Principle and super detailed operation of configuring DNS

catalogue

1, DNS domain name system

1. Role of DNS system

2.DNS system type

(1) Primary domain name server

(2) From domain name server

3.DNS query type

recursive query

Iterative query

4.DNS domain name structure

2, Build DNS domain name resolution server

1. Forward analysis

2. Reverse parsing

1, DNS domain name system

1. Role of DNS system

Forward resolution: find the corresponding IP address according to the domain name

Reverse resolution: find the corresponding domain name according to the IP address

Distributed data structure of DNS system

2.DNS system type

(1) Primary domain name server

It is responsible for maintaining all domain name information of a region. It is the authoritative information source of all specific information, and the data can be modified. When building the primary domain name server, you need to create the address data file of the responsible region

Unique

(2) From domain name server

When the primary domain name server fails, shuts down or is overloaded, the secondary domain name server provides domain name resolution services as a backup service. Provide domain name resolution service from domain name server. The resolution results provided from the domain name server are not determined by themselves, but from the main domain name server. When building a slave domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the region.

3.DNS query type

recursive query

A recursive query exists between the client and the DNS server.

The source and target of the query remain unchanged. You only need to initiate a query once in order to query the results.

Iterative query

The source of the query remains unchanged, but the target of the query is constantly changing. It is generally necessary to initiate multiple queries for the query results.

4.DNS domain name structure

The structure of DNS system is distributed data structure

  • Root domain: located at the top level of the tree structure, represented by "."

  • Top level domain: generally represents a type of organization or country region

Net (network provider), com (industrial and commercial enterprise), org (group organization), edu (Educational Organization), gov (government department), CN (Chinese national domain name)

  • Secondary domain: used to indicate a specific organization in the top-level domain. The secondary domain name under the national top-level domain is uniformly managed by the national department

  • Sub domain: all levels of domains created under the secondary domain are collectively referred to as sub domains. Each organization or user can freely apply for registration of their own domain name

  • Host: the host is located at the bottom of the domain name space, even if it is a specific computer‘

There is a many to one relationship between domain names and IP addresses. An IP address does not necessarily correspond to only one domain name, and a domain name can only correspond to one IP address

2, Build DNS domain name resolution server

1. Forward analysis

#systemctl stop firewalld.service / / turn off the firewall
#Setenforce0 / / close selinux
#yum install -y bind / / install bind package
#rpm -qc bind / / view the path of the bind software configuration file
/etc/logrotate.d/named
/etc/named.conf  #Modify master profile
/etc/named.iscdlv.key
/etc/named.rfc1912.zones #Modify zone profile
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost #Configure area data file
/var/named/named.loopback
Modify master profile
#vim /etc/named.conf
12 options {
 13         listen-on port 53 { any; };
 14         listen-on-v6 port 53 { ::1; };
 15         directory       "/var/named";
 16         dump-file       "/var/named/data/cache_dump.db";
 17         statistics-file "/var/named/data/named_stats.txt";
 18         memstatistics-file "/var/named/data/named_mem_stats.txt";
 19         recursing-file  "/var/named/data/named.recursing";
 20         secroots-file   "/var/named/data/named.secroots";
 21         allow-query     { any; };
[root@localhost named]# rndc reload / / refresh service
Modify zone profile
# vim named.rfc1912.zones 
 13 zone "oyyy.com" IN {
 14         type master;
 15         file "oyyy.com.zone";
 16         allow-update { none; };
 17 };
 18 zone "localhost.localdomain" IN {
 19         type master;
 20         file "named.localhost";
 21         allow-update { none; };
 22 };
[root@localhost named]# rndc reload / / refresh service
Modify the zone configuration file and add forward zone configuration
[root@localhost etc]# cd /var/named/
[root@localhost named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp named.localhost oyyy.com.zone
[root@localhost named]# ls
data     named.ca     named.localhost  oyyy.com.zone
dynamic  named.empty  named.loopback   slaves
[root@localhost named]# vim oyyy.com.zone 
  1 $TTL 1D
  2 @       IN SOA  master.oyyy.com. admin.oyyy.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      master.oyyy.com.
  9 master  A       192.168.68.30
 10 www     A       192.168.68.40
 11         MX 10   mail.oyyy.com.
 12 mail    A       192.168.68.50
 13 ftp     CNAME   www
 14 *       A       192.168.68.40
 15 @       A       192.168.68.40
 [root@localhost named]# rndc reload / / refresh service
Forward file configuration validation
host www.oyyy.com
nslookup www.oyyy.com

[root@localhost ~]# vim /etc/named.conf 

 [root@localhost ~]# vim /etc/named.rfc1912.zones

 [root@localhost named]# vim oyyy.com.zone 

2. Reverse parsing

Modify zone profile
# vim named.rfc1912.zones 
 42 zone "0.in-addr.arpa" IN {
 43         type master;
 44         file "named.empty";
 45         allow-update { none; };
 46 };
 47 
 48 zone "68.168.192.in-addr.arpa" IN {
 49         type master;
 50         file "oyyy1.com.zone";
 51         allow-update { none; };
[root@localhost named]# rndc reload / / refresh service
Modify the zone configuration file and add the reverse zone configuration
[root@localhost named]# cp -p oyyy.com.zone oyyy1.com.zone
[root@localhost named]# chmod 640 oyyy1.com.zone ;chgrp named oyyy1.com.zone 
[root@localhost named]# vim oyyy1.com.zone 
  1 $TTL 1D
  2 @       IN SOA  master.oyyy1.com. admin.oyyy1.com. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8         NS      master.oyyy1.com.
  9 master  A       192.168.68.30
 10 100 IN PTR      www.oyyy1.com.
 11 99  IN PTR      ftp.oyyy1.com.
[root@localhost named]# rndc reload / / refresh service
Verification of reverse file configuration
[root@localhost named]# host 192.168.68.100
100.68.168.192.in-addr.arpa domain name pointer www.oyyy1.com.
[root@localhost named]# host 192.168.68.99
99.68.168.192.in-addr.arpa domain name pointer ftp.oyyy1.com.

[root@localhost named]# vim /etc/named.rfc1912.zones 

 [root@localhost named]# vim oyyy1.com.zone

 

 

Tags: Linux CentOS xshel

Posted on Tue, 28 Sep 2021 06:40:14 -0400 by jawaking00