Linux DNS detailed

Source: Internet
Author: User
Tags domain name server dnssec domain server subdomain to domain fully qualified domain name

DNS Service

DNS: Domain Nsme Service

Role: Resolving the domain name to IP (forward parsing) or resolving IP to a domain name (reverse parsing)

Classification of DNS top-level domains:

Organization domain:. com. net. org .....

Country domain:. CN. tw. JP .....

Reverse domain: Resolve IP to Domain name

DNS record type:

A: Forward parsing entries

PTR: Reverse Parse entry

NS: Represents a DNS server within a domain

MX: Represents a mail server within a domain

CNAME: Aliases

SOA: Used to identify DNS servers within a domain

Note: For each NS record you add, you should add an appropriate a record for it

Type of DNS server:

Primary DNS server: Master

From DNS server: Slave

Root DNS server: hint

DNS cache server: Most contacts in life are generally used as our default DNS

Default DNS server:

is generally a DNS server that can iterate over queries for us

In the Internet, the DNS servers of the top-level domains do not iterate over us, all generally as long as the DNS cache server iterates over US

Query type for DNS:

Iterative Queries (tcp:53)

Recursive query (udp:53)

Query order for DNS:

1.DNS Cache

2. Local Host File

3.DNS Server

IP and FQDN correspondence: (FQDN: Fully qualified domain name)

ICANN: The name Assignment Agency, which manages all domain names on the internet with his or her subordinate authority

One IP can have multiple domain names (one of the implementation principles of the HTTP virtual host)

A domain name can have multiple IPs (one of the principles of cluster load balancing implementation)

From the role of DNS:

1. Implementing DNS Load Balancing

2. When the primary server fails, it can replace the primary server's work

Subdomain and delegation:

Delegation: When there are too many sub-domains in the region, it is not well maintained on a single server, and some subdomains can be assigned to the designated server for maintenance

Subdomain: Parsing files are stored in parent domain

Delegate: Have a separate zone file

Smart DNS: (also called DNS view)

1. Intelligent DNS is the domain name channel in the industry's first intelligent interpretation services

2. Can automatically determine the visitor's IP address and resolve the corresponding IP address, so that users of different operators will be able to access the corresponding server

Example: Netcom users will access to the Netcom server, telecommunications users will access to the telecommunications server

Configuration in detail: In the configuration of the time can not be a symbol, or the service may not get up

1. Inspection Tools (provided by the Bind-utils package)

Check the DNS service master configuration file for errors: named-checkconf configuration file path

Check DNS service forward file for errors: Named-checkzone domain name with corresponding reverse parsing file

Please refer to man manual for other functions of named-checkconf


2. Install the BIND package

[[Email protected]~]# RPM-IVH bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm//dns's main package

3. Configuration files

/etc/named.conf:dns's master configuration file

/etc/named.rfc1912.zones:dns Zone Declaration File

/var/named: Zone data file that hosts DNS in this directory

To modify the master configuration named.conf file:

[[Email protected]~]# vim/etc/named.conf

Options {//Global configuration

Listen-on port. {The IP address of the DNS server or any;}; //Listen for IPv4 and ports, (any: arbitrary, 53:udp53 and tcp:53)

Listen-on-v6 Port 53 {:: 1;}; //ipv6

Directory "/var/named"; //Zone data file default storage location

Dump-file "/var/named/data/cache_dump.db";

Statistics-file "/var/named/data/named_stats.txt";

Memstatistics-file "/var/named/data/named_mem_stats.txt";

Query-source Port 53;

QUERY-SOURCE-V6 Port 53;

allow-query {any;}; //What customer service is allowed to use this DNS query information, either IP network segment, or any

Allow-recursion{127.0.0.0;}; //Allow recursive query of the network segment (and the following recursion two to select one)

recursion Yes; //Allow all clients to recursively (default)

};


4. Modify/etc/named.rfc1912.zones files

[[Email protected]~]# vim/etc/named.rfc1912.zones

Forward parsing:

Zone "test.com" in {//Define a forward domain domain name test.com

Type master; //type of domain (master primary domain)

File "Test.com.zone"; //Define forward parsing file, file name Test.com.zone

allow-update {none;}; //Whether to allow "from server" to update DNS information (none: Deny)

};

Reverse parsing:

Zone "0.168.192.in-addr.arpa" in { //define reverse Domain

Type master; //type of domain (master primary domain)

File "192.168.0.arpa.zone"; //Define reverse parsing file, file name

allow-update {none;}; //Whether to allow DNS information to be updated from the server

};


5. Configure positive and reverse parsing files:

Positive and negative solution files are in the same directory, the configuration of the pros and cons of the file to the var/named/directory, this directory by default has a positive and negative parsing template file.

Named.localhost: Forward parsing file template

Named.loopback: Reverse Parse file template

[[Email protected]~]# cd/var/named/

[Email protected]~]# cp-p named.localhost Test.com.zone

The forward and backward parsing file must be the same as the name defined above

[Email protected]~]# cp-p named.loopback 192.168.0.arpa.zone

Remember the CP command must add-p option, or it may not start named service


6. Edit the forward parsing file:

[Email protected]~]# vim Test.com.zone

$TTL 86400 //life cycle

@ in SOA ns1.test.com. Www_huyuan_boke.sina.com. (

Domain name and DNS have failed when the system sends notification mail email address, @ with. instead

2016012109; Serial //serial number, every modification is added, otherwise from DNS out of sync

3H ; Refresh/Refresh time, interval of re-data

15M ; Retry//Retry interval time, retry interval after download failure

1W ; Expiry//expiry time, over which time no download is allowed

1D) ; Minimum//Cannot parse the lifetime of a record

In NS ns1.test.com. //dns domain name (ns, domain name server)

NS1in a 192.168.0.10//dns host IP address (a, forward parsing entry)

wwwin A192.168.0.50//www hostname, IP address corresponding to 192.168.0.50 host

Above is the most basic configuration of forward parsing files


To edit a reverse parse file :

[Email protected]~]# vim 192.168.0.arpa.zone

$TTL 86400

@ in SOA ns1.test.com. Www_huyuan_boke.sina.com. (

Reverse resolution of domain names and e-mail addresses can be different from forward parsing

2016010101; Serial//And positive analysis of the same meaning

1D; Refresh//; The number is followed by comments

1H; Retry

1W; Expire

3H); Minimum

In NS ns1.test.com. //Reverse parsing of the domain name displayed (can be different from the real domain name test.com)

NS1 in A 192.168.0.10 //Reverse resolution server IP address

Ten in PTRns1.test.com. //server's own reverse resolution

In PTR www.test.com. //Reverse parsing record, 50 corresponding 192.168.0.50


7. Verifying the primary DNS server

1. Open service:

[Email protected] ~]# service named restart

1. Open a Windows Customer Service console verification

2. Set the preferred DNS to the IP address of the DNS server

3. Open run with win+r, enter cmd

4. Enter Nslookup in cmd

5. Enter www.test.com validation to see if the parse result is192.168.0.50//Verify forward parsing

6. Enter 192.168.0.50 to see if the result is www.test.com


8. Configure the DNS server

1. Primary DNS server configuration

Zone declaration file:

Zone "test.com" in {//define forward field

Type master; //server type

File "Test.com.zone"; //define forward parsing file

allow-update {192.168.0.100;}; //From DNS server address

};

Zone "0.168.192.in-addr.arpa" in { //define reverse Domain

Type master; //server type

File "192.168.0.arpa.zone"; //define Reverse parsing file

allow-update {192.168.0.100;}; //From DNS server address

};

Add the following two entries to the forward and backward zone resolution file for the primary DNS server

In NS ns2.test.com//declaration from server

NS2 in A from DNS server IP address //To add NS records from server

Note: The serial number must be added one at a time after each modification of the forward and backward zone of the primary DNS server, or it will not be updated from the DNS server

2. Configuring from a DNS server

Zone "test.com" in {//Primary DNS server forward domain domain name

Type slave; //server type (slave from server)

File "Slaves/test.com.zone"; //define the location where forward parsing files are copied over

Masters {192.168.0.10;}; //Primary DNS server IP address (must be the primary server IP address)

};

Zone "0.168.192.in-addr.arpa" in { //Primary DNS server reverse domain domain name

Type slave; //server type

File "Slaves/192.168.0.arpa.zone"; //Define the reverse parsing file location to be copied over

Masters {192.168.0.10;}; //Primary DNS server IP address (must be the primary server IP address)

};

Because it is from the server, you only need to configure the above configuration to complete the configuration from the server, configured from the server after DNS resolution will be load balanced way to resolve


9. Subdomain authorization

1. Parent Domain Server Configuration

Zone resolution file configuration:

$TTL 86400

@ in SOA ns1.test.com.  Www_huyuan_boke.sina.com. (

...... //Omit partial class capacity

In NS ns1.test.com

NS1in NS192.168.0.10

wwwin A192.168.0.50

Caiwuin NS ns1.caiwu.test.com. //Declare subdomain DNS domain name

Ns1.caiwuin A192.168.0.20//Declaration subdomain Dnsip

2. Subdomain Server configuration:

Zone declaration File configuration:

Zone "Caiwu.test.com" in {//Create subdomain server for test.com domain Caiwu

Type master; //server type

File "Caiwu.test.com.zone"; //caiwu.test.com forward parsing file storage location

allow-update {none;}; //Whether to allow DNS information to be updated from the server

};

Zone resolution file Configuration

$TTL 86400

@ in SOA ns1.caiwu.test.com.  Www_huyuan_boke.sina.com. (

2016012109 ; Serial

3H ; Refresh

15M ; Retry

1W ; Expiry

1D) ; Minimum

In NS ns1.test.com. //subdomain DNS domain name

NS1in A192.168.0.20//Subdomain Dnsip

wwwin A192.168.0.30//For subdomain www.caiwu.test.com add parsing


10. Transponder Configuration:

1. Forwarding is done on the server that needs to be forwarded, usually on the subdomain service, forwarding him to a parent domain server

Zone declaration File configuration:

1. Can be configured in the global configuration in the master profile, and is configured in the global configuration to take effect for the entire DNS server

2. Declare the forwarding domain in the Zone declaration file, the second method shown here

Zone "test.com" in {//test.com resolution request forwarded to test.com

Type forward; //server type

Forward first; //Specify forwarding Type

Forwarders {192.168.0.20;}; //forwarding to the specified domain

};

Forwarding domain type:

First: Forwards to the specified domain and iterates over queries if the specified domain does not give a resolution

Only: Forwards to the specified domain if the specified domain does not give a resolution and returns the result that the client cannot resolve

Master configuration file:

Global Option Modification:

Dnssec-enable No;

dnssec-validation No;

Delete: Dnssec-lookaside auto;


11. Acl

ACL concept: By writing directives in ACLs, you can implement the same instruction reuse, similar to function functions (ACLs are generally used with intelligent DNS)

DNS default of two Acl:any and none

ACL writing principle: Generally written at the front of the file, because the ACL must first declare, and then call the

Grammar:

ACL ACL name {

Instructions

Instructions

....;

};


12. DNS Log System

Definition syntax:

Logging {

Channel Default_debug {

File "Data/named.run";

Severity dynamic;

};

};

This article is from the "Automated Operations" blog, please be sure to keep this source http://hongchen99.blog.51cto.com/12534281/1910981

Linux DNS detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.