Simple creation of LINUX_DNS server (positive solution/inverse solution)

What is DNS?

DNS (domain Name System). It is one of the services that can communicate with each other today, it is particularly important for the internet today, because it is very difficult to enter the IP address to access other hosts on the problem that people can't remember the digital IP address very well, and unrealistic, if the digital IP address uses the various names we are familiar with (characters, For example: Baidu Taobao, etc.) is very good memory. DNS is the ability to do this parsing.

the principle of DNS work :

First, let's take a look at something like www.baidu.com,

Www.baidu.com is hierarchical in DNS. com China

. baidu.com China Henan

Www.baidu.com, XX, Henan, China

So let's talk about how the DNS service works, such as:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/44/56/wKioL1PgxgHiZBkIAABwaT0RUEg565.png "title=" 1.PNG " alt= "Wkiol1pgxghizbkiaabwat0rueg565.png"/>

We explain to the following:

First, the client wants to access the www.baidu.com server

1, send the request to the DNS server, the DNS server received the request, sent to the. (root) server,

2, the root server discovers. com This domain is its own jurisdiction, return to the DNS server, the. com address, and then the DNS server goes to access COM this server

3,. com this server receives a request for DNS and discovers that. Baidu.com is in his own domain, so he returns the. baidu.com to DNS and lets it find it. baidu.com

4,. Baidu.com received the DNS request, found that the other side is looking for the WWW under their own domain, tell DNS you find the right person, I am what you are looking for, I will send my IP address to you, so the DNS request to the destination IP address.

5, the DNS server to the request to the destination IP back to the PC, the PC based on the www.baidu.com IP address, find www.baidu.com This server communication go to, so that the domain name resolution is completed.

Since DNS is so important, how do we configure a DNS server?

The first step , we need to know, to create a DNS server is like a city to develop a new district, must be to the superior to apply for, the superior before the construction is not, here is the same, we must apply to our top-level domain manager for filing, and then to obtain approval, other host access to our , the superior only know what part of us, otherwise, the superior do not know our existence, other host how can visit us?

The second step is to start building configuration DNS server, below the details

Create a DNS server on a single host, and prepare some environments. To be able to start the service, we need bind this tool, bind is the DNS service tool.

several configuration files related to the DNS service, let me give you the following:

/etc/hosts It is the earliest record of IP and hostname (then the Internet can't compare with the present, so a document can be recorded)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/44/56/wKioL1Pgz2-QCCDxAAAdqY4tu3Q897.png "title=" 3.PNG " alt= "Wkiol1pgz2-qccdxaaadqy4tu3q897.png"/>

/etc/resolv.conf It is a configuration file for the DNS client, which records the DNS server IP, where DNS points to such as:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/44/56/wKioL1Pg0BXTAlSfAAAT3cRne0g049.png "title=" 4.PNG " alt= "Wkiol1pg0bxtalsfaaat3crne0g049.png"/>

/etc/named.conf It is the main configuration file for the Bind tool, which defines:

Options {

Director "Working directory (default/var/named)"

Recursion Yes//accept recursive query

};

Zone "." in {

Type hint; Zone is a keyword that defines a region, where

File "named.ca"//Specifies that the zone's database files are/var/named/by default

};

OK, the configuration file is finished, let's start with a simple configuration,

Our main profile is as follows (it contains only the main content, and I have commented on it):

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/98/wKioL1Ph_lzTFNdWAABYqFwO9iw654.png "title=" 5.PNG " alt= "Wkiol1ph_lztfndwaabyqfwo9iw654.png"/> Next we go to/etc/named.rfc1912.zones this file write the domain you want to define Mage.com

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/44/99/wKioL1PiADzhHvDuAAA8rcvUNoM363.png "title=" 6.PNG " alt= "Wkiol1piadzhhvduaaa8rcvunom363.png"/>

See file "Mage.com.zone" that line is not, that file name is we want to configure the Forward parsing library file, it is in/var/named/mage.com.zone, below we look at the inside of things;

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/9C/wKiom1PiBHiiGDHbAABJMb45ME8494.png "title=" 7.PNG " alt= "Wkiom1pibhiigdhbaabjmb45me8494.png"/> This file belongs to the group to be changed to named, the authority changed to 640

Let me explain to you the above details:

@ (local domain) SOA (Originating zone authorization record) ns.magecom (is the name of the DNS server)

The first line means: The first record of a zone authorization, so the first line of the file must be of type SOA,

Domain mage.com Authorization ns.mage.com This DNS server manages the following servers

Admin.mage.com This name is the mailbox address of the DNS server administrator,

201401 represents the version number of this file sequence, if the content of this file is updated, you must modify this serial number, otherwise in master-slave server mode, from the server will not be the same as the new data from the primary server.

How long is the refresh time from the server to synchronize data from the primary server to 3 days

1H represents a retry interval of 1 hours, that is, the time interval to retry the link from the server to which the primary server is not contacted

1 W represents the expiration time of 1 weeks, that is, how long after the server is no longer working

3H the lifetime of the record in the cache

Each server name should correspond to an existing IP address, and must have an A record that is the host record,

Why is the xxx.mage.com not the IP address? Because this is my nickname for www.mage.com, the equivalent of a person's nickname represents the same server.

At this point, we have configured the success, below we want to start this DNS server.

Service named start

/etc/rc.d/init.d/named start

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/9D/wKiom1PiBgTxNHrhAAAKPK1oc-E015.png "title=" 9.PNG " alt= "Wkiom1pibgtxnhrhaaakpk1oc-e015.png"/> with command SS-UNL (see if Port 53rd is in the listening state, if there is proof of successful start)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/44/9D/wKioL1PiBquxJc52AAAlza0mcl0501.png "title=" 8.PNG " alt= "Wkiol1pibquxjc52aaalza0mcl0501.png"/>

Since the start is successful, then we test the DNS server can resolve the domain name success?

There are several commands:

Nslookup this can be directly used nslookup ns.mage.com query

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/44/A9/wKioL1PiJ1-juQyMAAAMCeCCNrM910.png "title=" 11.PNG "alt=" Wkiol1pij1-juqymaaamceccnrm910.png "/>

You can also use Nslookup directly, and an interactive interface will appear:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/44/A9/wKiom1PiJmmhusJgAAAWr85TPZg074.png "title=" 10.PNG "alt=" Wkiom1pijmmhusjgaaawr85tpzg074.png "/>

The display can resolve the domain name corresponding IP, is not.

Another kind of test command is the host command such as: Host Www.mage.com

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/A9/wKiom1PiJvPiyaZKAAAHUWdzPcA965.png "title=" 12.PNG "alt=" Wkiom1pijvpiyazkaaahuwdzpca965.png "/>

and Host-a www.mage.com to show more detail.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/AA/wKioL1PiKIOAlJuJAAAxVesHXlo855.png "title=" 13.PNG "alt=" Wkiol1pikioaljujaaaxveshxlo855.png "/>

Another very powerful command is dig, which is now one of the most popular DNS test tools, using the following:

Dig: Query Options

+trace Tracking Query

+notrace do not track queries

+recurse recursive query

+norecurse not recursive query

Dig trace www.mage.com forward tracking query

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/44/AB/wKioL1PiKtPj0DsZAABGH6Ka-Jk619.png "title=" 14.PNG "alt=" Wkiol1piktpj0dszaabgh6ka-jk619.png "/>

Dig-x www.mage.com is the reverse query.

For a reverse query, we first define a reverse zone and create a reverse parsing library file in the reverse region as follows:

We define the reverse region in/etc/named.rfc1912.zones.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/44/AD/wKiom1PiMCPh0GgQAAAHubgiEyM672.png "title=" 15.PNG "alt=" Wkiom1pimcph0ggqaaahubgieym672.png "/>

Edit Reverse Parse library file 172.16.249.zone

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/44/AE/wKioL1PiMVujLfbaAAAS-rY9T3Q255.png "title=" reverse. PNG "alt=" Wkiol1pimvujlfbaaaas-ry9t3q255.png "/>

and modify the file's permissions to 640, and belong to the group named Group,

To use the host test to see: 650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/44/AF/wKiom1PiNbLB6qCQAAAgBkRYBMM951.png " Title= "16.PNG" alt= "Wkiom1pinblb6qcqaaagbkrybmm951.png"/>

See, successfully parse out mail.mage.com This domain name, this is the general step of the inverse solution.

The above is the configuration of the primary DNS server, but only one primary DNS server, if the DNS server when the machine what to do? All to have a secondary DNS host also called "From DNS server"

From the creation of a DNS server:

Because the resolution library data from the DNS server is synchronized from the primary DNS server, there is no need to manually build the database files. So, we just need to edit the configuration file from the DNS server, edit as follows: And to specify the IP of the primary DNS server.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/B3/wKiom1PiQiug5Cs_AAAJUI2eFV0551.png "title=" 17.PNG "alt=" Wkiom1piqiug5cs_aaajui2efv0551.png "/>

Mkdir/var/named/slaves also create directory slaves in/var/named/, which is required to configure the DNS server from

Then restart from the DNS server, service named start

You will find that there are already synchronized files in the slaves directory;

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/44/B6/wKiom1PiS-OyCGuQAAAMVEY_uAM850.png "title=" 18.PNG "alt=" Wkiom1pis-oycguqaaamvey_uam850.png "/>

Now you can use the DNS server to complete the domain name that the primary DNS server needs to resolve, from the DNS server configuration is relatively simple.

This article is from the "Linux Small Pot Friends" blog, please be sure to keep this source http://ny0716.blog.51cto.com/9154254/1536668