For performance reasons, dns queries to interact with the UDP protocol and the size of each request is less than 512 bytes, if the return request size is larger than 512 bytes, the two sides negotiate the use of interactive TCP protocol interaction
recursive search ------ a request
iteration Find ------ repeated requests
by default to the local host-initiated local DNS query process follows recursively query the local DNS backward follow an iterative query.
Primary DNS server: modifying data (accept user request to return data) Master authority domain name server
secondary server dns: periodically requests data synchronization slave
cache server dns: dns only cache data parsing no hint -----
transponder: a cache server caching removed features
a plurality of domain names may correspond to ip
Forward Analysis: domain name ----> ip
Dns provide services suite called bind but to perform service names are named
1, mount ---- (get the package)
[root @ b ~] # Mount / dev / SR0 / mnt
Mount: / dev / SR0 IS the Write-protected , Read-only mounting
2, (document repository defined yum) - plain text files
[B the root @ ~] # /etc/yum.repos.d/base.repo Vim
. 3, installation services package
[root @ b ~] # yun -Y the bind the install
. 4, and turn off the firewall SELinux
[the root ~ @ B] STOP # systemctl firewalld
[the root ~ @ B] the setenforce # 0
. 5, view the main service profile information ----- two important modules
**[root@b ~]# vim /etc/named.conf**
**options {**
listen-on port 53 { 127.0.0.1; }; //监听
listen-on-v6 port 53 { ::1; }; //监听格式
directory "/var/named"; //
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; }; //只允许本地主机查询
recursion yes; //允许递归
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
**zone** "." IN { 定义区域 //一个zone定义一个区域
type hint; //定义服务器类型
file "named.ca"; //指定正向\反向解析文件
};
[root @ b ~] # vim /var/named/named.ca
configuration format include: ----- Note that all statements end separated by a semicolon
Options {
the listen-ON 192.168.154.131 Port 53 is {;};
Directory "/ var / the named /";
};
Zone "Baidu.com" {the IN
type Master;
file "named.baidu.com";
};
defined resource record parsing the file
[root @ b ~] # vim / var / named / named.baidu.com
$TTL 1D //全局变量信息 对此区域全部生效
baidu.com.(@) IN SOA baidu.com.(@) admin.admin.com.(
20200131
1D
1H
1W
1M )
(baidu.com.) IN NS xixi.baidu.com.
xixi.(baidu.com.) IN A 192.168.154.131
a.(baidu.com.) IN A 192.168.154.131 ----一个ip可对应多个域名
b.(baidu.com.) IN A 192.168.154.131 -----可添加其他任意主机ip
haha.(baidu.com.) IN CNAME b -----对主机b取别名
Region starting at the specified authorization record @ available alternatives, in this case the following parameters can be resource record baidu.com. Omitted field
behind Com must add, to complete the format shown, the front and rear IN is omitted! because SOA can be inherited in front of the above name
to restart the service:
[root @ b ~] # systemctl restart named
in the graphical interface on the card is set to dns dns resource record in the
test: - a domain name resolution
or dig for domain name resolution
or by nslookup test the most intuitive, it is recommended to use, at the same time test out the resolved alias when parsing b b haha results with the same
Reverse analysis: with the same resolution process forward ------- arpa
Reverse lookup: ip ------> domain name
[root @ b ~] # vim /etc/named.conf
add a response module
Zone "154.168.192.in-arpr" {the IN
type Master;
File "named.fanxiang";
};
[B the root @ ~] # Vim /var/named/named.fanxiang
$TTL 1D
(@) IN SOA (@) admin.admin.com.(
20200131
1D
1H
1W
1M ) IN NS fan.baidu.com.
131 IN PTR fan.baidu.com.
131 IN PTR a.baidu.com.
131 IN PTR b.baidu.com.
Note: pros and cons to resolve the host name and ip-one correspondence must
restart the service and test results look like this,
there is an error of my reverse lookup
