Construction and configuration of DNS server for Linux system

First, Introduction

1, DNS (domain Name System), the Internet as a domain name and IP address mapping of a distributed database, to make it easier for users to access the Internet, instead of remembering the number of IP strings that can be read directly by the machine. The process of obtaining the IP address of the host name is called the domain name resolution through the hostname.

2, the role of DNS domain Name System

1) Forward parsing: Find the corresponding IP address based on the hostname (domain name)

2) Reverse resolution: Find the corresponding host domain name based on IP address

3, the working mode of the DNS system

1) Recursive query:

The client queries the DNS server for a recursive query, and the DNS server must return the address if it does not know that other DNS servers can be queried.

2) iterative Query

The general DNS server is an iterative query, the target DNS can return an approximate result to the source DNS, can be the other destination DNS address, the source DNS will continue to the next target DNS query, until the obtained address.

Second, installation and configuration

1. Installation

1) package Name: Bind

2) service Name: named

3) port number: TCP 53

4) Main configuration file:/etc/named.conf

5) Zone Profile:/etc/named.rfc1912.zone

6) Data configuration file:

Forward parsing configuration file:/var/named/named.localhost

Reverse parsing configuration file:/var/named/named.empty

2. DNS server configuration (test domain: test.com; Test network segment: 192.168.136.0)

1) Check whether the DNS service is installed (the experimental machine is a redhat6.4-x64 bit system), if the following results are displayed, it is installed, otherwise it needs to be installed by CD. 650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/1D/wKioL1V0RSrwGTsTAABgabiCTnI390.jpg "title=" 1.jpg " alt= "Wkiol1v0rsrwgtstaabgabictni390.jpg"/>

2) Configuring the master configuration file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/21/wKiom1V0RE6BvNkKAAKyXmByvCg460.jpg "title=" 2.jpg " alt= "Wkiom1v0re6bvnkkaakyxmbyvcg460.jpg"/>

Options {

listen-on Port 53 {192.168.136.11;}; #配置IPv4监听端口及监听网卡
Listen-on-v6 Port 53 {:: 1;}; #配置IPv6监听端口及监听网卡
directory "/var/named"; #配置数据文件存放目录
dump-file "/var/named/data/cache_dump.db"; #缓存数据文件存放位置
statistics-file "/var/named/data/named_stats.txt"; #状态数据文件存放位置
memstatistics-file "/var/named/data/named_mem_stats.txt"; #内存状态数据文件存放位置
allow-query {any;}; #配置允许那些IP可以通过这台DNS进行解析 (including: none: No Ip;any: Any ip;ip: single IP address; IP segment: Allow a network segment)
recursion yes; #是否允许递归查询

dnssec-enable Yes; #防止dns欺骗
dnssec-validation Yes;
dnssec-lookaside Auto;

/ * Path to ISC DLV key * /
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
          };

Logging {#日志信息
Channel Default_debug {
file "Data/named.run";
severity dynamic;
             };
          };

zone "." in {#根域
type hint; # "hint" type denotes root domain
file "named.ca";

};  

3) Configure zone files

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/1D/wKioL1V0RpWyq69eAADyL_Viz3o256.jpg "title=" 3.jpg " alt= "Wkiol1v0rpwyq69eaadyl_viz3o256.jpg"/>

Zone "test.com" in {#声明正向解析的域

type Master; #声明是主域名服务器, "master" type
file "Test.localhost"; #声明正向数据文件的名字
allow-update {none;}; #声明是否允许自动更新
          };

zone "136.168.192.in-addr.arpa" in {#声明反向解析的域, such as: 136.168.192.in-addr.arpa, IP address of the network bit to be written in reverse
type Master; #声明是主域名服务器
file "Test.empty"; #声明反向数据文件的名字
allow-update {none;};
          };

Note: The content in the configuration file here is deleted after the original configuration file, leaving the required content.

4) Configuring the Forward parsing configuration file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/1D/wKioL1V0R-WgdKmmAAEhn3xspI4309.jpg "title=" 4.jpg " alt= "Wkiol1v0r-wgdkmmaaehn3xspi4309.jpg"/>

$TTL 1D #生存时间 1 days (D: day; W: Week)

@ in SOA baidu.com. Rname.invalid. (

#当前域名 Jump pointer start authorization record area domain name admin mailbox
0; Serial #序列号
1D; Refresh #刷新时间
1H; Retry #重试时间
1W; Expire #到期时间
3H); Minimum #最小时间
NS dns.baidu.com. #代表当前区域内的dns域名
MX 5 mail.baidu.com. #邮件交换记录,priority must be set or the service cannot start。 The smaller the number, the higher the priority
DNS A 192.168.136.10 #域名解析成IP地址的记录
Mail A 192.168.136.11
www A 192.168.136.12
FTP CNAME www #别名记录

5) Configure the reverse resolution configuration file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/1D/wKioL1V0R0_Qaam7AAEQArP3rmI122.jpg "title=" 5.jpg " alt= "Wkiol1v0r0_qaam7aaeqarp3rmi122.jpg"/>

Third, test, the test machine DNS set to its own set of DNS, and then through the nslookup command test, if the following results are shown, then congratulations, the DNS service was built successfully!!!

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6E/1D/wKioL1V0R5jRzTDBAAJg9S30XJQ322.jpg "title=" 6.jpg " alt= "Wkiol1v0r5jrztdbaajg9s30xjq322.jpg"/>

This article is from the Linux OPS blog, so be sure to keep this source http://jinghsy.blog.51cto.com/7648537/1659485

Construction and configuration of DNS server for Linux system