DNS
1. DNS overview
In daily life, people are accustomed to using domain names to access servers, but machines only recognize each other’s IP addresses. There is a many-to-one relationship between domain names and IP addresses.An IP address does not necessarily correspond to a domain name, butA domain name can only correspond to one IP address, The conversion between them is called domain name resolution. Domain name resolution needs to be completed by a dedicated domain name resolution server, and the whole process is automatic.
1.1 Introduction to DNS
- The Domain Name System (English: Domain Name System, abbreviation: DNS) is a service of the Internet. It serves as a mapping between domain names and IP addressesDistributed database, Enabling people to access the Internet more conveniently.
- DNS usageTCPwithUDPof53Port, TCP port 53 is used to connect to the DNS server , UDP port 53 is used to resolve DNS .
- The length of each first-level domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.
1.2 The distributed data structure of DNS
-
The top level of the tree structure is called the root domain, which is indicated by ".". The corresponding server is called the root server, and the entire domain name space resolution power belongs to the root server.
-
But the root server cannot bear the huge load. It adopts the "delegation mechanism" to set up some top-level domains under the root domain, and then delegates the resolution power of different top-level domains to the corresponding top-level domain servers (such as delegating the resolution power of the com domain to com domain server, in the future, whenever the root server receives a domain name resolution request ending with com, it will forward it to the com domain server)
-
In the same way, in order to reduce the pressure on top-level domains, a number of second-level domains are set up, and second-level domains are set up with third-level domains or hosts.
1.3 Domain name structure
http://www.sina.com.cn./
http://hostname.second-level domain.top-level domain root domain/
根域
位于域名空间最顶层,一般用一个" . "表示
顶级域
一般代表一种类型的组织机构或国家地区,
如 .net (网络供应商)、.com(工商企业)、.org(团体组织)、.edu(教育机构)、.gov (政府部门)、.cn(中国国家域名)
二级域
用来标明顶级域内的一个特定的组织,国家顶级域下面的二级域名由国家网络部门统一管理,
如.cn顶级域名下面设置的二级域名: .com.cn、.net.cn、.edu.cn(中国网络部门管理的特定机构)
子域
二级域下所创建的各级域统称为子域,各个组织或用户可以自由申请注册自己的域名
主机
主机位于域名空间最下层,就是一台具体的计算机
如www.mail都是具体的计算机名字,可用www.sina.com.cn.、mail.sina.com.cn.来表示,这种表示方式称为FQDN(完全合格域名),也是这台主机在域名中的全名
1.4 DNS domain name resolution method
- Forward resolution: Find the corresponding IP address according to the domain name
- Reverse resolution: Find the corresponding domain name based on the IP address
1.5 DNS server type
-
Primary domain name server : responsible for maintaining all domain name information in an area, it is the authoritative information source for all specific information, and the data can be modified. When constructing the main domain name server, you need to create the address data file of the area in charge.
-
Secondary domain name server : When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area.
-
Cache domain name server : It only provides the function of caching the results of domain name resolution to improve query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server, puts it in the cache, and uses it to respond when querying the same information later. The cache domain name server is not an authoritative server because all the information provided is indirect. When constructing a cache domain name server, you must set the root domain or specify another DNS server as the source of resolution.
-
Forwarding domain name server : responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache. If it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns the result that cannot be mapped.
2. Steps to construct DNS domain name resolution server
2.1 Configure forward analysis
You need to mount the image before installing the package
①Install the bind software package
yum -y install bind ②Query the
path of the bind software configuration file
rpm -qc bind ③Close the
firewall
systemctl stop firewalld.service
setenforce 0 ④Modify the
main configuration file
vim /etc/named.conf
options {
listen-on-v6 poet 53 { 192.168.153.10; }; #监听53端口,IP地址使用提供服务的本地IP,也可用any代表所有
listen-on-v6 port 53 { : :1; }; #ipv6行如不使用可以注释掉或者删除
directory "/var/named"; #区域数据文件的默认存放位 置
dump- file "/var/ named/data/cache_ dump . db"; #域名缓存数据库文件的位置
statistics-file "/var/named/data/named stats.txt"; #状态统计文件的位置
memstatistics-file "/var/named/data/named_ mem_ stats. txt"; #内存统计文件的位置
allow-query { any; }; #允许使用本DNS解析服务的网段,也可用any代表所有
zone "." IN { #正向解析“. "根区域
type hint; #类型为根区域
file "named.ca"; #区域数据文件为named.ca,记录了13台根域服务器的域名和IP地址等信息
vim /etc/named.conf
pay attention to semicolons and spaces, don't move!!
⑤Modify the area configuration file and add the forward area configuration
vim /etc/ named. rfc1912. zone #可在文件里有模版,可复制粘贴后修改
zone "acc. com" IN { #正向解析"acc.com"区域
type master; #类型为主区域
file "acc. com. zone"; #指定区域数据文件为acc. com. zone
allow-update { none; };
};
vim /etc/named.rfc1912.zones
⑥Configure the forward area data file
cd /var/named/
cp -p named. localhost .com.zone #保留源文件的权限和属主的属性复制
vim /var/named/lic.com.zone
$TTL 1D #设置缓存解析结果的有效时间
@ IN SOA acc.com. admin.lic.com. (
0; serial .
1D; refresh
1H; retry
1W; expire
3H ) ; minimum
NS acc.com. #记录当前区域的DNS服务器的名称
A 192.168.153.10 #记录主机IP地址
IN MX 10 mail.acc.com. #MX为邮件交换记录,数字越大优先级越低
www IN A 192.168.153.10 #记录正向解析www.acc.com对应的IP
mail IN A 192.168.153.20
ftp IN CNAME www #CNAME使用别名,ftp是www的别名
* IN A 192.168.153.30 #泛域名解析,“*"代表任意主机名
change into:
⑦Start the service
Add the DNS server address systemctl start named vim /etc/resolv.conf in the domain name resolution configuration file of the client
rndc-confgen -r /dev/urandom -a 如果服务启动卡住,可以执行此命令解决
⑧Test DNS resolution
2.2 Configure reverse analysis
The main configuration file can be modified the same as the forward analysis
①Modify the zone configuration file and add the reverse zone configuration
vim /etc/named.rfc1912.zone #文件里有模版,可复制粘贴后修改
zone "153.168.192.in-addr.arpa" IN { #反向解析的地址倒过来写,代表解析192.168.153段的地址
type master;
file "acc.com.zone.local"; #指定区域数据文件为acc.com. zone.local
allow-update ( none; );
};
②Configure the reverse zone data file
cd /var/named/
cp -p named.localhost acc.com. zone.local
vim /var/named/acc.com. zone. local
$TTL 1D
@ IN SOA acc.com. admin.acc.com. ( #这里的“@"代表192.168.153网段地址
........
NS benet.com.
А 192.168.153.10
10 IN PTR www.acct.com.
20 IN PTR mail.acc.com.
#PTR为反向指针,反向解析192.168.153.10地址结果为www.acc.com.
③Close the firewall
④ Restart the service and you can reverse the domain name
2.4 Configure master-slave server
This experiment requires two virtual machines (one master and one slave, the master server can use the one in the experiment above)
2.4.1 Configure the main server
①Edit area configuration file
②Specify the DNS address of the slave server
2.4.2 Configure the slave server (the second virtual machine)
Mount the image and install the software package before configuration
①Edit the main configuration file
②Edit the zone configuration file
③Restart the service
2.4.3 Test DNS service
2.4 Set up a separate DNS server
The domain name server that separates resolution is actually the main domain name server, which mainly refers to providing different domain name resolution records according to different clients. For example, when clients from different network segment address areas of the intranet and the extranet request to resolve the same domain name, they will provide them with different resolution results and get different IP addresses.
Experimental requirements: Configure gateway server to build DNS separation resolution
Set up separate DNS resolution on the gateway server, so that the local network host resolves www.benet.com as 192.168.80.200, and the external host resolves www.benet.com as 12.0.0.1.
This experiment requires a CentOS7 virtual machine and a win10 virtual machine
2.4.1 Configure CentOS7 virtual machine
Mount the image, install the software package
①Configure dual network cards for the gateway server.
Turn off the virtual machine and add a network card, then open the virtual machine
ifconfig to check the status of the network port, and check the name of the new network card. ②Configure the new network
card
③Modify the main configuration file
"G" switch to the bottom of the main configuration file, you will see a section with the beginning of "zone", you need to add #comment out and delete it directly
④Modify the regional configuration file
⑤Edit regional data configuration file
Intranet:
External network:
⑥Close the system firewall, open the DNS service, and test
2.4.2 Configure win10 virtual machine
success