Install and configure the DNS server in Linux

When performing software sample analysis (mainly analyzing the network traffic of the sample ), inevitably, you need to set up a DNS server to use IP spoofing technology to try to obtain the network traffic of software samples. The following uses CentOS5.2 as an example to describe how to set up a DNS server on Linux. The dns function in bindLinux is installed through the bind for software sample analysis (mainly for the network traffic analysis of this sample ), inevitably, you need to set up a DNS server to use IP spoofing technology to try to obtain the network traffic of software samples. The following uses CentOS 5.2 as an example to describe how to set up a DNS server on Linux.

Install bind

The dns function in Linux is implemented through the bind software. It is very convenient to install bind in CentOS:

Yum install bind

Related configuration files

1./etc/hosts

The Host Name and IP address are defined, and the IP address and Host Name of the computer that will run dns are also defined. The initial content is as follows:

1. # Do not remove the following line, or various programs
2. # That require network fuNcTionality will fail.
3. 127.0.0.1 TestServer localhost. localdomain localhost
4. : 1 localhost6.localdomain6 localhost6

2./etc/host. conf

When both DNS domain name resolution and/etc/hosts host table mechanism exist in the system, the/etc/host. conf determines the host name interpretation order. Example:

1. Order hosts, bind # name interpretation order
2. Multi on # Allow the host to have multiple IP addresses
3. Nospoof on # Disable IP Address Spoofing

3./etc/resolv. conf

This file is a DNS domain name resolution configuration file. Its format is very simple. Each line starts with a keyword, followed by configuration parameters. Resolv. conf has four keywords:

Nameserver # define the IP address of the DNS server

Domain # define a local domain name

Search # define the domain name search list

SortList # Sort the returned domain names

An example of/etc/resolv. conf:

1. Domain ringkee.com
2. Search www.ringkee.com ringkee.com
3. Nameserver 202.96.128.86
4. Nameserver 202.96.128.166

4./etc/namEd. Conf

This file is the main configuration file of bind. This file is complex. Let's take a look at an example and explain it one by one.

Note that the bind that comes with CentOS changes the root directory because of the startup script, the storage paths of all files mentioned here and later are relative to the/var/named/chroot/directory, for example,/etc/named. the actual path of conf is/var/named/chroot/ect/named. conf.

1. /*
2. * Log option
3. */
4. Logging {
5. Channel default_syslog {syslog local2; severity error ;};
6. Channel audit_log {File"/Var/log/named. log"; severity error; print-TimeYes ;};
7. CatEgory default {default_syslog ;};
8. Category general {default_syslog ;};
9. Category security {audit_log; default_syslog ;};
10. Category config {default_syslog ;};
11. Category resolver {audit_log ;};
12. Category xfer-in {audit_log ;};
13. Category xfer-out {audit_log ;};
14. Category policy {audit_log ;};
15. Category client {audit_log ;};
16. Category network {audit_log ;};
17. Category upDate{Audit_log ;};
18. Category queries {audit_log ;};
19. Category lame-servers {audit_log ;};
20. };
22. Options {
23. Directory "/var/named ";
25. };
27. Zone "."{
28. Type hint;
29. File "named. ca ";
30. };
31. Zone "localhost" IN {
32. Type master;
33. File "localhost. zone ";
34. };
35. Zone "0.0.127.in-DdR. arpa "IN {
36. Type master;
37. File "named. local ";
38. Allow-update {none ;};
39. };
41. Zone "linuxIdC.com "{
42. Type master;
43. File "linuxidc.com. zone ";
44. };
45. Zone "1.168.192.in-addr. arpa "{
46. Type master;
47. File "linuxidc.com. rev ";
48. };

The following sections are explained one by one.

4.1 Log Settings

1. /*
2. * Log option
3. */
4. Logging {
5. Channel default_syslog {syslog local2; severity error ;};
6. Channel audit_log {file "/var/log/named. log"; severity error; print-time yes ;};
7. Category default {default_syslog ;};
8. Category general {default_syslog ;};
9. Category security {audit_log; default_syslog ;};
10. Category config {default_syslog ;};
11. Category resolver {audit_log ;};
12. Category xfer-in {audit_log ;};
13. Category xfer-out {audit_log ;};
14. Category policy {audit_log ;};
15. Category client {audit_log ;};
16. Category network {audit_log ;};
17. Category update {audit_log ;};
18. Category queries {audit_log ;};
19. Category lame-servers {audit_log ;};
20. };

This part is the log settings. The most important part is file "/var/log/named. log "specifies the location of the log file. To start named properly, ensure that the file exists and the named process has read and write permissions on it.

4.2 options

1. Options {
2. Directory "/var/named ";
3. // Listen-on-v6 {any ;};
5. /*
6. * If you 've got a DNS server around at your upsTrEam provider, enter
7. * Its IP address here, andEnableThe line below. This will make you
8. * Benefit from its cache, thus reDuCe overall DNS traffic in the Internet.
9. */
10. // Forwarders {
11. // Your. upper. DNS. address;
12. //};
14. /*
15. * If there is a fireWallBetween you and nameservers you want
16. * To talk to, you might need to uncomment the query-source
17. * Directive below. Previous versions of BIND always asked
18. * Questions using port 53, but BIND 8.1 uses an unprivileged
19. * Port by default.
20. */
21. // Query-source address * port 53;
23. /*
24. * If running in a sandbox, you may have to specifyDiffErent
25. * Location forDumpFile.
26. */
27. // Dump-file "/etc/named_dump.db ";
28. };

This part is some basic configuration items:

Directory "/etc/named"; specifies the directory where domain name resolution and other files are stored (must be created manually );

Listen-on-v6 {any ;}; support ipv6 requests;

Forwarders {

Your. upper. DNS. address;

}; Specifies the forward DNS. If the domain name cannot be resolved on the local machine, it will be forwarded to the forward DNS for resolution.

Dump-file "/etc/named_dump.db"; specifies the location of the named_dump.db file.

4.3 clue domain and loopback domain

1. Zone "."{
2. Type hint;
3. File "named. ca ";
4. };
5. Zone "localhost" IN {
6. Type master;
7. File "localhost. zone"; // forward parsing file
8. };
9. Zone "0.0.127.in-addr. arpa" IN {
10. Type master;
11. File "named. local"; // reverse resolution file
12. Allow-update {none ;};
13. };

This section uses some standard examples to specify the clue domain and local loopback domain.

Here there are three types of type: master, slave, and hint. Their meanings are:

Master: indicates that the master Domain Name Server is defined

Slave: defines the secondary Domain Name Server

Hint: indicates the root domain name server in the Internet.

File "named. ca"; specifies the resolution file for this domain. Its directory is directory "/var/named" in options; specified. In this example, It is/var/namd. If named. ca is missing, download it from here:Ftp: // Ftp.rs.internic.net/domain/named.root

Or use the followingCommandGenerate a named. ca:

Dig-t NS.> named. ca

[NOTE: If the root node query is incomplete, use the following command]

Dig-t NS. @ a.root-servers.net> named. ca

The "localhost. zone" file defines the forward resolution file of the loop domain. Its content can be:

1. $ TTL 86400 // global ttl value. If the following record is not specified, the global value is used.
2. Localhost. 600 in soa localhost. admin. localhost .(
3. 2011081601 // serial number version
4. 1 H // H hour M minute D day W week default is second
5. 10 M // Retry Interval
6. 7D // The expiration time is 7D. If the master server cannot be found, the system commits suicide.
7. 1D) // No response ttl value
8. In ns localhost.
9. Localhost. in a 172.0.0.1

The file "named. local" defines the reverse resolution file of the loop domain. Its content can be:

1. $ TTL 86400
2. @ 600 in soa localhost. admin. localhost .(
3. 2011081601
4. 1 H
5. 10 M
6. 7D
7. 1D)
8. In ns localhost.
9. 1 in ptr localhost.

The contents of the forward and reverse parsing files will be explained in detail later.

4.4 custom domain

1. Zone "linuxidc.com "{
2. Type master;
3. File "linuxidc.com. zone ";
4. };
5. Zone "1.168.192.in-addr. arpa "{
6. Type master;
7. File "linuxidc.com. rev ";
8. };

This part is the important part in the configuration file:

Zone "linuxidc.com "{

Type master;

File "linuxidc.com. zone ";

}; Set the linuxidc.com domain;

Type master indicates that the domain is mainly parsed by the local machine;

File "linuxidc.com. zone" specifies that the resolution file is linuxidc.com. zone, and the directory is/etc/named in the directory set in options.

Zone "0.168.192.in-addr. arpa "{

Type master;

File "linuxidc.com. rev ";

}; Reverse resolution of the specified ipv4 address

Type master indicates that the domain is mainly parsed by the local machine;

File "linuxidc.com. rev" specifies that the resolution file is linuxidc.com. rev, And the directory is/etc/named in the directory set in options.

So far, we have initially established a standard named master configuration file, and then established the corresponding domain name resolution or reverse resolution file.