linux[Basic]-33-[dns Server]-[forward and reverse Domain name resolution]-[01]

Dns_bind_ forward and reverse domain name resolution

Bind Service supports TSIG Secure encryption transfer mechanism

DNS domain name resolution service for resolving domain name and IP address correspondence Service

forward parsing: Based on the domain name lookup corresponding IP Address

Reverse parsing: based on IP address lookup for the corresponding domain name

DNS structure Model:

however, depending on the number of DNS servers can not meet the needs of global users, so the form of work is divided into primary, slave, cache server

Primary server: Unique within a specific region, responsible for maintaining domain names within the zone and IP Correspondence Relationship

from server: Get the domain name from the master server and IP correspondence relationship and maintenance, which plays a backup role

Cache server: improve the efficiency of duplicate queries by querying other DNS servers for domain name and IP address correspondence

DNS queries are divided into recursive queries and iterative queries:

recursive query: For the client to DNS Server queries

iterative queries: For DNS servers to query to other DNS servers

DNS Query Flowchart:

installation Bind Service program:

[Email protected] ~]# yum-y install bind-chroot installed:bind:9.9. 4-el7                                                                                      Dependency installed  :9.9.  4-el7                                                                                              complete!

Domain Name Resolution service BIND 's program is called named .

Primary domain	/usr/sbin/named
Master configuration file	/etc/named.conf
Zone configuration file	/etc/named.rfc1912.zones

To view the configuration file (with two modifications):

//provided by Red Hat bind package To configure the ISC bind named (8) DNS//server as a caching only nameserver (as a localhost, DNS resolver only).////see/usr/share/doc/bind*/sample/for example named configuration files.//Options {Listen-on Port -{127.0.0.1; }; #修改为dns服务器的ip或者anyListen-ON-V6 Port -{ ::1; }; Directory"/var/named";d UMP-file"/var/named/data/cache_dump.db"; Statistics-file"/var/named/data/named_stats.txt"; Memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query {localhost;}; #修改为any, Representative allows any host query /*-If you is building an authoritative DNS server, does not enable recursion.-If you are building a RECURSIVE (Cachin g) DNS server, you need to enable recursion. -If your recursive DNS server has a public IP address, you must enable access control to the limit queries to your Legitima Te users. Failing to does so would cause your server to become part of the large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface*/recursion yes; DNSSEC-Enable Yes;dnssec-Validation Yes;dnssec-lookaside Auto;/*Path to ISC DLV key*/Bindkeys-file"/etc/named.iscdlv.key"; managed-keys-directory"/var/named/dynamic"; PID-file"/run/named/named.pid"; session-keyfile"/run/named/session.key";}; Logging {Channel Default_debug {file"Data/named.run"; SeverityDynamic; };}; Zone"."In {type Hint;file"named.ca";}; Include"/etc/named.rfc1912.zones"; include"/etc/named.root.key";

First, forward the domain name resolution

To modify a configuration file:

[[email protected] ~]# vim/etc/"dns.com" in {        type master;        " Dns.com.zone "　　;        Allow-update {none;}; };

To query the main configuration and zone file syntax errors using named-checkconf\named-checkzone:

[Email protected] ~]# named-checkconf/etc/named.conf

To configure parsing data information:

to parse a template file using a forward file:"/var/named/named.localhost"

[[Email protected] ~]# CD/var/named/[email protected] named]# CP-A/var/named/named.localhost Dns.com.zone[[email protected] named]# ll Total -drwxr-X---.7Root named AboutOct -  the: -chroot drwxrwx---.2Named named6Jan in   theData-rw-r-----.1Root named theJune +   -Dns.com.zone drwxrwx---.2Named named6Jan in   the Dynamic-rw-r-----.1Root named2076Jan -   -named.ca-rw-r-----.1Root named theDec the   theNamed.empty-rw-r-----.1Root named theJune +   -Named.localhost-rw-r-----.1Root named168Dec the   theNamed.loopback drwxrwx---.2Named named6Jan in   theslaves[[email protected] named]# vim Dns.com.zone $TTL 1D @ in SOA dns.com. Root.dns.com. (0; serial 1D; Refresh 1H ; Retry 1W; Expire 3H);　　Minimum NS ns.dns.com. NS A192.168.200.102www A192.168.200.10BBS A192.168.200.20

To check the zone resolution file:

[[email protected] named]# named-checkzone dns.com dns.com.zone zone dns.com0  OK

Restart the named service and verify the results:

[[email protected] named]# systemctl restart Named[[email protected] named]# nslookup www.dns.com Server: :: 1 Address :: 1#192.168. 200.10 [email protected] named]# nslookup bbs.dns.com Server: :: 1 Address :: 1#53

192.168. 200.20

Second, reverse resolution ( query the domain name by IP address)

To configure zone data information:

[[email protected] named]# vim/etc/"200.168.192.in-addr.arpa" in {        type master;         " 192.168.200.arpa "　　; };

To configure parsing data information:

reverse parsing using reverse parsing template file:"/var/named/named.loopback"

[Email protected] named]# cp-a/var/named/named.loopback192.168. $. Arpa[[email protected] named]# vim192.168. $. arpa $TTL 1D @ in SOA dns.com. root.dns.com. (0; serial 1D; Refresh 1H ; Retry 1W; Expire 3H);　　Minimum NS ns.dns.com. 102PTR ns.dns.com. TenPTR www.dns.com.  -PTR bbs.dns.com. [email protected] named]# named-checkzone200.168.192.inch-addr.arpa192.168. $. arpa Zone200.168.192.inch-addr.arpa/in:loaded serial0OK

Restart the named service to verify the results:

[email protected] named]# systemctl restart Named[[email protected] named]# nslookup192.168.200.10Server: :1Address ::1# -  　　 10.200.168.192.inch-addr.arpaname =www.dns.com. [email protected] named]# nslookup192.168.200.20Server: :1Address ::1# -  　　 20.200.168.192.inch-addr.arpaname = bbs.dns.com.

linux[Basic]-33-[dns Server]-[forward and reverse Domain name resolution]-[01]