Linux-DNS domain name resolution service

1. DNS domain name resolution

1 Overview

In daily life, people are accustomed to using domain names to access servers, but machines only recognize each other's IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and one domain name can only correspond to each other. For an IP address, the conversion between them is called domain name resolution. Domain name resolution needs to be completed by a dedicated domain name resolution server, and the whole process is carried out automatically.
Definition of
DNS : DNS is the English abbreviation of "Domain Name System". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. DNS service uses rCP and UDP port 53, TCP port 53 is used to connect to DNs servers, and UDP port 53 is used to resolve DNS. The
domain name length limit for each level is 63 characters, and the total length of the domain name cannot exceed 253 characters. .

2. Way

Forward resolution: Find the corresponding IP address based on the domain name
Reverse resolution: Find
the distributed data structure of the corresponding domain name DNS system based on the IP address

3. Structure

Domain name structure:
http://www .sina.com.cn./
http://host name. Second-level domain. Top-level domain Root domain/
The top level of the tree structure is called the hate domain, which is represented by "." and the corresponding server The root server is called the root server. The entire domain name space resolution power belongs to the root server, but the root server cannot bear the huge load. The "delegation" mechanism is adopted to set up some top-level domains under the root domain, and then the resolution powers of different top-level domains are delegated to The corresponding top-level domain server, such as
delegating the resolution power of the
com domain to the com domain server, in the future, whenever the root server receives a domain name resolution request ending in com, it will forward it to the com domain server. For the same reason, in order to reduce the pressure on the top-level domain, Several second-level domains are set up, and the second-level domains are also set up third-level domains or hosts.
The root domain
is located at the top level of the domain name space. It
is
generally represented by a ".". The top-level domain generally represents a type of organization or country,
such as .net (network provider), .com (industrial and commercial enterprise), .org ( Organizations), .edu (educational institutions), .gov (government departments), .cn (Chinese national domain name)
second-level domains are
used to indicate a specific organization in the top-level domain. The second-level domain names under the national top-level domain are used by the national network Departments are managed uniformly, such as the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn, .edu.cn
subdomains
. All levels of domains created under the second-level domains are collectively called subdomains. Each organization or users can apply for free registration own domain
host
The host is located at the lowest level of the domain name space, which is a specific computer. For example, www and mail are specific computer names, which can be expressed by www.sina.com.cn. and mail.sina.com.cn. This way of expression Called FOpw (Fully Qualified Domain Name), which is also the full name of this host in the domain name

4. Type

DNS server type:
(1) Primary domain name server: responsible for maintaining all domain name information of a region, it is the authoritative information source of all specific information, and the data can be modified. When constructing the main domain name server, you need to create the address data file of the area in charge by yourself.
(2) Secondary domain name server: When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area.
(3) Cache domain name server: It only provides the cache function of domain name resolution results to improve query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server, puts it in the cache, and uses it to respond when querying the same information later. The cache domain name server is not an authoritative server, because all the information provided is indirect information. When constructing a cache domain name server, you must set the root domain or designate another DNS server as the source of resolution.
(4) Forwarding domain name server: responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache, and if it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns a result that cannot be mapped.

Two, BIND software

1 Overview

BIND (Berkeley Internet Name Daemon)
●BIND is the most widely used DNS service program
●Official website: https://www.isc.orgl

2. Related software packages

obind-9.9.4-37.el7.x86_64.rpmo
bind-utils-9.9.4-37.el7.x86_64.rpmo
bind-libs-9.9.4-37.el7.x86_64.rpmo
bind-chroot-9.9.4-37.el7.x86_64.rpm

3. BIND service

1. BIND server-side program
Main execution program: /usr/sbin/named
Default listening port: 53
Main configuration file /etc/named.conf
The data file that saves DNS resolution records is located in /var/named/
2. BIND service control
systemctl [ status[start|stop|restart] named.service

3. Example: Forward address resolution

1. Install the bind package

yum install -y bind

2. Configure forward analysis

(1) First check the path of the configuration file that needs to be modified
rpm -qc bind-query the path of the bind software configuration file
/etc/named.conf-main configuration file
/etc/named.rfc1912.zones-zone configuration file
/ var/named/ named. localhost-regional data configuration file

(2) modify the main configuration file
vim /etc/named.conf-edit the file

options { listen-on port 53 {192.168.221.40; };——Listen on port 53, the ip address uses the local IP that provides the service, and any can also be used to indicate all #listen-on-v6 port 53 {: :1; };— —Ipv6 line, if not used, you can comment out or delete the directory "/var/named"; —the default storage location of the regional data file dump-file"/var/named/data/cache_dump.db"; —the domain name cache database file The location of statistics-file "/var/named/data/named_stats.txt";-the location of the status statistics file memstatistics-file "/var/named/data/named_mem_stats.txt";-the location of the memory statistics file allow- query( any; ); —— The network segment allowed to use this DNS resolution service, and any can also be used to represent all... } zone "." IN{——forward resolution "." root zone type hint;——The type is root zone file "named.ca" ;——The zone data file is named.ca, which records the domain name and IP address of 13 root zone servers }; include “/etc/ named .rfc1912.zones”;——Include zone configuration All configurations in the file

(3) Modify the zone configuration file and add the forward zone configuration
vim /etc/named.rfc1912.zones-there is a template in the file, you can copy and paste and modify the
zone "kgc.com" IN{-forward analysis "benet. com" zone
type master;
-the type is the main zone file "kgc.com. zone";-the designated zone data file is kgc.com. zone
allow-update {none; };
};

(4) Configure the forward zone Data file
cd /var/named/
cp -p named.localhost benet.com. zone-to retain the permissions of the source file and copy the attributes of the owner

vim /var/ named/ benet.com.zone
$TTL 1D——The life cycle of valid resolution records
@IN SOA kgc.com. admin.kgc.com. (——The "@" symbol represents the current DNS zone name
20210223; serial——Update serial number, which can be an integer
1D within 10 digits ; refresh——Refresh time, the interval for re-downloading address data
1H; retry——Retry delay, the retry interval after download failure
1W; expire——
Expiration time, if you cannot download after this time, give up 3H); minimum——The life cycle of invalid resolution records
NS kgc.com.——Record the name of the DNS server of the current zone
A 192.168.221.40——Record the host IP address
INMX10 mail .benet.com.MX-is the mail exchange record, the higher the number, the lower the priority
wwwIN A 192.168.80.10-the forward analysis of the IP corresponding to
www.kgc.com mailIN A 192.168.80.11
ftp INCNAME www-CNAME Use an alias, ftp is the alias of www.
IN A 192.168.80.100-pan-domain name resolution, "*" represents any host name

#"@" here is a variable, the current DNS zone name
+ the update serial number in the SOA record is used for synchronization The area data of the master and slave servers, when the slave server judges that the area is updated, if the serial number in the master server is found to be the same as the serial number in the local area data, it will not be downloaded.
#"benet.com." This is a fully qualified domain name (FQDN), followed by a "." can’t be missed.
#"admin.benet.com." represents the administrator’s mailbox, where the "e" symbol has other meanings. So use "." instead

3. Restart named

systemctl start named-restart
nslookup www.kgc.com-view
vim /etc/resolv.conf-method one edit the dns address (this method does not need to restart the network card)
vim /etc/sysconfig/network-scripts/ifcfg-ens33 ——Method 2 Edit the dns address (this method needs to restart the network card)

vim /etc/resolv.conf interface

vim /etc/sysconfig/network-scripts/ifcfg-ens33 interface

4. Verification

host mail.kgc.com
host ftp.kgc.com
nslookup srs.kgc.com

5. Windows end verification

Modify the ipv address

Run cmd
host mail.kgc.com
host ftp.kgc.com
nslookup srs.kgc.com

Four, example: reverse address resolution

1. Install the bind package

yum install -y bind

2. Modify the configuration

(1) Modify the main configuration file
vim /etc/named.conf-edit the file

(2) Modify the zone configuration file and add the reverse zone configuration
vim /etc/named .rfc1912.zones-edit the file

(3) Reverse configuration Zone data file
cd /var/named/
cp -p named.localhost kgc.com.zone.local
vim /var/named/kgc.com.zone.local

3. Restart named

systemctl start named-restart
vim /etc/resolv.conf-method one edit the dns address (this method does not need to restart the network card)
vim /etc/sysconfig/network-scripts/ifcfg-ens33-method two edit the dns address (this method The method needs to restart the network card)

vim /etc/resolv.conf interface

vim /etc/sysconfig/network-scripts/ifcfg-ens33 interface

4. Verification

nslookup 192.168.221.100
nslookup 192.168.221.200

Five, example: master-slave configuration

Configure another virtual machine on the basis of positive and negative configuration

1. Install the bind package

2. Configuration file

vim /etc/named.conf

vim /etc/named.rfc1912.zones

systemctl restart named

3. Configure the verification of the positive and negative analysis virtual machine on the first machine

nslookup www.kgc.com
systemctl stop named
nslookup www.kgc.com