[Linux Learning] DNS Foundation

This is the time to learn some Linux when the content of the record, recently in the writing of the training materials, and turned out familiar with the past, because it was recorded in the book, there is no time to organize, now just take this opportunity to reorganize.

Dns

BIND is open source software This enables you to publish your Domain Name System (DNS) information on the Internet, and to Resolve DNS queries for your users. The name BIND stands for "Berkeley Internet name Domain", because the software originated in the early 1980s at the Univer Sity of California at Berkeley.

BIND is by far the most widely used DNS software on the Internet, providing a robust and stable platform on top of which O Rganizations can build distributed computing systems with the knowledge that those systems is fully compliant with Publis Hed DNS standards.

1. Introduction to DNS
   Domain Name services, domains name Service
   Domain Name: abc.com
   FQDN: Full qulified domain name fully qualified domains

With the name of the host name and domain name. (by symbol ".") ）
Www.abc.com (FQDN, host name)
The fully qualified domain name can logically accurately represent where the host is, or it can be said that the full domain name is a complete representation of the host name.
From the information contained in the fully qualified domain name, you can see the location of the host in the domain tree.

DNS resolution process:
(1) First find the native hosts table, some directly use the table to define
(2) If not in the Hosts file, locate the DNS server specified in the native configuration, and the IP address is resolved by the DNS server.

hosts: Early when the host joined the Internet less, so with the file to record all the domain name resolution. Each Internet host maintains a hosts file to record the IP addresses of these domain names on the Internet, in the following form:
IPAddr FQDN Alias
172.16.0.1 www.abc.com www

With the expansion of the Internet, there is a need for an organization to manage the correspondence between these domain names and IP addresses, the organization called the IANA.

IANA (The Internet Assigned Numbers Authority, the Internet Digital Distribution Agency) is responsible for coordinating some of the organizations that make the Internet work properly.

All IANA tasks can be broadly divided into three types:
First, the domain name. The IANA manages DNS domain name roots and. int,.arpa domain names, as well as IDN (Internationalized Domain name) resources.
Second, digital resources. The IANA coordinates the global IP and as (autonomous system) numbers and provides them to the regional Internet registries.
Third, the agreement allocation. The IANA manages the protocol numbering system together with the standardization organizations.
The IANA is one of the world's first internet agencies, dating back 1970 years.
Today, IANA is in charge of the non-profit organization responsible for coordinating the IANA responsibility, ICANN(Internet Corporation for Assigned Names and Numbers, Internet name and digital address allocation agency).

DNS Development history:
1) Periodic tasks, update their hosts file. Each Internet host maintains its own hosts file, and the IANA maintains all of the Internet's domain names, and these hosts update their hosts by creating periodic tasks to download files to the IANA server.
2) IANA creates a server that responds to client requests with a server. But as the internet grew, the number of visits was increasing, causing the IANA servers to be overwhelmed.
3) IANA distributed database. The administrative rights are fragmented, and the large areas are divided into small areas, which are authorized progressively.
such as China, Shanghai, Xuhui, West Zhongshan Road, No. 2240, Netcraft

Classification of domain names:
TLD: Top Level domain
Organizational domain:. com. org. net. cc
Country domain:. CN. IQ. JP. uk
Reverse Domain: IP-->FQDN

How DNS is queried:
Recursion: Results from a single query

A <- -> B (B问C结果） <- -> CA -> B -> C -> B -> A

Iterations: Multiple queries to get results

A -> B---告诉A，C知道结果---B -> A     A -> C -> A

DNS Query principle:
Root server. No recursion for anyone.
DNS queries on the Internet are two-paragraph:
1) for the client, the query is recursive;
2) for the NS cache server, the query process is iterative.

The father of China's firewall: Professor Bupt, Fang Binxing
May 19, 2011, students throw shoes at Wuhan University lectures.

NetEase News: The March 2013 democracy XXX announced the lifting of the world's most popular social networking site, Facebook, currently only 4 countries in the world still have a blockade of Facebook, they are North Korea, , Iran, and "other countries."

There are now 13 DNS servers in the world:
A.root-server.net
......
M.root-server.net

Query root server results using the dig command:

-userdemacbook-air:~ user$ dig; <<>> DiG 9.9.7-p3 <<>>;; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:16139; Flags:qr Rd RA; Query:1, Answer:13, authority:0, additional:27; OPT pseudosection:; edns:version:0, Flags:; udp:4096;;              QUESTION section:;. In NS;           ANSWER section:.           97216 in NS k.root-servers.net.           97216 in NS e.root-servers.net.           97216 in NS a.root-servers.net.           97216 in NS f.root-servers.net.           97216 in NS m.root-servers.net.           97216 in NS l.root-servers.net.           97216 in NS c.root-servers.net.           97216 in NS h.root-servers.net.           97216 in NS b.root-servers.net.           97216 in NS i.root-servers.net.           97216 in NS g.root-servers.net.           97216 in NS j.root-servers.net. 97216 in NS d.root-servers.net.; ADDITIONAL SECTion:i.root-servers.net. 361857 in A 192.36.148.17i.root-servers.net. 361857 in AAAA 2001:7fe::53d.root-servers.net. 361857 in A 199.7.91.13d.root-servers.net. 361857 in AAAA 2001:500:2d::d e.root-servers.net. 361857 in A 192.203.230.10e.root-servers.net. 361857 in AAAA 2001:500:a8::ec.root-servers.net. 361857 in A 192.33.4.12c.root-servers.net. 361857 in AAAA 2001:500:2::ck.root-servers.net. 361857 in A 193.0.14.129k.root-servers.net. 361857 in AAAA 2001:7fd::1g.root-servers.net. 361857 in A 192.112.36.4g.root-servers.net.     361857 in AAAA 2001:500:12::d 0dj.root-servers.net.     361857 in A 192.58.128.30j.root-servers.net. 361857 in AAAA 2001:503:c27::2:30a.root-servers.net. 361857 in A 198.41.0.4a.root-servers.net.     361857 in AAAA 2001:503:ba3e::2:30l.root-servers.net.     361857 in A 199.7.83.42l.root-servers.net. 361857 in AAAA 2001:500:9f::42b.root-servers.net. 361857 in A 199.9.14.201b.root-sErvers.net. 361857 in AAAA 2001:500:200::bf.root-servers.net.     361857 in A 192.5.5.241f.root-servers.net. 361857 in AAAA 2001:500:2f::fm.root-servers.net. 361857 in A 202.12.27.33m.root-servers.net. 361857 in AAAA 2001:dc3::35h.root-servers.net. 361857 in A 198.97.190.53h.root-servers.net. 361857 in AAAA 2001:500:1::53; Query Time:3 msec;; server:192.168.1.62#53 (192.168.1.62); when:wed Mar 10:59:59 CST 2018;; MSG SIZE rcvd:811

Common types of DNS servers:
Primary DNS server: Data modification
Secondary DNS server: Request data synchronization
Serial Number: version, maximum 10 bits
Refresh: Check interval
Retry: Retry Time
Expire: Expiration Time (judging if the DNS master server is not hanging)
Nagative answer TTL: TTL value for negative answer
Caching DNS servers
Transponder
Rr:resource record, resource records, each entry in the DNS database is referred to as a resource record.
Format of the resource record:

NAME        [TTL]       IN      RRT         VALUE    www.abc.com         IN      A       1.1.1.1        1.1.1.1                 IN      PTR     www.abc.com

Resource record Type:
1) a record (address): FQDN--IPv4, can only be defined in a forward file.
2) Aaaa:fqdn-IPV6, can only be defined in the forward file.
3) PTR (pointer): FQDN with IP, can only define pointer in reverse record
4) NS (name Server): ZONE Name, FQDN, can be defined in forward and reverse files.

abc.com.    600     IN  NS  ns.abc.com.ns.abc.com. 600     IN  A   1.1.1.2

5) MX (Mail Exchange): ZONE NAME, FQDN, can only be defined in a forward file.

abc.com.            IN  MX  10      mail.abc.com.    mail.abc.com.  600  IN  A           1.1.1.3

10表示优先级，0-99，数字越小级别越高

6) The start of the SOA (start of authority) authorization record must be the first record.

ZONE NAME   TTL     IN      SOA     FQDN    admin‘s mailbox(                            Serial number:                            refresh                            retry                            expire                            na ttl )

可以写成一行，使用空格隔开。时间单位：M 分钟，H 小时，D 天， W 周，默认是秒。邮箱格式：[email protected] 应该写成 admin.abc.com@有特殊意思：自引用，在named.conf中表示定义的zone名称。

Example:

abc.com     600     IN  SOA   ns1.abc.com   admin.abc.com (                                    2018080801                                    1H                                    5M                                    1W                                    1D )

7) Cnam:fqdn, FQDN (Canonical NAME) alias record
Www2.abc.com in CNAME www.abc.com
8) Txt,chaos,srv

[Linux Learning] DNS Foundation