dns domain name resolution
dns domain name resolution service
BIND domain name service basics
1. Definition of DNS
DNS is the English abbreviation of "domain name resolution". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. The DNS server uses TCP and UDP port 53, TCP port 53 is used to connect to the DNS server, and UDP port 53 is used to resolve DNS. The length limit of each level of the DNS domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters.
2. The role and class of DNS system
Forward resolution: Find the corresponding IP address based on the domain name
Reverse resolution: Find the corresponding domain name based on the IP address
3. Distributed data structure of DNS system
-
Domain name structure:
http://hostname.second-level domain.top-level domain.root domain./
http://www.baidu.com.cn./ -
The distributed tree structure is divided into root domain, top-level domain, second-level domain, subdomain, and host
- The root domain
is located at the top of the domain name space and is generally represented by a ""." - Top-level domains
generally represent a type of organization or country, such as .net (network provider), .com (industrial and commercial enterprises), .org (group organization), .edu (educational institution), .gov (government Department), .cn (Chinese national domain name) - The second-level domain is
used to indicate a specific organization in the top-level domain. The second-level domain names under the national top-level domain are managed by the national network department. For example, the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn , .Edu.cn - Subdomains The domains
at all levels created under the second-level domain are collectively referred to as subdomains. Each organization or user can freely apply for registration of their own domain - Host
Host is located at the lowest level of the domain name space. It is a specific computer
such as www and mail, which are specific computer names, which can be expressed by www.baidu.com.cn. and mail.baidu.com.cn. FQDN (Fully Qualified Domain Name), also the full name of this host in the domain name
DNS server type
1): Primary domain name server
Responsible for maintaining all domain name information in an area, it is the authoritative information source for all specific information, and the data can be modified. To construct the main domain name server, you need to create the address data file of the area in charge.
2): From the domain name server
When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server acts as a backup server to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself. It comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area.
3): Cache domain name server
It only provides the caching function of domain name resolution results to improve query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server, puts it in the cache, and uses it to respond when querying the same information later. The cache domain name server is not an authoritative server because all the information provided is indirect. When constructing a cache domain name server, you must set the root domain or specify other DNs servers as the source of resolution.
4): Forward domain name server
Responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache. If it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns the result that cannot be mapped.
BIND installation and configuration files
1. Install the bind package
yum install -y bind
2. Configure forward analysis
(1): First check the path of the configuration file to be modified
rpm -qc bind
/etc/named.conf
/etc/named.rfc1912.zones #区域配置文件(不建议直接修改,可以复制出来修改)
/var/named/named.localhost #区域数据配置文件
(2): Modify the main configuration file
vim /etc/named.conf
options {
listen-on port 53 { 192.168.199.30; }; #监听53端口,ip地址使用提供服务的本地ip,也可以用any表示所有
#listen-on-v6 port 53 { ::1; }; #ipv6如不使用可以注释掉或者删除
directory "/var/named"; #区域数据文件的默认存放位置
dump-file "/var/named/data/cache_dump.db"; #域名缓存数据库文件的位置
statistics-file "/var/named/data/named_stats.txt"; #状态统计文件的位置
memstatistics-file "/var/named/data/named_mem_stats.txt"; #内存统计文件的位置
allow-query { any; }; #允许使用本DNS解析服务的网段,也可以 用any代表所有
......
}
zone "." IN { #正向解析"."根区域
type hint; #类型为根区域
file "named.ca"; #区域数据文件为named.ca 记录了13台根域服务器的域名和IP地址等信息
};
include "/etc/named.rfc1912.zones"; #包含区域配置文件里的所有配置
(3) Modify the zone configuration file and add the forward zone configuration
vim /etc/named.rfc1912.zone #可在文件里有模板,可复制粘贴后修改
zone "muzi.com" IN { #正向解析“ruyi.com”区域
type master; #类型为主区域
file "muzi.com.zone"; #指定区域数据文件为benet.com.zone
allow-update { none; };
};
(4) Configure the forward zone data file
cd /var/named/
cp -p named.localhost muzi.com.zone #保留源文件的权限和属主的属性复制
vim /var/named/muzi.com.zone
$TTL 1D #设置缓存解析结果的有效时间
@ IN soa muzi.com. admin.muzi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS muzi.com. #记录当前区域的DNS服务器的名称
A 192.168.199.10 #记录主机IP地址
IN MX 10 mail.muzi.com. #MX为邮件交换记录,数字越大优先级越低
www IN A 192.168.199.10 #记录正向解析www.muzi.com对应的IP
mail IN A 192.168.199.11
ftp IN CNAME www #CNAME使用别名,ftp是www的别名
"*" IN A 192.168.199.100 #泛域名解析,“*”代表任意主机名
(5): Start the service, close the firewall
systemctl start named
systemctl stop firewalld
setenforce 0
#如果服务器启动失败,可以查看日志文件来排查错误
tail -f /var/log/messages
#如果服务器卡住,可以执行以下命令解决
rndc-confgen -r /dev/urandom -a
(6): Add the DNS server address in the domain name resolution configuration file of the client
vim /etc/resolv.conf #修改完后立即生效
nameserver 192.168.80.10
或
vi /etc/sysconfig/network-scripts/ifcfg-ens33 #修改完需要重启网卡
DNS=192.168.199.10
systemctl restart network
(7): Test DNS resolution
host ww.ruyi.com
nslookup www.benet.com
Separation analysis
The domain name server that separates resolution is actually the main domain name server, which mainly refers to providing different domain name resolution records according to different clients. For example, when clients from different network segment address areas of the intranet and the extranet request to resolve the same domain name, they will be provided with different resolution results to obtain different IP addresses.
Separation analysis experiment
First, we need to set up dual network cards for the gateway service, and add a network card when shutting down.
Then start to modify the main configuration file
vim /etc/named,conf
options {
listen-on port 53 { any; }; #监听本机或any'
#listen-on-v6 port 53 { ::1; }; #由于我们不使用ipv6所以这里我们将他注释掉
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #允许所有主机解析
Modify zone configuration file
vim /etc/named.rfc1912.zones
view "lan" {
match-clients { 192.168.199.0/24; };
zone "muzi.com" IN {
type master;
file "muzi.com.zone.lan";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "wan" {
match-clients { any; };
zone "muzi.com" IN {
type master;
file "muzi.com.zone.wan";
};
};
One thing to note here is that once we enable the view, all zones must be under the view, so we want the zone used by the system default self-check to also be placed under the view, or comment out or delete it. I am here. Directly deleted
Modify regional data configuration file
The regional data file has a template in the system. We can copy it directly and copy it to the configuration file we need to use. Since we are doing separate analysis experiments, we need one for the intranet and one for wai'w External network, so we copy two files, one lan for internal network and one wan for external network.
cd /var/named
cp -p named.localhost muzi.com.zone.lan
cp -p named.localhost muzi.com.zone.wan
Modify the lan file
We first enter this file
and then modify it,
vim muzi.com.zone.lan
$TTL 1D
@ IN SOA muzi.com. admin.muzi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS muzi.com.
A 192.168.199.30
www IN A 192.168.199.100 #内网主机通过解析www,muzi.com的地址得到192.168.199.100
Make changes to the wan file
To edit
vim muzi.com.zone.wan
$TTL 1D
@ IN SOA muzi.com. admin.muzi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS muzi.com.
A 12.0.0.1
www IN A 12.0.0.100 #外网主机通过解析www.muzi.com的地址得到12.0.0.1
For the above editing, we must not forget to turn off the server firewall, otherwise other hosts may not be able to obtain
Start service
systemctl restart named
Then we add the DNS server address to the domain name resolution configuration file of the internal and external network clients
echo "nameserver 192.168.199.30" >> /etc/resolv.conf #内网客户端
echo "nameserver 12.0.0.1" >> /etc/resolv.conf #外网客户端
* The configuration has been completed here.
Let's test. First test on the server's intranet and find that it can be resolved.
- Then enter the external network for testing.
We first change the ip of the external network to the ip we set, and then change the DNS server address.
- Then we enter cmd verification, enter nslookup, and get the analysis result
