Create a DNS server on Linux

Source: Internet
Author: User
Tags domain name server mx record nameserver nslookup nslookup tool reverse dns to domain
Create a DNS server on Linux-Linux Enterprise Application-Linux server application information. For more information, see. I. Assumptions
Many DNS articles start with the DNS principle. From the perspective of my use, I will provide some simple and practical application instances for Linux administrators.

The following assumes that we need to build a corporate network DNS master server. The application conditions are as follows:

(1) A Class c cidr block address (in this example, it is assumed to be 192.22.33)

(2) The Enterprise Domain Name Is my.com and has been registered (Master Domain Name Server address 192.22.33.20, host name is linux.my.com)

(3) connect a CEN instance to the Internet through a vro

If your application environment is different from the above conditions, please refer to it. This article will fix the following situations based on the above examples:

(1) multiple network segments

(2) closed Intranets

(3) access to a local public network only (for example, 169 or Shanghai hotline)

Ii. named,/etc/named. boot, and ndc
The main body of the DNS server is the Domain Name Server process named. After the named is started, it provides the domain name resolution service to the DNS Client and converts the domain name to an IP address.

When named is started, an initialization file needs to be read. The default value is/etc/named. boot, so/etc/named. boot is the basic configuration file of named.

Although named can be directly executed when it is started, we can use ndc, a tool for controlling named in Linux. Ndc can be used to start, stop, restart, refresh DNS data, output DNS data, and other debugging functions. I recommend that you use this tool to debug the DNS server.

For detailed usage of ndc, see the Linux documentation.

3. Create the named configuration file/etc/named. boot
/Etc/named. boot is a basic configuration file, but it does not contain any DNS data. For our previous assumptions, we first create the following/etc/named. boot:

;
; Boot file for name server
;
Directory/var/named

Primary my.com db. my
Primary 0.0.127.IN-ADDR. ARPA db.127.0.0
Primary 33.22.192.IN-ADDR. ARPA db.192.22.33
Cache. db. cache
The Rows starting with ";" are comments, and the meanings of other rows are

(1) diretables/var/named

Specify named to read DNS data files from the/var/named directory. You can specify and create this directory. All DNS data files are stored in this directory.

(2) primary my.com db. my

Specify the named as the primary domain name server for the my.com domain. The db. my file contains all domain name conversion data in the form of * .my.com.

(3) primary 0.0.127.IN-ADDR. ARPA db.127.0.0 specifies the named as the master server for IP address translation of 127.0.0. The db.127.0.0 file contains the conversion data from address in the format of 127.0.0. * to domain name. (The 127.0.0 CIDR block address is the internal loopback address of the LAN interface)

(4) primary 33.22.192.IN-ADDR. ARPA db.192.22.33 specifies the named as the master server for network segment address conversion. The db.192.22.33 file contains all address-to-domain conversion data in the form of 192.22.33.

(5) cache. db. cache

Specify named from db. to obtain the top-level "root" server address of the Internet in the cache file, note that the network segment address in line (3) (4) is inverted. In addition, the file names can also be determined by yourself.

4. create various DNS data files
Next, create various DNS data files according to the definition in/etc/named. boot.

(1) create a forward domain name conversion data file db. my

According to the definition of/etc/named. boot, we create db. my in the/var/named Directory, which should include all host nodes in the my.com domain. However, for the convenience of debugging, it is recommended that data of several nodes be put into the file at the beginning, and the data of other nodes be added after the named works properly. The following is an example of db. my:

@ In soa linux.my.com. root.linux.my.com .(
199511301; serial, todays date + todays serial #
28800; refresh, seconds
7200; retry, seconds
3600000; expire, seconds
86400); minimum, seconds
NS linux.my.com.
MX 10 support.my.com.

Localhost A 127.0.0.1
Linux A 192.22.33.20
Support2 A 192.22.33.102
Hp712 A 192.22.33.160
Support A 192.22.33.100
Mail MX 10 support.my.com.
MX 20 support2.my.com.
Www CNAME hp712.my.com.
Ftp CNAME hp712.my.com.
Ns CNAME linux.my.com.
The first line is the SOA record, which defines the basic information of domain name data, which is the DNS server name and DNS administrator email address in sequence. The first digit in the brackets is the file version number, this number must be changed each time the content of this file is modified. The remaining numbers are related to direct data exchange on the DNS server. We do not need to change them here.

There is an NS record and an MX record behind the brackets that define the name of the mail server corresponding to the Domain Name Server's own domain name and the username@my.com form email address.

Below are various domain name/address conversion data, in which the record is a dns domain name to IP address record, is required, take hp712.my.com as an example, in the record, the domain my.com is omitted, it is written as hp712 only, and named will be processed according to named. my.com is automatically added to the definition in boot, and its corresponding IP address is 192.22.33.160.

Another record is an MX record. MX is the mail address conversion record, which defines in this example to convert the mail address of the username@mail.my.com to a username@support.my.com or username@support2.my.com, that is, the actual mail server is support.my.com and support2.my.com, among them, the priority of support.my.com is 10, and that of support2.my.com is 20. Therefore, emails are usually sent to the host support.my.com with a small priority.

Some other CNAME records are provided for convenience. CNAME defines some host aliases. For example, we use hp712.my.com as the company's www and ftp servers, so we provide www.my.com and ftp.my.com as the aliases of hp712.my.com, users only need to access the company's www and ftp servers according to their habits. If we use another host for www and ftp servers in the future, we only need to modify the CNAME record, it does not affect the user.

Note: After MX and CNAME record the last host name with the domain name, a "." Must be included

(2) create reverse DNS data files db.127.0.0 and db.192.22.33

The reverse DNS data file is used to query the corresponding DNS host name based on the IP address. Each network segment has a data file.

For an intranet segment 127.0.0, there is usually only one address, that is, 127.0.0.1 loopback address. The content of db.127.0.0 is as follows:

@ In soa linux.my.com root.linux.my.com .(
1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
In ns linux.my.com.

1 in ptr localhost.
The data file db.192.22.33 of the external network segment contains the conversion data from the IP address of all hosts to the DNS host name. The content of db.192.22.33 is as follows:
@ In soa linux.my.com. root.pc590.my.com .(
199609206; Serial
28800; Refresh
7200; Retry
604800; Expire
86400); Minimum TTL
NS linux.my.com.
;
; All hosts
;
20 PTR linux.my.com.
102 PTR support2.my.com.
100 PTR support.my.com.
160 PTR hp712.my.com.
The main part of the reverse DNS data file is the PTR record. The IP address in the PTR record is only the host number, and the named will be based on the named. the previous network number is automatically added to the definition of boot. Note that a "."

(3) obtain the db. cache file

In Linux, a named is usually provided under/var/named. ca. This file contains the top-level domain name server of the Internet, but this file usually changes. Therefore, it is recommended that you download the latest version from Internic. The file can be downloaded from ftp.rs.internic.net through anonymous ftp. The file name is named. root under the domain directory. Note: After downloading the file, copy it to the named working directory and rename it to the file name specified in named. boot. In this article, it is db. cache.

V. Start and test named
First, use ndc to start named based on the previously recommended method:

Ndc start
Then, in order to use and test named, set Linux to use DNS status. In the/etc directory, create the resolv. conf file. In our example, the content of/etc/resolv. conf is:

Search my.com
Nameserver 192.22.33.20
Then we can test the named.

The nslookup tool is provided for Linux and other Unix systems. In the command line state, enter:

Nslookup
Enter the switched nslookup environment. If named is started properly, nslookup displays the address and domain name of the current DNS server. Otherwise, named cannot be started properly. The following describes some basic DNS diagnostics:

(1) Check for forward DNS resolution. Enter a host name with a domain name at the nslookup prompt, for example, hp712.my.com. nslookup should be able to display the IP address corresponding to this host name. If only hp712 is entered, nslookup will be based on/etc/resolv. conf, automatically add the my.com domain name and answer the corresponding IP address.

(2) Check the reverse DNS resolution and enter an IP address at the nslookup prompt, for example, 192.22.33.20. nslookup should be able to answer the host name corresponding to the IP address.

(3) Check the MX email address record at the nslookup prompt and enter:

Set q = mx
Enter a domain name. In this example, enter my.com or mail.my.com. nslookup should be able to answer the corresponding email server address, that is, support.my.com and support2.my.com.

(4) check that the CNAME alias record is entered at the nslookup prompt:

Set q = cname
Enter an alias, such as www.my.com and nslookup, to answer the corresponding real host name, that is, hp712.my.com. To exit nslookup, enter exit.

6. Modify DNS data
To add hosts to the network, for example, to add a PC named pc01.my.com, the Administrator must. add the record of the host in my, add the corresponding PTR record in db.192.22.33, and then update the named data with ndc:

Ndc reload
Note that A record and PTR record must be modified at the same time. Many administrators only add A record and ignore the PTR record used for reverse query. As A result, many applications cannot run normally. Note that once you modify the DNS data file, you must modify the version number (Serial) of the data file)

7. Make other systems (clients) in the network use DNS servers
Once the DNS server starts to work, you can configure all the hosts in the enterprise network to use the DNS service. The Unix host configuration method has been described earlier, that is, to create the/etc/resolv. conf file. For details, see section 5 above.

Windows 95 is configured in the TCP/IP configuration of the NIC, select use DNS (enable), and fill in parameters in the configuration window respectively. In this example, if the Host running Windows 95 is named pc01.my.com, enter pc01 in the Host field and my.com in the Domain field, then, add the Domain Name Server (DNS Server) to the search list.

The configuration of Windows NT nodes is roughly the same.

8. Correction in different environments
(1) If there is more than one IP address segment and assume that an IP address segment 192.22.37 is added to the my.com domain, the/etc/named. boot content adds a definition of the network segment, as follows:

;
; Boot file for name server
;
Directory/var/named

Primary my.com db. my
Primary 0.0.127.IN-ADDR. ARPA db.127.0.0
Primary 33.22.192.IN-ADDR. ARPA db.192.22.33
Primary 37.22.192.IN-ADDR. ARPA db.192.22.37
Cache. db. cache

In contrast, the reverse DNS data file adds a file named db.192.22.37, which defines the 192.22.37 network segment, including all nodes in the 192.22.37 network segment. Its format is similar to db.192.22.33.

(2) If the enterprise network is closed, if the enterprise network is not directly connected to the external Internet, the DNS server does not have to worry about Domain Names outside the enterprise domain, so you can ignore the db When configuring named. cache, we can set/etc/named. remove cache lines in boot.

(3) If the public network you are connecting to cannot access the Internet, if the public network you access on the Intranet can only access a limited range, such as the free 169 network and Shanghai hotline, your DNS server cannot resolve the address through the top-level server (root server) on the Internet, so you must replace it with the DNS server that you can directly access. The specific method is to use the forwarders option to specify the upper-level DNS server. In this example, the content of named. boot is:

;
; Boot file for secondary name server
;
Directory/var/named

Secondary my.com 192.22.33.20 db. my
Secondary 0.0.127.IN-ADDR. ARPA 192.22.33.20 db.127.0.0
Secondary 33.22.192.IN-ADDR. ARPA 192.22.33.20 db.192.22.33
Cache. db. cache

Here, you can directly access the address of the DNS server, which is usually the address of your ISP (169, Shanghai hotline, etc.), at least one.

By specifying the forwarders and options forward-only parameters, your enterprise DNS server works in the forward-only mode, all names that cannot be resolved locally are transferred to the DNS server of the ISP for resolution.

9. Create a backup DNS Server (Secondary DNS Server)
There is usually a DNS master server, and the network can work normally, but according to Internic's domain name management specifications, an independent domain name must have at least two DNS servers, that is, a DNS master Server and a backup DNS Server (Secondary Server) are mainly used to ensure the reliability of the DNS service and make the Internet performance more reliable.

Now we still use the previous example. Now we want to add a Linux running machine nspc.my.com with the IP address 192.22.33.60.

(1) The modification on the master server first confirms that the DNS master server is working normally, and then the forward DNS data file db on the master server. in my, add the relevant records of nspc.my.com and add an NS record to make the db on the master server. my becomes the following:

@ In soa linux.my.com. root.linux.my.com .(
199511301; serial, todays date + todays serial #
28800; refresh, seconds
7200; retry, seconds
3600000; expire, seconds
86400); minimum, seconds
NS linux.my.com.
NS nspc.my.com.; records that must be added
MX 10 support.my.com.

Localhost A 127.0.0.1
Linux A 192.22.33.20
Support2 A 192.22.33.102
Hp712 A 192.22.33.160
Support A 192.22.33.100
Nspc A 192.22.33.60; added records
Mail MX 10 support.my.com.
MX 20 support2.my.com.
Www CNAME hp712.my.com.
Ftp CNAME hp712.my.com.
Nscname nspc.my.com.; added records
Ns CNAME linux.my.com.

Then, make similar changes to the reverse DNS data files on the master server, add NS records on the backup server, and restart the named.

It can be seen that in fact, The main change on the primary DNS server is to add an NS record. The remaining changes are the same as adding a common node. If you use an existing node as the backup DNS server, adding an NS record is the only required step.

(2) the configuration of the backup DNS server (secondary server) must be created on the backup DNS server only with named. boot and db. cache, similar to the master server, named. the boot content is:

; Boot file for secondary name server
;
Directory/var/named

Secondary my.com 192.22.33.20 db. my
Secondary 0.0.127.IN-ADDR. ARPA 192.22.33.20 db.127.0.0
Secondary 33.22.192.IN-ADDR. ARPA 192.22.33.20 db.192.22.33
Cache. db. cache

The three rows of secondary are defined so that named obtains various DNS data from 192.22.33.20, that is, the master server, and stores the data in various local data files. The local data file is generated after the named is downloaded from the master DNS server's named. It is usually the same as the data file on the master server, if the backup server and the master server lose connection and cannot download DNS data, the backup server can use local data files to work. The db. cache of the backup DNS server is usually copied from the master server by the system administrator.

Generally, the backup DNS server can be established in the enterprise network or used by external DNS servers. For example, the ISP Server can be used as the enterprise's backup DNS server, which improves the reliability of the DNS service. Note: The same DNS server can be a server with multiple DNS domains at the same time. It can be used as the primary server for some domains and a backup server for some other domains.

(3) DNS Client changes

For Unix hosts on the Intranet, they should be in/etc/resolv. add a nameserver description in conf so that the system can search for the backup DNS server. In this example,/etc/resolv. conf content:

Search my.com
Nameserver 192.22.33.20
Nameserver 192.22.33.60
Note: We can determine the sequence of DNS servers listed in/etc/resolv. conf as needed. Generally, servers with high access speeds are selected first.

For Windows 95 and NT, you can add the backup DNS server in the DNS server list. The order of addition also determines the priority of each DNS server.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.