DNS service and BIND application for Linux

The DNS service on Linux is provided by the BIND program.

So in order to build a DNS server, you need to install the BIND program.

Install bind

Bind file

Master configuration file:/etc/named.conf It contains other files

View other files for bind

which

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

These three modules are three important modules of the main configuration file

Parse the library file:

under the/var/named/directory

Note:1. A DNS server can provide resolution for multiple zones at the same time

2. Must have root zone Parse library file:name.ca

3. There should also be two zone parsing files:localhost and 127.0.0.1 forward parsing

Named.localhost forward parsing file

Reverse parsing of Named.loopback

Master configuration file format

Global Configuration Segment

In the configuration file, the system is only monitored on 127.0.0.1 by default.

Now modify the following configuration file

You must have a space before and after adding an IP address

Default security settings are turned off first

The default is to allow only your own query, Allow-query comments out, you can allow all hosts to query

Log configuration section

Zone Configuration Segment

These two files are auxiliary files, the zone configuration section in the main configuration file is not modified, and all the changes are modified in the/etc/named.rfc1912.zones file.

Check the configuration file for syntax errors

Rndc:remote Name Domain controller

This is a remote control feature and is not recommended for use in unsafe environments.

953/tcp Port. The default is to listen only 127.0.0.1

Start bind

Viewing the Listening port status

TCP port 53 is used for transmitting zone information, and UDP port 53rd is used to listen for client requests.

Application detection

1, now the DNS server itself as its own DNS resolver

2. View Iptables-l-N to determine firewall shutdown

Systemctl Stop Firewalld

Systemctl Disable Firewalld.service

3. Introduction of testing tools

Dig

-B Specify the source IP address

This command is used to test the DNS system, does not query the Hosts file, and does not use the/etc/resolve.conf file if @server is added

-X for reverse parsing

Query options

+[no]trace: Trace parsing process

+[no]reurse: Recursive parsing

Specify to make queries on 61.139.2.69

Host

Specify to parse by 61.139.2.69

Resolved through its own root server.

Nslookup

It's an interactive command.

The direction prompt is followed by commands that need to be entered

RNDC Remote DNS server control commands, try not to use

RNDC Flush updates the local DNS cache

DNS service and BIND application for Linux