Configuring the DNS service on Linux

Source: Internet
Author: User
Tags domain name server nslookup

I. Introduction to DNS Services

DNS is the abbreviation for the computer domain Name System or domain name Service, which consists of a parser and a domain name server. A domain name server is a domain name and corresponding IP address that holds all the hosts in the network, and a server that converts the domain name to the IP address feature.

Second, the DNS installation configuration

Preparatory work
1. Configure the installation package required by the DNS server

DNS Service Package: Bind
DNS Related libraries: Bind-libs
DNS Client: Bind-utils
Limit DNS in one directory: Bind-chroot
Firewall off: iptables-f
Close Selinux:setenforce 0
2. Edit the configuration file

Global configuration file/etc/named.conf

options {        listen-on port 53 { localhost; };      #括号内改为localhost是将本机ip监听在53端口上,也可以写上本机IP,注意最后的;号        listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };     #改为any是指允许任何人通过你的服务器来解析DNS,也可以指定IP。
logging {        channel default_debug {                file "data/named.run";                severity dynamic;        };};zone "." IN {        type hint;        file "named.ca";};#上面两个就是DNS解析域名的模板,可以在下面接着写也可以写在下面的文件中/etc/named.rfc1912.zonesinclude "/etc/named.rfc1912.zones";include "/etc/named.root.key";

We write the DNS resolution domain in/etc/named.rfc1912.zones

zone "lpx123.com" IN {      #正向解析域名lpx123.com        type master;      #主域名        file "lpx123.com.zone";      #域名对应的文件};zone "252.18.172.in-addr.arpa" IN {     #反向解析域名        type master;             file "172.18.252.zone";};

The zone database files are stored in/var/named/, which also has template files, and we can copy the template files for modification.

[[email protected] named]# cp -p named.localhost lpx123.com.zone[[email protected] named]# cp -p named.localhost 172.18.252.zone

Note that when the copy is added to-p because this file belongs to the group is named, no-p belongs to the group will become the current user belongs to the group, named can not access.
To edit a forward zone database configuration file

$TTL 1D@       IN SOA   nsl.lpx123.com. root.lpx123.com. (                                        20132702        ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H )    ; minimum        IN      NS      nsl.lpx123.com.nsl     IN      A       172.18.252.36mail    IN      A       2.2.2.2

TTL: Lifetime refers to the cache time of this DNS on the client. BR/>1D: Cache time is 1 days
@: Reference the current domain name

SOA: Records of master-slave authentication and authorization
nsl.lpx123.com.: Primary Domain
Root.lpx123.com.: Administrator Mailbox
20132702; Serial: This is a serial number, the basis for updating between master and slave.
1D; Refresh: The time of the update, how often the server proactively requests updates. 1 D represents the day
1H; Retry: The retry time is updated as soon as the update from the server fails. 1H stands for 1 hours
1W; Expire: Expiration time, which is no longer updated when there is no successful update from the server. 1 W stands for 1 weeks
3H); Minimum: Equivalent to the TTL value. Do not write by default using global configuration.
In NS Nsl.lpx123.com.:ns record, followed by the name of the name server
NSL in A 172.18.252.36:nsla record the corresponding server address
Edit a reverse zone database file

[[email protected] named]# vim 172.18.252.zone $TTL 1D@       IN SOA   nsl.lpx123.com. root.lpx123.com. (                                        20132703        ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H )    ; minimum@       NS      nsl.lpx123.com.36      PTR     nsl.lpx123.com.100     PTR     www.lpx123.com.~                               

The Reverse zone database file is similar to the forward zone database file, and the difference is one more RPT record
PTR format: The preceding is the corresponding IP address, followed by the host name.

Third, testing

Restart Service
[email protected] named]# systemctl Restart named
We're testing on a different machine.
First we want to set the DNS server address:

[[email protected]~]# vim/etc/resolv.conf nameserver 172.18.252.36 #把里面的内容都注释掉添加一个DNS服务器地址 [[email protected]~]# dig nsl.lpx123.com @172.18.252.36; <<>> DiG 9.9.4-redhat-9.9.4-61.el7 <<>> nsl.lpx123.com @172.18.252.36; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:821; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, additional:1 #aa代表的是权威, means that this parsing is parsed out by the server itself rather than by forwarding it.; OPT pseudosection:; edns:version:0, Flags:; udp:4096;;            QUESTION section:;nsl.lpx123.com. in A;;     ANSWER SECTION:nsl.lpx123.com. 86400 in A 172.18.252.36 #解析出来的A记录对应的地址;;     Authority SECTION:lpx123.com. 86400 in NS nsl.lpx123.com.; Query time:1 msec;; server:172.18.252.36#53 (172.18.252.36); when:wed 01:50:46 CST 2018;; MSG SIZE rcvd:73[[email protected]~]# nslookup 172.18.252.36 #反向解析Server: 172.18.252.36address:172.18.252.36#5336.252.18.172.in-addr.arpa name = nsl.lpx123.com.
Four, pan domain name resolution

When we need to add DNS resolution in bulk, we can use wildcard characters to write the following

[[email protected] named]# vim lpx123.com.zone$GENERATE 1-100 server$ A       3.3.3.$     #在正向域名解析中添加一条这样的记录

This adds a record from server1.lpx123.com to server100.lpx.com, and the corresponding IP is from 3.3.3.1 to 3.3.3.100, respectively.

[[email protected] named]# nslookup server1.lpx123.comServer:     172.18.252.36Address:    172.18.252.36#53Name:   server1.lpx123.comAddress: 3.3.3.1[[email protected] named]# nslookup server2.lpx123.comServer:     172.18.252.36Address:    172.18.252.36#53Name:   server2.lpx123.comAddress: 3.3.3.2[[email protected] named]# nslookup server100.lpx123.comServer:     172.18.252.36Address:    172.18.252.36#53Name:   server100.lpx123.comAddress: 3.3.3.100

There is a time when we have entered a W can also access to the site we want to visit, or the wrong can also access, this is the use of the pan-domain name resolution
The wording is as follows
*.lpx123.com. A 4.4.4.4

[[email protected] named]# nslookup www.lpx123.comServer:     172.18.252.36Address:    172.18.252.36#53Name:   www.lpx123.comAddress: 4.4.4.4[[email protected] named]# nslookup dns.lpx123.comServer:     172.18.252.36Address:    172.18.252.36#53Name:   dns.lpx123.comAddress: 4.4.4.4[[email protected] named]# nslookup nsl.lpx123.comServer:     172.18.252.36Address:    172.18.252.36#53Name:   nsl.lpx123.comAddress: 172.18.252.36

As long as we do not write lpx123.com domain names are all resolved to the 4.4.4.4 host, the write is not affected.

V. DNS master/Slave

We've set up the primary DNS server, so now we just need to build another one from the DNS server.
1. We are ready to set up the environment first, install the package (IBID.)
2. Edit the global profile (same as the master configuration file)
3. Write the zone database file/etc/named.conf

options {        listen-on port 53 { localhost; };     #这里还是改为localhost        listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };      #这里改为any

We add the following template

zone "lpx123.com" IN {        type slave;     #代表为从域名        file "slaves/lpx123.com.zone";     #复制主域名库文件后的存放位置        masters { 172.18.252.36; };     #主域名的IP地址};

Start the service, we will see in the/var/named/slaves directory there is a file, which is from the Domain name library file, we use another machine to see if we can parse

[[email protected] ~]# dig nsl.lpx123.com @172.18.250.216; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> nsl.lpx123.com @172.18.250.216;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32433;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;nsl.lpx123.com.            IN  A;; ANSWER SECTION:nsl.lpx123.com.     86400   IN  A   172.18.252.36;; AUTHORITY SECTION:lpx123.com.     86400   IN  NS  nsl.lpx123.com.;; Query time: 4 msec;; SERVER: 172.18.250.216#53(172.18.250.216);; WHEN: Thu May 24 21:03:47 2018;; MSG SIZE  rcvd: 62

Parse success
Specify the transmission machine
We found that when we set up the slave server, the master server did not agree that we had taken the server and obtained the zone library file, which was not secure for the primary DNS, so we added a designated transmission machine
Add a/etc/named.conf in the
allow-transfer { 172.18.250.216;}; #括号内填写从服务器ip地址
Test
We use the server to get the data.

[[email protected] slaves]# dig -t axfr lpx123.com @172.18.252.36; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t axfr lpx123.com @172.18.252.36;; global options: +cmdlpx123.com.     86400   IN  SOA nsl.lpx123.com. root.lpx123.com. 20132702 86400 3600 604800 10800lpx123.com.     86400   IN  NS  nsl.lpx123.com.*.lpx123.com.       86400   IN  A   4.4.4.4mail.lpx123.com.    86400   IN  A   2.2.2.2

The data can not be crawled with other machines, but not affected by the normal access to the domain name

[[email protected]~]# DIG-AXFR l.lpx123.com @172.18.252.36; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.62.rc1.el6 <<>>-t AXFR lpx123.com @172.18.252.36; Global options: +cmd; Transfer failed. [[email protected]~]# dig nsl.lpx123.com @172.18.252.36; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.62.rc1.el6 <<>> nsl.lpx123.com @172.18.252.36; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:12384; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, additional:0;            QUESTION section:;nsl.lpx123.com. in A;;     ANSWER SECTION:nsl.lpx123.com. 86400 in A 172.18.252.36;     Authority SECTION:lpx123.com. 86400 in NS nsl.lpx123.com.; Query time:1 msec;; server:172.18.252.36#53 (172.18.252.36); When:thu 24 21:23:47 2018;; MSG SIZE rcvd:62

PS: We set the primary DNS, from the DNS also to do set up or others can also be from your DNS fetch data, but from the DNS if not from the parentheses from the DNS can be changed to none.

Configuring the DNS service on Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.