Preliminary summary of DNS learning

Friendly tip: The experimental platform of VMware + Centos6.6 x86_64, the command involved only for the implementation of the work model, not as a production server configuration basis.

Content Summary:

Working model of 1.DNS

2.DNS positive and negative analytic implementation

3.DNS Master-Slave synchronization

I. DNS fine-grained knowledge points

1.1) Dns:domain name Service is an application-level protocol that parses the domain name from the IP address.

Using UDP53 to do DNS query replies

Use TCP53 to do DNS slave-to-server zone file transfer.

1.2) The structure of the domain name:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E6/wKiom1U5rDajv0xZAAD39YvG0Ek330.jpg "title=" 12.png "alt=" Wkiom1u5rdajv0xzaad39yvg0ek330.jpg "/>

1.3) host to do domain name lookup process:

Client--> Local Host file---->local Cache---> (recursion recursive) DNS Server----->server Cache----> (Iteration iteration) internet DNS domain Name server

* Any link found after stop back position search

Centos 6.6 Host File location:/etc/hosts

On WINDOWS host Location:%windows%/system32/drivers/etc/hosts

1.4) How to find:

Recursive lookup: Recursion, after initiating a domain lookup, you will get a definite answer.

Iterative lookup: Iteration, after initiating a domain lookup, get a reference answer, but also according to the reference answer, query other servers.

The DNS server provided by the host and the local operator is a recursive query, and a query request is sent to get a clear answer.

Operator DNS instead of the client to query the address, first search the root zone, from the global 13 root servers to choose the fastest, process programs, such as Find www.51cto.com, first find root server, root server response let go to find. com domain name server, carrier DNS Go find the. com domain name server, the. com server responds to the domain name server address of the 51cto.com domain, the carrier DNS Then find 51cto.com domain name server, get www.51cto.com corresponding IP address, and return to the client, this is the iterative query.

1.5) Legalization of domain name servers

Suppose jx.santan.com is a DNS server within the santan.com domain, if it wants to legalize:

(1) A routable IP address provided by a local internet operator

(2) The normal work of providing domain name query software and santan.com domain resource files.

(3) There are related resource record entries in the parent domain. COM server.

1.6) Type of DNS server:
Primary DNS server: maintains the resolved library server within the domain that is responsible for parsing, and the library files are maintained by the administrator.
Secondary DNS server: From the primary DNS server or from other DNS servers where zone transfer resolves the library
Cache DNS server: With LAN hosts do DNS queries, the results are temporarily in the cache, easy to quickly find the next time.

1.7) The resource record type maintained by the DNS server:

Resource record: Resource record, RR
Record type: A, AAAA, PTR, SOA, NS, CNAME, MX
Soa:start of authority, starting authorization record; A zone resolution library has and can have only one SOA record, and must be the first record of the parsing library;

A:internet address, which indicates: The FQDN corresponds to the IP addresses.
AAAA: indicated: IPV6 address for FQDN
Ptr:pointer, reverse recording, indicating: FQDN of IP address
Ns:name server, indicating the DNS server for the current zone
Cname:canonical name, alias record
Mx:mail eXchanger, mail exchange records, define mail servers within the region.

1.8) software that provides DNS services

Software: Bind,

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E4/wKioL1U5wCWAZY_TAANkpEACiDQ287.jpg "title=" 15.png "alt=" Wkiol1u5wcwazy_taankpeacidq287.jpg "/>

Two. DNS positive and negative analytic model implementation

* Please shut down the firewall and SELinux, the following configuration only to implement the DNS working model, you do not think too much.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/E7/wKiom1U5uYTzwqUIAANqo6jq69E600.jpg "title=" 14.png "alt=" Wkiom1u5uytzwquiaanqo6jq69e600.jpg "/>

Configuration on Test01.lijun.com:

2.1) Install bind software:

It is recommended to use Yum installation, bind,bind-libs,bind-utils these three packages are required. Bind-chroot is selected under the experimental environment.

2.2) configuration File settings:

The DNS configuration file is divided into the main profile and zone profile, where the primary profile in/etc/named.conf should contain at least three pieces of information, the configuration of the root, local, and 127.0.0.1, and the zone configuration file is stored under the/var/name path. Each file is used to specify a zone, and the name is consistent with the configuration in/etc/named.conf.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/E8/wKiom1U5wk2Tls0fAANsTsd0X5w756.jpg "title=" 17.png "alt=" wkiom1u5wk2tls0faanstsd0x5w756.jpg "/> 2.3) zone configuration file settings:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E8/wKiom1U5wy2BCLubAAUep4MS6kQ666.jpg "title=" 16.png "alt=" Wkiom1u5wy2bclubaauep4ms6kq666.jpg "/>

[email protected] named]# vim Lijun.com.zone the file is a forward parsing file for the lijun.com domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/E4/wKioL1U5xziTVPx0AAIMasnmljE730.jpg "title=" 17.png "alt=" Wkiol1u5xzitvpx0aaimasnmlje730.jpg "/>

[[email protected] named]# Vim 192.168.100.zone The file is a reverse parsing file for the lijun.com domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E5/wKioL1U50l3Tb5vYAAFr_OOPTeA040.jpg "title=" 11.png "alt=" Wkiol1u50l3tb5vyaafr_ooptea040.jpg "/>

2.4) Start the service

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E4/wKioL1U5y1nT_r84AANKlhosSlc172.jpg "title=" 19.png "alt=" Wkiol1u5y1nt_r84aanklhosslc172.jpg "/>

2.5) Verifying the configuration

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/E4/wKioL1U50b2ShQtWAAM4rc24GYw581.jpg "title=" 113. PNG "alt=" wkiol1u50b2shqtwaam4rc24gyw581.jpg "/>

Three. DNS master-Slave synchronization model implementation

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E8/wKiom1U50UfQ3kfEAANqo6jq69E999.jpg "title=" 14.png "alt=" Wkiom1u50ufq3kfeaanqo6jq69e999.jpg "/>

3.1) Add NS and A records about the secondary DNS server on the primary DNS server

[Email protected] named]# Vim/var/named/lijun.com.zone

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E8/wKiom1U50iCT3TplAAHyVzaa6_M856.jpg "title=" 12.png "alt=" Wkiom1u50ict3tplaahyvzaa6_m856.jpg "/>

[Email protected] named]# Vim/var/named/192.168.100.zone

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E5/wKioL1U51AjTydOjAAHpb-XNPNU159.jpg "title=" 13.png "alt=" Wkiol1u51ajtydojaahpb-xnpnu159.jpg "/>

3.2) Auxiliary DNS settings

To install the BIND package:

[email protected] ~]# Yum install bind-y

To write the bind master configuration file:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E5/wKioL1U51aygO5YSAADkm-9njlo794.jpg "title=" 21.png "alt=" Wkiol1u51aygo5ysaadkm-9njlo794.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/E9/wKiom1U51YeDwXtfAANZLX9C0GM682.jpg "title=" 22.png "alt=" Wkiom1u51yedwxtfaanzlx9c0gm682.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E9/wKiom1U51fDxTZ9lAAKffNsMd3g478.jpg "title=" 23.png "alt=" Wkiom1u51fdxtz9laakffnsmd3g478.jpg "/>

3.3) Analysis of auxiliary DNS under test

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E5/wKioL1U5193w91JtAAQ2ZcGje_I591.jpg "title=" 24.png "alt=" Wkiol1u5193w91jtaaq2zcgje_i591.jpg "/>

3.5) Modify the settings in the primary DNS server to observe the transfer between the primary and secondary DNS servers

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E9/wKiom1U51zWzxNdwAAGn3EXZrnc465.jpg "title=" 26.png "alt=" Wkiom1u51zwzxndwaagn3exzrnc465.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E9/wKiom1U52HWz4Lh7AAJDwZfCYaY085.jpg "title=" 29.png "alt=" Wkiom1u52hwz4lh7aajdwzfcyay085.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/E9/wKiom1U52BGQoRvCAAF1dYmvoZE729.jpg "title=" 28.png "alt=" Wkiom1u52bgqorvcaaf1dymvoze729.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/E5/wKioL1U52lHjvT6JAAGNkOwvpfk363.jpg "title=" 30.png "alt=" Wkiol1u52lhjvt6jaagnkowvpfk363.jpg "/>

Preliminary summary to this!

This article is from the "Brother is not Pirates" blog, please be sure to keep this source http://pirateli.blog.51cto.com/10063802/1637928

Preliminary summary of DNS learning