Preface:
- BIND domain name service infrastructure
- The role and type of the DNS system
- BIND installation and configuration files
- Construction of the BIND Domain Name Server
- Construction of caching name server
- Construction of the main, from the domain name server
Key steps: find the main configuration file, find the startup script
A: the role of the DNS system
1.1 Forward Analysis: Find the corresponding IP address based on the host name (domain name)
1.2 reverse lookup: lookup domain name corresponding to the IP address of the host
ip resolve domain names, mostly for testing
Distributed data structures 1.3 DNS system
www.sina.com.cn. last point is the root of the whole is the fully qualified domain name
www is the host name, sina two domain names, com.cn is a top-level domain. is the root
Two: DNS system type
2.1 caching name server
- Also known as the cache server
- To obtain the domain name by querying other name servers -> IP address records
- The domain name query results to a local cache to improve the speed of repetitive queries
When the service is installed, that is, the cache server
2.2 primary domain name server (master)
- master master
- Official server-specific DNS zone, unique
- All this region is responsible for maintaining a domain name -> IP address mapping records
2.3 from the domain name server (slave)
- slave server
- Also known as the secondary domain name server
- The maintenance of the domain name -> IP address records from the primary domain name server
Three: BIND Domain Name Service
3.1 BIND service profile
- BIND(Berkeley Internet Name Daemon)
- Berkeley Internet Domain Name Service
- Related Packages
- bind-9.9.4-37.el7.x86_64.rpm
- bind-untils-9.9.4-37.el7.x86_64.rpm
- bind-libs-9.9.4-37.el7.x86_64.rpm
- bind-chroot-9.9.4-37.el7.x86_64.rpm
3.2 BIND domain name server program
- The main program execution: / usr / sbin / named
- The default listening port: 53 TCP connection in charge of control, UDP is responsible for fast parsing
- The main configuration file: /etc/bind/named.conf
- DNS resolution records saved data file is located in / var / named /
3.3 BIND domain name service program's main configuration file /etc/bind/named.conf
Global Configuration section
- Set global parameters DNS server
- Including listening address / port, the default location for data files, etc.
- Use options {.....}; segment configuration
[root@localhost ~]# vim /etc/named.conf
options { '选项'
listen-on port 53 { any; }; '监听地址所有'
listen-on-v6 port 53 { ::1; };
directory "/var/named"; '目录在/var/named下'
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.10.0/24; }; '允许此网段前来解析'
Configuration section area /etc/named.rfc1912.zones
- This provided a specific DNS server DNS zone
- Including domain name, server roles, data file names, etc.
- Use zone "area name" IN {......}; segment configuration
#正向解析
zone "localhost" IN { '主机名,例kgc.com'
type master; 'master类型,主服务器'
file "named.localhost"; '区域数据文件名,A记录,可以解析主机头,'
allow-update { none; }; '允许更新'
allow-transfer { 173.16.16.2 } '从服务器的IP地址'
};
#反向解析
zone "16.16.173.in-addr.arpa" IN { 'ip地址反写'
type master; '主服务器'
file "named.loopback"; '区域配置文件名'
allow-update { none; }; '允许更新'
};
16.16.173.in-addr.arpa anti write ip address being written is' 173.16.16.? '? As an option
3.4 Regional data configuration file (A record) file configuration options in the area of "*"
3.4.1 Global TTL CI and SOA records / var / named / directory
- $ TTL (Time To Live, survival time) record
- SOA (Start Of Authority, authorized information to start) record
- Semicolon ";" comment section Indicates information
$TTL 1D '有效解析记录的生命周期'
@ IN SOA @ rname.invalid. ( 'SOA标记、@域名、管理者邮箱'
0 ; serial
'更新序列号,可以是10位以内的整数,当前0'
1D ; refresh
'刷新时间,重新下载地址数据的间隔,1天'
1H ; retry
'重试延时,下载失败后的重试间隔,1小时'
1W ; expire
'失效时间,超过改时间仍无法下载则放弃,1周'
3H ) ; minimum
'无效解析记录的生存周期 3小时'
NS @ '@指自己'
A 127.0.0.1 '回环地址,此行的首位没写,默认是自己的主机名,即输入自己的主机名就是在ping自己'
AAAA ::1
~
If the primary server can not be found, they will find every once an hour, that is one week duration 1w
3.4.2 DNS record
- NS domain name server (Name Server) records
- MX Mail Exchange (Mail Exchange) records
- Address A (address) record, only in the forward region analytic
- Alias CNAME (Canonical Name) record
$TTL 1D '有效解析记录的生命周期'
@ IN SOA @ rname.invalid. ( 'SOA标记、@域名、管理者邮箱'
0 ; serial
'更新序列号,可以是10位以内的整数,当前0'
1D ; refresh
'刷新时间,重新下载地址数据的间隔,1天'
1H ; retry
'重试延时,下载失败后的重试间隔,1小时'
1W ; expire
'失效时间,超过改时间仍无法下载则放弃,1周'
3H ) ; minimum
'无效解析记录的生存周期 3小时'
NS @
A 127.0.0.1
AAAA ::1
@ IN NS ns1.bdqn.com. '自己的域名叫做ns1.bdqn.com.'
IN MX 10 mail.bdqn.com. '自己的邮件交换系统优先级别10的叫做mail.bdqn.com.'
ns1 IN A 58.119.74.203 '主机名即主机头为ns1时,对应的ip地址58.119.74.203'
www IN A 173.16.16.1 '主机名为www时,对应的ip地址为为173.16.16.1'
mail IN A 173.16.16.4
ftp IN CNAME www 'cname,别名,即输入ftp相当于输入www'
~
3.5 Experiment: being analytical structures
[root@dns named]# rpm -qc bind '查看已安装bind软件的配置文件'
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@dns named]#
[root@dns named]# vim /etc/named.conf '配置主配置文件'
options {
listen-on port 53 { any; }; '监听地址修改为所有'
listen-on-v6 port 53 { ::1; };
directory "/var/named"; '默认文件存放位置,不用动'
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; '允许所有主机前来解析'
/*
[root@dns named]# vim /etc/named.conf '配置主配置文件'
zone "." IN { '根域,不要去动它'
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; '区域配置文件,接下来要配置它'
include "/etc/named.root.key";
[root@dns named]# cd /var/named '去看一眼默认文件存放路径'
[root@dns named]# ls
chroot data dyndb-ldap kgc.com.zone named.empty named.loopback
chroot_sdb dynamic kgc.com.local named.ca named.localhost slaves
[root@dns named]# vim /etc/named.rfc1912.zones '配置区域配置文件'
In the limit ipv6 reverse DNS zone, is above zone being analytical, analytical zone following reverse
zone "kgc.com" IN { '创建一个kgc.com正向解析区域'
type master;
file "kgc.com.zone";
'存放文件在默认目录/var/named下,名为kgc.com.zone文件,若是没有需要自己创建'
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "kgc.com.local";
allow-update { none; };
};
[root@dns named]# cp -p named.localhost kgc.com.zone
'保留权限复制模板,重命名为kgc.com.zone'
[root@dns named]# vim kgc.com.zone ''修改区域数据,
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 127.0.0.1
IN MX 5 mail.kgc.com.
mail IN A 10.10.10.10
www IN A 9.9.9.9
ftp IN CNAME www
* IN A 8.8.8.8
@ Represents the variable, in this case the domain name
At this time forward to resolve DNS configuration has been completed
[root@dns named]# systemctl start named '启动服务'
[root@dns named]# netstat -natp |grep named '查看端口状态-n 数字 -a 所有 -t tcp -p protocol 协议'
tcp 0 0 192.168.139.132:53 0.0.0.0:* LISTEN 40771/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 40771/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 40771/named
tcp6 0 0 ::1:53 :::* LISTEN 40771/named
tcp6 0 0 ::1:953 :::* LISTEN 40771/named
[root@dns named]# netstat -naup |grep named '-u udp'
udp 0 0 192.168.139.132:53 0.0.0.0:* 40771/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 40771/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 40771/named
udp6 0 0 ::1:53 :::* 40771/named
[root@dns named]# systemctl stop firewalld '关闭防火墙'
[root@dns named]# setenforce 0 '关闭安全增强服务'
To test
Create a virtual machine, network card mode is also set to nat mode, and then specify the dns
C:\Users\GSY>nslookup mail.kgc.com
服务器: UnKnown
Address: 192.168.139.132
名称: mail.kgc.com
Address: 10.10.10.10
C:\Users\GSY>nslookup qqq.kgc.com
服务器: UnKnown
Address: 192.168.139.132
DNS request timed out.
timeout was 2 seconds.
名称: qqq.kgc.com
Address: 123.123.123.123
'也可以在本机的/etc/resolv.conf内输入dns服务器名,告诉主机dns的位置,进行本地验证 '
[root@dns named]# echo "nameserver 192.168.139.132" > /etc/resolv.conf
[root@dns named]# nslookup www.kgc.com
Server: 192.168.139.132
Address: 192.168.139.132#53
Name: www.kgc.com
Address: 10.0.0.10
3.6 Reverse DNS PTR record
3.6.1 DNS record
- PTR Pointer (Point) recorded only in the reverse resolution region
- Host address portion of the first column specifies the IP address can be recorded in
14 IN PTR www.kgc.com.
13 IN PTR ftp.kgc.com.
Reverse analysis data file configuration zone
[root@dns named]# cp -p named.loopback kgc.com.local
'创建的文件名与区域反向解析配置的文件名一致'
[root@dns named]# vim kgc.com.local
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 14.0.0.14
14 IN PTR www.kgc.com.
13 IN PTR ftp.kgc.com.
2 IN PTR WWW.GSYDSG.com.
~
Nslookup or host can test
[root@dns named]# systemctl restart named
[root@dns named]# nslookup 14.0.0.2 '因为在配置文件中是大写的WWW,所以不是域名='
2.0.0.14.in-addr.arpa name = WWW.GSYDSG.com.
[root@dns named]# host 14.0.0.14
14.0.0.14.in-addr.arpa domain name pointer www.kgc.com.
[root@dns named]# host 14.0.0.13
13.0.0.14.in-addr.arpa domain name pointer ftp.kgc.com.
[root@dns named]#
3.7 Special application area data profiles - Pan-domain name resolution
3.7.1 load balancing of DNS-based
- The same domain name corresponds to multiple IP addresses
3.7.2 Pan-domain name resolution
- A record corresponding to the accurate time can not be found, the "*" matches
www IN A 9.9.9.9
www IN A 7.7.7.7
www IN A 6.6.6.6
* IN A 8.8.8.8
To verify the same domain name corresponding to a plurality of IP addresses
C:\Users\GSY>nslookup www.kgc.com
服务器: UnKnown
Address: 192.168.139.132
DNS request timed out.
timeout was 2 seconds.
名称: www.kgc.com
Addresses: 6.6.6.6
7.7.7.7
9.9.9.9
3.8 pairs configuration file syntax checking named-checkconf
3.8.1 named-checkconf tool
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
Nothing reaction, because it is a normal operation, I put inside the data error correction to test
zoe "kgc.com" IN { '去掉个字母'
type master;
file "kgc.com.zone";
allow-update { none; };
};
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
/etc/named.rfc1912.zones:13: unknown option 'zoe'
Error change it back
[root@dns named]# named-checkconf -z /etc/named.rfc1912.zones
zone kgc.com/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 0.0.14.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
-z option, which will see the zone entry is wrong
Without -z option is to see only the overall syntax
3.8.2 named-checkzone tool
[root@dns named]# named-checkzone kgc.com /var/named/kgc.com.zone
zone kgc.com/IN: loaded serial 0
OK
Experiment 3.9: Building a caching name server
3.10 build master and slave name server
slave from the server
to sum up
Use dns Domain Name Service
First turn off the firewall tube say
1. The need to install software bind *
The main configuration file /etc/bind/named.conf
Data file / var / named
Program / usr / sbin / named
2. The global configuration file to configure /etc/named.conf
options { '众多选项'
listen-on port 53 { 127.0.0.1; }; '监听此地址'
listen-on-v6 port 53 { ::1; };
directory "/var/named"; '默认目录在/var/named下'
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; '允许此主机名前来解析'
3. Regional Profile /etc/named.rfc1912.zones
#正向解析
zone "localhost" IN { “主机名”
type master; 'master类型,主服务器'
file "named.localhost"; '区域数据文件名,A记录,可以解析主机头'
allow-update { none; }; '允许更新'
allow-transfer { 173.16.16.2 }; '从服务器的IP地址'
};
zone "localhost" IN { “主机名”
type slave; 'slave类型,从服务器'
file “slaves/bdqn.com.zone”;
allow-update { none; }; '允许更新'
masters { 192.168.10.10; }; '主服务器的IP地址'
};
#反向解析
zone "16.16.173.in-addr.arpa" IN { 'ip地址反写'
type master; '主服务器'
file "named.loopback"; '区域配置文件名'
allow-update { none; }; '允许更新'
};
3. The area under the data file / var / named / directory
To named.localhost as a template with which to copy permissions, the name was changed to the zone configuration file file name parameter
$TTL 1D '有效解析记录的生命周期'
@ IN SOA @ rname.invalid. ( 'SOA标记、@域名、管理者邮箱'
0 ; serial
'更新序列号,可以是10位以内的整数,当前0'
1D ; refresh
'刷新时间,重新下载地址数据的间隔,1天'
1H ; retry
'重试延时,下载失败后的重试间隔,1小时'
1W ; expire
'失效时间,超过改时间仍无法下载则放弃,1周'
3H ) ; minimum
'无效解析记录的生存周期 3小时'
NS @
A 127.0.0.1
AAAA ::1
@ IN NS ns1.bdqn.com.
IN MX 10 mail.bdqn.com.
mail IN A 173.16.16.4
ns1 IN A 58.119.74.203
ftp IN CNAME www
www IN A 173.16.16.1
nslookup can go test
You can enter dns server hostname in the / etc / hosts and /etc/resolv.conf files
And confirmed for quick access dns address