Chapter III Learning Blog (DNS Server Deployment)

Chapter 4 of the Linux Refinement Tour!

Tip: Here you can add a catalog of all articles in the series, which you need to add manually yourself
Example: Chapter 1 Use of pandas to get started with Python machine learning

Tip: After writing an article, the catalog can be automatically generated and how to generate a help document that you can refer to on the right

1. Introduction to DNS and its installation enablement

dns:
Domain name service
A Record
An ip Address is an Addresses record called a domain name
SOA
Authorization Start Host
dns Top Level
. 13
secondary
.com .net .edu .org ...
baidu.com
#About the server#
bind
named
/etc/named.conf
/var/named
port
##Installation Package
##Service Name
##Main Profile
##Data directory
##53
About error message:
1.no servers could be reached
2. Service Startup Failure
3.dig query status
NOERROR
REFUSED
SERVFAIL
NXDOMAIN
##Service is inaccessible (service open? Firewall? Network? Port?)
##Profile Writing Error Journrnalctl-xe Query Error
##indicates that the query succeeded
##Service Denial of Access
##Query record failed, (dns server cannot reach parent, refuse cache)
##This domain name A record does not exist in dns

2. Installation and Enablation of dns Services

Install bind first
dnf install bind -y
Enable Services

systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

Then open the main profile to make the following adjustments


Last Restart Service
systemctl restart named

3. Cached dns

Configuring a dns server in an enterprise allows intranet hosts to obtain dns from the dns server, which greatly improves efficiency.
What can I do?
Ensure that dns service hosts can be networked before experimentation
In this experiment, the dns host is 126 hosts (172.25.254.126)
First set the dns of the dns server to 114.114.114.114
vim /etc/resolv.conf
Add
nameserver 114.114.114.114
Then in the main profile
vim /etc/named.conf
Add a line
forwarders { 114.114.114.114; };
The effect is as follows
Then set the dns address to the ip of one host
This experiment is in 226 host
vim /etc/resolv.conf
input
nameserver 172.25.254.126
Try to enter
dig www.baidu.com
And then go to the dns server
dig www.baid.com
Let the server get dns
Then let the client
dig www.baidu.com
You can see that the time spent is 0s
Greatly improved efficiency

4. Forward Resolution of dns

First set the dns of the dns service host to its ip
vim /etc/resolv.conf

Then comment diao on the direction of the previous experiment in the main configuration file
vim /etc/named.conf

To prevent the main profile from being too long, you can place the profile in a file that has the same effect after an include in many cases

So let's enter the absolute path to this file
vim /etc/named.rfc1912.zone
Then edit the file
Add the following

zone "westos.com" IN {  #Maintained domain name
type master;			#Current Server Bit Master dns
file "westos.org.zone"; #Domain Name A Record File
allow-update { none; }; #Allow updates to host list
};


Then copy the file template with permission and rename it to the domain name written in your file

[root@dns ~] cd /var/named/
[root@dns named] cp -p named.localhost westos.org.zone
[root@dns named] ll
total 20
drwxrwx---. 2 named named   23 Dec  2 16:44 data
drwxrwx---. 2 named named   60 Dec  2 19:06 dynamic
-rw-r-----. 1 root  named 2253 Feb 27  2020 named.ca
-rw-r-----. 1 root  named  152 Feb 27  2020 named.empty
-rw-r-----. 1 root  named  152 Feb 27  2020 named.localhost
-rw-r-----. 1 root  named  168 Feb 27  2020 named.loopback
drwxrwx---. 2 named named    6 Feb 27  2020 slaves
-rw-r-----. 1 root  named  152 Feb 27  2020 westos.org.zone

You need to edit the file yourself after copying the template
vim westos.org.zone

$TTL 1D
@       IN SOA   dns.westos.org. root.westos.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.org.
dns     A       172.25.254.126
www     A       172.25.254.111

Restart the system after doing the above

systemctl restart named

You can go to the client host (226) to try the effect
dig www.westos.org

You can see "172.25.254.111"
That's what we wanted the client host to resolve in the configuration file before

5. Reverse Resolution of dns

Contrary to forward resolution, this action resolves the domain name to ip
Edit the file first
vim /etc/named.rfc1912.zones
Add Content

zone "254.25.172.in-addr.arpa" IN {
        type master;
        file "172.25.254.ptr";
        allow-update { none; };
};

Then copy the Reverse Resolution File Template with privileges
cd /var/named/
cp -p named.loopback 172.25.254.ptr

Then edit the file
vim 172.25.254.ptr
For the following

$TTL 1D
@       IN SOA  dns.westos.org. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.org.
dns     A       172.25.254.126
126     PTR     shy.westos.org.
~                                                                                                                      
~                                              


Then you can go to the client host to test it
dig -x 172.25.254.126
You can see that the domain name shy.westos.org. was successfully resolved to 172.25.254.126

6. Bidirectional Resolution of dns

This experiment requires two clients and sets the ip of two network segments for the service host
Similar to internal and external network segments

ip status of 1 segment
ip status of server

First, de-host the configuration file to control access control paths for different segments
Allow hosts from different segments to access different content
vim /etc/named.conf
Comment out the default access file first
Then enter the access control code

view loaclnet{
        match-clients{ 1.1.1.0/24 ;};
        zone "." IN {
                type hint;
                file "named.ca";
        };
        include "/etc/named.rfc1912.inter";
};
view anyone {
        match-clients{ any ;};
        zone "." IN {
                type hint;
                file "named.ca";
        };
        include "/etc/named.rfc1912.zones";
};


Then write the corresponding access file based on the direction in the file

[root@dns ~] cd /var/named/
[root@dns named] ls
172.25.254.ptr  data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves  westos.org.zone
[root@dns named] cp westos.org.zone westos.org.inter -p
[root@dns named] chgrp named westos.org.inter 
[root@dns named] ls -l westos.org.inter 
-rw-r-----. 1 root named 202 Dec  2 19:47 westos.org.inter
[root@dns named] cp /etc/named.rfc1912.zones /etc/named.rfc1912.inter -p

Then modify the copied file
vim /etc/named.rfc1912.inter
Change the original file name to westos.org.inter

zone "westos.org" IN {
        type master;
        file "westos.org.inter";
        allow-update { none; };
};

vim westos.org.inter

You can see that the files corresponding to inter are all 1 segment

$TTL 1D
@       IN SOA   dns.westos.org. root.westos.org. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      dns.westos.org.
dns             A       1.1.1.126
www             CNAME   shy.a
shy.a           A       1.1.1.126
shy.a           A       1.1.1.226
westos.org.     MX 1    1.1.1.226                                        


Check the zone file again before testing, that is, the file pointing to when the 172 segments are accessed

Last Reset Service
systemctl restart name
Test results
You can see in the 1 segment host that the content corresponding to the 1 segment is accessed

The content of Segment 172 was accessed in Segment 172

7. dns cluster

This experiment requires two virtual machines
Set both virtual machine segments to 172
Both hosts need to have bind installed
And start the service
See the instructions at the beginning of this chapter for specific steps
Changing zone file configuration file in primary dns server
The serial value can be modified according to the year, month and day setting, for example, if we set 2021120201 as the first change on December 2, 2021
vim westos.org.zone

$TTL 1D
@       IN SOA   dns.westos.org. root.westos.org. (
                                        2021120201      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.westos.org.
dns             A       172.25.254.126
www             CNAME   shy.a
shy.a           A       172.25.254.11
shy.a           A       172.25.254.22
westos.org.     MX 1    172.25.254.222

Then notify other clients when the master dns changes content in the 1912zone file
It's simple
Edit file vim/etc/named.rfc1912.zones
Add also-notify {172.25.254.226;};
The effect is as follows

Then exit the restart service
systemctl restart named

Secondary dns host 226 in the client host
Turn off the firewall after completing the service installation steps
Modify 1912zone file
vim /etc/named.rfc1912.zones

zone "westos.org" IN {
        type slave;
        masters{ 172.25.254.126; };
        file "slaves/westos.org.zone";
};

Restart Service
It's ready to test

Now let's go to the master dns service and modify it
Change to the second time and modify the parsing content

You can see that it will synchronize automatically

8. ddns(dhcp+dns)

Tags: Linux Operation & Maintenance server

Posted on Thu, 02 Dec 2021 13:59:42 -0500 by glc650