What is the nature of DNS?
Domain Name System = DNS (domain name systems) is actually a database, is a distributed database for TCP/IP programs, and is also an important network protocol. DNS stores information about IP addresses and corresponding hosts in the network, message routing information, and other network applications, and the user queries the DNS for information by asking the solution library (the solution library sends an inquiry and explains the DNS response).
What is the role of DNS?
DNS is the application layer protocol in the network hierarchy, in fact, he is working for other application layer protocol, simply say that the domain name, or the host name into an IP address (also provide reverse Domain name query function), similar to the dictionary, such as Access www.baidu.com, the actual access is its IP address, because the machine recognizes the fixed format and the meaning of the IP address, and the domain name can be strange, even Chinese, is not conducive to identification. There are, for example, the internal domain authentication, through the assigned to the employee's domain account login intranet must be through DNS to find the domain name rights server, to authenticate identity, so some books said: "DNS is an indispensable thing in the internet world."
Why is the domain Name System, what is the domain name?
People and people want to identify and remember each other, need name as an aid, and for the network world, in the Internet also need a naming system to do similar things, the system uses the domain to divide, any network hosts (or routers) have a unique domain name (similar country code), Domains can continue to be divided into sub-domains (like each country has a different province code), subdomains can continue to divide (each province has its own code for each city) ... The corresponding in the Internet is the top-level domain name (com,net,cn,org, etc.), level two domain name ... Note that this is just a logical division. These domain name systems form a tree structure in form.
Eg:www.baidu.com
| |
Level two domain name first-level domain
The name (also called marking) composition can only be English or digital, the current Chinese support, the length of not more than 63 characters, a total full domain name of not more than 255 characters, the English domain name is not case-sensitive, from right to left, the domain name level is reduced in turn. WWW is the World Wide Web and does not belong to a domain.
DNS Caching
The cache is used in DNS because the domain-to-address mapping is not constant, so for efficiency, the host downloads all of the name and address data from the local server at startup, maintains the cache of its most recently used domain name, and uses the root name server to initiate queries only when the name is not found in the cache. In practice, when a DNS server receives a DNS response, it caches its information for a period of time, and when there is another query for the same domain name, it can respond directly. With DNS caching, most queries require only the local DNS server to complete the resolution.
DNS Cache pollution
When the local domain name server receives the DNS request, looks for the DNS cache first, if the cache hits directly returns the result, if the hacker hacked into the router, has made the change to some domain name's cache, for example the cache result points to the non-descriptive page, then causes the user's normal request to be transferred ... At this point you can clear all levels of caching (browser, system, router, DNS cache). Seemingly unavoidable, can only be increased security awareness, even if the use of HTTPS is not possible, because the DNS resolution process occurs before the HTTPS request interaction.
Reverse domain name lookup and spam filtering
IP reverse resolution is mainly applied to the mail server to block spam, such as [email protected] to the mailbox [e-mail protected] sent a letter. QQ Mail server will view the letterhead file, the letterhead file shows which IP address the letter is issued, and then reverse the IP address resolution, such as the reverse resolution to the IP corresponding domain name is xxx.com (not blacklisted) then accept, otherwise refused.
One: Master-slave DNS configuration
1: Close Firewall
2: Installation
Yum Search DNS
Yum Install-y bind.x86_64
3: Start the service
Systemctl Restart named # #在启动过程需要在敲键盘, random input character start
1: Edit File
Vim/etc/named.conf
~~~~~~~~~
options { listen-on port 53 { any; }; # #回环接口, any means that the inside can open the opening listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; # #外部访问也可以打开端口 forwarders { 114.114.114.114; }; # #主dns服务器
~~~~~~~~~
Systemctl Restart named
2: Test
Another device, set its DNS resolution to install the BIND software IP
[Email protected] ~]# vim/etc/resolv.conf
NameServer 172.25.254.119
[Email protected] ~]# dig www.baidu.com; <<>> DiG 9.9.4-redhat-9.9.4-14.el7 <<>> www.baidu.com; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:17708; Flags:qr Rd RA; Query:1, Answer:3, authority:13, additional:27; OPT pseudosection:; edns:version:0, Flags:; udp:4096;; QUESTION section:;www.baidu.com. in A;; ANSWER section:
Local DNS server configuration
Vim/etc/named.conf
~~~~~~~~~
Options {listen-on port + any;}; # #回环接口, any means the inside can open port Listen-on-v6 port 53 {:: 1;}; Directory "/var/named"; Dump-file "/var/named/data/cache_dump.db"; Statistics-file "/var/named/data/named_stats.txt"; Memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {any;}; # #外部访问也可以打开端口
~~~~~~~~~
Edit the Vim/etc/named.rfc1912.zones file based on the last two lines of/etc/named.conf
2) [email protected] named]# Vim/etc/named.rfc1912.zones
Zone "Zpy.com" in {# #zpy. com as a domain type master; File "Zpy.com.zone"; # #文件名称 Allow-update {none;};};
(3) [Email protected] named]# cd/var/named/
Cp-p Named.loopback Zpy.com.zone
[Email protected] named]# vim Zpy.com.zone
$TTL 1d@ in soa dns.zpy.com. root.zpy.com. ( # #一定要加 . is responsible for the system automatically zpy.com here represents zpy.com 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum ns dns.zpy.com.dns a 172.25.254.123 # #dns ip Address www A 1.1.1.1news A 1.1.1.2
(4) Systemctl restart named
Dig www.zpy.com
DNS Reverse Proxy
That is, enter the IP isolated domain name
(1) [Email protected] named]# Vim/etc/named.rfc1912.zones
~~~~~~~
Zone "20.20.172.in-addr.arpa" in {# #表示ip为172.20.20 Network segment IP type master; File "Zpy.com.ptr"; # #文件名称 zpy.com.ptr allow-update {none;};};
(2) cp-p named.loopback zpy.com.ptr # #一定要加-P means also copy permissions, responsible for problems
[Email protected] named]# Vim Zpy.com.ptr # #编辑文件
$TTL 1d@ in soa dns.zpy.com. root.zpy.com. ( 0 ; serial 1d ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.zpy.com.dns A 172.25.254.1231 ptr bbs.zpy.com.
(3) Systemctl restart named
Another host
Dig-x 172.20.20.1 # #反向解析一定要加-X
Specify a user-specified resolution configuration
When you want to give different users different DNS resolution
Problem: Need to give 172.25.254.19 DNS for parsing within Zpy.com.zone. to other users other resolution, how to set?
1) New zpy.com.inter domain, write parsing
[Email protected] named]# cp-p zpy.com.zone zpy.com.inter
[[email protected] named] #vim zpy.com.inter
$TTL 1d@ in soa dns.zpy.com. root.zpy.com. ( 0 ; serial 1d ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.zpy.com.bbs CNAME www.zpy.com.dns A 172.25.254.123www A 2.2.2.2news A 2.2.2.3
[[email protected] named]# cat Zpy.com.zone
$TTL 1D@ IN SOA dns.zpy.com. root.zpy.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3h ) ; minimum ns dns.zpy.com.bbs Cname www.zpy.com.dns a 172.25.254.123 www A 1.1.1.1news a 1.1.1.2
Remember that the DNS resolution domain name for the above two domains corresponds to the IP
(2) [[email protected] named]# Cp/etc/named.rfc1912.zones/etc/named.rfc1913.zones
[Email protected] named]# Vim/etc/named.rfc1913.zones
Zone "zpy.com" in {type Master; File "Zpy.com.inter"; # #更改地址为zpy. Com.inter
(3) [Email protected] named]# vim/etc/named.conf
/*zone "." IN { type hint; file "named.ca";}; include "/etc/named.rfc1912.zones";include "/etc/named.root.key"; # #注释掉之前只访问/etc/ Named.rfc1912.zones's Code */view loacluser { # #此处名字任意 match-clients { 172.25.254.19; }; # #仅允许172.25.254.19 Visit zone "." IN{ type hint; file "named.ca";}; include "/ETC/NAMED.RFc1912.zones "; # #下一步操作为访问此文件};view otheruser { match-clients { any; }; # #允许所有人访问 the file field under/etc/named.rfc1913.zones zone "." IN{ type hint; file "named.ca"; };include "/etc/named.rfc1913.zones";};
(4) Restart service test
systemctl Restart named
Any IP access to the domain contained within/etc/named.rfc1913.zones
[[email Protected] ~]# dig www.zpy.com
; <<>> dig 9.9.4-redhat-9.9.4-14.el7 <<>> www.zpy.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64146;; flags: qr aa rd ra; query: 1, answer: 1, authority: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.zpy.com. IN A;; ANSWER SECTION:www.zpy.com. 86400 IN A 2.2.2.2;; AUTHORITY SECTION:zpy.com. 86400 IN NS dns.zpy.com.;; additional section:dns.zpy.com. 86400 IN A 172.25.254.123;; Query time: 0 msec;; server: 172.25.254.123#53 (172.25.254.123); WHEN: Wed Aug 09 01:10:24 EDT 2017;; MSG SIZE rcvd: 90172.25.254.19 access to the domains contained within the/etc/named.rfc1912.zones
This article from the "12462896" blog, reproduced please contact the author!
DNS of Linux servers