Linux Miscellaneous (18): DNS server configuration (1)

1. DNS server Overview

Domain Name System(English:DOmainNAmeSYstem, Zookeeper:DNSIs a service on the Internet. It is a distributed database that maps domain names and IP addresses to allow users to access the Internet more conveniently. DNS uses TCP and UDP ports 53. Currently, the maximum length of each level-1 domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters.

Before dns appeared, we stored the domain name and IP address in the/etc/hosts file. However, as the IP address increases, it was not enough to store the file. DNS came into being because it is not conducive to synchronization with other hosts.

DNS structure: it uses the tree directory architecture. Allocate the management of host names to DNS servers at different levels to simplify the modification and search of each layer.

Procedure for querying the host name using DNS:

(1) check whether there is a record on the local machine first. If there is no record, search for (. root;
(2) query to the top-level;
(3) layer-by-layer query. Only the next layer of the target is queried at a time.
(4) record the cache and return the path to the user.

Note: In the system, we can track the path through the dig command.

Workflow:


2. Build a DNS server


Today, we are going to build a DNS server by ourselves. Such requirements are still available within the company.

First, find the packages that install dns:


Install the dns server:


After the service is enabled, the port number of the dns service is 53:


Next, we need to modify the configuration file to provide the corresponding services. Here, we modify the configuration file in the/var/named/chroot directory for the sake of security, without directly modifying the files in the/etc/named directory, the two are synchronous, but there is a constraint that the former can be used only when dns is enabled successfully !!!



We disable ipv6 in the options and allow any user to use it.



The last two lines of the main configuration file are the secondary configuration file and our dns encryption file:



(1) Forward DNS resolution:
We will view the following in sequence:



Let's set up our own Domain Name System. The above is the template, and we specify the name of the domain name configuration file under it. We need to create it ourselves, the location is under/var/named/chroot/var/named:



There is also a template for the domain name configuration file under this directory. copy it and set it:



This is the initial form. Remember this and compare it with the modified one:



After modification:



Note: @ equals to example.com. so in the last two lines, if the domain name is not completed, the system will add the value represented by @ to the end, and note that there is a dot behind each com.

At this time, we restart the service and check whether the firewall is closed:



After the server is configured, we access the dns server on another server.

The first thing to do is to modify the DNS1 parameter in the ifcfg-eth0 file to the IP address of the specified DNS server: 192.168.2.100. Then restart the network service:




Restart network:





After tracing, we found that www.example.com can be found and the dns server is 192.168.2.100, which means that the previous dns server configuration is correct.


The above part is the forward resolution of the dns server. At the same time, we also know that dns has the reverse resolution capability. How can we achieve this? Of course, we still need to modify the configuration file, the process is not much different from that of forward resolution.

(2) reverse DNS resolution:

Return to the sub-configuration file and go to the directory/var/named/chroot/etc:



Do you see the IP address writing format? Yes, since it is reverse resolution, the IP address writing order is also the opposite, and the configuration file is specified:



Jump to the configuration file directory. First, copy the template of the reverse resolution configuration file and edit it:



This is the template format:



The modified format is as follows:



Remember the last line. It indicates that the domain name corresponding to 192.168.2.200 is ptr.example.com. This is the standard we will check whether the configuration is correct.

After you exit and save, restart the dns Service:



Back to the client, let's reverse parse what is 192.168.2.200 Domain Name:



Summary:

As mentioned above, forward and reverse dns resolution has been completed, but such a function is a bit uniform. In fact, it is not used yet, for example, how to synchronize modifications, we will explain how to work with dhcp to provide ddns services in the next section.