Role of DNS Service
The function of converting domain names to IP addresses
DNS concept
DNS is a distributed database. The naming system adopts a hierarchical logical structure, just like an inverted tree. This logical tree structure is called domain name space. Since DNS divides the domain name space, organizations can use their own domain name space to create DNS information.
FQDN domain name
FQDN -- fully official domain name. It can accurately indicate its position relative to the DNS domain tree root, that is, the complete expression from node to DNS tree root. Reverse writing is adopted from node to tree root, and each node is marked with "." separate.
field
The DNS root domain is managed by the Internet domain name registration authority. There are three types of top-level domains:
Organization domain: a 3-character code is used to represent the main functions or activities of the organization contained in the DNS domain. For example, com is a business organization, edu is an educational organization, gov is a government organization, mil is a military organization, net is a network organization, org is a non-profit organization, and int is an international organization.
Address field: a two character country or region code, such as cn for China, kr for South Korea and us for the United States.
Reverse domain: This is a special domain named in addr ARPA, which is used to map IP addresses to domain names (reverse query).
DNS domain name resolution process
(1) The client directly queries the local DNS server www.163.com COM domain name.
(2) Local DNS cannot resolve this domain name. It first sends a request to the root domain server to query DNS address of com.
(3) Root domain DNS administration com,. net,. org and other top-level domain names. After receiving the request, it returns the resolution result to the local DNS.
(4) After the local DNS server obtains the query results, it then reports to the management The DNS server of COM domain sends a further query request for 163 DNS address of com.
(5). com domain returns the resolution result to the local DNS server 0.
(6) After the local DNS server obtains the query results, it then reports to the management 163 The DNS server of COM domain sends a request (www) to query the specific host IP address to obtain the host IP address that meets the requirements.
(7)163.com returns the resolution result to the local DNS server.
(8) The local DNS server gets the final query result, which returns the result to the client, so that the client can communicate with the remote host
Forward and reverse analysis
Forward resolution: forward resolution refers to the resolution process from domain name to IP address.
Reverse resolution: reverse resolution is the resolution process from IP address to domain name. Reverse resolution is used for server authentication.
DNS server configuration
First, we configure forward parsing
Task requirements:
A campus network should set up a DNS server to be responsible for long Domain name resolution of COM domain. The FQDN of DNS server is DNS long.com, the IP address is 192.168.225.10. Forward domain name resolution service is required for the following domain names.
dns.long.com 192.168.225.10
mail.long.com 192.168.225.2
slave.long.com 192.168.225.3
www.long.com 192.168.225.4
ftp.long.com 192.168.225.5
In addition, it is www.long.com Set alias to web. Com long. com.
Experimental operation
First install the bind service
[root@dns ~]# yum install bind bind-chroot -y
Edit global profile
[root@dns ~]# vim /etc/named.conf
listen-on port 53 { any; }; //Listening IP address and port
listen-on-v6 port 53 { ::1; };
directory "/var/named"; //Specify the path where the zone profile is located
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //Specifies the impact of SELinux
dnssec-validation no;
......
......
include "/etc/named.rfc1912.zones"; //Master profile
include "/etc/named.root.key";
The name of the main configuration file must be the same as / etc / named The file name specified in the conf file is consistent.
Modify master profile
It can be added according to the format in the file.
[root@dns ~]# vim /etc/named.rfc1912.zones
zone "long.com" IN {
type master;
file "long.com.zone";
allow-update{ none;};
};
Modify the zone configuration file of bind,
Create long com. Zone forward zone file.
[root@dns ~]# cd /var/named / / file path
[root@dns named]# ls
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@dns named]# cp -p named.localhost long.com.zone
[root@dns named]# vim long.com.zone
$TTL 1D
@ IN SOA @ root.long.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
@ IN NS dns.long.com.
@ IN MX 10 mail.long.com.
dns IN A 192.168.225.10
mail IN A 192.168.225.2
slave IN A 192.168.225.3
www IN A 192.168.225.4
ftp IN A 192.168.225.5
web IN CNAME www.long.com.
~
Configure the firewall on the DNS server, set the group of the main configuration file and zone file to named, and then restart the DNS service.
[root@dns ~]# firewall-cmd --permanent --add-service=dns success [root@dns ~]# firewall-cmd --reload success [root@dns ~]# chgrp named /etc/named.conf [root@dns ~]# systemctl restart named
Configure the Linux client and test using nslookup
[root@client ~]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.225.10 search long.com [root@client ~]# nslookup > ftp //Forward query: query the IP corresponding to the domain name Server: 192.168.225.10 Address: 192.168.225.10#53 Name: ftp.long.com Address: 192.168.225.5 > dns Server: 192.168.225.10 Address: 192.168.225.10#53 Name: dns.long.com Address: 192.168.225.10 > www Server: 192.168.225.10 Address: 192.168.225.10#53 Name: www.long.com Address: 192.168.225.4 > 192.168.225.10 ** server can't find 10.225.168.192.in-addr.arpa.: NXDOMAIN //Reverse cannot be resolved
Configure reverse resolution
Modify the main configuration file and copy the format of the file
[root@dns ~]# vim /etc/named.rfc1912.zones
zone "225.168.192.in-addr.arpa" IN {
type master;
file "192.168.225.zone";
allow-update { none; };
};
Create 192.168.225 Zone reverse zone file.
[root@dns ~]# cd /var/named / / file path
[root@dns named]# ls
chroot data dynamic long.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@dns named]# cp -p named.loopback 192.168.225.zone
[root@dns named]# vim 192.168.225.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
@ IN NS dns.long.com.
@ IN MX 10 mail.long.com.
10 IN PTR dns.long.com.
2 IN PTR mail.long.com.
3 IN PTR slave.long.com.
4 IN PTR www.long.com.
5 IN PTR ftp.long.com.
~
Configure the firewall on the DNS server, set the group of the main configuration file and zone file to named, and then restart the DNS service.
[root@dns ~]# firewall-cmd --permanent --add-service=dns success [root@dns ~]# firewall-cmd --reload success [root@dns ~]# chgrp named /etc/named.conf [root@dns ~]# systemctl restart named
> 192.168.225.10 ** server can't find 10.225.168.192.in-addr.arpa.: NXDOMAIN > ^C[root@client ~]# [root@client ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.225.10 search long.com [root@client ~]# nslookup > 192.168.225.2 //Reverse query to query the domain name corresponding to the IP 2.225.168.192.in-addr.arpa name = mail.long.com. > 192.168.225.10 10.225.168.192.in-addr.arpa name = dns.long.com. > 192.168.225.3 3.225.168.192.in-addr.arpa name = slave.long.com. >
DNS server has other operation modes
There is no demonstration here