Linux Study Notes-DNS server settings

Linux Study Notes-DNS server settings

Recommender: sheke Information Release Date:

Background: ---- The company uses a leased line to connect to Chinanet and obtains a section of class c ip address space (for example, 16). At the same time, it applies to chinanic for the Company domain name yourdomain.com, And now sets up a machine as the DNS server, it is also set as a firewall. Object: ---- Internet leased line users Software: ---- RedHat Linux 5.2 Implementation process: The server is equipped with two NICs. The internal interface eth1 address is 192.168.11.5, and the external interface eth0 address is 202. A. B. C. The machine name is set to dns.yourdomain.com. The installation and configuration process is omitted. RedHat Linux 5.2 comes with the BIND 8. X version with CD. below is my Configuration: ---------- [Root @ DNS jephe] # More/etc/named. conf Options { Directory "/var/named "; Forward first; Forwarders { 202.96.199.20; }; }; Zone "."{ Type hint; File "root. Hints "; }; Zone "0.0.127.in-ADDR. Arpa "{ Type master; File "127.0.0 "; }; Zone "11.168.192.in-ADDR. Arpa "{ Type master; File "192.168.11 "; }; Zone "yourdomain.com "{ Y no; Type master; File "yourdomain.com "; }; --------- ---- Note: 202.96.199.133 is a Chinanet DNS server (ns.sta.net.cn ). Root. hints contains the address of a group of root servers on the Internet, which can be downloaded from the Internet, (ftp://ftp.internic.net/domain/named.ca), and then renamed root. hints, you can also choose another name. The information in this area is very important and must exist. To keep it up-to-date, it is generally updated every month. You can also set a script file, which is automatically updated each time. 127.0.0 is the reverse resolution file of the Local interface of the machine. After this file is set, it almost does not need to be changed. 192.168.11 is the reverse resolution information of some servers in the Intranet segment. The yourdomain.com file is the forward parsing file of the domain you applied. When you apply for a domain name yourdomain from chinanic, you also need to provide a DNS server to manage the domain. You can use dns.yourdomain.com (202. A. B. C ). The first category: hosts, hosts. conf, resolv. conf, named. boot, and named. conf under the/etc directory. 1. In the "hosts" file, the host name and IP address are defined, and the IP address and Host Name of the computer that will run DNS are also defined. Content: 　　127.0.0.1 localhost. localdomain localhost 10.0.0.39 netfinity.zrs.com netfinity 2. In the "hosts. conf" file, the "Order hosts bind" statement specifies that the resolution sequence for the host name is first found in hosts, and then found in the DNS server record. "Multi on" allows a host name to correspond to multiple IP addresses. Content: 　　Order hosts, bind Multi on Nospoof on 3. In the "resolv. conf" file, "nameserver 10.0.0.211" specifies the address of the DNS server. Note: This file is essential for computers that do not use DNS servers (non-Windows systems; Windows systems set this file in "Network Properties. If you have not set the local machine as a DNS server, you must specify the address of a DNS server to resolve the domain name. You can write up to three addresses as the candidate DNS server for the previous failure. "Domain zrs.com" specifies the default domain. File Content: 　　Domain zrs.com Nameserver 10.0.0.39 4. The "named. Boot" file is the configuration file used by the BIND software of earlier versions. Now the new version has already been stored in "named. conf ". Named. conf is the core file of DNS server configuration. The following is a piece of explanation. // Generated by named-bootconf.pl Options { Directory "/var/named "; /* * If there is a firewall between you and nameservers you want * To Talk To, you might need to uncomment the query-Source * Directive below. Previous versions of BIND always asked * Questions using port 53, but BIND 8.1 uses an unprivileged * Port by default. */ // Query-Source Address * port 53; }; // // A caching only nameserver config // Zone "." In { Type hint; File "named. ca "; }; Zone "0.0.127.in-ADDR. Arpa" in { Type master; File "named. Local "; Allow-update {none ;}; }; This part is the original content of the named. conf file automatically generated by the system after you install the BIND software. "Directory" specifies the directory where DNS record files are stored:/var/named. The text starting with "//" is the description text. The following two "zones" statements define the DNS server root and the corresponding reverse query domain, and point out that the root record file is "name. CA, the record file of the root reverse query domain is "named. local ". These two record files are also provided by the system and do not need to be modified. This part of the named. conf file does not need to be modified. However, we can add a line under "direders": forwarders {202.96.134.ders ;}. 202.96.134.ders is the address of the China Telecom DNS server. The forwarders parameter specifies the server where the subsequent IP address is located as an alternative DNS server. That is to say, the host that cannot be resolved by the local DNS is sent to this alternative DNS server for resolution. Zone "zrs.com" in { Type master; File "named.zrs.com "; Allow-update {none ;}; }; Zone "0.0.10.in-ADDR. Arpa" in { Type master; File "named.zrs.com. Rev "; Allow-update {none ;}; }; This part is manually added. Defines the domain "zrs.com" and the corresponding reverse query domain. "Type master" indicates that the local host is the primary DNS server (Primary name server) in the "zrs.com" and "0.0.10.in-ADDR. Arpa" domains ). "Named.zrs.com" and "named.zrs.com. Rev" are domain record files. These two files are also created by ourselves. Let's take a look at these two files. Type 2: resource record file, which is located in the/var/named directory. This directory is defined in named. conf. 1. The content of the named.zrs.com file is as follows: @ In SOA netfinity.zrs.com. root.netfinity.zrs.com .( 1997022700; Serial 28800; refresh 14400; retry 3600000; expire 86400); Minimum In NS netfinity.zrs.com. In MX 10 netfinity.zrs.com. Netfinity in a 10.0.0.211 Lily in a 10.0.0.139 WWW in cname netfinity.zrs.com. POP3 in cname netfinity.zrs.com. SMTP in cname netfinity.zrs.com. Five types of records appear in this record file. SOA is the abbreviation of start of authority, followed by the host name of your DNS server. Here is "netfinity.zrs.com .". (Note: The dot behind the host name. Remember to add these dots to the host names that appear in the record file .) NS is the name server resource record, indicating the name server in the domain. This is the DNS server. MX is the email server resource record of the email exchange, indicating the domain. You can write multiple MX records to specify multiple email servers. The priority level is determined by the number after MX. The smaller the number, the higher the priority of the email server. A is a host record that maps the host and IP address. Cname is an alias record, which assigns different names to a host. For example, www.zrs.com and pop3.zrs.com all point to the same host netfinity.zrs.com. 2. named.zrs.com. Rev file content: @ In SOA netfinity.zrs.com. root.netfinity.zrs.com .( 1997022700; Serial 28800; refresh 14400; retry 3600000; expire 86400); Minimum In NS netfinity.zrs.com. 211 in PTR netfinity.zrs.com. 139 in PTR lily.zrs.com. This is the reverse domain record file of "zrs.com", which enables the DNS server to provide the service for finding the host name by IP address. The PTR record maps the IP address and host name. Some programs require reverse query, so it is best not to omit the record files of the reverse query domain. So far, you have successfully configured a DNS server that can resolve the domain "zrs.com. 4. Configure the local machine as a secondary DNS server in the Baoan. gov. cn domain The secondary DNS Server transfers a complete set of domain information from the primary server. Zone files are transferred from the master server and stored as local disk files on the secondary server. The secondary server has a complete copy of the domain information, so you can also query the domain. The configuration content of this part is as follows: Zone "baoan.gov.cn" in { Type slave; File "named.baoan.gov.cn "; Masters {10.0.0.211 ;}; Allow-update {none ;}; }; Zone "0.0.10.in-ADDR. Arpa" in { Type slave; File "named.baoan.gov.cn. Rev "; Masters {10.0.0.211 ;}; Allow-update {none ;}; }; As you can see, unlike the primary DNS server, "type" is changed to "slave", and then the address "Masters {10.0.0.211 ;};" of the primary DNS server is specified ;};". When the DNS service is started, it automatically connects 10.0.0.211, reads information about the Baoan. gov. cn domain, and saves it to the named.baoan.gov. cn file on the local machine. I copied all the records on 10.0.0.211 (Windows) to 10.0.0.39 through this function. V. Test the DNS server After modifying the corresponding DNS file, run the "NDC restart" command to restart the service to make the change take effect. To test DNS, you can find a client and set its DNS address to a new DNS server address. Then, try surfing the Internet, receiving emails, downloading emails, and so on. You can also run the NSLookup command: Run NSLookup and enter the host name to be queried to check whether the correct IP address is returned.