DNS domain name resolution service for Linux
table of Contents
Narrator: In daily life, people are used to using domain names to access servers, but machines only recognize IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and one domain name only It can correspond to an IP address. The conversion between them is called domain name resolution. Domain name resolution needs to be completed by a dedicated domain name resolution server. The whole process is automatic.
1. The role of the DNS system
1. DNS definition: It is the English abbreviation of Domain Name System. It serves as a distributed database that maps domain names and IP addresses to each other, enabling people to access the Internet more conveniently
2. The DNS service uses TCP and UDP port 53, TCP port 53 is used to connect to the DNS server, and UDP port 53 is used to resolve DNS
3. The length limit of each level of domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters
4. DNS domain name resolution method
Forward resolution: Find the corresponding IP address according to the domain name
Reverse resolution: Find the corresponding domain name based on the IP address
5. Distributed data structure of DNS system
6. Domain name structure:
http://www.sina.com.cn./
http://hostname.second-level domain.top-level domain.root domain/
The top level of the tree structure is called the root domain, which is indicated by ".". The corresponding server is called the root server. The entire domain name space resolution power belongs to the root server, but the root server cannot bear the huge load. The “delegation” level is adopted. Some top-level domains are set up under the root domain, and then different top-level domain resolution powers are respectively delegated to the corresponding top-level domain servers. For example, the resolution power of the com domain is delegated to the com domain server, and the root server receives the domain name resolution ending with com. Requests will be forwarded to the com domain server. For the same reason, in order to reduce the pressure of the top-level domain, several second-level domains have been set up, and the second-level domains have also set up a third-level domain or host
The root domain is located at the top of the domain name space and is generally represented by a "."
Top-level domain-generally represents a type of organization or country
Such as .net (network provider), .com (business enterprise), .org (group organization), .edu (educational institution), .gov (government department), .cn (Chinese national domain name)
The second-level domain is used to indicate a specific organization in the top-level domain. The second-level domain names under the national top-level domain are managed by the national network department. For example, the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn, .edu.cn
Sub-domains-all levels of domains created under the second-level domains are collectively called sub-domains. Each organization or user can freely apply for registration of their own domain names
Host—The host is located at the lowest level of the domain name space and is a specific computer. For example, www and mail are specific computer names, which can be expressed by www.sina.com.cn. and mail.sina.com.cn. This way of expression is called FQDN (Fully Qualified Domain Name). Full name in the domain name
7. DNS server type
(1) Primary domain name server: responsible for maintaining all domain name information in an area, it is the authoritative information source of all specific information, and the data can be modified. When constructing the primary domain name server, you need to create the address data file of the responsible area.
(2) Slave domain name server: When the master domain name server fails, shuts down or is overloaded, the slave domain name server serves as a backup service to provide domain name resolution services. The resolution results provided by the slave domain name server are not determined by themselves, but come from the master domain name server. , When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area
(3) Cache domain name server: It only provides the cache function of domain name resolution results to improve query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and places it in the notification In the cache, it is used to respond when querying the same information in the future. The cache domain name server is not an authoritative server, because all the information provided is indirect information. When constructing the cache domain name server, you must set the root domain or specify another DNS server as the source of resolution
(4) Forwarding domain name server: Responsible for local queries of all non-local domain names. After receiving the query request, the forwarding domain name server searches in its cache. If it is not found, it forwards the request to the designated domain name server in turn, and finds the result directly So far, otherwise return a result that cannot be mapped
2. Steps to construct DNS domain name resolution server
1. DNS forward resolution
Install the bind package
yum install -y bind
1. Configure forward analysis
(1) First check the path of the configuration file that needs to be modified, here only a few configuration files that need to be modified
rpm -qc bind——————Query the path of the bind software configuration file
/etc/named.conf——————Main configuration file
/etc/named.rfc1912.zones————Zone configuration file
/var/named/named.loaclhost——————Regional Data Configuration File
(2) Modify the main configuration file
vim /etc/named.conf
options { listen-on port 53 {192.168.241.3; };———— Listen on port 53 , the ip address uses the local IP that provides the service, and any can also be used to represent all listen-on-v6 port 53 {::1; };— ———If you do not use ipv6, you can comment out or delete the directory “/var/named”;————The default storage location of the regional data file dump-file “/var/named/data/cache_dump.db”;——— —The location of the domain name cache database file statistics-file “/var/named/data/named_stats.txt”; —The location of the status statistics file memstatistics-file “/var/named/data/named_mem_stats.txt”; — —The location of the memory statistics file allow-query {any; }; — The network segment allowed to use this DNS resolution service, and any can also be used to represent all
……
}
zone "." IN {——————forward analysis "." root zone
type hint;——————The type is root zone
file "named.ca";——The zone data file is named.ca, The domain names and IP addresses of 13 root domain servers are recorded
};include "/etc/named.rfc1912.zones";————Include all the configurations in the zone configuration file
include "/etc/named.root.key";
(3) Modify the configuration file of the zone and add a positive zone configuration
vim /etc/named.rfc1912.zones————There are templates in the file, which can be modified after copying and pasting
zone "KB.com" IN {—————— Forward analysis of "KB.com" zone
type master;———————— Type master zone
file "KB.com.zone";——— ———The designated area data file is KB.com.zone
allow-update {none; };
};
(4) Configure the forward zone data file
cd / var / named
cp -p named.localhost KB.con.zone————Reserve the permissions of the source file and copy the attributes of the owner
vim /var/named/KB.com.zone
$TTL 1D—————————————— Set the effective time of cached resolution results
@ IN SOA KB.com admin.KB.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H ); minimum
NS KB.com.—————— Record the name of the DNS server of the current zone
A 192.168.241.3———— Record the host IP address
www IN A 192.168.241.3—————— Record forward resolution The IP corresponding to www.KB.com
mail IN A 192.168.241.4
ftp IN CNAME www———————— CNAME uses an alias, ftp is an alias of wwwx IN A 192.168.241.88——————* If you can’t type it, use x instead, pan-domain name resolution, * represents any host name
#"@"Here is a variable, the name of the current DNS zone
#SOA tag is used to synchronize the regional data of the master and slave servers, if the update sequence number is the same, it will not be updated
#"KB.com." This is a fully qualified domain name (FQDN), and there is a "." after it that cannot be omitted
#"admin.KB.com." means the administrator's mailbox, where "@" is a variable, so use "." instead
(5) Start the service and close the firewall
systemctl start named
systemctl stop firewalld
setenforce 0
If the service fails to start, you can check the log file to troubleshoot
tail -f /var/log/messages
If the service startup is stuck, you can execute the following command to solve
rndc-confger -r /dev/urandom -a
(6) Add the DNS server address in the client's domain name resolution configuration file
vim /etc/resolv.conf—————— Effective immediately after modification
nameserver 192.168.241.3
or
vim /etc/sysconfig/network-scripts/ifcfg-ens33——————restart the network card after modification
DNS1=192.168.241.3
systemctl restart network
(7) Test DNS resolution
host www.KB.com
nslookup www.KB.com
nslookup ftp.KB.com
nslookup abc.KB.com
(8) When parsing in windows, it should be noted that it must be in a VMnet with Linux,
2. Configure reverse analysis
(1) Modify the zone configuration file and add reverse zone configuration
vim /etc/named.rfc1912.zone #There are templates in the file, which can be modified after copying and pasting
zone"241.168.192.in-addr.arpa" IN{ #Reverse resolved address can be written over, representing the address of 192.168.241 segment
type master;
file "abc.com.zone.local"; Specify the zone data file as abc.com.zone.local
allow-update { none; };
};
(2) Configure reverse zone data file
cd / var / named
cp -p named.localhost abc.com.zone.local
vim abc.com.zone.local
PTR is a reverse pointer, the reverse analysis of 192.168.241.3 address results in www.abc.com
(3) Restart the service for testing
systemctl restart named
host 192.168.241.100
nslookup 192.168.241.100
3. Build a master-slave domain name server
1. Modify the zone configuration file of the primary domain name server, modify the forward and reverse zone configuration
vim /etc/named.rfc1912.zone
zone “abc.com” IN {
type master; #Type master area
file "abc.com.zone"; allow-transfer {192.168.241.4; }; Allow downloading of forward zone data from the server, add the IP address of the slave server here
};
zone “241.168.192.in-addr.arpa” IN{
type master;
file “abc.com.zone.q”;
allow-transfer { 192.168.241.4; };
}
2. Modify the master configuration file of the slave domain name server
yum -y install bind
vim /etc/named.conf
options { listen-on port 53 {any; }; #Listen on port 53, the IP address can be the local IP that provides the service, or any can be used to represent all
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var /named/data/named_mem_stats.txt";
allow-query {any; }; #The network segment that allows the use of local DNS resolution services, or any represents all
3. Modify the zone configuration file from the domain name server, add positive and negative zone configuration
vim /etc/named.rfc1912.zones
zone “abc.com” IN { type slave; #The type is from the zone file “slaves/abc.com.zone”; #The downloaded zone data file is saved to the slaves/ directory masters {192.168.241.3; }; #Specify the master The IP address of the server }; zone “241.168.192.in-addr.arpa” IN { type slave; file “slaves/abc.com.zone.q.local”; masters {192.168.241.3; }; };
4. Both the master and slave restart the service and check whether the area data file has been downloaded successfully
systemctl restart named
ls -l /var/named/slaves
5. Test
host 192.168.241.100
nslookup 192.168.241.100
6. Stop the service of the main server and simulate the main server failure
systemctl stop named
host 192.168.241.100
nslookup 192.168.241.100
4. Configure the gateway server to build separate DNS resolution
Set up separate DNS resolution on the gateway server, so that the local network host resolves www.abc.com to 192.168.241.100, and the external host resolves www.abc.com to 12.0.0.100
1. Configure dual network cards for the gateway server
Add another network card in the shutdown state and restart the system
ifconfig ens36 12.0.0.1/24
ifconfig
2. Install the bind package
yum -y install bind
3. Modify the main configuration file
vim /etc/named.conf
options { listen-on port 53 {any; }; #Listen to this machine or any
directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt" …
allow-query {any; }; #Allow all hosts to resolve
};
include “/etc/named.rfc1912.zones”;
4. Modify the regional configuration file
vim /etc/named.rfc1912.zone
view “lan” {#define intranet view, view represents container separation
match-clients {192.168.241.0/24; };
#match intranet network segment zone “abc.com” IN {#Set the area to be resolved
type master;
file “abc.com.zone.lan”; #data configuration file
};
zone “.” IN { #The root zone configuration can be cut from the main configuration file, dd+p
type hint; #hint is the root zone type
file "Named.ca";
};};
view “wan” {#define external network view
match-clients {any; }; #Match any address except the internal network segment,
zone “abc.com” IN { type master; file “abc.com.zone.wan” ; }; };
It should be noted here that once the view is enabled, all zones must be under the view, so the zone used by the system default self-check should also be placed under the view or deleted
5. Modify the regional data configuration file
cd / var / named
cp -p abc.com.zone abc.com.zone.lan
cp -p abc.com.zone abc.com.zone.wan
6, start the service
systemctl start named
7, internal and external network client test
nslookup www.abc.com
Intranet:
The external network test is simulated by windows, you need to set up windows before the simulation
