Cache DNS forward parsing reverse parsing

Apply for a mageeu.com domain IP network segment on the Internet for 172.16.100.0/24 Class C network

NS Server: 172.16.100.1

www server 172.16.100.1 172.16.100.3

Mail server mail 172.16.100.2

ftp: On www host, is the alias of WWW server

Download the www.isc.org bind package here

The DHCP server is also maintained by ISC

Installation:

DNS: Common bind in Linux configuration

Download the www.isc.org bind package here

Uninstall low version: Rpm-e bind-libs bind-utils

Yum Install bind97 97lib 97utils

###############################################

BIND97: Master configuration file

/etc/named.conf

Primarily used to define the working properties of the bind process

Definition of a region

########################################

Remote Control key file for remote operation of DNS server

/etc/rndc.key key File

/etc/rndc.conf configuration file you can work with one

########################################

Zone data files: Check here to convert the hostname to IP

/var/named

########################################

Start:

A service control script will also be available after the installation is complete:

/etc/rc.d/init.d/named can be used to

{Start|stop|restart|status|reload}

#########################################

Bind binary Program: named

#########################################

Configuration file for named:

etc/named.conf

Etc/rdnc.key

Sbin/named

var/named/

#########################################

Bind-chroot: This is a RPM package

By default, bind runs under the real root, and once someone has hijacked the DNS server, it has the permissions of the named process.

So we can use this to implement a configuration file that puts named under Var and provides it with the required

Var/named/chroot

etc/named.conf

Etc/rdnc.key

Sbin/named

Var/named

The implementation of even if the DNS server is compromised, also does not affect the normal operation of the server, the loss is minimized, the novice does not have to install packages

#########################################################################################

caching-nameserver: Enables our servers to become a cache DNS server at once

In general, it is first configured as a cache server--the primary DNS server--from the DNS server

####################################################################

RPM-QL Bind97 View the files that were installed

BIND97 installed by default caching ....

###########################################################################################

******************************************************************************************

Formally start configuring DNS servers manually!!!!

/usr/sbin/named-checkconf View the configuration file

/usr/sbin/named-checkzone See if there is a syntax error in the zone file

*****************************************************

We only need to provide

Master configuration file:/etc/named.conf

Zone data file:/var/named/....

1, named.ca: Save 13 root node address, this file can be generated manually.

Manual generation Method: Dig-t NS. Querying the root domain

Just change your DNS server to the first row of servers

vim/etc/resolv.conf nameserver 172.16.0.1

2, Named.localhost: specifically to interpret localhost as 127.0.0.1

3, Named.loopback: specifically to interpret 127.0.0.1 as localhost

*****************************************************

Start up named: 32.37

#############################################################

vim/etc/named.conf editing the configuration corpus of bind that

#########################################

NETSTAT-TUNLP View

DNS: Listening protocols and ports

53/udp

53/tcp

953/TCP,RNDC remote Domain Name server controller

#########################################

Scoket: Socket

ip+ Port = socket

The process on both hosts wants to communicate, and a port on the server side waits for the client's request, and this location is called a socket

The listener cannot accept requests from the remote host on the 127.0.0.1:53 port

Listening on the 0.0.0.0:53 port can accept requests from all hosts

###########################################################

Back up the original/etc/named.conf and manually edit the/etc/name.conf

###########################################################

Create a cache DNS server

Options {

Directory "/var/named";

};

Root zone:

Zone "." in {

Type hint;

File "named.ca"; Named.ca: The address of 13 root nodes is saved, this file can be generated manually.

};

Zone "localhost" in {

Type master;

File "Named.localhost"; Named.localhost: specifically to interpret localhost as 127.0.0.1

};

# # #: Reverse address must write address in turn # # # #

Zone "0.0.127.in-addr.arpa" in {

Type master; See various areas

File "Named.loopback"; Named.loopback: specifically interprets 127.0.0.1 as localhost

};

Modifying the owner of an array

Chown root:named/etc/named.conf

Modify Permissions

chmod 640/etc/named.conf

Check for errors, no information is the best information

Named-checkconf

Specify who the zone is, and the files under the zone

Named-checkzone "."/var/named/named.ca

Error but not wrong

localhost where localhost is in the specified area

Named-checkzone "localhost"/var/named/named.localhost

Lookback in the specified area

Named-checkzone "0.0.127.in-addr.arpa"/var/named/named.loopback

Start: Service named start

Chown root:named/etc/named.conf

chmod 640/etc/named.conf

Named-checkconf Check not to report information is the best information

Named-checkzone "."/var/named/named.ca

The information reported at the time of launch is kept in the Tail/var/log/message

To temporarily close the SELinux

Getenforce if show enforcing will turn him off, if permissive is not started;

Setenforce 0 off

Setenforce 1 Open

Permanently closed: Vim/etc/selinux/config will selinux=permissive

Modify the DNS of your own host to point to

Vim/etc/resolv.conf

Point DNS to yourself 192.168.9.9

Test if you can find the root

Set power on Start:

View Chkconfig--list named

Setting: Chkconfig named on

the cache DNS server is ready! the cache DNS server is ready! The cache DNS server is ready for the cache DNS server.

###########################################################################################******************** ***********************************************************************

Various areas:

Zone "Zone NAME" in {

type {Master|slave|hint|forward};

};

############################################################################ #333

The cache server, made into a DNS server!!! will cache server, make DNS server!!

Vim/etc/named.conf Adding a set of information

Zone "Mageedu.com" in {

Type master; # # # #代表是主的

File "Magedu.com.zone";

};

Save exit, go to create magedu.com.zone this file

Cd/var/named/vim Magedu.com.zone

Write: TTL 600 @@##￥￥##: Basic Course SOA

$TTL 600

Mageedu.com. In SOA ns1.mageedu.com. Admin. Mageedu.com. (

20150924

1H

5M

The

6H)

Mageedu.com. In NS ns1.mageedu.com.

Mageedu.com. In MX ten mail.mageedu.com.

NS1 in A 192.168.9.250

Mail in A 192.168.9.251

WWW in A 192.168.9.252

WWW in A 192.168.9.253

FTP in CNAME WWW

Save Chown root:named Mageedu.com.zone; chmod 640 Mageedu.com.zone

vim/etc/resolv.conf Edit Search Localdomain nameserver 192.168.9.247

Start Services: Service named restart

Dig-t A www.mageedu.com

Dig-x IP: Check hostname according to IP

HOST-T RT Name: Parse result of query name

Example: Host-a A www.mageedu.com

Nslookup: Interactive (in Windows command-line mode)

Nslookup>server Dnsip

Set Q=a/ns ... Querying resource record types

Www.mageedu.com

###############################################################

We have just configured the forward zone, so let's take a look at how the reverse zone is configured:

Vim/etc/named.conf

Add a Zone "9.168.192.in-addr.arpa" in {

Type master;

File "192.168.9.zone";

};

Cd/var/named copy forward to reverse

CP Mageedu.com.zone 192.168.9.zone-p to retain permissions after replication

Vim 192.168.9.zone

$TTL 600

@ in SOA ns1.mageedu.com. Admin.mageedu.com. (

2013040101

1H

5M

The

6H)

In NS ns1.mageedu.com.

In PTR ns1.mageedu.com.

252 in PTR www.mageedu.com.

253 in PTR www.mageedu.com.

251 in PTR mail.mageedu.com

Wq

Check named-checkconf

Check Named-checkzone "9.168.192.in-addr.arpa" 192.168.9.zone no errors can be restarted

Restart Service named restart

Open cmd command line nslookup

Set Q=ptr

192.168.9.247 View 9.247 name of this machine

9.168.192.in-addr.arpa, check the hostname of the reverse zone.

Parsing in Linux

Dig-x 192.168.9.247 resolves the hostname of this IP

Cache DNS forward parsing reverse parsing