redhat7.0 Configuring Cache DNS

Introduction : DNS (Domain Name System), the Internet as a domain name and IP address mapping of a distributed database, to make it easier for users to access the Internet, instead of remembering the number of IP strings that can be read directly by the machine. The process of obtaining the IP address of the host name through the hostname is called Domain name resolution (or hostname resolution). It runs on the UDP protocol and uses port 53.

UDP (User Datagram Protocol) is a connectionless transport layer protocol in the OSI (Open System Interconnect) Reference Model, which provides simple and unreliable information delivery services for things.

Learning Goal : Configure cache DNS to understand the functionality and purpose of DNS.

DNS resource records : DNS stores information in the form of resource records. Each record is recorded with a specific type indicating the type of data it retains

-A: Name to IPV4 address (forward record, domain name to IP)

-AAAA: Name to IPV6 address

-cname: Name to canonical name (another name that contains the A/AAAA record)

-ptr:ipv4/ipv6 Address to name (reverse record, IP to domain name)

-MX: Mail exchanger for name (where to send its e-mail)

-ns: Name server for domain name

-soa: "Authorization Start", DNS zone information (administrative information)

DNS Troubleshooting : The information displayed to determine and analyze why the DNS lookup information failed.

-noerror: Query Successful

-nxdomain:dns server prompt does not exist such a name

-servfail:dns server outage or DNSSEC response validation failed

-refused:dns server refused to answer (perhaps for access control reasons)

Cache DNS Servers :

Bind is the most widely used open source name server, in RHEL, via the BIND package, firewall open ports 53/tcp and 53/UDP, bind's main configuration file is/etc/named.conf,/var/named directory contains the name server used by its His data files.

To configure a DNS server :

Installing the BIND Package

Yum Install Bind-y

Edit/etc/named.conf configuration file

Listen-on Port: (any;}; Control named listening on the IPV4 address # #这里是监听任何地址的53端口 (any to localhost, listening on local 53 ports)

allow-query {any;}; Controls which clients can ask the DNS server for information # #允许与任何直连的网络使用 (any to localhost, allowing use with local direct-attached networks)

Dnssec-validation no; whether to make DNSSEC confirmation switch

Restart Service

Systemctl Restart named

/etc/named.conf files also have some important parameters , for example:

LISTEN-ON-V6 Port 53 controls named listening IPV6 address

forwarders {IP;}; Contains a list of DNS queries that will be forwarded to the specified name server. (rather than contacting an external name server directly, it is useful in situations where a firewall is available.) ）

How to configure forward parsing for DNS :

Editing a configuration file Vim/etc/named.rfc1912.zones

Add the following: Zone "Westos.com" in {#指定要维护的域名

Type master;

File "Westos.com.zone"; #指定A记录文件名

allow-update {none;};

};

Edit a record file:

Cd/var/named

Cp-p Named.localhost Westos.com.zone

Vim Westos.com.zone

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/83/D0/wKiom1d9AsWRz5CgAABWJOrJ5LM608.png-wh_500x0-wm_3 -wmp_4-s_1231011266.png "title=" screenshot from 2016-07-07 05:05:41.png "alt=" Wkiom1d9aswrz5cgaabwjorj5lm608.png-wh _50 "/>

Systemctl Restart named #重启服务

Dig hello.westos.com #dig View a record parsing situation

How to configure reverse resolution for DNS :

Editing a configuration file Vim/etc/named.rfc1912.zones

Add the following: Zone "254.25.172.in-addr.arpa" in {
Type master;
File "Westos.com.ptr";
allow-update {none;};
};

Cd/var/named

Cp-p Westos.com.zone Westos.com.ptr

Vim Westos.com.ptr

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/83/CF/wKioL1d9DYewQ9nwAABni4dPQbE136.png-wh_500x0-wm_3 -wmp_4-s_2214342781.png "title=" screenshot from 2016-07-07 05:53:46.png "alt=" Wkiol1d9dyewq9nwaabni4dpqbe136.png-wh _50 "/>

Systemctl Restart named

Dig-x 172.25.254.100 # Dig View Reverse parsing situation

to configure the type of DNS forward resolution :

Cd/var/named

Vim Westos.com.zone

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/83/CF/wKioL1d9G-uB4rgOAAB47LleuAc813.png-wh_500x0-wm_3 -wmp_4-s_2392676569.png "title=" screenshot from 2016-07-07 06:54:41.png "alt=" Wkiol1d9g-ub4rgoaab47lleuac813.png-wh _50 "/>

Systemctl Restart named

Dig mx westos.com #dig view MX parsing records

Note: A CNAME (alias, this record is used to point an alias to a certain host (a), record, so that no additional a record is created for the host that a new name resolves).

MX (mail exchanger), which lists the hosts responsible for receiving e-mail messages sent to the domain, typically used for sending and receiving messages.

NS (name server), this record specifies the authoritative server responsible for this DNS zone.

How to configure DNS internal and external network parsing :

Add a NIC to the desktop host and configure IP to 192.168.0.100

Cp-p/etc/named.rfc1912.zones/etc/named.inter.zones

Vim/etc/named.inter.zones

Add the following: Zone "Westos.com" in {

Type master;

File "Westos.com.inter";

allow-update {none;};

};

Vim/etc/named.conf

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/83/D0/wKioL1d9KcKBzbwwAADT4zC5OCI661.png-wh_500x0-wm_3 -wmp_4-s_4029807870.png "title=" screenshot from 2016-07-07 07:54:07.png "alt=" Wkiol1d9kckbzbwwaadt4zc5oci661.png-wh _50 "/>

Cd/var/named

Cp-p Westos.com.zone Westos.com.inter

Vim Westos.com.inter

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/83/D0/wKioL1d9KlDQR0xPAAB9yBM6cys984.png-wh_500x0-wm_3 -wmp_4-s_3805254236.png "title=" screenshot from 2016-07-07 07:56:41.png "alt=" Wkiol1d9kldqr0xpaab9ybm6cys984.png-wh _50 "/>

Systemctl Restart named

To view the parsing situation with the dig command

The following actions are performed on the client server host

Vim/etc/resolv.conf

Add the following: NameServer 172.25.254.100

Use the dig command to view the external network parsing situation

How to configure DNS file synchronization :

On the desktop, do the following:

Vim/etc/named.rfc1912.zones

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/83/D5/wKioL1d92x_DMZnRAAA3AmG7aws778.png-wh_500x0-wm_3 -wmp_4-s_2652032141.png "title=" screenshot from 2016-07-07 20:30:50.png "alt=" Wkiol1d92x_dmznraaa3amg7aws778.png-wh _50 "/>

Systemctl Restart named

On the server, perform the following actions:

Yum Install Bind-y

Systemctl Start named

Vim/etc/named.conf

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/83/D7/wKiom1d929zTRcD1AAFZbVWyEGU698.png-wh_500x0-wm_3 -wmp_4-s_3889686258.png "title=" screenshot from 2016-07-07 20:34:02.png "alt=" Wkiom1d929ztrcd1aafzbvwyegu698.png-wh _50 "/>

Vim/etc/named.rfc1912.zones

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/83/D5/wKioL1d93D_xR1b1AAA3go_kkxA955.png-wh_500x0-wm_3 -wmp_4-s_3484738665.png "title=" screenshot from 2016-07-07 20:35:44.png "alt=" Wkiol1d93d_xr1b1aaa3go_kkxa955.png-wh _50 "/>

Systemctl Restart named

Cd/var/named/slaves

Ls

Generate the Westos.com.zone file with the same file content as on the desktop host

Modifying the Westos.com.zone configuration file on the desktop host

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/83/D9/wKiom1d99ArSXrPXAABgH17gaFk483.png-wh_500x0-wm_3 -wmp_4-s_3834920344.png "title=" screenshot from 2016-07-07 22:17:28.png "alt=" Wkiom1d99arsxrpxaabgh17gafk483.png-wh _50 "/>

Systemctl Restart named

Dig bbs.westos.com # #dig解析出来的IP for the modified IP

In the Servcer host on the resolution, the content is displayed as the original content, because on the service side to modify the DNS client can not synchronize, the disadvantage is that the client can not be in real-time synchronization of the server information, resulting in information is not correct.

How to troubleshoot DNS service side and client data synchronization issues :

On the desktop host, do the following:

Vim/etc/named.rfc1912.zones

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/83/D8/wKioL1d9-GfhmI4rAABEX02Ake0495.png-wh_500x0-wm_3 -wmp_4-s_10472011.png "title=" screenshot from 2016-07-07 22:35:39.png "alt=" Wkiol1d9-gfhmi4raabex02ake0495.png-wh_ "/>

Add also-notify {172.25.254.200 to the configuration file;}; This parameter

Vim/var/named/westos.com.zone

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/83/D9/wKiom1d9-QfxxKaCAABncOhhxsM809.png-wh_500x0-wm_3 -wmp_4-s_2394273270.png "title=" screenshot from 2016-07-07 22:38:32.png "alt=" Wkiom1d9-qfxxkacaabncohhxsm809.png-wh _50 "/>

Systemctl Restart named

Dig bbs.westos.com #dig View resolved IP is 172.25.254.123

On the client server,

Dig bbs.westos.com #dig View resolved IP is 172.25.254.123

How to configure DNS to enable synchronization of server information through the client :

Edit the configuration file on the desktop server

Vim/etc/named.rfc1912.zones

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/83/DA/wKiom1d-BGWSBdbEAABKKyqTGv8427.png-wh_500x0-wm_3 -wmp_4-s_111376577.png "title=" screenshot from 2016-07-07 23:26:59.png "alt=" Wkiom1d-bgwsbdbeaabkkyqtgv8427.png-wh_ "/>

Systemctl Restart named

chmod g+w/var/named

Parameter allow-update {172.25.254.200;}; #通过IP为172.25.254.200 client can update files

Perform the following actions on the server client:

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/83/DA/wKiom1d-BS_QYACRAAAutAJDa-I707.png-wh_500x0-wm_3 -wmp_4-s_3777786566.png "title=" screenshot from 2016-07-07 23:30:22.png "alt=" Wkiom1d-bs_qyacraaautajda-i707.png-wh _50 "/>

Dig redhat.westos.com #查看解析情况

This is not a high level of security, because any client can make data updates to the server, we need to be updated in an encrypted manner, only the client that owns the key can update the data of the servers to solve the security problem.

On the desktop server, do the following:

Cp/etc/rndc.key/etc/westos.key-p

cd/mnt/

Dnssec-keygen-a hmac-md5-b 128-n HOST Westos # #此命令生成私钥

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/83/DF/wKiom1d-clvC0ugkAABLD68J5E8811.png-wh_500x0-wm_3 -wmp_4-s_473918034.png "title=" screenshot from 2016-07-08 07:15:58.png "alt=" Wkiom1d-clvc0ugkaabld68j5e8811.png-wh_ "/>

Vim/etc/westos.key

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/83/DF/wKiom1d-cwDh0NiJAAAtA3Qulnk385.png-wh_500x0-wm_3 -wmp_4-s_172559779.png "title=" screenshot from 2016-07-08 07:19:04.png "alt=" Wkiom1d-cwdh0nijaaata3qulnk385.png-wh_ "/>

Vim/etc/named.conf

Add include "/etc/westos.key" in line 43rd;

Vim/etc/named.rfc1912.zones

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/83/DF/wKiom1d-dAbgorSnAABE-IjViro468.png-wh_500x0-wm_3 -wmp_4-s_2651081382.png "title=" screenshot from 2016-07-08 07:23:25.png "alt=" Wkiom1d-dabgorsnaabe-ijviro468.png-wh _50 "/>

Systemctl Restart named

SCP kwestos.+157+14602.* [Email protected]:/mnt/#将密钥给IP为200的客户端

On the server client

Nsupdate-k kwestos.+157+14602.private #进行数据更新

This article from the "11721816" blog, reproduced please contact the author!

redhat7.0 Configuring Cache DNS