DNS service is installed

Others 2019-10-14 03:30:41 views: null

DNS server configuration and principle

Explain domain name

  • . Www.baidu.com fully qualified domain name, usually divided into three parts; WWW is the host name, the domain name is baidu, the type is COM
  • Hostname + domain name + type a complete domain name
DNS服务器分为以下几种:
- "." :完整网址中最后的那个 ".",代表DNS的根服务器,根服务器是DNS服务器中最上层的服务器,分布在全球,其中保存着该区域的所有类型的DNS服务器的ip地址
- com:是一个DNS类型
- baidu.com:baidu为域名,是com的下级dns服务器,里面保存着域名为baidu.com的所有主机对应的ip地址

DNS服务器的两种查询模式:
- 递归查询:到一个dns服务器查询到结果后就将结果返回给查询者,查询者再去查询别的DNS服务器,一次次的查询知道返回结果
- 循环查询:查询者向一个DNS服务器发起查询后由这个DNS服务器去查询别的服务器A,A又去查询服务器B,回到找到结果,然后返回给B,B返回给A,A在返回查询者
concept
  • DNS: Domain Name System domain name system, domain names and ip address as a distributed database mapped each other, so that the user can easily be able to access the Internet domain name resolution process is called
  • DNS protocol runs over UDP protocol that uses port number is 53.
  • Function: Each ip address has a host name, host name, one or more strings, separated by decimal string.
DNS mapping mode
  • Static mapping: all configure host-to-IP address mapping on each, each device maintains its own map, but only for this equipment.
  • Dynamic Mapping: establish a Domain Name System (DNS), the host arranged only to IP address mapping in a dedicated DNS server using the communication device host name on the network, the host needs to query the corresponding IP address in the DNS server, the host finally get the host name corresponding to the IP address of the domain name resolution process is called.
Common DNS resource record type
  • A: Address, this record lists the IP address of a specific host name, name resolution is an important record
  • CNAME: standard name, the record designated qualified host name alias
  • MX: mail exchange server, this record lists the host is responsible for receiving the e-mail domain
  • NS: name server, the record designated as responsible for a given area of ​​the name server
DNS server type
  • Cache Server: dns cache information, provide services to the user query can not be parsed custom domain configuration
  • Primary DNS server: resolve local client requests
  • Secondary DNS server: secondary zone data is copied from the server the master server, the data is read-only
dig command Detailed
  • Syntax: dig -t resource record type name @ server-ip
  • Working mechanism: without @ server-ip, based on the analysis of configuration files like /etc/resolv.conf inquiry
  • Plus @ server-ip: to resolve the specified DNS servers, bypassing the local DNS server settings parsing library
常用命令组合
dig -x IP @server-ip  查询反向解析
dig -t 资源记录类型 名称 trace  追踪解析的过程

DNS server set up

# DNS服务器安装bind、bind-chroot、bind-utils;bind-chroot会生成一个伪根目录
# yum install -y bind bind-utils bind-chroot 

# 编辑配置文件/etc/named.conf
# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };   #注释此行 //也可修改为dns服务器的ip地址或者any
//      listen-on-v6 port 53 { ::1; };      #注释此行
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
//      allow-query     { localhost; };      #注释此行  //也可设置为any

# 启动named服务
# systemctl start named
# systemctl enable named 
# netstat -ntlp #查看是否启动

# 编辑区域配置文件
# 文件位置: /etc/named.rfc1912.zones
# vim /etc/named.rfc1912.zones
新建区域:
# 配置正向解析
zone "dong.com" IN {
      type master;
      file "dong.com.zone";  
};
# 配置反向解析;反向解析的区域名称:reverseIP.in-add.arpa
zone "1.168.192.in-addr.arpa" IN {
      type master;
      file "1.168.192.zone";
};

# 检查配置文件的语法
# named-checkoutconf /etc/named.conf
# named-checkoutzone zonename filename 


# 创建区域数据文件
# cp -p /var/named/named.localhost dong.com.zone #复制模板文件
# cd /var/named/

# 正向解析配置
# vim dong.com.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN   NS      @
        IN   A       192.168.1.10
www     IN   A       192.168.1.10
文件详解:
SOA是start Of Authority开始验证的意思,与域有关,后面接的7个参数及含义
1>master DNS服务器主机名,即在这个域中哪个DNS作为主服务器
2>管理员的email,即出现问题可给管理员发送邮件
3>序号,这个序号代表数据库档案的陈旧,序号越大,代表越新
4>刷新频率 refresh,即slave向master要求数据更新的频率
5>失败重新尝试时间 retry,如果因为某些因素,导致slave无法对master达成联机,那么在多久的时间内,salve会尝试重新联机到master
6>失效时间 expire,如果一直失败尝试时间,持续联机到达这个设定值时,那么slave将不在继续尝试联机
存活时间minimum ttl,如果在这个数据库zone file中,每笔记录都没有显性设定ttl快取时间的话,那么就以这个值为主 
区域配置文件格式:
[名称] [TTL] [网络类型] 资源记录类型 数据
名称:指定资源记录引用的对象名,可以是主机名,也可以是域名。对象名可以是相对名称也可以是完整名称。完整名称必须以点结尾。当前域名为google,则表示www主机时,完整名称为www.google.com,相对名称为www
TTL:指定资源记录存在缓存中的时间,单位为秒。若省略,则使用文件开始的TTL所定义的时间
网络类型:常用的IN资源记录类型:SOA、NS、A、PTR、MX、CNAME;一般情况下SOA记录第一行,NS记录第二行,接着MX记录。
通常用SOA记录@,表示当前域

# vim /var/named/1.168.192.zone
$TTL 1D
@       IN SOA  dong.com. admin.dong.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
       IN NS  dong.com.
10     IN PTR dong.com.

# 重启dns服务
# systemctl restart named 
# 添加防火墙
# firewall-cmd --add-service=dns --permanent 
# firewall-cmd --reload 
# firewall-cmd --list-all

# 使用命令解析
# nslookup www.dong.com
# dig -t A www.dong.com @192.168.1.10

DNS server configuration summary

  • Each DNS server must have a corresponding NS resource records
  • When you create slave, the configuration file type must be type slave, must develop IP address of the master server
  • You can dig -t axfr test.com @server_ip pulling the parsed resource records from the database the primary DNS server
  • After the master-slave synchronization is completed, automatically generating zone files on the slave slave server / directory, these regions from the primary files are synchronized from the DNS, the general read-only
  • On the primary DNS zone file is modified, must be added to the SOA record serial 1 because slave is updated by serial determination value
  • DNS log default stored in / var / log / message file
  • DNS resolution depends on parsing library
  • Forward resolution there is no PTR record, which does not need to reverse record store A, MX and CNAME records

Zone transfer principle

Zone transfer
  • dns server from a fault-tolerant design, once the dns primary service fails or is unable to respond in a timely manner due to heavy load client requests, the server will come forward from the main proxy server. Area data from the server are copied from the primary server, and thus the data are read from the server.
  • Process slave from the master copy of the zone data is called the transport region, the region of the transmission using TCP port 53
  • Type transfer area: totally zone transfer (AXFR) incremental zone transfer (IXFR)

Guess you like

Origin www.cnblogs.com/l-mac/p/11668815.html
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com