I. Introduction to DNS Services
DNS is the abbreviation for the computer domain Name System or domain name Service, which consists of a parser and a domain name server. A domain name server is a domain name and corresponding IP address that holds all the hosts in the network, and a server that converts the domain name to the IP address feature.
Second, the DNS installation configuration
Preparatory work
1. Configure the installation package required by the DNS server
DNS Service Package: Bind
DNS Related libraries: Bind-libs
DNS Client: Bind-utils
Limit DNS in one directory: Bind-chroot
Firewall off: iptables-f
Close Selinux:setenforce 0
2. Edit the configuration file
Global configuration file/etc/named.conf
options { listen-on port 53 { localhost; }; #括号内改为localhost是将本机ip监听在53端口上,也可以写上本机IP,注意最后的;号 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #改为any是指允许任何人通过你的服务器来解析DNS,也可以指定IP。
logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { type hint; file "named.ca";};#上面两个就是DNS解析域名的模板,可以在下面接着写也可以写在下面的文件中/etc/named.rfc1912.zonesinclude "/etc/named.rfc1912.zones";include "/etc/named.root.key";
We write the DNS resolution domain in/etc/named.rfc1912.zones
zone "lpx123.com" IN { #正向解析域名lpx123.com type master; #主域名 file "lpx123.com.zone"; #域名对应的文件};zone "252.18.172.in-addr.arpa" IN { #反向解析域名 type master; file "172.18.252.zone";};
The zone database files are stored in/var/named/, which also has template files, and we can copy the template files for modification.
[[email protected] named]# cp -p named.localhost lpx123.com.zone[[email protected] named]# cp -p named.localhost 172.18.252.zone
Note that when the copy is added to-p because this file belongs to the group is named, no-p belongs to the group will become the current user belongs to the group, named can not access.
To edit a forward zone database configuration file
$TTL 1D@ IN SOA nsl.lpx123.com. root.lpx123.com. ( 20132702 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS nsl.lpx123.com.nsl IN A 172.18.252.36mail IN A 2.2.2.2
TTL: Lifetime refers to the cache time of this DNS on the client. BR/>1D: Cache time is 1 days
@: Reference the current domain name
SOA: Records of master-slave authentication and authorization
nsl.lpx123.com.: Primary Domain
Root.lpx123.com.: Administrator Mailbox
20132702; Serial: This is a serial number, the basis for updating between master and slave.
1D; Refresh: The time of the update, how often the server proactively requests updates. 1 D represents the day
1H; Retry: The retry time is updated as soon as the update from the server fails. 1H stands for 1 hours
1W; Expire: Expiration time, which is no longer updated when there is no successful update from the server. 1 W stands for 1 weeks
3H); Minimum: Equivalent to the TTL value. Do not write by default using global configuration.
In NS Nsl.lpx123.com.:ns record, followed by the name of the name server
NSL in A 172.18.252.36:nsla record the corresponding server address
Edit a reverse zone database file
[[email protected] named]# vim 172.18.252.zone $TTL 1D@ IN SOA nsl.lpx123.com. root.lpx123.com. ( 20132703 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum@ NS nsl.lpx123.com.36 PTR nsl.lpx123.com.100 PTR www.lpx123.com.~
The Reverse zone database file is similar to the forward zone database file, and the difference is one more RPT record
PTR format: The preceding is the corresponding IP address, followed by the host name.
Third, testing
Restart Service
[email protected] named]# systemctl Restart named
We're testing on a different machine.
First we want to set the DNS server address:
[[email protected]~]# vim/etc/resolv.conf nameserver 172.18.252.36 #把里面的内容都注释掉添加一个DNS服务器地址 [[email protected]~]# dig nsl.lpx123.com @172.18.252.36; <<>> DiG 9.9.4-redhat-9.9.4-61.el7 <<>> nsl.lpx123.com @172.18.252.36; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:821; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, additional:1 #aa代表的是权威, means that this parsing is parsed out by the server itself rather than by forwarding it.; OPT pseudosection:; edns:version:0, Flags:; udp:4096;; QUESTION section:;nsl.lpx123.com. in A;; ANSWER SECTION:nsl.lpx123.com. 86400 in A 172.18.252.36 #解析出来的A记录对应的地址;; Authority SECTION:lpx123.com. 86400 in NS nsl.lpx123.com.; Query time:1 msec;; server:172.18.252.36#53 (172.18.252.36); when:wed 01:50:46 CST 2018;; MSG SIZE rcvd:73[[email protected]~]# nslookup 172.18.252.36 #反向解析Server: 172.18.252.36address:172.18.252.36#5336.252.18.172.in-addr.arpa name = nsl.lpx123.com.
Four, pan domain name resolution
When we need to add DNS resolution in bulk, we can use wildcard characters to write the following
[[email protected] named]# vim lpx123.com.zone$GENERATE 1-100 server$ A 3.3.3.$ #在正向域名解析中添加一条这样的记录
This adds a record from server1.lpx123.com to server100.lpx.com, and the corresponding IP is from 3.3.3.1 to 3.3.3.100, respectively.
[[email protected] named]# nslookup server1.lpx123.comServer: 172.18.252.36Address: 172.18.252.36#53Name: server1.lpx123.comAddress: 3.3.3.1[[email protected] named]# nslookup server2.lpx123.comServer: 172.18.252.36Address: 172.18.252.36#53Name: server2.lpx123.comAddress: 3.3.3.2[[email protected] named]# nslookup server100.lpx123.comServer: 172.18.252.36Address: 172.18.252.36#53Name: server100.lpx123.comAddress: 3.3.3.100
There is a time when we have entered a W can also access to the site we want to visit, or the wrong can also access, this is the use of the pan-domain name resolution
The wording is as follows
*.lpx123.com. A 4.4.4.4
[[email protected] named]# nslookup www.lpx123.comServer: 172.18.252.36Address: 172.18.252.36#53Name: www.lpx123.comAddress: 4.4.4.4[[email protected] named]# nslookup dns.lpx123.comServer: 172.18.252.36Address: 172.18.252.36#53Name: dns.lpx123.comAddress: 4.4.4.4[[email protected] named]# nslookup nsl.lpx123.comServer: 172.18.252.36Address: 172.18.252.36#53Name: nsl.lpx123.comAddress: 172.18.252.36
As long as we do not write lpx123.com domain names are all resolved to the 4.4.4.4 host, the write is not affected.
V. DNS master/Slave
We've set up the primary DNS server, so now we just need to build another one from the DNS server.
1. We are ready to set up the environment first, install the package (IBID.)
2. Edit the global profile (same as the master configuration file)
3. Write the zone database file/etc/named.conf
options { listen-on port 53 { localhost; }; #这里还是改为localhost listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #这里改为any
We add the following template
zone "lpx123.com" IN { type slave; #代表为从域名 file "slaves/lpx123.com.zone"; #复制主域名库文件后的存放位置 masters { 172.18.252.36; }; #主域名的IP地址};
Start the service, we will see in the/var/named/slaves directory there is a file, which is from the Domain name library file, we use another machine to see if we can parse
[[email protected] ~]# dig nsl.lpx123.com @172.18.250.216; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> nsl.lpx123.com @172.18.250.216;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32433;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;nsl.lpx123.com. IN A;; ANSWER SECTION:nsl.lpx123.com. 86400 IN A 172.18.252.36;; AUTHORITY SECTION:lpx123.com. 86400 IN NS nsl.lpx123.com.;; Query time: 4 msec;; SERVER: 172.18.250.216#53(172.18.250.216);; WHEN: Thu May 24 21:03:47 2018;; MSG SIZE rcvd: 62
Parse success
Specify the transmission machine
We found that when we set up the slave server, the master server did not agree that we had taken the server and obtained the zone library file, which was not secure for the primary DNS, so we added a designated transmission machine
Add a/etc/named.conf in the
allow-transfer { 172.18.250.216;}; #括号内填写从服务器ip地址
Test
We use the server to get the data.
[[email protected] slaves]# dig -t axfr lpx123.com @172.18.252.36; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t axfr lpx123.com @172.18.252.36;; global options: +cmdlpx123.com. 86400 IN SOA nsl.lpx123.com. root.lpx123.com. 20132702 86400 3600 604800 10800lpx123.com. 86400 IN NS nsl.lpx123.com.*.lpx123.com. 86400 IN A 4.4.4.4mail.lpx123.com. 86400 IN A 2.2.2.2
The data can not be crawled with other machines, but not affected by the normal access to the domain name
[[email protected]~]# DIG-AXFR l.lpx123.com @172.18.252.36; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.62.rc1.el6 <<>>-t AXFR lpx123.com @172.18.252.36; Global options: +cmd; Transfer failed. [[email protected]~]# dig nsl.lpx123.com @172.18.252.36; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.62.rc1.el6 <<>> nsl.lpx123.com @172.18.252.36; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:12384; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, additional:0; QUESTION section:;nsl.lpx123.com. in A;; ANSWER SECTION:nsl.lpx123.com. 86400 in A 172.18.252.36; Authority SECTION:lpx123.com. 86400 in NS nsl.lpx123.com.; Query time:1 msec;; server:172.18.252.36#53 (172.18.252.36); When:thu 24 21:23:47 2018;; MSG SIZE rcvd:62
PS: We set the primary DNS, from the DNS also to do set up or others can also be from your DNS fetch data, but from the DNS if not from the parentheses from the DNS can be changed to none.
Configuring the DNS service on Linux