Suite required for DNS setup

Source: Internet
Author: User
  • Install DNS suite: bind
    Finally, all the nonsense is finished! I believe you are a little tired !? The Bird brother is very tired, because the arm, shoulder and neck pain problems are quite serious... sorry! What are you doing here !? @ _ @ Well, we are finally going to install the suite required by DNS! As mentioned above, the DNS we want to use is the BIND (Berkeley Internet Name Domain, bind) suite developed by the University of Berkeley! So how do you know if you have installed it? Do you still remember the RPM in the basics? Yes! It is to use RPM to check:

    [Root @ test root] # rpm-Qa | grep bind
    Bind-9.2.1-4mdk <= This is used to install the server
    Bind-utils-9.2.1-4mdk <= This is the command used as the client side to search for Domain Name

    What if it is not installed? Success! Also ask me about zookeeper ~ Take out your original CD and install it first ~ Not installed? Please come up with "laruence's Linux Private food-basic learning" to observe the usage of RPM!

  • Default bind path settings:
    Basically, the main configuration file of BIND is/etc/named. conf. All the settings for the host are set in this file! However, for the hostname <--> ip ing relationship, you need to set it by zone! However, the name of this zone is specified in/etc/named. conf! Therefore, please note that the name of each zone is variable, but you need to name it in/etc/named. conf! In addition, it is recommended that the files specified by the zone be placed directly in the directory of the default zone of BIND, that is,/var/named! Better management!
  • Bind upgrade:
    Please note that the DNS 53 port is not very secure, so it is not necessary. In fact, it is not recommended to enable DNS! However, if you really want to install distribution, do you always pay attention to whether your Linux learning distribution has a vulnerability fix kit published on a regular basis? This is really important, because laruence has been planted with a worm by port 53 a long time ago. It's really annoying! @_@

    In the DNS settings, you must have a clear understanding of what the zone is, or it is difficult to continue setting it! It's a mess ~ In any case, you must know that the BIND configuration file is the/etc/named. conf file. If it does not exist, create it on your own! In addition, DNS server types can be divided into three categories:

    • MASTER: This type of DNS contains the domain name configuration file (there is a zone !), This setting file is used to set the correct solution or the reverse "Database! So he has the data required to provide Internet queries! For example, if I can set the domain on my host, my host is a master host!


    • SLAVE: This type of host itself does not have to be manually set by the DNS system administrator to manually reverse the DNS database file, but corresponds to the master host supported by this slave to back up the DNS set file data, that is to say, slave will back up the corresponding data files in the master's system! (Note: of course, this master must open slave to update the corresponding file of Slave Data! In addition, it should be noted that the slave host will not "survive" when the master node is down, but will be the same as the master node, and will be responsible for domain search on the Internet at the same time! So what are the advantages of setting up this slave? Haha! The biggest benefit is "single-point maintenance! What should I do? Assume that you have three DNS hosts. In case you want to add a new host name to the domain you manage, do you want to manually modify three or only one computer, what about the other two sets for him to update automatically? In this case, dear friends, you can understand it! ^_^! Because this slave is not a DNS host that will survive when the master node is down, if you set two DNS hosts to the ISP, make them both alive! Because no matter whether it is a master or slave, the Internet does not search for domain name in sequence, but first finds the first win, so we do not know which host will be first queried! Of course! Therefore, the two Master/Slave machines must be able to work on the Internet!


    • Cache-only: it is usually set on the firewall! This type of DNS host does not have its own database. It only helps the client to request data from external DNS hosts ~ Simply put, he can think of as an "agent ~

    So how does the Master/Slave Data Update work? Please note that slave needs to update the DNS data from the master! So of course, slave needs to have a master at the beginning of the configuration! Well, the data synchronization between the master and slave can be viewed in the following figure:

    Figure 4. Master/Slave DNS host data synchronization process

    • Determine whether to update (1.1): We can set the time to update data to the master DNS host on slave. When the update time is reached, slave will ask the master if data needs to be updated,This data update is determined based on whether the serial number is different.!
    • Determine whether to update (1.2): In addition to querying from the slave to the master, if the DNS data of the master is changed and you want to update the slave synchronously, you can also send an update notification to the slave!
    • Data Synchronization (2): In the end, the data is transmitted from the master to the slave to update the DNS data of the slave!

    Note that if you want to set up the DNS architecture of the Master/Slave,Both hosts (master and slave) require your control.! A lot of files on the network are a little lost in this place. Please pay special attention to it!
    Next, let's talk about two simple DNS hosts: cache-only and master-type DNS hosts! As for the slave and master settings, we will not introduce them more here!

    Simple forward DNS host settings:
    What is a simple forward DNS host?
    After learning about the default path of BIND, we know that the main setting file is the file/etc/named. conf, but this file does not exist under my/etc! Haha! Because you need to create it on your own! ^_^! Before introducing how to set up each zone, let's start with a simple DNS host! Is cache-only DNS server! It's also called forward DNS! As the name suggests, this DNS server only provides the cache function. That is to say, it does not have a configuration file and is completely provided by external queries! Because he has no configuration file, he must connect to a valid DNS! The entire operation process can be viewed as follows:

Figure 5. Operation Process of cache-only DNS host

    As shown in the figure above, you can find that, although our client uses the cache-only DNS to search again, in fact, the cache-only host is always one (forwarders) the DNS host is used to help you query the data. The data file is not set! So basically, the cache-only DNS is just a DNS host that transmits data in the middle! So why should we set up such a DNS host? Idle? Of course not! There is a reason! Let me explain it to you!
    When will I use cache-only DNS?
    In some company lines, in order to prevent employees from using the company's network resources to do their own thing, it is stipulated that the Internet is quite strict, so sometimes, even yourself will be blocked! Naturally, this port 53 is the same and may be blocked! So we know that if the DNS port 53 is not available, the corresponding IP address of the hostname cannot be resolved! Yes! What should I do? At this time, you can install a cache-only DNS service on the machine on the firewall !』 What does this mean? Easy! You can use your firewall and DNS to help your client interpret the hostname <--> ip address! Because firewall can set to allow its own DNS to go out, and the client's DNS Server IP will set its own firewall, haha! In this way, you can get the translation!
    Simple cache-only DNS settings:
    Setting a cache-only DNS host is really easy! Because you do not need to set a forward/reverse zone, you only need to set a file! So happy!
  1. Edit/etc/named. conf
    This file mainly defines host-related matters, as well as the meaning and files of each zone, because cache-only has no zone, so we only need to set host-related settings. Note the following when setting this file:

    • The annotation data is set!
    • Each paragraph must end!

    So you can set this file!

    [Root @ test root] # vi/etc/named. conf
    // This settings is only for forwarding DNS Server
    Options {
    PID-file "/var/run/named. PID"; // set PID-file here! At this time,
    // Pay special attention to the owner of the path)
    // It must be a talent line like named!
    Forward only; // only forward is allowed!
    Forwarders {; // here I use hinet DNS!; // This is the DNS of seednet!

    [Root @ test root] # ls-Al/var/run/named
    Total 12
    Drwxr-XR-x 2 named 4096 Dec 5./<= pay attention to this owner!
    Drwxr-XR-x 10 Root 4096 Dec 5 ../


    • The options content refers to the main setting value in the host, which is:

      • PID-file refers to the file of the PID (process ID) recorded by each service! This file is usually used to restart or reload the entire service! Because kill-1 PID can be used to restart! Success! What is PID missing? Come and have a basic review!
      • Forwarders (do not forget that s !) The "legal" DNS you are looking! Each forward host's IP address must end!
      • Forward only: This setting allows your DNS host to only perform forward! Is the most common cache-only host setting!

    Easy! In this way, the simplest cache-only DNS host has been set!

  2. Start named
    I will never forget to start it !? Start it now!
    [Root @ test root] #/etc/rc. d/init. d/named start
    Starting named: [OK]


  3. Observe port changes
    Please pay special attention to it! It will not be successful if OK is displayed at startup! So hurry up and check whether your port 53 has enabled strongswan ~
    [Root @ test root] # netstat-utln
    Active Internet connections (only servers)
    PROTO Recv-Q send-Q local address foreign address State
    TCP 0 0 53 * listen
    TCP 0 0 53 * listen
    UDP 0 0 53 :*
    UDP 0 0 53 :*

    Note that if no interface is specified, all network interfaces, including Lo, eth0 ,... and other interfaces will be set to the response interface that can accept the domain name requirements! In addition, we still remember that as mentioned above, each interface will provide TCP and UDP packet services at the same time! This seems to be a real startup. However, we still have to check whether there are any major problems with the configuration?

  4. Check/var/log/messages content messages
    The named service record file is directly stored in/var/log/messages, so let's take a look at several lines in it!
    [Root @ test root] # tail-N 15/var/log/messages | grep named
    Dec 5 02:33:33 test named [3010]: Starting bind 9.2.1-u named
    Dec 5 02:33:33 test named [3010]: using 1 CPU
    Dec 5 02:33:33 test named [3015]: loading configuration from '/etc/named. conf'
    Dec 5 02:33:33 test named [3015]: No IPv6 interfaces found
    Dec 5 02:33:33 test named [3015]: listening on IPv4 interface Lo, #53
    Dec 5 02:33:33 test named [3015]: listening on IPv4 interface eth0, #53
    Dec 5 02:33:33 test named [3015]: Running
    Dec 5 02:33:33 test named: named startup succeeded

    Haha! It seems like there is no problem! Okay! Let's test it!

  5. Test (please watch the test project on the client side)
    Benefits and problems of forwarders
    There are many opinions on the advantages and disadvantages of forwarder! The general comments can be divided into the following two schools:

    • The theory of using the forwarder function to improve efficiency: these friends believe that when many lower-layer DNS hosts use forwarder, the host is set to forwarder, because a lot of information records are recorded, for those lower-layer DNS hosts, it will increase much faster, that is, it will save a lot of query time! Basically, these basic processes can be viewed as follows:

      Figure 6. Operation description of the forwarder Parameter
      When forwarder is set for all cache-only instances as the "primary DNS host", a large amount of information has been recorded on the primary DNS host (everyone has asked for this !) Therefore, when others request the same query data, the host of the primary DNS will directly read the data from its cache. Therefore, the query efficiency becomes faster!
    • Using forwarder will reduce the overall efficiency: However, the other party holds the opposite opinion! This is because when the "business volume" of the primary DNS itself is very busy, your cache-only host still requests data from him, because the data transmission volume is too large, in terms of bandwidth, the load may not be sufficient, and too many lower-layer DNS requests data from him, so his query speed will slow down! Because the query speed slows down, and your cache-only host asks for it, the query speed on both sides naturally decreases!

    There are many ways to explain it! I think it's interesting, too! I just don't know which one of them is more correct.> _ <"", but I can know that if the upper-layer DNS is fast, when it is set to forwarder, maybe it can really increase a lot of efficiency!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.