Basic and advanced DNS configurations in CentOS

Basic and advanced DNS configurations in CentOS

How DNS servers work and functions

DNS creates different regions in the network (a region represents the management set of resources to be named in the Network), and queries host names and addresses using a distributed data system. When you type the host name to be accessed in the browser of the customer service machine, an IP address query request is triggered and the request is automatically sent to the default DNS server, the DNS server queries the IP address of the host from the database and returns the IP address. After obtaining the IP address, the browser locates the resource to be accessed on the Internet based on the IP address.

Problems in DNS query packets

NAME value description

A 1 IP Address

NS 2 Name Server

CNAME 5 standard name

PTR 12 pointer record

HINFO 13 host information

MX 15 email exchange records

AXFR 252 requests for Region Conversion

A: An A record defines an IP address.

NS: Name Server record. It indicates the authorization name server of a domain, which is represented by a domain name.

CNAME: indicates a canonical name, which is used to represent a domain name. A domain name with a canonical name is usually called an alias. Some FTP servers use it to provide an easy-to-remember alias to other systems.

HINFO: indicates the host information, including two strings indicating the host CPU and operating system.

MX: mail exchange record. Function: If a message is sent to the use@foo.com, it is sent to relay1.uu.net.

PTR: A pointer record is used for pointer queries, and an IP address is considered a domain name under the in-addr.arpa domain (reverse query ).

1. Basic DNS Configuration:

1. My environment is centos6.6. First install the bind package

Yum install bind * (install using yum)

2. Edit the DNS configuration file

Vim/etc/named. conf

Options {

Listen-onport 53 {any ;}; # change to any here

Listen-on-v6port 53 {: 1 ;};

Directory "/var/named ";

Dump-file "/var/named/data/cache_dump.db ";

Statistics-file "/var/named/data/named_stats.txt ";

Memstatistics-file "/var/named/data/named_mem_stats.txt ";

Allow-query {any ;}; # change to any here

Recursionyes;

Dnssec-enableyes;

Dnssec-validationyes;

Dnssec-lookasideauto;

/* Path to isc dlv key */

Bindkeys-file "/etc/named. iscdlv. key ";

Managed-keys-directory "/var/named/dynamic ";};

Logging {

Channeldefault_debug {

File "data/named. run ";

Severitydynamic ;};};

Zone "." IN {# root type area

Typehint;

File "named. ca ";};

Include "/etc/named. rfc1912.zones"; # split the file

Include "/etc/named. root. key"; # split the file

Vim/etc/named. rfc1912.zones)

Add the following configuration file:

# Set the positive solution Area

Zone "wang.com" IN {# Domain Name

Typemaster; # server type

File "wang. zone"; # positive solution region file

};

Zone "1.168.192.in-addr. arpa" IN {# My network is 192.168.1.

Typemaster;

File "wang.com. zone"; # decompress the region file

};

In cd/var/named/, the template of the positive solution region (named. localhost) and the template of the Reverse Solution region (named. loopback) are systematically provided)

Cpnamed. localhost wang. zone cp named. loopback wang.com. zone

Vim wang. zone in/var/named/

$ TTL1D

@ INSOA @ rname. invalid .(

0; serial

1D; refresh

1 H; retry

1 W; expire

3 H); minimum

NS @

A 192.168.1.21 # DNS Server IP Address

Www 0 A 192.168.1.22 # IP address of the www Server

0 A 192.168.1.11 # www Server IP address (dns round robin with the above www server)

Ftp A 192.168.1.22 # ftp server

Mail A 192.168.1.11 # mail Server

Web CNAME www # Alias

@ MX 10 mail # mail priority

Currently, vim wang.com. zone under/var/named/

$ TTL1D

@ INSOA @ rname. invalid .(

0; serial

1D; refresh

1 H; retry

1 W; expire

3 H); minimum

NS @

A 192.168.1.21 # Server IP Address

PTR wang.com.

22 PTRwww.wang.com. # Do not forget '.'

11 PTR www.wang.com.

22 PTR ftp.wang.com.

22 PTR web.wang.com.

11 PTR mail.wang.com.

Restart servicenamed restart and change the DNS of ip22 and 11 testing machines to 192.168.1.21. (Vim/etc/sysconfig/network-scripts/ifcfg-eth0 and vim/etc/resolv. conf to modify dns)

2. One Network corresponds to multiple domain names

Add multiple positive solutions to vim/etc/named. rfc1912.zones. For example:

Zone "ning.com" IN {

Typemaster;

File "ning. zone ";

};

Zone "wang.com" IN {

Typemaster;

File "wang. zone ";

};

# It doesn't matter if the solution is reversed. It's in China. You can also add a Domain Name and restart the named service.

Iii. bind view # For example, a website has a domestic IP address and a foreign IP address, which is resolved by the dns server of the Chinese IP address to access the website, dns servers with IP addresses outside China are used for resolution, which speeds up dns resolution. (A domain name corresponds to multiple different ip addresses)

Vim/etc/named. rfc1912.zones is appended:

Acl "guowai" {192.168.200.0/24;}; # random name

Acl "guonei" {192.168.1.0/24 ;};

View "guowai" {# Try to get the name casually

Match-clients {guowai;}; # must match

Zone "." IN {# root type area

Typehint;

File "named. ca ";

};

Zone "wangning.com" {# positive solution region

Typemaster;

File "guowai. zone"; # create guowai.. zone in/var/named/

};

Zone "200.168.192.in-addr" {# reverse Region

Typemaster;

File "guowai.com. zone" # create guowai.com. zone in/var/named/

};

};

View "guonei "{

Match-clients {guonei ;};

Zone "." IN {

Typehint;

File "named. ca ";

};

Zone "wangning.com" IN {

Typemaster;

File "guonei. zone"; # create guonei. zone in/var/named/

};

Zone "1.168.192.in-addr. arpa" IN {

Typemaster;

File "guonei.com. zone"; # create guonei.com. zone in/var/named /.

};

};

Restart the service;

Iv. salvesDNS server (Backup Server)

Server Load balancer is required to prevent the master server from being deprecated.

Vim/etc/named. rfc1912.zones:

Zone "wang.com" IN {# Domain Name

Typeslave; # server type

File "slaves/wang. zone"; # Forward Solution region file

Masters {192.168.1.21 ;};

};

Zone "1.168.192.in-addr. arpa" IN {# My network is 192.168.1.

Typeslave;

File "slaves/wang.com. zone"; # decompress the region file

Masters {192.168.1.21 ;};

};

Restart the service to automatically generate wang. zone and wang.com. zone under the/var/named/slaves/directory.