DNS domain name resolution service
Article Directory
- DNS domain name resolution service
-
- 1. The role of the DNS system
- 2. Steps to construct DNS domain name resolution server
-
- 1. Turn off the firewall
- 2. Install the bind package
- 3. Configure forward analysis
-
- (1) First check the path of the configuration file that needs to be modified
- (2) Modify the main configuration file
- (3) Modify the zone configuration file and add the forward zone configuration
- (4) Configure the forward zone data file
- (5) Start the service and turn off the firewall
- (6) Add the DNS server address in the client's domain name resolution configuration file
- (7) Test DNS resolution
- 4. Use virtual machine win10 for domain name resolution
- Fourth, configure reverse analysis
1. The role of the DNS system
- Forward resolution: Find the corresponding IP address based on the domain name
- Reverse resolution: Find the corresponding domain name based on the IP address
- Distributed data structure of DNS system (www.sina.com.cn.)
1. Domain name structure
http://www.sina.com.cn./
http://hostname.second-level domain.top-level domain.root domain/
The top level of the tree structure is called the root domain, which is indicated by ".". The corresponding server is called the root server. The entire domain name space resolution power belongs to the root server, but the root server cannot bear the huge load. Some top-level domains are set up under the domain, and then different top-level domain resolution powers are respectively delegated to the corresponding top-level domain servers. For example, the resolution power of the com domain is delegated to the com domain server. Later, when the root server receives a domain name resolution request ending with com , Will be forwarded to the com domain server. For the same reason, in order to reduce the pressure of the top-level domain, the parent has set up a number of second-level domains, and the second-level domain has set up a third-level domain or host.
- The root domain
is at the top of the domain name space and is generally represented by a ".". - Top-level domains
generally represent a type of organization or country,
such as .net (network provider), .com (business enterprise), .org (group organization), .edu (educational institution), .gov (government department) , .Cn (Chinese national domain name). - The second-level domain is
used to indicate a specific organization in the top-level domain. The second-level domain names under the national top-level domain are managed by the national network department. For example, the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn , .Edu.cn. - Subdomains The domains
at all levels created under the second-level domains are collectively referred to as subdomains. Each organization or user can freely apply for registration of their own domain names. - Host The
host is located at the lowest level of the domain name space. It is a specific computer. For
example, www and mail are specific computer names, which can be represented by www.sina.com.cn. and mail.sina.com.cn. The method is called FQDN (Fully Qualified Domain Name), which is also the full name of this host in the domain name.
In daily life, people are accustomed to using city names to access servers, but machines only recognize each other's IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to one domain name, and one domain name can only correspond For an IP address, the conversion between them is called domain name resolution. Domain name resolution needs to be completed by a dedicated domain name resolution server, and the whole process is carried out automatically.
2. Definition of DNS
DNS is the English abbreviation of "Domain Name System". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet. **DNS service uses TCP and UDP port 53, TCP port 53 is used to connect to the DNS server, and UDP port 53 is used to resolve DNs. **The length of each domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.
There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address.
3.DNS server type
(1) The main domain name server; responsible for maintaining all domain name information in an area, is the authoritative information source for all specific information, and the data can be modified. When constructing the main domain name server, you need to create the address data file of the area in charge by yourself.
(2) Secondary domain name server: When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area.
(3) Cache domain name server: only provides the cache function of domain name resolution results, the purpose is to improve the query speed and efficiency, but there is no city name database. All the information it obtains from a remote server is indirect information. When constructing a cache domain name server, you must set the root domain or designate another DNS server as the source of resolution.
(4) Forwarding domain name server: Responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache, and if it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns a result that cannot be mapped.
The following figure shows the relevant attributes in the Windows system. The primary DNS server is the primary domain name server, and the secondary DNS server is the secondary domain name server.
2. Steps to construct DNS domain name resolution server
1. Turn off the firewall
setenforce 0 is to temporarily turn off the firewall. Next, we will use the vi editor to edit selinux to permanently turn off the firewall.
The firewall can be permanently closed by changing the parameters after SELINUX. The following figure is typo, the original default is enforcing, and it is changed to disabled to permanently turn off the firewall.
2. Install the bind package
yum install -y bind
The installation is complete
3. Configure forward analysis
(1) First check the path of the configuration file that needs to be modified
rpm -qc bind #查询bind软件配置文件所在路径
/etc/named.conf #主配置文件
/etc/named.rfc1912.zones #区域配置文件
/var/named/named.localhost #区域数据配置文件
(2) Modify the main configuration file
vim /etc/named.conf
options {
listen-on port 53 { 192.168.80.10; }; #监听53端口,ip地址使用提供服务的本地IP,也可用any表示所有
#######listen-on-v6 port 53 { : : 1; }; #ipv6行如不使用可以注释掉或者删除
directory "/var/named"; #区域数据文件的默认存放位置
dump-file "/var/named/data/cache_dump.db"; #域名缓存数据库文件的位置
statistics-file "/var/named/data/named_stats.txt"; #状态统计文件的位置
memstatistics-file "/var/named/data/named_mem_stats.txt"; #内存统计文件的位置
allow-query { 192.168.80.0/24; 172.16.100.0/24; }; #允许使用本DNS解析服务的网段,也可用any代表所有
......
}
zone "." IN { #正向解析"."根区域
type hint; #类型为根区域
file "named.ca"; #区域数据文件为named.ca,记录了13台根域服务器的域名和IP地址等信息
};
include "/etc/named.rfc1912.zones"; #包含区域配置文件里的所有配置
Enter the editor through vim /etc/named.conf and use the ip address of the virtual machine as the DNS resolution server address.
(3) Modify the zone configuration file and add the forward zone configuration
vim /etc/named.rfc1912.zones #可在文件里有模版, 可复制粘贴后修改
zone "benet.com" IN { #正向解析"benet.com"区域
type master; #类型为主区域
file "benet.com.zone"; #指定区域数据文件为benet.com.zone
allow-update { none; };
};
Enter the editing interface through vim /etc/named.rfc1912.zones. After the modification is completed, enter: wq to save (Note: Copy and paste are done in command mode.)
(4) Configure the forward zone data file
cd /var/named/
cp -p named.localhost benet.com.zone #保留源文件的权限和属主的属性复制
vim /var/named/benet.com.zone
$TTL 1D #设置缓存解析结果的有效时间,就是一条域名解析记录在DNS服务器中的存留时间为1天
@ IN SOA benet.com. admin.benet.com. (
0 ;serial
1D ;refresh 1H ;retry
1W ;expire
3H ) ;minimum
NS benet.com. #记录当前区域的DNS服务器的名称
A 192.168.80.10 #记录主机IP地址
IN MX 10 mail.benet.com. #MX为邮件交换记录,数字越大优先级越低
www IN A 192.168.80.10 #记录正向解析www.benet.com对应的IP
mail IN A 192.168.80.11
ftp IN CNAME www #CNAME使用别名,ftp是www的别名
* IN A 192.168.80.100 #泛域名解析,"*"代表任意主机名
#"@"这里是一个变量,当前DNS区域名
#SOA标记用于同步主从服务器的区域数据,如更新序列号相同则不会更新
#"benet.com."此为完全合格域名(FQDN),后面有个"."不能漏掉
"#"admin.benet.com."表示管理员邮箱,这里的"@"是变量,所以用"."代替
Keep the original file attributes, copy the original zone data configuration file to baidu.com.zone
First use vim baidu.com.zone to enter the editing page
(5) Start the service and turn off the firewall
systemctl start named
systemctl stop firewalld
setenforce 0
#如果服务启动失败,可以查看日志文件来排查错误
tail -f /var/log/messages
#如果服务启动卡住,可以执行下面命令解决
rndc-confgen -r /dev/urandom -a
(6) Add the DNS server address in the client's domain name resolution configuration file
vi /etc/resolv.conf
nameserver 192.168.80.10
或
vi /etc/sysconfig/network-scripts/ifcfg-ens33 #修改完后需要重启网卡
DNS1=192.168.80.10
systemctl restart network
(7) Test DNS resolution
host www.benet.com
nslookup www.benet.com
4. Use virtual machine win10 for domain name resolution
1. The two virtual machines need to be in the same network. Open the virtual machine win10 to check whether the network adapter in the lower right corner and the virtual machine CentOS7 are using NAT
2. Change the IPv4 address of the virtual machine win10 to make it in the same network segment as the domain name server in the virtual machine CentOS7
3. Double-click IPv4 to select the following IP address, change the corresponding parameters and click OK
4. Because the ip address of the virtual machine win10 has been changed, its Ethernet interface needs to be restarted to ensure that the configuration has been updated
5. Enter the command prompt interface of the virtual machine win10 to verify DNS resolution
Fourth, configure reverse analysis
(1) Modify the zone configuration file and add the reverse zone configuration
vim /etc/named.rfc1912.zones #文件里有模版,可复制粘贴后修改
zone "80.168.192.in-addr.arpa" IN { #反向解析的地址倒过来写,代表解析192.168.80段的地址
type master;
file "benet.com.zone.local"; #指定区域数据文件为benet.com. zone.local
allow-update ( none; );
};
Enter the zone configuration file editing interface through vim /etc/named.rfc1912.zones
(2) Configure the reverse zone data file
cd /var/named/
cp -p named.localhost benet.com.zone.local
vim /var/named/benet.com.zone.local
$TTL 1D
@ IN SOA benet.com. admin.benet.com. ( #这里的“@"代表192.168.80段地址
........
NS benet.com.
А 192.168.80.10
10 IN PTR www.benet.com.
11 IN PTR mail.benet.com. #PTR为反向指针,反向解析192.168.80.200地址结果为www.nemet.com.
Enter the reverse analysis zone data configuration file for editing
(3) Restart the service for testing
systemctl restart named #编辑过后重启named
host 192.168.80.200 #反向解析测试
nslookup 192.168.80.200 #反向解析测试
Edit the domain name server IP address through vim /etc/resolv.conf, the change will take effect immediately, without restarting the network card
