Linux Learning Notes < 26 >--dns Server

DNS (Domain Name System): Provides a mapping of domain-to-IP addresses on the Internet

Domain name: Also known as hostname, FQDN (full qualified domain name fully qualified domainname)

Basic information:

The bind service is typically used in Linux to provide a DNS server

Application Layer Protocol

Based on UDP53 port number: for querying

Based on TCP53 port number: for master-Slave server synchronization data

Based on TCP953 port number: RNDC for remote control of DNS servers

Parsing mode:

Forward: FQDN <--> IP

Reverse: IP <-->fqdn

Parse Order:

Local DNS cache-->/etc/hosts file-->dns server

Query method:

Recursive query: The local DNS server only makes one request

Iterative query: The local DNS server makes multiple requests

The parsing process is usually two-way, from the local host to the local DNS server using recursive query, the local DNS server to query the query using an iterative

Type of DNS server:

Primary DNS server: Responsible for maintaining domain name information for the specified zone

Secondary DNS server: Synchronize data to the primary DNS server in real time, standby server

Cache DNS server: No domain name database, only responsible for caching query results next time you can directly use

Forward DNS server: When a query request is received, it is found in the cache and forwarded to the specified DNS server if it is not found

Type of zone transfer when master-slave synchronization of data

Full zone transfer: AXFR

Incremental zone transfer: IXFR

BIND97 Composition:

/etc/named.conf

Working properties of the named process

Definition of a region

/etc/rndc.key

Rndc:remote Name Domain Controller

Key file

Configuration information:/etc/rndc.conf

/var/named/

Zone Data files

/etc/rc.d/init.d/named

{Start|stop|restart|status|reload}

/usr/sbin/named: Binary files

Common commands:

named-checkconf: Detecting configuration/etc/named.conf for syntax errors

named-checkzone "Zone_name"/path/to/zone_data_file

[Email protected] ~]# named-checkzone "cqy.com"/var/named/cqy.com.zone zone Cqy.com/in:fin.cqy.com/ns ' Ns1.fin.cqy.com ' (out of zone) have no addresses records (A or AAAA) zone Cqy.com/in:market.cqy.com/ns ' ns1.marknet.cqy.com ' has no address records (A or AAAA) zone cqy.com/in:loaded serial 2015081901OK

Dig:domain Information Gropher

+[no]recurse: Whether to use recursive queries

+[no]trace: trace Displays the entire query process

DIG-T zone_type name @IP: Check the name of the specified IP Zone_type record, @IP can save, omit is to set the DNS server

-T AXFR: Full zone transfer, showing all data entries

-T ixfr=serial number:serial number after the changed entry

[[email protected] ~]# dig -t ns   Cqy.com; <<>> dig 9.7.0-p2-redhat-9.7.0-6.p2.el5_7.4 <<>> -t  NS cqy.com;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21531;;  flags: qr aa rd ra; query: 1, answer: 1, authority: 0,  ADDITIONAL: 1;;  QUESTION SECTION:;cqy.com.INNS;;  ANSWER SECTION:cqy.com.43200INNSns1.cqy.com.;;  ADDITIONAL SECTION:ns1.cqy.com.43200INA192.168.0.150;;  Query time: 2 msec;;  server: 192.168.0.150#53 (192.168.0.150);  WHEN: Thu Aug 20 02:16:37 2015;;  msg size  rcvd: 59 

[Email protected] ~]# dig-t A www.baidu.com @192.168.0.1; <<>> DiG 9.7.0-p2-redhat-9.7.0-6.p2.el5_7.4 <<>>-t A www.baidu.com @192.168.0.1;; Global options: +cmd;; Got answer:;; ->>header<<-opcode:query, Status:noerror, id:17896; Flags:qr Rd RA; Query:1, Answer:3, authority:0, additional:0; QUESTION Section:;www.baidu.com.ina; ANSWER section: www.baidu.com.648INCNAMEwww.a.shifen.com.www.a.shifen.com.600INA180.97.33.108www.a.shifen.com.600INA180.97.33.107 ;; Query time:33 msec;; server:192.168.0.1#53 (192.168.0.1); When:thu 20 02:17:53 2015;; MSG SIZE rcvd:90

Dig-x IP: Reverse query, based on IP check FQDN

host-t RT name: Query for resolution of a corresponding name

[[email protected] ~]# host-t NS cqy.comcqy.com name server ns1.cqy.com. [Email protected] ~]# host-t A www.cqy.comwww.cqy.com has address 192.168.0.151

nslookup: Interactive

Nslookup>

Server IP

Set Q=rt

NAME

[[email protected] ~]# nslookup> exit[[email protected] ~]# nslookup> server 192.168.0.150Default server:192.168.0 .150address:192.168.0.150#53> Set q=a> www.cqy.comServer:192.168.0.150Address:192.168.0.150#53Name: www.cqy.comAddress:192.168.0.151

DNS-related configuration files

① /etc/resolv.conf: Configuring the DNS server, declaring the host domain name

Format:

Domain domain_name: Define host Domain name

Serach DOMAIN1 MOMAIN2 ... : Define a search list for a domain name

NameServer ipaddr: Define the IP address of the DNS server

[Email protected] ~]# cat/etc/resolv.conf search Localdomainnameserver 192.168.0.1

②/etc/hosts: Defining a local DNS resolution list

Format:

IPAddrFQDNAliases

192.168.0.150www.cqy.comwww

[[email protected] ~]# cat/etc/hosts# do not remove the following line, or various programs# that require network functio Nality'll fail.127.0.0.1localhost.localdomain Localhost::1localhost6.localdomain6 localhost6

③/etc/named.conf: Define the working properties of the named process, define the area

option Format :

option {

OPTIONS1;

OPTIONS2;

...

};

Common option Options

Directory "Path/to/directory";: Define working directory

recursion {Yes|no};: Defines whether recursive queries

Allow-query {Network Segment | IP Address | host name;..}; : Define a list that can be queried

Allow-transefer {Network Segment | IP Address | host name;..}; Define a list of zones that can be transferred

None;: Indicates that all

Any;: Indicates that all

Notify Yes;: Notify update from server after change

Forward {Only|first}; Select the forwarding mechanism, only forward, first forward, no results and then forwarded to the root

QueryLog Yes: Turns on logging query results, logs are saved in/var/log/message

Zone format :

Zone "Zone NAME" in {

type {Master|slave|hint|forward};

File "Path/to/zone_data_file";: Path of the zone data file under working directory

OPTIONS1;

...

};

Zone Type:

Primary zone: Master

From zone: Slave

Hint area: Hint, define where the root is

Forwarding Area: Forward

Logging Format :

Logging {

Channel Channel_name {

OPTIONS1;

OPTIONS2;

...

};

Category queries {channel_name;};

Channel ...

...

};

ACL format : ACLs are used to define multiple network segments or IP addresses or hosts

ACL Acl_name {

Network Segment 1;

Network Segment 2;

IP address 3;

...

};

View format : All zones must be included in the view when using view

View View_name {

match-clients {acl| Network segment | IP Address | host; };

Zone ...

...

};

zone data files under ④/var/named/

Format of resource record RR in a zone data file

can be globally defined $TTL 600;

NAME[TTL]inRRT (resource record type)VALUE

RRT resource record Type:

SOA (Start of authority): must be the first in RR, indicating how to complete data synchronization

ZONE NAMETTLinSOAFQDNAdministrator_mailbox (

Serial number

Refresh

Retry

Expire

Na ttl)

Time units: M (minutes), H (Hours), D (days), W (week), default unit is seconds

Mailbox format: admin.cqy.com

Cqy.com. in SOAns1.cqy.comadmin.cqy.com. 20150819 1H 5M 1W 1D

Cqy.com. in SOAns1.cqy.comadmin.cqy.com. (

20150819

1H

5M

1W

1D)

NS (Name Server): Zone_name-->fqdn

Cqy.com. in NSns1.cqy.com.

Ns1.cqy.com. inA 1.1.1.2

Cqy.com. in NSns2.cqy.com.

Ns2.cqy.com. inA 1.1.1.5

MX (Mail EXchanger): Zone_name-->fqdn

ZONE NAMETTLinMX priVALUE

Cqy.com. in MX tenmail.cqy.com.

Mail.cqy.com. inA 1.1.1.3

Priority: 0-99, the smaller the number, the higher the priority level

A (address): Fqdn-->ipv4 can only be defined in a forward zone data file

Ns1.cqy.com. inA 1.1.1.2

Ns2.cqy.com. inA 1.1.1.5

PTR (pointer): Ip-->fqdn can only be defined in reverse zone data files

150.0.168.192.in-addr.arpa. In PTR ns1.cqy.com

CNAME (canonical name formally): Fqdn-->fqdn

www2.cqy.com. inCNAME www.cqy.com

Other types :

Aaaa:fqdn-->ipv6

Txt

CHAOS

SRV

Linux Learning Notes < 26 >--dns Server