Detailed explanation of DNS domain name resolution service
1. Basics of BIND Domain Name Service
1. The role and type of DNS system
DNS definition: Domain Name System (Domain Name System), as a distributed database that maps domain names and IP addresses to each other, enabling people to access the Internet more conveniently.
DNS service uses TCP and UDP port 53.
TCP port 53 is used to connect to the DNS server.
UDP port 53 is used to resolve DNS. The
length of each domain name is limited to 63 characters. The total length of the domain name cannot exceed 253 characters.
1.1 domain name structure
http://www.baidu.com.cn. / Here a complete address corresponds to each domain as follows
: http://hostname.second-level domain.top-level domain root domain/
The top level of the tree structure is called the root domain, which is indicated by ".". The corresponding server is called the root server. The entire domain name space resolution power belongs to the root server, but the root server cannot bear the huge load. Some top-level domains are set up under the domain, and then different top-level domain resolution powers are respectively delegated to the corresponding top-level domain servers. For example, the resolution power of the com domain is delegated to the com domain server. Later, when the root server receives a domain name resolution request ending with com , Will be forwarded to the com domain server. For the same reason, in order to reduce the pressure of the top-level domain, a number of second-level domains are set up, and the second-level domains are also set up with third-level domains or hosts.
The root domain
is located at the top of the domain name space, and is generally represented by a ""." The
top-level domain
generally represents a type of organization or country, such as .net (network provider), .com (industrial and commercial enterprise), .org (Group organization), .edu (educational institution), .gov (government department), .cn (Chinese national domain name)
second-level domains are
used to indicate a specific organization in the top-level domain. Unified management by the network department, such as the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn, .edu.cn
Subdomains
All levels of domains created under the second-level domains are collectively referred to as subdomains. Each organization or user can freely apply for registration of their own domain names.
Host The
host is located at the lowest level of the domain name space, which is a specific computer
such as www and mail. The computer name can be represented by www.baidu.com.cn. and mail.baidu.com.cn. This method is called FQDN (Fully Qualified Domain Name), which is also the full name of the host in the domain name
Second, use BIND to build a domain name server
1. The role of the DNS system (forward and reverse)
1.1 Forward analysis
Find the corresponding IP address according to the domain name.
Our daily input of www.baidu.com is to query the corresponding IP address through the domain name for communication.
Enter baidu to find the IP address.
1.2 Detailed explanation of the specific experiment of forward analysis
First install bind through yum (if not mounted, you need to mount /dev/cdrom /mnt/ first)
Enter the main configuration file, change the listening ip to the IP address of the DNS server, and change the allowed access to any
Then enter the zone configuration file to configure
Configure the forward zone configuration file.
Do not modify the original configuration file, copy a copy and use it as a template, and then modify it. Note that you need to keep the original group of the file, so when you cp command, you need to add -p
and the file name is the previous zone configuration file. The file name you configured, rain.com.zone,
enter the copied configuration file and proceed as shown below Configuration Configured
here is the resolved IP address corresponding to the specific domain name hostname.
After the configuration is completed,
set the network card through the vim /etc/resolv.conf command
After the configuration is complete, check whether the forward resolution is successful through host and nslookup
1.3 Reverse analysis
Find the corresponding domain name based on the IP address
1.4 Detailed explanation of the specific experimental steps of reverse analysis
Add a reverse analysis based on the completion of the forward analysis
cd /etc/
directly change the zone configuration file. On the basis of the original forward, add a reverse analysis to
increase the reverse analysis. You need to remember the customized configuration file, because you need to copy it and create it later and change it. This customized profile.
Modify the copied configuration file here and change it to the reverse configuration.
Here, the 10 and 11 on the left represent the IP address, corresponding to the domain name on the right.
After the change is completed, restart the named service.
If the restart is successful, just verify it directly. As shown below
2. DNS server type
2.1 Servers under DNS
1. Primary domain name server:
responsible for maintaining all domain name information of an area, it is the authoritative information source of all specific information, and the data can be modified. When constructing the primary domain name server, you need to create the address data file of the area it is responsible for
. 2. Secondary domain name server:
When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area.
3. Cache domain name server: It
only provides the cache function of domain name resolution results to improve query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server, puts it in the cache, and uses it to respond when querying the same information later. The cache domain name server is not an authoritative server, because all the information provided is indirect information. When constructing a cache domain name server, you must set the root domain or designate other DNs servers as the source of resolution.
4. Forwarding domain name server:
responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache, and if it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns a result that cannot be mapped.
Steps to construct DNS domain name resolution server
2.2 Detailed explanation of the specific experimental steps of the DNS master-slave server
The main configuration file of the main server does not need to be modified
directly change the regional configuration file of the main server
Modify the master configuration file of the slave domain name server
Mount yum on the slave server and
then install bind with
yum yum install -y bind
Then configure vim /etc/named.conf to
modify the zone configuration file from the domain name server, and add the positive and negative zone configuration
Both the master and the slave restart the service and check whether the area data file is downloaded successfully
I failed to start the service here, and I saw that the specific reason was a spelling error
Enter the regional configuration file to find 26 lines, and found a spelling error
Correct and save, start again without error.
Then check in the slave server whether there is a data download file
ls -l /var/named/slaves/ command to check whether there is a file under slaves. The
total amount of 8 is correct.
Then add the address in the network card of the master and slave server
After entering, add the ip addresses of both parties to the master and slave server, as shown in the figure below:
Restart the service again,
systemctl restart named,
no error is reported,
disconnect the master server, and test whether the slave server replaces it.
Switch to the main server and
enter: systemctl stop named.service this command
Disconnect the master server, and check from the slave server at this time to see if the slave server takes over work
Through nslookup www.rain.com to monitor the
discovery of the slave server, download the analysis service from the master server, and replace the master server. The experiment was successful.
3. DNS separation and detailed experimental procedures
The gateway server is a DNS server.
For the same DNS server,
intranet users access a DNS service, which resolves to an intranet IP (for example, 192.168.100.100)
. Extranet users access a host in the intranet, DNS resolution As an IP address of an external network (for example, 12.0.0.100)
, the DNS server will resolve the same domain name into different IP addresses according to the accessing users of different network segments. This is separate resolution.
Experiment: Set up separate DNS resolution on the gateway server, so that the local network host resolves www.rain.com to 192.168.40.200, and the external network host resolves www.rain.com to 12.0.0.1
1. Configure dual network cards for the gateway server
and then turn it off. Add a network card
and reboot after adding it.
Configure the network card:
(1). Through ip addr we can see that ens36 needs to be configured.
(2) Copy the network card of ens33, rename it to ens36, and enter to modify the configuration.
(3) Modify the configuration of the ens36 network card
as shown in the figure below. I deleted it
and then performed ifconfig, and found that ens36 was already configured.
2. Install the bind package.
If it is not mounted, you need to mount it first.
3. Modify the main configuration file.
Here you need to cut out the beginning of zone, otherwise an error will be reported when the named service is enabled later
4. Modify the area configuration file.
Enter the area configuration file and modify the configuration
. Please pay attention to the format here! ! ! Please standardize! ! !
1. All kinds of spaces must be added;
2. The spaces in the {} must not be omitted;
3. ";" cannot be missing,
otherwise it will be a variety of errors~! The manager of blood and tears in exchange
The zone "." has 4 lines, please put it in the {} of view "lan", otherwise an error must be reported!
5. Modify the zone configuration file.
Don't modify the original configuration file. Just copy a copy and modify the configuration. Modify the
lan zone configuration.
For the internal network, the DNS resolution ip is 40.100
wq save and exit,
and then configure the wan zone
first Create a configuration file
Modify it again
The configuration is complete here
6. Start the service
7. Add the DNS server address
to the domain name resolution configuration file of the client on the internal and external networks . Intranet: Configure the DNS service address on this computer
. Enter the configuration, and save and exit.
External network:
Configure on the external network client:
8. Test result
Intranet test: It
can be seen that when accessing www.rain.com through the intranet, the IP address is: 192.168.40.100
meets the expected result!
External network test:
When accessing www.rain.com through the external network test, the IP address resolved by DNS is 12.0.0.100, which
meets the expected result
Three, part of the error set during the operation
named service failed to start
There are other errors, so I won't list them one by one. The above errors tell us that we must be careful and develop format specifications when configuring files, otherwise it will take a lot of time to look back for error logs later.