Port: 53
A server .DNS
Forward Analysis: According to domain name check IP addresses that are specified domain name resolved to the corresponding IP address. Forward DNS servers to resolve domain names is the most basic function, is the most commonly used functions.
Reverse analysis: according to IP addresses with domain names, it will soon be resolved to the specified IP address corresponding to the domain name. Reverse lookup domain name is not very common, but will be used in some special occasions, such as may be used to verify the anti-spam.
Caching name server: The results provide only DNS caching features designed to improve query speed and efficiency, but there is no control of their own data area address. When building a caching name server, you must set the root domain or specify other DNS servers as a source of resolve.
Primary Domain Name Server: maintaining an address database a particular DNS zone, for which the resolution records with independent control over the authoritative server is designated only existing area, the official server. When building the primary domain name server, you need to create your own address data file area of responsibility.
From the DNS server: the primary domain name server DNS resolution services identical, generally used hot backup DNS server. The client, whether using the primary domain name server or from the domain name server, query results are the same. The key difference is that the analytical results provided from the domain name server is not by their own decision, but from the primary domain name server. When constructed from a domain name server, specify the position of the main domain name server so that the server can automatically synchronize the address database area.
Transponder: When this DNS query requests non-native found responsible, not to launch a request to the root domain, but forwarded directly to the specified one or multiple servers. Itself does not cache query results.
Query mode two .DNS server and DNS
Domain name resolution process:
When a user address entered www.crushlinux.com, DNS parsing process is a substantially:
1. The client wants to get ip address, first find out the browser cache and then check the browser cache itself has not been resolved over the domain name, if rendering is completed.
2. If not, find hosts, hosts check they have not been resolved in this domain, and if so, to resolve end
3. If not, find the network cache server to resolve the domain name,
4. If not, the cache server will look for the root domain name servers to resolve the request, the root domain name can not be resolved, then returned to the cache server .com top-level domain
The cache server find request analysis .com top-level server, the server can not resolve the .com domain, returns to the second-level domain cache server .crushlinux
6. .crushlinux.com two cache servers to find a server requesting resolution of the domain, the domain server can resolve .crushlinux.com, then give ip address cache server.
7. If there is no not resolved, the host will find two domain master, www.crushlinux.com then parse returns.
III. To build the cache server
In CentOS7.x system, the system comes with a multiple CD-ROM installation files BIND service, the main role of the various packages below.
bind: Domain Name Service provides the main proceedings and related documents.
bind-utils: provides DNS server testing utilities, such as nslookup and so on.
bind-1ibs: providing a bind, bind-utils library functions need to use.
bind-chroot: optional software packages, provide a service for the BIND fake root directory (the / var / named / chroot / folder BIND as the root directory), in order to improve security. Also called jail (prison) mechanism
Installed by default bind-utils and bind-libs, so only you need to install bind to.
(1) close the relevant security mechanisms:
iptables -F
systemctl stop firewalld
setenforce 0
(2) modify the master file with
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.200.111; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";// set the domain name cache database file location
statistics-file "/var/named/data/named_stats.txt";// set state statistics file location
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.200.0/24; };
recursion yes;
};
zone "." IN {//正向“.”根区域
type hint;//类型为根区域
file "named.ca";//区域数据文件为named.ca
};
有时候为了提高解析效率,也可以不向根区域查询,而是将来自客户端的查询请求转发给国内电信运营商的DNS服务器(如北京的202.106.0.20、 202.106.148.1),缓存服务器收到返回的查询结果后再传递给客户端。只要去掉“zone "." IN{ ……};”的设置,并在全局配置中正确设置forwarders参数即可实现该功能。
[root@localhost etc]# vim named.conf
options {
……//省略部分内容
forwarders{202.106.0.20; 202.106.148.1;};
};
(3)启动服务
systemctl start named
四.搭建主从服务器
(1)关闭相关安全机制:
iptables -F
systemctl stop firewalld
setenforce 0
主服务器:
(1)安装bind
[root@localhost ~]# yum -y install bind
(2)修改相关文件
[root@localhost ~]# vim/etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.200.111
nameserver 192.168.200.112
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.111 ns1.crushlinux.com
192.168.200.112 ns2.crushlinux.com
(3.)修改主配文件
[root@localhost ~]# vim/etc/named.conf
options {
directory "/var/named";
};
zone "crushlinux.com" IN { //正向"crushlinux.com"区域
type master; //类型为主区域
file "crushlinux.zheng"; //区域数据文件为crushlinux. com. zone
allow-transfer { 192.168.200.112; }; //允许从服务器地址下载正向域数据
};
zone "200.168.192.in-addr.arpa" IN { //反向"192.168.200.0/24"区域
type master;
file "crushlinux.fan";
allow-transfer { 192.168.200.112; }; //允许从服务器地址下载反向域数据
};
(4.)创建正向解析
[root@localhost ~]# vim /var/named/crushlinux.zheng
$TTL 86400 //有效解析记录的生存周期
@ IN SOA crushlinux.com. admin.crushlinux.com. ( //SOA标记、域名、管理邮箱
20190817 //更新序列号,可以是10位以内的整数 3H //刷新时间,重新下载地址数据的间隔
15M // 重试延时,下载失败后的重试间隔
1W //失效时间,超过该时间仍无法下载则放弃
1D //无效解析记录的生存周期
)
IN NS ns1.crushlinux.com.
IN NS ns2.crushlinux.com.
IN MX 10 mail.crushlinux.com.
ns1 IN A 192.168.200.111
ns2 IN A 192.168.200.112
mail IN A 192.168.200.113
www IN A 192.168.200.114
study IN A 192.168.200.115
* IN A 192.168.200.111
ftp IN CNAME www
(5)创建反向解析
[root@localhost ~]# vim /var/named/crushlinux.fan
$TTL 86400
@ IN SOA crushlinux.com. admin.crushlinux.com. (
20190817
3H
15M
1W
1D
)
IN NS ns1.crushlinux.com.
IN NS ns2.crushlinux.com.
IN MX 10 mail.crushlinux.com.
111 IN PTR ns1.crushlinux.com.
112 IN PTR ns2.crushlinux.com.
113 IN PTR mail.crushlinux.com.
114 IN PTR www.crushlinux.com.
115 IN PTR study.crushlinux.com.
111 IN PTR ns1.crushlinux.com.
(6)修改正反向解析的组
[root@localhost ~]# chown :named /var/named/crushlinux.*
[root@localhost ~]# named-checkconf -z /etc/named.conf
[root@localhost ~]# named-checkzone crushlinux.com /var/named/crushlinux.zheng
[root@localhost ~]# named-checkzone crushlinux.com /var/named/crushlinux.fan
[root@localhost ~]# systemctl restart named
===============================================================================
从服务器:
(1)安装bind
[root@localhost ~]# yum -y install bind
(2)修改相关关文件
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.200.111
nameserver 192.168.200.112
[root@localhost ~]# vim/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.111 ns1.crushlinux.com
192.168.200.112 ns2.crushlinux.com
(3.)修改主配文件
[root@localhost ~]# vim/etc/named.conf
options {
directory "/var/named";
};
zone "crushlinux.com" IN { //正向"crushlinux.com"区域
type slave; //类型为从区域
file "slaves/crushlinux.zheng"; //下载的区域文件保存到slave/crushlinux. com. zone
masters { 192.168.200.111; }; //指定主服务器的IP地址
};
zone "200.168.192.in-addr.arpa" IN { //反向"173.16.16.0/24"区域
type slave;
file "slaves/crushlinux.fan";
masters { 192.168.200.111; };
};
(4)开启服务
[root@localhost ~]# systemctl restart named