DNS domain name resolution and forward resolution experiment

1, Role of DNS system

  • Forward resolution: find the corresponding IP address according to the domain name
  • Reverse resolution: find the corresponding domain name according to the IP address
  • Distributed data structure of DNS system

① DNS definition

  • DNS is the English abbreviation of "city name system". As a distributed database that maps city names and IP addresses to each other, it can make it easier for people to access the Internet.
  • DNS service uses TCP and UDP port 53. TCP port 53 is used to connect to DNS server and UDP port 53 is used to resolve DNS.
  • The length of each level of domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters.

② Domain name structure

http: / / hostname Subdomain Secondary city Top level domain root domain/

The top layer of the tree structure is called the root domain, with "." Said that the corresponding server is called the root server, and the resolution right of the whole city name space belongs to the root server, but the root server cannot bear a huge load, Use "delegation" "Mechanism: some top-level domains are set under the root domain, and then the resolution rights of different top-level domains are delegated to the corresponding top-level domain servers respectively. For example, the resolution rights of COM domain are delegated to com City server, but in the future, all city name resolution requests ending in com received by the root server will be forwarded to com City server. Similarly, in order to reduce the pressure of the top-level domain, several secondary domains are set The secondary domain has a tertiary domain or host.

Root domain
It is located at the top of the domain name space, usually with a "." express

Top level domain
It generally represents a type of organization or country,
Such as net (network provider) Com (industrial and commercial enterprises) org (group organization) edu (educational institution) gov (government department) CN (Chinese national domain name)

Secondary domain
It is used to indicate a specific organization within the top-level domain. The secondary domain name under the national top-level domain is uniformly managed by the national network department,
Such as Cn secondary domain name set under the top-level domain name: com.cn, . net.cn, . edu.cn

The domains at all levels created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name

The host is located at the bottom of the city name space, which is a specific computer
If www.mail is a specific computer name, you can use www.sina.com com. cn.. mail.sina.com.cn. This representation is called FQDN (fully qualified domain name), which is also the full name of the host in the domain name

DNS domain name resolution method domain name resolution method: forward resolution is to find the corresponding IP address according to the domain name. Reverse resolution is to find the corresponding domain name according to the IP address

③ DNS server type

There are four types of DNS servers: master domain name server, slave domain name server, cache domain name server and forward domain name server.

  • Main domain name server: responsible for maintaining all domain name information in a region. It is the authoritative information source of all specific information, and the data can be modified. When building the master domain name server, you need to establish the address data file of the responsible area.
  • Slave domain name server: when the master domain name server fails, shuts down or is overloaded, the slave domain name server provides domain name resolution services as a backup service. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.
  • Caching domain name server: it only provides the caching function of domain name resolution results, which aims to improve the query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server and puts it in the cache. It will respond to the same information in the future. The cached domain name server is not an authoritative server because all the information provided is indirect information. When building a cached domain name server, you must set the root domain or specify another DNS server as the resolution source.
  • Forwarding domain name server: responsible for local query of all non local domain names. After receiving the query request, the forwarding domain name server will find it in its cache. If it cannot find it, it will forward the request to the specified domain name server in turn until the search result is found. Otherwise, it will return the unmapped result.

2, Steps to build DNS domain name resolution server

① Install bind package

yum install -y bind 

② Configure forward resolution

(1) First check the path of the configuration file to be modified

rpm -gc bind	#Query the path of bind software configuration file
/etc/named.conf	   #Master profile
/etc/named.rfc1912.zones	   #Zone profile
/var/named/named.localhost	   #Area data profile

(2) Modify master profile
vim /etc/ named.conf

options {
	listen-on port 53 {; };   ●Listen to port 53, ip address:Use local to provide services IP,Also available any Indicates all
	listen-on-v6 port 53 { : :1; };   #ipv6 lines can be commented out or deleted if they are not used
	directory   "/var/named";    #Default storage location of area data files
"/var/named/data/cache_ dump. db" ;   #Location of domain name cache database file
	statistics-file "/var/ named/data/named_ stats.txt";   #Location of status statistics file
	memstatiatics-file "/var/named/data/named_ mem_ stats. txt" ;  ●Location of memory statistics file
	allow-query { 192 . 168.80.0/24;; );   ●Permission to use this DNS The network segment of the resolution service is also available any On behalf of all

zone "." IN {               #Forward parsing "." Root region
	type hint;					#Type is root area
	file "named.ca";			#The district data file is named Ca, which records the city name and IP address of 13 root City servers
include "/etc/ named. rfc1912. zones" ;		#Contains all the configurations in the area configuration file

(3) Modify the regional configuration file and add the forward regional configuration
vim /etc/named. rfc1912. There are templates in the zones # file that can be copied, pasted and modified

zone "benet.com" IN{			●Forward analysis"benet.com"region
	type master;					#Type: Main District
	"benet.com.zone";			●The specified area data file is benet.com.zone
	allow-update{ none; } ;

(4) Configure forward area data file
cd /var/named
cp -p named.localhost benet.com.zone # retains the permissions of the source file and the copy attribute of the owner
vim /var/named/benet.com.zone

STTL 1D 				#Lifetime of valid resolution records
IN SOA benet.com. admin.benet.com.{		#The "@" symbol indicates the current DNS zone domain name
	 0 ; serial						#Update serial number, which can be an integer within 10 digits
	1D ; refresh					#Refresh time, interval between downloading address data again
	1H ; retry 						#Retry delay, retry interval after download failure
	1W ; expire						#Expiration time. If you still cannot download after that time, you will give up
3H )	; minimum					#Lifetime of invalid resolution record
	NS	benet.com.					#Records the name of the DNS server for the current zone
	A				#Record host IP address
IN	MX 10	mail.benet.com. 	#MX is a mail exchange record. The higher the number, the lower the priority
www	IN A     			#Record forward analysis www.benet.com Com corresponding IP
mail IN A
ftp IN CNAME www					#CNAME uses alias, and ftp is the alias of www
* IN A domain name resolution, "*" represents any host name

"@" here is a variable, the domain name of the current DNs zone

The update serial number in the SOA record is used to synchronize the regional data of the master and slave servers. When the slave server judges the regional update, if it is found that the serial number in the master server is the same as that in the local regional data, it will not be downloaded.

"benet.com." this is a fully qualified city name (FQDN), followed by a "." You can't miss it

"Admin. Benet. Com." indicates the administrator's mailbox. The "@" symbol here has other meanings, so it is used. " replace

(5) Start the service and turn off the firewall

systemctl start named
systemctl stop firewalld
setenforce	0

(6) Add the DNS server address in the domain name resolution configuration file of the client
vim /etc/resolv.conf # will take effect immediately after modification

nameserver =


VI / etc / sysconfig / network scripts / ifcfg-ens33 # after modification, restart the network card
systemctl restart network

(7) Test DNS resolution
host www. benet.com
nslookup www.benet.com

③ Forward analytical experiment

1. Install bind package

2 view configuration file path
3 turn off the firewall

4. Modify the master configuration file

5 modify the area configuration file and add the forward area configuration

6. Configure forward area data file

Next, we modify the above figure for this experiment

7 close the firewall, start the service and start resolving the domain name

Keywords: Linux network

Added by delorian on Sat, 19 Feb 2022 19:51:11 +0200