A, DNS system role
1, DNS Server Overview
DNS protocol running on TCP / UDP over protocol, using port 53.
FQDN format (full domain name format): After adding a common domain (the root domain). "" . For example:. Www.baidu.com (.com domain .baidu a second-level domain host name www)
DNS system in the network role is maintains an address database, which records a variety of host domain names and IP correspondence between addresses in order to provide a forward or reverse address lookup services to clients, namely the forward and reverse resolve resolution.
- Forward resolution : according to the domain name check IP addresses that are specified domain name resolved to the corresponding IP address. Forward DNS servers to resolve domain names is the most basic function, is the most commonly used functions.
- Reverse analysis : according to IP addresses with domain names, it will soon be resolved to the specified IP address corresponding to the domain name. Reverse lookup domain name is not very common, but will be used in some special occasions, such as may be used to verify the anti-spam.
In fact, each DNS server is only responsible for managing the mappings between host names and IP addresses within a limited range (one or several fields), these specific DNS domain or IP address of the segment called "zone" (area) . Depending on the direction of address resolution, the DNS accordingly divided region forward zone (contains the domain to resolve the IP address records) and reverse zone (containing IP addresses to a recording domain).
Depending on the source of the data area address managed, DNS system can be divided into different types. In the same DNS server with respect to different regions, it also has a different identity. Several common types are as follows.
- Caching name server : The results provide only DNS caching features designed to improve query speed and efficiency, but there is no control of their own data area address. When building a caching name server, you must set the root domain or specify other DNS servers as a source of resolve.
- Primary DNS Server : maintaining an address database a particular DNS zone, for which the resolution records with independent control over the authoritative server is designated only existing area, the official server. When building the primary domain name server, you need to create your own address data file area of responsibility.
- From the DNS server : the primary domain name server DNS resolution services identical, generally used hot backup DNS server. The client, whether using the primary domain name server or from the domain name server, query results are the same. The key difference is that the analytical results provided from the domain name server is not by their own decision, but from the primary domain name server. When constructed from a domain name server, specify the position of the main domain name server so that the server can automatically synchronize the address database area.
- Repeater : When this DNS query requests non-native found responsible, not to launch a request to the root domain, but forwarded directly to the specified one or multiple servers. Itself does not cache query results.
Second, the query mode and domain name server DNS resolution
Domain name resolution process:
When a user address entered www.crushlinux.com, DNS parsing process is a substantially:
1, the client wants to get ip address, first find out the browser cache and then check the browser cache itself has not been resolved over the domain name, if any, rendering is completed.
2. If not, find hosts, hosts check they have not been resolved in this domain, and if so, to resolve end
(The first two processes are recursive queries)
3. If not, find the cache server to resolve the domain name,
4. If not, the cache server will look for the root domain name servers to resolve the request, the root domain name can not be resolved, then returned to the cache server .com top-level domain
5, the cache server find request analysis .com top-level server, the server can not resolve the .com domain, returns to the second-level domain cache server .crushlinux
6, the cache server find request analysis .crushlinux two domain server, domain server can resolve .crushlinux, then give ip address cache server.
(3,4,5,6, is iterative query)
7, the cache server to obtain the ip address of the domain name will parse the results back to the client, as well as write cache, the next time in the analysis, the results are returned directly to the customer.
DNS server recursive queries : When the client makes a request to the DNS servers, DNS server queries from the local server's cache-only results, feedback to the client, this process is known as recursive queries that Client-Server.
DNS server iterative query : When the client makes a request to resolve a DNS server, DNS server from the local server's cache-only query found no results, then the DNS server sends a DNS resolution request to the customer's identity to other DNS servers or to the root domain name server sends a request, this process is called iterative query, namely server-server.
nslookup command (with dis, host Command) DNS resolve
Third, the distributed architecture of the DNS server
The general structure of Internet host domain name usually is: hostname second-level domain top level domain.
DNS is a distributed database of domain names for the index, each domain name is actually a great reverse path in the tree, the tree of reverse domain name space called a tree (domain name space). Each node has a tree can be up to 63 characters of text label.
Fourth, install and control the DNS server
BIND (Berkeley Internet Domain the Name, Berkeley Internet Domain Name Service) is an open-source DNS server software, Bind developed and maintained by the Berkeley campus of the University of California, but not the only DNS service programs to provide domain name services, but it is the most widely used, BIND can run on most Linux / UNIX host. Its official site is located https://www.isc.org/ .
Fifth, install BIND software
- the bind : Domain Name Service provides the main proceedings and related documents.
- utils-the bind : DNS server provides testing utilities, such as nslookup and so on.
- 1ibs-the bind : providing a bind, bind-utils library functions need to use.
bind-chroot: optional software package, provides a camouflaged root directory of the BIND (optional is optional)
Use yum, rpm installation
Format : yum -y install bind
yum -y install bind-utils
yum -y install bind-libs
rpm -ivh bind
rpm -ivh bind-utils
rpm -ivh bind-libs
View is installed: rpm -q bind bind-utils bind-libs
Six, BIND service control
After the BIND software package is installed, it will automatically add a system service named named by systemctl tools can control the operation of the DNS domain name service. For example, the following query can run state named services.
status inquiry
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Seven, BIND service profile
When building using the BIND domain name service software, mainly related to two types of configuration files: the main configuration file and zone data files . Among them, the main configuration file named global option is used to set the service, registration areas and access control and other operational parameters; zone data files used to store the address of a DNS zone resolution records (forward or reverse record).
①. The main configuration file
Named.conf main configuration file is usually located in the / etc / directory , in the named.conf file, including global configuration, configure two zone portions , each end of the line configuration record a semicolon ";" indicates the end of " # "sign or" // "start section represents the comment text (you can use a large segment of the comment" / * ...... * / "format).
1) The global configuration section
Global configuration parameters included in the form "options {};" braces, as can set the directory monitor address and port, the data file storage area, which allows the client queries the like.
[root@localhost ~]# cd /etc/
[root@localhost etc]# vim named.conf
...... // omit some of the parameters
options {
{-ON Port 53 is the listen 192.168.200.111;}; // listen address and port
Directory "/ var / the named"; // default zone data file storage location
allow-query {192.168.100.0/24; 192.168.200.0/24; }; // allows use of the DNS service network segment
};
named by default on all interfaces UDP 53 port listening service
2) The region configuration section
Area configuration parameters "zone ...... {};" configuration format, a DNS server may be resolved to provide a plurality of regions , and therefore may have a number of segments arranged in the zone named.conf file. Type according to the analysis region can be divided into the direction of the forward zone, the reverse zone .
[root@localhost etc]# vim named.conf
...... // omit some of the parameters
zone "crushlinux.com" IN {// Forward "crushlinux.com" area
type master; // type main area
file "crushlinux.zheng"; // zone data files crushlinux com zone..
allow-transfer {192.168.200.112;}; // allowed to download from a server address
};
zone "200.168.192.in-addr.arpa" IN {// reverse "192.168.200.0/24" area
type master;
file "crushlinux.fan";
};
In the above configuration content, there are several areas that need attention.
■ Each zone area is optional (including root domain, loop domain, the reverse domain), in particular according to the actual need, "IN" key zone configuration portion may be omitted.
■ reverse name region by the reverse combination of the network address and "in-addr.arpa" together. For example, for 192.168.200.0/24 network segment, which is expressed as the reverse zone name "200.168.192.in-addr.arpa".
■ file configuration item is used to specify the actual zone data file, the file name is set by the administrator themselves.
Some parameters (such as the allow-transfer) ■ zone configuration may be placed in the global configuration.
After you finish modifying the master configuration file, you can execute named-checkconf command to check the syntax of named.conf file . If the file is not a syntax error , the command will not give any warning , on the contrary, the corresponding message will be given , the error can be corrected file error message as long as according to. With " the -z" option named-checkconf command can also try to load the zone database file corresponding master configuration file, and check if the file exists problem . For example, when "... file not found" error, indicates that the corresponding file is not found.
[root@localhost etc]# named-checkconf -z /etc/named.conf
zone crushlinux.com/IN: loading from master file crushlinux.zheng failed: file not found
zone crushlinux.com/IN: not loaded due to errors.
_default/crushlinux.com/IN: file not found
②. Regional Data Profile
Profile data region is usually located in / var / named / directory, each area corresponding to a DNS resolution data file area, the file name and the content set by an administrator of the domain itself.
Root domain. "" Special area data file. All Internet DNS servers use the same root zone data files,
Which lists all domain names and IP addresses of the root servers . Http://www.internic.net/ root zone data files can be downloaded from the Internet Information Center (InterNIC) official website address.
In the region of the data file, including TTL CI, SOA (Start of Authority, authorization information start) recording, address resolution recording . Annotation information in the file with a semicolon ";" Start.
1). TTL SOA recording portion and arranged
TTL configuration settings for the first line, that is, ask valid default cache lifetime analysis results. SOA records section is used to set the zone name, mailbox management, and domain name service updates from the specified parameters.
[root@localhost ~]# cd /var/named/
[root@localhost named]# vim crushlinux.zheng
$ TTL 86400; effectively resolve lifetime record
. @ IN SOA crushlinux.com admin.crushlinux.com (;. SOA marks, domain management mailbox
2011030501; update sequence number may be an integer less than 10
3H; refresh time interval of re-downloading the address data
15M; retry delay interval of download retry failed
1W; expiration time, over that time still can not give up download
1D; parsing invalid lifetime record
)
Content above configuration, the unit of time in seconds by default, the following units may be used: M (min), H (when), W (weeks), D (day). File "@ " symbol when in "crushlinux.com.", "Admin.crushlinux.com." , Represents the e-mail address of the domain administrator.
2) address resolution recording portion
Address resolution recording to set the domain name in the DNS zone, IP addresses mapping relationship , including forward and reverse resolution records recording precipitous solution. Reverse resolution records can only be used in the reverse zone data file.
[root@localhost named]# vim crushlinux.zheng
...... // omit some of the parameters
@ IN NS ns1.crushlinux.com.
IN MX 10 mail.crushlinux.com.
ns1 IN A 192.168.200.111
www IN A 192.168.200.111
mail IN A 192.168.200.113
map IN A 192.168.200.114
ftp IN CNAME www
Content in the above configuration, use the following four common address resolution recording.
■ NS domain name server (Name Server): host address of the DNS server records the current region.
■ MX Mail Exchange (Mail Exchange): address of the mail server host record current region, numeral 10 denotes a mail server selection priority (when there are multiple MX records), the larger the number, the lower priority.
■ A address (Address): Record analytical positive entry (IPV4). For example, "WWW IN A 192.168.200.111" represents the name or IP address of the corresponding www.crushlinux.com 192.168.200.111.
■ AAAA address (Address): Record analytical positive entry (IPV6).
■ CNAME aliases (Canonical Name): record a positive resolve a name other entries. For example, "ftp IN CNAME www" represents a DNS ftp.crushlinux.com is www.crushlinux.com alias.
Which , NS, MX records first line of the "@" symbol can be omitted (default inherited SOA record information @ beginning of the line), but must reserve a space or tab stops Tab.
Reverse data file area, recording address A is not used, but the use of PTR Pointer (Point) record. For example, for reverse zones crushlinux.fan, reverse analysis record is added may be in the form.
[root@localhost named]# vim crushlinux.fan
...... // omit some of the parameters
@ IN NS ns1.crushlinux.com.
IN MX 10 mail.crushlinux.com.
111 IN PTR ns1.crushlinux.com.
111 IN PTR www.crushlinux.com.
113 IN PTR mai.crushlinux.com.
114 IN PTR map.crushlinux.com.
Use PTR recording , the first column only need to specify the corresponding IP address "host address" section can , such as "111", "113" and the like, when the system will automatically find the address record current reverse domain network address as a prefix. For example, in the above documents "4 IN mai1.crushlinux.com PTR.", It represents the IP address 192.168.200.113 of the host domain name is mail.crushlinux.com ..
After you finish modifying the zone data file, you can execute named-checkconf command checks the syntax of the file . Followed by the name of the designated area, the data file name as an argument. If the file does not contain syntax errors , the system will give "OK" message. For example, to check the area data crushlinux.com DNS zone files crushlinux.zheng, you can perform the following operations.
[root@localhost ~] # cd /var/named/
[root@localhost named] # named-checkzone crushlinux.com crushlinux.zheng
zone crushlinux.com/IN: loaded seria1 2011030501
0K