| I. Basic DNS knowledge
As we all know, in network communication, data links Use MAC addresses. The network layer uses IP addresses, and the transport layer uses port numbers, each of which has its own identification method. IP addresses are the most closely related to users. Each incoming computer (whether Internet or intranet) must have its own IP address to ensure correct information transmission. However, IP addresses are composed of numbers, which are difficult to remember and express their actual use. Therefore, people use domain names in images instead of IP addresses to facilitate communication and memory. However, note that, packet transmission in network communication relies on IP addresses. That is to say, when Http://www.syd.com Send the DNS server... To www1.syd.com.
So far, there are three main methods to implement such domain name resolution:
1) hosts file, but all servers that parse each other must be configured
1) NIS (Sun technology) centrally manages domain names and is only applicable to lan.
3) DNS implements hierarchical and Distributed Management of domain names. Most of them are currently in this way.
It is difficult to configure DNS services and may require ISP support. DNS is also the basis of various network application services, such as websites and emails... All Require Domain Name support, and with DNS, it is much easier to port IP addresses.
Ii. Conditions for configuring the DNS server in Linux
Currently, various Linux systems provide software for implementing DNS services, and most of them are directly installed by default (this is inseparable from Linux's main service-oriented purposes ). The DNS server software in Linux is called BIND. It is now version 9. Program Named (here d indicates the daemon, that is, the service in Windows)
1) Check whether DNS service software is installed
# Rpm-QL bind
If no installation is available, you can add:
# Rpm-IVH * bind *. RPM (first copy of rh9)
# Rpm-IVH * nameservere *. RPM (second copy of rh9 ))
Iii. DNS server composition and Configuration Methods
The DNS service system adopts the C/S structure. The common user's machine is C, and the DNS resolution service is S. The client configuration is quite simple, just in/etc/resolv. add the IP address of the DNS server to the conf file (up to three). The format is as follows:
Nameserver 172.16.0.3
Nameserver 10.8.10.244)
(Note: it is best to put your DNS server IP address in front of the experiment. Otherwise, the test may fail, but the Internet access speed may be slower. It is worthwhile for the experiment !)
The configuration on the DNS server mainly includes the master configuration file and regional file.
Main configuration file:/etc/named. conf completes the region name and global configuration (such as sub-domain name, access control, etc)
Region file (under/var/named by default). The file name is the same as that in the main configuration file. It records DNS resources (including SOA, MX, A, NS, cname, etc.), detailed descriptions in the following configuration file. ========================================================== ======================================
The following describes the implementation process.
========================================================== ==================================
IV. Implementation of text Configuration
1. Configuration Planning
To make it easy for everyone to understand, I will first write out my ideas:
I have installed two RH as 3 systems on my own machine (512 MB, 80 GB, 1.7 GHz, 64 MB vCard) so that I have a total of three machines for testing. My goal is to experiment in two Linux systems to implement domain name resolution and subdomain names.
The domain I want to implement is syd168.com. The machines in the domain include www, BBS, FTP, Mai, and SSL.
They are used to complete websites, BBS, FTP, email, and e-commerce sites, and are all on one machine (172.16.0.3), which is often used on different machines.
In addition, I plan to implement syd168.com and sub.syd168.com. The subdomain has its own host resolution records (WWW, mail, FTP, SSL...) and cross-network segments.
Note: If the virtual host technology is required for various services to correspond to different domain names on one machine, I will release their implementation methods in the future. In fact, there are a lot of related information here.
RH AS1:
IP: 172.16.0.3/16
Gateway: 172.16.0.2
DNS customer configuration 172.16.0.3
RH as2:
IP: 172.16.0.4/16
Gateway: 172.16.0.2
DNS customer configuration 172.16.0.4 1. Configure the master configuration file
After BIND is installed, the main configuration file/etc/named. conf is generated by default.
# Add the following content to VI/etc/named. conf: **********************/etc/named. conf *************************
options {
directory" /var/named "; // storage location of the region file
forwarders {10.8.10.244 ;};
// allow-query {172.16.0.0/16 };
// allow-transfer {172.16.0.0/16 ;};
// forward only;
};
controls {
Inet 122.0.0.1 allow {localhost;
172.16.0.3; 172.16.0.4 ;}keys {rndckey ;}< BR >}; Zone "." In {
Type hint;
File "named. ca ";
};
Zone "localhost" in {
Type master;
File "localhost. Zone ";
Allow-update {none ;};
};
Zone "0.0.127.in-ADDR. Arpa" in {
Type master;
File "localhost. Arpa ";
Allow-update {none ;};
}; // ================================== Newly added content ====================== ==========
Zone "syd168.com" in {// implement the syd168.com domain
Type master; // The main domain to be implemented
File "syd168.com. Zone"; // The record file of the primary domain (a memorable name) is stored under/var/named.
};
Zone "0.16.172.in-ADDR. Arpa" in {// reverse resolution region of syd168.com
Type master; // The type is the main region
File "syd168.com. Arpa"; // The file stored in the reverse region record (the name of the note ).
};
// ================================== End of the newly added content ================== ========== Include "/etc/rndc. Key ";
2. Create two regional files/var/named
1) # vi/var/named/syd168.com. Zone
// ================= Forward region file/var/named/syd168.com. Zone ================
$ TTL 2 h
Syd168.com. In SOAWww.syd168.com. Master.syd168.com. (// The leftmost syd168.com can be simplified to @, followed by the in soa primary DNS server domain name DNS server administrator email
20040730; serial number // region serial number. This parameter must be added when it is modified. Otherwise, the slave domain may be inconsistent!
2 h; refresh timeout // refresh the timeout value from the domain
40 m; retry refresh timeout // refresh time from the domain
1 W; expire timeout // time when the refresh from the domain fails and the primary domain is deemed invalid
2 h; TTL time
)
// Keep each of the following lines to the left, that is, do not leave blank on the left.
Syd168.com. In NSWww.syd168.com. // Indicates that the domain name of syd168.com is composedWww.syd168.com(Or IP) Translation WWW in a 172.16.0.3 // the IP address corresponding to www.syd168.com is 172.16.0.3
WWW in a 172.16.0.4 // the IP address corresponding to www.syd168.com is 172.16.0.4. Load Balancing can be achieved with multiple IP addresses for a Single Domain Name FTP in a 172.16.0.4 // The left side can also be writtenFtp.syd168.com. Note! At this time, there must be multiple vertices at the end; otherwise, an error occurs.
Mail in a 172.16.0.5 // The full domain name must end with a dot!
BBS in a 172.16.0.6 // In indicates Internet, and a indicates address
Test in a 172.16.0.7 // note that these IP addresses must be available together, otherwise they will be useless!
SSL in a 172.16.0.3 Syd168.com. In MX 10 mail.syd168.com. // indicates that emails sent to the syd168.com domain are forwarded by the mail.syd168.com host, and MX indicates mail exchange
In // The following two rows are used to implement the subdomain. The subdomain to be implemented is sub.syd168.com of syd168.com. The parent domain provides the server address pointing to the subdomain.
Sub in NSWww.sub.syd168.com. // Indicates that the domain name suffixed with sub.syd168.com is composedWww.sub.syd168.comResponsible for translation. Ns indicates Name Server
Www. subIn a 172.16.1.3 // indicatesWww. subHost resolution for the host in this domain is 172.16.1.3 // The following is the host alias, Which I generally do not set, because the above is already a standard name, what to do with the alias, you can also directly set the host name if needed
Www1 in cname WWW
Ftp1 in cname FTP
Bbs1 in cname BBS
Mail1 in cname mail
Test1 in cname Test
Ssl1 in cname ssl1 // ==================== End of the forward region file ================== // ================= Reverse region file/var/named/syd168.com. Arpa ============== $ TTL 2 h
@ In SOAWww.syd168.com. Master.syd168.com .(
20040730; serial number
2 h; refresh timeout
40 m; retry refresh timeout
1 W; expire timeout
2 h; TTL time
)
In NSWww.syd168.com. // Note that there must be a space on the left side of the line, or enter "region name.", that is, 0.16.172.in-ADDR. ARPA. 3 In PTRWww.syd168.com. IndicatesWww.syd168.comThe Host IP address is 172.16.0.3 (reverse resolution)
4 In PTRFtp.syd168.com.
5 In PTR mail.syd168.com.
6 In PTR bbs.syd168.com.
7 In PTR test.syd168.com. // ================= End of the reverse region file ==================== 3. Test and debug configurations
After modification, save and launch
1) # service named start // start the named service (the process that provides the DNS Service). Common Errors are the lack of. Or; or redundant spaces on the left to exclude the direct path command without errors.
2) # named // my virtual machine must be resolved in this way. Normal machines do not need it, and I am at/etc/rc. d/RC. add the row for running named in local
3) # Check whether the named-G is correct. It is generally clear that many people say that the service runs normally but cannot be parsed, except for/etc/resolv. the conf file does not contain the IP address of the DNS server. Most errors can be ruled out using this command.
4) # hostWww.syd168.com// Is the test successful? If it succeeds, other host records are generally okay. Host can be replaced by Ping.
5) host 172.16.0.3 // test reverse resolution
6) Host-t mx syd168.com // test the email Exchanger
7) Host-t ns syd168.com // test the Domain Name Server Note: # named-G is very useful! All my DNS errors are ruled out using it. It is intuitive and can give error rows. It is essentially a more detailed log display.
If the local test is normal, it is strongly recommended that you perform the Remote Test and generally fail at the beginning. Why? Because you didn't add nameserver 172.16.0.3 to its/etc/resolv. conf. Try it? Haha, it was so simple!
V. subdomain implementation
1. subdomain Planning
In fact, the implementation of subdomains is described above. This is also repeated. What do I mean by implementing the sub-domain of the real parent domain syd168.com? When the client queries the parent domain (generally this way) and finds that the suffix contains the subdomain, it is as simple as querying the server where the subdomain is located.
2. subdomain implementation
1) modify the region file of the primary domain. Add the following two lines to the Host record section:
Sub in NS Www.sub.syd168.com . // Indicates that the domain name suffixed with sub.syd168.com is composed Www.sub.syd168.com Responsible for translation. Ns indicates Name Server
Www. sub In a 172.16.1.3 // indicates Www. sub Host resolution for the host in this domain is 172.16.1.3
2) modify the main configuration file and create a regional file on the subdomain server. The method is the same as the above, but the region is sub.syd168.com. The reverse region is complicated. Then I will leave soon ,,, time...
3. Test Configuration
To test the subdomain, the configuration must be correct. According to the principle of the subdomain, the subdomain is queried only when the customer fails to query the parent domain. Therefore, during the test, the DNS customer configuration on the test machine must remove the IP address of the subdomain server; otherwise, your test is wrong! Untrusted. It only proves that the DNS query is sent from the primary domain server to the subdomain server. Okay, time is limited, level is limited, and errors are inevitable. Thank you for your criticism! It is our consistent aim to learn and promote each other! I have to go... Train .. |
