Dns settings in linux

For details about dns settings in linux-Linux Enterprise Application-Linux server application, see the following. ① Introduction
DNS is the Domain Name System, which can convert a Domain Name such as www.21php.com to an IP address such as 211.152.50.35. If there is no DNS, When you browse the website 21php.com, you must use numbers that are so hard to remember as 211.152.50.35. The DNS server provides the DNS service. There are three types of DNS servers: Cache-only server, Primary Name server, and Second Name Server ).

The detailed principles, workflows, terms, and concepts of DNS are limited by space. Can read special articles such as DNS-HOWTO to learn.

② Configure the primary DNS Server
First, let's make the following assumptions: server A is the primary Domain Name Server of 21php.com, its IP address is 11.0.0.1, server B is the secondary Domain Name Server of 21php.com, and its IP address is 11.0.0.2;

Next we configure the primary DNS server 11.0.0.1 as 21PHP. COM.

The dns function in Linux is implemented through the bind software. After the bind software is installed, several inherent files are generated, which can be divided into two categories: configuration files under the/etc directory and dns record files under the/var/named directory. Add other related files to set up the dns server. The following is a list and description of all files related to dns settings.

Hosts, host. conf, resolv. conf, named. boot, and named. conf are located in the/etc directory.

1. In the "hosts" file, the host name and IP address are defined, and the IP address and Host Name of the computer that will run dns are also defined. Content:
127.0.0.1 localhost. localdomain localhost
2. "host. conf file [Boban Note: originally written as hosts. conf], "order hosts bind" Statement, specifying the resolution order for the host name is first found in hosts, and then found in the dns server record. "Multi on" allows a host name to correspond to multiple IP addresses. Content:
Order hosts, bind
Multi on
Nospoof on
3. In the "resolv. conf" file, "nameserver 10.0.0.211" specifies the address of the dns server. Note: This file is essential for computers that do not use dns servers (non-windows systems; Windows systems set this file in "Network Properties. If you have not set the local machine as a dns server, you must specify the address of a dns server to resolve the domain name. You can write up to three addresses as the candidate dns server for the previous failure. "Domain zrs.com" specifies the default domain. File Content:
Domain 21php.com
Nameserver 11.0.0.1
4. The "named. boot" file is the configuration file used by the bind software of earlier versions. Now the new version has already been stored in "named. conf ". Named. conf is the core file of dns server configuration. The following is a piece of explanation.

# Named. conf-configuration for bind
#
# Generated automatically by bindconf, alchemist et al.
Controls {
Inet 127.0.0.1 allow {localhost;} keys {rndckey ;};
};

Include "/etc/rndc. key"; options {
Directory "/var/named /";
};
Zone "."{
Type hint;
File "named. ca ";
};
Zone "0.0.127.in-addr. arpa "{
Type master;
File "0.0.127.in-addr. arpa. zone ";
};
Zone "localhost "{
Type master;
File "localhost. zone ";
};
Zone "21php.com "{
Type master;
Optional Y yes;
File "21php.com ";
};


In the above Article, # Is the annotation symbol. The meanings of other lines are as follows:
Diretables/var/named

Specify that named reads DNS data files from the/var/named directory. You can specify and create this directory. All DNS data files are stored in this directory;

Zone "."{
Type hint;
File "named. ca ";
};
Specify named to obtain the top-level "root" server address of the Internet from the named. ca file.

Zone "0.0.127.in-addr. arpa "{
Type master;
File "0.0.127.in-addr. arpa. zone ";
};
Specify the named as the IP address range of 127.0.0 to the master server, named. the local file contains 127.0.0. * form of address-to-Domain Name conversion data (127.0.0 segment address is the internal loopback address of the LAN interface );

Zone "localhost "{
Type master;
File "localhost. zone ";
};
The DNS file data containing localhost is stored in/var/named/localhost. zone;

Zone "21php.com "{
Type master;
Optional Y yes;
File "21php.com. zone ";
};
The preceding statement indicates that DNS data in the domain 21php.com is stored in 21php.com. zone in the/var/named/directory;

You can use the text editor to open/var/named/21php.com. zone. The content is as follows:

$ TTL 86400 @ in soa @ root. localhost (
2; serial
28800; refresh
7200; retry
604800; expire
86400; ttl
)

@ In ns localhost


Www in a 11.0.0.233
Www2 in a 11.0.0.23
Forum in a 11.0.0.10
@ In mx 5 mail.21php.com.


The first part of the file is the corresponding parameter settings, this part does not need to be modified, and the subsequent part is the specific DNS data;

For example:

Www in a 11.0.0.233
Resolve www.21php.com to 11.0.0.233;

Www2 in a 11.0.0.23
Resolve www2.21php.com to 11.0.0.23;

Club in a 11.0.0.10
Resolve club.21php.com to 11.0.0.10;

③ Configure the secondary DNS Server

Configure the server 11.0.0.2 as the 21php.com secondary dns Server

The secondary DNS Server transfers a complete set of domain information from the primary server. Zone files are transferred from the master server and stored as local disk files on the secondary server. The secondary server has a complete copy of the domain information, so you can also query the domain. The configuration content of this part is as follows:
Zone "21php.com" IN {
Type slave;
File "21php.com. zone ";
Masters {11.0.0.1 ;};
};

As you can see, unlike the primary DNS server, "type" is changed to "slave", and then the address "masters {11.0.0.1 ;};" of the primary DNS server is specified ;};". When the DNS service is started, it automatically connects 11.0.0.1, reads information about the 21php.com domain, and saves it to the 21php.com. zone file on the local machine.


④ Test the DNS server

After modifying the corresponding DNS file, run the "ndc restart" command to restart the service. In redhat 7.1 or a later version, run the following command:
/Etc/rc. d/init. d/named restart
Or
/Etc/rc. d/init. d/named reload
Make the change take effect.

To test DNS, you can find a client and set its DNS address to a new DNS server address. Then, try surfing the Internet, receiving emails, downloading emails, and so on. You can also run the nslookup command: Run nslookup, enter the host name to be queried, and check whether the correct IP address is returned. We recommend that you use the dig command in redhat 7.1 or later versions.

Note: The above are tested in REDHAT 6.1 REDHAT 9 respectively.

========================================================== ==============================

I. Assumptions
This article assumes that you have a basic understanding of Domain Name Server DNS. If not, please refer to the related documents. Many DNS articles refer
I started to introduce DNS principles. From the perspective of usage, I provided some simple and practical application instances for Linux administrators.

The following assumes that we need to build a corporate network DNS master server. The application conditions are as follows:

(1) A Class c cidr block address (in this example, it is assumed to be 192.22.33)

(2) The Enterprise Domain Name Is my.com and has been registered (Master Domain Name Server address 192.22.33.20, host name is linux.my.com)

(3) connect a CEN instance to the Internet through a vro

If your application environment is different from the above conditions, please refer to it. This article will fix the following situations based on the above examples:

(1) multiple network segments

(2) closed Intranets

(3) access to a local public network only (for example, 169 or Shanghai hotline)

Ii. named,/etc/named. boot, and ndc

The main body of the DNS server is the Domain Name Server process named. After the named is started, it provides the domain name resolution service to the DNS Client and transfers the domain name
Change to IP address.

When named is started, an initialization file needs to be read. The default value is/etc/named. boot, so/etc/named. boot is
The basic configuration file of named.

Although named can be directly executed when it is started, we can use ndc, a tool for controlling named in Linux. Ndc can
This tool is used to initiate, stop, restart, refresh dn s data, output DNS data, and other debugging functions. I recommend you use this tool here.
To help debug the DNS server.

For detailed usage of ndc, see the Linux documentation.

3. Create the named configuration file/etc/named. boot

/Etc/named. boot is the basic configuration file, but does not contain any DNS data. For our previous assumptions, we first create
The content of/etc/named. boot is as follows:

;
; Boot file for name server
;
Directory/var/named
Primary my.com db. my
Primary 0.0.127.IN-ADDR. ARPA db.127.0.0
Primary 33.22.192.IN-ADDR. ARPA db.192.22.33
Cache. db. cache

The Rows starting with ";" are comments, and the meanings of other rows are
(1) diretables/var/named

Specify named to read DNS data files from the/var/named directory. You can specify and create this directory.
DNS data files are stored in this directory.

(2) primary my.com db. my

Specify the named as the primary domain name server for the my.com domain. The db. my file contains all domain name conversion data in the form of * .my.com.

(3) primary 0.0.127.IN-ADDR. ARPA db.127.0.0

Specify the named as the 127.0.0 CIDR block to the master server. The db.127.0.0 file contains the address in the format of 127.0.0. *.
To the domain name conversion data. (The 127.0.0 CIDR block address is the internal loopback address of the LAN interface)

(4) primary 33.22.192.IN-ADDR. ARPA db.192.22.33

Specify the named as the master server for the 192.22.33 CIDR block address translation. The db.192.22.33 file contains all the 192.22.33 .*
Form of address to domain name conversion data.

(5) cache. db. cache

Specify named to obtain the top-level "root" server address of the Internet from the db. cache file.

Note that (3) (4) the IP address segments in the two rows are written in reverse mode. In addition, you can determine the names of each file.

4. create various DNS data files

Next, create various DNS data files according to the definition in/etc/named. boot.

(1) create a forward domain name conversion data file db. my

According to the definition of/etc/named. boot, we create db. my in the/var/named Directory, which should include all
Host nodes in the my.com domain. However, when the number of machines is large, it is recommended that the data of several nodes be put
File, and then add the data of other nodes after the named works properly. The following is an example of db. my:

@ In soa linux.my.com. root.linux.my.com .(
199511301; serial, todays date + todays serial #
28800; refresh, seconds
7200; retry, seconds
3600000; expire, seconds
86400); minimum, seconds
NS linux.my.com.
MX 10 support.my.com.
Localhost A 127.0.0.1
Linux A 192.22.33.20
Support2 A 192.22.33.102
Hp712 A 192.22.33.160
Support A 192.22.33.100
Mail MX 10 support.my.com.
MX 20 support2.my.com.
Www CNAME hp712.my.com.
Ftp CNAME hp712.my.com.
Ns CNAME linux.my.com.

The first line is the SOA record, which defines the basic information of domain name data, which is the DNS server name and DNS administrator email address in sequence,
The first number in the brackets is the file version number. This number must be changed each time the file content is modified. Other numbers are directly connected to the DNS server
Here we do not need to change the data exchange.
There is an NS record and an MX record behind the brackets, defining the Domain Name Server itself domain name and username@my.com form mail
The name of the email server corresponding to the address.

The following table lists the domain name/address conversion data. The A record is A record from the DNS domain name to the IP address.
Hp712.my.com is used as an example. In the record, the domain my.com is omitted and only written as hp712. When processing named
My.com is automatically added with the corresponding IP address 192.22.33.160.

Another record is an MX record. MX is the mail address conversion record, which defines the mail location for the username@mail.my.com
The address is converted to a username@support.my.com or username@support2.my.com, that is, the actual mail server is
Support.my.com and support2.my.com. The priority of support.my.com is 10, and that of support2.my.com is
Therefore, emails are usually sent to support.my.com.

Some other CNAME records are provided for convenience. CNAME defines some host aliases. For example, we use hp712.my.com
For the company's www and ftp servers, we provide www.my.com and ftp.my.com as aliases for hp712.my.com,
Users only need to access the company's www and ftp servers according to their habits. If we use another host for www and ftp servers in the future
Server, you only need to modify the CNAME record, it does not affect the user.

Note: After MX and CNAME record the last host name with the domain name, a "." Must be included

(2) create reverse DNS data files db.127.0.0 and db.192.22.33

The reverse DNS data file is used to query the corresponding DNS host name based on the IP address. Each network segment has a data file.

For an intranet segment 127.0.0, there is usually only one address, that is, 127.0.0.1 loopback address. The content of db.127.0.0 is as follows:

@ In soa linux.my.com root.linux.my.com .(
1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
In ns linux.my.com.
1 in ptr localhost.

The data file db.192.22.33 of the external network segment contains the conversion data from the IP address of all hosts to the DNS host name.
The content of db.192.22.33 is as follows:

@ In soa linux.my.com. root.pc590.my.com .(
199609206; Serial
28800; Refresh
7200; Retry
604800; Expire
86400); Minimum TTL
NS linux.my.com.
;
; All hosts
;
20 PTR linux.my.com.
102 PTR support2.my.com.
100 PTR support.my.com.
160 PTR hp712.my.com.

The main part of the reverse DNS data file is the PTR record. The IP address in the PTR record is only the host number.
The previous network number is automatically added to the definition of named. boot.

(3) obtain the db. cache file

In Linux, a named. ca is usually provided under/var/named. The file contains the Internet
The top-level domain name server, but this file usually changes, so it is recommended to download the latest version from Internic. This file can be
Use anonymous ftp to download data from ftp.rs.internic.net. In the domain directory, the file name is named. root. Note that this file
After the download, copy it to the named working directory and rename it to the file name specified in named. boot. In this article, it is db. cache.

V. Start and test named

First, use ndc to start named: ndc start according to the previously recommended method.

Then, in order to use and test named, set Linux to use DNS status. In the/etc directory, create
Resolv. conf file. In our example, the content of/etc/resolv. conf is:

Search my.com
Nameserver 192.22.33.20

Then we can test the named.

The nslookup tool is provided for Linux and other Unix systems. In the command line state, enter:

Nslookup

Enter the switched nslookup environment. If the named is started properly, nslookup will display the current DNS server address and
Domain name. Otherwise, named cannot be started properly. The following describes some basic DNS diagnostics:

(1) Check forward DNS resolution

Enter a host name with a domain name at the nslookup prompt, for example, hp712.my.com.
IP address. If only hp712 is entered, nslookup automatically adds the my.com domain name and
Answer the corresponding IP address.

(2) Check reverse DNS resolution

Enter an IP address at the nslookup prompt, for example, 192.22.33.20.
The host name.

(3) Check MX mail address records

At the nslookup prompt, enter:

Set q = mx

Enter a domain name. In this example, enter my.com or mail.my.com and nslookup to answer the corresponding email address.
Server address, that is, support.my.com and support2.my.com.

(4) Check the CNAME alias record

At the nslookup prompt, enter:

Set q = cname

Enter an alias, such as www.my.com and nslookup, to answer the corresponding real host name, that is, hp712.my.com.

To exit nslookup, enter exit.

6. Modify DNS data

To add a host to the network, for example, to add a PC host named pc01.my.com, the Administrator must add the host in db. my.
Add the corresponding PTR record to db.192.22.33, and then use ndc to update the named data:

Ndc reload

Note that the record and PTR record must be modified at the same time. Many administrators only add A record while ignoring the PTR used for reverse query.
Record, the result will make many applications unable to run normally.

Note that once you modify the DNS data file, you must modify the version number (Serial) of the data file)

7. Make other systems (clients) in the network use DNS servers

Once the DNS server starts to work, you can configure all the hosts in the enterprise network to use the DNS service. Unix host configuration method,
As described above, create the/etc/resolv. conf file. For details, see section 5 above.

Windows 95 is configured in the TCP/IP configuration of the network card, select use DNS (enable), and then in the configuration window
Do not fill in parameters. In this example, if the host running Windows 95 is named pc01.my.com
Enter pc01 in the Host column, my.com in the Domain column, and then set the Domain Name Server (DNS Server)
Add to the search list.

The configuration of Windows NT nodes is roughly the same.

8. Correction in several different environments

(1) If there is more than one IP address segment

Assuming that an IP address segment 192.22.37 is added to the my.com domain, add one to the/etc/named. boot file.
The CIDR block is defined as follows:

;
; Boot file for name server
;
Directory/var/named
Primary my.com db. my
Primary 0.0.127.IN-ADDR. ARPA db.127.0.0
Primary 33.22.192.IN-ADDR. ARPA db.192.22.33
Primary 37.22.192.IN-ADDR. ARPA db.192.22.37
Cache. db. cache

The reverse DNS data file adds a file named db.192.22.37, which defines the network segment of 192.22.37, including all
Nodes in the 192.22.37 CIDR block are in the same format as those in db.192.22.33.
(2) If the enterprise network is closed

If the enterprise network is not directly connected to the external Internet, the DNS server does not have to worry about Domain Names outside the enterprise domain, so the configuration
When named is used, you can ignore db. cache. we can remove the cache lines in/etc/named. boot.

(3) If your connected public network cannot access the Internet

If your Intranet can only access a limited range of public networks, such as the free 169 network and Shanghai hotline, then your DNS server
The server cannot resolve the IP address through the top-level server (root server) on the Internet, so you must be able to directly access
. The specific method is to use the forwarders option to specify the upper-level DNS server. In this example,
The content of named. boot is:

;
; Boot file for name server
;
Directory/var/named
Primary my.com db. my
Primary 0.0.127.IN-ADDR. ARPA db.127.0.0
Primary 33.22.192.IN-ADDR. ARPA db.192.22.33
Primary 37.22.192.IN-ADDR. ARPA db.192.22.37
Forwarders...
Options forward-only

Here, it is the address of the DNS server that you can directly access, usually the DNS of your ISP (169, Shanghai hotline, etc.)
At least one server address is required. By specifying the forwarders and options forward-only parameters, your Enterprise
The DNS server works in forward-only mode, and all local names that cannot be resolved are transferred to the DNS server of the ISP.
Resolution.

9. Create a backup DNS Server (Secondary DNS Server)

Usually there is a DNS master server, the network can work normally, but according to the Internic domain name management specifications, an independent
The domain name must have at least two DNS servers, namely one Primary DNS Server and one backup DNS service.
Server (Secondary Server), which is mainly for the reliability of DNS services, so as to make the Internet performance more reliable.

Now we still use the previous example. Now we want to add a Linux-running machine nspc.my.com with the IP address 192.22.33.60.

(1) Modification on the master server

First, confirm that the DNS master server is working normally. Then, add
Nspc.my.com and add an NS record to make db. my on the master server the following content:

@ In soa linux.my.com. root.linux.my.com .(
199511301; serial, todays date + todays serial #
28800; refresh, seconds
7200; retry, seconds
3600000; expire, seconds
86400); minimum, seconds
NS linux.my.com.
NS nspc.my.com.; records that must be added
MX 10 support.my.com.
Localhost A 127.0.0.1
Linux A 192.22.33.20
Support2 A 192.22.33.102
Hp712 A 192.22.33.160
Support A 192.22.33.100
Nspc A 192.22.33.60; added records
Mail MX 10 support.my.com.
MX 20 support2.my.com.
Www CNAME hp712.my.com.
Ftp CNAME hp712.my.com.
Nscname nspc.my.com.; added records
Ns CNAME linux.my.com.

Then, make similar changes to the reverse DNS data files on the master server to add NS records for the backup server. However
And then restart named.
It can be seen that, in fact, The main change on the primary DNS server is to add an NS record, the remaining changes and add a common section
Point. If you use an existing node as the backup DNS server, adding an NS record is the only required step.

(2) configuration of the backup DNS server (secondary server)

The configuration files to be created on the backup DNS server are named. boot AND db. cache. The format is similar to that of the master server,
The content of named. boot is:

;
; Boot file for secondary name server
;
Directory/var/named
Secondary my.com 192.22.33.20 db. my
Secondary 0.0.127.IN-ADDR. ARPA 192.22.33.20 db.127.0.0
Secondary 33.22.192.IN-ADDR. ARPA 192.22.33.20 db.192.22.33
Cache. db. cache

The three rows of secondary definition make named obtain various DNS data from 192.22.33.20, that is, the master server,
And stored in local data files. The local data file is generated after the named is downloaded from the primary DNS server's named,
Generally, it is the same as the data files on the master server. In case the backup server and the master server lose connection and cannot download DNS data,
The backup server can work with local data files.
The db. cache of the backup DNS server is usually copied from the master server by the system administrator.

Generally, the backup DNS server can be established in the enterprise network or act as an external DNS server, such
As the backup DNS server of the enterprise, the server can improve the reliability of the DNS service. Note: The same DNS Server
It can be a server with multiple DNS domains at the same time. It can be used as the primary server for some domains and as a backup server for some other domains.
Server.

(3) DNS Client changes

For Unix hosts on the Intranet, add a nameserver description in/etc/resolv. conf
The system can search for the backup DNS server. In this example, the content of/etc/resolv. conf is:

Search my.com
Nameserver 192.22.33.20
Nameserver 192.22.33.60

Note: We can determine the sequence of DNS servers listed in/etc/resolv. conf as needed.
The server with high speed is in front of the server.

For Windows 95 and NT, add the backup DNS server in the DNS server list.
The Order also determines the priority of access to each DNS server.