Introduction: in the network, when we visit a website, the computer should first know the IP address corresponding to the website you enter, such as www.baidu.com COM, how does the computer get the IP address corresponding to Baidu?
The computer will use DNS domain name resolution service to query the entered address to its corresponding IP address for network access. So what is DNS?
I DNS working principle and type
1.1DNS introduction
Domain name management system DNS(Domain Name System) means domain name resolution server. It is an application layer protocol and a service of the Internet. Its role in the Internet is to convert the domain name into an IP address that can be recognized by the network and access the host through the IP address. A name composed of words is obviously easier to remember.
There are only 13 root domain name servers in the world, with one primary root server in the United States and 12 secondary root servers, including 9 in the United States, two in Europe, in the United Kingdom and Sweden, and one in Asia in Japan
1.2 DNS protocol and function
The default port of DNS is 53. DNS ports are divided into TCP and UDP.
TCP is used for zone transfer. It is mostly used for master-slave synchronization. In a zone, the master DNS server reads the DNS data information of the zone from its own local data file, while the auxiliary DNS server reads the DNS data information of the zone from the master DNS server of the zone.
UDP is a domain name used for DNS resolution: it is usually identified by a Fully Qualified Domain Name (FQDN). The full name of FQDN is Fully Qualified Domain Name, which can accurately represent its position relative to the DNS domain tree root, that is, the complete expression from node to DNS tree root. It is written in reverse from node to tree root, and each node is marked with "." For the DNS domain google, its fully official domain name (FQDN) is google com.
FQDN naming has strict restrictions. The length cannot exceed 256 bytes. Only characters a-z,0-9,A-Z and minus sign (-) are allowed. Point number (.) Only allowed between domain name flags (e.g. "google.com") or at the end of FQDN.
Domain names are not size sensitive. From the top to the bottom, they can be divided into: root domain, top-level domain, secondary domain and sub domain, that is, the full domain name: the name with both host name and domain name
FQDN = Hostname + DomainName
For example: www baidu . com.
DNS function: forward resolution: find the corresponding IP address according to the domain name
Reverse resolution: find the corresponding domain name according to the IP address
1.3 DNS domain name architecture
The structure of DNS system is distributed data structure
1. Root domain: at the top of the tree structure, use "." express
2. Top level domain: generally represents a type of organization or country or region; Such as Net (network provider). cn (Chinese national domain name)
3. Secondary domain: used to indicate a specific organization within the top-level domain. The secondary domain name under the national top-level domain is uniformly managed by the national department
4. Sub domain: all levels of domains created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name
5. Host: the host is located at the bottom of the domain name space, which is a specific computer
There is a many to one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address
Common DNS domain name address:
114.114.114.114 is the DNS commonly used by China Mobile, China Telecom and China Unicom. Both mobile phones and computers can be used.
8.8.8.8 is the DNS provided by GOoGLE company. The address is universal in the world. Relatively speaking, it is more suitable for foreign countries and users visiting foreign websites
223.5.5.5 and 223.6.6.6: alicloud DNS
1.4 DNS query method
1.4.1 recursive query
The query from the host to the local domain name server generally adopts recursive query.
The so-called recursive query is: if the local domain name server queried by the host does not know the IP address of the queried domain name, the local domain name server will continue to send query request messages to other root domain name servers as a DNS client (that is, continue to query for the host), rather than let the host conduct the next query. Therefore, the query result returned by recursive query is either the IP address to be queried, or an error is reported, indicating that the required IP address cannot be queried.
1.4.2 iterative query
The way the local domain name server queries the root domain name server is called iterative query
Features of iterative query: when the root domain name server receives the iterative query request message sent by the local domain name server, it either gives the IP address to be queried or tells the local server: "which domain name server should you query next".
Then let the local server make subsequent queries. The root domain name server usually tells the local domain name server the IP address of the top-level domain name server it knows, and then the local domain name server queries the top-level domain name server.
After receiving the query request from the local domain name server, the top-level domain name server either gives the IP address to be queried or tells the local server which authority domain name server to query in the next step.
Finally, know the IP address to be resolved or report an error, and then return the result to the host initiating the query
1.5 DNS server type
1. Main domain name server: responsible for maintaining all domain name information in a region. It is the authoritative information source of all specific information, and the data can be modified. When building the master domain name server, you need to establish the address data file of the responsible area.
2. Slave domain name server: when the master domain name server fails, shuts down or is overloaded, the slave domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.
3. Caching domain name server: it only provides the caching function of domain name resolution results, which aims to improve the query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and puts it in the cache. It will respond to the same information in the future. The cached domain name server is not an authoritative server because all the information provided is indirect. When building a cached domain name server, you must set the root domain or specify another DNS server as the resolution source.
4. Forwarding domain name server: responsible for local query of all non local domain names. After receiving the query request, the forwarding domain name server will find it in its cache. If it cannot find it, it will forward the request to the specified domain name server in turn until the search result is found. Otherwise, it will return the unmapped result.
II DNS domain name resolution service configuration
2.1 installing bind software
1. Check and install bind software
[root@xiayan ~]# rpm -q bild Package not installed bild [root@xiayan ~]# yum install -y bild
2. Query bind software configuration file
[root@xiayan ~]# rpm -qc bind #Query bind software configuration file path /etc/named.conf #Main program configuration file /etc/named.rfc1912.zones #Zone profile /named/named.localhost #Area data profile
2.2 forward resolution configuration
1. Edit main program configuration
[root@xiayan ~]# cp -p /etc/named.conf /etc/name.conf.bak #Backup profile
[root@xiayan ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.48.6; }; #The listening port is 53, and the listening IP address is the local IP address
# listen-on-v6 port 53 { ::1; }; #IPV6 will not be used temporarily
directory "/var/named"; #Default storage location of area data files
dump-file "/var/named/data/cache_dump.db"; #Domain name cache database file location
statistics-file "/var/named/data/named_stats.txt"; #Status statistics file location
memstatistics-file "/var/named/data/named_mem_stats.txt"; #Memory statistics file location
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.48.0/24; }; #Allow the network segments resolved by this DNS. any refers to all network segments
2. Configure regional files
[root@xiayan ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak #backups
[root@xiayan ~]# vim /etc/named.rfc1912.zones
zone "localhost.localdomain" IN { #Forward resolve "localhost.localdomain" domain name
type master; #Type main area
file "named.localhost"; #Specify the area data file as named localhost
allow-update { none; };
};
3. Configure data area file
[root@xiayan ~]# cd /var/named #Directory of data area file
[root@xiayan named]# cp -p named.localhost xiayan.com.zone #Keep the source permission and copy in the current directory
[root@xiayan named]# vim xiayan.com.zone
$TTL 1D #Cache resolution result lifecycle
@ IN SOA xiayan.com. admin.xiayan.com. ( #The "@" symbol indicates the current DNS zone domain name
0 ; serial #Update serial number, which can be an integer within 10 digits
1D ; refresh #Refresh time, interval between downloading address data again
1H ; retry #Retry delay, retry interval after download failure
1W ; expire #Expiration time. If you still cannot download after that time, you will give up
3H ) ; minimum #Lifetime of invalid resolution x record
NS xiayan.com. #Records the name of the DNS server for the current zone
A 192.168.48.6 #Record host IP address
IN MX 10 mail.xiayan.com. #MX is a mail exchange record. The higher the number, the lower the priority
www IN A 192.168.48.6 #Record forward analysis www.benet.com Com corresponding IP
mail IN A 192.168.48.20
ftp IN CNAME www #CNAME uses alias, and ftp is the alias of www
* IN A 192.168.48.100 #Pan domain name resolution, "*" represents any host name
Restart the service after configuration: systemctl start named
If startup fails: tail -f /var/log/ message, you can check the log file to troubleshoot the error
ps: area data file address last = = "."== Don't forget
Change DNS
vim /etc/resolv.conf #The modification will take effect immediately nameserver 192.168.48.6 or vim /etc/ sysconfig/network- scripts/ ifcfg-ens33 #The network card needs to be restarted after modification DNS1=192.168.48.6 systemctl restart network
4. Test DNS resolution
nsloopup www.xiayan.com nslookup ftp.xiayan.com
Alias validation
2.3 reverse parsing configuration
1. Edit the main program configuration file
This configuration is the same as the forward resolution configuration
2. Configure regional files
[root@xiayan ~]# vim /etc/named.rfc1912.zones
zone "0.in-addr.arpa" IN { #Write the IP address in reverse, 192.168.48.0 in reverse: 48.168.192
type master;
file "named.empty"; #Specifies the reverse parsing data file, which is the same as the forward parsing data file
allow-update { none; };
};
3. Configure data area file
[root@xiayan named]# cp -p named.localhost xiayan.com.zone.local
[root@xiayan named]# vim xiayan.com.zone.local
Restart service: systemctl restart named
4. Test DNS reverse resolution
nslookup 192.168.48.100 nslookup 192.168.48.200
III DNS master-slave replication configuration
When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.
Use two servers to build master domain and slave domain servers
3.1 primary domain configuration
1. Edit the main program configuration file
2. Regional file configuration
Forward resolution:
zone "xiayan.com" IN {
type master; #type is the primary domain
file "xiayan.com.zone"; #Specify area file address
allow-transfer { 192.168.48.7; }; #Point to slave domain IP address
};
Reverse parsing:
zone "48.168.192.in-addr.arpa" IN { #Reverse resolution address 192.168.48.0 network segment, 0 can not be written
type master; #type is the primary domain
file "xiayan.com.zone"; #Specify area file address
allow-transfer { 192.168.48.7; }; #Point to slave domain IP address
};3. Regional data configuration
[root@xiayan ~]# cd /var/named #Directory of data area file [root@xiayan named]# cp -p named.localhost xiayan.com.zone #Keep the source permission and copy in the current directory [root@xiayan named]# vim xiayan.com.zone
Restart service: systemctl restart named
4. Change DNS
vim /etc/resolv.conf #The modification will take effect immediately nameserver 192.168.48.6 or vim /etc/ sysconfig/network- scripts/ ifcfg-ens33 #The network card needs to be restarted after modification DNS1=192.168.48.6 systemctl restart network
3.2 slave domain configuration
1. Edit the main program configuration file
The master program configuration of the slave domain is the same as that of the master domain
2. Regional file configuration
vim /etc/named.rfc1912.zones
Forward resolution:
zone "xiayan.com" IN {
type slave; #The type is slave domain
file "slave/xiayan.com.zone"; #Point to the location of the data from the domain area
masters { 192.168.48.6; }; #Point to primary domain IP
};
Reverse parsing:
zone "48.168.192.in-addr.arpa" IN {
type slave; #The type is slave domain
file "slave/xiayan.com.zone"; #Point to the location of the data from the domain area
masters { 192.168.48.6; }; #Point to primary domain IP
}; Restart service: systemrestart
3. Change DNS
vim /etc/resolv.conf #The modification will take effect immediately nameserver 192.168.48.7 or vim /etc/ sysconfig/network- scripts/ ifcfg-ens33 #The network card needs to be restarted after modification DNS1=192.168.48.7 systemctl restart network
3.3 testing the master-slave domain server
1. Primary domain server resolution test
2. Parse test from domain server
Stop the primary domain server and use the secondary domain server to resolve
IV DNS separation and resolution
The separated domain name server is actually the primary domain name server, which mainly refers to providing different domain name resolution records according to different clients. For example, from the Intranet
When clients in different network segment address areas of the external network request to resolve the same domain name, they will be provided with different resolution results to obtain different IP addresses.
Note: DNS separation and resolution is to resolve the same domain name of internal and external networks into different IP addresses.
Configure the gateway server to set up DNS separation and resolution
Set up DNS separation and resolution in the gateway server to enable the LAN host to resolve www.xiayan.com COM is 192.168.48.10, and the Internet host is analyzed at www.xiayan.com com
Is 10.0.0.10.
1. Configure main program file
2. Regional file configuration
Intranet editing:
view "int" { #Define an extranet view, which represents container segmentation
match-clients { 192.168.48.0/24; }; #Match intranet segment
zone "xiayan.com" IN { #Area to resolve
type master;
file"xiayan.com.zone.int"; #Area data file location
zone "." IN { #This is the root domain configuration file, which is cut from the main configuration file
type hint; #hint is the root zone type
file "named.ca";
};
};
};Internet editor:
view "out" {
match-clients { 10.0.0.0/24; };
zone "xiayan.com" IN {
type master;
file"xiayan.com.zone.out";
};
};
3. Data area file configuration
Intranet data area configuration
[root@xiayan named]# cp -p named.localhost xiayan.com.zone.int
[root@xiayan named]# vim xiayan.com.zone.int
$TTL 1D
@ IN SOA xiayan.com. admin.xiayan.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS xiayan.com.
A 192.168.48.6 #Record host IP
www IN A 192.168.48.10 #Record forward analysis www.xiayan.com IP address corresponding to comExtranet data area setting
[root@xiayan named]# cp -p named.localhost xiayan.com.zone.out
[root@xiayan named]# vim xiayan.com.zone.out
$TTL 1D
@ IN SOA xiayan.com. amdin.xiayan.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS xiayan.com.
A 10.0.0.2 #Record host IP
www IN A 10.0.0.10 #Record forward analysis www.xiayan.com IP address corresponding to com4. Network card configuration
Add a network card to the intranet server
Edit the network card information just added:
ifconfig -a #View the newly added network card information cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36 #Copy the original ens33 configuration and rename it ens36 ifup ens36 #Open a new network card vim /etc/sysconfig/network-scripts/ifcfg-ens36 #Change network card information
Change the external network server network card
5. Internal and external network analysis test
Intranet test
Extranet test
V summary
1.DNS resolution methods include forward resolution and reverse resolution. Forward resolution is to resolve the domain name to an IP address, while reverse resolution is the opposite
2. The working principle of DNS includes recursion and iteration; Recursion is the way that the host queries the local domain name server; Iteration is the way that the local domain name server queries the root server.
3. Master slave domain server. When the master domain server goes down, the slave domain server will replace it; The slave server will copy the relevant configuration of the primary domain server
4. Separate resolution: internal and external networks share a domain name, but the corresponding IP addresses are different
5.bind configuration files are mainly divided into: service master configuration file, regional configuration file and regional data file