Basic concepts of Linux DNS

Dns:domain Name Sservice

Domain name resolution. Software-based bind. is a distributed database.

Fqdn:full qualifide Domain name is fully qualified.

Domain structure:

. Root domain

TLD (Top level domain):

Organizational domain:

. com

. org

. Net

. cc

Country domain:

. cn

. tw

. HK

...

Reverse domain:

Resolves an IP address to an FQDN.

Ip-->fqdn

Subdomain:

Test

...

The subdomain only knows its direct subordinate, and the subordinate subdomain only knows the root domain. The parent domain is the authoritative answer, and the others are non-authoritative.

DNS Query method:

1. Recursive queries

Only one request is made.

A to B query, b Do not know, B to C query, C know and return the results to b,b back to a.

A-->b-->c-->b-->a

Note: The root and top-level domains are not recursively recursive.

2. Iterative queries

Make multiple requests.

A to B query, b Do not know, tell a May c know. A to C query, C know and return the result to a. If C does not know, then D will tell A,a to D query. And so on

A-->b-->c

A-->c-->d

A-->d-->a

...

How to query different host types:

Recursive client:

Local client request.

The local host makes a request to the DNS server recursively, that is, the host's request is sent only once. The DNS server responds to its request. It is iterative for the DNS server to query itself to other servers.

Iterate clients:

External client requests:

In the Internet, the host query uses the first iteration, can only send requests to the root domain, but because the root domain and TLD are not recursive, only responsible for returning the corresponding subdomain, this process is iterative. The host then sends the request to the corresponding subdomain and makes a recursive query.

Request Authoritative Response:

The parent domain of a subdomain is authoritative for that domain, and its answer is authoritative. The authoritative answer is absolutely true. Only the following two types can be returned:

Sure answer, that there is.

Negative answer, that is not.

Request a non-authoritative answer:

A subdomain sends a request to another domain, at which point the other domain answers the non-authoritative answer, which is generally not allowed. If the other domain has a related trust, it can be answered, but the return is still a non-authoritative answer.

DNS resolution:

Forward: Fqnd-->ip

Reverse: Ip-->fqdn

The two are not using the same database.

Parse an instance:

There is a domain of test.com. 10.0.0.0/8

DNS is 10.0.0.3

www for 10.0.0.2 10.0.0.5

Mail for 10.0.0.4

FTP On the WWW host

In a. com database:

test.com. In NS ns.test.com.

Ns.test.com in A 10.0.0.3

10.0.0.3 in PTR ns.test.com.

To create a zone file:

Forward direction:

test.com. In SOA

or shorthand for

@ + in SOA

www.test.com. In A 10.0.0.2

or shorthand for

www. A 10.0.0.2

Mail.test.com. In MX 10 10.0.0.4

Reverse:

0.0.10.in-addr.arpa. In SOA

2.0.0.10.addr.arpa. In PTR www.test.com.

or shorthand for

2 in PTR www.test.com.

DNS master-Slave model:

1. Primary DNS server: Make changes to the data.

2. Secondary DNS server: Request data synchronization to the primary DNS server (pull mechanism)

Definition of data Synchronization time:

1.serial number, maximum 10 bits.

2.refresh Refresh time interval

3.retry retry time, is less than the refresh time.

4.expire Expiration time.

5.nagative answer TTL negative answer for cache duration.

3. Caching DNS Servers

4. Transponder

Zone transfer (master-slave replication):

Full zone transfer (AXFR)

Incremental zone transfer (IXFR)

Type of zone in zone transfer:

Primary zone: Master

From zone: Slave

Hint area: Hint (root domain dependent)

Forwarding Area: Forward

Resource records

In the database, each entry is referred to as a resource record (Resource record RR).

The format is as follows:

NAME [TTL] in RRT VALUE

Specific content:

1.NMAE specifies the FQDN or IP.

2.TTL survival time, which can be omitted after the global TTL is defined. Using $ttl

3.IN indicates that this is an Internet host.

4.RRT resource record Type:

@: Equivalent to ZoneName

;: Annotation Information

Soa:

Start of authority start authorization record

Used to indicate how the master-slave server synchronizes data within a zone, and defines the starting authorization object.

Defined in the forward and reverse directions.

ZONENAME TTL in SOA FQDN adminmailadd (

Serial number

Refresh

Retry

Expire

Na ttl)

Time Unit:

S seconds Second (default)

M min min

H-Hour Hour

D Day

W Zhou Week

Adminimailadd:

USERNAME. ZONENAME.

Note: You cannot use @ here, to be replaced by

For example:

Admin.test.com.

Ns:

Defined in the forward and reverse directions.

Name Server Zone name ZONENAME--FQDN

Mx:

Mail EXchanger message exchange.

Defined in the forward direction.

ZONENAME to FQDN (mail)

ZONENAME TTL in MX PRI VALUE

PRI precedence: From 0-99, the smaller the number the higher the level.

A:

Defined in the forward direction.

Address FQDN-IPV4

Aaaa:

FQDN-IPv6

Ptr:

defined in the reverse.

Pointer pointer record IP---FQDN

CNAME:

Canonical name, formally named.

Alias record FQDN---FQDN

5.VALUE Specify FQDN or IP

For example:

test.com in SOA admin.test.com. (

1

1H

5M

1W

1D)

test.com. In NS ns.test.com.

Ns.test.com. In A 1.1.1.2

1.1.1.2 in PTR ns.test.com.

test.com. In MX ten mail1.test.com.

test.com. In MX mail2.test.com.

Mail1.test.com. In A 1.1.1.3

1.1.1.3 in PTR mail1.test.com.

Mail2.test.com. In A 1.1.1.4

1.1.1.4 in PTR mail2.test.com.

www.test.com. In A 1.1.1.1

1.1.1.1 in PTR www.test.com.

Www2.test.com in CNAME www.test.com

Www2.test.com in A 1.1.1.9

1.1.1.9 in PTR www2.test.com

Domains and Regions:

Domains: Domain Logic Concepts

is defined by the human being.

Zone: Zone Physics concept

DNS resolution uses a different database file for forward and reverse use, which is called a zone.

The file is real.

Include relationship:

There is no explicit containment relationship.

In a domain, the range of domains is larger than the region. However, the authorization for this domain is defined in a zone file from the ancestor.

This article is from "Small Private blog" blog, please be sure to keep this source http://ggvylf.blog.51cto.com/784661/1626442

Basic concepts of Linux DNS