vim /etc/named.conf
####
12 options {
13 listen-on port 53 { 192.168.40.126; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 allow-query { any; };
3. Modify the zone configuration file and add forward zone configuration
[root@localhost ~]# vim /etc/named.rfc1912.zones #There is a template in the file, which can be modified after copying and pasting
43 zone "niuma.com" IN { #forward analysis "niuma.com" zone
44 type master; #type master area
45 file "niuma.com.zone"; #The specified area data file is niuma.com.zone
46 allow-update { none; };
47 };
Add at the end of the file after copying
4. Configure the forward zone data file
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost niuma.com.zone #Need to retain the permissions of the source file and the owner's attribute copy (-p)
[root@localhost named]# ll
Total usage 20
drwxrwx---. 2 named named 6 Aug 4 2017 data
drwxrwx---. 2 named named 6 Aug 4 2017 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----.1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root named 152 Jun 21 2007 niuma.com.zone
drwxrwx---. 2 named named 6 Aug 4 2017 slaves
[root@localhost named]# vim /var/named/niuma.com.zone
$TTL 1D
@ IN SOA niuma.com admin.niuma.com (
0 ; serial
1D ; refresh
1H ;
1W ; expire
3H ) ; minimum
NS niuma.com. #Record the name of the DNS server in the current zone (essential)
A 192.168.40.126 #Record the host IP address (essential)
IN MX 10 mail.niuma.com #MX is the mailbox exchange record, the higher the number, the lower the priority
www IN A 192.168.40.126 #Record the IP corresponding to www.benet.com forward analysis
mail IN A 192.168.40.127 #The forward resolution address of the mailbox
ftp IN CNAME www #CNAME uses an alias, ftp is an alias for www
* IN A 192.168.40.100 #Pan domain name analysis, "*" stands for any host name
-- Insert --
5. Check the file startup format
[root@localhost named]# named-checkzone niuma.com /var/named/niuma.com.zone zone niuma.com/IN: loaded serial 0 OK [root@localhost named]# vim /etc/resolv.conf #It will take effect immediately after modification nameserver 192.168.233.21 //Set the host IP to the dns server address
6. Start the service and close the firewall
[root@localhost named]# systemctl start named [root@localhost named]# systemctl stop firewalld [root@localhost named]# setenforce 0 [root@localhost named]#
7. Add the DNS server address in the domain name resolution configuration file of the client
[root@localhost ~]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.40.126 [root@localhost ~]# nslookup www.niuma.com Server: 192.168.40.126 Address: 192.168.40.126#53 Name: www.niuma.com Address: 192.168.40.126