DNS domain name resolution


Introduction: in the network, when we visit a website, the computer should first know the IP address corresponding to the website you enter, such as www.baidu.com COM, how does the computer get the IP address corresponding to Baidu?
The computer will use DNS domain name resolution service to query the entered address to its corresponding IP address for network access. So what is DNS?

I DNS working principle and type

1.1DNS introduction

Domain name management system DNS(Domain Name System) means domain name resolution server. It is an application layer protocol and a service of the Internet. Its role in the Internet is to convert the domain name into an IP address that can be recognized by the network and access the host through the IP address. A name composed of words is obviously easier to remember.
There are only 13 root domain name servers in the world, with one primary root server in the United States and 12 secondary root servers, including 9 in the United States, two in Europe, in the United Kingdom and Sweden, and one in Asia in Japan

1.2 DNS protocol and function

The default port of DNS is 53. DNS ports are divided into TCP and UDP.
TCP is used for zone transfer. It is mostly used for master-slave synchronization. In a zone, the master DNS server reads the DNS data information of the zone from its own local data file, while the auxiliary DNS server reads the DNS data information of the zone from the master DNS server of the zone.
UDP is a domain name used for DNS resolution: it is usually identified by a Fully Qualified Domain Name (FQDN). The full name of FQDN is Fully Qualified Domain Name, which can accurately represent its position relative to the DNS domain tree root, that is, the complete expression from node to DNS tree root. It is written in reverse from node to tree root, and each node is marked with "." For the DNS domain google, its fully official domain name (FQDN) is google com.

FQDN naming has strict restrictions. The length cannot exceed 256 bytes. Only characters a-z,0-9,A-Z and minus sign (-) are allowed. Point number (.) Only allowed between domain name flags (e.g. "google.com") or at the end of FQDN.
Domain names are not size sensitive. From the top to the bottom, they can be divided into: root domain, top-level domain, secondary domain and sub domain, that is, the full domain name: the name with both host name and domain name
FQDN = Hostname + DomainName
For example: www baidu . com.

DNS function: forward resolution: find the corresponding IP address according to the domain name
Reverse resolution: find the corresponding domain name according to the IP address

1.3 DNS domain name architecture


The structure of DNS system is distributed data structure
1. Root domain: at the top of the tree structure, use "." express
2. Top level domain: generally represents a type of organization or country or region; Such as Net (network provider). cn (Chinese national domain name)
3. Secondary domain: used to indicate a specific organization within the top-level domain. The secondary domain name under the national top-level domain is uniformly managed by the national department
4. Sub domain: all levels of domains created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name
5. Host: the host is located at the bottom of the domain name space, which is a specific computer
There is a many to one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address
Common DNS domain name address:
114.114.114.114 is the DNS commonly used by China Mobile, China Telecom and China Unicom. Both mobile phones and computers can be used.
8.8.8.8 is the DNS provided by GOoGLE company. The address is universal in the world. Relatively speaking, it is more suitable for foreign countries and users visiting foreign websites
223.5.5.5 and 223.6.6.6: alicloud DNS

1.4 DNS query method

1.4.1 recursive query

The query from the host to the local domain name server generally adopts recursive query.
The so-called recursive query is: if the local domain name server queried by the host does not know the IP address of the queried domain name, the local domain name server will continue to send query request messages to other root domain name servers as a DNS client (that is, continue to query for the host), rather than let the host conduct the next query. Therefore, the query result returned by recursive query is either the IP address to be queried, or an error is reported, indicating that the required IP address cannot be queried.

1.4.2 iterative query

The way the local domain name server queries the root domain name server is called iterative query
Features of iterative query: when the root domain name server receives the iterative query request message sent by the local domain name server, it either gives the IP address to be queried or tells the local server: "which domain name server should you query next".
Then let the local server make subsequent queries. The root domain name server usually tells the local domain name server the IP address of the top-level domain name server it knows, and then the local domain name server queries the top-level domain name server.
After receiving the query request from the local domain name server, the top-level domain name server either gives the IP address to be queried or tells the local server which authority domain name server to query in the next step.
Finally, know the IP address to be resolved or report an error, and then return the result to the host initiating the query

1.5 DNS server type

1. Main domain name server: responsible for maintaining all domain name information in a region. It is the authoritative information source of all specific information, and the data can be modified. When building the master domain name server, you need to establish the address data file of the responsible area.
2. Slave domain name server: when the master domain name server fails, shuts down or is overloaded, the slave domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.
3. Caching domain name server: it only provides the caching function of domain name resolution results, which aims to improve the query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and puts it in the cache. It will respond to the same information in the future. The cached domain name server is not an authoritative server because all the information provided is indirect. When building a cached domain name server, you must set the root domain or specify another DNS server as the resolution source.
4. Forwarding domain name server: responsible for local query of all non local domain names. After receiving the query request, the forwarding domain name server will find it in its cache. If it cannot find it, it will forward the request to the specified domain name server in turn until the search result is found. Otherwise, it will return the unmapped result.

II DNS domain name resolution service configuration

2.1 installing bind software

1. Check and install bind software

[root@xiayan ~]# rpm -q bild
 Package not installed bild 
[root@xiayan ~]# yum install -y bild

2. Query bind software configuration file

[root@xiayan ~]# rpm -qc bind    #Query bind software configuration file path         
/etc/named.conf                  #Main program configuration file
/etc/named.rfc1912.zones         #Zone profile
/named/named.localhost           #Area data profile

2.2 forward resolution configuration

1. Edit main program configuration

[root@xiayan ~]# cp -p /etc/named.conf /etc/name.conf.bak  #Backup profile 
[root@xiayan ~]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.48.6; };                      #The listening port is 53, and the listening IP address is the local IP address
 #       listen-on-v6 port 53 { ::1; };                           #IPV6 will not be used temporarily
        directory       "/var/named";                             #Default storage location of area data files 
        dump-file       "/var/named/data/cache_dump.db";          #Domain name cache database file location
        statistics-file "/var/named/data/named_stats.txt";        #Status statistics file location
        memstatistics-file "/var/named/data/named_mem_stats.txt"; #Memory statistics file location 
        recursing-file  "/var/named/data/named.recursing";        
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { 192.168.48.0/24; };                     #Allow the network segments resolved by this DNS. any refers to all network segments

2. Configure regional files

[root@xiayan ~]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak #backups
[root@xiayan ~]# vim /etc/named.rfc1912.zones                        
zone "localhost.localdomain" IN {                       #Forward resolve "localhost.localdomain" domain name
type master;                                            #Type main area
 file "named.localhost";                                #Specify the area data file as named localhost
allow-update { none; };
};


3. Configure data area file

[root@xiayan ~]# cd /var/named             #Directory of data area file
[root@xiayan named]# cp -p named.localhost xiayan.com.zone  #Keep the source permission and copy in the current directory
[root@xiayan named]# vim xiayan.com.zone 
$TTL 1D                                                    #Cache resolution result lifecycle 
@     IN SOA  xiayan.com. admin.xiayan.com. (                #The "@" symbol indicates the current DNS zone domain name
                                        0       ; serial   #Update serial number, which can be an integer within 10 digits
                                        1D      ; refresh  #Refresh time, interval between downloading address data again
                                        1H      ; retry    #Retry delay, retry interval after download failure
                                        1W      ; expire   #Expiration time. If you still cannot download after that time, you will give up
                                        3H )    ; minimum  #Lifetime of invalid resolution x record
        NS     xiayan.com.          #Records the name of the DNS server for the current zone
        A       192.168.48.6       #Record host IP address
IN   MX  10    mail.xiayan.com.    #MX is a mail exchange record. The higher the number, the lower the priority
www  IN  A     192.168.48.6        #Record forward analysis www.benet.com Com corresponding IP
mail IN  A     192.168.48.20
ftp  IN CNAME  www                  #CNAME uses alias, and ftp is the alias of www
*    IN   A    192.168.48.100       #Pan domain name resolution, "*" represents any host name


Restart the service after configuration: systemctl start named
If startup fails: tail -f /var/log/ message, you can check the log file to troubleshoot the error
ps: area data file address last = = "."== Don't forget
Change DNS

vim /etc/resolv.conf                                      #The modification will take effect immediately
nameserver 192.168.48.6
 or
vim /etc/ sysconfig/network- scripts/ ifcfg-ens33         #The network card needs to be restarted after modification
DNS1=192.168.48.6
systemctl restart network

4. Test DNS resolution

nsloopup www.xiayan.com
nslookup ftp.xiayan.com


Alias validation

2.3 reverse parsing configuration

1. Edit the main program configuration file
This configuration is the same as the forward resolution configuration
2. Configure regional files

[root@xiayan ~]# vim /etc/named.rfc1912.zones
zone "0.in-addr.arpa" IN {       #Write the IP address in reverse, 192.168.48.0 in reverse: 48.168.192
        type master;
        file "named.empty";      #Specifies the reverse parsing data file, which is the same as the forward parsing data file
        allow-update { none; };
};


3. Configure data area file
[root@xiayan named]# cp -p named.localhost xiayan.com.zone.local

[root@xiayan named]# vim xiayan.com.zone.local

Restart service: systemctl restart named

4. Test DNS reverse resolution

nslookup 192.168.48.100
nslookup 192.168.48.200

III DNS master-slave replication configuration

When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.

Use two servers to build master domain and slave domain servers

3.1 primary domain configuration

1. Edit the main program configuration file

2. Regional file configuration

Forward resolution:
zone "xiayan.com" IN {
        type master;                         #type is the primary domain
        file "xiayan.com.zone";              #Specify area file address
        allow-transfer { 192.168.48.7; };    #Point to slave domain IP address
};
Reverse parsing:
zone "48.168.192.in-addr.arpa" IN {          #Reverse resolution address 192.168.48.0 network segment, 0 can not be written
        type master;                         #type is the primary domain
        file "xiayan.com.zone";              #Specify area file address
        allow-transfer { 192.168.48.7; };    #Point to slave domain IP address
};

3. Regional data configuration

[root@xiayan ~]# cd /var/named             #Directory of data area file
[root@xiayan named]# cp -p named.localhost xiayan.com.zone  #Keep the source permission and copy in the current directory
[root@xiayan named]# vim xiayan.com.zone 


Restart service: systemctl restart named
4. Change DNS

vim /etc/resolv.conf                                      #The modification will take effect immediately
nameserver 192.168.48.6
 or
vim /etc/ sysconfig/network- scripts/ ifcfg-ens33         #The network card needs to be restarted after modification
DNS1=192.168.48.6
systemctl restart network

3.2 slave domain configuration

1. Edit the main program configuration file
The master program configuration of the slave domain is the same as that of the master domain

2. Regional file configuration

vim /etc/named.rfc1912.zones
 Forward resolution: 
zone "xiayan.com" IN {            
        type slave;                       #The type is slave domain
        file "slave/xiayan.com.zone";     #Point to the location of the data from the domain area
        masters { 192.168.48.6; };         #Point to primary domain IP
};
Reverse parsing:
zone "48.168.192.in-addr.arpa" IN {        
        type slave;                       #The type is slave domain
        file "slave/xiayan.com.zone";     #Point to the location of the data from the domain area
        masters { 192.168.48.6; };         #Point to primary domain IP
}; 

Restart service: systemrestart
3. Change DNS

vim /etc/resolv.conf                                      #The modification will take effect immediately
nameserver 192.168.48.7
 or
vim /etc/ sysconfig/network- scripts/ ifcfg-ens33         #The network card needs to be restarted after modification
DNS1=192.168.48.7
systemctl restart network

3.3 testing the master-slave domain server

1. Primary domain server resolution test

2. Parse test from domain server
Stop the primary domain server and use the secondary domain server to resolve


IV DNS separation and resolution

The separated domain name server is actually the primary domain name server, which mainly refers to providing different domain name resolution records according to different clients. For example, from the Intranet
When clients in different network segment address areas of the external network request to resolve the same domain name, they will be provided with different resolution results to obtain different IP addresses.
Note: DNS separation and resolution is to resolve the same domain name of internal and external networks into different IP addresses.

Configure the gateway server to set up DNS separation and resolution
Set up DNS separation and resolution in the gateway server to enable the LAN host to resolve www.xiayan.com COM is 192.168.48.10, and the Internet host is analyzed at www.xiayan.com com
Is 10.0.0.10.
1. Configure main program file

2. Regional file configuration

Intranet editing:
view "int" {                            #Define an extranet view, which represents container segmentation
   match-clients { 192.168.48.0/24; }; #Match intranet segment
   zone "xiayan.com" IN {               #Area to resolve
      type master;                      
      file"xiayan.com.zone.int";     #Area data file location
zone "." IN {                        #This is the root domain configuration file, which is cut from the main configuration file 
        type hint;                   #hint is the root zone type 
        file "named.ca";
};
};
};

Internet editor:

view "out" {
   match-clients { 10.0.0.0/24; };    
   zone "xiayan.com" IN {
      type master;
      file"xiayan.com.zone.out";
};
};

3. Data area file configuration
Intranet data area configuration

[root@xiayan named]# cp -p named.localhost xiayan.com.zone.int
[root@xiayan named]# vim xiayan.com.zone.int 
$TTL 1D
@       IN SOA  xiayan.com. admin.xiayan.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      xiayan.com.    
        A       192.168.48.6           #Record host IP     
www  IN A       192.168.48.10          #Record forward analysis www.xiayan.com IP address corresponding to com

Extranet data area setting

[root@xiayan named]# cp -p named.localhost xiayan.com.zone.out
[root@xiayan named]# vim xiayan.com.zone.out
$TTL 1D
@       IN SOA  xiayan.com. amdin.xiayan.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      xiayan.com.
        A       10.0.0.2        #Record host IP 
www IN  A       10.0.0.10       #Record forward analysis www.xiayan.com IP address corresponding to com

4. Network card configuration
Add a network card to the intranet server


Edit the network card information just added:

ifconfig -a  #View the newly added network card information 
 cp /etc/sysconfig/network-scripts/ifcfg-ens33  /etc/sysconfig/network-scripts/ifcfg-ens36 #Copy the original ens33 configuration and rename it ens36
 ifup ens36  #Open a new network card
 vim /etc/sysconfig/network-scripts/ifcfg-ens36  #Change network card information 

Change the external network server network card

5. Internal and external network analysis test
Intranet test

Extranet test

V summary

1.DNS resolution methods include forward resolution and reverse resolution. Forward resolution is to resolve the domain name to an IP address, while reverse resolution is the opposite
2. The working principle of DNS includes recursion and iteration; Recursion is the way that the host queries the local domain name server; Iteration is the way that the local domain name server queries the root server.
3. Master slave domain server. When the master domain server goes down, the slave domain server will replace it; The slave server will copy the relevant configuration of the primary domain server
4. Separate resolution: internal and external networks share a domain name, but the corresponding IP addresses are different
5.bind configuration files are mainly divided into: service master configuration file, regional configuration file and regional data file

Tags: Linux Operation & Maintenance cloud computing

Posted by himnbandit on Fri, 15 Apr 2022 00:27:53 +0930