How to build DNS service
To build a DNS service on a Linux system, you can follow the steps below:
1. Install the BIND package:
sudo yum install bind bind-utils
2. Configure the main DNS server: Open /etc/named.confthe file and edit the configuration of the DNS server. According to your domain name and network environment, modify the following example configuration to appropriate values:
options {
listen-on port 53 { any; };
allow-query { any; };
recursion yes;
};
zone "example.com" IN {
type master;
file "/var/named/example.com.zone";
allow-update { none; };
};
3. Create a master DNS zone file: Create a zone file to store DNS records. /var/named/Create a file under the directory called , example.com.zoneand add the corresponding DNS records. Example:
$TTL 86400
@ IN SOA ns1.example.com. root.example.com. (
2018010101 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.example.com.
@ IN A 192.168.1.10
www IN A 192.168.1.20
4. Configure reverse analysis: Open /etc/named.confthe file and add reverse analysis configuration. Example:
zone "1.168.192.in-addr.arpa" IN {
type master;
file "/var/named/1.168.192.zone";
allow-update { none; };
};
5. Create a reverse analysis zone file: /var/named/Create a 1.168.192.zonefile named in the directory for reverse analysis. Add the following:
$TTL 86400
@ IN SOA ns1.example.com. root.example.com. (
2018010101 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.example.com.
10 IN PTR example.com.
20 IN PTR www.example.com.
6. Set up firewall rules: If your firewall is enabled, make sure to allow DNS traffic through
sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --reload
7. Start and enable the DNS service:
sudo systemctl start named
sudo systemctl enable named
Now, the DNS server on your Linux system has been set up. You can set the DNS server to the IP address of your CentOS host on other devices to use this DNS server for domain name resolution.
Please note that in an actual production environment, you may need more complex configurations to meet network requirements, such as adding other regions or configuring forwarding.
DNS principle and resolution process
DNS is the system used in the Internet to resolve domain names into IP addresses. It acts as a distributed database that maps human-readable domain names to computer-understandable IP addresses.
The DNS resolution process is as follows:
1. The user enters a domain name in the browser, such aswww.example.com
2. The operating system will first check the local cache (called the local DNS cache) to see if there is already a resolution result for the domain name. If so, go straight back and skip to step 8. If not, proceed to the next steps.
3. The operating system sends a DNS query request to the pre-configured local DNS server. This local DNS server is usually provided by the user's ISP (Internet Service Provider) or a custom DNS server.
4. After the local DNS server receives the query request, it first checks its own cache, and if there is a corresponding domain name resolution result, it directly returns it to the operating system. If not, proceed to the next steps.
5. The local DNS server selects the appropriate root domain name server (Root DNS Server) to send the query request according to the top-level domain (TLD) of the domain name. The root domain name server is responsible for managing the address information of the top-level domain name server.
6. The root domain name server returns the address of a top-level domain name server to the local DNS server.
7. The local DNS server sends a query request to the top-level domain name server again. The top-level domain name server is responsible for managing the address information of the authoritative domain name server (Authoritative DNS Server) under the corresponding top-level domain.
8. After receiving the address of the authoritative domain name server, the local DNS server sends the final query request to the authoritative domain name server.
9. After receiving the query request, the authoritative domain name server looks up the resolution result of the domain name in its own data.
10. If the authoritative domain name server finds the resolution result of the domain name, it will return it to the local DNS server.
11. After receiving the resolution result, the local DNS server will cache it and return the resolution result to the operating system.
12. The operating system passes the analysis result to the application program, such as the browser.
13. The application program uses the IP address in the analysis result to establish a connection with the server and complete the subsequent communication process.
The entire DNS resolution process may involve multiple queries and responses, but due to the distributed structure and caching mechanism of the DNS system, most of the resolution results can be obtained from the local DNS cache or the cache of the local DNS server, thereby improving the resolution speed and reducing the DNS server’s workload. load pressure.
It should be noted that DNS resolution is not completed at one time, and DNS records may change. Therefore, in some cases, it is necessary to wait for the refresh time (TTL) of DNS records to expire before obtaining the latest resolution results.
For more content, please pay attention to the official account: Sixpence IT
