1. What is DNS service
DNS (Domain Name Server, domain name server) is a server that converts a domain name (domainname) and its corresponding IP address (IP address). A table of domain names and corresponding IP addresses (IP addresses) is stored in DNS to resolve the domain names of messages. A domain name is the name of a computer or computer group on the Internet. It is used to identify the computer's electronic location (sometimes also referred to as geographic location) during data transmission. A domain name is composed of a series of names separated by dots. It usually contains the name of the organization and always includes a two to three letter suffix to indicate the type of organization or the country or region in which the domain is located.
DNS is the abbreviation of Computer Domain Name System (Domain Name System or Domain Name Service), which is composed of domain name resolver and domain name server . It refers to a domain name server which stores all the network host domain names and corresponding IP addresses and domain names having the IP address converting function server . The domain name must correspond to an IP address, an IP address can have multiple domain names, and an IP address does not necessarily have a domain name. The domain name system adopts a hierarchical structure similar to a directory tree. The domain name server is usually the server side in the client/server model, and it has two main forms: the main server and the forwarding server . The process of mapping a domain name to an IP address is called " domain name resolution ."
2. Why do we need DNS service
First of all, let me ask you, when you usually go online, do you use an IP address or a domain name to access the website? Everyone will generally answer the domain name, because the domain name is easier to remember than the IP address. But do you know? The final access to the server requires an IP address, so how can the domain name entered by the user be resolved into an IP address? That is the role of the DNS server! Today we will learn how to build and manage DNS server in Windows Server 2012 server.
In the early days, the Hosts file was used to resolve domain names. Its disadvantages are: 1) Duplicate host names. 2) The host is difficult to maintain.
Three, domain name overview
1.FQDN
FQDN (full qualified domain name/full qualified domain name) = host name + domain name
For example: abc.com, under this domain name, there is a host called web that is maintaining and updating the web site, and its FQDN is web.abc.com. From the information contained in the full name of the domain name, it can be seen that the host is in The position in the domain name tree.
2. Hierarchical structure of domain names
The domain name space adopts a hierarchical structure:
The first level: the root domain (root) the
second level: the top-level domain (organizational domain)
Country or region
The third layer: secondary domain
The fourth level: three-level domain
Four, DNS query method
ØClassification from query method
n Recursive query
The client can only get the result of success or failure
n Iterative query
The DNS server will return the correct address if the client requests data
The DNS server returns a pointer if no data is requested
n Press the pointer to continue the query
Ø Classification from query content
n Forward query: Find IP address by domain name
n Reverse query: find domain name by IP address
For example: a client of the company wants to access a WEB server with the domain name www.benet.com on the external network, and the whole process of DNS resolution is:
(1) The client sends the information for querying www.benet.com to its preferred DNS server.
(2) The preferred DNS server of the DNS client checks the zone database (cache). If the server does not find the IP address of the benet.com domain, it will pass the query information to the root domain DNS server and request the resolution of the host name.
(3) The root domain DNS server returns the IP address of the DNS server responsible for resolving the "com" top-level domain to the preferred DNS server of the DNS client.
(4) The preferred DNS server sends the request to the DNS server responsible for the "com" domain.
(5) The server responsible for the "com" domain returns the IP address of the DNS server responsible for the "benet.com" domain to the preferred DNS server according to the request.
(6) The preferred DNS server sends a request to the DNS server responsible for the "benet.com" zone.
(7) When the server finds the record of www.benet.com, it will return the IP address of www.benet.com to the preferred DNS server
(8) The client's preferred DNS server sends the IP address of www.benet.com to the client.
(9) After the domain name is resolved successfully, the DNS server will add the obtained IP address to the cache, and the client will send the http request to the Web server.
(10) The Web server responds to the client's access request, and the client can access the target host.
Five, DNS zone type
6. Installation and configuration of DNS service
Experimental topology
The experiment uses the VBox virtual machine to simulate the DNS server and the client, and the internal network connection between the virtual machines is used. Win2012-1 and Win2012-2 are used to simulate the DNS1 and DNS2 servers, and Win2012-3 is used to simulate the client.
1. Service installation
Manually configure the ip address
In the Add Roles and Features Wizard, check the DNS server in the next step until the server role
Continue to the next step until the installation is successful
Find DNS in the tool in the lower right corner, the following figure is the configuration interface, and the installation is over
2. DNS service configuration
2.1, forward search area
Create a forward lookup zone
After the window pops up, select the type of area in the next step, and check the main area
Area name (decide by yourself, remember to add .com), the next step
Create a new file, the next step
Dynamic updates are not allowed, the next step
carry out
New host
server is the host name, establish FQDN: server.DNS1.com, bind the address of the DNS server (to create a pointer PTR record, you need to create a direction lookup zone first)
New alias
Custom alias, select the target host (you can check it in the browse)
New mail exchange
The resource record established on the right side of the figure above is a standard structural unit in the DNS database, which contains information used to process DNS queries.
Record type |
Description |
A |
Resolve hostname to IP address |
PTR |
Resolve IP address to host name |
SOA |
The first record in each zone file |
SRV |
Resolve the name of the server that provides the service |
NS |
Identify the DNS server for each zone |
MX |
Mail Server |
CNAME |
Resolve one hostname to another |
Open the CMD interface and enter nslookup mode
In this way, we can access the server on the client through the domain name server.dns1.com
2.2. Reverse query area
Establish a reverse lookup zone for DNS1
After the pop-up window, the next step is to select the main area, the next step
Ipv4 direction to find the area, the next step
DNS server address, next step
Create new file
Dynamic updates are not allowed
carry out
New pointer
In this way, we can use the IP address to access the domain name of server.dns1.com on the client computer. So far, the simple DNS configuration is complete. The following content can be viewed as needed
2.3 Dynamic update
Dynamic update refers to the process in which DNS clients dynamically establish, register, and update their own resource records in the zone maintained by the DNS server. The DNS server can receive and process these dynamically updated messages.
TCP/IP configuration of DNS client
(keep it as default)
The computer name and primary DNS suffix of the DNS client
Computer name of DNS server
Test: DNS client changes IP
Check on DNS server
2.5, auxiliary area
Ø The purpose of the auxiliary zone: place multiple DNS servers to prevent DNS failures
Ø The auxiliary area regularly copies resource records from the main area, so that the administrator does not need to repeatedly modify records on multiple servers
Ø The auxiliary area is only a read-only copy of the main area, and it does not record the changes of the host names in the domain.
DNS2
Configure static IP address
Install DNS service
Open the configuration interface and create a new auxiliary area
The name is the same as that of DNS1
IP address of the primary DNS server
carry out
Go back to the main service, right click DNS1.com properties
Add the IP address of the secondary server in the zone transfer
Add the IP address of the secondary server in the zone transfer
Go back to DNS2, right-click DNS1.com and select Transfer from the main server and refresh it (the green icon above)
ØConditions for regional transmission:
1. When the DNS service of the secondary server starts, or the refresh interval of the secondary zone (the default is 15 minutes in the SOA resource record) expires, it will actively request updates from the primary server.
2. When its primary server notifies the secondary server of the zone change.
3. When the DNS server service is started on the secondary server of the zone.
4. When using the DNS console to manually start the zone transfer on the secondary server of the zone, right-click the secondary zone and select the "Transfer from Primary Server" command from the pop-up shortcut menu.
2.5, child area
} What is a subdomain? DNS has a lower level zone
} Important: The records of the subdomain are placed on the same server
DNS1
Create a new domain under the original domain
New resource record for subdomain
test
2.6, DNS delegation
Delegation refers to the process of assigning the management rights of a certain subdomain in the DNS namespace to another DNS server by adding records to the DNS database.
The administrator of "nwtraders.com" in the namespace delegates the management of the subdomain "training.nwtraders.com" to another DNS server, thereby removing the management responsibility for this subdomain
"Training.nwtraders.com" now has its own administrator and DNS server to resolve name queries
Create a new main zone in DNS2, pay attention to the domain name
carry out
carry out
Go back to DNS1 and create a new resource record (IP address of DNS2)
New delegation
The delegated domain name should be the same as DNS2
Add the FQDN address to be delegated
carry out
Test (the resource record created in DNS1 will be resolved by DNS2)
2.7, stub records
Stub area (not recommended)
Ø The purpose of the stub area is to avoid iterative queries
Ø The repeater (introduced later) can also achieve similar functions
Ø It is similar to delegation, but the domain name of the stub area does not need to be continuous, and the delegation must be continuous
Create a new primary zone xyz.com in DNS1, and create a resource record address that points to DNS2
Create a stub zone in DNS2
Area name
Point to the IP address of the primary DNS server
carry out
Set zone transfer in DNS1 master server
Back to DNS2, right-click xyz.com and select Refresh after transferring from the main server (you can restart the DNS manager)
carry out
Client test
2.8, transponder
Right-click the DNS server and select properties
Configure the forwarder on the server
² Forward all requests that cannot be resolved by this DNS to other DNS
² It is strongly recommended that the DNS server of the enterprise point the forwarder to the DNS of the local ISP
New conditional forwarder in the main server
Forward the request of the specified domain name and confirm directly
Forward the request of 123.com to DNS2
Create a new primary domain of 123.com in DNS2
New resource record
Client test
DHCP server dynamically updates to register and update resource records
Configuration on the DHCP server
Test on the DHCP client (after the client opens the dynamic IP address, the DNS server will update the resource record)
2.10, dimension memory buffer
It means that there is no DNS domain on the DNS server but only the forwarder is set up
2.11 The initial authority
2.12, name server
3. Check the DNS server
4. Clean up expired records