Article Directory
Experimental environment:
rhel7 host acts as a client: IP is 192.168.1.136
rhel8 act as a host server: IP is 192.168.1.135
[A] bidirectional another client: IP is 172.25.254.136
I, on the dns Glossary
dns (domain name service): Domain Name Service
1. Client
- dns points to the file :/etc/resolv.conf
- Address Resolution command: Host www.baidu.com
- For more information address parsing command: DIG www.baidu.com
- A record : ip address of the domain name record is called Address
- SOA: the authorization of the originating host
- dns level [.]: Top 13; secondary: [. com .net .edu .org ...]
2. server
- Installation package: the bind
- Service Name: named
- The main configuration file :/etc/named.conf
- Data Directory :/var/named
- Port: 53 [netstat -antlupe | grep named]
3. Error Messages
- Servers could Reached BE NO : service can not access (network service open firewall port???)
- Service failed to start: Profiles wrong journalctl -xe query errors
- dig Check status :
(1)noerror: That the query was successful;
(2)REFUSED: Service Access Denied; [need to allow queries in the configuration file A record]
(3)SERVFAIL: Query failed record (dns server unable to reach a higher level [Configuration Server Gateway], refused cache);
(4)NXDOMAIN: This domain A record does not exist in the dns
4. Record Type
- SOA record (Start Of Authority record): starting authorization record
- A record (Adress record): The DNS IP addresses to the IPv4
- AAAA record (Adress record): the domain name resolves to the IP address of IPv6
- CNAME (Canonical the Name the Record): Alias Record
- MX records (Mail eXchange record): mail exchanger
- NS record (Name Server record): Dedicated to indicate the current zone DNS server
- PTR records (PoinTer Record): to convert the IP address to the host FQDN (fully qualified domain name)
Second, install and enable dns services
- Installation: DNF the install bind.x86_64 -Y
- Enable:
(1) start the service and set the service to boot: systemctl enable --now named
(2) permanently in the open dns firewall access: Firewall-cmd --permanent --add-Service = dns
(3) Refresh firewall enable the setting: Firewall-cmd --reload
(4) edit the main configuration file: vim the /etc/named.conf
(5) to restart the service: systemctl restart named
- Test: Once configured, we can use the client to resolve dns server address 192.168.1.135 of:
(1) configure the gateway on the host dns server:
(2) modify the dns servers in the client's point file:
Third, dns cache
- When a host first visit to a web page,The host DNS server to get the data from the distant server (114.114.114.114), and caching; So in other hosts or host a visit of time,Can be obtained directly from the host's cacheSuch a method is called a cache.
- Configuring cache:
Edit the main configuration file: vim the /etc/named.conf
restart the service: systemctl restart named
after the configurations, the local resolved faster rate
Four, dns forward to resolve
1. analytical positive
Definition: The domain names into IP addresses
- After the basic setting is completed the main configuration file, edit subfile: Vim /etc/named.rfc1912.zones
- Editing forward parsing library file:
cp -p /var/named/named.localhost /var/named/jia.com.zone
vim /var/named/jia.com.zone
At this point it is to dns.jia.com resolves to 192.168.1.135; the www.jia.com resolves to 192.168.1.111.
Note: 192.168.1.111 just an arbitrary set of values, do not judge this IP address is correct; in the enterprise, A list of record companies will give the correct IP. - Restart the service: systemctl restart named
- In the forward to resolve client queries:
2. Mail analytical and normative domain
- MX records : mail exchanger, it points to a mail server for e-mail messages received to locate the system in accordance with the mail server of the recipient address suffix.
- CNAME record (Alias points): domain name into an internal domain name, the domain name and then converted to an internal IP address.
- Steps forward and resolve the same, you can simply add the relevant parameters in the file parsing library:
- After restarting the service, the client test:
Five, dns reverse resolve
Definition: converts IP addresses to domain names
- Edit subfolders: vim /etc/named.rfc1912.zones
- Editing reverse lookup library file:
cp -p /var/named/named.loopback /var/named/192.168.1.ptr
vim /var/named/192.168.1.ptr
- Restart the service: systemctl restart named
- In the client test: DIG -x IP
Bi-directional parsing six, dns of
- Why set a two-way analysis: two-way resolved to ip when the target is in the same segment, shows the network ip, ip and when the target is not in the same network segment, the outer display of network ip.Achieve within the network and external network hosts hosts access the same domain, you can define different servers.
- Experimental environment :
(1) the IP server arranged two segments: the ifconfig ens160: 0 172.25.254.135 Netmask 225.225.225.0
different (2) Configuration Client two segments: two network client services respectively two end segments
(3) in the host 192.168.1 (intranet) network in the edit points file [dns] /etc/resolv.conf:
(4) the host 172.25.254 (outside the network) in the network edit /etc/resolv.conf dns points to the file []:
- Configuration:
(1) was added, and the external network configuration subfile:
CP -p /etc/named.rfc1912.zones /etc/named.rfc1912.inters
Vim /etc/named.rfc1912.inters
(2) was added, and the outer configuration net parsing library file:
cp -p /var/named/jia.com.zone /var/named/jia.com.inter
vim /var/named/jia.com.inter
(3) edit the main configuration file: vim / etc / named.conf
(4) to restart the service: systemctl restart named
- Experimental Test:
resolves the domain name on the host the same two segments of different records obtained A
