DNS configuration __linux in Linux

Source: Internet
Author: User
Tags chmod domain name server mail exchange top level domain

Many platform platform provides cloud parsing function, the so-called cloud parsing is a DNS server, in general, after the domain name provider buys a domain name, will specify an NS record, for example, in the domain name provider buys the domain name miner-k.com. You need to set up a cloud resolution record. The value of the NS record points to the domain name address provided by cloud resolution (ns1.alidns.com, ns2.alidns.com)

There are two common scenarios for buying domain names:

 -building a domain environment within a company, a host of hosts that have a lot of internal configuration
 -directly setting the domain name to the hostname. (use only one server)
Basic Knowledge

Dns:domain Name Service domain name resolution services

Fqdn:full qualified domain name, fully qualified domains

Tld:top level domain top-level domains
Organization domain:. com,. org,. NET,. cc
Country domain:. cn,. TW,. HK, JP
Reverse Domain:ip-> FQDN
Reverse:ip-> FQDN
Forward:fqdn-> IP Query method:

There are two ways to query: recursion, iteration

Recursion: The client queries the local DNS server, the local DNS server does not record the need to query the other domain name servers, and returns the results of the query to the client
Iteration: To query www.qq.com. Local DNS server queries, the root (root) DNS server is queried first, and the root server notifies the local DNS server qq.com NS, A records. The local DNS server queries the qq.com server for a www.qq.com corresponding a record

DNS server:
Accept local client query (recursive)
External client Request: Request authoritative Answer
Affirmative Answer: TTL
Negative Answer: TTL
External client Request: Non-authoritative answer

Caching DNS servers:

Note: A company applies for a domain name (qq.com), specifies a qq.com host on a COM DNS server, assigns an IP address, and constructs a DNS server in the company to assign different host names to different servers. For example: www.baidu.com, ftp.baidu.com, yunpan.baidu.com, tv.baidu.com and so on.

Each record in the database is called a resource record (Resource RECORD,RR)
Format of resource records

In
name (names) TTL (can omit global)(internal Internet) RRT (Resource record type) VALUE
Starting Authority The default setting is 60 Minutes Internet (in) SOA (start of authority sets the master-server synchronization, in fact the authorized object) Owner name, DNS name of the server, serial number, refresh interval, retry time, Expiration time, minimum TTL
Host Name Log a specific TTL time (if present), otherwise the region TTL Internet (in) A (IPV4), AAAA (IPV4), PTR (reverse parsing) Owner name, IP address
Names Server (name servers) Log a specific TTL time (if present), otherwise the region TTL Internet (in) Ns Zone name (Zone name), Name server name
Mail Exchanger Log a specific TTL time (if present), otherwise the region TTL Internet (in) Mx Preferred value for Zone name (Zone name), Mail Exchange Server, DNS name (priority, 0-99, smaller data, higher priority)
Alias Log a specific TTL time (if present), otherwise the region TTL Internet (in) CNAME (Canonical Name) Owner name, host's DNS name
resource record type:
SOA (Start of authority): ZONE name TTL in SOA FQDN (name of primary DNS) Administrator_mailbox (
                        Serial number Refresh retry expire na ttl) serial number: Serial numbers refresh: Refreshing time, how long interval to test the primary server retry: Retry time, when the primary server is checked for the first time Time to retry after failure (must be smaller than refresh) expire: Expiration time, from server not connected to primary server nagative answer TTL: The cache time unit for negative answers: M (minutes), H (Hours), D (days      ), W (week), the default unit is the second mailbox format: admin@miner.com-written as-> admin.miner.com miner.com.      Ns1.miner.com in SOA.
                        Admin.miner.com. (2013040101 1H 5M 1W 1D) NS (name server): ZONE name--> FQDN #miner. com's domain name server ns1.miner.com m
    Iner.com in NS ns1.miner.com.
    Miner.com in NS ns2.miner.com.   Ns1.miner.com. 600  In A 1.1.1.2 ns2.miner.com. 1.1.1.5 MX (Mail exchanger): ZONE NAME--> FQDN ZONE NAME TTL in MX pri VA  LUE Priority: 0-99, the smaller the number the higher the miner.com.
        In MX ten mail.miner.com. Mail.miner.com in a 1.1.1.3 A (address): Fqdn-->ipv4 Aaaa:fqdn-->ipv6 PTR (pointer): Ip-->fqdn CNA     ME (Canonical NAME): Fqdn-->fqdn # www2.miner.com is www.miner.com alias www2.miner.com.


In CNAME www.miner.com.  Pan Domain name resolution: *.miner-k.com.


 In A 1.1.1.3 all the addresses in Miner-k.com point to 1.1.1.3 TXT CHAOS SRV

Socket Sockets: ip+ ports
Domains: Domain
Area: Zone

The domain is the logical concept, the area is the physical concept, and the region is divided into forward region and reverse region (all have configuration files). Deployment Environment

[Root@miner_k ~]# cat/etc/redhat-release 
CentOS release 6.9 (Final)
[Root@miner_k ~]# 
Deploy

BIND (Berkeley Internet Name Domain) installation

[root@cxy-65 ~]# yum-y Install bind bind-utils bind-libs

[root@cxy-65 ~]# rpm-qa | grep bind
BIND-9.8.2-0.62.RC1 . el6_9.4.x86_64       #主要安装包
bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64    #bind工具
rpcbind-0.2.0-13.el6 _9.1.x86_64
bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64  #bind库文件
configuration file
[Root@miner_k ~]# rpm-qc bind-9.8.2-0.62.rc1.el6_9.4.x86_64
/etc/logrotate.d/named  
/etc/named.conf                   # Primary configuration file
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf                       # Remote Name domain controller domain name server controller
/etc/rndc.key                       #密钥文件
/etc/sysconfig/named
/var/named/ named.ca       #13个根节点的IP地址
/var/named/named.empty
/var/named/named.localhost     #本地主机名的正向解析
/ Var/named/named.loopback    #本地主机名的反向解析
Format for zone file configuration:
Area:
zone "Zone NAME" in {
    master|slave|hint|forward};

Main area: File
    "Regional data Files";    #可以是相对路径, can also be an absolute path

from the zone: File
    "zone data Files";
    Masters {master1_ip;};
Modifying the primary configuration file/etc/named.conf
Options {
        listen-on port {127.0.0.1;};
        Listen-on-v6 Port {:: 1;};
        Directory       "/var/named";


Zone "." In {                #根区域的配置
        type hint;
        File "named.ca";

Zone "localhost" in {     #localhost的区域配置
        type master;
        File "Named.localhost";


Zone "0.0.127.in-addr.arpa" in {    #127.0.0.1 's reverse parsing zone configuration
        type master;
        File "Named.loopback";




ACL configuration

Format:

ACL string {address_match_element;.};

Instance:

ACL Internet {
        192.168.3.0/24;
        10.0.0.0/24;
        172.16.8.2;
};


Options {

        directory       "/var/named";
        allow-query-cache {Internet;;;}; 

configuration in the Opetions
Options {
        listen-on port {127.0.0.1;};
        Listen-on-v6 Port {:: 1;};
        Directory       "/var/named";           #区域配置文件的位置
        allow-recursion {192.168.1.0/24;};    #设置允许递归的网段.
        recursion no;          #no, does not allow the use of client recursion;     Yes, allow the client to recursively
        allow-query     {any;};    #指定查询的客户端
        allow-transfer {122.112.217.171/32;}; #在指定的主机上设置允许区域传送.
        forward (a);     #转发, first forwarding, only forwarding
        forwarders  {192.168.12.1;};  #如果此DNS解析不了转发到指定的IP地址的服务器上.

};
syntax checking for configuration files
# to see if there are 640 permissions for the profile, whether the group is named
[root@miner-k etc]# ll/etc/named.conf
-rw-r-----1 root named-Aug-10:58/etc/ named.conf


# Check named.conf for grammatical problems          
[root@miner-k ~]# named-checkconf   



#检查区域配置文件是否有问题
[root@miner-k ~] # named-checkzone "localhost"   /var/named/named.localhost       
zone localhost/in:loaded serial 0
OK
[ Root@miner-k ~]# named-checkzone "0.0.127.in-addr.apra"/var/named/named.lo
named.localhost  Named.loopback   
[root@miner-k ~]# named-checkzone "0.0.127.in-addr.apra"/var/named/named.loopback 
Zone 0.0.127.in-addr.apra/in:loaded Serial 0
OK
Port

53/tcp
53/tcp
953/tcp RNDC
DNS is usually queried by the faster data transfer protocol for UDP, but in the event of no way to query the full information, it will again be queried again with the TCP protocol. instance instance (scene one) Demand

In the domain name of the vendor to purchase a domain name miner.com, local deployment of a DNS server, respectively, specify a different host www.miner.com, ftp.miner.com, Www2.miner.com is the alias of www. COM DNS deployment (to understand the structure rationale)

To set up a primary configuration file

[root@com ~]# vim/etc/named.conf
Options {
    directory   "/var/named";
};

Zone "." In {
    type hint;
    File "named.ca";

Zone "localhost" in {
    type master;
    File "Named.localhost";


Zone "0.0.127.in-addr.arpa" in {
    type master;
    File "Named.loopback";

The following section is the
zone "com" in {        
    type Master that must be written;
    File "Com.zone";


To view permissions:
The permissions for the configuration file are 640, and the group is named,

[root@com ~]# ll/etc/named.conf
-rw-r-----1 root named 282 Aug-11:25/etc/named.conf

To set up a zone configuration file:

[root@com ~]# vim/var/named/com.zone
$TTL
@ in SOA ns1.com admin.miner.com 20170817
                        1D
                        1h< c5/>1w
                        3H
) in
        NS ns1.com.
NS1     in a 127.0.0.1
miner-k   in a *.*.217.247    #此处可以使用NS记录, but must be able to parse the record name. The "*" Here is to mask the real IP address.

or
miner-k   in    NS  ns2.alidns.com   #如果是使用阿里的云解析可以设置为ns2. alidns.com or ns1.alidns.com
DNS deployment of miner.com company intranet DNS server (forward)

Primary configuration file

# Edit Master configuration file
[root@miner ~]# vim/etc/named.conf
[root@miner ~]# cat/etc/named.conf
Options {
    directory< c4/> "/var/named";



Zone "." In {
    type hint;
    File "named.ca";

Zone "localhost" in {
    type master;
    File "Named.localhost";


Zone "0.0.127.in-addr.apra" in {
    type master;
    File "Named.loopback";

Zone "Miner-k.com" in {
    type master;
    File "Miner-k.com.zone";



#查看主配置文件的权限
[Root@miner ~]# ll/etc/named.conf
-rw-r-----1 root named 294 Aug-15:45/etc/named.conf
[R Oot@miner ~]# named-checkconf 

Configuring a zone configuration file

# Modify the zone configuration file
[root@miner ~]# vim/var/named/miner-k.com.zone
[Root@miner ~]# Cat/var/named/miner-k.com.zone 
$TTL
miner-k.com. In SOA ns1.miner-k.com. Admin.miner-k.com (
                20170814
                1H
                5M
                1W
                5D)
#miner the Last "." In the-k.com. is not to be omitted, the value here can be used instead of the
#ns1. Miner-k.com is the name of the DNS server for the miner.com domain, which must be the name
#admin. miner-k.com is a mailbox, Some of the addresses should be amdin@miner-k.com. However, in the zone configuration file "@" has a special meaning, so only users "." Replace. In

    NS ns1.miner-k.com.     # This record is the same as the previous record so you can omit the beginning and set it to a space. The final ns1.miner-k.com can be omitted for ns1
ns1 in     a    10.0.1.53 www.     a    10.0.1.57
ftp     in CNAME www


#设置权限
[root@miner-k ~]# chmod 640/var/named/miner-k.com.zone 
[root@miner-k ~]# chown Root: Named/var/named/miner-k.com.zone 


#检查语法
[root@miner-k ~]# named-checkzone "miner-k.com"/var/named/ Miner-k.com.zone 
zone miner-k.com/in:loaded serial 20170814
OK
Reverse Zone configuration

Add the contents of the reverse zone profile in the main configuration file

[Root@miner-k ~]# tail-5/etc/named.conf
zone ' 49.78.117.in-addr.arpa ' in {
    type master;
    File "117.78.49.zone";

Set up a reverse zone configuration file

[Root@miner-k ~]# cat/var/named/117.78.49.zone 
$TTL
@ in SOA ns1.miner-k.com. admin.miner-k.com (
            20170817
            1D
            1H
            1w
            1M
) in

        NS ns1.miner-k.com.     #此处的配置最后必须加 ".", otherwise automatically 117.78.49.in-addr.apra
247 in     PTR ns1.miner-k.com.
247 in     PTR www.miner-k.com.

To set permissions for a zone profile

[Root@miner-k ~]# chmod 640/var/named/117.78.49.zone
[root@miner-k ~]#] chown. Zone
instance (scene II)

After the purchase of a domain name point to a server, this configuration is relatively simple, directly in the domain name provider's resolution to set a record can be. master-slave replication

Architecture:
Master ip:117.78.49.247
Slave ip:122.112.217.171 Primary server configuration:

[Root@master ~]# cat/etc/named.conf
Options {
        directory       "/var/named";
        Allow-query     {any;}


;}; Zone "." In {
        type hint;
        File "named.ca";


Zone "localhost" in {
        type master;
        File "Named.localhost";


Zone "0.0.127.in-addr.apra" in {
        type master;
        File "Named.loopback";

Zone "Miner-k.com" in {
        type master;
        File "Miner-k.com.zone";

Zone "49.78.117.in-addr.arpa" in {
        type master;
        File "117.78.49.zone";


To specify the IP address from the server in the zone configuration file

[Root@master ~]# cat/var/named/miner-k.com.zone 
$TTL
@ in SOA ns1.miner-k.com. admin.miner.com (
                        20170819
                        1H
                        5M
                        1W
                        3H
) in
        NS ns1.miner-k.com.
NS1 in     a 127.0.0.1
@ in       NS ns2
ns2 in     a 122.112.217.171    # must write www. In     A from the server IP address 117.78.49.24
ftp in     a 117.78.49.24
pops in     a 117.78.49.24

from the server's configuration:

From the configuration of the server and the configuration of the primary server is similar, only part of the need to modify, so the configuration from the server, only need to modify part of the configuration.

The need to synchronize the primary server configuration from the server requires full zone transfer permissions

[Root@slave ~]# cat/etc/named.conf
Options {
    directory   "/var/named";
    Allow-query     {any;}


;}; Zone "." In {
    type hint;
    File "named.ca";


Zone "localhost" in {
    type master;
    File "Named.localhost";


Zone "0.0.127.in-addr.apra" in {
    type master;
    File "Named.loopback";

Zone "Miner-k.com" in {
    type slave;                 #设置参数是slave, expressed as a
    masters {117.78.49.247}     from the server; #设置主服务器的IP地址
    file "Slaves/miner-k.com.zone";   #设置从服务器的区域配置文件的存放位置. Remember that you need to view the permissions for the slaves directory
};

Zone "49.78.117.in-addr.arpa" in {
    type slave;
    Masters {117.78.49.247;};
    File "Slaves/117.78.49.zone";


Directory permissions from the server zone configuration file

[Root@slave ~]# ls-ld/var/named/slaves/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.