DNS Service
DNS: Domain Nsme Service
Role: Resolving the domain name to IP (forward parsing) or resolving IP to a domain name (reverse parsing)
Classification of DNS top-level domains:
Organization domain:. com. net. org .....
Country domain:. CN. tw. JP .....
Reverse domain: Resolve IP to Domain name
DNS record type:
A: Forward parsing entries
PTR: Reverse Parse entry
NS: Represents a DNS server within a domain
MX: Represents a mail server within a domain
CNAME: Aliases
SOA: Used to identify DNS servers within a domain
Note: For each NS record you add, you should add an appropriate a record for it
Type of DNS server:
Primary DNS server: Master
From DNS server: Slave
Root DNS server: hint
DNS cache server: Most contacts in life are generally used as our default DNS
Default DNS server:
is generally a DNS server that can iterate over queries for us
In the Internet, the DNS servers of the top-level domains do not iterate over us, all generally as long as the DNS cache server iterates over US
Query type for DNS:
Iterative Queries (tcp:53)
Recursive query (udp:53)
Query order for DNS:
1.DNS Cache
2. Local Host File
3.DNS Server
IP and FQDN correspondence: (FQDN: Fully qualified domain name)
ICANN: The name Assignment Agency, which manages all domain names on the internet with his or her subordinate authority
One IP can have multiple domain names (one of the implementation principles of the HTTP virtual host)
A domain name can have multiple IPs (one of the principles of cluster load balancing implementation)
From the role of DNS:
1. Implementing DNS Load Balancing
2. When the primary server fails, it can replace the primary server's work
Subdomain and delegation:
Delegation: When there are too many sub-domains in the region, it is not well maintained on a single server, and some subdomains can be assigned to the designated server for maintenance
Subdomain: Parsing files are stored in parent domain
Delegate: Have a separate zone file
Smart DNS: (also called DNS view)
1. Intelligent DNS is the domain name channel in the industry's first intelligent interpretation services
2. Can automatically determine the visitor's IP address and resolve the corresponding IP address, so that users of different operators will be able to access the corresponding server
Example: Netcom users will access to the Netcom server, telecommunications users will access to the telecommunications server
Configuration in detail: In the configuration of the time can not be a symbol, or the service may not get up
1. Inspection Tools (provided by the Bind-utils package)
Check the DNS service master configuration file for errors: named-checkconf configuration file path
Check DNS service forward file for errors: Named-checkzone domain name with corresponding reverse parsing file
Please refer to man manual for other functions of named-checkconf
2. Install the BIND package
[[Email protected]~]# RPM-IVH bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm//dns's main package
3. Configuration files
/etc/named.conf:dns's master configuration file
/etc/named.rfc1912.zones:dns Zone Declaration File
/var/named: Zone data file that hosts DNS in this directory
To modify the master configuration named.conf file:
[[Email protected]~]# vim/etc/named.conf
Options {//Global configuration
Listen-on port. {The IP address of the DNS server or any;}; //Listen for IPv4 and ports, (any: arbitrary, 53:udp53 and tcp:53)
Listen-on-v6 Port 53 {:: 1;}; //ipv6
Directory "/var/named"; //Zone data file default storage location
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
Memstatistics-file "/var/named/data/named_mem_stats.txt";
Query-source Port 53;
QUERY-SOURCE-V6 Port 53;
allow-query {any;}; //What customer service is allowed to use this DNS query information, either IP network segment, or any
Allow-recursion{127.0.0.0;}; //Allow recursive query of the network segment (and the following recursion two to select one)
recursion Yes; //Allow all clients to recursively (default)
};
4. Modify/etc/named.rfc1912.zones files
[[Email protected]~]# vim/etc/named.rfc1912.zones
Forward parsing:
Zone "test.com" in {//Define a forward domain domain name test.com
Type master; //type of domain (master primary domain)
File "Test.com.zone"; //Define forward parsing file, file name Test.com.zone
allow-update {none;}; //Whether to allow "from server" to update DNS information (none: Deny)
};
Reverse parsing:
Zone "0.168.192.in-addr.arpa" in { //define reverse Domain
Type master; //type of domain (master primary domain)
File "192.168.0.arpa.zone"; //Define reverse parsing file, file name
allow-update {none;}; //Whether to allow DNS information to be updated from the server
};
5. Configure positive and reverse parsing files:
Positive and negative solution files are in the same directory, the configuration of the pros and cons of the file to the var/named/directory, this directory by default has a positive and negative parsing template file.
Named.localhost: Forward parsing file template
Named.loopback: Reverse Parse file template
[[Email protected]~]# cd/var/named/
[Email protected]~]# cp-p named.localhost Test.com.zone
The forward and backward parsing file must be the same as the name defined above
[Email protected]~]# cp-p named.loopback 192.168.0.arpa.zone
Remember the CP command must add-p option, or it may not start named service
6. Edit the forward parsing file:
[Email protected]~]# vim Test.com.zone
$TTL 86400 //life cycle
@ in SOA ns1.test.com. Www_huyuan_boke.sina.com. (
Domain name and DNS have failed when the system sends notification mail email address, @ with. instead
2016012109; Serial //serial number, every modification is added, otherwise from DNS out of sync
3H ; Refresh/Refresh time, interval of re-data
15M ; Retry//Retry interval time, retry interval after download failure
1W ; Expiry//expiry time, over which time no download is allowed
1D) ; Minimum//Cannot parse the lifetime of a record
In NS ns1.test.com. //dns domain name (ns, domain name server)
NS1in a 192.168.0.10//dns host IP address (a, forward parsing entry)
wwwin A192.168.0.50//www hostname, IP address corresponding to 192.168.0.50 host
Above is the most basic configuration of forward parsing files
To edit a reverse parse file :
[Email protected]~]# vim 192.168.0.arpa.zone
$TTL 86400
@ in SOA ns1.test.com. Www_huyuan_boke.sina.com. (
Reverse resolution of domain names and e-mail addresses can be different from forward parsing
2016010101; Serial//And positive analysis of the same meaning
1D; Refresh//; The number is followed by comments
1H; Retry
1W; Expire
3H); Minimum
In NS ns1.test.com. //Reverse parsing of the domain name displayed (can be different from the real domain name test.com)
NS1 in A 192.168.0.10 //Reverse resolution server IP address
Ten in PTRns1.test.com. //server's own reverse resolution
In PTR www.test.com. //Reverse parsing record, 50 corresponding 192.168.0.50
7. Verifying the primary DNS server
1. Open service:
[Email protected] ~]# service named restart
1. Open a Windows Customer Service console verification
2. Set the preferred DNS to the IP address of the DNS server
3. Open run with win+r, enter cmd
4. Enter Nslookup in cmd
5. Enter www.test.com validation to see if the parse result is192.168.0.50//Verify forward parsing
6. Enter 192.168.0.50 to see if the result is www.test.com
8. Configure the DNS server
1. Primary DNS server configuration
Zone declaration file:
Zone "test.com" in {//define forward field
Type master; //server type
File "Test.com.zone"; //define forward parsing file
allow-update {192.168.0.100;}; //From DNS server address
};
Zone "0.168.192.in-addr.arpa" in { //define reverse Domain
Type master; //server type
File "192.168.0.arpa.zone"; //define Reverse parsing file
allow-update {192.168.0.100;}; //From DNS server address
};
Add the following two entries to the forward and backward zone resolution file for the primary DNS server
In NS ns2.test.com//declaration from server
NS2 in A from DNS server IP address //To add NS records from server
Note: The serial number must be added one at a time after each modification of the forward and backward zone of the primary DNS server, or it will not be updated from the DNS server
2. Configuring from a DNS server
Zone "test.com" in {//Primary DNS server forward domain domain name
Type slave; //server type (slave from server)
File "Slaves/test.com.zone"; //define the location where forward parsing files are copied over
Masters {192.168.0.10;}; //Primary DNS server IP address (must be the primary server IP address)
};
Zone "0.168.192.in-addr.arpa" in { //Primary DNS server reverse domain domain name
Type slave; //server type
File "Slaves/192.168.0.arpa.zone"; //Define the reverse parsing file location to be copied over
Masters {192.168.0.10;}; //Primary DNS server IP address (must be the primary server IP address)
};
Because it is from the server, you only need to configure the above configuration to complete the configuration from the server, configured from the server after DNS resolution will be load balanced way to resolve
9. Subdomain authorization
1. Parent Domain Server Configuration
Zone resolution file configuration:
$TTL 86400
@ in SOA ns1.test.com. Www_huyuan_boke.sina.com. (
...... //Omit partial class capacity
In NS ns1.test.com
NS1in NS192.168.0.10
wwwin A192.168.0.50
Caiwuin NS ns1.caiwu.test.com. //Declare subdomain DNS domain name
Ns1.caiwuin A192.168.0.20//Declaration subdomain Dnsip
2. Subdomain Server configuration:
Zone declaration File configuration:
Zone "Caiwu.test.com" in {//Create subdomain server for test.com domain Caiwu
Type master; //server type
File "Caiwu.test.com.zone"; //caiwu.test.com forward parsing file storage location
allow-update {none;}; //Whether to allow DNS information to be updated from the server
};
Zone resolution file Configuration
$TTL 86400
@ in SOA ns1.caiwu.test.com. Www_huyuan_boke.sina.com. (
2016012109 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expiry
1D) ; Minimum
In NS ns1.test.com. //subdomain DNS domain name
NS1in A192.168.0.20//Subdomain Dnsip
wwwin A192.168.0.30//For subdomain www.caiwu.test.com add parsing
10. Transponder Configuration:
1. Forwarding is done on the server that needs to be forwarded, usually on the subdomain service, forwarding him to a parent domain server
Zone declaration File configuration:
1. Can be configured in the global configuration in the master profile, and is configured in the global configuration to take effect for the entire DNS server
2. Declare the forwarding domain in the Zone declaration file, the second method shown here
Zone "test.com" in {//test.com resolution request forwarded to test.com
Type forward; //server type
Forward first; //Specify forwarding Type
Forwarders {192.168.0.20;}; //forwarding to the specified domain
};
Forwarding domain type:
First: Forwards to the specified domain and iterates over queries if the specified domain does not give a resolution
Only: Forwards to the specified domain if the specified domain does not give a resolution and returns the result that the client cannot resolve
Master configuration file:
Global Option Modification:
Dnssec-enable No;
dnssec-validation No;
Delete: Dnssec-lookaside auto;
11. Acl
ACL concept: By writing directives in ACLs, you can implement the same instruction reuse, similar to function functions (ACLs are generally used with intelligent DNS)
DNS default of two Acl:any and none
ACL writing principle: Generally written at the front of the file, because the ACL must first declare, and then call the
Grammar:
ACL ACL name {
Instructions
Instructions
....;
};
12. DNS Log System
Definition syntax:
Logging {
Channel Default_debug {
File "Data/named.run";
Severity dynamic;
};
};
This article is from the "Automated Operations" blog, please be sure to keep this source http://hongchen99.blog.51cto.com/12534281/1910981
Linux DNS detailed