1, DNS overview
In daily life, people are used to using domain names to access servers, but machines only recognize IP addresses. There is a many-to-one relationship between domain names and IP addresses. An IP address can correspond to multiple domain names and a domain name can correspond to only one IP address. The conversion between them is called domain name resolution. Domain name resolution needs to be completed by a special domain name resolution server, The whole process is automatic.
1. Definitions
(1) DNS is the English abbreviation of "domain name system". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet.
(2) DNS service uses TCP and UDP port 53. TCP port 53 is used to connect to DNS server and UDP port 53 is used to resolve DNS.
(3) The length of each level of domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.
2. Analysis method
Forward resolution: find the corresponding IP address according to the domain name
Reverse resolution: find the corresponding domain name according to the IP address
2, DNS server type
Primary domain name server
Responsible for maintaining all domain name information of a region. It is the authoritative information source of all specific information, and the data can be modified. When building the master domain name server, you need to establish the address data file of the responsible area.
From domain name server
When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.
Cache domain name server
Only the caching function of domain name resolution results is provided to improve the query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and puts it in the cache. It will respond to the same information in the future. The cached domain name server is not an authoritative server because all the information provided is indirect information. When building a cached domain name server, you must set the root domain or specify another DNS server as the resolution source.
Forwarding domain name server
Responsible for local query of all non local domain names. After receiving the query request, the forwarding domain name server will find it in its cache. If it cannot find it, it will forward the request to the specified domain name server in turn until the search result is found. Otherwise, it will return the unmapped result.
Note: at ordinary times, the master domain name server and slave domain name server are used more, so it is important to master
3, Introduction to DNS domain name structure
Root domain
It is located at the top of the domain name space, usually with a "." express
Top level domain
It generally represents a type of organization or country,
Such as Net (network provider) Com (industrial and commercial enterprises) Org (group organization) Edu (educational institution) Gov (government department) CN (Chinese national domain name)
Secondary domain
It is used to indicate a specific organization in the top-level domain. The secondary domain name under the national top-level domain is uniformly managed by the national network department,
Such as Cn secondary domain name set under the top-level domain name: com.cn,. net.cn,. edu.cn
Subdomain
The domains at all levels created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name
host
The host is located at the bottom of the domain name space, which is a specific computer,
If WWW and mail are specific computer names, you can use www.sina.com com. cn., mail.sina.com.cn. This representation is called FQDN (fully qualified domain name), which is also the full name of the host in the domain name
4, Forward analysis experimental steps
(1)install bind software package yum -y install bind (2)First check the path of the configuration file to be modified rpm -qc bind -query bind Path of software configuration file /etc/named.conf -Master profile /etc/named.rfc1912.zones -Zone profile /var/named/named.localhost -Area data profile (3)Modify master profile vim /etc/named.conf options { listen-on port 53 { 192.168.19.44; }; -Listen to port 53, ip Use the local address where the service is provided IP,Also available any Indicates all listen-on-v6 port 53 { ::1; }; -ipv6 If the line is not used, it can be commented out or deleted directory "/var/named"; -Default storage location of area data files dump-file "/var/named/data/cache_dump.db"; -Location of domain name cache database file statistics-file "/var/named/data/named_stats.txt"; -Location of status statistics file memstatistics-file "/var/named/data/named_mem_stats.txt"; -Location of memory statistics file allow-query { any; }; -Permission to use this DNS The network segment of the resolution service is also available any On behalf of all ...... } zone "." IN { -Forward analysis“."Root region type hint; -Type is root area file "named.ca"; -The area data file is named.ca,The domain names and of 13 root domain servers were recorded IP Address and other information }; include "/etc/named.rfc1912.zones"; -Contains all the configurations in the area configuration file (4)Modify the regional configuration file and add the forward regional configuration vim /etc/named.rfc1912.zones -There can be templates in the file, which can be modified after copying and pasting zone "feng.com" IN { -Forward analysis“ feng.com"region type master; -Type main area file "feng.com.zone"; -The specified area data file is feng.com.zone allow-update { none; }; -Ignore it. You don't need to configure it. Just default }; (5)Configure forward area data file cd /var/named/ cp -p named.localhost feng.com.zone -Keep the permission of the source file and the copy attribute of the owner vim /var/named/feng.com.zone $TTL 1D -Set the effective time for caching parsing results @ IN SOA feng.com. admin.feng.com. ( -After email and domain name“."Can't forget 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS feng.com. -Record the current area DNS Name of the server (required) А 192.168.19.44 -Record host IP Address (essential) IN MX 10 mail.feng.com. -MX For mail exchange records, the higher the number, the lower the priority www IN A 192.168.19.54 -Record forward parsing www.benet.com Corresponding IP mail IN A 192.168.19.64 -Forward resolved address of mailbox ftp IN CNAME www -CNAME Use alias, ftp yes www Alias for * IN A 192.168.19.44 -Pan domain name resolution, "*" Represents any host name (6)Start the service and turn off the firewall systemctl start named systemctl stop firewalld setenforce 0 -If the service fails to start, you can check the log file to troubleshoot the error tail -f /var/log/messages -If the service starts stuck, you can execute the following command to solve it rndc-confgen -r /dev/urandom -a (7)Add in the domain name resolution configuration file of the client DNS server address vim /etc/resolv.conf -The modification will take effect immediately nameserver 192.168.19.44 or vim /etc/sysconfig/network-scripts/ifcfg-ens33 -The network card needs to be restarted after modification DNS1=192.168.19.44 systemctl restart network (8)test DNS analysis host www.feng.com nslookup www.feng.com
Forward parsing practice
(1) Install bind package
(2) First check the path of the configuration file to be modified
(3) Modify master profile
(4) Modify the regional configuration file and add the forward regional configuration
(5) Configure forward area data file
(6) Start the service and turn off the firewall
(7) Add the DNS server address in the domain name resolution configuration file of the client
(8) Verify
supplement
/etc/resolv. Add up to three services in conf
5, Reverse analysis experiment steps
(1)Modify the area configuration file and add the reverse area configuration vim /etc/named.rfc1912.zones -There are templates in the file, which can be modified after copying and pasting zone "19.168.192.in-addr.arpa" IN { -The address of reverse resolution is written backwards, representing resolution 192.168.19 Address of segment type master; file "feng.com.zone.local"; -The specified area data file is feng.com.zone.local allow-update { none; }; }; (2)Configure reverse zone data file cd /var/named/ cp -p feng.com.zone feng.com.zone.local vim /var/named/feng.com.zone.local $TTL 1D @ IN SOA feng.com. admin.feng.com. ( -Here“@"Representative 192.168.19 Segment address 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS feng.com. A 192.168.19.44 100 IN PTR www.feng.com. -PTR Is the reverse pointer, and the reverse parsing 192.168.19.100 The address result is www.feng.com. (3)Restart the service for testing systemctl restart named host 192.168.19.100 nslookup 192.168.19.100
Reverse parsing practice (based on forward parsing configuration)
(1) Modify the area configuration file and add the reverse area configuration
(2) Configure reverse zone data file
(3) Restart the service for testing
6, Experimental steps of constructing master-slave domain name server
Follow the configuration environment of the above two experiments
(1)Modify the regional configuration file of the primary domain name server, and modify the forward and reverse regional configuration vim /etc/named.rfc1912.zones zone "feng.com" IN { type master; -Type main area file "feng.com.zone"; allow-transfer { 192.168.19.66; }; -It is allowed to download forward area data from the server. Here, add the data from the server IP address }; zone "19.168.192.in-addr.arpa" IN { type master; file "feng.com.zone.local"; allow-transfer { 192.168.19.66; }; }; (2)Modify the master profile from the domain name server yum -y install bind vim /etc/named.conf options { listen-on port 53 { any; }; -Listen to port 53, ip Use the local address where the service is provided IP Either or any On behalf of all # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; -Permission to use this DNS The network segment of the resolution service is also available any On behalf of all ...... } (3)Modify the domain name server regional configuration file and add positive and negative regional configurations vim /etc/named.rfc1912.zones zone "feng.com" IN { type slave; -Type is slave area masters { 192.168.19.44; }; -Specifies the name of the primary server IP address file "slaves/feng.com.zone"; -Save the downloaded area data file to slaves/Under the directory }; zone "19.168.192.in-addr.arpa" IN { type slave; masters { 192.168.19.44; }; file "slaves/feng.com.zone.local"; }; (4)Both the master and slave restart the service, close the firewall, and check whether the regional data file has been downloaded successfully systemctl restart named systemctl stop firewalld -Turn off the firewall, be sure to turn it off setenforce 0 ls -l /var/named/slaves/ (5)Add from the domain name resolution configuration file of the client DNS server address echo "nameserver 192.168.19.44" >> /etc/resolv.conf echo "nameserver 192.168.19.66" >> /etc/resolv.conf (6)verification host 192.168.19.100 nslookup 192.168.19.100 -Stop the service of the primary server and simulate the failure of the primary server systemctl stop named host 192.168.19.100 nslookup 192.168.19.100
Practice of constructing master-slave domain name server (based on the previous two experimental operations)
CentOS 7-4 (192.168.19.44) is the master server and CentOS 7-6 (192.168.19.66) is the slave server
(1) Modify the regional configuration file of the primary domain name server, and modify the forward and reverse regional configuration
(2) Modify the master profile from the domain name server
(3) Modify the domain name server regional configuration file and add positive and negative regional configurations
(4) Both the master and slave restart the service and close the firewall
(5) Add the slave DNS server address in the domain name resolution configuration file of the client
(6) Verify
(7) Stop the service of the primary server and simulate the failure of the primary server
summary
master
The port used by DNS service is port 53 of TCP and UDP, as well as forward resolution and reverse resolution.
The structure of DNS domain name and the resolution process.
The configuration experiment modifies the configuration file, and a semicolon (;) must be added after each line