Build a DNS server by yourself
Preface:
During normal internet access, domain names are all accessed. How can we convert domain names to IP addresses? What about accessing our server host? In this case, you need to use the DNS server. DNS is composed of a domain name parser and a Domain Name Server. A Domain Name Server is a server that stores the domain names and corresponding IP addresses of all hosts in the network and converts a domain name to an IP address.
Next, let's start building a DNS server!
1. First, set up the primary DNS server. The primary host configuration is as follows:
123 |
[root@ch1 ~] # Yum-y install bind # install the bind Program [root@ch1 ~] # Ntpdate 172.18.0.1 # synchronization Time Server [root@ch1 ~] # Vim/etc/named. conf # modify the DNS server configuration file |
12 |
[root@ch1 ~] # Named-checkconf # Check Configuration File Syntax errors [root@ch1 ~] # Vim/etc/named. rfc1912.zones # Add a region in this configuration file |
1 |
[root@ch1 ~] # Vim/var/named/test.com. zone # create a regional data file under the/var/named directory |
1 |
[root@ch1 named] # Vim/var/named/172.18.20.zone # create a data file in the reverse resolution Region |
1234567 |
[root@ch1 ~] # Chown: named/var/named/test.com. zone # modify the group to named [root@ch1 ~] # Chmod o =/var/named/test.com. zone # remove other Permissions [root@ch1 named] # Named-checkzone test.com/var/named/test.com. zone # Check region File Syntax errors [root@ch1 named] # named-checkzone 20.18.172.in-addr.arpa /var/named/172.18.20.zone [root@ch1 named] # Service named start # start the DNS service [root@ch1 named] # Dig-t A www.test.com @ 172.18.20.10 # test whether the DNS server 172.18.20.10 can properly parse the record [root@ch1 named] # Dig-x 172.18.000011 @ 172.18.000010 # test whether the DNS server 172.18.000010 can be reverse resolved to 172.18.000011 |
The primary DNS server has been set up.
2. Set up the slave DNS server. The ch2 configuration is as follows:
123 |
[root@ch2 ~] # Yum-y install bind # install the bind Program [root@ch2 ~] # Ntpdate 172.18.0.1 # synchronization Time Server [root@ch2 ~] # Vim/etc/named. rfc1912.zones # define a slave Region |
123 |
[root@ch2 ~] # Named-checkconf # Check syntax errors [root@ch2 ~] # Service named start # start the DNS service [root@ch2 slaves] # Cat test.com. zone # Check whether the region configuration file can be synchronized |
Note: Configure an NS record pointing to the slave DNS on the primary DNS server.
3. Configure subdomains
123 |
[root@ch3 ~] # Yum-y install bind # install the bind Program [root@ch3 ~] # Ntpdate 172.18.0.1 # synchronization Time Server [root@ch3 ~] # Vim/etc/named. conf # modify the configuration file |
1 |
[root@ch3 ~] # Vim/etc/named. rfc1912.zones # create a region Configuration |
1 |
[root@ch3 ~] # Vim/var/named/ops.test.com. zone # create a region configuration file |
1234 |
[root@ch3 ~] # Named-checkconf # Check whether the syntax is correct [root@ch3 ~] # Service named start # start a service [root@ch3 ~] # Dig-t A www.ops.test.com @ 172.18.20.12 # test whether the subdomain can be parsed properly [root@ch3 ~] # Dig-t A www.test.com @ 172.18.20.12 # test whether the subdomain can parse the parent domain |
Note: subdomains also require authorization on the primary DNS server.
Summary:
1. DNS is an application layer protocol, and the port numbers are tcp/53 and udp/53.
2. DNS query Process
(1) The client transmits the information of www.test.com to its preferred DNS server.
(2) The preferred DNS server of the DNS Client checks the regional database. Because the server does not have an authorization record for the test.com domain, it passes the query information to the root domain DNS server, the host name to be parsed.
(3) the root domain DNS server returns the IP address of the DNS server responsible for resolving the "com" top-level domain to the preferred DNS server of the DNS Client.
(4) The preferred DNS server sends requests to the DNS server responsible for the "com" domain.
(5) The server responsible for the "com" domain will return the IP address of the DNS server responsible for the "test.com" domain to the first selected DNS server according to the request.
(6) The preferred DNS server sends requests to the DNS server responsible for the "test.com" region.
(7) because the server has a record of www.test.com, it returns the IP address of www.test.com to the first DNS server.
(8) The preferred DNS server of the client sends the IP address www.test.com to the client.
(9) after the domain name is successfully resolved, the client sends the http request to the Web server.
(10) The Web server responds to the client's access request and the client can access the target host.
3. DNS server type
Primary DNS server: the server that maintains the domain database to be resolved; read/write operations can be performed;
From the DNS server: copy a DNS database from the primary DNS server or from other DNS servers, but read the database only;
4. common types of DNS regional database files
SOA: initial authorization record; only one SOA record exists in a region resolution Database
NS: a Domain Name Service Record. A region resolution database can have multiple NS records, one of which is the primary one;
A: Address Record, FQDN --> IPv4;
AAAA: Address Record, FQDN --> IPv6;
CNAME: alias record;
PTR: Pointer, IP --> FQDN
MX: Mail eXchanger, Mail eXchanger;
5. DNS configuration file
Main configuration file:/etc/named. conf
Or include other files set by "include;
/Etc/named. iscdlv. key
/Etc/named. rfc1912.zones
/Etc/named. root. key
Parse library file:
/Var/named/directory;
The general name is ZONE_NAME.zone.
6. DNS testing tools
Dig command:
Dig [-t RR_TYPE] name [@ SERVER] [query options]
Used to test the dns system, so it does not query the hosts file;
Query options:
+ [No] trace: trace the parsing process;
+ [No] recurse: Performs recursive parsing;
Reverse resolution test: dig-x IP
Simulate full-region transfer: dig-t axfr DOMAIN [@ server]
7. security-related configurations in DNS
Ram commands:
Allow-query {}; hosts allowed to be queried; whitelist;
Allow-transfer {}; to which hosts are allowed to be transferred; default: To all hosts;
Allow-recursion {}; which hosts are allowed to send recursive query requests to the current DNS server;
Allow-update {}; DDNS, allows dynamic updates to the content of regional database files;
This article permanently updates the link address: