CenOS7 operation and maintenance-DNS domain name resolution service
1. The role of the DNS system
►Forward resolution: Find the corresponding IP
address according to the domain name
►Reverse resolution: IP
Find
the distributed data structure of the corresponding domain name DNS system according to the address
Every grain of sand on the earth can be represented by IPV6
DNS service uses TCP and UDP 53
ports
►TCP 53
port is used to connect to the DNS server
►UDP 53
port is used to resolve DNS
Second, the structure of the domain name
www.exmple.com.cn.
hostname| subdomain| second-level domain name| top-level domain name| root domain
► domain name length limit for each level is 63
one character
► total domain length cannot exceed 253
characters
The "." behind cn is generally not displayed, and the system will automatically add it, indicating the root domain
Root area
Located at the top level of the domain name space, a "." is generally used to indicate the root domain
Top-level domain
Generally represents a type of organization or country
Secondary domain
Used to indicate a specific organization in the top-level domain. The second-level domain names under the national top-level domain are managed by the national network department.
Child area
The domains at all levels created under the second-level domains are collectively referred to as subdomains, and each organization or user can freely apply for registration of their own domain name
Host
The host is located at the lowest level of the domain name space, which is a specific computer
►Delegated operation
If there is no local DNS server to help resolve it,
from the root domain to the top-level domain to the second-level domain and finally to the subdomain or host
Three, DNS server type
►Primary Domain Name Server
Responsible for maintaining all domain name information in an area, it is the authoritative information source for all specific information, and the data can be modified. When constructing the main domain name server, you need to create the address data file of the area in charge by yourself
►From the domain name server
When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area
►Cache Domain Name Server
Only provide domain name resolution result caching function
► Forwarding domain name server
Responsible for local queries of all non-local domain names
Four, BIND installation and configuration
BIND is a mainstream analysis software
►Install via YUM
yum -y install bind
►Profile
Configure forward resolution
①Check the path of the configuration file that needs to be modified first
- Execution program /usr/sbin/named
- Configuration file /etc/named.conf
- Parse record /var/named/
- Template file [Function: Copy reference] var/named/named.localhost
- Zone configuration file /var/named.rfc1912.zones
②Modify the main configuration file
options{
@ listen-on port 53 {
any 或者 IP地址;};
#监听53端口
directory
#区域数据文件默认存储位置
dump-file
#域名缓存数据库文件的位置
statistics-file
#状态统计文件的位置
memstatistics-file
#内存统计文件的位置
@ allow-query {
IP网段;IP网段;};
#允许使用本DNS解析服务的网段[可用any]
};
Can be listen-on-v6 port 53 { ::1; };
commented [IPV6]
Five, forward analysis
zone "." IN{
#正向解析根区域
type hint #类型为根区域
file "named.ca"
};
include "/etc/named.rfc1912.zones"
①Modify the area configuration file and add the forward area configuration
vim /etc/named.rfc1912.zones
#文件里模板,可复制粘贴后修改
zone "uthome.cn" IN{
type master; #正向解析"uthome.cn"区域
file "uthome.cn.zone" #类型为著区域
allow-update {
none;};
#指定区域数据文件为uthome.cn.zone
};
②Configure the forward area data file
cd /var/named/
cp -p named.localhost cathomeowo.cn.zone
vim /var/named/cathomeowo.cn.zone
$TTL ID #有效解析记录的生存周期
@ IN SOA cathomeowo.cn. (
#@符号表示当前的DNS区域名
0 ; #serial 更新序列号
1D ; #retry 刷新时间
1H ; #refresh重试延时
1W ; #expire 失效时间
3H) ; #minimum无效解析记录的生存周期
NS cathomeowo.cn. #记录当前区域的DNS服务器的名称
A xxxIP #记录主机IP地址
IN MX 10 mail.xxx.xxx #邮箱交换记录,数字越大越优低
www IN A xxxIP #记录正向解析www.benet.con对应的IP
ftp IN CHAME www #CNAME使用别名,ftp时www的别名
* IN A xxxIP #泛域名解析,"*"代表任意主机名
③Start verification
systemctl start named
systemctl stop firewalld.service
setenforce 0
netstat -anpu | grep named
vim /etc/resolv.conf
修改默认DNS为192.168.222.4
host cathomeowo.cn
④Visit with Win10 on LAN
Set the DNS address to 192.168.222.4
nslookup 域名 //开始验证
Six, reverse analysis
①Modify the zone configuration file and add the reverse zone configuration
vim /etc/named.rfc1912.zones
// 192.168.222.0 反向则是 222.168.192
zone "222.168.192.in-addr.arpa" IN {
type master;
file "cathomeowo.cn.local";
allow-update {
none; };
};
②Configure the reverse zone data file
cd /var/named/
cp -p cathomeowo.cn.zone cathomeowo.cn.local
$TTL 1D
@ IN SOA @ cathomeowo.cn. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS cathomeowo.cn.
A 192.168.222.4
4 IN PTR www.cathomeowo.cn
# 4是192.168.222.4的意思
# RTP反向指针 功能:反向解析
③Start verification
systemctl restart named
host 192.168.222.4
// 将会反向解析出域名www.cathomeowo.cn
④Visit with Win10 on LAN
nslookup IP
Reverse resolve domain name by address
Seven, master-slave server
The role of the slave server is to synchronize the parsed file of the master server [Hot Standby]
①Modify the configuration file
allow-transfer
Allow transfer
allow-updata
Allow dynamic update
vim /etc/ named. rfc1912. zone
zone "cathomeowo.cn" IN {
type master;
file "cathomeowo.cn.zone";
#allow-update { none; };
allow-transfer {
192.168.222.40; };
#将allow-updata改为transfer
#allow-transfer为允许转让
#{}的值为从服务器的DNS
};
zone "222.168.192.in-addr.arpa" IN {
type master;
file "cathomeowo.cn.local";
#allow-update { none; };
allow-transfer {
192.168.222.40; };
};
②Add the DNS address of the slave server
Set the DNS from the server as the client
vim /etc/resolv.conf
nameserver 192.168.222.4 #主服务器
nameserver 192.168.222.40 #从服务器
③Configure from the server host
vim /etc/named.conf
listen-on port 53{}
Change any
allow-query{}
the median value to the median valueany
vim /etc/named.rfc1912.zones
type {}
The value to slave
be allow-updata{}
changed to masters{}
masters{}
the value based server DNS
address
file {}
values"slaves/xxx"
④Start verification
systemctl restart named #此时会在目录中生成一个slave
►When Win10 only uses the primary DNS
►At this time, after we close the main DNS
⑤Realize master-slave real-time update
►Enter the main server main configuration file
to add in forward and reverse analysisalso-notify { 从IP; };
vim /etc/named.rfc1912.zones
zone "ut.cn" IN {
type master;
file "xx.xx.zone";
also-notify {
192.168.222.200; };
allow-transfer {
192.168.222.200; };
};
►Enter the master server to analyze the configuration file, the
serial
value is greater than the slave server
$TTL 1D
@ IN SOA xx.xx. admin.xx.xx. (
2077 ; serial
#默认为0修改它
#不要大于10位数
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS xx.xx.
A 192.168.222.150
www IN A 192.168.222.155
Eight, separation analysis
According to different customers, Duan provides different domain name resolution records
- Intranet users provide intranet IP address
- External network users provide external network IP address
Provide DNS separation service on the gateway server
①Modify the configuration file
vim /etc/named.rfc1912.zones
view "lan"{
match-clients {
192.168.222.0/24; };
zone "cathomeowo.cn" IN {
type master;
file "cathomeowo.cn.zone.lan";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "wan"{
match-clients {
any; };
zone "cathomeowo.cn" IN {
type master;
file "cathomeowo.cn.zone.wan";
};
};
②Create internal and external network analysis files
cp -p named.localhost cathomeowo.cn.lan
1D
@ IN SOA cathomeowo.cn. admin.cathomeowo.cn. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS cathomeowo.cn.
A 192.168.200.100
www IN A 192.168.200.200
cp -p named.localhost cathomeowo.cn.wan
TTL 1D
@ IN SOA cathomeowo.cn. admin.cathomeowo.cn. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS cathomeowo.cn.
A 12.0.0.1
www IN A 12.0.0.100
③Start verification
Enter the Linux of the intranet client
echo "nameserver 192.168.222.100" >> /etc/resolv.conf
Enter the external network client Win10
nslookup www.cathomeowo.cn
Troubleshooting ideas
①There is no file in the slaves folder from the server
►Open named.rfc1912.zones
file
vim /etc/named.rfc1912.zones
zone "exmple.com" IN {
type slave;
file "slaves/exmple.com";
masters {
192.168.1.1; } ;
};
//type 类型为 slave
//file 文件路径为 slaves/xxx
►Change the group of slaves folder tonamed
cd /var/named/
chown named:named slaves
②Host IP not found: 3(NXDOMAIN)
►Modify the DNS address of this machine
- Enter the network card configuration file
- Enter to
resolv.conf
addnameserver
vim /etc/sysconfig/network-scripts/ifcfg-ens33
vim /etc/resolv.conf
►Turn off firewall and SeLinux
CentOS7 service optimization