DNS domain name resolution service
Domain name resolution is a service that points the domain name to the website space IP so that people can easily access the website through the registered domain name. An IP address is a digital address that identifies a site on the network. In order to facilitate memory, a domain name is used to replace the IP address to identify the site address. Domain name resolution is the process of converting domain names to IP addresses. The resolution of the domain name is done by the DNS server.
Domain name resolution is also called domain name pointing, server settings, domain name configuration, reverse IP registration and so on. To put it simply, the easy-to-remember domain name is resolved into an IP. The service is completed by the DNS server, which resolves the domain name to an IP address, and then binds a subdirectory to the domain name on the host of this IP address.
The addresses in the Internet are digital IP addresses, and the main purpose of domain name resolution is to facilitate memory.
Article Directory
BIND domain name service basics
DNS service software BIND (Berkeley Internet Name Domain, Berkeley Internet Domain Name)
service: can be easily understood as the main configuration file + running script
The role and type of DNS system
The role of the DNS system The role of the
DNS system in the network is to maintain an address database, which records the correspondence between various host domain names and IP addresses, so as to provide client programs with forward or reverse address query services, and forward Resolution and reverse resolution
Forward resolution: Find the corresponding IP address according to the host name (domain name, such as www.baidu.com)
Reverse resolution: (used during general maintenance) Find
the distribution of the corresponding host domain name DNS system according to the IP address data structure
type of the DNS system
in fact, each DNS server is only responsible for managing correspondence between host names and IP addresses within a limited range (or a few fields), the specific DNS domain or IP address of said segment is a "zone" (area)
depending on the direction of address resolution, forward the DNS zone corresponding divided area (including the domain name to resolve the IP address records,) and reverse regions (comprising the IP address to the domain name resolution records)
in accordance with the The source of the managed area data is different, and the DNS system can be divided into different types.
The same DNS server has different identities relative to different regions.
Common types of
cache domain name servers
only provide the function of caching domain name resolution results to improve query speed and efficiency, but there is no regional address data under self-control.
When constructing a cache domain name server, you must set the root domain or designate another DNS server as the source of resolution. The
main domain name server
maintains the address database of a specific DNS zone, has autonomous control over the resolution records therein, and is the only authoritative server that exists in the specified zone , The official server.
When constructing the main domain name server, you need to create the address data file of the area in charge.
From the domain name server
Provides exactly the same DNS resolution service as the main domain name server, and is usually used for hot backup of the DNS server.
When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area
BIND installation files
BIND is not the only DNS service program that can provide domain name services, but it is the most widely used. BIND can run on most Linux/UNIX hosts.
BIND
related software
packages. The role of software packages
bind provides the main programs and related files for domain name services.
bind-utils provides test tools for DNS servers. For example,
bind-libs such as nslookup provides bind. The library function
bind-chroot that bind-utils needs to use provides a fake root directory (/var/named/chroot) for the BIND service. To improve the security of the
BIND server-side program
Main execution program: /usr/sbiin/named
Default listening port: 53
Main configuration file: /etc/named.conf
The data file that saves DNS resolution records is located at: /var/named/
BIND configuration file
[root@localhost ~]# rpm -qc bind View the configuration file location
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named. root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/ named.loopback
The named.conf main configuration file
Global configuration section
Set the global parameters of the DNS server,
including the listening address/port, the default location of the data file, etc.
Use the configuration section of options{...};
[root@localhost ~]# vim /etc/named.conf
options { listen-on port 53 {any; }; listen-on-v6 port 53 {::1; }; directory “/var/named”; … omit content allow-query {any; }; } Regional configuration settings This server provides specific DNS zones for domain name resolution, including domain names, server roles, data file names, etc. Use zone "zone name" IN{...}; configuration section [root@localhost ~]# vim /etc/named.rfc1912.zones is positive To resolve zone "hewei.com" IN { type master; file "hewei.com.zone"; allow-update {none; }; };
Reverse analysis
zone "10.168.192.in-addr.arpa" IN { type master; file "weihe.com.zone"; allow-update {none; }; }; zone data configuration file
Domain name resolution record
Address resolution record is used to set the domain name and IP address mapping relationship in the DNS zone, including forward resolution record and reverse resolution record
NS domain name server (Name Server) record
MX mail exchange (Mail Exchange) record
A address (Address ) Record, only used for
CNAME alias (Canonical Name) record in the forward analysis zone.
Reverse zone data file.
In the reverse zone data file, the A address record is not used, but the PTR pointer (point) record is used.
DNS experiment
Forward analysis
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cd /var/named
[root@localhost named]# cp named.localhost hewei.com.zone
[root@localhost named]# vim hewei.com.zone
[root@localhost named]# setenforce 0
[root@localhost named]# iptables -F
[root@localhost named]# systemctl start named
[root@localhost named]# echo "nameserver 20.0.0.41" > /etc/resolv.conf
[root@localhost named]# host www.hewei.com
www.hewei.com has address 192.168.100.99
[root@localhost named]# host ftp.hewei.com
ftp.hewei.com has address 192.168.100.88
[root@localhost named]# host sisi.hewei.com
sisi.hewei.com has address 8.8.8.8
[root@localhost named]# host mail.hewei.com
mail.hewei.com has address 192.168.100.77
Reverse analysis
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cd /var/named
[root@localhost named]# cp -p hewei.com.zone weihe.com.local
[root@localhost named]# vim weihe.com.local
[root@localhost named]# systemctl restart named
[root@localhost named]# host 192.168.100.99
99.100.168.192.in-addr.arpa domain name pointer ftp.weihe.com.
[root@localhost named]# host 192.168.100.88
88.100.168.192.in-addr.arpa domain name pointer www.weihe.com.
Master-slave replication
the Lord
[root@localhost ~]# yum -y install bind
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 20.0.0.41 netmask 255.255.255.0 broadcast 20.0.0.255
inet6 fe80::20c:29ff:fe0d:cb11 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0d:cb:11 txqueuelen 1000 (Ethernet)
RX packets 12118 bytes 16479863 (15.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3405 bytes 253992 (248.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
……
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/hewei.com.zone
[root@localhost ~]# vim /var/named/hewei.com.zone
[root@localhost ~]# systemctl start named
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# echo "nameserver 20.0.0.41" > /etc/resolv.conf
[root@localhost ~]# host www.hewei.com
www.hewei.com has address 192.168.100.100
From
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# vim /etc/named.rfc1912.zones
[root@localhost ~]# cd /var/named
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cd slaves
[root@localhost slaves]# ll
总用量 0
[root@localhost slaves]# systemctl start named
[root@localhost slaves]# ll
总用量 4
-rw-r--r--. 1 named named 268 7月 8 19:54 hewei.com.zone
[root@localhost slaves]# host www.hewei.com
www.hewei.com has address 150.129.42.39
Host www.hewei.com not found: 2(SERVFAIL)
www.hewei.com mail is handled by 16 www.hewei.com.
Separation analysis
[root@localhost ~]# yum -y install bind
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens36
[root@localhost network-scripts]# vim ifcfg-ens36
[root@localhost network-scripts]# systemctl restart network
[root@localhost named]# vim /etc/sysctl.conf 修改配置文件
net.ipv4.ip_forward=1 开启路由功能
[root@localhost network-scripts]# sysctl -p 让路由转发功能立即生效
[root@localhost network-scripts]# route -n 与数字形式查看路由信息
[root@localhost network-scripts]# vim /etc/named.conf
[root@localhost named]# vim /etc/named.rfc1912.zones
[root@localhost network-scripts]# vim /etc/named.conf
[root@localhost network-scripts]# cd /var/named/
[root@localhost named]# cp -p named.localhost hewei.com.lan
[root@localhost named]# vim hewei.com.lan
[root@localhost named]# cp -p hewei.com.lan hewei.com.wan
[root@localhost named]# vim hewei.com.wan
[root@localhost named]# systemctl restart named
[root@localhost named]# systemctl stop firewalld.service
centos7
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
win10
解析时出现Host xxxx not found: 2(SERVFAIL)
错误原因:
magedu.com.zone域文件权限不对
解决措施:
# chmod 640 magedu.com.zone
# chgrp named magedu.com.zone