# DNS Server
> D is the region.
N is the name
S is a service
### DNS services
> 1. cache Domain Name Server
You can find the domain name resolution for you, but it cannot be resolved.
Go to the public network to find the real Domain Name Server, go to the domain name resolution, after you come back, put it in your own cache, it is for you, you are requesting the same data it has
> 2. Primary Domain Name Resolution Server
That is, he maintains a domain name resolution record.
> 3. Slave DNS server (Master backup)
> 4. Smart Resolution Server
### Two resolution records
> 1. Forward resolution record
Domain Name ==> IP
(1) The a record is to convert the domain name into an IP address.
(2) cname alias resolution
> 2. Reverse resolution record
IP ==> Domain Name
(1) PTR reverse resolution
### DNS query methods
> 1. recursive query
Services that do not need help are called recursive queries.
> 2. Iterative Query
The service that asks for help is called iterative query.
If the Domain Name Server www.baidu.com is assigned at worldwide, this domain name also contains a bit of this stuff. Therefore, ldns goes to the Domain Name Server for help.
! Export image_1cqdvfa3bgjl1igd1e2bc1u1oan33.png-698.3kb] [1]
# DNS port number
> DNS port: 53
# DNS Cache service establishment
### Preparations
> Rpm-Qa | grep-W bind-chroot ==> two software packages must be installed.
### Main configuration file
> Vim/etc/named. conf ==> DNS master configuration file (the main configuration file is available after the software package is installed)
'''
Options {
Listen-on port 53 {192.168.200.67 ;};
// Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
Allow-query {Any ;};
Recursion yes;
DNSSEC-enable no;
DNSSEC-validation no;
// DNSSEC-lookaside auto;
/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. Key ";
Managed-keys-directory "/var/named/dynamic ";
};
Logging {
Channel default_debug {
File "Data/named. Run ";
Severity dynamic;
};
};
Zone "." In {
Type hint;
File "named. ca ";
};
Include "/etc/named. rfc1912.zones ";
Include "/etc/named. Root. Key ";
'''
### Master configuration file details
'''
Options {
Listen-on port 53 {192.168.200.67 ;};==> listener IP Address
Listen-on-v6 port 53 {: 1 ;};==> comment out, in the DNS configuration file // represents comment
Directory "/var/named"; ==> DNS directory location
Dump-file "/var/named/data/cache_dump.db" ;==> DNS data file location
Memstatistics-file "/var/named/data/named_mem_stats.txt"; ==> DNS cache data file location
Allow-query {Any ;};==> allow connection to my IP address range. Any indicates allow all
Forwarders {202.106.0.20 ;};==> tell which domain name to find, can be written or not
Recursion yes; ==> whether to perform iterative Query
DNSSEC-enable no; ==> changed to no
DNSSEC-validation no; ==> changed to no
DNSSEC-lookaside auto; ==> some verification, comment out
Zone "." In {
Type hint;
File "named. ca" ;==>: Click the domain name to find it.
'''
### Check whether the primary configuration file of the DNS server is incorrect
> Named-checkconf/etc/named. conf ==> check if no information is displayed indicates that the verification is successful.
> Etc/init. d/named start ==> start the DNS Service
> Netstat-antup | grep 53 ==> check whether the port is enabled.
### Temporary DNS Client configuration file
> Vim/etc/resolv. conf
> Nameserver 192.168.200.67 ==> temporary server configuration modification is the same as the IP address of the DNS master configuration file. Restarting the NIC is naturally overwritten by the original file.
> Ping www.baidu.com ==> ping to check whether the service is correct. The card is normal because you are looking for a domain name.
! Export image_1cqe0hh2g1b79u7i16frcsd9b13t.png-15.4kb] [2]
# Building a DNS primary domain name resolution service
### Preparations
> Rpm-Qa | grep-W bind-chroot ==> two software packages must be installed.
### Forward parsing configuration file
> Vim/etc/named. conf ==> DNS master configuration file (the main configuration file is available after the software package is installed)
'''
Options {
Listen-on port 53 {192.168.200.67 ;};
// Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
Allow-query {Any ;};
Forwarders {202.106.0.20 ;};
Recursion yes;
// DNSSEC-enable no;
// DNSSEC-validation no;
// DNSSEC-lookaside auto;
/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. Key ";
Managed-keys-directory "/var/named/dynamic ";
};
Logging {
Channel default_debug {
File "Data/named. Run ";
Severity dynamic;
};
};
Zone "yunjisuan.com" in {
Type master;
File "yunjisuan.com. Zone ";
};
Zone "." In {
Type hint;
File "named. ca ";
};
Include "/etc/named. rfc1912.zones ";
Include "/etc/named. Root. Key ";
Configuration details
Listen-on port 53 {192.168.200.67 ;};==> listener IP Address
Listen-on-v6 port 53 {: 1 ;};==> comment out, in the DNS configuration file // represents comment
Directory "/var/named"; ==> DNS directory location
Dump-file "/var/named/data/cache_dump.db" ;==> DNS data file location
Memstatistics-file "/var/named/data/named_mem_stats.txt"; ==> DNS cache data file location
Allow-query {Any ;};==> allow connection to my IP address range. Any indicates allow all
Forwarders {202.106.0.20 ;};==> tell the target domain name
Recursion yes; ==> whether to perform iterative Query
DNSSEC-enable no; ==> comment out
DNSSEC-validation no; ==> comment out
DNSSEC-lookaside auto ;==> comment out
Zone "yunjisuan.com" in {==> indicates the region file, forward Parsing
Zone "." In {==> indicates you can click a domain name to find it.
'''
### Forward parsing record of this file
> Cd/var/named. Empty ==> record this file
> CP-P named. Empty yunjisuan.com. Zone ==> completely copy the attributes of this file
! Export image_1cqe0f9l91fnc30g1gr78sj1c7b3g.png-26.1kb] [3]
'''
$ TTL 3 H
@ In SOA yunjisuan.com. root.ns1.yunjisuan.com .(
20181022; Serial
1D; refresh
1 h; retry
1 W; expire
3 H); Minimum
NS ns1.yunjisuan.com.
NS1 A 192.168.200.67
Www a 192.168.200.2
News a 192.168.200.1
BBS cname news
* A 192.168.200.68
Configuration details
$ TTL 3 H ==> time period
Yunjisuan.com. root.ns1.yunjisuan.com. ==> the parsing file ends with a dot.
20181022; Serial ==> current date, which is also a comparison date
NS ns1.yunjisuan.com. ==> Resolution Server location
NS1 a192.168.200.66 ==> IP address of the current resolution record
Bbscnamenews ==> alias record. BBS and news are an IP address
* A192.168.200.68 ==> all other IP addresses
'''
### Check whether the Active configuration file of the DNS server is correct
> Named-checkzone yunjisuan.com. Zone ==> check if OK indicates that the verification is successful.
>/Etc/init. d/named start ==> start the DNS Service
! Export image_1cqe7ap94rsf6am11d414et11h89.png-18.8kb] [4]
### Temporary DNS Client configuration file
> Vim/etc/resolv. conf
> Nameserver 192.168.200.67 ==> temporary server configuration modification is the same as the IP address of the DNS master configuration file. Restarting the NIC is naturally overwritten by the original file.
> Ping www.yunjisuan.com ==> ping to check whether the service is correct. The card is normal because you are looking for a domain name.
> Ping ns1.yunjisuan.com ==> ping to check whether the service is correct and the card is normal,
! Export image_1cqe7u8mr1kjs1j3hfn1_hm19ne13.png-68.4kb] [5]
### Preparations
> Rpm-Qa | grep-W bind-chroot ==> two software packages must be installed.
### Reverse resolution configuration file
> Vim/etc/named. conf ==> DNS master configuration file (the main configuration file is available after the software package is installed)
'''
Options {
Listen-on port 53 {192.168.200.67 ;};
// Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
Allow-query {Any ;};
Forwarders {202.106.0.20 ;};
Recursion yes;
// DNSSEC-enable no;
// DNSSEC-validation no;
// DNSSEC-lookaside auto;
/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. Key ";
Managed-keys-directory "/var/named/dynamic ";
};
Logging {
Channel default_debug {
File "Data/named. Run ";
Severity dynamic;
};
};
Zone "2018.192.inaddr.arpa" in {
Type master;
File "192.168.200.arpa ";
};
Zone "." In {
Type hint;
File "named. ca ";
};
Include "/etc/named. rfc1912.zones ";
Include "/etc/named. Root. Key ";
Configuration details
Listen-on port 53 {192.168.200.67 ;};==> listener IP Address
Listen-on-v6 port 53 {: 1 ;};==> comment out, in the DNS configuration file // represents comment
Directory "/var/named"; ==> DNS directory location
Dump-file "/var/named/data/cache_dump.db" ;==> DNS data file location
Memstatistics-file "/var/named/data/named_mem_stats.txt"; ==> DNS cache data file location
Allow-query {Any ;};==> allow connection to my IP address range. Any indicates allow all
Forwarders {202.106.0.20 ;};==> tell the target domain name
Recursion yes; ==> whether to perform iterative Query
DNSSEC-enable no; ==> comment out
DNSSEC-validation no; ==> comment out
DNSSEC-lookaside auto ;==> comment out
Zone "200.168.192.inaddr.arpa" in {==> indicates the region file, reverse resolution
Zone "." In {==> indicates you can click a domain name to find it.
'''
### Reverse resolution record this file
> Cd/var/named. Empty ==> record this file
> CP-P named. Empty 192.168.200.arpa ==> completely copy the attributes of this file
! Export image_1cqe98cie7741r8jnka17441e971g.png-25.6kb] [6]
'''
$ TTL 3 H
@ In SOA yunjisuan.com. root.ns1.yunjisuan.com .(
20181022; Serial
1D; refresh
1 h; retry
1 W; expire
3 H); Minimum
NS ns1.yunjisuan.com.
2 PTR www.yunjisuan.com.
67 PTR ns1.yunjisuan.com.
Configuration details
$ TTL 3 H ==> time period
Yunjisuan.com. root.ns1.yunjisuan.com. (==> the parsing file ends with a dot.
20181022; Serial ==> current date, which is also a comparison date
NS ns1.yunjisuan.com. ==> Resolution Server location
PTR www.yunjisuan.com. ==> domain name of a known IP address, reverse PTR resolution
'''
### DNS reverse resolution client temporary configuration file
> Yum-y install bind-utils ==> the NSLookup command is available after the software package is installed.
> Which NSLookup
> Vim/etc/resolv. conf
> Nameserver 192.168.200.67 ==> temporary server configuration modification is the same as the IP address of the DNS master configuration file. Restarting the NIC is naturally overwritten by the original file.
> NSLookup www.yunjisuan.com ==> reverse resolution to track hacker locations
> NSLookup ns1.yunjisuan.com
> NSLookup 192.168.200.67
! Export image_1cqe9ov3l17ndf5b1vpi1akq1c312a.png-62.3kb] [7]
[2]: http://static.zybuluo.com/linyaonie/qi0por8nq4lhn7kvh31yml50/image_1cqe0hh2g1b79u7i16frcsd9b13t.png
[3]: http://static.zybuluo.com/linyaonie/6mkt4hd862j0xlpgwegytmre/image_1cqe0f9l91fnc30g1gr78sj1c7b3g.png
[4]: http://static.zybuluo.com/linyaonie/52ew63ggmj0hkdllkr5lfdfc/image_1cqe7ap94rsf6am11d414et11h89.png
[5]: http://static.zybuluo.com/linyaonie/14iw7e8qj30o7aixu3ehw1j9/image_1cqe7u8mr1kjs1j3hfn415hm19ne13.png
[6]: http://static.zybuluo.com/linyaonie/emo94wonsu06kdbvla9wuttt/image_1cqe98cie7741r8jnka17441e971g.png
[7]: http://static.zybuluo.com/linyaonie/u7hg3hrg7kl0krhix2zlfv79/image_1cqe9ov3l17ndf5b1vpi1akq1c312a.png
DNS service.