DNS service setup details

DNS service setup details

Dig: yum install-y bind-utils

Yum install bind

/Etc/named. conf is the DNS master configuration file
/Etc/init. d/named is the DNS Service start and stop script (Centos7 is systemctl start named)

Cp/etc/named. conf/etc/named. conf. bak back up the original configuration file

>/Etc/named. conf clear the configuration file

Vim/etc/named. conf edit the configuration file

Options {

Directory "/var/named ";

};

Zone "." IN {

Type hint;

File "named. ca ";

};

Zone "localhost" IN {

Type master;

File "localhost. zone ";

};

Zone "0.0.127.in-addr. arpa" IN {

Type master;

File "named. local ";

};

Chown named/etc/named. conf (under normal circumstances, the owner is set to named by default)

Cd/var/named/

Dig-t NS.> named. ca

Add vim localhost. zone

@ In soa localhost. admin. localhost .(

2013081601

1 H

10 M

7D

1D

)

@ In ns localhost.

Localhost. in a 127.0.0.1

Vim named. local

$ TTL 86400

@ In soa localhost. admin. localhost .(

2013081601

1 H

10 M

7D

1D

)

@ In ns localhost.

1 in ptr localhost

Check whether the configuration is correct.

Named-checkconf (no display instructions are correct)

Forward resolution (from domain name to IP address)

Named-checkzone "localhost"/var/named/localhost. zone

Reverse resolution (IP to domain name)

Named-checkzone "0.0.27.in-addr. arpa"/var/named. local

Rndc-confgen-r/dev/urandom-a generates rndc. key. If this key is not available, named cannot be started.

Chown named: named/etc/rndc. key

Systemctl start named

Netstat-nlp | grep named: Check whether the named process has listened to port 53.

Test forward parsing: dig @ 127.0.0.1 localhost

Reverse test parsing: dig @ 127.0.0.1-x 127.0.0.1

PTR anti-resolution

Add a domain name

Custom zone (abc.com)

Vim/etc/named. conf

Zone "abc.com" IN {

Type master;

File "abc.com. zone ";

};

Edit the zone file vim/var/named/abc.com. zone.

$ TTL 600

@ In soa abc.com root.abc.com (

2013081601

1 H

10 M

7D

1D

)

In ns ns.abc.com.

In mx 10 mail.abc.com.

Ns in a 192.168.153.small

Www in a 192.168.153.134

Mail in a 192.168.153.100

Bbs in cname www.abc.com.

Vim/etc/resolv. conf

Change dns to local IP Address

Named-checkconf

Named-checkzone "abc.com"/var/named/abc.com. zone

If all are OK, restart named.

Systemctl restart named

Ping www.abc.commail.abc.com and resolve it to the corresponding 153.133/153.134.

Meanings of parameters

Q TTL: indicates the domain name cache period field. It specifies the time when the information in the resource file is stored on the DNS Cache Server. This parameter is set to 600 seconds, it means that the DNS Cache Server will obtain the information of this domain name again after 600 seconds.

Q @: indicates the current domain. SOA describes an authorization region. If a domain name request from abc.com is sent to ns.abc.com. Root indicates the mailbox for receiving information, which is the local root user.

Q serial: indicates the version number of the file in the region. When the data in the region file changes, this value will change. The slave server requests the SOA record of the master server after a certain time, and compares the serial number value with the serial number of the SOA record in the cache. If the value changes, the slave server pulls data from the master server again.

Q refresh: specifies the time interval between the slave Domain Name Server and the SOA record of the master Domain Name Server, in seconds.

Q retry: specifies the time interval between the slave server and the master server after a request from the Domain Name Server or a failed refresh in a region. The unit is seconds.

Q expire: If the slave server cannot be connected to the master server within the specified time, the slave server will lose data in all regions.

Q Minimum: If the TTL value is not specified, minimum indicates the default cache period of the domain name.

Q A: Host record, used to match A host name with one or more IP addresses.

Q NS: An NS record points to the Primary Domain Name Server in a given region and a resource record containing the Host Name of the server.

Q CNAME: Used to associate a domain name with its alias. the alias of the access domain name and the original name of the access domain name will be resolved to the same host address.

The last four lines define the IP addresses that the domain names point.

Configure DNS forwarding

The DNS we configure can only be resolved to the zone we define. If it is not defined, it cannot be resolved.

Configure DNS forwarding to resolve other domain names on the internet, provided that the domain name exists on the Internet, that is, the domain name has been resolved by a DNS server

Environment

DNS server: 192.168.153.133abc.com

Test client: 192.168.153.136

Modify the dns on the test machine to 153.133. We have configured our own DNS server.

Vim/etc/resolv. conf

# Generated by NetworkManager

Nameserver 192.168.153.small

Dig abc.com test, resolved to 153.133

Now the test machine can only be resolved to the configured DNS server, but cannot access the Internet, so you need to configure forwarding on the DNS server

Vim/etc/named. conf add forward to options

Options {

Directory "/var/named ";

Forward first;

Forwarders {8.8.8.8 ;};

};

These two lines are used to configure forwarding. domain names that cannot be resolved by the DNS server will be forwarded to the server 8.8.8.8 for resolution.

Named-checkconf check for configuration file errors

Systemctl restart named service

Ping www.abc.com on the test machine and find that the IP address is 192.168.153.134.

Ping www.qq.com is a normal Internet IP address.