DNS server construction (2)

Standard DNS software:
BIND: Berkeley Internet Name Domain

Associated software packages: software packages starting with Bind
Bind-libs provides library files for some peripheral tools
Bind-utils client command line tool
BIND server package, used to provide DNS Server
Bind-chroot, do not install it. This program is very strange.
Bind-devel Development Kit
Bind-libbind-devel Development Kit
Bind-sdb puts DNS data in the MySQL database
If you want to use it, you only need to install bind.

Caching-nameserver. After the software package is installed with Yum, You can automatically install a DNS server with a pure cache name.

Dig-T ns.
Dig-T ns. @ a.root-servers.net>/var/named. ca
DNS is a protocol, BIND is software, and process name is named.
There are three configuration files, or two
First:/etc/named. conf
The second one: the files/etc/rndc. conf or/etc/rndc. Key are not identical,
Is the Bind Remote auxiliary tool,
The main configuration file mainly defines the region. The local DNS server is mainly responsible for the resolution of the name server in which regions, so it mainly defines some regions,
Of course, some global options are also defined here, such as/etc/named. conf. To achieve name resolution, some data files are also required. These data files are on Redhat.
By default, there is a configuration file in each region under the/var/named/directory. Therefore, each domain has two configuration files.
To achieve forward and reverse resolution in the domain. These data files are called with all their names and can be defined by themselves, but one of them is required.
Yes, if you use it on the internet, you must tell your DNS server where your root is, and you must tell it
Who is the domain name server of the 13 root node servers in the world? It is usually named. Ca on Redhat. What does this name add,
What's important is your definition in/etc/named. conf. As long as the corresponding file exists,
The main configuration file consists of two main sections:
The first section, global option section:
We use options to guide, add a {}, and define various options to guide, but for this configuration file,
The syntax requirements are very strict. There must be spaces before and after "{". Otherwise, it is a syntax error.
There must also be a space between '{' and '{', except for no characters. Second, except '{', after all the rows have been written
You must add ";" this is the global option segment. The definition here takes effect for the whole server, not for a region,
The format of the global option segment is as follows:
Options {
Version "Haha ";
};
If it only takes effect for a region, we will use the zone keyword to declare a region and use "Zone"
Keyword, usually followed by your name, such as Zone "a.org", followed by the keyword "in"
Then, enclose them with curly braces and add options in them. These options are only valid for the region. "in" can be omitted,
Format:
Zone "a.org" in {

};
In addition to these two types, you can also segment DNS configuration files like other server packages in RedHat.
Other commands can also be included. We use the include command,
Include includes other configuration files, indicating that they exist as part of the configuration file and can be combined with this file.
Becomes our main configuration file,
How to create a basic master configuration file:
First, check whether/etc/named. conf exists. At this time, it should not exist and need to be manually created,
Vim/etc/named. conf
Follow the format:
Global option segment:

Options {directory "/var/named"; // this option is the most important, used to define the working directory and tell your server where your data files are .}; // There are many global options available here. You can use man named to view them.

Region option segment: in fact, even if you do not provide services to anyone, you must define at least three regions as a cache name server.
First Region: Root

Zone ". "In {type hint; // This is a fixed domain name. The so-called prompt will guide you step by step to parse the desired host name file" name. CA "; // This file is stored on the domain name server of the 13 root nodes in the world. It does not exist by default and needs to be manually created.}; // use the relative path here, the relative path you have defined in the Global Options

Second Region: forward resolution

Zone "localhost" in {type master; // This is also fixed. I am a Primary Domain Name Server File "localhost. zone "; // It is usually the name of your region. suffix of Zone };

Third Region: reverse resolution

Zone "0.0.127.in-ADDR. ARPA "in {type master; // This is also fixed. I am a Primary Domain Name Server File" named. local "; // This is the usual use of RedHat };

At this time, as long as someone directs the Domain Name Server to you and you can access the Internet, you can resolve the name on the Internet,
It will help you find the root, as long as the root cannot be found,
After the main configuration file is created, you need to create relevant files.
Note that you must change the group to named to include your master configuration file and your data file.
Chown: Named/etc/named. conf
The three master configuration files are under/var/named/, so
CD/var/named/
The three master configuration files are not found,

Dig-T ns. the global root node cannot be fully queried in some cases. Therefore, dig-T ns is used to query one of the global root nodes for a long time. @ a.root-servers.net at this time will surely get the final answer dig-T ns. @ a.root-servers.net>/var/named. CA then we redirect it to named. CA

At this time, a configuration file has been completed.
Create the second file "localhost. Zone"
Vim localhost. Zone
The region file can only contain two types of data: 1. macro definition, or variable definition 2. Each record, or resolution record.
$ TTL 86400 // This defines a macro, which is the validity period of the cache. When the value changes rapidly, the definition is smaller. If the value does not change, the definition is longer.
Resolution record:
Name [TTL] In record_type Value
Limit can be omitted
Shape:

www.a.org     86400 IN A 1.1.1.1

This is a record,
The reverse is PTR, which records the pointer and resolves the IP address to the host name.
For example, 1.1.1.1 86400 in PTR www.a.org is not in this format. We will write the correct format later,
The TTL value needs to be set according to the actual situation. Generally, the TTL value should not be less than 10 minutes.
The first record can only be an SOA record. For a data file, SOA usually can only have one record.

This name is always the same as that defined in your zone ". "End, indicating that the root end is reached ". "It cannot be saved # localhost. 600 in SOA localhost. admin @ localhost. // For SOA, the value of region is unique. It must indicate the name of the host. Generally, you can write your region name, or the name of the primary DNS is localhost. this point is indispensable. The "@" here also has a special meaning. It is a acronyms, which is equivalent to the previous "localhost". Therefore, you can replace it with @ here, therefore, the subsequent email address should be written in the following form: @ 600 in SOA localhost. admin. localhost. (the version number of 2011081601 data cannot exceed 10 digits. Generally, it can be written based on your date. It is mainly used for data synchronization. 1 h can be used for M, D, W, refresh time. The default value is the expiration time of the second 10 m retry time 7d slave server, that is, the suicide time 1D)

The TTL value of the negative answer. I have already told you whether it is none or not, so don't bother me any more during this time.
Article 2: NS record, which indicates who the DNS server in this domain has. The format is the same. First, write the name. Generally, this name is the name of your region, so you can write it as localhost .,
At this time, you can even "@" without writing it. It can be inherited directly from the above, but if there are other records between the two records, you must write it ." NS "cannot be followed by an IP address. It must be the host name of your DNS server.
It is usually "ns. What". It is called localhost here.

      IN   NS    localhost.                                                                    localhost.   IN   A     127.0.0.1

I have done so much mainly to resolve the localhost name 127.0.0.1
Reverse

@ 600 in SOA localhost. admin. localhost. (2011081601 data versions 1 h can use M, D, W, refresh time. The default value is the second 10 m retry time 7d slave server expiration time, that is, the suicide time 1D)

The TTL value of the negative answer. I have already told you whether it is none or not, so don't bother me any more during this time.
Second, NS record

      IN   NS    localhost.                                                                   1      IN   PIR     localhost.

Region our region is named "0.0.127", so we only need to complete it here. This is a fixed format.

The group of the three files should be changed to named.

Service named configtestnamed-checkconfig check syntax information named-checkzone check area syntax error, do not check the logic error named-checkzone "localhost"/var/named/localhost. zonenamed-checkzone "0.0.127.in-ADDR. ARPA "/var/named/localhost. zone

Start the service

service named start

View port 53

Edit your client:/etc/resolv. conf.
Point the nameserver to 127.0.0.1.
Then you can verify

Dig-t a www.baidu.com

Let's take a look:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t A www.baidu.com;; global options:  printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34470;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0;; QUESTION SECTION:;www.baidu.com.   IN A;; ANSWER SECTION:www.baidu.com.  1200 IN CNAME www.a.shifen.com.www.a.shifen.com. 600 IN A 61.135.169.125www.a.shifen.com. 600 IN A 61.135.169.105;; AUTHORITY SECTION:a.shifen.com.  86422 IN NS ns6.a.shifen.com.a.shifen.com.  86422 IN NS ns2.a.shifen.com.a.shifen.com.  86422 IN NS ns4.a.shifen.com.a.shifen.com.  86422 IN NS ns5.a.shifen.com.;; Query time: 3250 msec;; SERVER: 127.0.0.1#53(127.0.0.1);; WHEN: Tue Aug 16 19:50:38 2011;; MSG SIZE  rcvd: 162