Implementation of DNS server configuration under Linux (i)

"Experimental description"

Objective: To install BIND on Linux, configure forward parsing and direction resolution, and implement the basic domain name resolution service.

Experimental topology: 650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6C/DE/wKioL1VUt9SB27mdAAEiJgdCTv0364.jpg "title=" Dns3.png "alt=" Wkiol1vut9sb27mdaaeijgdctv0364.jpg "/>

"Configuration Process"

1, install bind;

[email protected] ~]# Yum install bind-yloaded plugins:fastestmirror, Refresh-packagekit, security-----slightly----- complete!

2, modify the master configuration file;

[[email protected] ~] #vim  /etc/named.conf// named.conf//// provided by red  hat bind package to configure the isc bind named (8)  DNS//  server as a caching only nameserver  (As a localhost dns  resolver only).//// see /usr/share/doc/bind*/sample/ for example named  configuration files.//  # "//" indicates the behavior of the comment information, if you do not want to enable an option at the beginning of the Add//Can;options {      // listen-on port 53 { 127.0.0.1; };  # Specify the number of ports on that address to monitor;     //   listen-on-v6 port 53 {  ::1; };  #监听在所有主机上的53号端口上;        directory         "/var/named";  #定义工作目录;         dump-file       &nbsP; " /var/named/data/cache_dump.db "; #指定缓存存储文件;        statistics-file  "/var/named/data/named_stats.txt"; #记录内存使用情况的统计信息;         memstatistics-file  "/var/named/data/named_mem_stats.txt";     //  allow-query     { localhost; };  #定义允许查询的主机;         recursion yes; #是否允许递归;     // dnssec-enable  yes;     // dnssec-validation yes;     //  dnssec-lookaside auto;        /* path to isc  dlv key */     //  bindkeys-file  "/etc/named.iscdlv.key";      // managed-keys-directory  "/var/named/dynamic";}; logging {                         #日志信息;         channel default_debug {                 file  "Data/named.run";                 severity dynamic;         };}; zone  "."  IN {       #根域的定义;         type  hint;        file  "named.ca";}; include  "/etc/named.rfc1912.zones";//include  "/etc/named.root.key"; #-----At this point, if you do not make other modifications, start the DNS service, This server is a cache DNS server! -------[[email protected] ~]# vim /etc/named.rfc1912.zones  #通过修改此配置文件, configure the forward reverse parsing zone; #--- Slightly---zone  "test.com"  IN {   #定义 "test.com" forward parsing area;         type master;   #定义服务器的类型为主服务器;         file  "Test.com.zone"   #指定正向解析区域文件;};zone  "0.168.192.in-addr.arpa"  in  {   #定义 Reverse parsing area of "test.com";       type master;        file  "192.168.0.arpa";}; [[email protected] named]# named-checkconf /etc/named.conf  #检验配置文件是否有语法错误; [Email  protected] named]#

3, providing a parse library for each region;

[[email protected] named]# vim  /var/named/test.com.zone  #配置正向解析库; $TTL   86400  #默认ttl值;@   in    soa    ns.test.com.  admin.test.com.  (                2015051105 ; #解析库的版本号, such as 2015051106&nbsp, the function of this serial number is when the secondary domain service                  to copy this file, if the number is increased, copy the;                2H ; #周期性同步的时间间隔                 10M ; #重试的时间间隔, when the secondary domain service tries to query for updates on the primary server, the connection fails,  How often the                secondary domain server accesses the primary domain name server;                7D; #过期时长;                1d )  ; #否定答案的统一缓存时长;    in    NS  ns.test.com.  #定义域名服务器;     in   mx 10  mail.test.com.  #邮件服务器;www  in a 192.168.0.120 mail in a  192.168.0.121ns   in   a   192.168.0.111pop3  in  cname  mail.test.com. #邮件服务器的别名;[[email protected] named]# named-checkzone  " test.com " ./test.com.zone  #检查解析库是否有错误;zone test.com/in: loaded serial  2015051105ok  [[email protected] named]# vim  /var/named/192.168.0.arpa    #配置反向解析库; $TTL  86400@   IN    SOA     ns.test.com. admin.test.com.  (                2015051105               2h                10M                7D                1D )     in   ns  ns.test.com.  120 in  ptr www.test.com.121 in  ptr mail.test.com.111 in   ptr  ns.test.com.      [[email protected] named] # named-checkzone  "0.168.192.in-addr.arpa"  ./192.168.0.arpa   #检查解析库是否有错误;zone  0.168.192.in-addr.arpa/in: loaded serial 2015051105ok   [[email protected]  named]# service named start  #启动DNS服务;starting named:                                              [   ok  ]   #--The basic DNS service configuration is complete ——————

" test Result "

[[email protected] named]# host -t ns test.com 192.168.0.111 # Through 0.111 This server resolves test.com domain host; using domain server:name: 192.168.0.111address: 192.168.0.111# 53aliases: test.com name server ns.test.com.  #OK, the domain host is ns.test.com. [[email protected] named]# host -t mx test.com 192.168.0.111using  Domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: test.com mail  is handled by 10 mail.test.com.   #OK, mail server is mail.test.com. [[email protected] named]# host -t a www.test.com 192.168.0.111using  Domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: www.test.com has  address 192.168.0.120  #解析成功; [[Email protected] named]# host -t a  mail.test.com 192.168.0.111using domain server:name: 192.168.0.111address: 192.168.0.111#53aliases: mail.test.com has address  192.168.0.121[[email protected] named]# dig -t a www.test.com @ 192.168.0.111; <<>> dig 9.8.2rc1-redhat-9.8.2-0.17.rc1.el6_4.6 <<> > -t A www.test.com @192.168.0.111;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13687;;  flags: qr aa rd ra; query: 1, answer: 1, authority: 1,  ADDITIONAL: 1;;  QUESTION SECTION:  #查询的问题;; www.test.com.INA;;  ANSWER SECTION:  #查询的结果; www.test.com.86400INA192.168.0.120;  AUTHORITY SECTION:  #权威回答的来源; test.com.86400innsns.test.com.;  ADDITIONAL SECTION:  #权威回答的来源的补充说明; ns.test.com.86400ina192.168.0.111;  Query time: 1 msec;;  server: 192.168.0.111#53 (192.168.0.111);  WHEN: Fri May 15 06:21:21 2015;;  MSG SIZE  rcvd: 79[[email protected] named]# dig -x   192.168.0.120 @192.168.0.111 ; <<>> dig  9.8.2rc1-redhat-9.8.2-0.17.rc1.el6_4.6 <<>> -x 192.168.0.120 @192.168.0.111;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27168;;  flags: qr aa rd ra; query: 1, answer: 1, authority: 1,  ADDITIONAL: 1;;  QUESTION SECTION:;120.0.168.192.in-addr.arpa.INPTR;;  ANSWER SECTION:120.0.168.192.in-addr.arpa. 86400 INPTRwww.test.com.;;  AUTHORITY SECTION:0.168.192.in-addr.arpa.86400INNSns.test.com.;;  additional section:ns.test.com.86400INA192.168.0.111;;  Query time: 8 msec;;  server: 192.168.0.111#53 (192.168.0.111);  WHEN: Fri May 15 06:22:25 2015;;  msg size  rcvd: 103

Client Testing Tools:

1. host-t rrtype NAME [SERVER]

Example: Host-t NS test.com 192.168.0.111

Host-t A www.test.com 192.168.0.111

Note:-t specifies the resource type, followed by the name that is allowed by the resource record, and the DNS that is set by/etc/resolv.conf when you do not specify the server.

2, Nslookup

Nslookup>

Server IP: Specifies the DNS server address;

Set type={a| soa| ns| MX}

Name

3, Dig

DIG-T TYPE name @server

Type can be used: AXFR full zone transfer, showing all resource records;

Example: Dig-t AXFR test.com @192.168.0.111

Test inverse does not use-t PTR, while using the-X option example: Diag-x 192.168.0.120 @192.168.0.111

Dig: Query Options

+trace start route tracking;

+notrace

+recurse enable recursion;

+norecurse

This article is from the "Flying Snail" blog, please be sure to keep this source http://ljmsky.blog.51cto.com/2878/1651416

Implementation of DNS server configuration under Linux (i)