Many platform platform provides cloud parsing function, the so-called cloud parsing is a DNS server, in general, after the domain name provider buys a domain name, will specify an NS record, for example, in the domain name provider buys the domain name miner-k.com. You need to set up a cloud resolution record. The value of the NS record points to the domain name address provided by cloud resolution (ns1.alidns.com, ns2.alidns.com)
Basic KnowledgeThere are two common scenarios for buying domain names: -building a domain environment within a company, a host of hosts that have a lot of internal configuration -directly setting the domain name to the hostname. (use only one server)
Dns:domain Name Service domain name resolution services
Fqdn:full qualified domain name, fully qualified domains
Tld:top level domain top-level domains
Organization domain:. com,. org,. NET,. cc
Country domain:. cn,. TW,. HK, JP
Reverse Domain:ip-> FQDN
Reverse:ip-> FQDN
Forward:fqdn-> IP Query method:
There are two ways to query: recursion, iteration
Recursion: The client queries the local DNS server, the local DNS server does not record the need to query the other domain name servers, and returns the results of the query to the client
Iteration: To query www.qq.com. Local DNS server queries, the root (root) DNS server is queried first, and the root server notifies the local DNS server qq.com NS, A records. The local DNS server queries the qq.com server for a www.qq.com corresponding a record
DNS server:
Accept local client query (recursive)
External client Request: Request authoritative Answer
Affirmative Answer: TTL
Negative Answer: TTL
External client Request: Non-authoritative answer
Caching DNS servers:
Note: A company applies for a domain name (qq.com), specifies a qq.com host on a COM DNS server, assigns an IP address, and constructs a DNS server in the company to assign different host names to different servers. For example: www.baidu.com, ftp.baidu.com, yunpan.baidu.com, tv.baidu.com and so on.
Each record in the database is called a resource record (Resource RECORD,RR)
Format of resource records
| name (names) | TTL (can omit global) | In(internal Internet) | RRT (Resource record type) | VALUE |
|---|---|---|---|---|
| Starting Authority | The default setting is 60 Minutes | Internet (in) | SOA (start of authority sets the master-server synchronization, in fact the authorized object) | Owner name, DNS name of the server, serial number, refresh interval, retry time, Expiration time, minimum TTL |
| Host Name | Log a specific TTL time (if present), otherwise the region TTL | Internet (in) | A (IPV4), AAAA (IPV4), PTR (reverse parsing) | Owner name, IP address |
| Names Server (name servers) | Log a specific TTL time (if present), otherwise the region TTL | Internet (in) | Ns | Zone name (Zone name), Name server name |
| Mail Exchanger | Log a specific TTL time (if present), otherwise the region TTL | Internet (in) | Mx | Preferred value for Zone name (Zone name), Mail Exchange Server, DNS name (priority, 0-99, smaller data, higher priority) |
| Alias | Log a specific TTL time (if present), otherwise the region TTL | Internet (in) | CNAME (Canonical Name) | Owner name, host's DNS name |
SOA (Start of authority): ZONE name TTL in SOA FQDN (name of primary DNS) Administrator_mailbox (
Serial number Refresh retry expire na ttl) serial number: Serial numbers refresh: Refreshing time, how long interval to test the primary server retry: Retry time, when the primary server is checked for the first time Time to retry after failure (must be smaller than refresh) expire: Expiration time, from server not connected to primary server nagative answer TTL: The cache time unit for negative answers: M (minutes), H (Hours), D (days ), W (week), the default unit is the second mailbox format: admin@miner.com-written as-> admin.miner.com miner.com. Ns1.miner.com in SOA.
Admin.miner.com. (2013040101 1H 5M 1W 1D) NS (name server): ZONE name--> FQDN #miner. com's domain name server ns1.miner.com m
Iner.com in NS ns1.miner.com.
Miner.com in NS ns2.miner.com. Ns1.miner.com. 600 In A 1.1.1.2 ns2.miner.com. 1.1.1.5 MX (Mail exchanger): ZONE NAME--> FQDN ZONE NAME TTL in MX pri VA LUE Priority: 0-99, the smaller the number the higher the miner.com.
In MX ten mail.miner.com. Mail.miner.com in a 1.1.1.3 A (address): Fqdn-->ipv4 Aaaa:fqdn-->ipv6 PTR (pointer): Ip-->fqdn CNA ME (Canonical NAME): Fqdn-->fqdn # www2.miner.com is www.miner.com alias www2.miner.com.
In CNAME www.miner.com. Pan Domain name resolution: *.miner-k.com.
In A 1.1.1.3 all the addresses in Miner-k.com point to 1.1.1.3 TXT CHAOS SRV
Socket Sockets: ip+ ports
Domains: Domain
Area: Zone
The domain is the logical concept, the area is the physical concept, and the region is divided into forward region and reverse region (all have configuration files). Deployment Environment
Deploy[Root@miner_k ~]# cat/etc/redhat-release CentOS release 6.9 (Final) [Root@miner_k ~]#
BIND (Berkeley Internet Name Domain) installation
configuration file[root@cxy-65 ~]# yum-y Install bind bind-utils bind-libs [root@cxy-65 ~]# rpm-qa | grep bind BIND-9.8.2-0.62.RC1 . el6_9.4.x86_64 #主要安装包 bind-utils-9.8.2-0.62.rc1.el6_9.4.x86_64 #bind工具 rpcbind-0.2.0-13.el6 _9.1.x86_64 bind-libs-9.8.2-0.62.rc1.el6_9.4.x86_64 #bind库文件
Format for zone file configuration:[Root@miner_k ~]# rpm-qc bind-9.8.2-0.62.rc1.el6_9.4.x86_64 /etc/logrotate.d/named /etc/named.conf # Primary configuration file /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/rndc.conf # Remote Name domain controller domain name server controller /etc/rndc.key #密钥文件 /etc/sysconfig/named /var/named/ named.ca #13个根节点的IP地址 /var/named/named.empty /var/named/named.localhost #本地主机名的正向解析 / Var/named/named.loopback #本地主机名的反向解析
Area:
zone "Zone NAME" in {
master|slave|hint|forward};
Main area: File
"Regional data Files"; #可以是相对路径, can also be an absolute path
from the zone: File
"zone data Files";
Masters {master1_ip;};
Options {
listen-on port {127.0.0.1;};
Listen-on-v6 Port {:: 1;};
Directory "/var/named";
Zone "." In { #根区域的配置
type hint;
File "named.ca";
Zone "localhost" in { #localhost的区域配置
type master;
File "Named.localhost";
Zone "0.0.127.in-addr.arpa" in { #127.0.0.1 's reverse parsing zone configuration
type master;
File "Named.loopback";
Format:
ACL string {address_match_element;.};Instance:
ACL Internet {
192.168.3.0/24;
10.0.0.0/24;
172.16.8.2;
};
Options {
directory "/var/named";
allow-query-cache {Internet;;;};
Options {
listen-on port {127.0.0.1;};
Listen-on-v6 Port {:: 1;};
Directory "/var/named"; #区域配置文件的位置
allow-recursion {192.168.1.0/24;}; #设置允许递归的网段.
recursion no; #no, does not allow the use of client recursion; Yes, allow the client to recursively
allow-query {any;}; #指定查询的客户端
allow-transfer {122.112.217.171/32;}; #在指定的主机上设置允许区域传送.
forward (a); #转发, first forwarding, only forwarding
forwarders {192.168.12.1;}; #如果此DNS解析不了转发到指定的IP地址的服务器上.
};Port# to see if there are 640 permissions for the profile, whether the group is named [root@miner-k etc]# ll/etc/named.conf -rw-r-----1 root named-Aug-10:58/etc/ named.conf # Check named.conf for grammatical problems [root@miner-k ~]# named-checkconf #检查区域配置文件是否有问题 [root@miner-k ~] # named-checkzone "localhost" /var/named/named.localhost zone localhost/in:loaded serial 0 OK [ Root@miner-k ~]# named-checkzone "0.0.127.in-addr.apra"/var/named/named.lo named.localhost Named.loopback [root@miner-k ~]# named-checkzone "0.0.127.in-addr.apra"/var/named/named.loopback Zone 0.0.127.in-addr.apra/in:loaded Serial 0 OK
53/tcp
53/tcp
953/tcp RNDC
DNS is usually queried by the faster data transfer protocol for UDP, but in the event of no way to query the full information, it will again be queried again with the TCP protocol. instance instance (scene one) Demand
In the domain name of the vendor to purchase a domain name miner.com, local deployment of a DNS server, respectively, specify a different host www.miner.com, ftp.miner.com, Www2.miner.com is the alias of www. COM DNS deployment (to understand the structure rationale)
To set up a primary configuration file
[root@com ~]# vim/etc/named.conf
Options {
directory "/var/named";
};
Zone "." In {
type hint;
File "named.ca";
Zone "localhost" in {
type master;
File "Named.localhost";
Zone "0.0.127.in-addr.arpa" in {
type master;
File "Named.loopback";
The following section is the
zone "com" in {
type Master that must be written;
File "Com.zone";
To view permissions:
The permissions for the configuration file are 640, and the group is named,
[root@com ~]# ll/etc/named.conf -rw-r-----1 root named 282 Aug-11:25/etc/named.conf
To set up a zone configuration file:
[root@com ~]# vim/var/named/com.zone
$TTL
@ in SOA ns1.com admin.miner.com 20170817
1D
1h< c5/>1w
3H
) in
NS ns1.com.
NS1 in a 127.0.0.1
miner-k in a *.*.217.247 #此处可以使用NS记录, but must be able to parse the record name. The "*" Here is to mask the real IP address.
or
miner-k in NS ns2.alidns.com #如果是使用阿里的云解析可以设置为ns2. alidns.com or ns1.alidns.com
Primary configuration file
# Edit Master configuration file
[root@miner ~]# vim/etc/named.conf
[root@miner ~]# cat/etc/named.conf
Options {
directory< c4/> "/var/named";
Zone "." In {
type hint;
File "named.ca";
Zone "localhost" in {
type master;
File "Named.localhost";
Zone "0.0.127.in-addr.apra" in {
type master;
File "Named.loopback";
Zone "Miner-k.com" in {
type master;
File "Miner-k.com.zone";
#查看主配置文件的权限
[Root@miner ~]# ll/etc/named.conf
-rw-r-----1 root named 294 Aug-15:45/etc/named.conf
[R Oot@miner ~]# named-checkconf
Configuring a zone configuration file
# Modify the zone configuration file
[root@miner ~]# vim/var/named/miner-k.com.zone
[Root@miner ~]# Cat/var/named/miner-k.com.zone
$TTL
miner-k.com. In SOA ns1.miner-k.com. Admin.miner-k.com (
20170814
1H
5M
1W
5D)
#miner the Last "." In the-k.com. is not to be omitted, the value here can be used instead of the
#ns1. Miner-k.com is the name of the DNS server for the miner.com domain, which must be the name
#admin. miner-k.com is a mailbox, Some of the addresses should be amdin@miner-k.com. However, in the zone configuration file "@" has a special meaning, so only users "." Replace. In
NS ns1.miner-k.com. # This record is the same as the previous record so you can omit the beginning and set it to a space. The final ns1.miner-k.com can be omitted for ns1
ns1 in a 10.0.1.53 www. a 10.0.1.57
ftp in CNAME www
#设置权限
[root@miner-k ~]# chmod 640/var/named/miner-k.com.zone
[root@miner-k ~]# chown Root: Named/var/named/miner-k.com.zone
#检查语法
[root@miner-k ~]# named-checkzone "miner-k.com"/var/named/ Miner-k.com.zone
zone miner-k.com/in:loaded serial 20170814
OKAdd the contents of the reverse zone profile in the main configuration file
[Root@miner-k ~]# tail-5/etc/named.conf
zone ' 49.78.117.in-addr.arpa ' in {
type master;
File "117.78.49.zone";
Set up a reverse zone configuration file
[Root@miner-k ~]# cat/var/named/117.78.49.zone
$TTL
@ in SOA ns1.miner-k.com. admin.miner-k.com (
20170817
1D
1H
1w
1M
) in
NS ns1.miner-k.com. #此处的配置最后必须加 ".", otherwise automatically 117.78.49.in-addr.apra
247 in PTR ns1.miner-k.com.
247 in PTR www.miner-k.com.To set permissions for a zone profile
instance (scene II)[Root@miner-k ~]# chmod 640/var/named/117.78.49.zone [root@miner-k ~]#] chown. Zone
After the purchase of a domain name point to a server, this configuration is relatively simple, directly in the domain name provider's resolution to set a record can be. master-slave replication
Architecture:
Master ip:117.78.49.247
Slave ip:122.112.217.171 Primary server configuration:
[Root@master ~]# cat/etc/named.conf
Options {
directory "/var/named";
Allow-query {any;}
;}; Zone "." In {
type hint;
File "named.ca";
Zone "localhost" in {
type master;
File "Named.localhost";
Zone "0.0.127.in-addr.apra" in {
type master;
File "Named.loopback";
Zone "Miner-k.com" in {
type master;
File "Miner-k.com.zone";
Zone "49.78.117.in-addr.arpa" in {
type master;
File "117.78.49.zone";
To specify the IP address from the server in the zone configuration file
[Root@master ~]# cat/var/named/miner-k.com.zone
$TTL
@ in SOA ns1.miner-k.com. admin.miner.com (
20170819
1H
5M
1W
3H
) in
NS ns1.miner-k.com.
NS1 in a 127.0.0.1
@ in NS ns2
ns2 in a 122.112.217.171 # must write www. In A from the server IP address 117.78.49.24
ftp in a 117.78.49.24
pops in a 117.78.49.24
From the configuration of the server and the configuration of the primary server is similar, only part of the need to modify, so the configuration from the server, only need to modify part of the configuration.
The need to synchronize the primary server configuration from the server requires full zone transfer permissions
[Root@slave ~]# cat/etc/named.conf
Options {
directory "/var/named";
Allow-query {any;}
;}; Zone "." In {
type hint;
File "named.ca";
Zone "localhost" in {
type master;
File "Named.localhost";
Zone "0.0.127.in-addr.apra" in {
type master;
File "Named.loopback";
Zone "Miner-k.com" in {
type slave; #设置参数是slave, expressed as a
masters {117.78.49.247} from the server; #设置主服务器的IP地址
file "Slaves/miner-k.com.zone"; #设置从服务器的区域配置文件的存放位置. Remember that you need to view the permissions for the slaves directory
};
Zone "49.78.117.in-addr.arpa" in {
type slave;
Masters {117.78.49.247;};
File "Slaves/117.78.49.zone";
Directory permissions from the server zone configuration file
[Root@slave ~]# ls-ld/var/named/slaves/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
