Learning Notes DNS Subdomain authorization view

DNS is a core service of the Internet, as a distributed database that can map domain names and IP addresses to each other, making it easier for people to access the Internet rather than remembering the number of IP strings that can be read directly by the machine.
it is responsible for converting the domain name to IP address, people are accustomed to memory domain name, but the machine between each other only IP address, the domain name and IP address is one by one corresponding, the conversion between them is called the domain name resolution, the domain name resolution needs to be done by a dedicated domain name resolution server, the whole process is automatic.

The most important way to implement DNS is to resolve the FQDN to the IP address. Consists of the root domain, the top level domain, the two level domain, the subdomain, the host name. The entire domain name space is inverted in tree shape. Structure composition

Forward parsing: Fqdn-->ip

Reverse parsing: Ip-->fqdn

Forward and backward parsing techniques are different and should not be stored in the same database file.

Inquire:

Recursive query: A request is made and the answer is finally answered.

iterative query: Make a request, not necessarily get a reply .

DNS server type

Master server Master

Secondary DNS server Slave

Cache Name Server

Forwarding Server foward

The DNS service in Linux is provided by bind, the open source software. After installing this software, there is a daemon to named control, the user running this process is the system user named. For security reasons, the named process typically runs in the chroot environment, and the root of the simulation is in the/var/named/chroot directory.

Config file service script:/etc/init.d/named

Master configuration file:/etc/named.conf/etc/named.rfc1912.zones

Zone configuration (Parse library) file:/var/named/name.zone

Master configuration file, global configuration options: main definition port, listen IP address, whether recursive, etc.

650) this.width=650; "title=" Image 1.png "alt=" wkiom1x5ihzylo5iaafcsutu1ri244.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/4e/wkiom1x5ihzylo5iaafcsutu1ri244.jpg "/>

Log System configuration: Logging

650) this.width=650; "title=" Image 3.png "alt=" wkiom1x5iqkbezbdaabamwm6s7w573.jpg "src=" http://s3.51cto.com/wyfs02/M02 /73/4e/wkiom1x5iqkbezbdaabamwm6s7w573.jpg "/>

Zone definition: Zone can be resolved for a zone under a specified directory

650) this.width=650; "title=" Image 7.png "alt=" wkiom1x5jvqiz7k3aabrkmcwcjy638.jpg "src=" http://s3.51cto.com/wyfs02/M00 /73/4e/wkiom1x5jvqiz7k3aabrkmcwcjy638.jpg "/>

Configuring the Primary DNS server

First define the Zone zone in the master configuration file

650) this.width=650; "title=" Image 6.png "alt=" wkiol1x5ktzclqxeaabgcdjedko757.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/4c/wkiol1x5ktzclqxeaabgcdjedko757.jpg "/>

Resolve domain name first to define a zone file, the path is the relative path default path is placed in the/var/named/with zone end of the file

Zone, where each resource record has a type to represent the function of the resource

SOA: Start-up authorization

NS: Domain Name server

MX: Mail Exchanger

A:ipv4 Address

PTR: Reverse parsing

Aaaa:ipv6

CNAME: official name

650) this.width=650; "title=" Image 2.png "alt=" wkiom1x8emms8arxaac0k2n8ale862.jpg "src=" http://s3.51cto.com/wyfs02/M00 /73/67/wkiom1x8emms8arxaac0k2n8ale862.jpg "/>

The corresponding domain name server must have a certain record

@ indicates the region name of the current zone

To test DNS with the dig command

650) this.width=650; "title=" Image 7.png "alt=" wkiom1x8rr7bdr4jaaisvq6mufw081.jpg "src=" http://s3.51cto.com/wyfs02/M02 /73/68/wkiom1x8rr7bdr4jaaisvq6mufw081.jpg "/>

Reverse parsing:

Reverse Parse zone database file: Zone name with reverse network address, with. in-addr.arpa as suffix
The first one must be SOA
Should have NS records, but MX and A records cannot appear
More common micro-PTR records
Hostname with Reverse name

Add a zone to the master profile

650) this.width=650; "title=" Image 4.png "alt=" wkiol1x8rmszausoaablx_6zu8k745.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/66/wkiol1x8rmszausoaablx_6zu8k745.jpg "/>

650) this.width=650; "title=" Image 5.png "alt=" wkiom1x8rhmwt-sgaactwonbjei790.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/68/wkiom1x8rhmwt-sgaactwonbjei790.jpg "/>

650) this.width=650; "title=" Image 8.png "alt=" wkiol1x8r7na8ydraajcu7p2kea561.jpg "src=" http://s3.51cto.com/wyfs02/M00 /73/66/wkiol1x8r7na8ydraajcu7p2kea561.jpg "/>

Secondary DNS server

To define a zone zone under a configuration file

650) this.width=650; "title=" Image 2.png "alt=" wkiol1x9xptae-m1aabda1ych2y442.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/6b/wkiol1x9xptae-m1aabda1ych2y442.jpg "/>

650) this.width=650; "title=" Image 3.png "alt=" wkiom1x9xzqar2nlaaeoisrtumm786.jpg "src=" http://s3.51cto.com/wyfs02/M02 /73/6d/wkiom1x9xzqar2nlaaeoisrtumm786.jpg "/>

If the primary DNS server notifies the secondary DNS server to join the secondary DNS server in the Resolve library file

After adding an NS record and a record secondary DNS server IP address, DNS is typically run as a named user. Change the genus and the group. Update the primary DNS server to add 1 on the version number to notify the secondary server to update the DNS resolution library file.

Note: When the DNS secondary server synchronizes data to the primary server, we must first ensure that time is synchronized

650) this.width=650; "title=" Image 4.png "alt=" wkiom1x9bsfgvxh-aadjqzjk_dg904.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/6f/wkiom1x9bsfgvxh-aadjqzjk_dg904.jpg "/>

650) this.width=650; "title=" Image 7.png "alt=" wkiom1x9cyeb44ktaabnkpzk1qo285.jpg "src=" http://s3.51cto.com/wyfs02/M02 /73/6f/wkiom1x9cyeb44ktaabnkpzk1qo285.jpg "/>

Subdomain authorization: Refers to a small area in the original area and specify a new DNS server, this small area if there is a client request analysis, so long as the new child DNS server, so as to reduce the primary DNS server pressure, easy to manage, is generally positive resolution.

Forward parsing Zone Subdomain method:

Define a sub-region: for example
Ops.leifeng.com. In NS ns1.ops.leifeng.com.
Ops.magedu.com. In NS ns2.ops.leifeng.com.
Ns1.ops.leifeng.com. In A 1.1.1.1
Ns2.ops.leifeng.com. In A 2.2.2.2

Fin.leifeng.com. In NS ns1.fin.leifeng.com
Fin.leifeng.com. In NS ns2.fin.leifeng.com.
Ns1.fin.leifeng.com. In A 3.1.1.1
Ns2.fin.leifeng.com. In A 3.3.3.3

Define an NS and a record in the primary server parsing library file

650) this.width=650; "title=" Image 11.png "alt=" wkiom1ybhntzbnmjaaej503p87o879.jpg "src=" http://s3.51cto.com/wyfs02/ M01/73/98/wkiom1ybhntzbnmjaaej503p87o879.jpg "/>

Add zone in subdomain configuration file

650) this.width=650; "title=" Image 4.png "alt=" wkiom1ybchkwzeutaabqhvar2_o177.jpg "src=" http://s3.51cto.com/wyfs02/M02 /73/97/wkiom1ybchkwzeutaabqhvar2_o177.jpg "/>

Parse library file

650) this.width=650; "title=" Image 5.png "alt=" wkiom1ybckywwmjsaaczuwqdpfu317.jpg "src=" http://s3.51cto.com/wyfs02/M01 /73/97/wkiom1ybckywwmjsaaczuwqdpfu317.jpg "/>

The subdomain is unable to resolve the parent domain because it will be forwarded to the "." When the query is received. To find the parent domain by root query

If you want to continue querying, it is usually forwarded to the parent domain for the parent domain to parse

Defining a forwarding Domain

There are two ways of forwarding

Global forwarding: A request to a non-native all responsible parsing zone, forwarded to the server

In the parse library add

650) this.width=650; "title=" Image 8.png "alt=" wkiol1ybewohc1f-aaawrrekxcc836.jpg "src=" http://s3.51cto.com/wyfs02/M00 /73/94/wkiol1ybewohc1f-aaawrrekxcc836.jpg "/>

Zone forwarding: Prohibit forwarding of requests to a specific zone to a server

650) this.width=650; "title=" Image 9.png "alt=" wkiol1ybhgahh2lyaabtyunewce661.jpg "src=" http://s3.51cto.com/wyfs02/M02 /73/95/wkiol1ybhgahh2lyaabtyunewce661.jpg "/>

650) this.width=650; "title=" Image 10.png "alt=" wkiom1ybhjqboec6aaiwogsp54u347.jpg "src=" http://s3.51cto.com/wyfs02/ M00/73/98/wkiom1ybhjqboec6aaiwogsp54u347.jpg "/>

Bind view

View: A BIND server can define multiple views, each view can define one or more zones, each view is used to match a set of clients, each view may need to parse the same area, but use different zones to parse the library file

The view check is top-down. Priority has a matching view placed on top. Once view is enabled, all zones can only be defined in view, and it is only necessary to define the root zone in the view area of the client that matches to allow recursive requests.

Telecom Netcom, the exchange of visits between the delay is very large, in order to allow customers to obtain a better Internet experience, in the telecommunications and Netcom line on the assumption of a server, one of the access to the telecommunications line, one access to the Netcom line. But for users to transparently access this site, there is no need for users to make manual site selection. We can use the View feature in the DNS server to point different IPs to hosts on different networks.

Basic format: View View_name {
Zone {};
Zone {};
}；

Learning Notes DNS Subdomain authorization view