What is DNS
DNS stands for a Domain Name System, the effect is the Domain Name System, which role is to translate domain names into a different one for the computer can recognize the IP device is connected.
linux about DNS resolution and configuration files
linux there are three files are about dns resolution:
- / Etc / hosts ip address corresponding to the hostname recorded
- /etc/resolv.conf set the DNS server ip address
- /etc/host.conf order specified domain name resolution (are resolved from the local hosts file is parsed from DNS)
/etc/hostsThe existence of the early network is not developed, only to save the correspondence between the host name and ip address in the hosts can meet their needs, with the development of the network of the gradual emergence of distributed DNS service, but /etc/hostsin the form preserved.
/etc/resolv.conf Is to configure the DNS domain name and ip address, there is a lot of information online for reference.
A domain name to be resolved is how to
How the Domain Name System (DNS) Works This explains the procedure generally be resolved domain name, which can be divided into:
- Top level domain where the service request to the root domain where the Domain Name Service
- Secondary domain name service request to the top-level domain name service
- The service request to address the specific secondary domain ip
Simple DNS configuration examples (based CentOs7)
Service-Terminal
1. Install bind
yum install bind2. Modify the configuration file /etc/named.conf
vim /etc/named.confoptions {
listen-on port 53 { any; }; //开启监听端口53,接受任意IP连接
listen-on-v6 port 53 { ::1; }; //支持IP V6
directory "/var/named"; //所有的正向反向区域文件都在这个目录下创建
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 0.0.0.0/0; }; //允许任意IP查询
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; //主要配置文件
include "/etc/named.root.key";3. Modify /etc/named.rfc1912.zones file, add a forward zone duiyi.com
vim /etc/ named.rfc1912.zoneszone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
//duiyi.com的正向区域
zone "duiyi.com" IN {
type master;
file "duiyi.com.zone";
allow-update { none; };
};4. Create a forward area resource file
vim /var/named/duiyi.com.zone$TTL 1D
@ IN SOA duiyi.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www IN A 192.168.81.1
mail IN A 192.168.81.2
ftp IN A 192.168.81.35. Start named Service
systemctl start named6. boot from the start
systemctl enable named## client
operating systems: windows and linux can be
IP Address: can ping the DNS server's IP (192.168.81.133) can be,
the role of: Testing DNS server is operating properly.
1. Modify DNS:
2.ping server ip (192.168.81.133), test your access server
3.使用nslookup命令测试三个DNS解析能否成功
如图所示则表示DNS正向解析成功
Linux作为客户端测试:
1. 安装bind-utils包,以便能使用nslookup、dig和host工具
yum install bind-utils2. 修改DNS配置使用我们的DNS服务器
vim /etc/resolv.confnameserver 192.168.81.133
nameserver 114.114.114.114
nameserver 8.8.8.83. 正向解析测试,使用nslookup命令(与windows测试一致)
nslookup