Build a DNS server by yourself

Build a DNS server by yourself

Preface:

During normal internet access, domain names are all accessed. How can we convert domain names to IP addresses? What about accessing our server host? In this case, you need to use the DNS server. DNS is composed of a domain name parser and a Domain Name Server. A Domain Name Server is a server that stores the domain names and corresponding IP addresses of all hosts in the network and converts a domain name to an IP address.

Next, let's start building a DNS server!

 

1. First, set up the primary DNS server. The primary host configuration is as follows:

123	[root@ch1 ~]# Yum-y install bind # install the bind Program[root@ch1  ~]# Ntpdate 172.18.0.1 # synchronization Time Server[root@ch1 ~]# Vim/etc/named. conf # modify the DNS server configuration file

12	[root@ch1 ~]# Named-checkconf # Check Configuration File Syntax errors[root@ch1 ~]# Vim/etc/named. rfc1912.zones # Add a region in this configuration file

1	[root@ch1 ~]# Vim/var/named/test.com. zone # create a regional data file under the/var/named directory

 

 

1	[root@ch1 named]# Vim/var/named/172.18.20.zone # create a data file in the reverse resolution Region

 

1234567

[root@ch1 ~]# Chown: named/var/named/test.com. zone # modify the group to named[root@ch1 ~]# Chmod o =/var/named/test.com. zone # remove other Permissions[root@ch1 named]# Named-checkzone test.com/var/named/test.com. zone # Check region File Syntax errors[root@ch1 named]# named-checkzone 20.18.172.in-addr.arpa /var/named/172.18.20.zone [root@ch1 named]# Service named start # start the DNS service[root@ch1 named]# Dig-t A www.test.com @ 172.18.20.10 # test whether the DNS server 172.18.20.10 can properly parse the record[root@ch1 named]# Dig-x 172.18.000011 @ 172.18.000010 # test whether the DNS server 172.18.000010 can be reverse resolved to 172.18.000011

 

The primary DNS server has been set up.

 

 

2. Set up the slave DNS server. The ch2 configuration is as follows:

 

123	[root@ch2 ~]# Yum-y install bind # install the bind Program[root@ch2 ~]# Ntpdate 172.18.0.1 # synchronization Time Server[root@ch2 ~]# Vim/etc/named. rfc1912.zones # define a slave Region

 

123	[root@ch2 ~]# Named-checkconf # Check syntax errors[root@ch2 ~]# Service named start # start the DNS service[root@ch2 slaves]# Cat test.com. zone # Check whether the region configuration file can be synchronized

Note: Configure an NS record pointing to the slave DNS on the primary DNS server.

3. Configure subdomains

123	[root@ch3 ~]# Yum-y install bind # install the bind Program[root@ch3 ~]# Ntpdate 172.18.0.1 # synchronization Time Server[root@ch3 ~]# Vim/etc/named. conf # modify the configuration file

 

1	[root@ch3 ~]# Vim/etc/named. rfc1912.zones # create a region Configuration

1	[root@ch3 ~]# Vim/var/named/ops.test.com. zone # create a region configuration file

1234

[root@ch3 ~]# Named-checkconf # Check whether the syntax is correct[root@ch3 ~]# Service named start # start a service[root@ch3 ~]# Dig-t A www.ops.test.com @ 172.18.20.12 # test whether the subdomain can be parsed properly[root@ch3 ~]# Dig-t A www.test.com @ 172.18.20.12 # test whether the subdomain can parse the parent domain

Note: subdomains also require authorization on the primary DNS server.

Summary:

1. DNS is an application layer protocol, and the port numbers are tcp/53 and udp/53.

2. DNS query Process

(1) The client transmits the information of www.test.com to its preferred DNS server.

(2) The preferred DNS server of the DNS Client checks the regional database. Because the server does not have an authorization record for the test.com domain, it passes the query information to the root domain DNS server, the host name to be parsed.

(3) the root domain DNS server returns the IP address of the DNS server responsible for resolving the "com" top-level domain to the preferred DNS server of the DNS Client.

(4) The preferred DNS server sends requests to the DNS server responsible for the "com" domain.

(5) The server responsible for the "com" domain will return the IP address of the DNS server responsible for the "test.com" domain to the first selected DNS server according to the request.

(6) The preferred DNS server sends requests to the DNS server responsible for the "test.com" region.

(7) because the server has a record of www.test.com, it returns the IP address of www.test.com to the first DNS server.

(8) The preferred DNS server of the client sends the IP address www.test.com to the client.

(9) after the domain name is successfully resolved, the client sends the http request to the Web server.

(10) The Web server responds to the client's access request and the client can access the target host.

3. DNS server type

Primary DNS server: the server that maintains the domain database to be resolved; read/write operations can be performed;

From the DNS server: copy a DNS database from the primary DNS server or from other DNS servers, but read the database only;

4. common types of DNS regional database files

SOA: initial authorization record; only one SOA record exists in a region resolution Database

NS: a Domain Name Service Record. A region resolution database can have multiple NS records, one of which is the primary one;

A: Address Record, FQDN --> IPv4;

AAAA: Address Record, FQDN --> IPv6;

CNAME: alias record;

PTR: Pointer, IP --> FQDN

MX: Mail eXchanger, Mail eXchanger;

 

 

5. DNS configuration file

Main configuration file:/etc/named. conf

Or include other files set by "include;

/Etc/named. iscdlv. key

/Etc/named. rfc1912.zones

/Etc/named. root. key

Parse library file:

/Var/named/directory;

The general name is ZONE_NAME.zone.

6. DNS testing tools

Dig command:

Dig [-t RR_TYPE] name [@ SERVER] [query options]

Used to test the dns system, so it does not query the hosts file;

 

Query options:

+ [No] trace: trace the parsing process;

+ [No] recurse: Performs recursive parsing;

Reverse resolution test: dig-x IP

Simulate full-region transfer: dig-t axfr DOMAIN [@ server]

7. security-related configurations in DNS

Ram commands:

Allow-query {}; hosts allowed to be queried; whitelist;

Allow-transfer {}; to which hosts are allowed to be transferred; default: To all hosts;

Allow-recursion {}; which hosts are allowed to send recursive query requests to the current DNS server;

Allow-update {}; DDNS, allows dynamic updates to the content of regional database files;

This article permanently updates the link address: