Implementation of DNS server configuration under Linux (i)

Source: Internet
Author: User
Tags domain name server dnssec domain server nslookup

"Experimental description"

Objective: To install BIND on Linux, configure forward parsing and direction resolution, and implement the basic domain name resolution service.

Experimental topology: 650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6C/DE/wKioL1VUt9SB27mdAAEiJgdCTv0364.jpg "title=" Dns3.png "alt=" Wkiol1vut9sb27mdaaeijgdctv0364.jpg "/>


"Configuration Process"

1, install bind;

[email protected] ~]# Yum install bind-yloaded plugins:fastestmirror, Refresh-packagekit, security-----slightly----- complete!

2, modify the master configuration file;

[[email protected] ~] #vim  /etc/named.conf// named.conf//// provided by red  hat bind package to configure the isc bind named (8)  DNS//  server as a caching only nameserver  (As a localhost dns  resolver only).//// see /usr/share/doc/bind*/sample/ for example named  configuration files.//  # "//" indicates the behavior of the comment information, if you do not want to enable an option at the beginning of the Add//Can;options {      // listen-on port 53 { 127.0.0.1; };  # Specify the number of ports on that address to monitor;     //   listen-on-v6 port 53 {  ::1; };  #监听在所有主机上的53号端口上;        directory         "/var/named";  #定义工作目录;         dump-file       &nbsP; " /var/named/data/cache_dump.db "; #指定缓存存储文件;        statistics-file  "/var/named/data/named_stats.txt"; #记录内存使用情况的统计信息;         memstatistics-file  "/var/named/data/named_mem_stats.txt";     //  allow-query     { localhost; };  #定义允许查询的主机;         recursion yes; #是否允许递归;     // dnssec-enable  yes;     // dnssec-validation yes;     //  dnssec-lookaside auto;        /* path to isc  dlv key */     //  bindkeys-file  "/etc/named.iscdlv.key";      // managed-keys-directory  "/var/named/dynamic";}; logging {                         #日志信息;         channel default_debug {                 file  "Data/named.run";                 severity dynamic;         };}; zone  "."  IN {       #根域的定义;         type  hint;        file  "named.ca";}; include  "/etc/named.rfc1912.zones";//include  "/etc/named.root.key"; #-----At this point, if you do not make other modifications, start the DNS service, This server is a cache DNS server! -------[[email protected] ~]# vim /etc/named.rfc1912.zones  #通过修改此配置文件, configure the forward reverse parsing zone; #--- Slightly---zone  "test.com"  IN {   #定义 "test.com" forward parsing area;         type master;   #定义服务器的类型为主服务器;         file  "Test.com.zone"   #指定正向解析区域文件;};zone  "0.168.192.in-addr.arpa"  in  {   #定义 Reverse parsing area of "test.com";       type master;        file  "192.168.0.arpa";}; [[email protected] named]# named-checkconf /etc/named.conf  #检验配置文件是否有语法错误; [Email  protected] named]#

3, providing a parse library for each region;

[[email protected] named]# vim  /var/named/test.com.zone  #配置正向解析库; $TTL   86400  #默认ttl值;@   in    soa    ns.test.com.  admin.test.com.  (                2015051105 ; #解析库的版本号, such as 2015051106&nbsp, the function of this serial number is when the secondary domain service                  to copy this file, if the number is increased, copy the;                2H ; #周期性同步的时间间隔                 10M ; #重试的时间间隔, when the secondary domain service tries to query for updates on the primary server, the connection fails,  How often the                secondary domain server accesses the primary domain name server;                7D; #过期时长;                1d )  ; #否定答案的统一缓存时长;    in    NS  ns.test.com.  #定义域名服务器;     in   mx 10  mail.test.com.  #邮件服务器;www  in a 192.168.0.120 mail in a  192.168.0.121ns   in   a   192.168.0.111pop3  in  cname  mail.test.com. #邮件服务器的别名;[[email protected] named]# named-checkzone  " test.com " ./test.com.zone  #检查解析库是否有错误;zone test.com/in: loaded serial  2015051105ok  [[email protected] named]# vim  /var/named/192.168.0.arpa    #配置反向解析库; $TTL  86400@   IN    SOA     ns.test.com. admin.test.com.  (                2015051105               2h                10M                7D                1D )     in   ns  ns.test.com.  120 in  ptr www.test.com.121 in  ptr mail.test.com.111 in   ptr  ns.test.com.      [[email protected] named] # named-checkzone  "0.168.192.in-addr.arpa"  ./192.168.0.arpa   #检查解析库是否有错误;zone  0.168.192.in-addr.arpa/in: loaded serial 2015051105ok   [[email protected]  named]# service named start  #启动DNS服务;starting named:                                              [   ok  ]   #--The basic DNS service configuration is complete ——————

" test Result "

[[email protected] named]# host -t ns test.com 192.168.0.111 # Through 0.111 This server resolves test.com domain host; using domain server:name: 192.168.0.111address: 192.168.0.111# 53aliases: test.com name server ns.test.com.  #OK, the domain host is ns.test.com. [[email protected] named]# host -t mx test.com 192.168.0.111using  Domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: test.com mail  is handled by 10 mail.test.com.   #OK, mail server is mail.test.com. [[email protected] named]# host -t a www.test.com 192.168.0.111using  Domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: www.test.com has  address 192.168.0.120  #解析成功; [[Email protected] named]# host -t a  mail.test.com 192.168.0.111using domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: mail.test.com has address  192.168.0.121[[email protected] named]# dig -t a www.test.com @ 192.168.0.111; <<>> dig 9.8.2rc1-redhat-9.8.2-0.17.rc1.el6_4.6 <<> > -t A www.test.com @192.168.0.111;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13687;;  flags: qr aa rd ra; query: 1, answer: 1, authority: 1,  ADDITIONAL: 1;;  QUESTION SECTION:  #查询的问题;; www.test.com.INA;;  ANSWER SECTION:  #查询的结果; www.test.com.86400INA192.168.0.120;  AUTHORITY SECTION:  #权威回答的来源; test.com.86400innsns.test.com.;  ADDITIONAL SECTION:  #权威回答的来源的补充说明; ns.test.com.86400ina192.168.0.111;  Query time: 1 msec;;  server: 192.168.0.111#53 (192.168.0.111);  WHEN: Fri May 15 06:21:21 2015;;  MSG SIZE  rcvd: 79[[email protected] named]# dig -x   192.168.0.120 @192.168.0.111 ; <<>> dig  9.8.2rc1-redhat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 192.168.0.120 @192.168.0.111;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27168;;  flags: qr aa rd ra; query: 1, answer: 1, authority: 1,  ADDITIONAL: 1;;  QUESTION SECTION:;120.0.168.192.in-addr.arpa.INPTR;;  ANSWER SECTION:120.0.168.192.in-addr.arpa. 86400 INPTRwww.test.com.;;  AUTHORITY SECTION:0.168.192.in-addr.arpa.86400INNSns.test.com.;;  additional section:ns.test.com.86400INA192.168.0.111;;  Query time: 8 msec;;  server: 192.168.0.111#53 (192.168.0.111);  WHEN: Fri May 15 06:22:25 2015;;  msg size  rcvd: 103

Client Testing Tools:

1. host-t rrtype NAME [SERVER]

Example: Host-t NS test.com 192.168.0.111

Host-t A www.test.com 192.168.0.111

Note:-t specifies the resource type, followed by the name that is allowed by the resource record, and the DNS that is set by/etc/resolv.conf when you do not specify the server.

2, Nslookup

Nslookup>

Server IP: Specifies the DNS server address;

Set type={a| soa| ns| MX}

Name

3, Dig

DIG-T TYPE name @server

Type can be used: AXFR full zone transfer, showing all resource records;

Example: Dig-t AXFR test.com @192.168.0.111

Test inverse does not use-t PTR, while using the-X option example: Diag-x 192.168.0.120 @192.168.0.111

Dig: Query Options

+trace start route tracking;

+notrace

+recurse enable recursion;

+norecurse


This article is from the "Flying Snail" blog, please be sure to keep this source http://ljmsky.blog.51cto.com/2878/1651416

Implementation of DNS server configuration under Linux (i)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.