Install the DNS server on CentOS VPS

DNS stands for the Domain Name System. It resolves the host Name to an IP address (forward resolution) and queries its host Name (reverse resolution) from the IP address ).

How DNS works
(1) the client sends a query request
When you are asked about the host name in the domain, the DNS server will directly answer the question. If the host name to be queried belongs to another domain, the system checks whether there is any relevant information in the cache. If no information is found, the system returns to the root server for query, then, the root server will inform the local server of the address of the authoritative server (which may exceed one) for the domain name, and then query it on one of the servers, and store these server lists in the cache for future use (eliminating the need to query from the root user ).

(2) Remote Server Response Query
Return the query results to the customer, and store the results in a backup file in the cache. If the query is received before the storage time expires, the response is based on the data stored in the cache.

DNS server category
1. Primary Domain Name Server (master)
The Primary Domain Name Server is the management authority of a domain or region. The primary responsibility of this server is to resolve the names of all hosts in the domain or region. One or more secondary domain name servers can be used as backup for the Primary Domain Name Server.

2. Secondary Domain Name Server (slave)
Secondary domain name servers are backup servers. They are not the place where the source data of the region is stored, but they are also authorized to respond to domain name queries. The secondary Domain Name Server usually obtains domain data from the primary domain name server. A secondary server is also called a secondary server.

3. High-speed cache server (hint)
The cache server temporarily stores records that have been resolved by the Primary Domain Name Server.

We plan to use two vps, one as the primary domain name server and the other as the secondary Domain Name Server. The system uses CentOS5.6 (32bit ).

Bind is commonly used in Linux, including the following software packages:
Bind-libs bind-utils bind-chroot caching-nameserver

Bind is a DNS server software
Bind-libs is the library used by bind.
Bind-utils is a bind query tool.
Caching-nameserver-only high-speed cache server

1. Install the DNS server

1. Start to install the DNS server:

Yum install bind-libs bind-utils bind-chroot

The update source version is bind 9.3.6-16. P1.el5. The DNS configuration file is stored in the/var/named/chroot directory.

2. Copy the configuration specification file:

Cp/usr/share/doc/bind-9.3.6/sample/etc/*/var/named/chroot/etc
Cp-a/usr/share/doc/bind-9.3.6/sample/var/named/*/var/named/chroot/var/named

Configuration File description:
Master configuration file:/var/named/chroot/etc/named. conf sets the general named parameter to point to the information source of the domain database used by the server.
The root Domain Name Server points to the file:/var/named/chroot/var/named. root points to the root domain name server, which is used only for the initial configuration of the high-speed cache server.
Forward resolution file: the/var/named/chroot/var/named/localhost. zone localhost file is used to convert the name localhost to the local return IP address (127.0.0.1) and forward resolution.
Reverse resolution file: the/var/named/chroot/var/named. local localhost file is used to convert the local return IP address (127.0.0.1) to the name localhost and reverse resolution.

3. Try to start the DNS server:

Service named restart

Display:

Stopping named: [OK]
Starting named: [FAILED]

View System logs:

Cat/var/log/messages | grep named

Error found:

My named [1384]:/etc/named. conf: 100 sorting key 'ddns _ key': bad base64 encoding

The error is caused by no ddns_key. Run/usr/sbin/dns-keygen to generate TSIG keys. Replace named. conf
Secret "use/usr/sbin/dns-keygen to generate TSIG keys"; Content in quotation marks.

/Usr/sbin/dns-keygen
Bytes

Edit the/var/named/chroot/etc/named. conf file and add ddns_key:

Vim/var/named/chroot/etc/named. conf

Modify as follows:

Key ddns_key
{
Algorithm hmac-md5;
Secret "secret ";
};

After the ddns_key is added, the named service is restarted successfully, but the DNS server is not ready for use. Other configurations are required.

4. The named. conf file contains the following blocks:
Options // set data-related files. You must have the write permission on the data/directory.
Logging // debug log
View "localhost_resolver" // local resolution, caching only nameserver
View "internal" // limits the use of internal users on the same LAN
Key ddns_key // set the ddns key
View "external" // restrict external user requests to this DNS Server

5. First, set the users and groups in the/var/named/chroot/var/named/data directory to named:

Cd/var/named/chroot/var/named
Chown named: named data

6. Add write permission to the/var/named/chroot/var/named directory:

Cd/var/named/chroot/var
Chmod g + w named

If the directory has no write permission, the named service can be started, but the system log contains the error "the working directory is not writable.

7. Modify the settings in the view "external" Area in name. conf:

Vim/var/named/chroot/etc/named. conf
Recursion yes; // enable recursion
Allow-query-cache {any ;}; // allow query cache

8. Restart the DNS server again:

Service named restart
Stopping named: [OK]
Starting named: [OK]

Started successfully.

View the log:

Tail-30/var/log/messages | grep named

No error is reported.

9. Set Automatic startup:

Chkconfig-level nameed 345 on

Now the DNS server can be used.
In windows, run the ping and nslookup commands to modify the DNS server address in the network connection.
In linux, modify the nameserver address in/etc/resolv. conf and use the host, dig, and nslookup commands for testing.

2. Configure the Regional Primary Domain Name Server
Take the test.com domain as an example:
Www.test.com 192.168.1.100 // web service
Ns.test.com 192.168.1.101 // Domain Name Service
Work.test.com 192.168.1.100
Mail.test.com 192.168.1.103 // Mail Service
Ftp.test.com 192.168.1.104 // file service

1. Edit the/var/named/chroot/etc/named. rfc1912.zones file:

Vim/var/named/chroot/etc/named. rfc1912.zones

Add the forward resolution region test.com at the end:

Zone "test.com" IN {
Type master;
File "test.com. zone ";
Allow-update {none ;};
};

Then add the reverse resolution area 1.168.192.in-addr. arpa:

Zone "1.168.192.in-addr. arpa" IN {
Type master;
File "test.com. resv ";
Allow-update {none ;};
};

2. Create a forward parsing data file/var/named/chroot/var/named/test.com. zone:

Cd/var/named/chroot/var/named
Cp localhost. zone test.com. zone

3. edit the file test.com. zone:

Vim test.com. zone

Modify as follows:

$ TTL 86400
@ In soa @ root (
42; serial (d. adams)
3 H; refresh
15 M; retry
1 W; expiry
1D); minimum

In ns ns.test.com.
Www in a 192.168.1.100
Ns in a 192.168.1.101
Work in cname www
Mail in a 192.168.1.103
@ In mx 10 mail.test.com.
Ftp in a 192.168.1.104

4. Create a reverse parsing data file/var/named/chroot/var/named/test.com. resv:

Cp named. local test.com. resv

5. edit the file test.com. resv:

Vim test.com. resv

Modify as follows:

$ TTL 86400
@ In soa localhost. root. localhost .(
1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
In ns ns.test.com.
100 in ptr www.test.com.
101 in ptr ns.test.com.
103 in ptr mail.test.com.
104 in ptr ftp.test.com.

6. Edit named. conf and add the test.com area to view "external:

Vim/var/named/chroot/etc/named. conf

Because zone "test.com" is written in the named. rfc1912.zones file, add the following in view "external:

Include "/etc/named. rfc1912.zones ";

7. Restart the service:

Service named restart

In this case, when the client requests to parse the test.com domain, it will directly use the set parameters and will not ask the root.

3. Configure the secondary Domain Name Server
Configuring the secondary Domain Name Server is much simpler. You only need to add a region to the primary configuration file and specify the primary domain name server that can update the information. You do not need to configure the regional database file.

1. Edit the/var/named/chroot/etc/named. rfc1912.zones file:

Vim/var/named/chroot/etc/named. rfc1912.zones

Add the forward resolution region test.com at the end:

Zone "test.com" IN {
Type slave;
File "slaves/test.com. hosts ";
Masters {1.1.1.1 ;}; // enter the IP address of the primary DNS server.
};

Then add the reverse resolution area 1.168.192.in-addr. arpa:

Zone "1.168.192.in-addr. arpa" IN {
Type slave;
File "slaves/test.com. resv ";
Masters {1.1.1.1 ;}; // enter the IP address of the primary DNS server.
};

2. Edit named. conf and add the named. rfc1912.zones file to view "external:

Vim/var/named/chroot/etc/named. conf

In view "external", add:

Include "/etc/named. rfc1912.zones ";

3. Set/var/named/chroot/var/named/slaves directory users and groups to root: named:

Cd/var/named/chroot/var/named
Chown root: named slaves

Add write permission for/var/named/chroot/var/named/slaves:

Chmod g + w slaves

If the named user has no write permission on the slaves directory, the parsing data files on the Primary Domain Name Server cannot be synchronized.

4. Restart the DNS Service:

Service named restart

5. view the/var/named/chroot/var/named/slaves directory:
The test.com. hosts test.com. resv file is generated, indicating that the update is successful.

Note:
1) the names of the forward and reverse zones on the master and slave servers must be consistent.
2) You can specify a relative path or an absolute path for the file from the server.
3) direct the preferred DNS server of the secondary DNS server to the primary DNS server.