Linux self-study note--dns and bind applications

Source: Internet
Author: User
Tags dnssec nslookup nslookup command top level domain




DNS (domain Name System), a distributed database of domain names and IP addresses that are mapped to each other on the Internet, makes it easier for users to access the Internet without remembering the number of IP strings that can be read directly by the machine. The process of obtaining the IP address of the host name through the hostname is called Domain name resolution (or hostname resolution). The DNS protocol runs on top of the UDP protocol, using port 53.
Sockets:
C:
Client: The program that initiated the application request;
Server: A program that responds to a request (providing a service);
Listen:socket
Transport Layer protocol: TCP,UDP,SCTP
Tcp:transmission Control Protocol
Connection-oriented protocol: a virtual connection needs to be established prior to communication between two parties;
Udp:user Datagram Protocol
No connection protocol: the need to establish a virtual connection prior to the communication between the two parties;
Dns:domain Name Service, Application layer protocol
C:
53/udp,53/tcp
Www.baidu.com:FQDN (full qualified Domain Name)
Tld:top level Domain
Organizational domain:. com,. NET,. org,. gov,. edu,. mil
Country domain:. IQ,. TW,. HK
DNS Query type:
recursive query;
iterative query;
DNS Name resolution method:
Name-to-IP: Forward parsing
IP--Name: Reverse resolution
Note: The namespace of the two is not the same space, that is, not the same tree; therefore, it is not the same parsing library;
DNS Service type:
Responsible for parsing at least one domain:
Primary name server;
Auxiliary name server;
Not responsible for parsing;
Cache name servers;
The process through which a complete query request passes:
Client--The Hosts file--DNS Local Cache---DNS Server (recursion recursion)--
The domain in which you are responsible for parsing: Querying the database directly and returning the answer;
Not yourself. Parsing domain: Server Cache--Iteration (iteration)
Analytic answer:
Affirmative answer:
Negative answer: There is no key to the query, therefore, there is no value corresponding to its query key;


Authoritative answer: The answer returned by the directly responsible DNS server;
Non-authoritative answer:
Primary-Secondary DNS servers:
Primary DNS server: The server that maintains the domain database that is responsible for parsing, read and write operations can be carried out;
From the DNS server, from the primary DNS server or other from the DNS server "copy" a copy of the resolution library, but only read operations;
How the copy operation is implemented:
Serial number: Serial, which is the version number of the database, the version number is incremented when the contents of the main server database change;
Refresh time interval: refresh, check the update status of the serial number from the server to the main server every how often;
Retry interval: Retry the time interval to attempt the request from the server when it fails to request synchronization from the primary server;
Expiration time: Expire, when the primary server is never contacted from the server, how long after the synchronization of data from the primary server, stop providing services;
Cache duration for negative answers:
master server notifications Update data from the server at any time:

Zone transfer:
Full-Volume transmission: AXFR, transmission of the entire database;
Incremental transfer: IXFR, transferring only the data of variables;
Zone (Zone) and domains (domain)
magedu.com Domain
FQDN-To-IP
Forward parsing Library;
IP-To-FQDN
Reverse Parse library;
Zone database files:
Resource record: Resource record, abbreviated RR;
Record types are: A,AAAA,PTR,SOA,NS,CNAME,MX
Soa:start of authority, starting authorization record; A zone resolution library has and can have only one SOA record, and must be placed in the first article;
Ns:name service, domain name services record; A zone resolution library can have multiple NS records; One of them is the main;
A:address, address record, FQDN---IPv4;
AAAA: Address record, FQDN---IPv6;
Cname:canonical name, alias record;
Ptr:pointer,ip to FQDN
Mx:mail eXchanger, mail exchanger;
Priority: 0-99, the smaller the number, the higher the priority;
Definition format for resource records:
Syntax: Name [TTL] in Rr_type value
SOA: Start authorization record
Name: Names of the current region, such as "claude.com.", or "2.3.4.in-addr.arpa.";
Value: Multi-Part composition
1) The region name of the current zone (you can also use the primary DNS server name);
2) The current regional administrator's e-mail address, but the address can not use the @ symbol, the general use of the point number to replace;
3) (the definition of the master-slave Service coordination attribute and the negative answer amount TTL)
For example:
claude.com. 86400 in SOA magedu.com. Mail.claude.com. (
2017010801; serial serial number
2H; Refresh time interval
10M; retry Retry time interval
1W; expire Expiration time
1D; negative answer ttl negative answer cache duration

NS: Domain Name Service record
Name: The region names of the current region;
Value: The name of a DNS server for the current zone, such as ns.magedu.com.;
Note: An area can have more than one NS record;
For example:
claude.com. 86400 in NS ns1.claude.com.
Claude.com 86400 in NS ns2.claude.com.
Mx:
Name: The region names of the current zone
Value: The host name of a mail exchanger in the current region;
Note: MX records can have multiple, but the value of each record should have a number indicating its priority;
For example:
Www.claude.com in A 1.1.1.1
Www.claude.com in A 1.1.1.2
Bbs.claude.com in A 1.1.1.1
Aaaa:
Name:fqdn
Value:ipv6
Ptr:
Name:ip address, with a specific format, IP in turn, plus a specific suffix, such as 1.2.3.4 Records should be written in 4.3.2.1.in-addr.arpa.
Value:fqdn
For example:
4.3.2.1.in-addr.arpa. In PTR www.claude.com
CNAME:
Alias of the NAME:FQDN format;
Official name of the VALUE:FQDN format;
For example:
Web.claude.com. In CNAME www.claude.com
Attention:
1) TTL can be inherited from the global;
2) @ Indicates the name of the current region;
3) adjacent two records whose name is the same, the following can be omitted;
4) for the positive region, the value of the record of each mx,ns type is the FQDN, and this FQDN should have an a record;


DNS and Bind (2)
Installation configuration for Bind
Bind:berkeley Internet Name domain,isc.org
DNS: protocol
An implementation of BIND:DNS protocol
Named:bind the process name of the running program;
Package:
Bind-libs: The library file used by the general program of BIND and Bind-utils wave Ahu;
Bind-utils:bind client assemblies, such as dig,host,nslookup, etc.;

Bind: The DNS server program provided, and several commonly used test programs;
Bind-chroot: Optional, let named run in jail mode;
650) this.width=650; "title=" 1.png "alt=" wkiol1nkr6mzd4ezaacp6seul9m756.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m01/a7/40/wkiol1nkr6mzd4ezaacp6seul9m756.png-wh_500x0-wm_3-wmp_4-s_12210132.png "/>Bind:
Service script:/etc/rc.d/init.d/named
650) this.width=650; "title=" 2.png "alt=" wkiol1nkr7sdbudyaackc4lckqg821.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m02/a7/40/wkiol1nkr7sdbudyaackc4lckqg821.png-wh_500x0-wm_3-wmp_4-s_2837812299.png "/>

Log file:/var/log/named.log
Check the master configuration file for syntax errors:/usr/sbin/named-checkconf (named-checkconf command)
Check the zone configuration for syntax errors:/usr/sbin/named-checkzone (Named-checkzone command)
Master configuration file:/etc/named.conf
650) this.width=650; "title=" 3.png "alt=" wkiom1nksnwr0we8aab__fpcjzs347.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m01/08/91/wkiom1nksnwr0we8aab__fpcjzs347.png-wh_500x0-wm_3-wmp_4-s_4274282409.png "/>

Or include other files:
/etc/named.iscdlv.key
650) this.width=650; "title=" 4.png "alt=" wkiol1nksiox5yh9aadyrnqphne865.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m00/a7/41/wkiol1nksiox5yh9aadyrnqphne865.png-wh_500x0-wm_3-wmp_4-s_3051847953.png "/>

/etc/named.rfc1912.zones
650) this.width=650; "title=" 5.png "alt=" wkiol1nksjtzwnmnaab9ovunyq4512.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m01/a7/41/wkiol1nksjtzwnmnaab9ovunyq4512.png-wh_500x0-wm_3-wmp_4-s_1483215416.png "/>

/etc/named.root.key
650) this.width=650; "title=" 6.png "alt=" wkiom1nktpnqdinbaadabnngovm251.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m01/08/91/wkiom1nktpnqdinbaadabnngovm251.png-wh_500x0-wm_3-wmp_4-s_3773097792.png "/>

Parse the library file:
Under the/var/named/directory:
The general name is: Zone_name.zone
650) this.width=650; "title=" 7.png "alt=" wkiol1nkslhiyuflaaae1hhui5k551.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m00/a7/41/wkiol1nkslhiyuflaaae1hhui5k551.png-wh_500x0-wm_3-wmp_4-s_2480889459.png "/>


Attention:
1) A DNS server can provide resolution for multiple regions at the same time;
2) must have root zone Parse library file: named.ca
650) this.width=650; "title=" 8.png "alt=" wkiol1nksm3b5-utaacs89aja9y763.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m02/a7/41/wkiol1nksm3b5-utaacs89aja9y763.png-wh_500x0-wm_3-wmp_4-s_3984116338.png "/>

3) There should also be two zone resolution library files: forward and backward parsing libraries for localhost and 127.0.0.1;
     forward: named.localhost
      Reverse: Named.loopback
   650) this.width=650; "title=" 9.png "alt=" Wkiol1nksoux0ohtaaa15evzeni805.png-wh_50 "src=" https://s2.51cto.com/wyfs02/M00/A7/41/ Wkiol1nksoux0ohtaaa15evzeni805.png-wh_500x0-wm_3-wmp_4-s_4211928721.png "/>

 rndc:remote Name domain controller
  953 Port/tcp protocol, but default listener and 127.0.0.1 address, so only local use is allowed;
  Bind program after installation, the default can be used as a cache name server, if there is no specific area for resolution, directly to start the service;
 650) this.width=650; "title=" 10.png "alt=" Wkiom1nktuza1notaabappzs5lk991.png-wh_50 "src=" https://s4.51cto.com/wyfs02/M02/08/91/ Wkiom1nktuza1notaabappzs5lk991.png-wh_500x0-wm_3-wmp_4-s_1258884900.png "/> 
  Master profile format:
   Global Configuration segment:
   options {...}
   Log Configuration segment:
   logging {...}
   zone configuration segment:
   zone {...}
     Those zones that are parsed by this machine, or the areas that are forwarded
    Note: Each configuration statement must end with a semicolon;
  650) this.width=650; "title=" 11.png "alt=" wkiol1nks2yzwgaeaacgvjr0-z8360.png-wh_50 "src=" https://s1.51cto.com/wyfs02/ M00/a7/41/wkiol1nks2yzwgaeaacgvjr0-z8360.png-wh_500x0-wm_3-wmp_4-s_1774922531.png "/>

Configuration of the cache name server:
The cache name server is usually set up in the company's LAN, the main purpose is to improve the speed of domain name resolution, reduce the traffic to the Internet access to exports
1. Configuration file modification is mainly the following sections
1) Listen to the address that can communicate with the external host;
Listen-on Port 53;
Listen-on Port 53 {192.168.19.128;127.0.0.1;};
2) When learning to test, it is recommended to turn off DNSSEC
Dnssec-enable No;
Dnssec-validation No;
Dnssec-lookaside No;
3) Close only allow local queries;
allow-query {localhost;};
The specific modifications are configured as follows:
650) this.width=650; "title=" 12.png "alt=" wkiom1nkti3bnsyaaacmu78hzak091.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m01/08/91/wkiom1nkti3bnsyaaacmu78hzak091.png-wh_500x0-wm_3-wmp_4-s_2098740962.png "/>

2. Check the configuration file syntax error: No information output there is no syntax error (but does not mean no logic error)
named-checkconf [/etc/named.conf]
650) this.width=650; "title=" 13.png "alt=" wkiom1nkugnzl0rgaaasc7ekxyu855.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m01/08/92/wkiom1nkugnzl0rgaaasc7ekxyu855.png-wh_500x0-wm_3-wmp_4-s_578545044.png "/>

3. Start the named service and see if the TCP,UDP53 port is listening and the boot is successful
650) this.width=650; "title=" 14.png "alt=" wkiol1nkt1uqiqgcaaamyxwld6s793.png-wh_50 "src=" https://s2.51cto.com/ Wyfs02/m00/a7/41/wkiol1nkt1uqiqgcaaamyxwld6s793.png-wh_500x0-wm_3-wmp_4-s_2802398970.png "/>

4. Verify the cache name server;
650) this.width=650; "title=" 15.png "alt=" wkiol1nkt2jckfioaaatz3mmyla831.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m00/a7/41/wkiol1nkt2jckfioaaatz3mmyla831.png-wh_500x0-wm_3-wmp_4-s_325058857.png "/>

Test tools:
Dig [-t Rr_type] name [@SERVER] [query options]
Used to test the DNS system, so it does not query the Hosts file;
650) this.width=650; "title=" 16.png "alt=" wkiol1nkt3srcnjfaabo6oafcci770.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m01/a7/41/wkiol1nkt3srcnjfaabo6oafcci770.png-wh_500x0-wm_3-wmp_4-s_1225047480.png "/>

Query options:
+[no]trace: Trace parsing process;
650) this.width=650; "title=" 17.png "alt=" wkiom1nkujsrj3rvaac1xucnaf4893.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m02/08/92/wkiom1nkujsrj3rvaac1xucnaf4893.png-wh_500x0-wm_3-wmp_4-s_666971060.png "/>

+[no]recurse: Recursive parsing;
Note: Reverse parsing test
Dig-x IP
650) this.width=650; "title=" 18.png "alt=" wkiol1nkt5gbxebdaabmn-umd04960.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m01/a7/41/wkiol1nkt5gbxebdaabmn-umd04960.png-wh_500x0-wm_3-wmp_4-s_2074461759.png "/>

Simulate full zone transfer;
Dig–t AXFR DOMAIN [@server]
Host command:
Host [-t Rr_type] name Server_ip
650) this.width=650; "title=" 19.png "alt=" wkiol1nkt8fqde1iaaaehpk5tao068.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m02/a7/41/wkiol1nkt8fqde1iaaaehpk5tao068.png-wh_500x0-wm_3-wmp_4-s_1941725570.png "/>

nslookup command:
nslookup [option] [name] [Server]
Interactive mode:
Nslookup>
Server IP: Queries the DNS server with the specified IP;
Set Q=rr_type: The type of resource record to query;
Name: names to query;
650) this.width=650; "title=" 20.png "alt=" wkiom1nkuoyd-t-aaaausdtmobm314.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m00/08/92/wkiom1nkuoyd-t-aaaausdtmobm314.png-wh_500x0-wm_3-wmp_4-s_4186466061.png "/>

RNDC command: Named Service control command
RNDC status
RNDC Flush
RNDC Reload


The configuration resolves a forward zone:
Take claude666.com as an example;
1) Define the area
Implemented in the master configuration file or in the Master profile secondary configuration file:
Zone "Zone_name" in {
type {Master|slave|hint|forward};
File "Zone_name.zone";
};
Note: The name of the region is the name of the domain;
650) this.width=650; "title=" 21.png "alt=" wkiom1nkuxphimexaacfnu4eld0104.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m02/08/92/wkiom1nkuxphimexaacfnu4eld0104.png-wh_500x0-wm_3-wmp_4-s_1398400077.png "/>

2) Create a regional data file (the primary record is a or AAAA record)
Create a regional data file under the/var/named directory;
Files are:/var/named/claude666.com.zone
650) this.width=650; "title=" 22.png "alt=" wkiol1nkuidrstriaabdae7ogdi580.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m00/a7/42/wkiol1nkuidrstriaabdae7ogdi580.png-wh_500x0-wm_3-wmp_4-s_904174280.png "/>

After modifying the Forward parsing library file group permission modification;
650) this.width=650; "title=" 23.png "alt=" wkiom1nku0wy6vqnaabi9jp_i0u244.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m01/08/92/wkiom1nku0wy6vqnaabi9jp_i0u244.png-wh_500x0-wm_3-wmp_4-s_965106058.png "/>

Check for syntax errors;
650) this.width=650; "title=" 24.png "alt=" wkiom1nku0-w2py7aaagwvcdhvc792.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m02/08/92/wkiom1nku0-w2py7aaagwvcdhvc792.png-wh_500x0-wm_3-wmp_4-s_776747927.png "/>

3) Let the server reload the configuration file and the zone data file
650) this.width=650; "title=" 25.png "alt=" wkiom1nku1jx0mdfaaaskztdexk733.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m02/08/92/wkiom1nku1jx0mdfaaaskztdexk733.png-wh_500x0-wm_3-wmp_4-s_2238136934.png "/>

4) Use client-side parsing and validation;

650) this.width=650; "title=" 26.png "alt=" wkiom1nku2bgpdnaaaakeodsewm889.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m00/08/92/wkiom1nku2bgpdnaaaakeodsewm889.png-wh_500x0-wm_3-wmp_4-s_60385890.png "/>



The configuration resolves a reverse zone:
1) Define the area
Implemented in the master configuration file or in the Master profile secondary configuration file;
Zone "Zone_name" in {
type {Master|slave|hint|forward};
File "Zone_name.zone";
};


Note: The name of the reverse region
The anti-write network segment address. In-addr.arpa
Edit the/etc/named.rfc1912.zones file and add the content as follows;
650) this.width=650; "title=" 27.png "alt=" wkiol1nkuokxbnbgaaaooqnjas0665.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m00/a7/42/wkiol1nkuokxbnbgaaaooqnjas0665.png-wh_500x0-wm_3-wmp_4-s_114379904.png "/>

2) define the Zone resolution library file (the primary record is PTR)
650) this.width=650; "title=" 28.png "alt=" wkiol1nkuo2cjn-haaawnacktsc293.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m01/a7/42/wkiol1nkuo2cjn-haaawnacktsc293.png-wh_500x0-wm_3-wmp_4-s_3883773852.png "/>

Permission and modification of the genus Group;
650) this.width=650; "title=" 29.png "alt=" wkiom1nku7qsy0raaabplo6tk4c112.png-wh_50 "src=" https://s2.51cto.com/ Wyfs02/m00/08/92/wkiom1nku7qsy0raaabplo6tk4c112.png-wh_500x0-wm_3-wmp_4-s_3094018997.png "/>

Check for syntax errors;
650) this.width=650; "title=" 30.png "alt=" wkiom1nku8fwukv3aaab3xijgg4798.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m01/08/92/wkiom1nku8fwukv3aaab3xijgg4798.png-wh_500x0-wm_3-wmp_4-s_3785668907.png "/>

3) Let the server reload the configuration file and the zone data file, and verify; 650) this.width=650; "title=" 31.png "alt=" wkiol1nkurvsdqugaaav8e5xtk4459.png-wh_50 "src=" Https://s3.51cto.com/wyfs02/M02/A7/42/wKioL1nkURvSDQUgAAAv8e5XTK4459.png-wh_500x0-wm_3-wmp_4-s_362818845.png "/ >


Master-Slave Server:
Note: From the server is the concept of the zone level;
Configure one from the zone:
The master server is configured above: 192.168.19.128
Prepare another host for slave server: 192.168.19.134
The first is to configure a cache DNS server from the zone to modify the configuration in the master configuration file;
650) this.width=650; "title=" 32.png "alt=" wkiom1nku9zqmq0baacokfqbwtq738.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m01/08/92/wkiom1nku9zqmq0baacokfqbwtq738.png-wh_500x0-wm_3-wmp_4-s_2684184278.png "/>

1) Modify the master server Zone library file to have the IP address pointing to the slave server in the library file
650) this.width=650; "title=" 33.png "alt=" wkiom1nku-wwcxetaabtjmfklum274.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m02/08/92/wkiom1nku-wwcxetaabtjmfklum274.png-wh_500x0-wm_3-wmp_4-s_1880158891.png "/>

2) define the area
Define one from the region;
Zone "Zone_name" in {
Type slave;
File "Slaves/zone_name.zone";
Masters {master_ip;};
};
Define the forward and reverse regions from the region;
650) this.width=650; "title=" 34.png "alt=" wkiol1nkutqaoh3aaaag5z-3068958.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m01/a7/42/wkiol1nkutqaoh3aaaag5z-3068958.png-wh_500x0-wm_3-wmp_4-s_2980852630.png "/>

3) Check for syntax errors and reload configuration and zone data files
650) this.width=650; "title=" 35.png "alt=" wkiol1nkuuxd94nqaaa1licfp2m489.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m00/a7/42/wkiol1nkuuxd94nqaaa1licfp2m489.png-wh_500x0-wm_3-wmp_4-s_3656839006.png "/>

Can be found that there is no file in the/var/named/slaves directory, after overloading, from the server to synchronize the master server files, and to classify and comment;
650) this.width=650; "title=" 36.png "alt=" wkiom1nkvamygxqeaabgynfx_re875.png-wh_50 "src=" https://s1.51cto.com/ Wyfs02/m02/08/92/wkiom1nkvamygxqeaabgynfx_re875.png-wh_500x0-wm_3-wmp_4-s_471194811.png "/>

We view the/var/log/messages file to view the synchronized log records;
650) this.width=650; "title=" 37.png "alt=" wkiol1nkuv2ysq2qaabtzwn0tbu248.png-wh_50 "src=" https://s2.51cto.com/ Wyfs02/m02/a7/42/wkiol1nkuv2ysq2qaabtzwn0tbu248.png-wh_500x0-wm_3-wmp_4-s_3935320648.png "/>

Note: From the server should be a separate server;
On master, make sure that the zone data files in each NS record from the server, and that the forward zone file requires each NS record from the server to configure a record of the host name, and that the following address is the real IP address from the server;
The server only needs to define the zone, without having to provide the parsing library file;
The primary server has to allow zone transfers from the server;
Time must be synchronized and can be done through NTP;
The version of the BIND program should be consistent; otherwise, it should be from high, master low.
When the primary name server database is modified, make sure that the corresponding serial number is added 1 so that it can be detected and updated in a timely manner from the server and overloaded.


Linux self-study note--dns and bind applications

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.