Overview and use of DNS principles
====================================
====================================
I. DNS principles
Each IP Address can have a host name. The host name is composed of one or more strings separated by decimal points. With the host name, do not memorize the IP addresses of each IP device. Just remember the host name that is relatively intuitive and meaningful. This is the function to be completed by the DNS protocol. The process of obtaining the IP address corresponding to the host name through the host name is called name resolution (or host name resolution) DNS name resolution: FQDN --> IP; IP --> FQDN (FQDN: refers to the domain name)
The DNS service listens on port 53. The DNS name must be the same as the host name. One name can correspond to multiple IP addresses, and one IP Address can also correspond to multiple names.
DNS domain name splitting diagram:
For example: www.baidu.com.
'.': Root Domain Name Server.
'Com ': a top-level domain name, a top-level domain name, and net CN Org.
'Exmple': second-level domain name, which is used by a company or individual.
'Www ': Host Name, host name, and mall. FTP are all host names.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5ViT9sZXAAEVRdSGrII028.jpg "Title =" root .png "alt =" wkiom1pm5vit9szxaaevrdsgrii028.jpg "/>
Region resolution database:
Resource Record: RR (Resource Record)
SOA: the initial Authorization Record. Only one region file can exist;
NS: Name Server
MX: email exchanger. The MX record has a priority attribute of 0-99. The smaller the value, the higher the priority.
A: FQDN --> IP address, dedicated to forward resolution Library
PTR: IP --> FQDN, used for reverse resolution
Aaaa: FQDN --> IPv6, dedicated to forward resolution Library
Cname: canonical name, formal name
DNS query method
Iterative query: The Local Domain Name Server usually uses iterative query to query the Root Domain Name Server. When the root domain name server receives an iterative query request message from the Local Domain Name Server, either the IP address to be queried is provided or the Local Domain Name Server is notified: "Which Domain Name Server should you query next ". Then let the local Domain Name Server perform subsequent queries
Recursive query: the host generally uses recursive query to query the Local Domain Name Server. If the local domain name server on the host does not know the IP address of the domain name to be queried, the Local Domain Name Server takes the DNS customer's copy, sending a query request message to another Root Domain Name Server will give the client an accurate return result, whether it is successful or not.
DNS server type:
MASTER: The primary DNS server has a forward and reverse configuration file and manages the region.
SLAVE: The slave DNS server backs up the DNS database from the primary DNS server to achieve DNS resolution. (The file synchronization process of the Resolution database is called regional transfer. The transfer is in the single direction, because only the DNS database is obtained from the server to the master server. Regional transfer is divided into: full regional transfer: axfer; incremental region transfer: ixfer)
Forward: Send query requests to other DNS servers.
Cache: cache server. It caches the last resolution on the client to the server. refresh it later.
Hint: Root DNS Server
Ii. Bind installation configuration and forward/reverse Parsing
BIND: bekerley Internet Name Domain
Service Script:/etc/rc. d/init. d/named
Main configuration file:/etc/named. conf,/etc/named. rfc1912.zones
Region resolution library file:/var/named/zone_name.zone
Security:
Service processes run as system users: named, named
Run in the chroot model, that is, the jail environment.
Lab environment:
Set up the environment: centos6.5 x86_64 Virtual Machine (VM), and perform DNS master-slave replication.
Installation Package: Use Yum to install bind-9.8.2-0.17.rc1.el6_4.6.x86_ 64rpm.
Master DNS Server IP Address: 172.16.25.1
Slave DNS Server IP Address: 172.16.25.4
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5iqxAW2zAADwayQ7hjU642.jpg "Title =" 1.jpg" alt = "wkiom1pm5iqxaw2zaadwayq7hju642.jpg"/>
Install the Bind package on the primary DNS Server
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm53-QGValAAAfxc_1RQY887.jpg "Title =" 1.1.jpg "alt =" wKioL1Pm53-QGValAAAfxc_1RQY887.jpg "/> 650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5nayn2h0AAK7cf3B-qQ416.jpg "Title =" 2.jpg" alt = "wKiom1Pm5nayn2h0AAK7cf3B-qQ416.jpg"/>
Configure the named. conf file and comment out the information that is not currently in use (// indicates the annotation)
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm56-xfiAPAAAqkgRCR4w727.jpg "Title =" 3.jpg" alt = "wKioL1Pm56-xfiAPAAAqkgRCR4w727.jpg"/>
Edit this file and add a forward resolution Area
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4D/wKioL1Pm57eSG9ALAABsNw9Z2Mk241.jpg "Title =" 4.jpg" alt = "wkiol1pm57esg9alaabsnw9z2mk241.jpg"/>
The specified region is learning.com, which is defined as the primary DNS server and the specified file is learn.com. Zone.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5qrCL79mAAAlWhBf8P4751.jpg "Title =" 5.jpg" alt = "wkiom1pm5qrcl79maaalwhbf8p4751.jpg"/>
After adding the forward resolution area, create the configuration file "learn.com. Zone"
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm58_y3dfDAADlwk2zvnI711.jpg "Title =" 6.jpg" alt = "wkiol1pm58_y3dfdaadlwk2zvni711.jpg"/>
Enter the required parsed information in the configuration file.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4C/wKiom1Pm5sOif5OvAAGAB0X05EA116.jpg "Title =" 7.jpg" alt = "wkiom1pm5soif5ovaagab0x05ea116.jpg"/>
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm5-6j-e7VAAAhBbqI8O8356.jpg "Title =" 8.jpg" alt = "wKioL1Pm5-6j-e7VAAAhBbqI8O8356.jpg"/>
After the configuration file is filled in, you need to modify the File Permission and group, and then check whether the File Syntax is correct,
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4C/wKiom1Pm5uPwjPiTAABM4QdPsKo225.jpg "Title =" 9.jpg" alt = "wkiom1pm5upwjpitaabm4qdpsko225.jpg"/>
Restart the service to complete the configuration of forward resolution
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4D/wKioL1Pm6Anx9mE_AAAiiM2Y9IY859.jpg "Title =" 10.jpg" alt = "wkiol1pm6anx9me_aaaiim2y9iy859.jpg"/>
Modify this file again and add the reverse resolution Area
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm6CWCnt-3AABGmVrSfrY991.jpg "Title =" 11.jpg" alt = "wKioL1Pm6CWCnt-3AABGmVrSfrY991.jpg"/>
Define the region name 25.16.172.in-ADDR. ARPA. Specify the primary DNS server and the configuration file is 172.16.25.zone.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4C/wKiom1Pm5xqTuhoDAAGBj2hFNc4544.jpg "Title =" 12.jpg" alt = "wkiom1pm5xqtuhodaagbj2hfnc4544.jpg"/>
Copy the created forward resolution configuration file to the reverse resolution configuration file and use-P to copy its permission information.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm6D7wczxYAAAiFG_-32Y034.jpg "Title =" 13.jpg" alt = "wKioL1Pm6D7wczxYAAAiFG_-32Y034.jpg"/>
Then edit the reverse resolution File
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4C/wKiom1Pm5y-yRI3hAACY_Kc1i_U233.jpg "Title =" 14.jpg" alt = "wKiom1Pm5y-yRI3hAACY_Kc1i_U233.jpg"/>
Define configuration information in this file
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm5zigQX5AAABv7IpEl-w137.jpg "Title =" 15.jpg" alt = "wKiom1Pm5zigQX5AAABv7IpEl-w137.jpg"/>
Check whether the syntax is correct and configure reverse resolution.
Test with a client tool:
1. Host
Syntax: Host-T rrtypename [server]
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4D/wKioL1Pm6FyypJa9AACZjJMRD-4545.jpg "Title =" 16.jpg" alt = "wKioL1Pm6FyypJa9AACZjJMRD-4545.jpg"/>
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4C/wKiom1Pm51Szv_tUAAFsHL-uRmM697.jpg "Title =" 17.jpg" alt = "wKiom1Pm51Szv_tUAAFsHL-uRmM697.jpg"/>
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4D/wKioL1Pm6H-gLb3CAACou7ewdfc560.jpg "Title =" 18.jpg" alt = "wKioL1Pm6H-gLb3CAACou7ewdfc560.jpg"/>
2. NSLookup
Use Server IP address in the command: Specify the IP address of the host to be viewed
Set type = view {A | SOA | NS | MX} records
Name: query name
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/45/4C/wKiom1Pm53HRBVsZAAENnczhpDo389.jpg "Title =" 19.jpg" alt = "wkiom1pm53hrbvszaaennczhpdo389.jpg"/>
3. Dig
Format: Dig-T type name @ Server
You can also use tracking to view the entire parsing process.
+ Trace: trace the parsing process
+ Notrace: the parsing process is not tracked.
+ Recurse: recursive query
+ Norecurse: Non-recursive query
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/45/4D/wKioL1Pm6JujKMkbAAIdNju8E4Y332.jpg "Title =" w.jpg" alt = "wkiol1pm6jujkmkbaaidnju8e4y332.jpg"/>
Use this command to view forward resolution information
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/45/4C/wKiom1Pm55KxFC_CAAInO3PmqcA154.jpg "Title =" 21.jpg" alt = "wkiom1pm55kxfc_caaino3pmqca154.jpg"/>
Use this command to view reverse resolution information
Master-slave replication, subdomain authorization and forwarding, ACL, and view will be illustrated in detail in the next blog, so stay tuned!
This article is from the "Learning ing" blog, please be sure to keep this source http://nydia.blog.51cto.com/6404696/1538137