Article Directory
1. DNS information
1.1 DNS domain name system
The Domain Name System (English: Domain Name System, abbreviation: DNS) is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. DNS uses TCP and UDP port 53. Currently, the limit for the length of each level of domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters.
Domain name resolution:
When a machine a sends a domain name resolution request to its domain name server A, if A can resolve it, it will send the resolution result to a, otherwise, A will send a resolution request to its superior domain name server B, if B can resolve it , The analysis result is sent to a, if B cannot be resolved, the request is sent to the higher-level domain name server C, and so on, until the resolution is complete.
1.2 DNS term explanation
1.2.1 Client
- DNS points to the file:/etc/resolv.conf
nameserver 172.25.254.127
- Address resolution command:
host www.baidu.com
- Detailed address resolution information command:
dig www.baidu.com
The dig command is a commonly used domain name query tool, which can be used to test whether the domain name system is working properly.
@<server address> | Specify the domain name server for domain name resolution; |
-b<ip address> | When the host has multiple IP addresses, specify which IP address of the host is used to send domain name query requests to the domain name server; |
-f<file name> | Specify dig to run in batch mode, and the specified file saves the DNS task information that needs batch query; |
-P | Specify the port number used by the domain name server; |
-t<type> | Specify the type of DNS data to be queried; |
-x<IP address> | Perform reverse domain name lookup; |
-4 | Use IPv4; |
-6 | Use IPv6; |
-h | Display instruction help information |
#网络类型:
IN:表示网络是Internet
#基本记录:
A:ip地址叫做域名的Address 记录
AAAA:域名到IPV6的映射
PTR:Printer,反向,ip到域名
#可选记录:
MX:代表域内的邮件服务器
CNAME:域名的别名
#区记录:
SOA:start of authority ,授权起始主机(标示域内主dns服务器)
NS:代表域内的dns服务器,标示授权子域
- DNS domain name space structure
As a hierarchical structure and distributed database, the domain name system contains various types of data, including host names and domain names. The names in the DNS database form a hierarchical tree structure called the domain namespace
|
|
|
|
|
|
|
|
1.2.2 Server
- Installation package:bind
- service name:named
- Main configuration file:/etc/named.conf
- Data directory:/var/named
- port:53
1.2.3 Error message
- no servers could reached:
服务无法访问 (服务是否开启 火墙 网络 端口)
- Service restart failed: wrong configuration file
dig
Check status
NOERROR #表示查询成功
REFUSED #服务拒绝访问
SERVFAIL #查询记录失败,(dns服务器无法到达上级,拒绝缓存)
NXDOMAIN #此域名A记录在dns中不存在
2. Installation and startup of DNS service
- Install DNS
dnf install bind.x86_64 -y
- Start DNS
systemctl enable --now named.service #启动服务
firewall-cmd --permanent --add-service=dns #在火墙中添加dns设定
firewall-cmd --reload #更新火墙规则
vim /etc/named.conf
: Modify the configuration file
listen-on port 53 {
any; }; #在本地所有网络接口上开启53端口
allow-query {
any; }; #允许查询A记录的客户端列表
dnssec-validation no; #禁用dns检测,使dns能够缓存外部信息到本机
systemctl restart named
: Restart service
3. High-speed DNS resolution
Experimental environment:
DNS server: node1: 192.168.43.101
client: node2: 192.168.43.111
3.1 Server configuration
vim /etc/named.conf
: Modify the DNS main configuration file
forwarders {
114.114.114.114; }; #转发目的DNS服务器IP地址
systemctl restart named
: Restart service
3.2 Client configuration and detection
vim /etc/resolv.conf
: Modify DNS pointing
nameserver 192.168.43.101 #DNS主机IP
dig www.baidu.com
(After the first client host digs, other client hosts dig again, very fast)
4. DNS forward resolution (1)
Forward resolution: Find the corresponding IP address based on the host name (domain name)
Experimental environment:
DNS server: node1: 192.168.43.101
client: node2: 192.168.43.111
4.1 Forward analysis (1) server side
vim /etc/named.rfc1912.zones
: Definition area file
zone "XXX" IN {
#维护的域名(定义对XXX的解析)
type master; #当前服务器位 主DNS
file "XXX.zone"; #域名A记录文件名(解析配置文件名)
allow-update {
none; }; #允许更新主机列表
};
-
cp -p /var/named/named.localhost /var/named/XXX.zone
: Copy the pointing file template to the custom analysis file -
vim /var/named/XXX.zone
: Edit custom forward analysis file
cp -p /var/named/named.localhost /var/named/westos.org.zone
vim /var/named/westos.org.zone
# dns=dns.westos.org
# dns.westos.org.=dns.westos.org
$TTL 1D #TIME-TO-LIVE(DNS地址保存时间长长度)
@ IN SOA dns.westos.org. westos.westos.org. (
# @代替westos.org(写全域名后必须有".")
#SOA 授权起始(Start of Authority)
0 ; serial #域名版本序列号
1D ; refresh #刷新间隔
1H ; retry #重试间隔
1W ; expire #过期间隔(查询失败后超过一周,停止应答)
3H ) ; minimum #记录最短有效期
NS dns.westos.org. #NS记录,授权的子域
dns A 192.168.43.101
www A 192.168.43.222 #A:Address 正向解析记录
systemctl restart named
: Restart service
4.2 Forward Analysis (1) Client
dig dns.westos.org
dig www.westos.org
dig hello.westos.org
: The domain name does not exist, and the resolution failed
5. DNS forward resolution (2)
In this experiment, when the domain name is the same but the IP address is different, the addresses resolved by dig will be changed in turn
Experimental environment:
DNS server: node1: 192.168.43.101
client: node2: 192.168.43.111
5.1 Forward analysis (2) server side
vim /var/named/westos.org.zone
: Edit custom forward analysis file
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 192.168.43.101
www A 192.168.43.111
bbs CNAME test.westos.org.
test A 192.168.43.222
test A 192.168.43.233
systemctl restart named
: Restart service
5.2 Forward Analysis (2) Client
dig bbs.westos.org
===> 111 and 222 transformation
dig test.westos.org
===> 111 and 222 transformation
6. DNS forward resolution (3) mail resolution
Experimental environment:
DNS server: node1: 192.168.43.101
client: node2: 192.168.43.111
6.1 DNS mail resolution server
vim /var/named/westos.org.zone
: Edit custom forward analysis file
$TTL 1D
@ IN SOA dns.westos.org. westos.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A 192.168.43.101
www A 192.168.43.111
bbs CNAME test.westos.org.
test A 192.168.43.222
test A 192.168.43.233
westos.org. MX 1 192.168.43.101. #邮件解析记录
systemctl restart named
: Restart service
6.2 DNS mail resolution client
dig -t mx westos.org
: Query DNS mail type (success!)
dnf install postfix mailx -y
: Install the corresponding tools
postfix: mail server
mailx: mail sending tool
systemctl start postfix.service
: Open mail servicefirewall-cmd --permanent --add-port=25/tcp
: Permanently add port 25 in the firewallfirewall-cmd --reload
: Update firewall rulesmail [email protected] 发送邮件
("." + carriage return email sent)
7. DNS reverse resolution
Reverse resolution: Find the corresponding host domain name based on the IP address;
Experimental environment:
DNS server: node1: 192.168.43.101
client: node2: 192.168.43.111
7.1 Reverse analysis server side
vim /etc/named.rfc1912.zones
: Definition area file
zone "43.168.192.in-addr.arpa" IN {
#定义对192.168.43.XXX的解析(IP反着写)
type master; #当前DNS服务器位
file "192.168.43.ptr"; #反向解析配置文件名
allow-update {
none; }; #允许更新主机列表
};
cp -p /var/named/named.loopback /var/named/192.168.43.ptr
: Copy the pointing template file to the custom reverse analysis filevim /var/named/192.168.43.ptr
: Edit a custom reverse analysis file
$TTL 1D
@ IN SOA dns.westos.org. lee.westos.org. (
0 ; serial #域名版本序列号
1D ; refresh #刷新间隔
1H ; retry #重试间隔
1W ; expire #过期间隔
3H ) ; minimum #记录最短有效期
NS dns.westos.org. #NS记录,授权的子域
dns A 127.0.0.1
111 PTR www.westos.org. #PTR记录,反向解析
systemctl restart named
: Restart service
7.2 Reverse analysis client
dig -x 192.168.43.111
: Reverse resolution (resolve the domain name of this IP)