DNS Server Construction in Linux

Source: Internet
Author: User
Keywords dns dns server dns server construction
The difference between host name and domain name:

The host name is the name of the internal network; the domain name is the name of the external network.

Host name and domain name are actually two completely different names, but many software (such as mail system postfix) will consider them the same by default.

In DNS, domain names include root domains, top-level domains, second-level domains, and host names.


There are 13 DNS root domain servers in the world.

Top-level domain: Managed by the Internet name authority, there are two common types. as follows:

Organization domain:

.com (commercial), .org (organization), .edu (education), .gov (government), .net (communication), .mil (military), .info (information)

Country or region top-level domain:

Cn (China), hk (Hong Kong, China), uk (UK), etc.

FQDN=host name.DNS suffix (FQDN, Fully Qualified Domain Name, fully qualified domain name/full name domain name)

3. Domain name resolution process

Sort by query method

Recursive query:
The client's result can only be success or failure

Iterative query:
The DNS server returns the correct address if the client requests data

DNS server returns a pointer if no data is requested

Sort from query content

Forward resolution: Find the corresponding IP address based on the host name (domain name)
Reverse resolution: Find the corresponding host domain name based on the IP address

Second, Centos7 builds DNS server

Next, take the famous DNS server software BIND (Berkeley Internet Name Domain) as an example to understand the basic construction process of a domain name server in Linux. BIND is a domain name service software package developed by the University of California, Berkeley. Linux uses this software package to provide domain name services. The software implements the DNS protocol. The server software of BIND is a daemon called named.

1. Get to know

In fact, each DNS server is only responsible for managing the correspondence between host domain names and IP addresses in a limited range (one or several domains). These specific DNS domains or IP address segments are called "zones" (zones) . The DNS system can be divided into different types according to the source of the managed area address data. The same DNS server has different identities relative to different regions. The common types are as follows:

Cache name server

Also known as cache-only server

Obtain the domain name -> IP address record by querying other domain name servers

Cache domain name query results locally to improve the speed of repeated queries

Primary domain name server

The official server of a specific DNS zone, unique
Responsible for maintaining all domain name -> IP address mapping records in the zone
From the domain name server

Also known as secondary name server
The domain name -> IP address record maintained by it comes from the primary domain name server
2. BIND installation and control

BIND is not the only DNS service program that can provide domain name services, but it is the most widely used. BIND can run on most Linux/UNIX hosts.

1) Install the bind software.


2) Related software packages

Check the package after installation: rpm -qa | grep “^bind”

bind-9.9.4-37.el7.x86_64.rpm: Provides the main program and related files of the domain name service

bind-chroot-9.9.4-37.el7.x86_64.rpm: Provide a fake root directory for the BIND service (use the /var/named/chroot/ folder as the root directory of BIND) to improve security.

bind-libs-9.9.4-37.el7.x86_64.rpm: Provides functions that bind and bind-utils need to use

bind-utils-9.9.4-37.el7.x86_64.rpm: Provides test tools for DNS server, such as nslookup, etc.

3) BIND service control

After the BIND software package is installed, a system service named named will be automatically added. The operation of DNS domain name service can be controlled through the script file /etc/init.d/named or systemctl and service (before centos6) tools. Such as: systemctl start named, start the named service.

other:

Main executive program: /usr/sbin/named
Service script: /etc/init.d/named
Default listening port: 53
3. Configuration file of BIND service

The use of BIND software to build a domain name service mainly involves two types of configuration files: the main configuration file and the regional data file. Among them, the main configuration file is used to set various operating parameters such as global options, registration zones, and access control of the named service, and the zone data file is used to save the data file (forward or reverse record) of DNS resolution records.

1) Main configuration file

/etc/name.conf (The bind-xxx software package is installed)

/var/named/chroot/etc/named.conf (The bind-chroot-xxx software package is installed)

The main configuration file mainly includes two parts: global configuration and regional configuration. The end of each configuration record ends with a semicolon ";", and the part starting with "#" or "//" represents the comment text (large Paragraph comments can use "/*......*/ format").

a. Global configuration section
Set the global parameters of the DNS server
Including listening address/port, default location of data files, etc.
Use options {…… }; configuration section

b. Regional configuration section
Set the specific DNS zone that this server provides for domain name resolution
Including domain name, server role, data file name, etc.
Use zone "zone name" IN {…… }; configuration section

2) Zone data configuration file (data file that saves DNS resolution records)

/var/named/ (The bind-xxx software package is installed)

/var/named/chroot/var/named/ (The bind-chroot-xxx software package is installed)

Each zone data file corresponds to a DNS resolution zone, and the file name and content are set by the administrator of the domain. (It must be the same as the file name specified in the global configuration, otherwise an error will occur)

In the zone data file, it mainly includes TTL configuration items, SOA (Start Of Authority) records, and address resolution records. The comment information in the file starts with a semicolon ";".

a. Global TTL configuration items and SOA records
"@" represents the current DNS zone name, which is equivalent to "benet.com."
$TTL (Time To Live, time to live) record
SOA (Start Of Authority, start of authorization information) record
The part starting with a semicolon ";" indicates comment information
b. Domain name resolution record

Forward analysis record:
NS domain name server (Name Server): Record the host address of the DNS server of the current zone
MX Mail Exchange: Record the host address of the mail server in the current zone. The number 10 indicates the priority.
A Address (Address): record forward resolution entries, only used in the forward resolution area
CNAME alias (Canonical Name): record the other name of a forward resolution entry
Note: Among them, the "@" symbol at the beginning of the NS and MX records can be omitted (by default, the @ information at the beginning of the SOA record is inherited), but a space or Tab must be reserved.

Reverse analysis record:
PTR pointer (Point) record, only used in the reverse analysis area
Specify the host address part of the IP address in the first column of the record. For example, "4 IN PTR mail.benet.com." in the above indicates that the domain name of the host with the IP address of 173.16.16.4 is maiil.benet.com.
Note: In the regional data configuration file, for any host address that does not end with a dot ".", the system will automatically use the current domain name as the suffix when searching for address records. For example, if the current DNS domain is "benet.com", the host address "www" in the file is equivalent to "www.benet.com." Therefore, when using a complete FQDN address, remember that the dot "." at the end of the address cannot be omitted.

3) Check the syntax of the configuration file
a.named-checkconf tool
b.named-checkzone tool

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.