Linux: Overview of DNS Domain Name System and Forward Analysis Experiment
1. DNS—Domain Name System
1. DNS definition: DNS is the English abbreviation of "Domain Name System". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet.
2. DNS port: DNS service uses TCP and UDP port 53, TCP port 53 is used to connect to the DNS server, and UDP port 53 is used to resolve DNS.
3. DNS domain name length restriction: each level of domain name length is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.
4. DNS function: forward resolution: find the corresponding IP address according to the domain name; reverse resolution: according to IP address lookup corresponding domain name
Second, the domain name structure of DNS
(1) The structure of the DNS system is a distributed data structure
1. Root domain: located at the top level of the tree structure, represented by "."
2. Top domain: generally represents a type of organization or country;
such as .net (network provider), .com (business enterprise), .org (group organization), .edu (educational structure), .gov (government department), .cn (Chinese national domain name)
3. Second-level domain: used to indicate a specific organization in the top-level domain, and below the national top-level domain The second-level domain names are managed uniformly by the national department.
4. Subdomains: The domains at all levels created under the second-level domains are collectively called subdomains. Each organization or user can freely apply for registration of their own domain names
. It is a specific computer.
There is a many-to-one relationship between a domain name and an IP address. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address.
Three, DNS server type
1. Primary domain name server : responsible for maintaining all domain name information of an area, it is the authoritative information source of all specific information, and the data can be modified. When constructing the master domain name server, you need to create the address data file of the area in which it is responsible.
2. The slave domain name server : When the master domain name server fails, shuts down or is overloaded, the slave domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When building the domain name server from the need to specify the position of the primary domain name server so that the server can automatically synchronize the address database area
3, the cache name server: only DNS result caching features aimed at improving the search speed and efficiency, but there is no domain database
it Obtain the result of each domain name server query from a remote server and put it in the cache, and use it to respond to the same information in the future. The cache domain name server is not an authoritative server, because all the information provided is indirect information. When constructing a cache domain name server, you must set the root domain or designate another DNS server as the source of resolution.
4. Forwarding domain name server: responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache, and if it is not found, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns a result that cannot be mapped
Fourth, configure DNS domain name resolution server steps
1. Install the bind package
yum -y install bind2. First check the path of the configuration file that needs to be modified
rpm -qc bind //查询bind软件配置文件所在路径
/etc/named.conf //主配置文件
/etc/named/rfc1912.zonrs //区域配置文件
/var/named/named.localhost //区域数据配置文件
3. Modify the main configuration file
vim /etc/named.conf
options {
listen-on-v6 poet 53 {
192.168.71.20; }; //监听53端口,IP地址使用提供服务的本地IP,也可用any代表所有
# listen-on-v6 port 53 { : :1; }; //ipv6行如不使用可以注释掉或者删除
directory "/var/named"; //区域数据文件的默认存放位 置
dump- file "/var/ named/data/cache_ dump . db"; //域名缓存数据库文件的位置
statistics-file "/var/named/data/named stats.txt"; //状态统计文件的位置
memstatistics-file "/var/named/data/named_ mem_ stats. txt"; //内存统计文件的位置
allow-query {
any; }; //允许使用本DNS解析服务的网段,也可用any代表所有
zone "." IN {
//正向解析“. "根区域
type hint; //类型为根区域
file "named.ca"; //区域数据文件为named.ca,记录了13台根域服务器的域名和IP地址等信息
};
4. Modify the zone configuration file and add the forward zone configuration
vim /etc/named.rfc1912.zone //可在文件里有模版,可复制粘贴后修改
zone "gg.com" IN {
//正向解析"lic.com"区域
type master; //类型为主区域
file "gg.com.zone"; ///指定区域数据文件为lic. com. zone
allow-update {
none; };
};
5. Configure the forward zone data file
cd /var/named/
cp -p named.localhost gg.com.zone //保留源文件的权限和属主的属性复制
vim /var/named/gg.com.zone
TTL 1D
@ IN SOA gg.com. admin.gg.com. ( //记录当前区域的DNS服务器的名称 @表示当前域名
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS gg.com //记录当前要配置的域名
A 192.168.71.20 //DNS服务器IP地址
AAAA ::1 //ipv6地址可以删除
www IN A 192.168.71.10 //记录正向解析www.benet.com对应的IP
ftp IN CNAME www //CNAME使用别名,ftp是www的别名
mail IN A 192.168.71.30
* IN A 192.168.71.40 //泛域名解析,“*"代表任意主机名
6. Start the service and turn off the firewall
systemctl start named
systemctl stop firewalld
setenforce 0
tail -f /var/log/ messages //如果服务启动失败,可以查看日志文件来排查错误7. Add the DNS server address in the client's domain name resolution configuration file
vi /etc/resolv.conf //修改完后立即生效
nameserver 192.168.71.20
vi /etc/ sysconfig/network- scripts/ ifcfg-ens33 //修改完后需要重启网卡
DNS1=192.168.71.20
systemctl restart network
8. Test DNS resolution
host www.gg.com
nslookup www.gg.com