Deploy DNS server
foreword
Domain Name System (English: Domain Name System, abbreviation: DNS) is a service of the Internet. It acts as a distributed database that maps domain names and IP addresses to each other, making it easier for people to access the Internet. DNS uses TCP and UDP port 53. Currently, the limit on the length of each domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters.
Deploy DNS server
centos system configuration
turn off firewall
# systemctl stop firewalld -- temporarily close the firewall
# systemctl disable firewalld -- Permanently turn off the firewall
close selinux
Temporarily closed:
# setenforce 0
Permanently close:
# vim /etc/selinux/config
SELINUX=disabled -- change enforcing to disabled
# reboot -- reboot the system to take effect permanently
install BIND
BIND is open source software that allows you to publish your Domain Name System (DNS) information on the Internet and resolve DNS queries for your users. The name BIND stands for "Berkeley Internet Name Domain" because the software originated at the University of California, Berkeley, in the early 1980s.
BIND is by far the most widely used DNS software on the Internet, providing a robust and stable platform on which organizations can build distributed computing systems knowing that they are fully compliant with published DNS standards.
Start DNS service
yum -y install bind*
# systemctl startnamed.service --Start DNS service
# systemctl enable named.service -- set to boot
# netstat -anlp | grep named -- view the listening port as 53
Configuring BIND Software
Modify the configuration file of the DNS service
Modify /etc/named.conf
options {
listen-on port 53 { 192.168.74.84; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
In red place 1, change 127.0.0.1 to the local IP: 192.168.74.82; in red place 2, change localhost to any. Otherwise, servers other than this machine cannot use DNS service. If so, our DNS would be meaningless.
Add forward parsing function
1) Modify /etc/named.rfc1912.zones and write the following information to the /etc/named.rfc1912.zones file
zone "test.com" IN {
type master;
file "data/test.com.zone";
};
2) Create a new /var/named/data/test.com.zone file
$TTL 1D
@ IN SOA dns.test.com. dns.www.test.com. †
20180224 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
@ IN NS dns.test.com.
dns.test.com. IN A 192.168.74.42
@ IN MX 10 mail.www.test.com.
mail.www.test.com. IN A 192.168.74.64
www.test.com. IN A 192.168.74.82
ftp.test.com. IN A 192.168.74.31
Add reverse parsing function
1) Modify /etc/named.rfc1912.zones and write the following information to the /etc/named.rfc1912.zones file
zone "74.168.192.in-addr.arpa" IN{
type master;
file "data/192.168.74.zone";
};
2) Create a new /var/named/data/192.168.74.zone file with the following contents
$TTL 1D
@ IN SOA dns.test.com. dns.www.test.com. †
20180224 ; serial
1D ; refresh
1H ; retry
1W ;expire
3H) ; minimum
@ IN NS dns.test.com.
88 IN PTR dns.test.com.
@ IN MX 10 mail.www.test.com.
4 IN PTR mail.www.test.com.
82 IN PTR www.test.com.
3 IN PTR ftp.test.com.
test
# systemctl startnamed.service --Start DNS service
# systemctl enable named.service -- set to boot
# netstat -anlp | grep named -- view the listening port as 53
you www.test.com
[root@localhost ~]# dig www.test.com
; <<>> DiG9.9.4-RedHat-9.9.4-29.el7 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 49025
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com. IN A
;; ANSWER SECTION:
www.test.com. 86400 IN A 192.168.74.82
;; AUTHORITY SECTION:
test.com. 86400 IN NS dns.test.com.
;; ADDITIONAL SECTION:
dns.test.com. 86400 IN A 192.168.8.88
;; Query time: 1 msec
;; SERVER: 192.168.74.84#53(192.168.74.84)
;; WHEN: Sun Apr 22 16:40:55CST 2018
;; MSG SIZE rcvd: 91
The above output has two key points. One is that the question query is the A (Address) parameter of www.test.com, and the IP parameter we need is obtained from the answer (Answer). The Server project in the last paragraph is very important! You have to see if the DNS server IP is the same as your settings! Taking the above output as an example, we can see that the DNS server IP is 192.168.74.84.
nslookup 192.168.74.82
Server: 192.168.74.84
Address: 192.168.74.84#53
82.74.168.192.in-addr.arpa name = www.test.com.
References
[1].http://dns-learning.twnic.net.tw/bind/intro3.html
[2].https://zh.wikipedia.org/wiki/%E5%9F%9F%E5%90%8D%E7%B3%BB%E7%BB%9F
[3]. http://www.isc.org/downloads/bind/