DNS domain name resolution and configuration of Linux

DNS concept

In daily life, people are used to using domain names to access servers, but machines only recognize IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address. The conversion between them is called domain name resolution. Domain name resolution needs to be completed by a special domain name resolution server, and the whole process is automatic.

Definition of DNS

  • DNS is the English abbreviation of "domain name system". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet.
  • NDS service uses TCP and UDP port 53. TCP port 53 is used to connect to DNS server and UDP port 53 is used to resolve DNS.
  • The length of each level of domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.

Domain name structure

http://www.sina.com.cn./
http: / / hostname Subdomain Secondary domain Top level domain root domain/

The top layer of the tree structure is called the root domain, with "." It means that the corresponding server is called the root server, and the resolution right of the whole domain name space belongs to the server, but the root server cannot bear a huge load. The "delegation" mechanism is adopted to set up some top-level domains under the root domain, and then delegate the resolution right of different top-level domains to the corresponding top-level domain servers respectively, such as assigning the resolution right of COM domain to COM domain server, In the future, any domain name resolution request ending in com will be forwarded to the COM domain server. Similarly, in order to reduce the pressure of the top-level domain, several secondary domains are set up, and the secondary domain is set up with three-level domains or hosts.

  • Root domain
    It is located at the top of the domain name space, usually with a "." express
  • Top level domain
    It generally represents a type of organization or country,
    Such as . net Com (industrial and commercial enterprises) Org (group organization) Edu (educational institution) Gov (government department) CN (Chinese national domain name)
  • Secondary domain
    It is used to indicate a specific organization within the top-level domain. The secondary domain names under the national top-level domain are uniformly managed by the national network department,
    Such as Cn secondary domain name set under the top-level domain name: com.cn net.cn edu.cn
  • Subdomain
    The domains at all levels created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name
  • host
    The host is located at the bottom of the domain name space, which is a specific computer,
    If WWW and mail are specific computer names, you can use www.sina.com com. cn., mail.sina.com.cn. This representation is called FQDN (fully qualified domain name), which is also the full name of the host in the domain name

DNS domain name resolution method

  • Forward resolution: find the corresponding IP address according to the domain name
  • Reverse resolution: find the corresponding domain name according to the IP address

DNS server type

  • Main domain name server: responsible for maintaining all domain name information in a region. It is the authoritative information source of all specific information, and the data can be modified. When building the master domain name server, you need to establish the address data file of the responsible area.

  • Slave domain name server: when the master domain name server fails, shuts down or is overloaded, the slave domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.

  • Caching domain name server: it only provides the caching function of domain name resolution results, which aims to improve the query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and puts it in the cache. It will respond to the same information in the future. The cached domain name server is not an authoritative server because all the information provided is indirect information. When building a cached domain name server, you must set the root domain or specify another DNS server as the resolution source.

  • Forwarding domain name server: responsible for local query of all non local domain names. After receiving the query request, the forwarding domain name server will find it in its cache. If it cannot find it, it will forward the request to the specified domain name server in turn until the search result is found. Otherwise, it will return the unmapped result.

Steps to build DNS domain name resolution server

Install bind package

yum -y install bind

Configure forward parsing (command)

First check the path of the configuration file to be modified

rpm -qc bind   					#Query the path of bind software configuration file
/etc/named.conf					#Master profile
/etc/named.rfc1912.zones		#Zone profile
/var/named/named.localhost		#Area data profile

Modify master profile

vim /etc/named.conf
options {
    listen-on port 53 { 192.168.249.10; };	#Listen to port 53. The IP address uses the local IP that provides the service, or any can be used to represent all
   #listen-on-v6 port 53 { ::1; };			#ipv6 lines can be commented out or deleted if they are not used
    directory       "/var/named";			#Default storage location of area data files
    dump-file       "/var/named/data/cache_dump.db";	#Location of domain name cache database file
    statistics-file "/var/named/data/named_stats.txt";	#Location of status statistics file
    memstatistics-file "/var/named/data/named_mem_stats.txt";	  #Location of memory statistics file
    allow-query     { any; };   #The network segments that are allowed to use this DNS resolution service can also be represented by any
......
}	
 zone "." IN {						#Forward parsing "." Root region
    type hint;					#Type is root area
    file "named.ca";			#The area data file is named Ca, which records the domain name and IP address of 13 root domain servers
};
 include "/etc/named.rfc1912.zones";		#Contains all the configurations in the area configuration file

Modify the regional configuration file and add the forward regional configuration

vim /etc/named.rfc1912.zones		#There can be templates in the file, which can be modified after copying and pasting
zone "xyz.com" IN {				#Forward parsing "xyz.com" area
    type master;				#Type main area
    file "xyz.com.zone";		#Specify the area data file as XYZ com. zone
    allow-update { none; };     #Ignore it. You don't need to configure it. Just default
};

Configure forward area data file

cd /var/named/
cp -p named.localhost xyz.com.zone	#Keep the permission of the source file and the copy attribute of the owner
vim /var/named/xyz.com.zone
$TTL 1D														#Set the effective time for caching parsing results
@       IN SOA  xyz.com. admin.xyz.com. (        #"." after mail and domain name Can't forget
                                    0       ; serial
                                    1D      ; refresh
                                    1H      ; retry
                                    1W      ; expire
                                    3H )    ; minimum
      NS      xyz.com.           #Record the name of the DNS server for the current zone (required)
      А       192.168.249.10    #Record host IP address (essential)

IN   MX   10      mail.xyz.com.   #MX is a mail exchange record. The higher the number, the lower the priority
www  IN   A       192.168.249.20     #Record forward analysis www.xyz.com Com corresponding IP
mail IN   A       192.168.249.21        #Forward resolved address of mailbox
ftp  IN   CNAME    www              #CNAME uses alias, and ftp is the alias of www
*    IN   A        192.168.249.200    #Pan domain name resolution, "*" represents any host name

Start the service and turn off the firewall

systemctl start named
systemctl stop firewalld
setenforce 0	
#If the service fails to start, you can check the log file to troubleshoot the error
tail -f /var/log/messages
#If the service starts stuck, you can execute the following command to solve it
rndc-confgen -r /dev/urandom -a

Add the DNS server address in the domain name resolution configuration file of the client

vim /etc/resolv.conf			#The modification will take effect immediately
nameserver 192.168.249.10
 or
vim /etc/sysconfig/network-scripts/ifcfg-ens33		#The network card needs to be restarted after modification
DNS1=192.168.249.10

systemctl restart network

Test DNS resolution

host www.xyz.com
nslookup www.xyz.com

Configure forward resolution (operation)

First check the path of the configuration file to be modified

Modify master profile

Modify zone profile

Configure forward area data file


Start the service and turn off the firewall

Add the DNS server address in the domain name resolution configuration file of the client


Test DNS resolution on client

Configure reverse parsing (command)

Modify the area configuration file and add the reverse area configuration

vim /etc/named.rfc1912.zones						#There are templates in the file, which can be modified after copying and pasting
zone "249.168.192.in-addr.arpa" IN {			#The reverse resolved address is written upside down, which represents the address of 192.168.163
    type master;
    file "xyz.com.zone.local";			#Specify the area data file as XYZ com. zone. local
    allow-update { none; };
};

Configure reverse zone data file

cd /var/named/
cp -p named.localhost xyz.com.zone.local
vim /var/named/xyz.com.zone.local
$TTL 1D
@       IN SOA  xyz.com. admin.xyz.com. (		#The "@" here represents the address of 192.168.249
                                    0       ; serial
                                    1D      ; refresh
                                    1H      ; retry
                                    1W      ; expire
                                    3H )    ; minimum
    NS      xyz.com.
    A       192.168.249.20
200 IN  PTR     www.xyz.com.

#The reverse pointer is 192.249, and the result is pty20.249 com.

Restart the service for testing

systemctl restart named
host 192.168.249.20
nslookup 192.168.249.20

Configure reverse resolution (operation)

Modify the area configuration file and add the reverse area configuration

Configure reverse zone data file


Restart the service for testing

Build master-slave domain name server (command)

Follow the above configuration environment
Modify the zone configuration file of the primary domain name server, and modify the forward and reverse zone configuration

vim /etc/named.rfc1912.zones
zone "xyz.com" IN {
	type master;                  				#Type main area
	file "xyz.com.zone";
	allow-transfer { 192.168.249.10; };       	#It is allowed to download forward area data from the server, and the IP address of the server is added here
};

zone "249.168.192.in-addr.arpa" IN {			
    type master;
    file "xyz.com.zone.local";		
    allow-transfer { 192.168.249.10; };
};

Modify the master profile from the domain name server

yum -y install bind
vim /etc/named.conf
options {
   listen-on port 53 { 192.168.163.15; };	#Listen to port 53. The IP address can use the local IP that provides the service, or any can represent all
   #listen-on-v6 port 53 { ::1; };			
   directory       "/var/named";			
   dump-file       "/var/named/data/cache_dump.db";	
   statistics-file "/var/named/data/named_stats.txt";	
   memstatistics-file "/var/named/data/named_mem_stats.txt";	
   recursing-file  "/var/named/data/named.recursing";
   secroots-file   "/var/named/data/named.secroots";
   allow-query     { any; }; 				#The network segments that are allowed to use this DNS resolution service can also be represented by any
  ......
}

Modify the domain name server regional configuration file and add positive and negative regional configurations

vim /etc/named.rfc1912.zones
zone "xyz.com" IN {
	type slave;							#Type is from area
	masters { 192.168.249.20; };			#Specify the IP address of the primary server
	file "slaves/xyz.com.zone";   	#Save the downloaded area data file to the slave / directory
};

zone "249.168.192.in-addr.arpa" IN {	
    type slave;
	masters { 192.168.249.20; };
    file "slaves/xyz.com.zone.local";
};

Both the master and slave restart the service, close the firewall, and check whether the regional data file has been downloaded successfully

systemctl restart named    
systemctl stop firewalld     #Turn off the firewall, be sure to turn it off
setenforce 0
ls -l /var/named/slaves/

Add the slave DNS server address in the domain name resolution configuration file of the client

echo "nameserver 192.168.249.20" >> /etc/resolv.conf
echo "nameserver 192.168.249.10" >> /etc/resolv.conf

test

host 192.168.249.20
nslookup 192.168.249.20

#Stop the service of the primary server and simulate the failure of the primary server
systemctl stop named
host 192.168.249.20
nslookup 192.168.249.20

Build master-slave domain name server (operation)

Modify the regional configuration file of the primary domain name server, and modify the forward and reverse regional configuration




Turn off firewall and restart

Modify the master profile from the domain name server
Install the service first, then edit the main configuration file

Modify the zone configuration of the slave domain name server, and add positive and negative zone configurations


Turn off firewall and restart


Reopen a client
Add the slave DNS server address in the domain name resolution configuration file of the client


test

Simulate primary server failure

client:

Tags: Linux

Posted by echoofavalon on Sat, 16 Apr 2022 15:20:49 +0930