Centos 7 DNS configuration

1. Introduction:

1. The principle of DNS:

  In the Linux system, DNS (Domain Name System) is an important network service, which is responsible for resolving domain names into IP addresses for network communication. Linux DNS is implemented through a domain name service controller (DNS server), which stores domain names and corresponding IP addresses, as well as other related information.

2. Common usage and functions of DNS:

When the Linux system needs to access a domain name, it will send a request to the DNS server to obtain the corresponding IP address, and then use the IP address for network communication. In the Linux system, commonly used DNS server software includes BIND (Berkeley Internet Name Domain) and NSD (Name Server Daemon). Users can use the dig command to test DNS resolution and performance.

2. The purpose of the experiment:

1. Familiar with the various roles of domain name servers

2. Learn to build the main domain name server

3. Preparation:

Hang source:

Before configuring DNS, you must first install bind, and install the source in advance. We can use it first when linking the source.

df -h

 Look at the hanging path of the source, and then change the hanging source path

mount /dev/sr0 /XXX/XX

 It can be seen from this that we have hung the source in the aa file in the home, we can check the hanging source path again

df -h

4. Installation:

 Then we can install the bind service

yum install bind -y

5. Configuration: 

1. Configuration preparation:

After the installation is successful, we need to know our ip address first

ifconfig

You can use this command to query our ip address

Let's look at ens33, ens33` is a network device identifier under the Linux system. It is used to identify physical or virtual NIC devices in the system so that the system can recognize and manage them. 

In Linux and some Linux-based operating systems (such as CentOS, Ubuntu, etc.), network device names are usually dynamically managed by the udev program. The system assigns a unique name to each network device based on factors such as hardware devices, drivers, and network rules. The role is to allow the system to accurately find network devices and assign them corresponding network configurations such as IP addresses, DNS information, and routing rules. When you connect to a network, your system needs to know which network card to use to send and receive data. The `ens33` flag tells the system "I am this network card", which allows the system to easily distribute and manage network configuration information.

 So the IP behind ens33 is our local IP.

2. Configure the global parameters of the DNS server:

Then we can set the global parameters of the DNS server in the main configuration file /etc/named.conf

1. vi /etc/named.conf

3. listen-on port 53 { 127.0.0.1; };

4. allow-query { localhost; };

After entering, we only need to modify these two parameters, port is modified to our local IP, allow is modified to our network segment

 After modifying the global parameters, we can set the main domain name server. We need to confirm the local IP address, host mapping, and DNS server address first.

1. 1、hostname ns1

2. 2、vi /etc/hosts

3. 3、vi /etc/resolv.cof

4. 4、在修改hosts文件时要注意要有类似192.168.168.131 ns1.zhangsan.com ns1的内容

5. 5、在修改resolv文件时要注意要有nameserver 192.168.168.131的内容

6. 6、在配置resolv文件时建议最好指定多个DNS服务器：可以在配置文件中指定多个DNS服务器，以提高系统的DNS解析性能和容错性。

3. Set the regional configuration file

1. vi /etc/named.rfc1912.zones

3. zone "zhangsan.com" IN {

4. type master;

5. file "zhangsan.com.zone";

6. allow-update { none; };

7. };

9. zone "168.168.192.in-addr.arpa" IN {

10. type master;

11. file "168.168.192.arpa";

12. allow-update { none; };

13. };

4. Establish a forward analysis database file

Note: There is a length limit in 2022. If it exceeds 10 digits, an error will be reported when opening the dns service, indicating that the opening failed

1. vi /var/named/zhangsan.com.zone

2. $TTL 86400

3. @ IN SOA zhangsan.com. admin.zhangsan.com. (

4. 2022115037

5. 4H

6. 30M

7. 12H

8. 1D

9. )

10. NS @

11. A 192.168.168.131

12. ns1 A 192.168.168.131

13. www A 192.168.168.10

14. mail A 192.168.168.20

5. Establish a reverse analysis database file

Note: There is a length limit in 2022. If it exceeds 10 digits, an error will be reported when opening the dns service, and the opening failure will be displayed as shown in the figure below

Error content:

1. vi /var/named/168.168.192.arpa

2. $TTL 86400

3. @ IN SOA zhangsan.com. admin.zhangsan.com. (

4. 2022115037

5. 4H

6. 30M

7. 12H

8. 1D

9. )

10. NS @

11. A 192.168.168.128

12. 10 PTR ns1.zhangsan.com.

13. 10 PTR www.zhangsan.com.

14. 20 PTR mail.zhangsan.com.

6. Verification:

1. Start DNS:

When these are configured, the dns service can be started

systemctl start named

No error is considered successful, and can be used

systemctl status named

 command to view the service enablement status, the enablement status is as follows:

2. Test DNS:

Then test dns (or use Windows system to test on the browser)

(1), Centos 7 test method:

1. nslookup ns1.zhangsan.com

2. nslookup www.zhangsan.com

3. nslookup 192.168.168.131

(2), Windows 10 test method:

 

7. Summary and error points:

In configuring dns, our file configuration is easy to misconfigure. When we misconfigure, we can use

1. named-checkconf /etc/named.rfc1912.zones

2. named-checkconf /etc/named.conf

3. systemctl stop firewalld.service

4. systemctl disable firewalld.service

5. setenforce 0

To detect whether there is a grammatical error in the global configuration. If there is a grammatical error, an error will be returned. In addition, forward parsing and reverse parsing are very error-prone. When an error is found, check whether the domain name is the same as the global configuration file, and the IP address Whether it is the local IP and other issues to detect whether there is a grammatical error in the global configuration. If there is a grammatical error, an error will be returned. In addition, forward parsing and reverse parsing are very error-prone. When an error is found, check whether the domain name is consistent with the The global configuration files are the same, whether the IP address is the local IP, etc., and the firewall should be closed

1. netstat -anp | grep :53

2. lsof -i :53

Another problem is the occupation of port 53. You can use any of the above two methods to check whether port 53 is occupied.

Eight, experience:

Configuring DNS is an important step in improving system performance and avoiding network failures. It is best to specify multiple DNS servers and enable local DNS caching. DNS pollution should be avoided, and firewall rules should be properly configured to ensure proper communication with DNS servers. To confirm that the modification has taken effect after modifying the configuration file, it is best to use tools or commands to configure DNS to avoid manual errors. Correctly configuring DNS can help improve system performance and ensure smooth network connections.