Linux DNS Server installation, configuration, and maintenance

Source: Internet
Author: User
Tags domain name server define dns domain server mail exchange mx record sub domain subdomain fully qualified domain name

Each IP address can have a host name that consists of one or more strings separated by a decimal point. With the hostname, do not memorize each IP device IP address, just remember the relative intuitive meaningful host name on the line. This is the function that the DNS protocol will perform.

Today we will discuss DNS servers, especially Linux DNS servers, and how to install, configure, and maintain it.

/etc/hosts file

In the absence of a DNS server, it is reasonable for each system to retain its host name and a copy of the corresponding IP address list on the local network-especially on small sites that do not have an Internet connection.

In a Linux system, this list is the/etc/hosts file. Even if you do not have a DNS server or a DNS server unavailable, the file can use the/etc/hosts file to convert the IP address to a name.

You may already have a DNS server, but you will also want to keep this file for other reasons. For example, the system might need to find the IP address of a DNS server locally before querying it, which means that the system retrieves the file before querying the DNS server, and if it finds the corresponding domain, it does not need to query any DNS server to convert it directly to an IP address.

Try editing the/etc/hosts file below and add the following information: 127.0.0.1 google.com.

Then, go back to your browser and enter google.com to see what the results are. If Apache is installed on your system and the local host is running, the browser displays the index page of localhost instead of the Google page.

As a confirmation, you can map google.com to any other IP address on any Web site and view the results.

So what this file does is convert the IP address into a name, but it's just under the same interconnected network. So how are all the records of the external network and many systems maintained?

Does everyone need to maintain their own/etc/hosts files and update themselves?

A more robust domain name service is a DNS server.

Domain name

When you visit a website, you can enter the FQDN (Fully qualified domain name, fully qualified domain name) or a domain name similar to likegeeks.com or www.google.com. Each text in the domain name between right-to-left two points is the top-level domain component, the two-level domain component, and the three-level domain component.

Therefore, COM is the top-level domain component; Google is a two-level domain component; And WWW is a three-level domain name component.

In fact, when you visit any Web site, the browser adds an invisible point to the end of the domain by default, so the domain will be like www.google.com. This point is called the root domain.

This point is managed by a large heap of special servers called ROOT name servers. Before this article was published, there were 13 root name servers in the world. You can think of them as the brains of the internet-if they fail, there will be no internet in the world.

Why is it 13? Because if an earthquake in the world could destroy a root server, other servers can continue to serve until the affected server comes back online.

These root name servers are named alphabetically, with names such as A.root-server.net, B.root-server.net, and so on.

top-level domain name (or first-level domain name TLDs)

We've seen the top-level domain components, such as COM. It can be assumed that a top-level domain provides a classification organization for the DNS namespace.

Top-level domain names (TLDs) are divided into several categories based on geographic or functional aspects.

As of this writing, there are more than 800 top-level domains online.

Top-level domain categories are:

    • Generic top-level domains such as: org,. com,. NET,. gov,. edu, etc.

    • Country code top-level domains such as:. US,. CA, etc., corresponding to U.S. and Canadian country codes

    • The new branded top-level domain allows organizations to create a TLD of up to 64 characters, such as. Linux,. Microsoft,. CompanyName, etc.

    • Infrastructure top-level domains such as:. arpa

Sub Domain

When you visit a website like mail.google.com, Mail here is the subdomain of google.com.

Only the mail.google.com name server knows all the hosts that exist under him, so Google will reply to whether there is a subdomain called mail. The root name server does not know about this.

types of DNS servers

A total of three DNS servers.

Primary DNS Server

These servers hold a configuration file for a specific domain name and, based on this, authoritatively specify the address of the specific domain name. The primary DNS server knows the addresses of all hosts and subdomains within its jurisdiction.

Secondary DNS server

These servers are backed up as primary DNS servers and also bear a certain load. The primary server knows the presence of the secondary DNS server and will push updates to them.

Caching DNS Servers

These servers do not contain a configuration file for a specific domain name. When a client requests a cache server to resolve a domain name, the server first checks its local cache. If a match is not found, the primary server is queried. The response is then cached. You can also use your own system as a cache server with ease.

Build a Linux DNS server

Linux has many DNS-enabled packages, but we only focus on BIND DNS servers. It is used for most DNS servers in the world.

If you're using Red Hat distribution-based Linux, such as CentOS, you can install it like this: $ dnf-y install bind

If you use a Debian-based operating system, such as ubuntu:$ apt-get install BIND9

Once the installation is complete, you can start it and let it start up as soon as the computer starts.

$ systemctl start named

$ systemctl enable named

Configure BIND

This service uses/etc/named.conf as the configuration file.

BIND uses some statements like the following in that file:

    • Options: For global BIND configuration.

    • Logging: Configure what needs to be logged and what needs to be ignored. I recommend you look at Linux syslog server.

    • Zone: Defines the DNS zone.

    • Include: contains another file in the named.conf.

You can see the working directory of BIND in/var/named in the options statement.

The zone statement can be used to define DNS zones, such as the domain name google.com, which contains subdomains mail.google.com and analytics.google.com.

Each of the three domain names (primary and sub-domains) has a zone defined by the zone statement.

define a primary domain server

We know that the DNS server type has a primary name server, a secondary name server, and a cache name server. Unlike a cache name server, the primary and secondary name servers are in the same position during the answer process.

In the/etc/named.conf configuration file, you can define a primary domain server using the following syntax:

Zone "likegeeks.com" {

Type master;

File likegeeks. COM. DB

};

Files containing the primary zone information are stored in the/var/named directory, which is a working directory from the options.

Note: The software server or the hosting panel will automatically create the file name for your primary domain server information based on your domain name, so if your domain name is example.org, then your primary domain server information file will be/var/named/example.org.db.

The type is master, which means that this is a primary domain server.

Define a secondary domain server

As with defining a primary domain server, the definition of a secondary domain server changes slightly:

Zone "likegeeks.com" {

Type slave;

Masters IP address list; ;

File likegeeks. COM. DB

};

For a secondary domain server, its domain name is the same as the primary domain server. The slave type in the syntax above indicates that this is a secondary domain server, and "Masters IP Address list" means that the information in the zone file in the secondary domain server is replicated through the information in the zone file in the primary domain server.

define a cache server

Even if you have configured a primary domain or a secondary domain server, you still need (not have to) define a cache server, because you can reduce the number of queries to the DNS server.

Before you define a cache server, you need to define three zone selectors first:

Zone "." In {

Type hint;

File "Root.hint";

};

Zone "." In {

Type hint;

File "Root.hint";

};

Zone "." In {

Type hint;

File "Root.hint";

};

Zone "localhost" in {

Type master;

File "localhost.db";

};

The third zone is defined in order to reverse lookup to the local host. This reverse lookup is to take the local IP address to the local host.

Zone "0.0.127.in-addr.arpa" in {

Type master;

File "127.0.0.rev";

};

Put the three zone information in the/etc/named.conf file and your system can work with the cache server. But how do you refer to the contents of these files like Likegeeks.com.db, localhost.db, and 127.0.0.rev?

These files contain the DNS record type for each zone that has some options. So, what are these DNS record types and how are they written?

DNS record type

The database file contains record types such as SOA, NS, A, PTR, MX, CNAME, and txt.

Let's see how each of these types is recorded.

SOA: Start-of-authority records

The SOA record begins by describing a DNS entry for a site as follows:

Example.       COM. 86400 in SOA ns1. Example.    COM. Mail. Example.       COM. (

2017012604 ; Serial

86400 ; Refresh, seconds

7200 ; Retry, seconds

3600000 ; Expire, seconds

86400 ; Minimum, seconds

)

The first line starts with the domain name example.com and ends with a period-the statement is consistent with the region definition in the/etc/named.conf file. We should always remember that the DNS configuration file is extremely picky.

In tells the name server: This is a network record.

SOA tells the domain name server: This is a starting authority record.

Ns1.example.com. is the fully qualified domain name of the domain name server that contains the file (fqdn:fully qualified domains name).

Mail.host.com. Is the domain administrator's e-mail address. You will find that this email address does not have the "@" flag, but instead is replaced by a full stop, and there is a full stop at the end.

Line 2nd is a sequence code that is used to tell the name server when the file was upgraded. Therefore, if you make a change to the area code, you must increment the sequence code. The format of this sequence code is YYYYMMDDXX, where the xx is starting from 00.

The 3rd line is the refresh rate per second. This value is used to tell the second name server how often the records in the master server have been updated.

The 4th line is the frequency of retries per second. If the second server tries to connect to the primary domain server multiple times for update detection, but fails to connect, the second server retries the specified number of times per second.

Line 5th is a timeout indication. The purpose of this is for the second server to cache the zone data. This value tells the servers that if they cannot connect to the primary server for updates, they will discard the value after the specified number of seconds.

Line 6th tells the cache server how long they should wait before timing out if they cannot connect to the primary domain name server.

ns:name Server Records (name server record)

The NS record is used to specify which name server maintains records for that domain.

You can write an NS record like this:

In NS ns1. Example. COM.

In NS ns2. Example. COM.

There is no need for 2 NS records, but it is generally preferred to have a backup name server.

A and aaaa:address Records (address record)

The A record is used to provide a mapping from the hostname to the IP address in a 192.168.1.5.

If you have a host on the support.example.com with the address 192.168.1.5, you can enter it as in the example above.

Please note that the host we wrote does not have a period.

ptr:pointer Records (pointer record)

PTR records are used to perform reverse name resolution, allowing someone to specify an IP address and then find the corresponding host name.

This is contrary to the function of a record: 192.168.1.5 in PTR support.example.com.

Here, we type the full hostname with the dot number.

mx:mail Exchange Records (mail exchange Records)

The MX record tells other sites about your domain's mail server address: example.com. In MX ten mail.

Of course, this field ends with a period. The number 10 is the importance flag for the mail server, and if you have multiple mail servers, the smaller numbers are less important.

cname:canonical name Records (authoritative name record)

CNAME records allow you to create aliases for host names. This is useful when you want to provide a name that is easy to remember.

Suppose a site has a Web server with a host name of Whatever-bignameis.example.com, and because the system is a Web server, you can create a CNAME record or alias named www for the host.

You can create a CNAME record for a domain name named www.example.com:

Whatever-Bignameis in A 192.168.1.5

www in CNAME whatever-bignameis

The first line notifies the DNS server about the location of the alias. The second line creates an alias that points to www.

txt record

You can store any information in a TXT record, such as your contact details or any other information you want people to get when querying a DNS server.

You can save the TXT record like this: example.com. txt "YOUR INFO GOES here".

Additionally, the RP record is created as an explicit container for the host contact information: example.com. In RP mail.example.com. example.com.

DNS TTL value

At the top of the/etc/named.conf file, there is a $ttl entry.

This entry tells the TTL value for each individual record of bind (time to live, lifetime value).

It is a number in seconds, such as 14,400 seconds (4 hours), so the DNS server caches your domain files for up to 4 hours and then queries your DNS server again.

You can lower this value, but the default value is usually reasonable. Unless you know what you're doing.

Capturing configuration Errors

When you write to a domain file, you may have forgotten a period or a space or any other error.

You can diagnose Linux DNS server errors from the logs. Bind service through/var/log/messages error, you can use the tail command to view the real-time error log, you must use the-F option: $ tail-f/var/log/messages.

Therefore, when you write a domain file or modify/etc/named.config and restart the service, you can easily identify the type of error from the log after the error is displayed.

Host Command

After you have successfully added or modified a record, you can use the host command to see if the host resolves correctly.

The host command allows you to resolve the hostname to the IP address: $ host example.com.

Additionally, you can perform a reverse lookup: $ host 192.168.1.5.

You can see more information about the host and dig commands in this article.

whois command

The WHOIS command is used to determine the ownership of the domain name and its owner's e-mail address and contact Number: $ whois example.com.

RNDC Command

The RNDC tool can be used to securely administer a name server because all communication with the server is authenticated by a digital signature.

This tool is used to control name servers and debugging issues. You can check the status of the Linux DNS server in the following ways: $ RNDC status.

Also, if you change any domain (zone) file, you can reload the service without restarting the naming service: $ RNDC reload example.com.

Here, we reload the example.com domain file. You can reload all domains: $ RNDC reload.

Or you can add a new domain or change the configuration of the service. You can reload the configuration as follows:

$ RNDC reconfig.

Linux DNS Resolver

We already know how the Linux DNS server works and how to configure it. The other part, of course, is the client that interacts with the DNS server (which is communicating with the DNS server to resolve the hostname to an IP address).

On Linux, the parser resides on the DNS client. To configure the parser, you can check the/etc/resolv.conf configuration file.

On Debian-based distributions, you can view the/etc/resolvconf/resolv.conf.d/directory.

The/etc/resolv.conf file contains the information that the client needs to obtain its local DNS server address.

The first represents the default search domain, and the second represents the IP address of the host Name Server (nameserver).

The name server line tells the parser which name server to use. As long as your bind service is running, you can use your own DNS server.

Using a Linux DNS server is straightforward. I hope you find this article useful and easy to understand.

Linux DNS Server installation, configuration, and maintenance

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.