Linux DNS forward resolution experiment
- DNS—Domain Name System
- DNS domain name structure
- DNS server type
- Construction of DNS domain name resolution server process
-
- 1. Install the bind package
- 2. Configure forward analysis
-
- ➤First check the path of the configuration file that needs to be modified
- ➤Modify the main configuration file: vim /etc/named.conf
- ➤Modify the zone configuration file and add the forward zone configuration: vim /etc/ named. rfc1912. zone
- ➤Configure the forward zone data file: vim /var/named/tk520.com.zone
- ➤Start the service, turn off the firewall
- ➤Add DNS server address in the client's domain name resolution configuration file
- ➤Test DNS resolution
DNS—Domain Name System
1. DNS definition: DNS is the English abbreviation of "Domain Name System". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet.
2. DNS port: DNS service uses TCP and UDP port 53, TCP port 53 is used to connect to the DNS server, and UDP port 53 is used to resolve DNS.
3. DNS domain name length restriction: each level of domain name length is restricted to 63 characters, and the total length of the domain name cannot exceed 253 characters
4. DNS function: forward resolution: find the corresponding IP address according to the domain name; reverse resolution: find the corresponding domain name according to the IP address
DNS domain name structure
The structure of the DNS system is a distributed data structure
1. Root domain: located at the top of the tree structure, represented by "."
2. Top domain: generally represents a type of organization or country;
such as .net (network provider) ), .com (business enterprise), .org (group organization), .edu (education structure), .gov (government department), .cn (Chinese national domain name)
3. Second-level domain: used to indicate one of the top-level domains For specific organizations, the second-level domain names under the national top-level domain are managed by the national department.
4. Subdomains: all levels of domains created under the second-level domains are collectively called subdomains. Each organization or user can freely apply for registration of their own domain names
. Host: The host is located at the lowest level of the domain name space and is a specific computer.
There is a many-to-one relationship between a domain name and an IP address. An IP address does not necessarily correspond to one domain name, and a domain name can only correspond to one IP address.
DNS server type
1. Primary domain name server: responsible for maintaining all domain name information in an area, it is the authoritative information source of all specific information, and the data can be modified. When constructing the main domain name server, you need to create the address data file of the area in charge.
2. Secondary domain name server: When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area.
3. Cache domain name server: only provides the cache function of domain name resolution results to improve query speed and efficiency, but there is no domain name database.
It obtains the result of each domain name server query from a remote server, puts it in the cache, and uses it to respond when querying the same information later. The cache domain name server is not an authoritative server because all the information provided is indirect. When constructing a cache domain name server, you must set the root domain or specify another DNS server as the source of resolution.
4. Forwarding domain name server: responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache. If it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns the result that cannot be mapped.
Construction of DNS domain name resolution server process
1. Install the bind package
yum -y install bind
2. Configure forward analysis
➤First check the path of the configuration file that needs to be modified
rpm -qc bind #Query the path where the bind software configuration file is located
/etc/named.conf #Main configuration file
/etc/named.rfc1912.zones #Zone configuration file/
var/named/named.localhost #Zone data configuration file
➤Modify the main configuration file: vim /etc/named.conf
View ifconfig
options { listen-on-v6 poet 53 {192.168.78.22; }; #Listen on port 53, the IP address uses the local IP that provides the service, and any can also be used to represent all listen-on-v6 port 53 {: :1; }; # If you do not use the ipv6 line, you can comment out or delete the directory “/var/named”; #The default storage location of the regional data file dump- file “/var/ named/data/cache_ dump. db”; #The location of the domain name cache database file statistics-file “/var/named/data/named stats.txt”; #location of status statistics file memstatistics-file “/var/named/data/named_ mem_ stats. txt”; #location of memory statistics file allow-query {any; }; #The network segment allowed to use this DNS resolution service, and any can also be used to represent all
zone "." IN {#forward analysis ". "root zone
type hint; #The type is the root zone
file "named.ca"; #The zone data file is named.ca, which records the domain names and IPs of 13 root zone servers Address and other information
};
include “/etc/ named. rfc1912. zones”; #Include all configurations in the zone configuration file
➤Modify the zone configuration file and add the forward zone configuration: vim /etc/ named. rfc1912. zone
zone "tk520. com" IN {#forward analysis "tk520.com" zone
type master; #Type master zone
file "tk520. com. zone"; ●The designated zone data file is tk520. com. zone
allow-update { none; };
};
➤Configure the forward zone data file: vim /var/named/tk520.com.zone
cd /var/named/
cp -p named.localhost tk520.com.zone #Keep the permissions of the source file and the attributes of the owner copy
vim /var/named/tk520.com.zone
$TTL 1D
#Set the effective time of the cached resolution result @ IN SOA tk520.com. admin.tk520.com. (
20210222; serial.
1D; refresh
1H; retry
1W; expire
3H ); minimum
NS tk520.com. #Record current The name of the DNS server of the zone
A 192.168.78.22
#Record the host IP address IN MX 10 mail.tk520.com. #MX is the mail exchange record, the larger the number, the lower the priority
www IN A 192.168.78.22 #Record forward resolution www The IP corresponding to .benet.com
mail IN A 192.168.78.66
ftp IN CNAME www #CNAME uses an alias, ftp is an alias of www
- IN A 192.168.78.88 #Pan domain name resolution, "*" represents any host name
➤Start the service, turn off the firewall
systemctl start named
systemctl stop firewalld
setenforce 0
tail /var/log/ messages
#If the service fails to start, you can check the log file to troubleshoot errors. rndc -confgen -r /dev/urandom -a #If the service starts to get stuck, you can execute this command solve
➤Add DNS server address in the client's domain name resolution configuration file
vi /etc/resolv.conf #nameserver
192.168.78.22
or
vi /etc/ sysconfig/network- scripts/ ifcfg-ens33 #After the modification, the network card needs to be restarted
DNS1=192.168.78.22
systemctl restart network
➤Test DNS resolution
host www.tk520.com
nslookup www.tk520.com Change
a win10 virtual machine to test:
Note: Win10 virtual machine settings
If you do not modify the win10 virtual machine network card configuration, the domain name URL in the real network will be resolved
