DNS concept
In daily life, people are used to using domain names to access servers, but machines only recognize IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address. The conversion between them is called domain name resolution. Domain name resolution needs to be completed by a special domain name resolution server, and the whole process is automatic.
Definition of DNS
- DNS is the English abbreviation of "domain name system". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet.
- NDS service uses TCP and UDP port 53. TCP port 53 is used to connect to DNS server and UDP port 53 is used to resolve DNS.
- The length of each level of domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.
Domain name structure
http://www.sina.com.cn./
http: / / hostname Subdomain Secondary domain Top level domain root domain/
The top layer of the tree structure is called the root domain, with "." It means that the corresponding server is called the root server, and the resolution right of the whole domain name space belongs to the server, but the root server cannot bear a huge load. The "delegation" mechanism is adopted to set up some top-level domains under the root domain, and then delegate the resolution right of different top-level domains to the corresponding top-level domain servers respectively, such as assigning the resolution right of COM domain to COM domain server, In the future, any domain name resolution request ending in com will be forwarded to the COM domain server. Similarly, in order to reduce the pressure of the top-level domain, several secondary domains are set up, and the secondary domain is set up with three-level domains or hosts.
- Root domain
It is located at the top of the domain name space, usually with a "." express - Top level domain
It generally represents a type of organization or country,
Such as . net Com (industrial and commercial enterprises) Org (group organization) Edu (educational institution) Gov (government department) CN (Chinese national domain name) - Secondary domain
It is used to indicate a specific organization within the top-level domain. The secondary domain names under the national top-level domain are uniformly managed by the national network department,
Such as Cn secondary domain name set under the top-level domain name: com.cn net.cn edu.cn - Subdomain
The domains at all levels created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name - host
The host is located at the bottom of the domain name space, which is a specific computer,
If WWW and mail are specific computer names, you can use www.sina.com com. cn., mail.sina.com.cn. This representation is called FQDN (fully qualified domain name), which is also the full name of the host in the domain name
DNS domain name resolution method
- Forward resolution: find the corresponding IP address according to the domain name
- Reverse resolution: find the corresponding domain name according to the IP address
DNS server type
-
Main domain name server: responsible for maintaining all domain name information in a region. It is the authoritative information source of all specific information, and the data can be modified. When building the master domain name server, you need to establish the address data file of the responsible area.
-
Slave domain name server: when the master domain name server fails, shuts down or is overloaded, the slave domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.
-
Caching domain name server: it only provides the caching function of domain name resolution results, which aims to improve the query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and puts it in the cache. It will respond to the same information in the future. The cached domain name server is not an authoritative server because all the information provided is indirect information. When building a cached domain name server, you must set the root domain or specify another DNS server as the resolution source.
-
Forwarding domain name server: responsible for local query of all non local domain names. After receiving the query request, the forwarding domain name server will find it in its cache. If it cannot find it, it will forward the request to the specified domain name server in turn until the search result is found. Otherwise, it will return the unmapped result.
Steps to build DNS domain name resolution server
Install bind package
yum -y install bind
Configure forward parsing (command)
First check the path of the configuration file to be modified
rpm -qc bind #Query the path of bind software configuration file /etc/named.conf #Master profile /etc/named.rfc1912.zones #Zone profile /var/named/named.localhost #Area data profile
Modify master profile
vim /etc/named.conf options { listen-on port 53 { 192.168.249.10; }; #Listen to port 53. The IP address uses the local IP that provides the service, or any can be used to represent all #listen-on-v6 port 53 { ::1; }; #ipv6 lines can be commented out or deleted if they are not used directory "/var/named"; #Default storage location of area data files dump-file "/var/named/data/cache_dump.db"; #Location of domain name cache database file statistics-file "/var/named/data/named_stats.txt"; #Location of status statistics file memstatistics-file "/var/named/data/named_mem_stats.txt"; #Location of memory statistics file allow-query { any; }; #The network segments that are allowed to use this DNS resolution service can also be represented by any ...... } zone "." IN { #Forward parsing "." Root region type hint; #Type is root area file "named.ca"; #The area data file is named Ca, which records the domain name and IP address of 13 root domain servers }; include "/etc/named.rfc1912.zones"; #Contains all the configurations in the area configuration file
Modify the regional configuration file and add the forward regional configuration
vim /etc/named.rfc1912.zones #There can be templates in the file, which can be modified after copying and pasting zone "xyz.com" IN { #Forward parsing "xyz.com" area type master; #Type main area file "xyz.com.zone"; #Specify the area data file as XYZ com. zone allow-update { none; }; #Ignore it. You don't need to configure it. Just default };
Configure forward area data file
cd /var/named/ cp -p named.localhost xyz.com.zone #Keep the permission of the source file and the copy attribute of the owner vim /var/named/xyz.com.zone $TTL 1D #Set the effective time for caching parsing results @ IN SOA xyz.com. admin.xyz.com. ( #"." after mail and domain name Can't forget 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS xyz.com. #Record the name of the DNS server for the current zone (required) А 192.168.249.10 #Record host IP address (essential) IN MX 10 mail.xyz.com. #MX is a mail exchange record. The higher the number, the lower the priority www IN A 192.168.249.20 #Record forward analysis www.xyz.com Com corresponding IP mail IN A 192.168.249.21 #Forward resolved address of mailbox ftp IN CNAME www #CNAME uses alias, and ftp is the alias of www * IN A 192.168.249.200 #Pan domain name resolution, "*" represents any host name
Start the service and turn off the firewall
systemctl start named systemctl stop firewalld setenforce 0 #If the service fails to start, you can check the log file to troubleshoot the error tail -f /var/log/messages #If the service starts stuck, you can execute the following command to solve it rndc-confgen -r /dev/urandom -a
Add the DNS server address in the domain name resolution configuration file of the client
vim /etc/resolv.conf #The modification will take effect immediately nameserver 192.168.249.10 or vim /etc/sysconfig/network-scripts/ifcfg-ens33 #The network card needs to be restarted after modification DNS1=192.168.249.10 systemctl restart network
Test DNS resolution
host www.xyz.com nslookup www.xyz.com
Configure forward resolution (operation)
First check the path of the configuration file to be modified
Modify master profile
Modify zone profile
Configure forward area data file
Start the service and turn off the firewall
Add the DNS server address in the domain name resolution configuration file of the client
Test DNS resolution on client
Configure reverse parsing (command)
Modify the area configuration file and add the reverse area configuration
vim /etc/named.rfc1912.zones #There are templates in the file, which can be modified after copying and pasting zone "249.168.192.in-addr.arpa" IN { #The reverse resolved address is written upside down, which represents the address of 192.168.163 type master; file "xyz.com.zone.local"; #Specify the area data file as XYZ com. zone. local allow-update { none; }; };
Configure reverse zone data file
cd /var/named/ cp -p named.localhost xyz.com.zone.local vim /var/named/xyz.com.zone.local $TTL 1D @ IN SOA xyz.com. admin.xyz.com. ( #The "@" here represents the address of 192.168.249 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS xyz.com. A 192.168.249.20 200 IN PTR www.xyz.com. #The reverse pointer is 192.249, and the result is pty20.249 com.
Restart the service for testing
systemctl restart named host 192.168.249.20 nslookup 192.168.249.20
Configure reverse resolution (operation)
Modify the area configuration file and add the reverse area configuration
Configure reverse zone data file
Restart the service for testing
Build master-slave domain name server (command)
Follow the above configuration environment
Modify the zone configuration file of the primary domain name server, and modify the forward and reverse zone configuration
vim /etc/named.rfc1912.zones zone "xyz.com" IN { type master; #Type main area file "xyz.com.zone"; allow-transfer { 192.168.249.10; }; #It is allowed to download forward area data from the server, and the IP address of the server is added here }; zone "249.168.192.in-addr.arpa" IN { type master; file "xyz.com.zone.local"; allow-transfer { 192.168.249.10; }; };
Modify the master profile from the domain name server
yum -y install bind vim /etc/named.conf options { listen-on port 53 { 192.168.163.15; }; #Listen to port 53. The IP address can use the local IP that provides the service, or any can represent all #listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; #The network segments that are allowed to use this DNS resolution service can also be represented by any ...... }
Modify the domain name server regional configuration file and add positive and negative regional configurations
vim /etc/named.rfc1912.zones zone "xyz.com" IN { type slave; #Type is from area masters { 192.168.249.20; }; #Specify the IP address of the primary server file "slaves/xyz.com.zone"; #Save the downloaded area data file to the slave / directory }; zone "249.168.192.in-addr.arpa" IN { type slave; masters { 192.168.249.20; }; file "slaves/xyz.com.zone.local"; };
Both the master and slave restart the service, close the firewall, and check whether the regional data file has been downloaded successfully
systemctl restart named systemctl stop firewalld #Turn off the firewall, be sure to turn it off setenforce 0 ls -l /var/named/slaves/
Add the slave DNS server address in the domain name resolution configuration file of the client
echo "nameserver 192.168.249.20" >> /etc/resolv.conf echo "nameserver 192.168.249.10" >> /etc/resolv.conf
test
host 192.168.249.20 nslookup 192.168.249.20 #Stop the service of the primary server and simulate the failure of the primary server systemctl stop named host 192.168.249.20 nslookup 192.168.249.20
Build master-slave domain name server (operation)
Modify the regional configuration file of the primary domain name server, and modify the forward and reverse regional configuration
Turn off firewall and restart
Modify the master profile from the domain name server
Install the service first, then edit the main configuration file
Modify the zone configuration of the slave domain name server, and add positive and negative zone configurations
Turn off firewall and restart
Reopen a client
Add the slave DNS server address in the domain name resolution configuration file of the client
test
Simulate primary server failure
client: