Preface:
- BIND Domain Name Service Base
- The Role and Type of DNS System
- BIND Installation and Profile
- Building a Domain Name Server with BIND
- Build Cached Domain Name Server
- Build master and slave domain name servers
Important steps: Find the main configuration file, find the startup script
I: The role of the DNS system
1.1 Forward Resolution: Find the corresponding IP address based on the host name (domain name)
1.2 Reverse Resolution: Find the corresponding host domain name based on the IP address
ip resolves domain names, mostly for testing
1.3 Distributed Data Structure for DNS System
www.sina.com.cn.The last point is the root, which is the fully qualified domain name as a whole
WW is the host name, sina secondary domain name, com.cn is the top-level domain name. is the root
2: DNS System Type
2.1 Cache Domain Name Server
- Also known as a cache server
- Get domain name - > IP address records by querying other domain name servers
- Cache domain name query results locally to improve the speed of repeated queries
When the service is installed, it is the cache server
2.2 master Domain Name Server
- Master master master server
- Official server for a specific DNS zone, unique
- Responsible for maintaining mapping records for all domain names - > IP addresses in this region
2.3 From a domain name server (slave)
- slave server
- Also known as a secondary domain name server
- Domain name - > IP address record maintained by the primary domain name server
3: BIND Domain Name Service
3.1 Brief description of BIND services
- BIND(Berkeley Internet Name Daemon)
- Berkeley Internet Domain Name Service
- Related packages
- bind-9.9.4-37.el7.x86_64.rpm
- bind-untils-9.9.4-37.el7.x86_64.rpm
- bind-libs-9.9.4-37.el7.x86_64.rpm
- bind-chroot-9.9.4-37.el7.x86_64.rpm
3.2 BIND Domain Name Server
- Main Executor: /usr/sbin/named
- Default listening port: 53 TCP for connection control, UDP for fast resolution
- Main profile: /etc/bind/named.conf
- The data file where the DNS parsing record is saved is located at/var/named/
3.3 BIND Domain Name Server Master Profile/etc/bind/named.conf
Global Configuration Section
- Set global parameters for DNS server
- Include listening address/port, default location of data file, etc.
- Configuration section using options {....};
[root@localhost ~]# vim /etc/named.conf
options { 'option'
listen-on port 53 { any; }; 'Listen Address All'
listen-on-v6 port 53 { ::1; };
directory "/var/named"; 'Directory in/var/named lower'
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.10.0/24; }; 'Allow this segment to come up for resolution'
Zone configuration section/etc/named.rfc1912.zones
- Set up specific DNS zones where this server provides domain name resolution
- Include domain name, server role, data file name, etc.
- Configuration snippet using zone "zone name" IN {...};
#Forward Resolution
zone "localhost" IN { 'Host name, example kgc.com'
type master; 'master Type, Master Server'
file "named.localhost"; 'Zone data file name, A Record, which can parse the host header,'
allow-update { none; }; 'Allow updates'
allow-transfer { 173.16.16.2 } 'From Server IP address'
};
#Reverse Resolution
zone "16.16.173.in-addr.arpa" IN { 'ip Address Reverse'
type master; 'master server'
file "named.loopback"; 'Zone Profile Name'
allow-update { none; }; 'Allow updates'
};
16.16.173.in-addr.arpa is the ip address'173.16.16.',?As an option
3.4 Zone Data Profile (A record) file'*'in Zone Configuration Options
3.4.1 Global TTL Configuration Items and SOA Records/var/named/Directory
- $TTL (Time To Live, Lifetime) Record
- SOA (Start Of Authority, start of authorization information) record
- The beginning of the semicolon';'indicates comment information
$TTL 1D 'Lifecycle for valid resolution of records'
@ IN SOA @ rname.invalid. ( 'SOA Mark,@Domain Name, Administrator Mailbox'
0 ; serial
'Update the serial number, which can be an integer within 10 digits, current 0'
1D ; refresh
'Refresh time, interval between downloads of address data, 1 day'
1H ; retry
'Retry delay, retry interval after download failure, 1 hour'
1W ; expire
'Failure time, fail to download after change time, give up for 1 week'
3H ) ; minimum
'Lifetime of invalid parsed records is 3 hours'
NS @ '@Referring to oneself'
A 127.0.0.1 'The loopback address, which is not written at the beginning of the line, defaults to its own host name, that is, you enter your own host name in ping Own'
AAAA ::1
~ If the primary server is not found, it will be found every hour for 1 week
3.4.2 Domain Name Resolution Record
- NS Domain Name Server Records
- MX Mail Exchange record
- A address record, only used in forward parsing area
- CNAME Alias (Canonical Name) Record
$TTL 1D 'Lifecycle for valid resolution of records'
@ IN SOA @ rname.invalid. ( 'SOA Mark,@Domain Name, Administrator Mailbox'
0 ; serial
'Update the serial number, which can be an integer within 10 digits, current 0'
1D ; refresh
'Refresh time, interval between downloads of address data, 1 day'
1H ; retry
'Retry delay, retry interval after download failure, 1 hour'
1W ; expire
'Failure time, fail to download after change time, give up for 1 week'
3H ) ; minimum
'Lifetime of invalid parsed records is 3 hours'
NS @
A 127.0.0.1
AAAA ::1
@ IN NS ns1.bdqn.com. 'Your own domain name is called ns1.bdqn.com.'
IN MX 10 mail.bdqn.com. 'Your own mail exchange priority of 10 is called mail.bdqn.com.'
ns1 IN A 58.119.74.203 'The host name is the host header ns1 Corresponds to ip Address 58.119.74.203'
www IN A 173.16.16.1 'Host Name www Corresponds to ip Address 173.16.16.1'
mail IN A 173.16.16.4
ftp IN CNAME www 'cname,Alias, that is, input ftp Equivalent to input www'
~ 3.5 Experiments: Forward Resolution Building
[root@dns named]# Rpm-qc bind'View configuration files for installed bind software' /etc/logrotate.d/named /etc/named.conf /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /var/named/named.ca /var/named/named.empty /var/named/named.localhost /var/named/named.loopback [root@dns named]#
[root@dns named]# Vim/etc/named.conf'Configure Master Profile'
options {
listen-on port 53 { any; }; 'Modify the listening address to all'
listen-on-v6 port 53 { ::1; };
directory "/var/named"; 'Default file storage location, no move'
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; 'Allow all hosts to come to resolve'
/*
[root@dns named]# Vim/etc/named.conf'Configure Master Profile'
zone "." IN { 'Root Domain, don't move it'
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; 'Zone profile, which you will configure next'
include "/etc/named.root.key";
[root@dns named]# Cd/var/named'Take a look at the default file storage path' [root@dns named]# ls chroot data dyndb-ldap kgc.com.zone named.empty named.loopback chroot_sdb dynamic kgc.com.local named.ca named.localhost slaves [root@dns named]# Vim/etc/named.rfc1912.zones'Configuration Zone Profile'
Bounded by ipv6 reverse resolution zone, above is forward resolution zone, below is reverse resolution zone
zone "kgc.com" IN { 'Create a kgc.com Forward Resolution Zone'
type master;
file "kgc.com.zone";
'Store files in default directory/var/named Next, named kgc.com.zone File, if you don't need to create it yourself'
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "kgc.com.local";
allow-update { none; };
};
[root@dns named]# cp -p named.localhost kgc.com.zone
'Retain permission to copy template, rename to kgc.com.zone'
[root@dns named]# vim kgc.com.zone''modifies the region data,
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 127.0.0.1
IN MX 5 mail.kgc.com.
mail IN A 10.10.10.10
www IN A 9.9.9.9
ftp IN CNAME www
* IN A 8.8.8.8
@stands for variable, referring to domain name here
DNS forward resolution is now configured
[root@dns named]# systemctl start named'Start service' [root@dns named]# Netstat-n a T P | grep named'View port status-n Digits-A All-t tcp-p protocol' tcp 0 0 192.168.139.132:53 0.0.0.0:* LISTEN 40771/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 40771/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 40771/named tcp6 0 0 ::1:53 :::* LISTEN 40771/named tcp6 0 0 ::1:953 :::* LISTEN 40771/named [root@dns named]# netstat -naup |grep named '-u udp' udp 0 0 192.168.139.132:53 0.0.0.0:* 40771/named udp 0 0 127.0.0.1:53 0.0.0.0:* 40771/named udp 0 0 192.168.122.1:53 0.0.0.0:* 40771/named udp6 0 0 ::1:53 :::* 40771/named
[root@dns named]# systemctl stop firewalld'close firewall' [root@dns named]# setenforce 0'Turn off Security Enhancement Service'
Verify
Create a new virtual machine, set network card mode to nat mode, and specify dns
C:\Users\GSY>nslookup mail.kgc.com
//Server: UnKnown
Address: 192.168.139.132
//Name: mail.kgc.com
Address: 10.10.10.10
C:\Users\GSY>nslookup qqq.kgc.com
//Server: UnKnown
Address: 192.168.139.132
DNS request timed out.
timeout was 2 seconds.
//Name: qqq.kgc.com
Address: 123.123.123.123'Also available locally/etc/resolv.conf Input dns Server name, tell host dns Location for local validation ' [root@dns named]# echo "nameserver 192.168.139.132" > /etc/resolv.conf [root@dns named]# nslookup www.kgc.com Server: 192.168.139.132 Address: 192.168.139.132#53 Name: www.kgc.com Address: 10.0.0.10
3.6 Reverse Domain Name Resolution Record PTR
3.6.1 Domain Name Resolution Record
- PTR Point record, used only in reverse parsing area
- The first column of the record specifies the host address part of the IP address
14 IN PTR www.kgc.com. 13 IN PTR ftp.kgc.com.
Reverse Resolution Zone Data File Configuration
[root@dns named]# cp -p named.loopback kgc.com.local
'The filename created matches the filename of the zone reverse resolution configuration'
[root@dns named]# vim kgc.com.local
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 14.0.0.14
14 IN PTR www.kgc.com.
13 IN PTR ftp.kgc.com.
2 IN PTR WWW.GSYDSG.com.
~ Test nslookup or host
[root@dns named]# systemctl restart named [root@dns named]# nslookup 14.0.0.2'Because WWW is uppercase in the configuration file, it is not a domain name=' 2.0.0.14.in-addr.arpa name = WWW.GSYDSG.com. [root@dns named]# host 14.0.0.14 14.0.0.14.in-addr.arpa domain name pointer www.kgc.com. [root@dns named]# host 14.0.0.13 13.0.0.14.in-addr.arpa domain name pointer ftp.kgc.com. [root@dns named]#
3.7 Special Application of Regional Data Profile - Pan-domain Name Resolution
3.7.1 Load balancing based on domain name resolution
- The same domain name corresponds to multiple IP addresses
3.7.2 Pan-domain Name Resolution
- Use'*'to match when no exact corresponding A record is found
www IN A 9.9.9.9 www IN A 7.7.7.7 www IN A 6.6.6.6 * IN A 8.8.8.8
Verify that the same domain name corresponds to multiple IP addresses
C:\Users\GSY>nslookup www.kgc.com
//Server: UnKnown
Address: 192.168.139.132
DNS request timed out.
timeout was 2 seconds.
//Name: www.kgc.com
Addresses: 6.6.6.6
7.7.7.7
9.9.9.93.8 Syntax check named-checkconf on profile
3.8.1 named-checkconf tool
[root@dns named]# named-checkconf /etc/named.conf [root@dns named]# named-checkconf /etc/named.rfc1912.zones
Nothing happened, because it's working properly, I'll make a mistake and verify the data inside
zoe "kgc.com" IN { 'Remove a letter'
type master;
file "kgc.com.zone";
allow-update { none; };
};[root@dns named]# named-checkconf /etc/named.rfc1912.zones /etc/named.rfc1912.zones:13: unknown option 'zoe'
Correct the error
[root@dns named]# named-checkconf -z /etc/named.rfc1912.zones zone kgc.com/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 0.0.14.in-addr.arpa/IN: loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial 0
The -z option also checks to see if the zone item is incorrect
View the overall syntax without the -z option
3.8.2 named-checkzone tool
[root@dns named]# named-checkzone kgc.com /var/named/kgc.com.zone zone kgc.com/IN: loaded serial 0 OK
3.9 Experiment: Building a Cached Domain Name Server
3.10 Build master and slave domain name servers
slave Slave from server
summary
Use dns domain name resolution service
Turn off the firewall before you say
1. Bid* software needs to be installed
Main Profile/etc/bind/named.conf
Data file/var/named
Program/usr/sbin/named
2. Global Profile Configuration/etc/named.conf
options { 'Many options'
listen-on port 53 { 127.0.0.1; }; 'Listen for this address'
listen-on-v6 port 53 { ::1; };
directory "/var/named"; 'Default directory in/var/named lower'
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; 'Allow this hostname to be resolved'3. Zone Profile/etc/named.rfc1912.zones
#Forward Resolution
zone "localhost" IN { "Host name"
type master; 'master Type, Master Server'
file "named.localhost"; 'Zone data file name, A Record, which can parse host headers'
allow-update { none; }; 'Allow updates'
allow-transfer { 173.16.16.2 }; 'From Server IP address'
};
zone "localhost" IN { "Host name"
type slave; 'slave Type, from server'
file "slaves/bdqn.com.zone";
allow-update { none; }; 'Allow updates'
masters { 192.168.10.10; }; 'Host Server's IP address'
};
#Reverse Resolution
zone "16.16.173.in-addr.arpa" IN { 'ip Address Reverse'
type master; 'master server'
file "named.loopback"; 'Zone Profile Name'
allow-update { none; }; 'Allow updates'
};3. Area data file/var/named/directory
Copy with privileges using named.localhost as the template, changing the name to the name of the file parameter in the zone profile
$TTL 1D 'Lifecycle for valid resolution of records'
@ IN SOA @ rname.invalid. ( 'SOA Mark,@Domain Name, Administrator Mailbox'
0 ; serial
'Update the serial number, which can be an integer within 10 digits, current 0'
1D ; refresh
'Refresh time, interval between downloads of address data, 1 day'
1H ; retry
'Retry delay, retry interval after download failure, 1 hour'
1W ; expire
'Failure time, fail to download after change time, give up for 1 week'
3H ) ; minimum
'Lifetime of invalid parsed records is 3 hours'
NS @
A 127.0.0.1
AAAA ::1
@ IN NS ns1.bdqn.com.
IN MX 10 mail.bdqn.com.
mail IN A 173.16.16.4
ns1 IN A 58.119.74.203
ftp IN CNAME www
www IN A 173.16.16.1
nslookup can be tested
You can enter a dns server host name in the / etc/hosts and / etc/resolv.conf files
And confirm for quick access to dns addresses
