DNS forward and Backward parsing Library configuration chapter (i)

Install the DNS package:

Yum install-y bind

To Configure the DNS master configuration file:

Configuration files:/etc/named.conf,named.rfc1912.zones,

Parse Library file:/var/named/

1. vi/etc/named.conf

Listen-on Port 53 {192.168.1.10;};

To turn off the security features of DNS without affecting the local parsing feature:
Dnssec-enable No;
Dnssec-validation No;
Dnssec-lookaside No;

2. Check the configuration file syntax:

Named-checkconf

3. Start the DNS service program:

Systemctl Start named

4. Check if the service is open successfully: Port 53rd and Port 953

Ss-tanp

5. Point the native DNS server to its own

Vi/etc/resolv.conf

NameServer 192.168.1.10

6. Heavy Duty Service

Systemctl Reload Named.service

7. Test:

Forward resolution: That is, the FQDN---IP

Method One: Dig-t a www.baidu.com

Method Two: ~]# host-t A www.baidu.com

Method Three: [Root@localhost ~]# nslookup

> Server 192.168.1.10
Default server:192.168.1.10
address:192.168.1.10#53
> Set Q=a
> www.sina.com
server:192.168.1.10
address:192.168.1.10#53


Non-authoritative Answer:
www.sina.com canonical name = us.sina.com.cn.
us.sina.com.cn canonical name = News.sina.c om.cn.
news.sina.com.cn canonical name = jupiter.sina.com.cn.
jupiter.sina.com.cn canonical name = polaris.sina.com.cn.
Name:polaris.sina.com.cn
address:202.108.33.60

Reverse resolution: IP---FQDN

Dig-x 61.135.162.215

Define Zone Zone files:

Chown:named angrybeans.com

chmod o= angrybeans.com

Check syntax:

Named-checkozone Zone_name Zone_file

to configure the Forward parsing library:

1. Configure the resolution Library Master profile

Vim/etc/named.rfc1912.zones

Add the zone you want to configure:

Zone "Angrybeans.com" in {
Type master;
File "Angrybeans.zone";
};

2. Adding Angrybeans.zone's detailed forward parsing content

Vim/var/named/angrybeans.zone

Add the following content to the inside:

$TTL 3600
$ORIGIN angrybeans.com.


@ in SOA ns1 admin (
20170125
4H
2H
12H
1D
);


In NS ns1
In MX ten M1
In MX m2
NS1 in A 192.168.1.10
A In a 192.168.1.2
B in A 192.168.1.3
Flower in A 192.168.1.4
M1 in A 192.168.1.5
M2 in A 192.168.1.6
Food in A 192.168.1.7
Eat in CNAME food
Fish in A 192.168.1.10
Fish in A 192.168.1.20

Description: @ Indicates the name of the area specified in the/etc/named.rfc1912.zones angrybeans.com, to write the complete should be written as angrybeans.com.    The second line in the beginning defines the macro $ORIGIN which means that angrybeans.com is used. However, it is necessary to add some of the following, in order to show the complete format, and the back in front omitted @ is because you can inherit the above SOA in front of the name

3. Check the zone syntax after configuration:

~]# Named-checkzone Angrybeans.com/var/named/angrybeans.zone

4. For security reasons, it is necessary to modify the permissions of the Zone profile

Chgrp Named/var/named/angrybeans.zon

chmod o=/var/named/angrybeans.zone

5. View Zone Number: 101

[Root@localhost ~]# RNDC Status
Version:9.9.4-redhat-9.9.4-18.el7 <id:8f9657aa>
CPUs Found:4
Worker Threads:4
UDP listeners per Interface:4
Number of zones:101

6. Heavy Duty Service:

Method One: ~]# RNDC Reload

Method Two: ~]# systemctl reload Named.service

7. Re-view the number of zones in zones 102, indicating a successful configuration

[Root@localhost ~]# RNDC Status
Version:9.9.4-redhat-9.9.4-18.el7 <id:8f9657aa>
CPUs Found:4
Worker Threads:4
UDP listeners per Interface:4
Number of zones:102
Debug level:0
Xfers running:0
Xfers deferred:0
SOA queries in progress:0
Query logging is OFF
Recursive clients:0/0/1000
TCP clients:0/100
Server is up and running

8. Detection:

~]# dig-t CNAME eat.angrybeans.com

~]# dig-t A m1.angrybeans.com

Now try to do reverse parsing is not possible, dig-x 192.168.1.5

To Configure the Reverse resolution Library:

1. Vim/etc/named.rfc1912.zones

Add a zone for the Reverse parsing library:

Zone "1.168.192.in-addr.arpa" {
Type master;
File "192.168.1.zone";
};

2.vim/var/named/192.168.1.zone

$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.


@ in SOAns1.angrybeans.com. Admin.angrybeans.com. (
20170125
1H
10M
2H
3H)


In NSns1.angrybeans.com.
Ten in PTRns1.angrybeans.com.
5 in PTRm1.angrybeans.com.
4 in PTRflower.angrybeans.com.

3. Check the syntax:

[Root@localhost named]# Named-checkzone/etc/named.rfc1912.zones/var/named/192.168.1.zone
/var/named/192.168.1.zone:4: Ignoring Out-of-zone data (1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:12:ignoring out-of-zone data (10.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:13:ignoring out-of-zone data (5.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:14:ignoring out-of-zone data (4.1.168.192.in-addr.arpa)
Zone/etc/named.rfc1912.zones/in:has 0 SOA Records
Zone/etc/named.rfc1912.zones/in:has no NS Records
Zone/etc/named.rfc1912.zones/in:not loaded due to errors.

Reported a number of errors, but does not affect the inverse parsing

4. Modify Permissions:

Chown:named/var/named/192.168.1.zone

chmod o=/var/named/192.168.1.zone

5. View the number of zones and change to 103

RNDC status

6. Heavy-duty RNDC

RNDC Reload

7. Test, reverse parsing success, and then try forward parsing is no problem

[Root@localhost named]# dig-x 192.168.1.4


; <<>> DiG 9.9.4-redhat-9.9.4-18.el7 <<>>-X 192.168.1.4
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:62542
;; FLAGS:QR AA Rd RA; Query:1, Answer:1, Authority:1, Additional:2


;; OPT pseudosection:
; edns:version:0, Flags:; udp:4096
;; QUESTION section:
; 4.1.168.192.in-addr.arpa. Inptr


;; ANSWER section:
4.1.168.192.in-addr.arpa. 3600 inptr flower.angrybeans.com.


;; Authority section:
1.168.192.in-addr.arpa. 3600IN NS ns1.angrybeans.com.


;; ADDITIONAL section:
ns1.angrybeans.com. 3600IN A 192.168.1.10


;; Query time:0 msec
;; server:192.168.1.10#53 (192.168.1.10)
;; When:mon Jan 09:45:37 EST 2016
;; MSG SIZE rcvd:122