DNS (2)-forward and reverse resolution and Master/Slave Configuration

Lab questions:

1. Forward/reverse DNS resolution

2. Master-slave DNS Synchronization

 

Lab environment:

1. vmwarevm

2. More than two Linux sub-Machines

3. XP Testing Machine

 

Experiment process:

1. forward and reverse DNS resolution

Tutorial topology:

650) This. width = 650; "Title =" FDU (x @~ {Kb55v31610wqr4sjc.jpg "alt =" wkiol1pmrf2i2iooaadqwpcqolc175.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/49/wKioL1PmRf2i2IooAADQWPCQOLc175.jpg "/>

Note:In fact, you don't need to specify a gateway here, just set it for good looks. The DNS of the server points to itself. Otherwise, Ping fails.

The purpose is to let the client resolve the domain name to the IP address or the domain name with the IP address. This is just for testing. In actual situations, reverse resolution is highly risky and should be used with caution!

 

1. server side:

Install the DNS server (BIND) and mount the CD image

650) This. width = 650; "Title =" sudlwx?puj1c7=%4k2mf'dc.jpg "alt =" wkiol1pmr36ak0b2aafeg1hjxiu660.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/49/wKioL1PmR36Ak0B2AAFEG1hjXIU660.jpg "/>

Install the bind Service and bind-utils Service (tool tests later)

650) This. width = 650; "Title =" u3i%9f%8fttyugc%zpu%x1x.jpg "alt =" wKioL1PmR8aRY-PIAACptGY4iA4789.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/49/wKioL1PmR8aRY-PIAACptGY4iA4789.jpg "/>

650) This. width = 650; "Title =" 5s000000000000w_um69md300000000000000003@it'ap.jpg "alt =" wkiom1pmrsyymdpjaacqcvrjubo796.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/49/wKiom1PmRsyymdpjAACqcVRJuBo796.jpg "/>

 

Next let's take a look at what the main DNS configuration file means.

Options {// define Global Options for the server

Directory "/var/named"; // defines the working directory of the server configuration file

Dump-file "/var/named/data/cache_dump.db"; // path for storing the database on the server

Statistics-file "/var/named/data/named_stats.txt"; // defines the path of the server statistics File

};

Zone "." In {// defines the root region. The Container command zone defines a DNS region,

// The command is followed by the DNS region name. The root region name is ".".

// Define the DNS region option in the brackets of the container command zone.

 

Type hint; // The type of the region is "hint". When the server is started, it can find

// Obtain the latest list of root DNS servers.

 

File "named. ca"; // specify the root server file as named. ca.

};

 

2. Forward resolution Configuration

Define a region ky.com. Note: Each sentence must be followed by ";". Otherwise, an error will be reported during startup. The file name specified in the file can be retrieved randomly, not fixed, however, the file name of the region library to be created later must be consistent with that in the file. The zone here is added by yourself.

Edit the file: # Vim/etc/named. rfc1912.zones

650) This. width = 650; "Title =" w%mi4%p%2dwedo82bl%7_0p.jpg "alt =" wkiol1pmskcd0ik6aaajqkshslm213.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/4A/wKioL1PmSkCD0ik6AAAjqKShSlM213.jpg "/>

 

Create a Region Library File

# Cd/var/named/

# Vim ky.com

650) This. width = 650; "Title =" s0000(c0000mips78n(l(k5zjl6xi.jpg "alt =" wkiol1pmsqpzxpxoaacnughwi34020.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/4A/wKioL1PmSqPzXpXoAACnUGhwI34020.jpg "/>

Document details:

$ TTL 36000:Defines the default time that allows the client to cache data from queries. The unit is seconds. You can also set the default time.

H (hours), D (days), and w (Weeks) are used as units.

@:The current region is represented by default, that is, ky.com.

In:Indicates that the type belongs to the Internet class. The format is fixed.

SOA:The abbreviation of start of authority, which must be set in the main name server region file.

It indicates that the DNS server that creates it is the primary name server.

Ky.com .:Defines the authorized host name responsible for name resolution in the region, so that the DNS server will know who controls this

Regions.

Note: In the configuration file, add a point at the end of the complete host address to indicate that it is a complete host name, which is

Because the domain name without "." is regarded as a relative domain name in the region, such as www.ky.com (with no point at the end ),

It will be parsed as www.ky.com.ky.com.

Root.ky.com .:Set the Administrator's email address. Because the server number "@" is used before, it indicates the name of the region.

Therefore, the Administrator mailbox uses "." instead of "@".

20140801:Serial, serial number, cannot exceed ten digits. The serial number is used to identify whether the data in the region is updated. When

When the secondary DNS server contacts the primary DNS server and updates the data, the value is compared. If you find this number

If the value is greater than the value of the last update, Region replication is performed. Otherwise, the region replication operation is abandoned.

To increase the value of the serial number.

1 h:Refresh: defines the update interval, that is, how long the secondary Domain Name Server queries a primary server from the primary server

Obtain the latest data to ensure that the data on the secondary server is updated.

5 m:Retry defines the value of the Retry Interval. When the Update Time of the secondary server expires

The interval at which the replication in the retry region is obtained. The normal interval should be less than the Update Interval

1D:Expiry Time, which defines the value of the expiration time. The expiration time is used to define that the secondary name server cannot be

When you get in touch with the Master name server, you will not retry and discard the data in this region.

2d:Minimum indicates the uniform cache duration of the negative answer. If $ TTL is not defined at the beginning, the value prevails.

In NS ky.com .:Define name server NS resource records.

Ky.com. In a 1.1.1.1:Define host address a record.

*:Wildcard resolution indicates where the host name fails to be parsed (the domain name is entered correctly.

 

Restart service

650) This. width = 650; "Title =" irhc8%0%vihs_jm%v@8jln.jpg "alt =" wkiol1pmtchgbfmxaabsmsqhq5w7%jpg "src =" http://s3.51cto.com/wyfs02/M01/45/4A/wKioL1PmTcHgBfmXAABSmsQhQ5w720.jpg "/>

 

View forward resolution, local test:

650) This. width = 650; "Title = "~} _4y6mbphev1_qcggpmjld.jpg "alt =" wkiol1pmtincbll1aabwmdzugz4002.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/4A/wKioL1PmTinCBlL1AABwmdzuGz4002.jpg "/>

650) This. width = 650; "Title =" m5a( I ?%e=t'tjs55olvqk_n.jpg "alt =" wkiom1pmtsqga2tdaabfyz3jqfo234.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/49/wKiom1PmTSqga2TdAABfyZ3JQfo234.jpg "/>

650) This. width = 650; "Title =" y062j_w142568r%'3x%'k_%5f.jpg "alt =" wkiol1pmtl_t5qybaab6ulsrof8570.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/4A/wKioL1PmTl_T5qyBAAB6uLSROf8570.jpg "/>

 

3. Reverse resolution

Define a reverse Region

650) This. width = 650; "Title =" n2in1_6i60avia8_(5ovqxu.jpg "alt =" wkiol1pmttrzasgjaaa9tmisdpi302.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/4A/wKioL1PmTtrzaSGJAAA9tMIsDpI302.jpg "/>

 

Create reverse resolution File

650) This. width = 650; "Title =" Copyright @my0tynxvlf7z7w00005448ub.jpg "alt =" wKiom1PmTfDAvhW_AACaTbof-hQ268.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/49/wKiom1PmTfDAvhW_AACaTbof-hQ268.jpg "/>

 

After restarting the service, let's check the Local Machine

650) This. width = 650; "Title =" puw.0000_yfa1_2exl'@ow.edga8.jpg "alt =" wkiom1pmtxtxz2hnaacfuagrgmi587.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/49/wKiom1PmTxTxZ2HnAACFUagRGmI587.jpg "/>

650) This. width = 650; "Title =" kgsr6fky1kj0cg%4zdl%l.l.jpg "alt =" wKioL1PmUEzQuDjdAAB-WRCsD7U717.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/4A/wKioL1PmUEzQuDjdAAB-WRCsD7U717.jpg "/>

 

Let's test it with a client.

650) This. width = 650; "Title =" b0000fu1_t0_000000000000xa7zti1__rtx5.jpg "alt =" wkiol1pmullxzwimaag7iy1_qze372.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/4A/wKioL1PmULLxzwImAAG7IY3gqZE372.jpg "/>

650) This. width = 650; "Title =" me9_86ei1_izsb(pqj820.r((3.jpg "alt =" wkiom1pmt8ddr9i4aadgtg59wmm225.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/49/wKiom1PmT8DDr9I4AADgTG59WmM225.jpg "/>

At this point, reverse resolution is successfully completed.

 

Ii. Master-slave Synchronization

Tutorial topology:

650) This. width = 650; "Title =" lt00000000b6fo3%am%%%%pu7bequp.jpg "alt =" wkiol1pmuu6dlcefaadjsyvmp5u865.jpg "src =" http://s3.51cto.com/wyfs02/M02/45/4A/wKioL1PmUU6DLcEfAADjsYvmp5U865.jpg "/>

 

Purpose:

The secondary DNS server automatically obtains resolution information from the primary DNS to implement synchronous backup.

 

 

Experiment process:

1. The primary DNS server is based on the above example. The secondary DNS server needs to install the DNS service.

2. Add an NS record to the primary DNS server and specify to add a record from the service ns.

650) This. width = 650; "Title =" _ gfnwof ~ Kel0jce(skn4rzc.jpg "alt =" wkiol1pmuhgc9jugaadrmdg2kmo680.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/4A/wKioL1PmUhGC9juGAADRmdG2kMo680.jpg "/>

650) This. width = 650; "Title =" 9au000004h6b4ej(6c00000000(151(e.jpg "alt =" inherit "src =" http://s3.51cto.com/wyfs02/M02/45/49/wKiom1PmUQ_jDSiAAADPihJPjYQ290.jpg "width =" 364 "Height =" 240 "/>

 

3. define the secondary region on the secondary DNS. Note: because it is a backup server, the configuration here must be exactly the same as that on the primary server (host name and region file name ), you must also specify that you are a backup server (slave) and who the master server is. The file here refers to the path, which is usually placed under var/named/slaves, because the group of the created file is named, named has no write permission under the/var/named directory, so it must be under the slaves directory.

650) This. width = 650; "Title =" comment c8%2gwewo%%%7kj(_k@%s7v.jpg "alt =" wKiom1PmUgvSzdDyAAC0-kq90ek408.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/49/wKiom1PmUgvSzdDyAAC0-kq90ek408.jpg "/>

 

4. Now, let's test and add a record to the master server to see if the record can be synchronized.

650) This. width = 650; "Title =" FCM {% ssa5trb) o_rkt ~ Id ~ 8. jpg "alt =" wkiol1pmu73zwwalaad1cx9unja294.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/4A/wKioL1PmU73zwwalAAD1CX9uNjA294.jpg "/>

650) This. width = 650; "Title =" kpi8o6s(9e%g32m0cjo(@% B .jpg "alt =" wKiom1PmUr7w3_OQAADN5Xh2-bo637.jpg "src =" http://s3.51cto.com/wyfs02/M00/45/49/wKiom1PmUr7w3_OQAADN5Xh2-bo637.jpg "width =" 344 "Height =" 255 "/>

# Rndc reload

View files synchronized from secondary DNS

650) This. width = 650; "Title =" j%os6%887'n%}wmr62%g.jpg "alt =" wkiom1pmuwetrtaafbsjeiffy727.jpg "src =" http://s3.51cto.com/wyfs02/M01/45/49/wKiom1PmUweCxTrTAAFbsJEiffY727.jpg "/>

650) This. width = 650; "Title =" n1820.ktlm(ah%2slodep2xm1.jpg "alt =" wkiol1pmvd3asgmraafp%bevu9%jpg "src =" http://s3.51cto.com/wyfs02/M02/45/4A/wKioL1PmVD3ASGMrAAFp824bevU920.jpg "/>

This completes the master-slave synchronization.

Note: When the master server fails, the slave server is immediately enabled. However, the slave server still requests the master server for a long time, it means that the backup server sends a request to the master server every time it passes, and the master server gives up after it does not respond. This time is defined in the previously written database file. Now, someone has to ask, isn't it enough to change the expire time to a long time? Of course not, because the slave server's database can only be obtained from the master server. If the master server does not exist for a long time, its own database cannot be updated.

This article from the fish blog, please be sure to keep this source http://kyfish.blog.51cto.com/1570421/1538026