Dns_bind_ forward and reverse domain name resolution
Bind Service supports TSIG Secure encryption transfer mechanism
DNS domain name resolution service for resolving domain name and IP address correspondence Service
forward parsing: Based on the domain name lookup corresponding IP Address
Reverse parsing: based on IP address lookup for the corresponding domain name
DNS structure Model:
however, depending on the number of DNS servers can not meet the needs of global users, so the form of work is divided into primary, slave, cache server
Primary server: Unique within a specific region, responsible for maintaining domain names within the zone and IP Correspondence Relationship
from server: Get the domain name from the master server and IP correspondence relationship and maintenance, which plays a backup role
Cache server: improve the efficiency of duplicate queries by querying other DNS servers for domain name and IP address correspondence
DNS queries are divided into recursive queries and iterative queries:
recursive query: For the client to DNS Server queries
iterative queries: For DNS servers to query to other DNS servers
DNS Query Flowchart:
installation Bind Service program:
[Email protected] ~]# yum-y install bind-chroot installed:bind:9.9. 4-el7 Dependency installed :9.9. 4-el7 complete!
Domain Name Resolution service BIND 's program is called named .
Primary domain |
/usr/sbin/named |
Master configuration file |
/etc/named.conf |
Zone configuration file |
/etc/named.rfc1912.zones |
To view the configuration file (with two modifications):
//provided by Red Hat bind package To configure the ISC bind named (8) DNS//server as a caching only nameserver (as a localhost, DNS resolver only).////see/usr/share/doc/bind*/sample/for example named configuration files.//Options {Listen-on Port -{127.0.0.1; }; #修改为dns服务器的ip或者anyListen-ON-V6 Port -{ ::1; }; Directory"/var/named";d UMP-file"/var/named/data/cache_dump.db"; Statistics-file"/var/named/data/named_stats.txt"; Memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query {localhost;}; #修改为any, Representative allows any host query /*-If you is building an authoritative DNS server, does not enable recursion.-If you are building a RECURSIVE (Cachin g) DNS server, you need to enable recursion. -If your recursive DNS server has a public IP address, you must enable access control to the limit queries to your Legitima Te users. Failing to does so would cause your server to become part of the large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface*/recursion yes; DNSSEC-Enable Yes;dnssec-Validation Yes;dnssec-lookaside Auto;/*Path to ISC DLV key*/Bindkeys-file"/etc/named.iscdlv.key"; managed-keys-directory"/var/named/dynamic"; PID-file"/run/named/named.pid"; session-keyfile"/run/named/session.key";}; Logging {Channel Default_debug {file"Data/named.run"; SeverityDynamic; };}; Zone"."In {type Hint;file"named.ca";}; Include"/etc/named.rfc1912.zones"; include"/etc/named.root.key";
First, forward the domain name resolution
To modify a configuration file:
[[email protected] ~]# vim/etc/"dns.com" in { type master; " Dns.com.zone " ; Allow-update {none;}; };
To query the main configuration and zone file syntax errors using named-checkconf\named-checkzone:
[Email protected] ~]# named-checkconf/etc/named.conf
To configure parsing data information:
to parse a template file using a forward file:"/var/named/named.localhost"
[[Email protected] ~]# CD/var/named/[email protected] named]# CP-A/var/named/named.localhost Dns.com.zone[[email protected] named]# ll Total -drwxr-X---.7Root named AboutOct - the: -chroot drwxrwx---.2Named named6Jan in theData-rw-r-----.1Root named theJune + -Dns.com.zone drwxrwx---.2Named named6Jan in the Dynamic-rw-r-----.1Root named2076Jan - -named.ca-rw-r-----.1Root named theDec the theNamed.empty-rw-r-----.1Root named theJune + -Named.localhost-rw-r-----.1Root named168Dec the theNamed.loopback drwxrwx---.2Named named6Jan in theslaves[[email protected] named]# vim Dns.com.zone $TTL 1D @ in SOA dns.com. Root.dns.com. (0; serial 1D; Refresh 1H ; Retry 1W; Expire 3H); Minimum NS ns.dns.com. NS A192.168.200.102www A192.168.200.10BBS A192.168.200.20
To check the zone resolution file:
[[email protected] named]# named-checkzone dns.com dns.com.zone zone dns.com0 OK
Restart the named service and verify the results:
[[email protected] named]# systemctl restart Named[[email protected] named]# nslookup www.dns.com Server: :: 1 Address :: 1#192.168. 200.10 [email protected] named]# nslookup bbs.dns.com Server: :: 1 Address :: 1#53
192.168. 200.20
Second, reverse resolution ( query the domain name by IP address)
To configure zone data information:
[[email protected] named]# vim/etc/"200.168.192.in-addr.arpa" in { type master; " 192.168.200.arpa " ; };
To configure parsing data information:
reverse parsing using reverse parsing template file:"/var/named/named.loopback"
[Email protected] named]# cp-a/var/named/named.loopback192.168. $. Arpa[[email protected] named]# vim192.168. $. arpa $TTL 1D @ in SOA dns.com. root.dns.com. (0; serial 1D; Refresh 1H ; Retry 1W; Expire 3H); Minimum NS ns.dns.com. 102PTR ns.dns.com. TenPTR www.dns.com. -PTR bbs.dns.com. [email protected] named]# named-checkzone200.168.192.inch-addr.arpa192.168. $. arpa Zone200.168.192.inch-addr.arpa/in:loaded serial0OK
Restart the named service to verify the results:
[email protected] named]# systemctl restart Named[[email protected] named]# nslookup192.168.200.10Server: :1Address ::1# - 10.200.168.192.inch-addr.arpaname =www.dns.com. [email protected] named]# nslookup192.168.200.20Server: :1Address ::1# - 20.200.168.192.inch-addr.arpaname = bbs.dns.com.
linux[Basic]-33-[dns Server]-[forward and reverse Domain name resolution]-[01]