DNS and bind for Linux

Bind as the main implementation of DNS application, so it is particularly important;

In general CentOS, we need to use Yum to install a bind, and then start the BIND program, and then check whether it is active;

Named is the DNS service

Then look at the main configuration file for bind; in/etc/named.conf; Then there are many options;

The meaning of the option:

Global Configuration segment:

Options {

Listen-on Port 53 {127.0.0.1; 172.16.1.74;};

The socket that the named process listens on when starting the DNS service; [Any|none]

Directory "/var/named";

Define the root directory of the parse library (zone database file), and after you add this configuration statement in the master configuration file, you can use relative paths when defining the zone database later.

allow-query {localhost;};

Access control statement, which means that the server is allowed to handle the requests of the parsing queries sent by the host, and localhost is the default, that is, only allow the native to send query requests with 127.0.0.1;

recursion Yes;

Allow the server to make recursive queries for all query requests;

allow-recursion {172.16.1.74/16;};

Access control directives: allow those clients to do recursive queries;

Pid-file "/run/named/named.pid";

Define the path to the main process PID file;

};

Zone Configuration segment:

Zone "FQDN" in {

Declares a zone name, which is represented by an FQDN, such as: qhdlink.com

Type master;

Type of zone:

Master: Main zone:

Slave: Auxiliary area;

Hint: Prompt area, can only be set on the root domain;

Forward: forwarding area;

File "Named.localhost";

The path of the database file that holds the parsed information about the domain, or, in the case of a relative path, the directory defined by the "directory" directive on the global configuration side of the master configuration file;

Note: File ownership and permission settings must allow named users to have read access;

allow-update {none;};

Access control directives that allow those clients to dynamically update the contents of the database, mainly for DDNS;

Allow-transfer {172.16.0.0/16;};

Access control directives: Allow those hosts to be able to transfer zones from the current server;

allow-recursion {172.16.1.74/16;};

Access control directives: allow those clients to do recursive queries;

allow-query{address_match_element;..};

Access control directives: Allow those hosts to parse queries within the region;

allow-update {address_match_element;..};

Access control directives: Allow those hosts to send zone change notifications to the current server;

};

After configuring the configuration file for bind, it is necessary to use named-checkconf to detect the correct writing format of the file;

After the detection, the contents of the configuration file will not take effect immediately, so we need to re-read the named program, you can use the Systemctl command, or you can use the RNDC reload to read;

Example of a zone configuration file:

Zone "FQDN" in {

Type master;

File "Fqdn.zone";

allow-update {none;};

Allow-tranfer {none;};

}

When the zone configuration file is configured, we need to add records to its database;

In the database, there are various records written in the format, a brief introduction of various records of the writing format;

Soa:

dn| FQDN: The domain name of the current domain, such as: qhdlink.com.

Alternatively, use "@" instead of the domain name, and the @ symbol to replace it with the domain name defined in the master configuration file;

VALUE: Consists of the following parts:

1. FQDN of the primary name server in the current domain;

2. The mailbox address of the database administrator for the current domain, you need to use "." Instead of "@": root.qhdlink.com.

3. Definition of the relevant time parameters for zone transfer by the primary name server:

(Serial Refresh Retry expeir TTL)

(Serial;

Refresh;

Retry;

Expeir;

TTL;)

NS Records:

Name: domain name of the current domain, can write fully qualified domain name FQDN, can write @ placeholder, can also omit to write, if omitted does not write, it means that the name of the resource record is the same as the name of the previous resource record;

Value: FQDN of the name server that is authorized in the current zone;

Attention:

1. How many NS resource records need to be written for the number of name servers in a domain;

2. Each NS resource record must have an A record corresponding to it;

MX Record:

Name: domain name of the current domain, can write fully qualified domain name FQDN, can write @ placeholder, can also omit to write, if omitted does not write, it means that the name of the resource record is the same as the name of the previous resource record;

Rr_type:ms Priority

Value: The FQDN of a valid mail server in the current domain;

Attention:

1. In a domain, you can have multiple MX resource records that determine the order of use by priority size;

2. Each MX resource record must correspond to a record of A;

A record:

Name: The FQDN of the specified host in the domain;

value; The true and valid Ipv4 address on the host;

Example:

www.qhdlink.com. 43200 in A 192.168.1.1

www 43200 in A 192.168.1.1

Generic Domain name:

*.qhdlink.com. 43200 in A 192.168.1.1

* 43200 in A 192.168.1.1

Direct Domain Name resolution:

qhdlink.com. 43200 in A 192.168.1.1

Usually, the pan domain name or the direct domain name is to prevent the user to write the wrong name and result in unable to give the correct parsing result;

CNAME record:

Name: The alias of the specified host in the domain;

Value: The FQDN of the true host;

Example:

ftp.qhdlink.com [86400] in Cnane www.qhdlink.com.

FTP [86400] in Cnane www

PTR record:

Name: The IP address of the four eight-bit group in turn, the IP address of the host part plus the reverse domain domain name suffix;

If the IP address is: 172.16.1.100/16, its corresponding name of the wording;

100.1 in PTR www.qhdlink.com.

100.1.16.172.in-addr.arpa. In PTR www.qhdlink.com.

Value: The FQDN in the domain that corresponds to the specified IP address;

Note: The value section must write the FQDN, absolutely cannot omit the domain name suffix, and finally must be "." The BIND program then complements the domain name of the reverse domain;

After writing the database contents of the domain in the configuration file, it is necessary to use the Named-checkzone command to write the test data in the correct format;

Named-checkzone FQDN Fqdn.zone

After the configuration is completed, we can complete the local domain name resolution after we use RNDC reload to reload the configuration file;

Several common commands for testing domain name resolution; dig,host,nslookup

DNS and bind for Linux