DNS server setup and usage

DNS (Domain Name System) is a distributed database that maps domain names and IP addresses on the Internet, allowing users to access the Internet more conveniently, instead of remembering the number of IP address strings that can be directly read by machines. The process of obtaining the IP address corresponding to the host name through the host name is called domain name resolution (or host name resolution ). The DNS protocol runs on the UDP protocol and uses the port number 53.

1. Network Environment Diagram

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/9F/wKiom1PiDGmBHhEXAADG_D0i-gQ559.jpg "Title =" dnsserver build and use details-7.png "alt =" wKiom1PiDGmBHhEXAADG_D0i-gQ559.jpg "/>

2. Install the BIND software package through Yum on NS1 and NS2.

[[email protected] ~]# yum install bind[[email protected] ~]# yum install bind

3. Configure NS1's forward and reverse region configuration file

# Edit the named main region configuration file. Note that you do not need to configure it # Add the region configuration information to the/etc/named. rfc1912.zones file [[email protected] ~] # Tail-8/etc/named. rfc1912.zones zone "test.com" in {type master; file "test.com. zone ";}; zone" 21.16.172.in-ADDR-ARPA "in {type master; file" 172.16.21.zone ";}; # edit the region configuration files of test.com and "21.16.172.in-ADDR-ARPA". The content is as follows [[email protected] ~] # Cat/var/named/test.com. zone $ TTL 3600 @ in SOA test.com. admin.test.com. (20140805013h15m5d1d) @ in nsns1.test.com. in MX 10mail.test.com. ns1in a172.16.21.1mailin a172.16.21.100wwwin a172.16.21.10 [[email protected] ~] # Cat/var/named/172.16.21.zone $ TTL 3600 @ in SOA test.com. admin.test.com. (LOGIN) @ in consumer. In MX 10 mail.test.com. 1In consumer. 100IN ptrmail. Test. com10in ptrwww.test.com

Verification:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/A0/wKioL1PiDYbjMJ_LAADYPBeQpTk910.jpg "Title =" dnsserver build and use Details -945.png "alt =" wkiol1pidybjmj_laadypbeqptk910.jpg "/>

4. Configure the slave server for ns1.

# Edit the main configuration file and comment out the option # edit/etc/named. rfc1912.zones, add the following content [[email protected] named] # tail-5/etc/named. rfc1912.zones zone "test.com" in {type slave; file "Slave/test.com. zone "; Masters {172.16.21.1 ;};# edit/etc/named on the NS1 server. rfc1912.zones file. Add the following content to the configuration of region test.com to support regional transfer of allow-transfer {172.16.21.2 ;}; # test.com. add the ns2-dns server @ in NS ns2.test.com in the zone configuration file. ns2-in A 172.16.21.2

Verification:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/9F/wKiom1PiDG-CGx-CAAFfbS9-xog337.jpg "Title =" dnsserver build and use details-1373.png "alt =" wKiom1PiDG-CGx-CAAFfbS9-xog337.jpg "/>

5. Configure ns as the NS1 tech subdomain server, and forward requests from test.com. domain to the NS1 server.

# In NS1/var/named/test.com. add the NS glue record tech in NS ns.tech.test.com. NS. tech in a 172.16.21.2 # in/etc/named. add the tech.test.com region to rfc1912.zones. The content is as follows: [[email protected] named] # tail-5/etc/named. rfc1912.zoneszone "tech.test.com" in {type master; file "tech.test.com. zone ";};# edit tech.test.com. the zone configuration file [[email protected] named] # Vim tech.test.com. zone $ TTL 3600 @ in SOA tech.test.com. admin.tech.test.com. (2014080501; Serial 3 h; refresh 15 m; retry 5d; expire 1D); minimum in NS nsns in a 172.16.21.2www in a 172.16.21.22 # modify tech.test.com. the zone group is namedchgrp named tech.test.com. zone

# A problem occurs during the experiment. The DNS of the parent domain cannot always resolve the name in the subdomain. The error message is as follows:

# Aug 4 22:09:15 WH1 named [3294]: Error (no valid DS) Resolving 'ns .tech.test.com/a/in': 172.16.21.2 #53

After a variety of Google, Baidu, finally found a solution

#####################################

DNSSEC-enable no;

DNSSEC-validation no;

#####################################

Verification:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/A0/wKioL1PiDYqi23luAAEXQJ1WWwc839.jpg "Title =" dnsserver build and use Details -2570.png "alt =" wkiol1pidyqi23luaaexqj1wwwc839.jpg "/>

# Although the DNS of the parent domain can be used to resolve the server address of the subdomain, the subdomain will go to the root Root to find the domain name of the parent domain, because it is not registered on the internet, therefore, it cannot be found. Therefore, you need to configure subdomain forwarding on the subdomain # configure subdomain forwarding on/etc/named. add the following content to rfc1912.zones [[email protected] named] # tail-5/etc/named. rfc1912.zoneszone "test.com" in {type forward; forward only; forwarders {172.16.21.1 ;};# restart the service

Verification:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/44/9F/wKiom1PiDHLzBtSZAADhcIaBAD4574.jpg "Title =" dnsserver setup and use details-2842.png "alt =" wkiom1pidhlzbtszaadhciabad4574.jpg "/>

6. Configure the NS1 server as a view and select the optimal server address based on the user's network address to return it to the customer.

# Modify the configuration file, move the original region configurations to view neiwang {};, and add match-clients {172.16.0.0/16 ;}; # define a new view below: View waiwang {match-clients {Any ;}; zone "test.com" in {type master; file "test.com. zone. waiwang "; allow-transfer {Any ;};};};

Verification:

When the client IP address is 172 CIDR Block, the result is as follows:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/A0/wKioL1PiDY3xNXg3AADPotk8MY0454.jpg "Title =" dnsserver build and use Details -3192.png "alt =" wkiol1pidy3xnxg3aadpotk8my0454.jpg "/>

Change the Client IP address to the 192.168 CIDR Block and parse the IP address. The result is as follows:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/9F/wKiom1PiDHSAQPyGAADAgksih8o585.jpg "Title =" dnsserver build and use Details -3224.png "alt =" wkiom1pidhsaqpygaadagksih8o585.jpg "/>

It can be seen that the view function has been configured successfully. When we access the server through two lines and when the server is facing the Intranet and Internet, it can also reduce the excessive resources consumed by the DNS server to resolve the IP addresses of other domains on the Internet.

This article from the "light" blog, please be sure to keep this source http://dddbk.blog.51cto.com/6837943/1536557