This article will follow the blogger's deployment of DNS operations and experience, and please comment to correct any problems!
Write directory title here
DNS Overview and DNS Deployment
1. Introduction
DNS (domain name system) domain name management system is a service of the Internet . As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet without having to remember IP addresses that can be directly read by machines.
2. Domain name
2.1 Domain name hierarchy
As shown in the figure above, the domain name structure is a tree structure, the top of the tree represents the root server , and the next level of the root is the well-known common domains such as .com, .net, .cn and countries such as .cn and .uk Domains are called top-level domains. The domain names registered online are basically second-level domain names , such as http://baidu.com, http://taobao.com and other second-level domain names, which are basically managed by enterprises and operation and maintenance personnel . Next is the third-level or fourth-level domain name, so I won’t go into details here. Generally speaking, the domain name is a mechanism structure from the whole to the part.
Here we focus on the most common domain names
.com (commercial organization), .org (non-profit organization), .gov (government department), .net (network service provider), .edu (scientific research institution), .pub (public public), .cn (Chinese national TLD)
3. Forward and reverse resolution of DNS
- Forward resolution : resolve the domain name into an IP address (this is also our most commonly used, enter the URL to visit the webpage, the system will search for the corresponding website according to the IP mapped by the domain name, and then visit)
- Reverse analysis: resolve the IP address into a domain name
4. DNS resolution process
1. First, the location of the client is a computer or mobile phone. After opening the browser, such as entering the domain name of http://www.zdns.cn, it first initiates a DNS resolution request by the browser. If the local cache server If no result is found, it will first query the root server, which records the location of the server where each top-level domain is located . When requesting http://www.zdns.cn from the root, the root server will return The location information of the .cn server.
2. After the recursive server gets the address of the authoritative server of .cn , it will ask the authoritative server of cn whether it knows the location of http://www.zdns.cn. At this time, the cn authoritative server searches and returns the address of the http://zdns.cn server.
3. Continue to query the address from the authoritative server of http://zdns.cn, and the server of http://zdns.cn gives the address: 202.173.11.10
4. Finally, the http link can be made and the website can be accessed smoothly.
5. It is added here that once the recursive server gets the resolution record, it will cache it locally. If the client requests the same domain name from the local recursive domain name server next time, it will not check layer by layer. Yes, because there is already a cache in the local server, at this time, just return the A record of http://www.zdns.cn to the client.
Five, DNS server classification
- The main server
is unique in a specific area and is responsible for maintaining the correspondence between domain names and IP addresses in this area. - Slave server: Obtain and maintain the corresponding relationship between domain name and IP address from the server to prevent the main server from going down (unrecoverable crash)
- Cache server: The host queries other domain name resolver servers to obtain the corresponding relationship between domain names and IPs, and saves frequently queried domain name information locally on the server to improve the efficiency of repeated queries.
Six, DNS service construction
1. Configure the network card
vi /etc/sysconfig/network-scripts/ifcfg-ens33
#修改或添加以下配置
ONBOOT=YES
BOOTPROTO=static
IPADDR=192.168.10.10
NETWORK=255.255.255.0
GATEWAY=192.168.10.2
DNS1=192.168.10.10
配置完重启网卡
systemctl restart network
2. Configure the local yum source
mkdir /media/cdrom #创建挂载点
mount /dev/cdrom /media/cdrom #将镜像挂载到挂载点
cd /etc/yum.repos.d #去到本地yum源配置目录
mv CentOS-Base.repo 1 #将网络源文件名字修改成1,使网络源失效
vi CentOS-Media.repo #编辑本地yum源
#进去后不要做任何配置,直接跳转到第20行改成1
enabled=1 #表示启用本地yum源
yum -y install bind-utils bind-chroot vim #下载dns服务和vim编辑器
3. Enter the DNS configuration file
We enter /etc/named.rfc1912.zones
- before change
Change the part circled in red in the above picture as written below
zone "csdn.com" IN {
type master;
file "1";
allow-update {
any; };
zone "10.168.192.in-addr.arpa" IN {
type master;
file "2";
allow-update {
any; };
- after change
- Interject to explain forward analysis and reverse analysis
[Forward resolution record format: zone "domain name" IN { zone "skills.com" IN { #Forward domain name resolution type master; #Server type: master is the main server file "1"; #Forward resolution file name is 1 }; [Reverse resolution record format: zone "network segment without host bit reversed.in-addr.arpa" IN { ] zone "10.168.192.in-addr.arpa" IN { #Reverse domain name resolution type master ; #Server type: master is the main server File "2"; #Reverse file name is 2
4. Modify the forward and reverse analysis files
[root@localhost ~]# cd /var/named
[root@localhost named]# cp -a named.localhost 1 #复制一个文件名为1的正向模块文件
[root@localhost named]# cp -a named.loopback 2 #复制一个文件名为2的反向模块文件
vim 1 #编辑正向文件,并添加一条解析记录
www A 192.168.10.10
vim 2 #编辑反向解析文件
10 PTR www.csdn.com. #指定10主机位的主机域名为www.csdn.com
5. Enter the DNS configuration main file
before change
Change the content in line 13 and line 21 {}
after change
6. Turn off the firewall and restart the DNS service
[root@localhost named]# systemctl stop firewalld
[root@localhost named]# systemctl restart named
[root@localhost named]# setenforce 0
7. Test results
nslookup
192.168.10.10
www.csdn.com
If an error is reported, check whether the configuration file is wrong or whether the dns in the network card points to the dns server.
Six, configuration experience
In fact, I did this configuration experiment for three days. I think linux is amazing. I always feel that there are no mistakes, but there are always various problems. But after doing it many times, you finally succeed, then you will remember it very clearly, so I hope everyone will be careful when doing the questions. This is my experimental experience and experience, and thank you seniors. If you have any questions in the article, please leave a message in the comment area. I will refer to it and correct the mistakes.