1 abbreviations
Look at the shorthand form: the simplest is
Concept: The second field of the zone statement is used to specify the domain name, which is the source of all data in the region's data file (origin)
Www.cui. In A 192.168.7.234
The shorthand method is www in A 192.168.7.234
In fact: www means cui. Host under this domain
The shorthand source is based on:
Zone "Cui" in {
type Master;
file "Db.cui";
};
In the RR, all names that do not end with ".", such as WWW, are automatically appended to the source "Cui" of the field behind the zone in the configuration file, so the combination is www.cui.
Similarly
234.7.168.192.in-addr.arpa. In PTR Www.cui.
Shorthand:
234 in PTR Www.cui.
2 notation of the @ symbol
If a domain name and source are the same, then changing the name can be expressed as "@" most commonly in the SOA record in the zone data file
can be written as
@ in SOA bind1.cui. Bind1.cui. (1h 3h 1h 1w 2h)
"Control query Transport for security"
1 Allow-query allowed address of the query
Only localhost is allowed by default
allow-query {localhost;};
Result: Non-native queries will not answer
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/46/wKiom1c8efORIZoQAAAeEs_MIMQ090.png "title=" Dns1.png "alt=" Wkiom1c8eforizoqaaaees_mimq090.png "/>
General change: Allow from all query, or have ACL control specific network
Allow-query {any};
2 Allow-transter {any;};
Function: Control zone transfer (master and slave
Allow zone transfers for those hosts to receive services
3 recursion Yes; Allow recursive queries
4 allow-recursion {any;} By default, specifies which hosts are allowed to recursively query through this server
5 Allow-query-cache {any;};
Find Cache
6 Network Listener interface is generally set to
Role: The server responds to the query's port number and interface (that is, the IP address)
listen-on port Youip;};
If: Set to Listen-on port, {any;}; Then all the ports will listen.
Application: If you do not want to listen on the IPV6 interface
Listen-on-v6 Port: {none;};
"RNDC Maintenance DNS Command"
1 managing DNS can be done by sending some signals on Linux
Such as:
Kill-hup ' Cat/var/run/named.pid '
RNDC provides more means to manage signals via channels (channel)
= = Overload:
Such as:
RNDC Reload
Reload the server configuration file and zone zone file
Equals
/etc/init.d/named reload = Kill Kill-hup ' Cat/var/run/named.pid '
Note: Also an overload of the specified zone RNDC reload zone
such as: Rndc Reload Zone
= = Restart Service
RNDC restart = =/etc/init.d/named restart
= = Status
RNDC Status = =/etc/init.d/named Status
= = Stop/start
Rndc stop =/etc/init.d/named stop = = Kill term ' cat/var/run/named.pid '
= = Empty Cache
RNDC Flush
Note: The difference between overloading and rebooting:
The most intuitive is that the reboot process PID will change, the overload will not change
Overload just re-read the configuration file, did not kill the program on restart
2 RNDC can control the premise:
/etc/rndc.key
Can be manually generated
Rndc-confgen-r/dev/urandom-a
Note: Control can be specified in named.conf by the controls option in the options, which is not required by default
3 RNDC Listening port is 953
650) this.width=650; "title=" 789337.png "alt=" 789337.png "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "/>
4 after modifying the zone file information in primary, make sure to add +1 to the serial number.
5 Error:
9 15:32:50 cui2 named[10634]: none:0: Open:/etc/rndc.key:permission denied
Workaround:
chmod +r/etc/rndc.key
"Those files and functions of the parser"
The 1 parser is the client program for DNS
Such as:
Telnet Shop-web01.beta will call the DNS resolver to resolve this Shop-web01.beta domain name
Ftp
Ping
Ssh
Scp
Wait, the program calls the DNS resolver program.
2 documents involved
Nsswitch.conf
/etc/resolve.conf
/etc/hosts
Hostname
3 phenomena
Why does the ping DPINDEX-WEB01 parser automatically parse this Dpindex-web01.beta
650) this.width=650; "title=" 956664.png "alt=" 956664.png "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "/>650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/46/wKiom1c8e_WQyzt5AACBHoQVlAw042.png "title=" Dns2.png " alt= "Wkiom1c8e_wqyzt5aacbhoqvlaw042.png"/>
4 Explanation nsswitch.conf File description
General purpose: One of the rows default
Hosts: files DNS
It means that when the parser resolves the domain name, it looks for the DNS name server under/etc/hosts.
5 explaining the role of hostname and the local region
hostname If it is a host name. The form of a domain such as: Shop-web01.beta
Then the dot number (Beta) represents the local domain
With the local domain at the time of input, the parser will automatically supplement such as:
Ping Dpindex-web01
The parser will read into Dpindex-web01.beta and automatically add the local domain
Functions, such as tab, to reduce input
Note:
If the hostname host name does not have "." Then the domain will become root
If you want to add more "." In the local domain and host name, the parser is smart enough to handle it!
6 Interpreting individual directives in the/etc/resolve.conf file
Domain
Search
NameServer
Options
Domain also specifies the local domain, if present in resolve.conf, this directive
such as domain beta, it will overwrite the hostname computed domain.
The search directive is similar to domain
Just support multiple domains
NAMESERVER Specifies the name server to use
Such as:
NameServer 1.1.1.1
NameServer 2.2.2.2
NameServer 3.3.3.3
You can use more than one, when the first failure uses a second
The second is only used when the first query is over time or a network error!
Note that it is not the first query that does not have a result (normal return), so that the second name server is not used
Such as
The Options command sets some debug or timeout retries, etc.
Such as:
Options Attempts:4 Timeout:2 Ndots:2
Note:
Some of the features and versions are different, and the above is supported after the 8 release
Some of the other about too detailed to use, please refer to bind and DNS this authoritative book
"Parse Command"
1 nslookup is used primarily under Windows, Linux is easy to use
Nslookup domain name
Nslookup IP Reverse resolution
Analytic Analysis of information analysis:
Reference
Http://doc.okbase.net/1382972/archive/110141.html
Focus on:
The flags flag, if present, indicates that a flag is not set if it does not appear:
QR query, search flag, Representative is query operation
RD recursion desired, which represents a recursive (recursive) query operation that you want to perform
The RA recursive available is set in the return, and the server that represents the query supports recursive (recursive) query operations.
AA authoritative Answer authoritative reply, if the query results are provided by the domain name server that manages the domain name instead of the cache server, it is called an authoritative reply.
Authority authoritative domain name server record number, 5 means that the domain name has 5 authoritative domain name server, can be used for domain name resolution. Corresponds to the following authority section
ADDITIONAL Extra Records, 6 represents 6 extra records. Corresponds to the following ADDITIONAL section.
2 Dig command
Dig Domain Name
Configured by default using local DNS (/ETC/RESOLVE.CONF), to resolve
Default resolution A record
Options or parameters
Dig @dnsserver Domain Name
Specify the name server you specify to parse the domain
Such as:
Dig @localhost. Beta
DIG-T type domain name
Role: Specify record type
Such as:
Dig-t MX dianping.com
Dig-x IP
Role: To perform counter-analysis, generally work in the intranet
Such as:
Dig-x 192.168.213.86
Dig +trace Domain Name
Role: Forces the search results to be iterated from root
Such as:
Dig +trace
www.sina.com.cn
"Forward"
Forwarded to the specified name server to parse
Common configuration is, for a region itself can not resolve the forward configuration!
Such as:
For the beta and NH zones, the local localhost name server is unresolved, so it needs to be forwarded for this zone
Type forward;
Forward {192.168.211.116;};
650) this.width=650; "title=" 264567.png "alt=" 264567.png "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "/>
Note: Of course, you can also do global forwarding, this name server completely only as a forwarding server!
Its working process: the default is forwarding priority (relative to the iteration root)
The process is: The local resolution domain name, if there is no local or cache, then it is like a forwarding server to initiate a query, if after a short period of time did not receive response responses, so long will be normal operation, began to iterate query!
Whether add forward-only; just a little difference and forwarding priority, just a little difference in speed!
Since the version is not the same, my bind version 9.8
Tail-f/var/log/messages
The default configuration file, only configure forward a region, you may not parse, will error
Validating @0x7f4f680616c0: Beta Soa:got insecure response; Parent indicates it should be secure
Solution:
Dnssec-enable No;
Dnssec-validation No;
Turn yes all to No
This article is from the "Tridewah operation and maintenance work Road" blog, please be sure to keep this source http://cuidehua.blog.51cto.com/5449828/1774913
DNS configuration and points of attention in various files