The DNS view of the Linux learning path and the creation of a log system for DNS

DNS views

What are DNS Views (DNS view)?

The DNS view is based on different customer sources (referred to as IP), and the DNS server uses different data files to complete the parsing process. In this process, the DNS server is the same, and the data files in the view are not the same. Therefore, different sources, using different data files to parse, so, the results will be resolved is not the same.

Procedure for creating a DNS view

1. Create a configuration file for DNS/etc/named.conf

But the content in this file is not the same as it was before.

Here the author demonstrates creating a DNS server within this domain to illustrate that the server has the view function xsl.com

ACL LAN {
192.168.0.103/32; #如果有多个ip或者网段, you can define ACLs to describe

};                                              
ACL wan {
         192.168.0.105/32;
};

Options {
        directory "/var/named";
        allow-recursion {lan;};      #允许递归的ip或者网段, you can also use ACLs to define
};
view  nei {                                  #这里定义的是view, Nei is the name of the view
        match-clients {lan;};       #定义匹配的来源. As long as the source within these ranges (ACL used here),  the         zone "xsl.com" {              # The data file used is the following nei.xsl.com.zone this file to parse the

Type master;
File "Nei.xsl.com.zone";

};
};

View Wai {
match-clients {wan;};
Zone "Xsl.com" {
Type master;
File "Wai.xsl.com.zone";
};
};

Note: When defining a view, all zones must be defined inside the view.

2. Create a data file

Nei.xsl.com.zone and Wai.xsl.com.zone These two files have the same format as the previous format.

I'm going to write it down here.

Nei.xsl.com.zone

$TTL 600
@ in SOA ns1.xsl.com. Admin.xsl.com. (
2014082401
1H
10M
The
)
In NS ns1.xsl.com.
NS1 in A 192.168.0.103
www in A 192.168.0.10
FTP in A 192.168.0.20

Wai.xsl.com.zone

$TTL 600
@ in SOA ns1.xsl.com. Admin.xsl.com. (
2014082401
1H
10M
The
)
In NS ns1.xsl.com.
NS1 in A 192.168.0.103
www in A 192.168.0.100
FTP in A 192.168.0.200

3. Turn off SELinux and use iptables-f to empty the rules in iptable

After the above, using Dig-t A www.xsl.com @192.168.0.103, respectively, on the different host test, the results obtained are not the same.

Custom DNS Log System

By default, system-generated log information is directed to the log system syslog, and most of the output is in the/var/log/messages file. But for the DNS server, basically the query information generated every day is enough. So, we can customize a log system specifically for the purpose of storing DNS-related information.

Defines the log system for DNS, which needs to be defined in the DNS configuration file.

Where catagory is used to define the source of the log, these log sources are:

default defines default channel for categories

General catch-all category for unclassified messages

Client Client Request Problems

Config Configuration file Problems

DISPATC h Dispatch of inbound packets to internal server modules

DNSSEC DNSSEC and TSIG

lame-servers problems due to remote server misconfiguration

Network related to network operations

Notify NOTIFY Announcements

Queries Query Processing

Resolver Recursive Query Processing

Security Accepted or denied requests

Update Dynamic Updates

xfer-in Zone Transfers received by the server

Xfer-out Zone Transfers sent by the server

The channel is used to define where the log information is saved.

There are 2 ways to define where to save:

The first is to output the generated log information directly to the Syslog log system

The second is to use file to customize the log information saved files

Note: A category can use multiple channel to save log information, but a channel can only hold one category log source information.

The DNS log system needs to be defined in/etc/named.conf.

For example, define the DNS log system format as follows
Logging {
Channel My_query {
File "/var/log/named/log.query" versions 3 size 10k;
Print-time Yes;
Severity dynamic;
};

Category queries {my_query;};
};

After the definition is complete, when you restart the DNS service and use the dig command to resolve a host name, you will see that the log file is generated.

The premise is that the log file directory to exist, and belong to the group of named, and the permissions of this directory is preferably 770. After the definition is complete, you can view the log information for the DNS in the file

This article from the "Linux Learning Path" blog, declined reprint!

The DNS view of the Linux learning path and the creation of a log system for DNS