Deploy DNS server

Deploy DNS server

foreword

    Domain Name System (English: Domain Name System, abbreviation: DNS) is a service of the Internet. It acts as a distributed database that maps domain names and IP addresses to each other, making it easier for people to access the Internet. DNS uses TCP and UDP port 53. Currently, the limit on the length of each domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters.

Deploy DNS server

centos system configuration

turn off firewall

# systemctl stop firewalld -- temporarily close the firewall

# systemctl disable firewalld -- Permanently turn off the firewall

close selinux

Temporarily closed:

# setenforce 0

Permanently close:

# vim  /etc/selinux/config

   SELINUX=disabled -- change enforcing to disabled

 

# reboot -- reboot the system to take effect permanently

install BIND

    BIND is open source software that allows you to publish your Domain Name System (DNS) information on the Internet and resolve DNS queries for your users. The name BIND stands for "Berkeley Internet Name Domain" because the software originated at the University of California, Berkeley, in the early 1980s.

    BIND is by far the most widely used DNS software on the Internet, providing a robust and stable platform on which organizations can build distributed computing systems knowing that they are fully compliant with published DNS standards.

Start DNS service

yum -y  install bind*

# systemctl startnamed.service --Start DNS service

# systemctl enable named.service -- set to boot

# netstat -anlp | grep named -- view the listening port as 53

 

Configuring BIND Software

Modify the configuration file of the DNS service

Modify /etc/named.conf 

options {

        listen-on port 53 { 192.168.74.84; };  

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };   

 

    In red place 1, change 127.0.0.1 to the local IP: 192.168.74.82; in red place 2, change localhost to any. Otherwise, servers other than this machine cannot use DNS service. If so, our DNS would be meaningless.

 

Add forward parsing function

1) Modify /etc/named.rfc1912.zones and write the following information to the /etc/named.rfc1912.zones file

zone "test.com" IN {

        type master;

        file "data/test.com.zone";

};

 

2) Create a new /var/named/data/test.com.zone file

$TTL 1D       

@ IN SOA dns.test.com. dns.www.test.com. †

                                        20180224     ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H)    ; minimum

@ IN NS dns.test.com.

dns.test.com.           IN      A      192.168.74.42

@                       IN      MX 10  mail.www.test.com.

mail.www.test.com.      IN     A       192.168.74.64

www.test.com.           IN      A      192.168.74.82

ftp.test.com.           IN      A      192.168.74.31

     

Add reverse parsing function

1) Modify /etc/named.rfc1912.zones and write the following information to the /etc/named.rfc1912.zones file

zone "74.168.192.in-addr.arpa" IN{    

       type master;

       file "data/192.168.74.zone";    

};

 

2) Create a new /var/named/data/192.168.74.zone file with the following contents

$TTL 1D

@ IN SOA dns.test.com. dns.www.test.com. †

                                        20180224      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ;expire

                                        3H)    ; minimum

@ IN NS dns.test.com.

88              IN      PTR       dns.test.com.

@               IN      MX 10     mail.www.test.com.

4               IN      PTR       mail.www.test.com.

82              IN      PTR       www.test.com.

3               IN      PTR       ftp.test.com.

test

# systemctl startnamed.service --Start DNS service

# systemctl enable named.service -- set to boot

# netstat -anlp | grep named -- view the listening port as 53

 

you www.test.com

[root@localhost ~]# dig  www.test.com

 

; <<>> DiG9.9.4-RedHat-9.9.4-29.el7 <<>> www.test.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 49025

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.test.com.                   IN   A

 

;; ANSWER SECTION:

www.test.com.             86400  IN   A    192.168.74.82

 

;; AUTHORITY SECTION:

test.com. 86400 IN NS dns.test.com.

 

;; ADDITIONAL SECTION:

dns.test.com.         86400  IN   A    192.168.8.88

 

;; Query time: 1 msec

;; SERVER: 192.168.74.84#53(192.168.74.84)

;; WHEN: Sun Apr 22 16:40:55CST 2018

;; MSG SIZE rcvd: 91

 

The above output has two key points. One is that the question query is the A (Address) parameter of www.test.com, and the IP parameter we need is obtained from the answer (Answer). The Server project in the last paragraph is very important! You have to see if the DNS server IP is the same as your settings! Taking the above output as an example, we can see that the DNS server IP is 192.168.74.84.

nslookup  192.168.74.82

Server:              192.168.74.84

Address:     192.168.74.84#53

 

82.74.168.192.in-addr.arpa   name = www.test.com.

References

[1].http://dns-learning.twnic.net.tw/bind/intro3.html

[2].https://zh.wikipedia.org/wiki/%E5%9F%9F%E5%90%8D%E7%B3%BB%E7%BB%9F

[3]. http://www.isc.org/downloads/bind/