1. DNS
1.1 Introduction to DNS
Domain name resolution: (English: Domain Name System, abbreviation: DNS) is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it can make people access the Internet more conveniently. DNS uses udp53 and tcp53. Currently,the length limit for each level of domain name is 63 characters, and the total domain name length cannot exceed 253 characters.
TCP port 53: Connecting to DNS server
UDP port 53: DNS resolution
1.2 DNS data structure distribution
The top level of the tree structure is called the root domain, represented by “.”, and the corresponding server is called the root server. The entire domain name space resolution rights belong to the root server. However, the root server cannot bear the huge load. The “delegation” mechanism is used to Some top-level domains are set up under the domain, and then the resolution rights of different top-level domains are delegated to the corresponding top-level domain servers. For example, the resolution rights of the com domain are delegated to the com domain server. In the future, whenever the root server receives a domain name resolution request ending with com , will be forwarded to the COM domain server. In the same way, in order to reduce the pressure on the top-level domain, several second-level domains are set up, and the second-level domain is set up under the third-level domain or host.
Root domain
Located at the top level of the domain name space, usually represented by a “.”
Top-level domain
Generally represents a type of organization or country,
Such as .net (network provider), .com (industrial and commercial enterprise), .org (organization), .edu (educational institution), .gov (government department), .cn (China national domain name)
Second level domain
Used to identify a specific organization within the top-level domain. The second-level domain names under the national top-level domain are managed by the national network department.
For example, the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn, .edu.cn
Subdomain
Domains at all levels created under the second-level domain are collectively called subdomains. Each organization or user can freely apply to register their own domain name
Host
The host is located at the bottom of the domain name space and is a specific computer.
For example, www and mail are specific computer names, which can be represented by www.sina.com.cn. and mail.sina.com.cn. This representation is called FQDN (fully qualified domain name, which refers to all domains hostname, including the root domain), which is also the full name of this host in the domain name
1.3 Types of servers
(1) Primary domain name server: Responsible for maintaining all domain name information in a region. It is the authoritative information source for all specific information, and the data can be modified. When building a primary domain name server, you need to create the address data file for the area you are responsible for.
(2) Slave domain name server: When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by yourself, but come from the main domain name server. When building a secondary domain name server, you need to specify the location of the primary domain name server so that the server can automatically synchronize the region’s address database.
1.4 DNS domain name resolution method
Forward resolution: Find the corresponding IP address based on the domain name (domain name ——–> IP)
Reverse analysis: Find the corresponding domain name (IP———->domain name) based on the IP address
1.5 DNS query method
Recursive query
Hosts typically use recursive queries for local nameserver queries. The query process is: first check whether the local DNS has a corresponding global domain name, and if there is an associated host domain name, resolve it directly. If the root domain name server cannot be accessed, it is forwarded from the root domain name server to the top-level domain name server, and then to the sub-domain name server (if there is a second-level domain name, it is forwarded from the second-level domain name to the sub-domain name server), and then forwarded from the sub-domain name server to the sub-domain name server. to the host, and gradually forwards it to the client according to the host name in order to resolve the corresponding IP address.
Iterative query
The query from the local DNS server to the root DNS server is an iterative query. Query process: First, the DNS cache of the local host must be accessed. If there is a cache, it will be resolved directly. If not, the root domain name server will be accessed first, and the root domain name service will reply to the corresponding top-level domain name server. Next, the client accesses the top-level domain server, and the top-level domain server replies to the corresponding subdomain server (if there is a second-level domain name, there is another process of accessing the second-level domain name). Then, the client accesses the corresponding subdomain server, and the subdomain server replies to the corresponding host. Then, the client accesses the host, resolves the corresponding IP address based on the host name, and replies to the client to complete the resolution process.
1.6 Mapping File
Thehosts file contains mappings between IP addresses and host names, as well as aliases for the hosts.
By default, the system first looks for resolution records in the hosts file.
Thehosts file takes precedence over the DNS servers specified in the /etc/nsswitch.conf file.
The hosts file is only valid for the current host.
Ahosts file reduces the DNS lookup process and speeds up access.
DNS mapping files in Linux
vim /etc/hosts
2. DNS Domain Name Parser
2.1 The purpose of building a DNS domain name resolver
bind is an open source software that is used to divide DNS within the intranet. Unlike the external network, the intranet DNS does not require registration and is an effective means to facilitate internal use and access
2.2bind service installation
yum install bind bind-utils -y
2.3bind service program introduction
The zone configuration file (/etc/named.rfc1912.zones) of the binding service program is used to store the correspondence between domain names and IP addresses. This file defines the file location and service type that stores domain name and IP address resolution rules, but does not contain specific information about the correspondence between domain names and IP addresses. There are three service types: prompt (root zone), main zone (first-level zone) and slave zone (secondary zone). The commonly used main zone and slave zone refer to the master server and slave server.
2.4 View the path of the configuration file that needs to be modified
rpm -qc bind
3. Build a DNS domain name resolver Specific steps
3.1 Build forward analysis
Step 1: Modify DNS
systemctl stop firewalld setenforce 0 vim /etc/sysconfig/network-scripts/ifcfg-ens33 systemctl restart network
Step 2: Modify the host configuration file
vim /etc/named.conf options { (You can also use // to comment out) listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; (You can also use // to comment out) allow-query { any; }; ................................................................. }
Step 3: Write regional configuration file
vim /etc/named.rfc1912.zones
Step 4: Copy the template file and rename it
cd /var/named cp -a named.localhost clx.com.zone
Step 5: Edit the database file , parse record correspondence
vim clx.com.zone
$TTL 1D // SOA represents the life cycle of valid parsing records @ IN SOA master.clx.com. admin.clx.com. ( //@ symbol represents the current DNS zone name 0; serial //Update serial number, which can be an integer within 10 digits 1D; refresh //Refresh time, interval for re-downloading address data 1H; retry //Retry delay, retry interval after download failure 1W; expire //Expiration time, if you still cannot download after this time, give up. 3H ); minimum //Invalid parsing record lifetime NS master master A 192.168.136.133 //Record the current host IP www A 192.168.136.120 //Forward resolution domain name ftp A 192.168.136.110 //Forward resolution domain name
Step 6: Restart service test results
systemctl restart named
4. Configuration of master and slave DNS domain name servers
Step one: Turn off the firewall and core protection and install bind
systemctl stop firewalld.service setenforce 0 yum install bind bind-utils.x86_64 -y
Step 2: Modify the first virtual machine The regional configuration of the machine (the one intended to be the main server)
vim /etc/named.rfc1912.zones allow-transfer {192.168.136.11;}; //Allowed host IP
Step 3: Set the configuration of the slave server
vim /etc/named.conf
Step 4: Add the configuration file of the slave server
vim /etc/named.rfc1912.zones
zone "clx.com" IN { type slave; //Slave server type setting file "clx.com.zone"; //provided by the host masters { 192.168.136.133; }; //The file is stored under /var/named/slaves };
Step 5: Save and exit the startup service (if there is an error, check the log for troubleshooting)
systemctl start named
Step 6: Test
echo "nameserver 192.168.136.11" > /etc/resolv.conf #Point DNS to yourself host www.clx.com hostftp.clx.com
Summary:
1. Understand the components of a domain name
2. Understand the principles of recursive query and iterative resolution in domain name resolution
3. Learn to configure forward and reverse domain name resolution
4. Successfully configured the master and slave domain name resolution servers