Censos 6.5 bind domain Name Resolution Service Basic Configuration Introduction

with the increase of website, DNS has become an essential service. Of course, usually on the Web page does not find the operation of the DNS, but if there is a problem, can not be the Internet page will become very irritable problem. This time to introduce the most basic bind service, by understanding the BIND service related file information, but also easier to understand the process of domain name resolution.

First, DNS server classification

Although all are DNS servers, there are various features implemented, resulting in DNS also divided into a variety of functional servers. The following categories:

Primary DNS server: responsible for domain name resolution , itself has a set of parsing database processing local client DNS resolution request. and the server belongs to the ① authoritative server in the domain.

From DNS server: responsible for domain name resolution , there is also a set of analytic libraries, but the contents of the resolution library can not be set by itself, only to the primary DNS server to request ② Synchronous resolution of the database data .

Cache DNS Server: itself is not responsible for domain name resolution , but from other domain name servers to iterate the query to the results of the resolution, and then sent to the requesting user. and cache the parsing results locally so that other users can request it without having to iterate again.

Forward DNS server: itself is not responsible for domain name resolution , but from other domain name servers to iterate the query to the results of the resolution, and then sent to the requesting user. Only the forwarding function, itself will not cache the results locally.

① authoritative server : A server that authoritatively answers user resolution requests

Authoritative answer: The queried domain name is answered in the local parsing library, directly from the results obtained from the local parse library.

Non-authoritative answer: The domain name of the query is not in this resolution library, and is answered by queries to other iterations or from the parsing results obtained from locally cached data.

① Synchronous Parse Library : from the server every other cycle time, to the primary server to request the resolution of the library synchronization, usually to see the serial number, to identify whether it has changed.

Full zone synchronization: AXFR, the first synchronization, synchronizes all the parsing library information to the slave server.

Incremental zone synchronization: IXFR, in the future, synchronizes only the modified information.

Synchronization mode: The primary server's synchronization mechanism to slave servers

1) Wait for a periodic synchronization request from the server and respond to it for synchronization.

2) at the end of a cycle from the server, waiting for the next time period, the primary server changes, immediately send a notification to the slave server, let the server immediately synchronize.

Meaning from the server: if the primary server fails and the synchronization request is made from the server, but the response is not returned by the primary server, it will wait for a period of time to resend the synchronization request, which will be shorter than the cycle time. The slave server will stop working until the time-out is reached. To achieve redundancy, the administrator can ensure that there is a maintenance time before the main server is broken.

II. introduction of installation main documents

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/22/wKioL1XdgDaSvmDCAAEfSFtiHq4592.jpg "title=" DNS basic configuration 2.png "alt=" Wkiol1xdgdasvmdcaaefsftihq4592.jpg "/>

by command: RPM-QL bind| Less query bind installation file path

Master profile:/etc/named.conf,/etc/named.rfc1912.zones Two files are combined into a master configuration file.
Zone Resolution library file:/var/named/zone_name.zone

Service script:/etc/rc.d/init.d/named

Four, start from the/etc/named.conf first introduction

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/2E/wKiom1XefceAsCv6AAHiSlcLiKw544.jpg "title=" DNS basic Configuration 4.png "alt=" Wkiom1xefceascv6aahislclikw544.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/2B/wKioL1XegITgIL2LAADH5rwZ4yI915.jpg "title=" DNS basic Configuration 5.png "alt=" wkiol1xegitgil2laadh5rwz4yi915.jpg "/> This whole section is the main configuration information of the BIND service, it is very important to define the master-slave, subdomain, analytic library path, and access control functions.

①Options {
Global Configuration segment: Options can only occur once, defining a global public configuration and defining the working characteristics of bind.
}；

Which--"

//listen-on Port 53 {127.0.0.1;}; Listen at an address, here is the local loopback address, to enable, you need to specify an Internet ip,//equivalent to the # comment function, here is commented out, indicating that all IP can access.
//listen-on-v6 Port 53 {:: 1;}; IPV6 fields, which can be commented out without words.
directory "/var/named" identifies the working directory, and the files in the zone work in that directory.
dump-file "/var/named/data/cache_dump.db"; and soft entries, no need to know
statistics-file "/var/named/data/named_stats.txt";  and soft entries, without needing to know memstatiscs-file "/var/named/data/named_mem_stats.txt";  and soft entries, without needing to know//allow-query {localhost;}; Who is allowed to query, here is an access control rule, if not, can be commented out
recursion yes; Whether to allow recursive query, acting on the user request DNS server, this paragraph must have, otherwise the user can not query normally.
//dnssec-enable Yes; this and the following entries are security mechanisms for integrity verification, but the configuration is cumbersome and can be commented out if not used.

② Logging {

Log Configuration segment: Defines the path to the log file, which does not need to be modified, is not described. Just know that/var/named/data/named.run is the log path. Later is an important means of error-checking.

}；

③Zone "Zone_name" in {

Zone Configuration segment: can occur multiple times, Zone_name is the region that defines the native resolvable

}；

Which--"

type master; Defines the type of the host zone, such as master (master server), slave (slave server), hint (root hint domain, all non-native-owned zones, user requests, send to Root), forward (forwarding domain);

file "Zone_name.zone"; Define the corresponding parsing library file storage path, here is relative path, relative to the options defined in the/var/named, can also be set to absolute path

④include "/etc/named.rfc1912.zones"; Named.rfc1912.zones is also defined as a region. Include: include the file, the contents of the/etc/named.rfc1912.zones, and so on and named.conf in the connection.

Include "/etc/named.root.key"; Named.root.key is a file related to dnnssec-enable because it is not available and commented out.

Note: In named.conf, each entry must have a semicolon, or it will error, the Novice is particularly easy to step on the pit, stepping on a few times to remember.

V. Analysis of Library resource record type introduction

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/39/wKioL1Xe0XnBPRz_AAEffRhW4Xk993.jpg "title=" DNS basic Configuration 1.png "alt=" Wkiol1xe0xnbprz_aaeffrhw4xk993.jpg "/>

For example, it is a complete resource record type, which is described from the top down

This whole paragraph is a very important part of the bind service, and all parsing records are marked in this file, and user resolution requests are queried from there.

Resource record Type:

Format: Name (zone name) [TTL] (cache duration, can be omitted) in (fixed character) Rptype (type) value (value)

First row, Ttl:time to live cache duration

$TTL to set the global cache duration for the resolution library, followed by the number unit 36000 (seconds)

Second line, $ORIGIN: starting point

$ORIGIN for the name shorthand feature, you can abbreviate the FQDN, only fill in the hostname, followed by automatic completion.

Example: $ORIGIN pixiu.com.

Ns.pixiu.com. can be abbreviated to NS, short after the tail can not add. dot number

Third row, soa:start of authority start authorization record

SOA: There can be only one SOA in any parse library file, and the first record must be of the same type as the SOA, which is used to identify the primary server.

Datastore: Zone name, defined in the parse library file, @ is the region name of the current zone, so you can use @ Instead, @ can also be used for shorthand function, if not defined @origin,@ will automatically read the name.conf configured zone name, and then the following FQDN automatically fill the region name.

TTL: If you do not want to use the global cache length, you can set the record to another length, not the words can be omitted

· In: Fixed character of resource record, immutable

· Rptype: Resource types, such as SOA, NS, MX, A

value: The FQDN of the primary DNS server, or the current zone name

SOA has additional parameters than other resource records:

• Regional Admin Email Address: if pixiu.163.com., this is actually [email protected], but since @ represents the zone name, all can only be written as. No.

• Various options:

（

2015081903: Serial number not exceeding 10 digits. function is if the parse library file has changed, modify this serial number, you can tell from the server, records have been modified, need to synchronize

2H: The interval of time between the request synchronization from the server to the master server, H, M, D days.

30M: No primary service response received from the server, the time interval to resend the request

7D: Never receive primary server synchronization from the server, while the timeout for stopping work is longer

1D): The cache duration of the negative answer. A negative answer is a domain name resolution that cannot be queried. Prevent multiple access to inaccessible domain names, consuming parsing speed

Row four, Ns:name server name server

NS: Name server used to indicate the current zone

Datastore: Zone name. If the area name is the same as the previous one, you can omit the write.
FQDN of the value:dns server

Line five, mx:mail Exchange mail exchanger

MX: A mail server used to indicate the current region

Datastore: Zone name. If the area name is the same as the previous one, you can omit the write.
FQDN of the value:dns server

Note: The MX record also has a priority attribute, and low priority MX is enabled in the case of high priority MX being busy or failing.

Line six, a:address address

A: Used to indicate the FQDN and IP address of the corresponding relationship, NS, MX server must have a record.

Name:fqdn
Value:ip

Note: ① an FQDN can correspond to multiple IPs, in order to achieve load balancing, the implementation of polling.

② an IP can correspond to multiple FQDNs in order to implement a host response to access requests from multiple ports.

Line seventh, cname:canonical name.

CNAME: equivalent to setting an alias record

Name:fqdn
Value:fqdn

Example: x.pixiu.com. In CNAME file.pixiu.com.

Access to the x.pixiu.com is resolved to file.pixiu.com, which means that the file.pixiu.com alias is x.pixiu.com.

Eighth row, pan domain name resolution

name:*, which represents a wildcard character, matches the host name
Value:ip

Example: Add * in A 192.168.50.129 record

The FQDN requested by the user cannot be resolved, but the zone name can be matched to the current zone, and automatically resolves to the IP address pointed to. such as: Request 423.pixiu.com, will be resolved to 192.168.50.129

Content not written:

Ptr:pointer pointer, which is the reverse parsing record.

Datastore: Reverse host IP address (not including network address) plus suffix in-addr.arpa
Value:fqdn

Example: 129.in-addr.arpa in PTR ns.pixiu.com.

Summary: domain Name Service bind the main file is basically these, the above are basic configuration features, to complete the use of the bind service, it is best to understand these content. Of course, I am also a novice Linux, if there is a description of the wrong, trouble correction, to avoid the wrong basis to continue to go down.

Censos 6.5 bind domain Name Resolution Service Basic Configuration Introduction