1 Basic Knowledge Points
DNS services
DNS: Domain Name System Application Layer Protocol
C/S,53/udp, 53/tcp
BIND: Bekerley Internat Name Domain
ISC (www.isc.org)
Local Name Resolution Profile: hosts
DNS domain name
Root region
Level 1 domain name: Top Level Domain: tld
com, edu, mil, gov, net, org, int,arpa
Three categories: organizational domain, national domain (.cn,.ca,.hk,.tw), reverse domain
Two level domain name
Three level domain name
Up to 127 domain names
ICANN(The Internet Corporation for Assigned Names and Numbers)
Internet Name and Digital Address Assignment Agency, responsible for the global use of Internet top-level domain names
Management of (gTLD) and national and regional top-level domain name (ccTLD) systems, and root server systems
Management
DNS Domain Name Structure
DNS analysis
DNS query type:
recursive query
Iterative query
Name Server: Host in the domain responsible for resolving names in the domain
Root server: 13 groups of servers
Resolution type:
FQDN --> IP
IP --> FQDN
Note: Forward and backward parsing are two different namespaces and two different parsing trees
DNS Server Type
Type of DNS server:
Main DNS Server
From DNS Server
Cache DNS server (transponder)
- Master DNS Server: Server that manages and maintains the parsing libraries within the domain that it is responsible for parsing
- Slave DNS Server: Resolve Library Copies "Copy" (Area Transfer) from the Master Server or Slave Server
Sequence Number: Parse Library Version Number. When the primary server parses the library, its sequence increases.
Refresh interval: The interval between requests for synchronous parsing from the slave server and the master server
Retry interval: When synchronization fails from the server, retry interval
Overdue time: How long does it take to stop service when the primary server cannot be reached from the slave server - "Notification" mechanism: When the master server parsing library changes, it will actively notify the slave server.
resource record
Regional parsing libraries: composed of many RR s:
Resource Record: Resource Record, RR
Record types: A, AAAA, PTR, SOA, NS, CNAME, MX
SOA: Start Of Authority, start authorization record; a region parsing library has and can only have one
SOA records, which must be in the first record of the parsing library
A: internet Address, Function, FQDN - > IP
AAAA: FQDN --> IPv6
PTR: PoinTeR,IP --> FQDN
NS: Name Server, a DNS server dedicated to identifying the current region
CNAME: Canonical Name, Alias Record
MX: Mail eXchanger, mail exchanger
TXT: A way of identifying and describing domain names. TXT is usually used when making verification records, such as:
SPF (anti-spam) records, https validation, etc.
Example: _dnsauth TXT 20112000051qgs69bwoh4h6nht4n1h0lr038x
2 Basic Environment Installation
root:~ # yum install -y bind root:~ # vim /etc/named.conf
- Modify these two lines to make all hosts accessible
listen-on port 53 { localhost; };
allow-query { any; }
root:/etc/named # systemctl start named.service
3 Master-slave Server Construction
Setting up the Main Server
- Modify the bind configuration file
vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {from server IP;}; #Only slave server synchronization is allowed
vim /etc/named.rfc1912.zones
//Add to
zone "qh.com" IN {
type master;
file "qh.com.zone";
}- Editing DNS Regional Database Files
root:/etc/named # cp -p /var/named/named.localhost /var/named/qh.com.zone
root:/var/named $ vi /var/named/qh.com.zone
$TTL 1D
@ IN SOA master qh.com. (
2019042210 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.64.151
dbserver1 A 1.1.1.1
dbserver2 A 2.2.2.2root:~ # systemctl restart named.service #Restart service
- test
root:~ $ dig dbserver1.qh.com @192.168.64.151
Build slave server
yum install bind
vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;}; #No machine synchronization allowed
vim /etc/named.rfc1912.zones
zone "qh.com" {
type slave;
masters {master server IP;};
file "slaves/qh.com.slave";
};
root:~ # systemctl start named.service - Synchronize from the server
root:/var/named/slaves # cp -p /var/named/named.localhost /var/named/slave/qh.com.slave root:/var/named # cd slaves/ root:/var/named/slaves # chmod g+w qh.com.slave root:/var/named/slaves # rndc reload server reload successful root:/var/named/slaves # ll total 4 -rw-rw---- 1 root named 152 Jun 21 2007 qh.com.slave
- test
root:~ $ vi /etc/sysconfig/network-scripts/ifcfg-ens33
root:~ $ service network restart Restarting network (via systemctl): [ OK ] root:~ $ cat /etc/resolv.conf ; generated by /usr/sbin/dhclient-script search localdomain nameserver 192.168.64.151 nameserver 192.168.64.152
- Disconnect 151 Network Card
- Testing on the client
- The address is resolved from the slave server. The master-slave server has succeeded.
4. Setting up the Reverse Main Server
- configuration file
zone "64.168.192.in-addr.arpa" IN {
type master;
file "192.168.64.zone";
};
- Regional database files
root:/var/named $ cp -p qh.com.zone 192.168.64.zone
root:/var/named $ vim 192.168.64.zone
$TTL 1D
@ IN SOA master qh.com. ( 1 1H 10M 12H 1D )
NS master
master A 192.168.64.151
7 PTR websrv.qh.com.
6 PTR websrv.qh.com.
100 PTR mail.qh.com.
root:~ $ rndc reload
root:~ $ systemctl restart named.service- test
5 parent domain delegates subdomains to another server
- master server
yum install bind vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; // allow-query { localhost; }; - 192.168.64.153 on DNS servers in subdomains
root:/var/named # vi /etc/named.rfc1912.zones
zone "beijing.qh.com" IN {
type master;
file "beijing.qh.com.zone";
};
root:/var/named # cp -p named.empty beijing.qh.com.zone
root:/var/named # chmod g+w beijing.qh.com.zone
root:~ $ vim /var/named/beijing.qh.com.zone
$TTL 1D
@ IN SOA master beijing.qh.com. (
2019042214 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.64.153
websrv A 3.3.3.3
www CNAME websrv #Aliases can be used here
root:~ $ systemctl start named.service- Test success
6. Implementing Intelligent DNS
- Main DNS
root:~ # vim /etc/named.conf #Three different regional network segments
acl beijingnet{
192.168.64.0/24;
};
acl shanghainet{
192.168.65.0/24;
};
acl othernet{
any;
};
view beijingview{
match-clients {beijingnet;};
include "/etc/named/named.rfc1912.zones.bj";
};
view shanghaiview{
match-clients {shanghainet;};
include "/etc/named/named.rfc1912.zones.sh";
};
view otherview{
match-clients {othernet;};
include "/etc/named.rfc1912.zones";
};
############################## The record at the beginning of the zone is placed in the / etc/named.rfc1912.zones file included in include
root:/var/named # cp -p qh.com.zone qh.com.bj ##Creating Beijing and Shanghai Database
root:/var/named # cp -p qh.com.zone qh.com.sh
root:/var/named # cat qh.com.bj
$TTL 1D
@ IN SOA master qh.com ( 1 1D 1H 1W 3H )
NS master
master A 192.168.64.151
www A 6.6.6.6
root:/var/named # vi qh.com.sh
$TTL 1D
@ IN SOA master qh.com ( 1 1D 1H 1W 3H )
NS master
master A 192.168.64.151
www A 7.7.7.7
root:/var/named # cp qh.com.sh qh.com.zone #Other regional databases
cp: overwrite 'qh.com.zone'? y
root:/var/named # vi qh.com.zone
$TTL 1D
@ IN SOA master qh.com ( 1 1D 1H 1W 3H )
NS master
master A 192.168.64.151
www A 8.8.8.8
- Three databases, corresponding to different regions
root:~ $ cp -p /etc/named.rfc1912.zones /etc/named/named.rfc1912.zones.bj root:~ $ cp -p /etc/named.rfc1912.zones /etc/named/named.rfc1912.zones.sh
- A total of three regional database files
- Start associating databases
root:/etc/named # vi named.rfc1912.zones.bj
root:/etc/named # vi named.rfc1912.zones.sh
The original named.rfc1912.zones configuration remains unchanged
- Syntax check
- Restart service
#Report errors root:/var/named # rndc reload rndc: connect failed: 127.0.0.1#953: connection refused # Try restarting the service before loading
- test
DNS must be pointed to the assigned server
- DNS server has two ip segments
-
With 64 network segments
- With 65 network segments
- Other network segments
Add a network segment temporarily Server: IP a 192.168.63.1/24 dev ens33 Client: IP a 192.168.63.2/24 dev ens33
- The tests were successful.
7 Internet DNS Architecture Experiments
- Architecture diagram
- A total of 7 hosts to jointly implement the Internet dns architecture
- 1 Point client dns server to local dns server
- 2. Setting up the website
root:~ # yum install httpd root:~ # cd /var/www/html/ root:/var/www/html # echo 192.168.64.57,hello >index.html root:/var/www/html # chmod a+r index.html root:/var/www/html # service httpd restart
-
3 client test
- 4 Configure Master DNS
root:~ # yum install bind
root:~ # vi /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {192.168.64.47;};
root:~ # vi /etc/named.rfc1912.zones
zone "qh.com" IN {
type master;
file "qh.com.zone";
};
root:~ # cd /var/named/
root:/var/named # vi qh.com.zone
$TTL 1D
@ IN SOA ns1 qh.mail.com. ( 1 1H 10M 1D 3H )
NS ns1
NS ns2
ns1 A 192.168.64.37
ns2 A 192.168.64.47
www A 192.168.64.57
root:/var/named # chgrp named qh.com.zone
root:/var/named # chmod 640 qh.com.zone
#### Syntax check
root:/var/named # named-checkconf
#### Startup service
root:/var/named # systemctl start named.service- 5 client test master server
- 6. Build slave server
root:~ # yum install bind
root:~ # vi /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;};
root:~ # vi /etc/named.rfc1912.zones
zone "qh.com" {
type slave;
masters {192.168.64.37;};
file "slaves/qh.com.slave";
};
root:/var/named/slaves # systemctl start named.service
root:/var/named/slaves # rndc reload
root:/var/named/slaves # ll
total #Already synchronized
-rw-r--r-- 1 named named 269 Apr 23 16:34 qh.com.slave
- 7 Test Slave Server
- 8 Configuration of com domain server
root:~ # yum install bind
root:~ # vi /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;};
------------------------------------------------
root:~ # vi /etc/named.rfc1912.zones
zone "com" IN {
type master;
file "com.zone";
};
---------------------------------------------------------
root:~ # cd /var/named/
root:/var/named # vim com.zone
$TTL 1D
@ IN SOA NS1 qh.mail.com. (1 1D 1H 1W 3D )
NS ns1
qh NS qhns1
qh NS qhns2
ns1 A 192.168.64.27
qhns1 A 192.168.64.37 #master server
qhns2 A 192.168.64.47 #from server
root:/var/named # chgrp named com.zone
root:/var/named # chmod g+w com.zone
root:/var/named # systemctl start named.service
root:/var/named # rndc reload
server reload successful
- 9 tests (passed the parent field 192.168.64.27 test)
- 10 Build Root DNS
root:~ # yum install bind
root:~ # vi /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
zone "." IN {
type master; #Change to master's own roots
file "root.zone";
};
root:~ # cd /var/named/
root:/var/named # vim root.zone
$TTL 1D
@ IN SOA ns1 qh.mail.com. (1 1D 1H 1W 3D )
NS ns1
com NS comns1
ns1 A 192.168.64.17
comns1 A 192.168.64.27
root:/var/named # chgrp named com.zone
root:/var/named # chmod g+w com.zone
root:/var/named # systemctl start named.service - Testing 11 (through the primary server test)
- 12 Configuring Local dns Server
root:~ # yum install bind
root:~ # vi /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
root:/etc/sysconfig/network-scripts # vi /var/named/named.ca #Change to the following configuration
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 192.168.64.17
- 13 clear cache
root:/var/named # rndc flush #Clean up all dns caches
- 14 Modify security configuration in local dns
root:~ # vi /etc/named.conf dnssec-enable no; dnssec-validation no;
- 15 test
Errors that may occur in some processes
root:/var/named # systemctl start named.service Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
You can generally view the current error type through the system CTL status named. Service - L command
#dig A example.com ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> A example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30523 ... SERVFAIL:The nameserver encountered a problem while processing the query. • May use dig +trace Errors can be caused by networks and firewalls NXDOMAIN: The queried name does not exist in the zone. • May be CNAME Corresponding A The absence of records results in REFUSED: The nameserver refused the client's DNS request due to policy restrictions. • May be DNS Strategy led • NOERROR It doesn't mean there's no problem. It can also be an outdated record. •See if it is an authoritative record. flags:aa Mark judgement •Deleted records can still return results, possibly because*Record existence •Such as:*.example.com. IN A 172.25.254.254 •Pay attention to "."Use •avoid CNAME point CNAME Records, which may result in loops •est.example.com. IN CNAME lab.example.com. •lab.example.com. IN CNAME test.example.com. •Correct configuration PTR Recording, many Service Dependencies PTR,as sshd,MTA •Correctly configure polling round-robin Record