Linux service configuration-DNS Service

I. DNS (Domain Name Server)

DNS is a domain name resolution service. The service types include: high-speed cache DNS service, primary domain service, and secondary domain service.

Port Number: 53.

The root domain name is.. top-level domain names include cn kr us gov com net edu and so on.

The package for installing DNS is BIND (Berkeley Internet Name Daemon ).

Bind-utils bind-chroot three packages, www.isc.org. the bind-chroot package is used to improve security by setting the DNS configuration file/etc/named. conf, create a hard link to go to the/var/named/chroot/etc/folder, and use the service account to log on, without using the root user to log on. Note! To modify the configuration file, modify the configuration file under/etc/. This will be automatically synchronized to the link file under chroot.

DNS service configuration steps:

Detailed description of the configuration file/var/named. localhost

When/etc/name. when creating a zone in the conf file, when file = "name. zone "must create a/var/named/name. zone file. You can use cp-a/var/named. localhost/var/named/name. you must keep the file attributes!

$ TTL 39560 indicates that the address cache timeout time of secondary DNS is 39560 seconds.

@ Indicates the host domain name. For example, www.baidu.com indicates baidu.com.

SOA (Start Of Authority) indicates the primary DNS. The following parameters are followed by FQDN (full name domain name), and the second parameter is followed by an email server domain name. For example, mail.baidu.com indicates that when an error occurs, send a report to this email address.

{} The parameters in brackets set rules for secondary DNS to obtain table information corresponding to the domain name IP address from the primary DNS.

NS (Name Server) indicates the Domain Name Server, followed by the full Name of the domain Name. When there are multiple secondary DNS in a domain, write all the domain names of the primary DNS and multiple secondary DNS.

A (Address) indicates the Address. A domain name such as mail.baidu.com or mail is written in front, and the corresponding IP Address is followed,

PTR indicates that the reverse domain name corresponds to a. However, when the zone in the reverse region is "15.172.in-addr. arpa", the parameter before PTR is the full name domain name after 192.244. Assume that the IP address is 172.15.244.192.

CNAME

MX

Configuration file/etc/named. conf

Parameter Parsing in option {}, where the configuration is global

Secursion no indicates that recursion is disabled, meaning that when no ing address exists in the cache and region data files, no iteration query is performed to the root node and no result is returned directly.

Directory "/var/named" indicates the location of the region file, which does not need to be modified.

Forward only means to forward only to the specified DNS server. If the specified DNS has no result, no longer ask the root DNS

Forwarders {172.5.3.6; 27.5.36.3;}; specify the address of the DNS server on the previous layer. The first one asks the second one If no response is received,

Zone "guangguang.com" IN {type forward forwarders 172.15.6.3} indicates that when the query domain gaungguang.com is forwarded to 172.15.16.3, it only takes effect for the guangguang.com domain.