bind is the de facto standard for nameservers. Install under centos 7:
yum install -y bind systemctl enable named
bind has two more components
bind-chroot: Change the running root directory of bind to improve security
bind-utils : provides several tools dig, nsloopg, host, nsupdate, nsupdate
configure
By default, the entry configuration of bind is /etc/named.conf
The file contains the following configuration
options :{} specifies the named running directory, safe
logging: {} log
zone: {} domain name configuration
basic configuration
#/etc/named.conf options { directory "var/named"; recursion yes; }; zone "my.com" { type master; file "my.com.zone"; }; zone "cname.com" { type master; file "cname.com.zone"; };The domain name information in the zone is specified by the file field, and the file is stored in the directory in options, for example, the my.com.zone file is as follows
$TTL 7200 my.com. IN SOA my.com. mailuser.my.com. (1111 1H 20M 1W 1D) my.com. IN NS dns1.my.com. dns1.my.com. IN A 192.168.137.77 www.my.com. IN A 2.8.2.2For the above configuration, first specify that the valid time of the domain name is 7200 seconds
Then specify SOA (authoritative site) as my.com. The administrator's email address is [email protected]. Due to the special meaning of the @ character in the bind configuration file, it is written as mailuser.my.com. (1111 1H 20M 1W 1D) expresses: the serial number is 1111, the update period is 1 hour, the failure retry time is 20 minutes, the validity period is 1 week, and the shortest validity period is 1 day
Then specify that the NS record of my.com. is at dns1.my.com., and the A record of dns1.my.com. is 192.168.137.77
The last A record specifying www.my.com is 2.8.2.2
CNAME configuration
For example, the CNAME of www.cname.com is www.my.com. In cname.com.zone:
$TTL 8200 @ IN SOA cname.com. ccc.cname.com (1200 1H 20M 1W 1D) @ IN NS dns1.cname.com. dns1 IN A 192.168.137.77 www IN CNAME www.my.com.
The meaning of the @ sign
The @ sign appears in the cname.com.zone file above. The meaning of the @ sign is: the current site. In the above configuration, it refers to cname.com
subdomain query
If there is a third-level domain name third.my.com. and a fourth-level domain name fourth.third.my.com under my.com., but the fourth-level domain name information is stored in another DNS server, you can query through the subdomain name . Subdomain queries require recursion under options to be turned on.
$TTL 7200 my.com. IN SOA my.com. mailuser.my.com. (1111 1H 20M 1W 1D) my.com. IN NS dns1.my.com. dns1.my.com. IN A 192.168.137.77 www.my.com. IN A 2.8.2.2 thir.my.com IN NS dns3.third dns3.thrid IN A 192.168.137.23
FORWARD query
Forward query generally refers to forwarding the request of this machine to another DNS machine
zone "other.com" { type forward; forward {192.168.2.33l}; }
Reverse parsing configuration
Reverse resolution is to query the domain name according to the IP address. Generally, the mail server queries the source domain name information according to the source IP after receiving the email. For example, the domain name of an existing machine 192.168.4.50 is mail.my.com
zone "4.168.192.in-addr.arpa" { type master; file "192.168.4.zone"; }
in the 192.168.4.zone file
@TTL 3600 @ IN SOA 4.168.192.in-addr.arpa mailuser.my.com (3001 1H 20M 1W 1D) @ IN NS dns1.my.com
In the my.com.zone file, the A address of the email domain name is also provided, and the MA record is added at the same time.
$TTL 7200 my.com. IN SOA my.com. mailuser.my.com. (1111 1H 20M 1W 1D) my.com. IN NS dns1.my.com. dns1.my.com. IN A 192.168.137.77 www.my.com. IN A 2.8.2.2 @ IN MX 10 mail mail.my.com IN A 192.168.4.55
master-slave configuration
#main server zone "lb.com" { type master; notify yes; also-notify {192.168.137.55;}; allow-transfer {192.168.137.55;}; file "lb.com.zone" } # from the server zone "lb.com" { type slave; file "lb.com.zone"; master-ip {xxx.xxx.xxx.xxx;}; }If the zone configuration file of the master server is changed, the serial number of the SOA must be changed, because the slave is incrementally updated according to the serial number
#file lb.com.zone before changing $TTL 7200 lb.com IN STD lb.com. mailuser.lb.com (1111 1H 10M 1W 1D) #after change lb.com IN SOA lb.com. mailuser.lb.com (1112 IH 1M 1W 1D)
In addition, in order to ensure safety, on the host, we should pay attention to adding the transmission limit, that is,
allow-transfer {192.168.137.55;};
In addition to specifying IP, it can also be restricted by cryptographic signatures.
Smart DNS
The so-called smart DNS is to provide different A records according to the visitor's region. Let users find the nearest server. Two new configurations are required:
1 ACL represents a batch of IP segments under this area,
2. view, specify the corresponding ACL in each view, and the corresponding zone configuration
#ACL file acl alcname { 102.56.8.0/24; ..... }
#/etc/named.conf
options { directory "var/named"; recursion yes; }; include "/var/named/chineunicom.acl" include "/var/named/chinemobile.acl" view "chineunicom"{ recursion no; client-match {chineunicom;} zone "my.com" { type master; file "my.com.zone"; }; zone "cname.com" { type master; file "cname.com.zone"; }; } view "chinemobile"{ ... }
Client Tools
The client tools include host, nslookup, and dig, which can perform forward and reverse queries. The most powerful dig tool
#forward query dig www.my.com # reverse query dig -x 192.168.4.55 #Specify DNS server dig @ 8.8.8.8 www.csdn.com