Linux network service DNS domain name resolution forward, reverse resolution, master-slave zone server, separate resolution (illustration)

Basic concepts of DNS

In daily life, people are accustomed to using domain names to access servers, but machines only identify IP addresses to each other. There is a many-to-one relationship between domain names and IP addresses. An IP address does not necessarily correspond to a domain name, and a domain name can correspond to an IP. , The conversion between them is called domain name resolution, domain name resolution needs to be completed by a dedicated domain name resolution server, the whole process is carried out automatically

Definition of DNS

• DNS is the abbreviation of "Domain Name System". As a distributed database that maps domain names and IP addresses to each other, it can make it easier for people to access the Internet
• DNS service uses TCP and UDP port 53, TCP port 53 is used to connect to the DNS server, and UDP port 53 is used to resolve NDS
• The length of each domain name is limited to 63 characters, and the total length of the domain name cannot exceed 253 characters

DNS domain name structure

• Forward resolution: Find the corresponding IP address according to the domain name
• Reverse resolution: Find the corresponding domain name based on the IP address
• The distributed data structure of the DNS system
  http://www.sina.com.cn./
  htto://hostname.subdomain.second-level domain.top-level domain.root domain/
  
• The top level of the tree structure is called the root domain, which is indicated by ".". The corresponding server is called the root server. The entire domain name space resolution power belongs to the root server, but the root server cannot bear the huge load. Some top-level domains are set up under the domain, and then different top-level domain resolution powers are respectively delegated to the corresponding top-level domain servers. If the resolution power of the com domain is delegated to the com domain server, the root server will receive a domain name resolution request ending with com in the future , Will be forwarded to the com domain server. For the same reason, in order to reduce the pressure of the top-level domain, several second-level domains are set up, and the third-level domain or host is set up under the second-level domain
• Root area
  • Located at the top level of the domain name space, generally represented by a "."
• Top-level domain
  • Generally represents a type of organization or country
  • Such as .net (network provider), .com (business enterprise), .org (group organization, .edu (educational institution), .gov (government department), .cn (Chinese national domain name), .uk (UK national domain name) )
• Secondary domain
  • Used to indicate a specific organization in the top-level domain. The second-level domain names under the national top-level domain are managed by the national network department.
  • For example, the second-level domain names set under the .cn top-level domain name: .com.cn, .net.cn, .edu.cn
• Child area
  • The domains at all levels created under the second-level domains are collectively referred to as subdomains, and each organization or user can freely apply for registration of their own domain name
• Host
  • The host is located at the lowest level of the domain name space, which is a specific computer
  • For example, www and mail are specific computer names, which can be expressed by www.sina.com.cn. and mail.sina.com.cn. This way of expression is called FQDN (Fully Qualified Domain Name), which is also the host computer name. Full name in the domain name

DNS server type

• Primary domain name server : responsible for maintaining all domain name information in an area, it is the entire network information source for all specific information, and the data can be modified. When constructing the main domain name server, you need to create the address data file of the area in charge
• Secondary domain name server : When the primary domain name server fails, shuts down, or is overloaded, the secondary domain name server serves as a backup service to provide domain name resolution services. The resolution result provided from the domain name server is not determined by yourself, but comes from the main domain name server. When constructing the secondary domain name server, you need to specify the location of the master domain name server so that the server can automatically synchronize the address database of the area
• Cache domain name server : It only provides the cache function of domain name resolution results to improve query speed and efficiency, but there is no domain name database. It obtains the result of each domain name server query from a remote server, puts it in the cache, and uses it to respond when querying the same information later. The cache domain name server is not a brand new server, because all the information provided is indirect. When constructing the cache domain name server, the root domain or this other NDS server must be set as the source of explanation
• Forwarding domain name server : responsible for local queries of all non-local domain names. After the forwarding domain name server receives the query request, it searches in its cache, and if it cannot find it, it forwards the request to the specified domain name server in turn until the result is found, otherwise it returns a result that cannot be mapped

DNS service

BIND software

• BIND
  • BIDN is the most widely used DNS service program
  • Official site: https://www/isc.org
• Related software packages
  • bind-9.9.4-37.el7.x86_64.rpm
  • bind-utils-9.9.4-37.el7.x86_64.rpm
• BIND server-side program
  • Main executive program: /usr/sbin/named
  • Default listening port: 53
  • Main configuration file
    • /etc/named.conf
  • The data file that saves DNS resolution records is located at
    • /var/named/
• BIND service control
• systemctl [status | start | stop | restart] named
  • status : View service status
  • start : start the service
  • stop : stop the service
  • restart : restart the service

DNS forward resolution service configuration

Install bind software

• yun install -y bind
• rpm -qc bind #View file path
  
• By the way, turn off the firewall
  systemctl stop firewalld
  setenforce 0

Modify the configuration file /etc/named.conf

• vim /etc/named.conf
  options {
  listen-on port 53 { any; };
  #listen-on-v6 port 53 { ::1; };
  directory “/var/named”;
  dump-file “/var/named/data/cache_dump.db”;
  statistics-file “/var/named/data/named_stats.txt”;
  memstatistics-file “/var/named/data/named_mem_stats.txt”;
  recursing-file “/var/named/data/named.recursing”;
  secroots-file “/var/named/data/named.secroots”;
  allow-query { any; };
  …
  }
  

Modify the configuration file /etc/named.rfc1912.zones

• vim /etc/named.rfc1912.zones
  zone “chen.com.” IN {
  type master;
  file “chen.com.zone”;
  allow-update { none; };
  };
  

Modify the configuration file in the configuration file /var/named

• cp -p named.localhost chen.com.zone
  

• vim chen.com.zone
  

Modify the local DNS to point to the DNS configured by the server

• vim /etc/resolv.conf
  
• Or modify directly from the network card configuration file
• /etc/sysconfig/network-scripts/ifcfg-ens33

Restart service or start service

systemctl restart named
systemctl start named

host or nslookup test result

• test
  
• Use another host to test
  

Service startup failure solution

• If the service fails to start, you can check the log file to troubleshoot the error
  tail -f /var/log/messages
• If the service is stuck, you can execute the following command to solve
  rndc-confgen -r /dev/urandom -a

DNS reverse domain name resolution configuration

Preparation steps

• yun install -y bind #installation service
• By the way, turn off the firewall
  systemctl stop firewalld
  setenforce 0
• vim /etc/named.conf #Modifying the configuration file is the same as the forward direction

配置/etc/named.rfc1912.zones

• vim /etc/named.rfc1912.zones
  zone “150.168.192.in-addr.arpa” IN {
  type master;
  file “chen.com.zone.local”;
  allow-update { none; };
  };
  

配置/var/named的文件

• cd /var/named
• cp -p named.localhost chen.com.zone.local
• vim chen.com.zone.local #进行修改配置
  

重启服务验证配置

• netstat -natup | grep 53 #查看端口是否开启
  
• 配置完重启服务 systemctl restart named
• host 192.168.150.20
• host 192.168.150.30
  

构建主从域名服务器

配置主域名服务器

• yum install -y bind #安装软件
• 关闭防火墙
  systemctl stop firewalld
  setenforce 0
• vim /etc/named.conf #配置和正反解析的一样
• 正反解析要做好

配置/etc/named.rfc1912.zones

• vim /etc/named.rfc1912.zone #在正反解析上稍微修改

配置从域名服务器

• yum install -y bind #安装软件
• 关闭防火墙
  systemctl stop firewalld
  setenforce 0
• vim /etc/named.conf #和正反解析的一样配置
  

配置/etc/named.rfc1912.zones

• vim /etc/named.rfc1912.zone
  

重启服务查看结果

• 重启服务 systemctl restart named
• cd /var/named/slaves
  ll
  这时候目录中就下载到两个在主域名服务器中配置的区域数据文件
  
• 用别的主机DNS指向192.168.150.10就可以使用host来验证

分离解析

• 分离解析的域名服务器实际也是主域名服务器，这里主要是指根据不同的客户端提供不同的域名解析记录，比如来自内网和外网的不同网段地址区域的客户机请求解析同一域名时，为其提供不同的解析结果，得到不同的IP地址
• 配置网关服务器搭建NDS分离解析，使局域网主机解析www.chen.com 为192.168.150.25，外网主机解析 www.chen.com为12.0.0.100
  

为网关服务器配置双网卡

• 在关机状态下添加一块网卡，重启系统
  

• 配置第二块网卡ens36

• ifconfig ens36 12.0.0.1/24

• cp ifcfg-ens33 ifcfg-ens36 #复制一个ens33的配置文件进行修改
  
  

• 配置完成后重启网卡systemctl restart network
  

• 把ens33作为内网网卡，ens36作为外网网卡

• 内网主机的网卡保持在与主域名服务器同一个VMnet中
  
  配置内网的网关
  systemctl restart network记得重启
  

• 外网主机的网卡设为VMnet2
  
  配置外网主机的网关和ip地址

安装

• yum install -y bind

修改主配置文件

• vim /etc/named.conf
  options {
  listen-on port 53 { any; };
  #listen-on-v6 port 53 { ::1; };
  directory “/var/named”;
  dump-file “/var/named/data/cache_dump.db”;
  statistics-file “/var/named/data/named_stats.txt”;
  memstatistics-file “/var/named/data/named_mem_stats.txt”;
  recursing-file “/var/named/data/named.recursing”;
  secroots-file “/var/named/data/named.secroots”;
  allow-query { any; };
  …
  }
  

修改区域配置文件

• vim /etc/named.rfc1912.zone
  view “lan” {
  match-clients { 192.168.150.0/24; };
  zone “chen.com” IN {
  type master;
  file “chen.com.zone.lan”;
  };
  zone “.” IN {
  type hint;
  file “named.ca”;
  };
  };
  view “wan” {
  match-clients { any; };
  zone “chen.com” IN {
  type master;
  file “chen.com.zone.wan”;
  };
  };
  
• 注：一旦启用view，所有的zone必须都在view下，所以要把系统默认的自检用的zone也放在view下或者删除

配置区域数据文件

• cd /var/named
• cp -p named.localhost chengu.com.lan
• vim chengu.com.lan
  
• cp -p named.localhost chengu.com.wan
• vim chengu.com.wan
  

验证结果

• systemctl restart named #重启服务
• systemctl stop firewalld #关闭防火墙
• setenforce 0
• 内网主机测试
• vim /etc/resolv.conf
  
• nslookup www.chen.com #验证结果为解析成内网地址
  
• External network host test
  
• nslookup www.chen.com #The verification result is resolved into an external network address