DNS details and advanced applications in linux

DNS: domainnamesystem recursive query: you can obtain the final result iterative query after a query: you need to perform multiple queries to obtain the final result. Generally, the application method on the Internet is local recursion, partial Internet iteration. All DNS do not know where the other DNS is, but all know...

DNS: domain name system
Recursive query: The final result is obtained after a query.
Iterative query: you must perform multiple queries to obtain the final result.
The application methods on the Internet are generally local recursion and partial iteration on the Internet.
No DNS knows where the other DNS is, but it knows where the root is. the local host uses the local DNS for recursion, and the local DNS returns the final result to the local host after iterative query.
Common DNS record types:
A record: IP address resolved by host name
PTR record: host name resolved by IP address
NS record: Used to specify the local domain name server (with master and auxiliary)
MX record: Used to specify the local Email Server
CNAME: Used to specify the alias of a host
SOA: the initial authorization record, used to describe the primary domain name server of the domain
The secondary domain name server needs to query updates on the primary (or other secondary) domain name server at intervals to ensure data consistency,
This process is called Region transfer. This process uses TCP protocol and Port 53. To ensure data consistency
New, will also promptly inform the slave server to synchronize.
There are two types of region transfer:
Incremental region transfer
Complete region transfer
DNS server type: 1. Master <--> from 2. cache server 3. forwarder
About query priority: find the local hosts File-> local DNS cache-> local DNS region File-> .....
$ TTL 86400
@ In soa localhost. root. localhost. (in the DNS configuration file, @ indicates that the domain has special significance. Therefore, the administrator email here uses ". ". ", fixed format.
1997022700; after each Serial update, the server changes the number. if the number is changed, the server requests an update.
28800; Refresh slave server update time
14400; Retry time after update failure on the slave server
3600000; Expire will not be updated after a retry
86400); Minimum if the master server cannot find the corresponding request, the time allowed for the client to query again
DNS forwarding: by default, the DNS server performs recursive resolution for the 1000 clients.
Declare recursion no in the configuration file to completely disable recursive forwarding.
Implement recursive allow-recursion {IP/Net;} for a specific network segment or IP address ;}
Declare the version number vsersion "" in the main configuration file to prevent other people from getting the bind version information through the dig command.
Full forwarding: When the DNS server receives a query request, it first checks whether the domain information is queried and whether the local cache contains data, if you cannot use the local data parsing DNS, the query request is sent to the forwarder,
In this case, it is sent to the forwarder in recursive query mode, and in standard DNS resolution, the DNS server will send it to another DNS server in iterative query mode.
Options {
Forward only | first;
Forwardsers {IP ;};
}
Only: recursive resolution only depends on the forwarder. if the forwarder has a problem, it will not be resolved.
First: first request the forwarder for forwarding (please use the forwarder for recursion). If the forwarder does not have a response, find its own root, and then start standard DNS resolution, that is, iterative query.
Partial forwarding (only forwarding DNS resolution for a domain): assume that there are two domains, a.com, B .com, and a.com, which are authorized (registered with the upper-level, that is. com), and B .com is not authorized. in this case, if a host in a.com needs to access www. B .com, access will fail, however, if a.com knows who the DNS host for the B .com domain is, even if B .com is not authorized, a.com's DNS can set a partial forwarding, send all requests for parsing the B .com domain in this domain to the DNS host of the B .com domain.
Partial forwarding is generally used to access unauthorized DNS domains. Configuration format
Zone "B .com" IN {
Type forward;
Forwarders {IP ;};
}
Subdomain authorization:
In the region configuration file of the parent domain, use the NS record to declare the subdomain and the DNS server that manages the subdomain (both the primary and secondary domain are declared)
Assume that the domain a.com contains a subdomain net.a.com.
The configuration is simple. you only need to add one in the region configuration file of the parent domain.
Net.a.com in ns ns1.net.a.com
Ns1.net.a.com in a 1.1.1.1
Set hosts that allow DNS query
1. define directly
In the main configuration file, allow-query {192.168.1.0/24;}; defines that hosts in the network segment 192.168.1.0 are allowed to perform DNS queries.
2. use acl
Define an acl in options
Acl clients {172.16.0.0/16; 192.168.1.0/24 ;};
Allow-query {clients;}; this allows both network segments to be queried at the same time.
Smart DNS View ):
The access speed between chinamoocs and China Telecom is relatively slow. Currently, the server is usually dual-line.
To dynamically identify whether the client IP address is China Netcom or China Telecom, China Netcom accesses China Telecom's server.
Here we assume that China Netcom belongs to the CIDR block 192.168.1.0/24 and China Telecom belongs to the CIDR block 172.16.0.0/16.
First define access control
Acl telecom {172.16.0.0/24 ;};
Acl unicom {192.168.0.0/24 ;};
Next, we will define two DNS views for two different customer IP ranges.
View TELNET {
Match-clients {telecom ;};
Match-destinations {any ;};
Recursion no;
Include "/etc/named. telecom. zones ";
};
View UNINET {
Match-clients {unicom ;};
Match-destinations {any ;};
Recursion no;
Include "/etc/named. unicom. zones ";
};
Assume that my DNS domain is test.com, and the following configuration files are:
Vi named. telecom. zones (this file is copied by named. rfc1912.zones. The following is added on the basis of the original file ,)
Zone "test.com" IN {
Type master;
File "test.com. zone. tele ";
Allow-update {none ;};
};
Zone "0.16.172.in-addr. arpa" IN {
Type master;
File "172.16.0.rev ";
Allow-update {none ;};
};
Vi named. unicom. zones (this file is the same as above. if you manually create a file, ensure that the file contains the root domain and localhost domain)
Zone "test.com" IN {
Type master;
File "test.com. zone. uni ";
Allow-update {none ;};
};
Zone "0.168.192.in-addr. arpa" IN {
Type master;
File "192.168.0.rev ";
Allow-update {none ;};
};
The content of the forward and reverse resolution files is not listed. for details, refer to the DNS creation process described in my blog. the two files must be completely consistent except the IP address.
After completion, perform the syntax check named-checkconf, named-checkzone
Restart test (I configured two IP addresses 192.168.0.162 and 172.16.0.162 on my local Machine)
Dig-t A www.test.com @ 172.16.0.162 use 172.16.0.162 as the DNS server for resolution
Dig-t A www.test.com @ 192.168.0.162 use 192.168.0.162 as the DNS server for resolution