Linux Cloud Automation Operations Basics (DNS service)

Source: Internet
Author: User

I. DNS Overview
Role: Provide domain name Resolution service
Forward parsing: domain name--IP eg: (www.baidu.com--220.181.111.188)
Reverse parsing: ip--domain name eg: (220.181.111.188--www.baidu.com)
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/5A/wKiom1mPEeOyNpHAAABUM2SY9vU562.png "title=" Screenshot from 2017-08-09 09-30-59.png "alt=" Wkiom1mpeeoynphaaabum2sy9vu562.png "/>


How DNS is queried
Recursive query: How the client requests resolution from its own DNS server.
Iterative query: How the server queries the server.


Precedence of DNS resolution (determined by configuration file/etc/nsswitch.comf)
1. Native cache
2. Native/etc/hosts files
Format:
3. Specify the DNS server cache
Empty cache: RHDC Flush
4. Specified DNS server (/etc/resolve.conf)


DNS Query commands
1.gethostip It is the composition of the Syslinux package, through the Hosts file and DNS resolution host name to IP, the IP is calculated as 8-bit 16 binary in PXE has a special purpose.

2.host only through DNS query, query host name to IP resolution.

3.nslookup Windows Parsing tool, common in Linux, currently less used, provides simple forward and reverse parsing queries

4.dig Linux Powerful query tool, can query more detailed information, the most widely used, can be traced to non-authoritative DNS


Two. Setting up a DNS service
1. Configuring Cache DNS
(1). Modify the Ip,hostname, and adjust the firewall policy to configure the Yum source.

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/9E/49/wKioL1mPFd6y2c-7AACRpyhWkSA410.png "style=" float : none; "title=" screenshot from 2017-08-08 22_13_29.png "alt=" Wkiol1mpfd6y2c-7aacrpyhwksa410.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/5A/wKiom1mPFd-xHnBiAAAiEOUA2Ag933.png "style=" float : none; "title=" screenshot from 2017-08-08 22_14_34.png "alt=" Wkiom1mpfd-xhnbiaaaieoua2ag933.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/49/wKioL1mPFd-T7LOQAAE8c1LwA-0743.png "style=" float : none; "title=" screenshot from 2017-08-09 10-16-43.png "alt=" Wkiol1mpfd-t7loqaae8c1lwa-0743.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/49/wKioL1mPFeCgZmubAAA-IpRjKQw573.png "style=" float : none; "title=" screenshot from 2017-08-08 22_17_15.png "alt=" Wkiol1mpfecgzmubaaa-iprjkqw573.png "/>

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/5A/wKiom1mPFeGDD_owAABQ_cyTGhc023.png "style=" float : none; "title=" screenshot from 2017-08-08 22_19_54.png "alt=" Wkiom1mpfegdd_owaabq_cytghc023.png "/>



(2). Install BIND server and turn on BIND service, generate Rndc.key

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9E/49/wKioL1mPFrrQ6im9AAAyX5orxtw543.png "title=" Screenshot from 2017-08-08 22_23_27.png "alt=" Wkiol1mpfrrq6im9aaayx5orxtw543.png "/>


(3). Edit the DNS configuration file/etc/resolve.conf

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/5A/wKiom1mPFt2gvtWiAABmTAq7Aeg003.png "title=" Screenshot from 2017-08-08 22_25_13.png "alt=" Wkiom1mpft2gvtwiaabmtaq7aeg003.png "/>


(4). Modify the configuration file vim/etc/named.conf of the bind service and restart the service

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/49/wKioL1mPFwOwHxpSAABPqBUC8F8000.png "title=" Screenshot from 2017-08-08 22_30_52.png "alt=" Wkiol1mpfwowhxpsaabpqbuc8f8000.png "/>


(5). Query Port Status Netstat-antple | grep named

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/9E/49/wKioL1mPFyjCfv0xAAB9VHJ6Zjc073.png "title=" Screenshot from 2017-08-08 22_33_05.png "alt=" Wkiol1mpfyjcfv0xaab9vhj6zjc073.png "/>


(6). Test: Dig the target domain name twice to see the change in response time

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/5A/wKiom1mPF0CgnkubAACSjHq1EWg722.png "style=" float : none; "title=" screenshot from 2017-08-08 23_10_38.png "alt=" Wkiom1mpf0cgnkubaacsjhq1ewg722.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/49/wKioL1mPF0HhlbbGAACBzVa_1jI760.png "style=" float : none; "title=" screenshot from 2017-08-08 23_10_50.png "alt=" Wkiol1mpf0hhlbbgaacbzva_1ji760.png "/>




Set authoritative DNS
1. Forward parsing: domain name--IP eg: (www.baidu.com--220.181.111.188)
(1) Edit the configuration file of the bind service/etc/named.conf
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/5A/wKiom1mPF4LD_MC0AABgrm81gUI470.png "title=" Screenshot from 2017-08-09 00_19_59.png "alt=" Wkiom1mpf4ld_mc0aabgrm81gui470.png "/>


(2) Edit File Vim/etc/named.rfc1912.zones
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/49/wKioL1mPF77BS8viAAAmyViCk1s366.png "title=" Screenshot from 2017-08-09 00_20_23.png "alt=" Wkiol1mpf77bs8viaaamyvick1s366.png "/>


(3) Cd/var/named/cp-p Name.localhost Westos.com.zone

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/49/wKioL1mPF-XgCJm2AABNPzvQfgU848.png "title=" Screenshot from 2017-08-08 23_27_45.png "alt=" Wkiol1mpf-xgcjm2aabnpzvqfgu848.png "/>


(4) Edit File Vim/var/named/westos.com.zone
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/49/wKioL1mPGEywIsG5AABad3T0A7A612.png "title=" Screenshot from 2017-08-09 00_21_41.png "alt=" Wkiol1mpgeywisg5aabad3t0a7a612.png "/>


(5) Restart service Systemctl restart named


650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9E/5B/wKiom1mPGHPyo2j4AAATmRdpgQ4596.png "title=" Screenshot from 2017-08-09 00_22_04.png "alt=" Wkiom1mpghpyo2j4aaatmrdpgq4596.png "/>

(6) Testing Service dig domain name

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/5B/wKiom1mPGQfi8qYEAACxronzHPU461.png "style=" float : none; "title=" screenshot from 2017-08-09 00_22_35.png "alt=" Wkiom1mpgqfi8qyeaacxronzhpu461.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/9E/49/wKioL1mPGQizRHdjAACvx6UajcQ334.png "style=" float : none; "title=" screenshot from 2017-08-09 00_23_48.png "alt=" Wkiol1mpgqizrhdjaacvx6uajcq334.png "/>


2. Round call mechanism
Edit File Vim/var/named/westos.com.zone
650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/9E/49/wKioL1mPGZuAy1zyAAB0Dejntvo150.png "title=" Screenshot from 2017-08-09 01_13_27.png "alt=" Wkiol1mpgzuay1zyaab0dejntvo150.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/49/wKioL1mPGciSl3CiAACLyWPy1oE954.png "style=" float : none; "title=" screenshot from 2017-08-09 01_13_41.png "alt=" Wkiol1mpgcisl3ciaaclywpy1oe954.png "/>

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/9E/5B/wKiom1mPGcngjI9_AAEcwuqpQNU252.png "style=" float : none; "title=" screenshot from 2017-08-09 01_13_54.png "alt=" Wkiom1mpgcngji9_aaecwuqpqnu252.png "/>







3. Reverse parsing: ip--domain name eg: (220.181.111.188--www.baidu.com)

(1) Edit the configuration file of the bind service/etc/named.rfc1912.zones

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/5B/wKiom1mPGhTDoWmKAAAl6N6rIOk158.png "title=" Screenshot from 2017-08-09 02_24_25.png "alt=" Wkiom1mpghtdowmkaaal6n6riok158.png "/>



(2) Cp-p/var/named/named.lookback/var/named/westos.com.ptr Copy configuration file template


(3) Vim Westos.com.ptr

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/9E/5B/wKiom1mPGjPBF3fzAABjgvwdmzU074.png "title=" Screenshot from 2017-08-09 02_24_51.png "alt=" Wkiom1mpgjpbf3fzaabjgvwdmzu074.png "/>




(4) Restart the service

Systemctl Restart named


(5) Testing Service: Dig-x address

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/49/wKioL1mPGtuzUP58AADGqVSPNj4765.png "style=" float : none; "title=" screenshot from 2017-08-09 02_25_12.png "alt=" Wkiol1mpgtuzup58aadgqvspnj4765.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/5B/wKiom1mPGtyhh_KXAADA5v6StE8151.png "style=" float : none; "title=" screenshot from 2017-08-09 02_25_30.png "alt=" Wkiom1mpgtyhh_kxaada5v6ste8151.png "/>






4. Bidirectional parsing
(1) vim/etc/named.conf

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/49/wKioL1mPGwzyApeVAAENzQjrBvc388.png "title=" Screenshot from 2017-08-09 03_47_20.png "alt=" Wkiol1mpgwzyapevaaenzqjrbvc388.png "/>


(2) Cp-p/etc/name.rfc1912.zone/etc/name.rfc1913.zone


(3) Edit/etc/name.rfc1912.zone Separately,/etc/name.rfc1913.zone note that since 1913 when copying 1912 of the content, should be 1912 of the point of the file that the block commented out




650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9E/5B/wKiom1mPG2rT3tvfAABYIFYs2_g556.png "style=" float : none; "title=" screenshot from 2017-08-09 03_48_02.png "alt=" Wkiom1mpg2rt3tvfaabyifys2_g556.png "/>



650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/9E/49/wKioL1mPG2rTmDfdAABS_5-52JI774.png "style=" float : none; "title=" screenshot from 2017-08-09 03_48_24.png "alt=" Wkiol1mpg2rtmdfdaabs_5-52ji774.png "/>



(4) Cp-p/var/named/westos.com.zone/var/named/westos.com.inter


(5) Edit the/var/named/westos.com.zone separately,/var/named/westos.com.inter set the IP that the intranet user obtains, set up the IP that the extranet user obtains

Intranet

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/49/wKioL1mPHAGxd8PAAAB1m6JbNpk950.png "style=" float : none; "title=" screenshot from 2017-08-09 03_49_28.png "alt=" Wkiol1mphagxd8paaab1m6jbnpk950.png "/>


(External network)

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/5B/wKiom1mPHADRdlXEAABmgIbTozA744.png "style=" float : none; "title=" screenshot from 2017-08-09 03_49_40.png "alt=" Wkiom1mphadrdlxeaabmgibtoza744.png "/>


(6) Restart service

(7) Testing Services
Set the DNS of another host to the IP of the service host

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/9E/5B/wKiom1mPHL6gV3kNAACFMLWP8hU039.png "title=" Screenshot from 2017-08-09 03_51_15.png "alt=" Wkiom1mphl6gv3knaacfmlwp8hu039.png "/>


650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/4A/wKioL1mPHmmwIyK8AAFOHW-hLDY740.png "title=" Screenshot from 2017-08-09 15-52-31.png "alt=" Wkiol1mphmmwiyk8aafohw-hldy740.png "/>


5. Master-Slave DNS server settings
Because a single DNS server resolves too many times when the load becomes larger, set the pressure from the DNS server to mitigate the primary DNS server.
(1) Modify the Ip,hostname, and adjust the firewall policy to configure the Yum source. (same as previous operation)
(2) Install BIND server and turn on BIND service, generate Rndc.key
(3) Edit the DNS configuration file/etc/resolve.conf Here DNS is the DNS from the server, which is used to relieve the stress of the primary DNS server.


Add nameserver 172.25.254.124 to the file


(4) Modify the configuration file vim/etc/named.conf of the bind service and restart the service # #开启53端口

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9E/5B/wKiom1mPHZGyeAioAABQtZLWV6E134.png "title=" Screenshot from 2017-08-09 04_35_01.png "alt=" Wkiom1mphzgyeaioaabqtzlwv6e134.png "/>(5) vim/etc/ Name.rfc1912.zone setting parameters to share the pressure of the primary DNS server

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/9E/5B/wKiom1mPHyKhF1UUAAAv56ib9zg212.png "title=" Screenshot from 2017-08-09 04_34_40.png "alt=" Wkiom1mphykhf1uuaaav56ib9zg212.png "/>


(6) Test: Perform dig from the DNS server 172.25.254.124 www.westos.com from the results can be seen from the service 172.25.254.124, is from the server, showing the burden of sharing the primary DNS server from the server.


Master-Slave DNS server synchronization
If the parsing file on the primary DNS server is modified but not received from the server in a timely manner, it resolves 2 addresses, so in order to maintain the accuracy of the DNS server cluster, the modified information on the primary DNS server needs to be modified synchronously to the slave server.

1. The/etc/named.rfc1912.zones and/etc/named.rfc1913.zones files need to be configured on the primary DNS server.

1912

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/9E/4A/wKioL1mPH_mStlTTAAA4Xq3eTtc050.png "title=" Screenshot from 2017-08-09 05_05_35.png "alt=" Wkiol1mph_mstlttaaa4xq3ettc050.png "/>


1913

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/9E/4A/wKioL1mPICbDQxLNAAA1wkgFluM719.png "title=" Screenshot from 2017-08-09 05_05_15.png "alt=" Wkiol1mpicbdqxlnaaa1wkgflum719.png "/>

2. Outside the network users to do the example

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9E/4A/wKioL1mPIm3yCECTAABktsZuUwY203.png "style=" float : none; "title=" screenshot from 2017-08-09 05_05_56.png "alt=" Wkiol1mpim3ycectaabktszuuwy203.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/5B/wKiom1mPIm7x8bv7AACXA_fWLeQ794.png "style=" float : none; "title=" screenshot from 2017-08-09 05_07_00.png "alt=" Wkiom1mpim7x8bv7aacxa_fwleq794.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/4A/wKioL1mPIoKTKLj_AAB3JQAkxI0016.png "style=" float : none; "title=" screenshot from 2017-08-09 05_07_13.png "alt=" Wkiol1mpioktklj_aab3jqakxi0016.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9E/4A/wKioL1mPIoOThEuiAABrKcb5Imo867.png "style=" float : none; "title=" screenshot from 2017-08-09 05_07_27.png "alt=" Wkiol1mpiootheuiaabrkcb5imo867.png "/>


This article is from the "13122425" blog, please be sure to keep this source http://13132425.blog.51cto.com/13122425/1955957

Linux Cloud Automation Operations Basics (DNS service)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.