Easily build your own DNS server in Linux

Source: Internet
Author: User
Tags mx record nameserver nslookup nslookup command
Users who frequently access the Internet may often go to large websites such as Sina and Sohu. They only need to enter their URLs in the browser to access the website. It seems very simple, but technically speaking, but it contains a complicated process: when accessing a webpage, first enter the website domain name in the browser, then, the browser converts the entered website domain name to the corresponding IP address based on the settings of the local DNS server, and then requests data from the server corresponding to the IP address, finally, the requested data is displayed in the browser. The most important part of this process is the conversion from the domain name to the IP address,

Users who frequently access the Internet may often go to large websites such as Sina and Sohu. They only need to enter their URLs in the browser to access the website. It seems very simple, but technically speaking, but it contains a complicated process: when accessing a webpage, first enter the website domain name in the browser, then, the browser converts the entered website domain name to the corresponding IP address based on the settings of the local DNS server, and then requests data from the server corresponding to the IP address, finally, the requested data is displayed in the browser. The most important part of this process is the translation from the domain name to the IP address, which is achieved by the DNS server.

1. DNS Overview
DNS is short for Domain Name System, that is, the Domain Name System. The main function of the DNS service is to convert the Domain Name to the corresponding IP address. The System that provides the DNS service is the DNS server.
There are three types of DNS servers: Master DNS, Slave DNS, and Cache-only server ).
Master DNS, which provides dns services and contains regional data files.
Slave DNS provides dns service together with the Master. When the configuration information on the Master server is modified, it is automatically updated to the Slave server for synchronization.
The Cache-only server does not have its own regional data file. It only helps the client to request external dns for query and then saves the query results to its Cache.
In linux, DNS functions are implemented through the bind software. Almost every linux release comes with this DNS service software, the following describes how to install, configure, and use the DNS service.

Ii. DNS Service Establishment
Here we will describe the environment as follows:
Operating System: Red Hat Enterprise Linux Server release 5
Bind Software Version: bind-9.3.4

1. Install bind Software
Bind-utils, bind-chroot, ypbind, bind-libs, and caching-nameserver software packages that support bind must be installed in Rhel5. Check whether the bind software is correctly installed. Run the following command:
[Root @ localhost ~] # Rpm-qa | grep bind
Bind-libs-9.3.4-6.0.2.P1.el5_2
Bind-utils-9.3.4-6.0.2.P1.el5_2
Bind-chroot-9.3.4-6.0.2.P1.el5_2
Ypbind-1.19-8.el5
Bind-9.3.4-6.0.2.P1.el5_2
[Root @ localhost ~] # Rpm-qa | grep caching-nameserver
Caching-nameserver-9.3.4-6.0.2.P1.el5_2
The above software packages can be found from the system installation CD. If some packages are not installed or are missing, install them by using rpm.
If your system supports automatic yum upgrade, you only need to execute the following command to automatically complete the installation:
[Root @ localhost ~] # Yum install bind caching-nameserver

2. Configure the DNS Service
The Bind software uses the chroot Technology in rhel 5, which is different from the configurations in other linux versions. For example, the core configuration file named of the DNS service does not exist. the path of the conf file and the data files in any region is also different from that of other versions. However, this does not affect our DNS configuration. The following describes the bind installation directory structure under rhel5.
After the Bind is installed, the main program directory is/var/named by default, because the bind under rhel5 is not named by default after installation. conf file, and we have installed the caching-nameserver package on it. This package provides the bind initialization template file under rhel5, therefore,/var/named/chroot/etc is the core configuration file directory of DNS, the/var/named/chroot/var/named directory is the built-in regional data file and the location of the self-built regional data file.
(1) Detailed description of the named. conf file
Here we construct the named. conf file through the initialization template file provided by the system to bind.
[Root @ localhost ~] # Cd/var/named/chroot/etc
[Root @ localhost etc] # cp named. rfc1912.zones named. conf
[Root @ localhost etc] # chown root: named. conf
Here, the main configuration file named. conf is constructed by copying the named. rfc1912.zones file. Set the permission of named. conf to root: named. Note that this authorization is very important, otherwise DNS will not work properly.
[Root @ localhost ~] # Vi/var/named/chroot/etc/named. conf
// Named. rfc1912.zones:
// Provided by Red Hat caching-nameserver package
// Isc bind named zone configuration for zones recommended
// RFC 1912 section 4.1: localhost TLDs and address zones
// See/usr/share/doc/bind */sample/for example named configuration files.
In the named. conf configuration file, "//" and "/**/" are used for comments.
Options {
Directory "/var/named ";
};
The above section defines some environmental settings that affect the entire DNS server through the OPTIONS option. The directory option specifies that named reads DNS data files from the/var/named directory, you can specify and create this directory. All DNS data files are stored in this directory.
Zone "linuxidc.net" IN {
Type master;
File "linuxidc.net ";
Allow-update {none ;};
};
The preceding settings use the zone keyword to define a forward domain area. The corresponding domain names are linuxidc.net, and a zone keyword defines a domain area. There are three types of type: master, slave, and hint. Their meanings are as follows:
Master: defines the Primary Domain Name Server.
Slave: defines the secondary Domain Name Server.
Hint: indicates the root domain name server in the Internet.
File is used to specify the file for storing DNS records. allow-update defines whether to allow the client host or server to update DNS records on its own. The forward region specified above cannot be used to update DNS records.
Zone "60.168.192.in-addr. arpa" IN {
Type master;
File "60.168.192.zone ";
Allow-update {none ;};
};
The above section defines a reverse area with the IP address 192.168.60.
(2) region Data File Settings
In the/var/named/chroot/var/named directory, we define the data files in the specified regions.
[Root @ localhost ~] # Cd/var/named/chroot/var/named
[Root @ localhost named] # cp localhost. zone linuxidc.net
[Root @ localhost named] # cp named. local 60.168.192.zone
[Root @ localhost named] # chown root: named linuxidc.net 60.168.192.zone
Next we will analyze the format and meaning of the forward region data file, mainly looking at the set linuxidc.net region data file:
[Root @ localhost named] # more/var/named/chroot/var/named/linuxidc.net
$ TTL 86400
@ In soa ns.linuxidc.net. root.linuxidc.net .(
42; serial (d. adams)
3 H; refresh
15 M; retry
1 W; expiry
1D); minimum
In ns ns.linuxidc.net.
In mx 10 mail
In a 192.168.60.htm
Ns in a 192.168.60.htm
Www in a 192.168.60.135
Mail in a 192.168.60.136
Linux in cname www
 

It can be seen that the content of the region data file is very simple.
The first line is a TTL setting, which defines the default TTL value of each record in the region data file as 86400 seconds. If this line is missing, it will not affect usage, but a warning will appear.
The second line is the setting of an SOA record. "@" represents the corresponding domain name, that is, in named. the zone set IN conf, for example, linuxidc.net, and IN indicates that the subsequent data uses INTERNET standards. SOA stands for "Start Of Authority", indicating that the current regional authorization starts. Each region data file can have only one SOA, which cannot be repeated and must be the first "record" in the zone in charge ". The authorization host name and administrator mailbox for this region are specified after SOA. Note that the authorization host name and administrator mailbox must be followed by a ". ", and the authorized host name must be able to locate A record in DNS settings (as described below), because" @ "has other meanings in the region data file, therefore, ". replace the "@" symbol.
The five groups of numbers contained in the arc are set to synchronize information with the slave server. The meanings are as follows:
Serial: indicates the version of the configuration file, in the format of year, month, and day. This number should be modified each time the configuration file is modified, because slave DNS performs information synchronization, the value is compared. If the value is greater than its own value, it is updated. Otherwise, the update is ignored. Note: This setting is very important. If you have not updated this value after modifying the region data file, the changes will not be updated to other DNS servers on the Internet.
Refresh: used to set the interval between slave DNS and Master DNS.
Retry: If slave DNS fails to update, it will take several minutes to retry.
Expiry: Specifies how long the slave DNS will clear the corresponding records after the synchronization fails with the Master DNS.
Minimum: This is the default Minimum TTL value. If the TTL value is not specified before, it is taken as the benchmark.
The preceding numbers are in seconds, but they can also be measured in H (hour), D (day), and W (week.
Lines 8th to 14 indicate the specific settings for domain name resolution. The first column indicates different host domain names, but the domain information is omitted. For example, "www" is actually www.linuxidc.net, and "mail" refers to mail.linuxidc.net. Others have the same meaning. The instructions after "IN" are described as follows:
NS: This host is a Domain Name Server.
MX: defines a mail exchanger.
A pointer: defines A record from the domain name to the IP address.
CNAME: defines the alias of the domain name.
From the above example, we first define an NS (name server) as ns.linuxidc.net, then define A mail exchanger with A switching priority of 10, and then define four A records, different domain names direct to different IP addresses. Finally, a www alias is defined, that is, access to linux.linuxidc.net is the same as access to www.linuxidc.net.
Next, we will analyze the meanings of the various options in the reverse region data file 60.168.192.zone:
[Root @ localhost named] # more/var/named/chroot/var/named/60.168.192.zone
$ TTL 86400
60.168.192.in-addr. arpa. in soa ns.linuxidc.net. root.linuxidc.net .(
1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
In ns ns.linuxidc.net
136 in ptr mail.linuxidc.net.
135 in ptr www.linuxidc.net.
It can be seen that the basic structure is exactly the same as the data file in the forward region, but there is an additional PTR option. PTR is used to define a reverse record, that is, the corresponding domain name information can be found through the IP address. The first column of the last two rows indicates the Host IP address, but the network address is omitted. For example, the IP address of 136 is 192.168.60.136. Similarly, the IP address of 135 is 192.168.60.135.
Now, the DNS file configuration has been completed. From the DNS configuration process, we can see that the DNS configuration file has strict format requirements. If the setting statement starts with the Space key or the tab key, the setting is considered as a "record item". If the setting statement does not start with a space key or a Tab key, it is not in the ARC specified by SOA, this statement defines a new "record item ". Therefore, be careful when modifying the configuration file.

3. Test DNS Configuration
After all the configurations of the DNS file are completed, restart the service to make the configuration take effect. Run the following command to restart the DNS Service:
[Root @ localhost named] #/etc/init. d/named restart
Next we will use the nslookup command to test the DNS resolution.
[Root @ localhost ~] # Nslookup
The DNS server is specified as the local server, because we perform a test on the local DNS Server:
> Server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1 #53
The following is the resolution of the test A record:
> Www.linuxidc.net
Server: 127.0.0.1
Address: 127.0.0.1 #53
Name: www.linuxidc.net
Address: 192.168.60.135
> Mail.linuxidc.net
Server: 127.0.0.1
Address: 127.0.0.1 #53
Name: mail.linuxidc.net
Address: 192.168.60.136
The following shows how to test the resolution of CMANE records:
> Linux.linuxidc.net
Server: 127.0.0.1
Address: 127.0.0.1 #53
Linux.linuxidc.net canonical name = www.linuxidc.net.
Name: www.linuxidc.net
Address: 192.168.60.135
The following is a test of MX record parsing:
> Set type = mx
> Linuxidc.net
Server: 127.0.0.1
Address: 127.0.0.1 #53
Linuxidc.net mail exchanger = 10 mail.linuxidc.net.
The following is a test of PTR Record Parsing:
> Set type = PTR
> 192.168.60.135
Server: 127.0.0.1
Address: 127.0.0.1 #53
135.60.168.192.in-addr. arpa name = www.linuxidc.net.
> 192.168.60.136
Server: 127.0.0.1
Address: 127.0.0.1 #53
136.60.168.192.in-addr. arpa name = mail.linuxidc.net.
The following shows the NS Record Parsing test:
> Set type = ns
> Linuxidc.net
Server: 127.0.0.1
Address: 127.0.0.1 #53
Linuxidc.net nameserver = ns.linuxidc.net.
From the above output, we can see that DNS can be correctly resolved, indicating that the above configuration is correct and the DNS server is ready to work.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.