002. About DNS-BIND

I. Introduction to Linux-BIND server

BIND is short for Berkeley Internet Name Domain service. It is an open source software for implementing DNS servers. It has become the most widely used DNS server software in the world. Currently, more than half of the DNS servers on the Internet are built using bind, which has become the de facto standard in DNS.

2. DNS server type

• Cache Server: it is not responsible for resolution, acceleration only, and does not need to be registered
• Primary DNS server: Responsible for parsing local client requests
• Secondary DNS server: the regional data of the secondary server is copied from the primary server, and its data is read-only.

3. Bind introduction 3.1 bind details

• Package name: bind
• Process: named
• Protocol: DNS
• Port: 53 (TCP, UDP)

Related packages:

• Bind-chroot: limits the activity scope of the named process to the chroot directory to ensure security.
• Bind-devel: development-related header files and library files (required for compiling and installing bind)
• Bind-libs: Public library files used by both the BIND server and client
• Bind-utils: bind client Tool

Program file:/usr/sbin/named

Main Program Directory:/var/named

Main configuration file:/etc/named. conf

Bind permissions: After named is installed, the user named system user is automatically created.

3.2 BIND configuration file explanation

1/etc/logrotate. d/named/etc/named. conf # Master configuration file 2? /Etc/named. rfc1912.zones # region configuration file (included in the main configuration file using the include command) 3? /Etc/named. Root. Key # The key file in the root region to implement the transaction signature; 4? /Etc/rndc. conf # rndc (Remote name server Controller) Configuration File 5? /Etc/rndc. Key # rndc encryption key 6? /Etc/sysconfig/named 7? /Var/named. Ca # store files on 13 root servers/var/named. Empty 8? /Var/named. localhost 9? /Var/named. loopback

3.3 main configuration file

Named. conf. Each statement must end with a semicolon. Its functions are as follows:

• Define Region
• Define global configurations for each region
• Define View
• Define log

Section 1:

  1 options {  2   3 listen-on port 53 { 0.0.0.0/0; };  4   5 listen-on-v6 port 53 { ::1; };  6   7 directory "/var/named";  8   9 dump-file "/var/named/data/cache_dump.db"; 10  11 statistics-file "/var/named/data/named_stats.txt"; 12  13 memstatistics-file "/var/named/data/named_mem_stats.txt"; 14  15 allow-query { any; }; 16  17 recursion yes; 18  19 dnssec-enable yes; 20  21 dnssec-validation yes; 22  23 dnssec-lookaside auto; 24  25 bindkeys-file "/etc/named.iscdlv.key"; 26  27 managed-keys-directory "/var/named/dynamic"; 28  29 pid=file "/run/named/named.pid"; 30  31 session-keyfile "/run/named/session.key"; 32  33 };

Description of the main configuration items in Section 1:

• Listen-on: Specifies the IPv4 listening port and IP address. The default value is 53 and the IP address is 127.0.0.1;
• Directory: Specifies the directory in which named reads DNS data files. The default value is/var/named /;
• Dump-file: Specifies the location of the database file cached by the domain name. The default value is/var/named/data;
• Statistics-file: Specifies the path of the State Statistics file. The default value is/var/named/data;
• Allow-query: Set the client address that allows DNS query. The default value is localhost;
• Recursion: Set recursive queries. Yes: cloud-based recursive queries. No: recursive queries are not allowed. Recursive queries are allowed by default.

Section 2:

1 Logging {# define log 2 3 channel default_debug {4 5 file "Data/named. Run"; 6 7 severity dynamic; 8 9}; 10 11 };

Description of the main configuration items in Section 2:

• Channel: defines the log output mode, including syslog, text files, standard error output, or/dev/null;
• File: output to a plain text file;
• Severity: indicates the Severity Level of the message, including critical, error, warning, info, and debug;

Section 3:

  1 zone "." IN {  2   3 type hint;  4   5 file "named.ca";  6   7 allow-update { none; };  8   9 };

Description of the main configuration items in section 3:

• ZONE: defines a forward region and the corresponding domain name;
• Type: type, which generally includes master, slave, and hit. The meaning is as follows --
• MASTER: The Master Domain Name Server is defined;
• SLAVE: defines the secondary Domain Name Server;
• Hint: defines the root domain name server in the Internet.
• File: Specifies the name of the data file that stores DNS records. The default path is/var/named;
• Allow-Update: whether to allow the customer host or server to update DNS records by themselves.

3.4 Regional File

Region files include forward and reverse region files.

• Forward Region

  1 [[email protected] named]# vi /var/named/aliyun.com.zone  2 $TTL 300;  3 @   IN SOA  linuxmaster.aliyun.com. admin.aliyun.com. (  4                     2017051720;serial  5                     1H;refresh  6                     5M;retry  7                     7D;expiry  8                     3D );minimum  9     IN  NS  linuxmaster 10     IN  MX 20 MX 11 linuxmaster IN  A   172.24.8.10 12 www         IN  A   172.24.8.30 13 mirrors     IN  A   172.24.8.30 14 ftp         IN  CNAME   www

Forward region File explanation:

• TTL: defines the default TTL value of each record in the data file in the region;
• SOA: SOA record. @ indicates the corresponding domain name. Each region data file can have only one SOA, and the parameters include --
• Serial: indicates the version of the configuration file, in the format of year, month, and day plus the number of modifications;
• Refresh: Set the interval between secondary DNS and primary DNS;
• Retry: If the secondary DNS fails to update, how long will it take to retry;
• Expiry: Specifies how long the corresponding records will be cleared after the synchronization fails between the secondary DNS and the primary DNS;
• Minimum: The minimum TTL value by default. If TTL is not set before, the value prevails.
• NS: defines that this host belongs to the Domain Name Server;
• MX: defines an email exchanger;
• A pointer: defines a record from the domain name to the IP address;
• Cname: defines the alias of a domain name.

002. About DNS-BIND