type of action of the bind system
across the Internet , more than N servers, personal hosts, most of the sites, mail and other servers have used the domain name form of address. such as www.google.com,mail.163.com and so on. It is clear that this form of address is more intuitive than using the 64.233.189.147,202.108.33.74 IP address form and is more easily remembered by the user.
The role of DNS system in the network is to maintain an address database, which records the various host domain name and IP address of the corresponding relationship, in order to provide the client program forward or Reverse address query service, that is, forward parsing and reverse parsing.
forward parsing: Search by domain name IP address, the domain name that is about to be specified resolves to the corresponding IP address. the most basic function of a forward-parsing DNS server for a domain name is the most common feature.
Reverse parsing: according to IP address Check domain name, the IP address will be specified to resolve to the corresponding domain name. The reverse parsing of domain names is not very common, only used in special occasions, for example, can be used to do anti-spam verification.
in fact, every single DNS servers are only responsible for managing the corresponding relationship of host domain names and IP addresses within a limited scope (one or more domains) , which are "zone" for the specific DNS domain or IP address segment. Depending on the direction of the address resolution , the DNS zone is divided into forward zones (which contain the resolution record of the domain name to the IP address) and the reverse zone (including the IP address to the domain name of the parsing record)
depending on the source of the regional address data being administered, the DNS system can be divided into different types. There are different identities in the same DNS server relative to different regions, and there are several common types of these:
Cache name servers: only the cache function of the domain name unloading result is provided to improve the query speed and efficiency, but there is no control of the area address data. When building a cache name server, you must either set the root domain or specify a different DNS server as the source of the resolution.
primary Domain Name server: maintain a particular The address database of the DNS zone, which has autonomous control over the parsing records, is the only authoritative server and official server in the designated region. When building a primary domain name server, you need to establish the address data file for the zone you are responsible for.
from a domain name server: provides the exact same as the primary domain server DNS resolution service, typically used for hot backups of DNS servers. For clients, the results of the query are the same regardless of whether the primary domain name server or the domain name server are used. The key difference is that the parsing results provided from the domain name server are not determined by themselves, but from the primary domain name server. When building from a domain name server, you need to establish the location of the primary name server so that the server can automatically synchronize the region's address database.
The role of the master-slave server mentioned above is only for a specific DNS Zone. For example, the same DNS server can be the primary name server for the test.com zone, and it can also be a slave name server for the. xian.cn zone.
BINDinstallation and control of
Bind is not the only DNS program that can provide domain name Services , but it is the most widely used, andbind can run on most Linux/unix hosts. Its official site is located in https://www.isc.org/
1. installing the BIND software
in the Centos6.6 System, the system CD-ROM comes with the BIND Service installation file, mainly includes the following several packages.
Bind-9.8.2-0.30.rc1.el6.x86_64
Bind-libs-9.8.2-0.30.rc1.el6.x86_64
Bind-utils-9.8.2-0.30.rc1.el6.x86_64
Bind-chroot-9.8.2-0.30.rc1.el6.x86_64
The main functions of each package are as follows:
-
Bind: The main programs and related files for the domain name service are provided,
-
Bind-utils: provides Dns provides bind, Bind-utils
-
Bind-chroot: bind service provides a disguised root directory (/var/named/ Chroot/ directory as bind
-
service control
After the BIND package is installed, a system service called named is automatically added and can be controlled by the script file /etc/init.d/named or the service tool running the DNS domain Name Service
For example, you can query the running state of the named service by doing the following.
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7A/0D/wKiom1ahvxfAOv0cAAAW0StYcxo490.png "title=" Ddd.png "alt=" Wkiom1ahvxfaov0caaaw0stycxo490.png "/>
BINDconfiguration file for the service
Use When the BIND software builds the domain name service, it mainly involves two types of configuration files: The master profile and the zone data file. Where the master profile is used to set the global options for the named service, the registration area and access control, and other operational parameters; Zone data files are used to store address resolution records for a DNS zone (forward and backward records)
Master configuration file:
The main profile named.conf is usually located in the/etc/ directory, in the named.conf file, mainly includes the global configuration, the zone configuration two parts, each configuration record line end with ";" ,the comment text is expressed as the "#" or "//" section (the format of "/*.......*/"can be used for large-segment annotations )
1. Global configuration section:
Global configuration parameters are included in options{}; in curly braces, such as the address and port where you can set the listener, the directory where the zone data files are stored, which client queries are allowed, and so on.
Options {listen-on Port 53 {10.1.1.1;};//listener address and Port directory "/var/named"; The default storage location for zone data files is allow-query{192.168.1.0/24; 173.16.16.0/24;};//allow network segments with this DNS service recursion yes; Allow recursion};
in the above configuration, other configuration items can be omitted except that directory entries are usually retained. If you do not specify a listen-on configuration item,named defaults to the UDP port on all interfaces to listen to the service; When you do not specify a allow-query configuration item, The default is to respond to query requests from all clients.
2. Regional configuration section
zone configuration parameters use "zone ...." { }; "configuration format, a single DNS servers can provide resolution for multiple zones, so there can be many zone configuration segments in the named.conf file, and the zone type can be divided into forward and reverse regions according to the parsing direction.
Zone "test.com" in {//forward test.com area Typemaster; The type is the main area of the file "Test.com.zone"; The zone data file is Test.com.zone allow-transfer{173.16.16.2;}; Allow download from server address};zone "16.16.173.IN-ADDR.ARPA" in{//reverse 173.16.16.0/24 zone typemaster; File "173.16.1.6.arpa"; Zone data file is 173.16.16.arpa};
In the above configuration, there are several places to be aware of:
-
each Zone regions are optional (including root domain, loopback domain, reverse domain), depending on actual needs, zone configuration section of "in" keyword can also be omitted
-
The name of the reverse region has a reversed network address and ". In-addr.arpa" combined. For example, for 192.168.1.0/24 1.168.192.in-addr.arpa
-
File
-
Allow-transfer
after modifying the master configuration file, you can execute the named-checkconf command to check the named.conf file for syntax, and if there is no syntax error in the file, the command will not give any hint; The corresponding prompt will be given, as long as the error is corrected according to the error in the file. the named-checkconf command with the "-z" option can also attempt to load the corresponding zone database file in the master configuration file and check for problems with the file. For example, when the "... file not found" error occurs, the corresponding files cannot be found.
[Email protected]~] #named-checkconf–z/etc/named.conf
for a detailed description of the configuration items given in the named.conf file, you can perform a "man named.conf" View man page.
Zone Data Profile:
The zone data profile is typically located in the/var/named/ directory, where each zone data file corresponds to a DNS resolution Zone, and the file name and content of the domain are set by the administrator.
root domain. "The zone data file is special. all DNS servers in the Internet Use the same copy of the root zone data file, which lists the domain names and IP addresses of all root servers . Root zone data files can be downloaded fromthe official website of The International Internet Information Center ( InterNIC) http://www.internic.net
in the zone data file, it mainly includes TTL Configuration Item , SOA(start ofauthority authorization information) record, address resolution record, comment information in file with semicolon ";" start.
1. TTL Configuration and the SOA Records section:
the first line of The TTL configuration is used to set the default lifetime, which is the effective time that the cache resolves the results. the SOA Records section is used to set the zone name, manage mailboxes, and specify update parameters for the domain Name service:
$TTL 86400 //effective parsing of the life cycle of records @ in soa Test.com admin.test.com. ( //soa tag, domain name, admin email 20160122 //Update serial number, can be 10 of the number of 3H //refresh time, interval of re-data 15m //retry delay, retry interval after download failure 1W //failure time, more than that time still cannot download then discard            &NBsp; 1d //invalid parsing record life cycle)
in the above configuration content, the time unit is seconds, or the following units can be used: M ( min ),H ( time ),W ( week ),D ( day ). The "@" symbol in the file represents the current DNS zone name, which is equivalent to "test.com." , "admin.test.com. "indicates the e-mail address of the domain administrator (because the"@"symbol already has other meanings, so the @ in the mail address is used".) "instead). The update sequence number in the SOA record is used to synchronize the master, from the server's zone data, when judging the zone update from the server if the primary server's serial number is found to be the same as the serial number in the local zone data, it will not be updated.
2. Address resolution record Section
address resolution record used to set dns domain name within the region, Ip
@ in ns ns1.test.com. in mx 10 mail.test.com.ns1 in A 58.119.74.203www IN A 173.16.16.1mail IN A 173.16.16.4ftp in cname www
The following four common address resolution records are used in the above configuration:
NS Domain Name server (name server): The host address of the DNS server that logs the current zone
MX Mail exchange: Records the host address of the mail server for the current zone, with the number of messages (when there are multiple MX Records) Choosing the priority of the mail server, and the higher the number, the lower the priority level.
A Address: Record forward parsing entries, such as "www INA 173.16.16.1" means the domain name www.test.com the corresponding IP address is 173.16.16.1
CNAME: record a different name for a forward parsing entry. For example, "ftpin CNAME WWW" means that the domain name ftp.test.com is www.test.com alias,
among them, NS,the @ symbol at the beginning of the MX record can be omitted (by default the @ information at the beginning of the SOA record is inherited ), but a space or tab stop must be preserved
in the reverse zone data file, no A record, but A PTR pointer is used. For example, for reverse zone 16.16.172.in-addr.arpa, the added reverse resolution record can be in the following form:
1 in PTR www.test.com.4 in ptr mail.test.com.
Use PTR Record, the first column only needs to indicate the corresponding IP address of the "Host address" section, such as "1", "4" and so on, the system when looking for address records automatically will be the current reverse domain network address as a prefix, for example, In the above file, "4 inPTR mail.test.com". represents the domain name of the IP address for The 172.16.16.4 host is mail.test.com.
In a zone data profile, a host address that does not end with a dot will automatically use the current domain name as a suffix when finding address records, for example, if the current The DNS domain is test.com, and the host address "www" in the file isequivalent to "www.test.com." so when using the full FQDN , be sure to remember the dot at the end of the address ". "Cannot omit
after you have modified the zone data file, you can perform a syntax check on the file by executing the named-checkconf command, specifying the zone name, and the data file name as the parameter. If there is no syntax error in the file, the system will give you an "OK" message. For example, to check The zone data file for DNS zone test.com test.com.zone You can do the following
[Email protected]~] #cd/var/named
[[email protected] named] #named-checkzonetest.com Test.com.zone
when a server needs to host a single when many different domain names are in the DNS zone (such as IDC 's virtual host servers, Web servers that provide personal home page space, etc.), you can add a pan domain name resolution record on the last line of the zone data file, using "*" to match any host name.
* in A 173.16.16.173
This article is from the "Small White blog" blog, please be sure to keep this source http://xiaobai1981.blog.51cto.com/9649602/1737608
DNS Domain name resolution service (i)