Overview and use of DNS principles

Overview and use of DNS principles

====================================

• • DNS principles

  • Bind installation configuration and reverse Parsing

  • Master-slave Replication

  • Subdomain authorization and forwarding

  • ACL and view

====================================

 

I. DNS principles

Each IP Address can have a host name. The host name is composed of one or more strings separated by decimal points. With the host name, do not memorize the IP addresses of each IP device. Just remember the host name that is relatively intuitive and meaningful. This is the function to be completed by the DNS protocol. The process of obtaining the IP address corresponding to the host name through the host name is called name resolution (or host name resolution) DNS name resolution: FQDN --> IP; IP --> FQDN (FQDN: refers to the domain name)

The DNS service listens on port 53. The DNS name must be the same as the host name. One name can correspond to multiple IP addresses, and one IP Address can also correspond to multiple names.

DNS domain name splitting diagram:

For example: www.baidu.com.

'.': Root Domain Name Server.

'Com ': a top-level domain name, a top-level domain name, and net CN Org.

'Exmple': second-level domain name, which is used by a company or individual.

'Www ': Host Name, host name, and mall. FTP are all host names.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5ViT9sZXAAEVRdSGrII028.jpg "Title =" root .png "alt =" wkiom1pm5vit9szxaaevrdsgrii028.jpg "/>

 

Region resolution database:

Resource Record: RR (Resource Record)

SOA: the initial Authorization Record. Only one region file can exist;

NS: Name Server

MX: email exchanger. The MX record has a priority attribute of 0-99. The smaller the value, the higher the priority.

A: FQDN --> IP address, dedicated to forward resolution Library

PTR: IP --> FQDN, used for reverse resolution

Aaaa: FQDN --> IPv6, dedicated to forward resolution Library

Cname: canonical name, formal name

DNS query method

Iterative query: The Local Domain Name Server usually uses iterative query to query the Root Domain Name Server. When the root domain name server receives an iterative query request message from the Local Domain Name Server, either the IP address to be queried is provided or the Local Domain Name Server is notified: "Which Domain Name Server should you query next ". Then let the local Domain Name Server perform subsequent queries

Recursive query: the host generally uses recursive query to query the Local Domain Name Server. If the local domain name server on the host does not know the IP address of the domain name to be queried, the Local Domain Name Server takes the DNS customer's copy, sending a query request message to another Root Domain Name Server will give the client an accurate return result, whether it is successful or not.

 

DNS server type:

MASTER: The primary DNS server has a forward and reverse configuration file and manages the region.

SLAVE: The slave DNS server backs up the DNS database from the primary DNS server to achieve DNS resolution. (The file synchronization process of the Resolution database is called regional transfer. The transfer is in the single direction, because only the DNS database is obtained from the server to the master server. Regional transfer is divided into: full regional transfer: axfer; incremental region transfer: ixfer)

Forward: Send query requests to other DNS servers.

Cache: cache server. It caches the last resolution on the client to the server. refresh it later.

Hint: Root DNS Server

 

Ii. Bind installation configuration and forward/reverse Parsing

BIND: bekerley Internet Name Domain

Service Script:/etc/rc. d/init. d/named

Main configuration file:/etc/named. conf,/etc/named. rfc1912.zones

Region resolution library file:/var/named/zone_name.zone

Security:

Service processes run as system users: named, named

Run in the chroot model, that is, the jail environment.

Lab environment:

Set up the environment: centos6.5 x86_64 Virtual Machine (VM), and perform DNS master-slave replication.

Installation Package: Use Yum to install bind-9.8.2-0.17.rc1.el6_4.6.x86_ 64rpm.

Master DNS Server IP Address: 172.16.25.1

Slave DNS Server IP Address: 172.16.25.4

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5iqxAW2zAADwayQ7hjU642.jpg "Title =" 1.jpg" alt = "wkiom1pm5iqxaw2zaadwayq7hju642.jpg"/>

Install the Bind package on the primary DNS Server

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm53-QGValAAAfxc_1RQY887.jpg "Title =" 1.1.jpg "alt =" wKioL1Pm53-QGValAAAfxc_1RQY887.jpg "/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5nayn2h0AAK7cf3B-qQ416.jpg "Title =" 2.jpg" alt = "wKiom1Pm5nayn2h0AAK7cf3B-qQ416.jpg"/>

Configure the named. conf file and comment out the information that is not currently in use (// indicates the annotation)

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm56-xfiAPAAAqkgRCR4w727.jpg "Title =" 3.jpg" alt = "wKioL1Pm56-xfiAPAAAqkgRCR4w727.jpg"/>

Edit this file and add a forward resolution Area

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4D/wKioL1Pm57eSG9ALAABsNw9Z2Mk241.jpg "Title =" 4.jpg" alt = "wkiol1pm57esg9alaabsnw9z2mk241.jpg"/>

The specified region is learning.com, which is defined as the primary DNS server and the specified file is learn.com. Zone.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5qrCL79mAAAlWhBf8P4751.jpg "Title =" 5.jpg" alt = "wkiom1pm5qrcl79maaalwhbf8p4751.jpg"/>

After adding the forward resolution area, create the configuration file "learn.com. Zone"

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm58_y3dfDAADlwk2zvnI711.jpg "Title =" 6.jpg" alt = "wkiol1pm58_y3dfdaadlwk2zvni711.jpg"/>

Enter the required parsed information in the configuration file.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4C/wKiom1Pm5sOif5OvAAGAB0X05EA116.jpg "Title =" 7.jpg" alt = "wkiom1pm5soif5ovaagab0x05ea116.jpg"/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm5-6j-e7VAAAhBbqI8O8356.jpg "Title =" 8.jpg" alt = "wKioL1Pm5-6j-e7VAAAhBbqI8O8356.jpg"/>

After the configuration file is filled in, you need to modify the File Permission and group, and then check whether the File Syntax is correct,

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4C/wKiom1Pm5uPwjPiTAABM4QdPsKo225.jpg "Title =" 9.jpg" alt = "wkiom1pm5upwjpitaabm4qdpsko225.jpg"/>

Restart the service to complete the configuration of forward resolution

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4D/wKioL1Pm6Anx9mE_AAAiiM2Y9IY859.jpg "Title =" 10.jpg" alt = "wkiol1pm6anx9me_aaaiim2y9iy859.jpg"/>

Modify this file again and add the reverse resolution Area

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm6CWCnt-3AABGmVrSfrY991.jpg "Title =" 11.jpg" alt = "wKioL1Pm6CWCnt-3AABGmVrSfrY991.jpg"/>

Define the region name 25.16.172.in-ADDR. ARPA. Specify the primary DNS server and the configuration file is 172.16.25.zone.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4C/wKiom1Pm5xqTuhoDAAGBj2hFNc4544.jpg "Title =" 12.jpg" alt = "wkiom1pm5xqtuhodaagbj2hfnc4544.jpg"/>

Copy the created forward resolution configuration file to the reverse resolution configuration file and use-P to copy its permission information.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm6D7wczxYAAAiFG_-32Y034.jpg "Title =" 13.jpg" alt = "wKioL1Pm6D7wczxYAAAiFG_-32Y034.jpg"/>

Then edit the reverse resolution File

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4C/wKiom1Pm5y-yRI3hAACY_Kc1i_U233.jpg "Title =" 14.jpg" alt = "wKiom1Pm5y-yRI3hAACY_Kc1i_U233.jpg"/>

Define configuration information in this file

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5zigQX5AAABv7IpEl-w137.jpg "Title =" 15.jpg" alt = "wKiom1Pm5zigQX5AAABv7IpEl-w137.jpg"/>

Check whether the syntax is correct and configure reverse resolution.

 

Test with a client tool:

1. Host

Syntax: Host-T rrtypename [server]

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm6FyypJa9AACZjJMRD-4545.jpg "Title =" 16.jpg" alt = "wKioL1Pm6FyypJa9AACZjJMRD-4545.jpg"/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4C/wKiom1Pm51Szv_tUAAFsHL-uRmM697.jpg "Title =" 17.jpg" alt = "wKiom1Pm51Szv_tUAAFsHL-uRmM697.jpg"/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm6H-gLb3CAACou7ewdfc560.jpg "Title =" 18.jpg" alt = "wKioL1Pm6H-gLb3CAACou7ewdfc560.jpg"/>

2. NSLookup

Use Server IP address in the command: Specify the IP address of the host to be viewed

Set type = view {A | SOA | NS | MX} records

Name: query name

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4C/wKiom1Pm53HRBVsZAAENnczhpDo389.jpg "Title =" 19.jpg" alt = "wkiom1pm53hrbvszaaennczhpdo389.jpg"/>

3. Dig

Format: Dig-T type name @ Server

You can also use tracking to view the entire parsing process.

+ Trace: trace the parsing process

+ Notrace: the parsing process is not tracked.

+ Recurse: recursive query

+ Norecurse: Non-recursive query

 

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4D/wKioL1Pm6JujKMkbAAIdNju8E4Y332.jpg "Title =" w.jpg" alt = "wkiol1pm6jujkmkbaaidnju8e4y332.jpg"/>

Use this command to view forward resolution information

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm55KxFC_CAAInO3PmqcA154.jpg "Title =" 21.jpg" alt = "wkiom1pm55kxfc_caaino3pmqca154.jpg"/>

Use this command to view reverse resolution information

Master-slave replication, subdomain authorization and forwarding, ACL, and view will be illustrated in detail in the next blog, so stay tuned!

This article is from the "Learning ing" blog, please be sure to keep this source http://nydia.blog.51cto.com/6404696/1538137