Article directory
foreword
In the previous blog, we have downloaded the DNS software on the Windows server2003 virtual machine, which has made this computer a veritable DNS server. Today we will continue to configure this server with higher end.
1. Specified area analysis configuration
Click [ Start ] in the lower left corner of the computer, click [ All Programs ], click [ Administrative Tools ], and click [ DNS ] to open the DNS software configuration page.
After entering the DNS configuration page, click the [ + ] in front of the server name, expand to see the [ Forward Lookup Zone ] and [ Reverse Lookup Zone ]
If my server is responsible for the domain name resolution at the end of "baidu.com", that is to say, after Baidu bought this domain name with money, then I can create a new area for him, not a domain name, but an area . Right-click [ Forward Lookup Zone ], and click [ New Zone ] in the drop-down list
Click [ Next ]
As shown in the figure below, [ main area ] refers to the storage area of the main server , and [ auxiliary area ] is also called backup area . If it is broken, the auxiliary server will be used at this time, that is, the [ auxiliary area ], and the [ stub area ] is generally not used by us. It is not necessary to have its own root in the company, and it is generally available at the national level. Because we are now configuring the first server of our company, which is the main server, click [ Main Area ], and then click [ Next ]
This step is [ area name ], here is baidu.com. It means to tell the whole world that in the future, I will be responsible for the domain name at the end of baidu.com, and I will be the authoritative server of this domain. Filled out, and then click [ Next ]
As you can see in the figure below, such a file will be generated in my C drive: baidu.com.dns , this file is called a zone file . This zone file is specially responsible for parsing the forward parsing at the end of baidu.com . In the future, domain names ending with baidu.com, such as mp3.baidu.com, mail.biadu.com, etc., will be written into the zone file. We will not make any changes on this page, just click [ Next ]
Click [ Next ] directly
Here you can see the area parameters we have configured. The name of the created area is baidu.com, and the type is the main area , that is, this server is the DNS master server of baidu.com. The type of search is forward resolution , and the generated file The name is baidu.com.dns. Then click 【Finish】
Click [ Forward Lookup Zone ] in the DNS software , and you can see the baidu.com zone we built
The query area has been built, but the domain name information and corresponding IP address have not been stored in it. Assume that Baidu purchased a server at this time, the host name is www , and the IP address is 1.1.1.1 . Inform this information to my DNS server, then we need to store this information. Proceed as follows:
1. Right- click [ baidu.com ], select [ New Host (A) (S) ] in the drop-down list , the new host record is also called A record , which is a standard forward analysis record
2. Write www for the name , and after writing the host name, the fully qualified domain name will be automatically filled in, and write 1.1.1.1 for the IP address , then click [ Add Host ], click [ OK ], and click [ Finish ]
3. You can see that this resolution record is stored here: host www , full domain name www.baidu.com , corresponding IP address 1.1.1.1
Next, verify whether the domain name resolution of www.baidu.com has been created, and open the WindowsXP virtual machine. Note: you cannot open the browser and enter www.baidu.com to test directly, because the IP 1.1.1.1 we gave is arbitrary. And the virtual machine itself cannot access the Internet. We need to use the console to test with the command line. After cmd enters the console, enter the command nslookup www.baidu.com to view, as shown below:
Why is there this result? Because our client does not point the DNS resolution to our specified Windows server2003 DNS server. We need to set it manually,Let the client's DNS resolution point to our server's IP address: 10.1.1.1,Proceed as follows:
1. Right- click [ My Network Places ], and click [ Properties ] in the drop-down list
2. Right- click [ Local Area Connection ], click [ Properties ] in the drop-down list
3. Double -click [ Internet Protocol (TCP/IP) ]
4. Check [ Use the following DNS server address (E) ], then fill in the IP address, click [ OK ], click [ OK ]
5. Go back to the console, enter the command: nslookup www.baidu.com , press Enter, you can see the following picture, www.baidu.com is resolved successfully, the IP address is 1.1.1.1 , and the resolved server IP address is 10.1. 1.1
have to be aware of is,If you use a real device during the test, the real device may not be able to access the Internet after the test. Because the idea of resolving the local access domain name isFirst look at the local cache, the result is that the fake IP is given during the test, so the fake IP is saved locally, and when you visit www.baidu.com later, you will visit the URL with IP 1.1.1.1 instead of the real Baidu, so go to www.baidu.com No internet. then what should we do?
Here you need to remember a command, which is specially used to clear the local DNS cache , and you can go online normally after cleaning. First, cmd enters the console, enter: ipconfig /flushdns , and press Enter
Correspondingly, what if we want to check the local DNS cache? The command to view the local DNS cache is: ipconfig /displaydns
2. DNS server external name display configuration
Next, do a small experiment. After we enter nslookup www.baidu.com, we can see the following picture:
The name of my DNS server displayed in it is UnKnow , and then we look at the display screen of the real machine, as shown below:
By comparison, we can see that our server looks informal or unprofessional to users. What we need to do next isGive your own server a name, a qualified domain name resolution server must have a name,Proceed as follows.
1. Right- click the blank area, and click [ New Host ] in the pop-up drop-down list
2. The name of the host is dns1 , the IP address fills in the server IP, check [ Create related pointers ], then click [ Add Host ], click [ OK ], and click [ Finish ]
3. You can see that it has been created
4. Right- click [ Reverse Lookup Zone ], and click [ New Zone ] in the drop-down list
5. Click [ Next ]
6. Click [ Next ]
7. Fill in 10.1.1 here for the network , and click [ Next ]
8. Click [ Next ]
9. Click [ Next ]
10. Click [ Finish ]
11. Right- click the newly created reverse lookup area, and click [ New Pointer ] in the drop-down list
12. Change here to 1 , and then click [ Browse ]
13. Continuously double- click to find the lower-level directory until you see 10.1.1.1 in our new forward search , then select it, click [ OK ], and click [ OK ]
14. Go back to the client computer, enter the console with cmd, and enter the command: nslookup www.baidu.com , you can see that the name of our DNS server has been changed
3. Transponder configuration
In the above experiment, we used the Windows server2003 virtual machine as the DNS server, and configured it to resolve the domain name ending area of baidu.com . Next, we will use another virtual machine to configure the resolution of the qq.com domain name ending. The steps are basically the same as the above, and I will briefly mention a few steps.
first,You need to change the IP of this virtual machine to a fixed IP, As for the change method, you can read my last blog [ Detailed Explanation of DNS Deployment and Security (Part 1) ], the IP configuration of our previous DNS server was 10.1.1.1 , and we configured this server as 10.1. 1.2 , as shown in the figure below:
Secondly, configure the forward lookup area , set the area name to qq.com , and the rest of the steps are the same as the configuration of baidu.com above, as shown in the figure below:
The last thing is to configure the host name. Above we configured www.baidu.com to resolve the IP to 1.1.1.1. Here we configure the resolved IP to www.qq.com to 5.5.5.5 , as shown below:
After all configurations are complete, the following figure is shown:
Next, let’s verify that using the XP virtual machine, enter the console with cmd, enter the command: nslookup www.qq.com , and press Enter to see the following figure.
As can be seen from the figure above, the DNS server used by the XP client is still the same server that resolved the baidu.com domain name before, with an IP address of 10.1.1.2 . We only configure that server to resolve baidu.com.There is no analysis of qq.com, so the natural analysis fails. then what should we do? Some friends may say: How about changing the DNS resolution IP of the XP client to 10.1.1.2 ?How to ensure that the original server configuration is valid, and the configuration of this qq.com can also be used nowWoolen cloth?
Next is our transponder comes in handy, I mentioned in the last blog, ifTo configure a local DNS server within the company, it is generally equipped with a forwarder, its function is that if the resolution cannot be found on this server, it willForward the request to another DNS server we specify through the forwarder, that is, to associate our 10.1.1.1 server with the 10.1.1.2 server, so howConfigure forwarders for 10.1.1.1Woolen cloth? Proceed as follows.
1. Right- click the server name, click [ Properties ] in the drop-down list
2. Click [ Forwarder ], enter 10.1.1.2 below , click [ Add ], and click [ OK ]
3. Next, go back to the client computer and continue to verify. The result is shown in the figure below, and it is successful. It can be seen that although the DNS server 10.1.1.1 is bound , it resolves www.qq.com ,Proof that the transponder worked。
Fourth, configure the auxiliary (backup) server
any companyGenerally, there are two DNS servers, one of which is a secondary server and the other is a secondary server. If there is a problem with the main server, the auxiliary server can be used on top, andThe DNS configuration on the secondary server is replicated from the primary server, which is equivalent to a backup server . We use the parsing server of qq.com used in the above experiment as the backup server.Back up the data of the baidu.com server,Proceed as follows.
1. Right- click qq.com, click [ Delete ] in the drop-down list , and then click [ Yes ] in the pop-up box
2. Go back to the baidu.com domain name resolution server, right-click baidu.com , and click [ Properties ] in the drop-down list
3. Click [ Region Copy ], check [ Only allow to the following servers ], and then fill in the IP 10.1.1.2 , which is ourThe IP address of the host to be used as the backup server, click [ Add ], click [ OK ]
4. Go back to this blank DNS server that has deleted qq.com , right- click [ Forward Lookup Zone ], and click [ New Zone ] in the drop-down list
5. Click [ Next ]
6. Check [ Auxiliary Area ], because what we want to build is an auxiliary server, not the main server, and then click [ Next ]
7. The area name is called baidu.com , and then click [ Next ]
8. Enter the IP of the main server, which is 10.1.1.1 , click [ Add ], and click [ Next ]
9. You can see that the newly created area is the auxiliary area , click [ Finish ]
10. Right- click on baidu.com , click [ Refresh ] multiple times in the drop-down list , you can see all the configuration information of the baidu.com area copied from the main server, and the auxiliary server is set up so far
5. How to enable the virtual machine to access the Internet
Both the Windows XP and Windows server2003 virtual machines we used above cannot access the Internet, and the virtual machines cannot connect to the Internet under normal circumstances. So how to make the virtual machine go online? Proceed as follows:
1. Right- click winxp-1 and win2003-1 respectively, that is, the names of the two virtual machines , and click [ Settings ] in the drop-down list
2. Click [ Network Adapter ], click [ Custom (U): Specific Virtual Network ], set the network card interface to VMnet0 , VMnet0 refers to the real network card of the computer , and then click [ OK ], both virtual machines do this set up
3. Click [ Edit ] above the virtual machine , and click [ Virtual Network Editor ] in the drop-down list
4. Click [ Change Settings ]
5. Select VMnet0 , and automatically change the default bridging method to the name of the network card currently used by your computer to access the Internet , and then click [ OK ]
6. How to check the name of the network card currently used by my computer to access the Internet? Right - click the computer networking logo here, and click [ Open "Network and Internet" settings ] in the drop-down list
7. Click [ Ethernet ], click [ Change Adapter Options ]
8. As shown in the figure below, network 4 is the network card currently used to access the Internet, and it is a wired network card . For some friends, if they are using the wireless network, it is the VMnet0 bridge to select their own wireless network card name
9. After the network card is set as a real network card, the IP and DNS of the two virtual machines must be set to be automatically obtained , because we have done experiments before and set one of the IPs to a fixed IP, and the IP address pool in the real network may be There is no such IP, and the DNS should be set to obtain automatically, because the IP address of the real local DNS will not be the 10.1.1.1 we experimented with. The modification method is as follows, first right- click [ My Network Places ], and click [ Properties ] in the drop-down list
10. Then right- click [ Local Area Connection ] and click [ Properties ] in the drop-down list
11. Double -click [ Internet Protocol (TCP/IP) ]
12. Check [ Obtain IP address automatically ] and [ Obtain DNS server address automatically ], click [ OK ], click [ OK ]
13. Right- click [ Local Area Connection ], click [ Disable ] in the drop-down list , that isRelease the original IP address
14. Right- click [ Local Area Connection ], click [ Enable ] in the drop-down list , that is, from the address poolget new ip address
15. Double- click [ Local Area Connection ], click [ Support ] in the pop-up window , you can seeThe new virtual machine IP address and our local real IP are both in the same network segmentYes, at this time the virtual machine is actually a real computer that can access the Internet.Has its own independent real IP. Configure the other virtual machine as well
16. Verify whether you can access the Internet, enter the console with cmd in the two virtual machines, and then use the command: ping www.baidu.com to see if you can ping Baidu. The result is as shown in the figure below, which proves that you can access the Internet
After the above experiments, we configured the two virtual machines of Win XP and Windows server2003 as two real computers that can access the Internet normally. Now we can makeOne of them acts as a DNS server,another as client, and then do some DNS resolution experiment. First of all, we need to put all the previously configured DNS lookup areas in Windows server2003delete all clear, which means that the current DNS server is a server with only DNS software installed, as shown in the figure below:
Moreover, this server has done many parsing experiments just now, and there is a cache in it. We need to clear the cache so as not to affect the results of the experiment for a while. As shown in the figure below, click [ View ], click [ Advanced ]
You can see that there is an additional [ Cached Search ], right- click, and then click [ Clear Cache ] in the drop-down list
Then we need to check the IP of this Windows sever2003 server, and write it down
Go back to the Windows XP virtual machine, and change the DNS of this client from automatic allocation to the IP of the Windows server2003 server just now, which is 192.168.110.137
Next, verify, cmd enters the console, and first uses the command in it: ipconfig /flushdnsclear local cache, because the XP client has done many experiments before, and there are previous parsing records locally, so it needs to be cleared, otherwise the parsing will directly find the local cache, as shown in the figure below
Then enter the command: nslookup www.jd.com , press Enter, as shown below
It can be seen that the resolution is successful, but just now I have cleared the DNS configuration in the Windows server2003 server, how can the resolution be successful? In the last blog, we learnedThe principle of DNS server resolution, if there is no domain name configuration information in it, it will find the root server, and this Windows server2003Now you can go online normally, so you can go abroad to find the root server, and then iterate the query step by step, and finally get the correct domain name resolution result, and return it to the client.
just this way of findingToo much load for our local DNS server, you can use the forwarder to forward the request we received, let the public network server iterate the query, and finally give us the result, soLighten the workload of the virtual machine Windows server2003. The configuration method is the same as above, we write 114.114.114.114 for the forwarded IP , as shown in the figure below
Let’s verify again, go back to the XP virtual machine, enter the console with cmd, and enter the command: nslookup www.sina.com.cn to see the result
Sixth, configure an alias for the DNS server
On the Windows server2003 server, we create a domain name analysis area of baidu.com , and create a new host name www in it . The above steps are all there, so I won’t demonstrate it in detail. The result is shown in the following figure:
Then right- click on the blank space and click [ New Alias (CNAME) ] in the drop-down list
The alias is called xiaoshiyi , and then click [ Browse ]
After entering, double- click the server name multiple times
Until you see the host name we set www , select the host name , click [ OK ], click [ OK ]
It can be seen that the alias has been created successfully, which means that the client is visiting www.baidu.com, but it is actually visiting xiaoshiyi.baidu.com , the two are the same
Let's verify it, come to the XP client, enter the console with cmd, enter the command: nslookup xiaoshiyi.baidu.com , and press Enter as shown below
It can be seen from the figure that the IP of xiaoshiyi.baidu.com is the IP of www.baidu.com we specified , and when we find xiaoshiyi.baidu.com, it will tell us that it is an alias .Aliases means aliases,Formerly known as www.baidu.com.
Back on our real machine, enter the console with cmd, enter: nslookup www.baidu.com , press Enter as shown below:
can be seenIn fact, www.baidu.com is also an alias, Baidu's original name is www.a.shifen.com, but Baidu blocked the original name, it is no longer used, and we cannot access it by entering the original name.