Detailed explanation of setting up DNS server in Linux

1. DNS server concept

Communication on the Internet requires the help of IP addresses, but human memory for numbers is far inferior to that for words. So converting IP addresses into easy-to-remember words is a good idea, but computers can only recognize 0 and 1 codes. At this time, a mechanism is needed to solve the conversion problem between IP addresses and host names. DNS stands for Domain Name System, which is an online distributed database system that resolves the "websites" we often use into IP addresses. Most DNS names are resolved locally, and only a small number need to be communicated online, so it is highly efficient.

2. DNS related concepts

DNS uses a tree-like directory structure to distribute the management of host names to different levels, which can achieve faster host name lookup and more convenient modification of host name resolution.

domain:

TLD: Top Level Domain

Organization domain: .com, .org, .net, .edu,.gov,.mil,.cc,…

Country domain: .cn, .us, .tw, .iq,…

Reverse domain:.in-addr-arpa

FQDN:

FQDN stands for Fully Qualified Domain Name, which is a fully qualified domain name.
A FQDN consists of two parts: the host name and the domain name.
Because DNS is managed hierarchically, the host name and domain name are different at different levels;
Take www.google.com as an example:
In the second layer, .com is the domain name and google is the host name;
And in the third layer, .google.
Forward resolution: The conversion from FQDN to IP address is called forward resolution.

Reverse resolution: Converting from IP address to FQDN is called reverse resolution

Zone: In forward or reverse resolution, each domain record is a zone

3. DNS server resolution

The main function of DNS is to resolve host names.

Analysis:

According to a name provided by the user, query the parsing library to obtain another name. Domain name -> IP, IP -> domain name

Resource record: rr (resource record) has a type concept; attributes used for parsing this record

1. *SOA record: Start of Authority record, a zone file can only have one
2. *A record: used to specify the IP (ipv4) address record corresponding to the host name (or domain name). (AAAA ipv6)
3. *CNAME record: alias resolution (domain name)
4. *NS record: Domain name server record, used to specify which DNS server will resolve the domain name.
5. *MX record: mail exchange record, pointing to the mail server
6. *PTR record: reverse DNS record, the reverse of A record
7. *TTL value: survival time, the cache time of DNS records on the DNS server

4. DNS server principle

DNS uses two query mechanisms: recursive and iterative

The client sends a query request to the DNS server. The DNS server searches the local resolution library but finds no result, so it sends a query request to the root domain. The root domain tells the DNS server that the .com server has the resources it needs. The DNS server sends a query request to the .com server again, and is told that the .google.com server has the result it wants. It finally finds the resolution record on the .google.com server and returns it to the client. In the above query process, the client only sends a request once and gets the final result. This query method is called recursion. The DNS server keeps sending requests during the query process until it finds the desired result. This query method is called iteration.

5. DNS query order

1. Local hosts file
2. Local DNS Cache
3. Local DNS Server
4. Initiate an iterative query
   

6. DNS server port TCP UDP 53

7. DNS server type

Primary DNS Server:

The main area that provides domain name resolution for clients. If the primary DNS server fails, the secondary DNS server will be enabled to provide services.

From the DNS server:

1. 1. If the master server DNS does not respond for a long time, the slave server will also stop providing services
2. 2. Synchronization between master and slave regions uses a periodic check + notification mechanism
3. 3. The slave server periodically checks the records on the master server. Once a modification is found, it will be synchronized. In addition, if the data on the master server is modified, it will immediately notify the slave server to update the record.

Cache Server:

The server itself does not provide resolution zones, only non-authoritative responses

Forwarding Server:

When the DNS server's resolution area (including cache) cannot provide an authoritative answer for the current request, the request is forwarded to other DNS servers. At this time, the local DNS server is the forwarding server.

Configuration:

nslookup,dig dns client test tool
#tcpdump,wireshark packet capture analysis tool

DNS server setup, forward resolution, reverse resolution

1. Turn off firewall & Selinux

systemctl stop firewalld 
systemctl disable firewalld 
setenforce 0 
getenforce

2. Install DNS server software

yum install bind-chroot 
#Main configuration file /etc/named.conf
#The zone configuration file /etc/named.rfc1912.zones is used to save the correspondence between domain names and IP addresses. #The data configuration file directory /var/named is used to save the location of the correspondence between domain names and IP addresses.

3. Modify the main configuration file

vi /etc/named.conf 
listen-on port 53 { any; }; #All IP addresses on the server can provide DNS domain name resolution service allow-query { any; }; #Allow everyone to send DNS query requests to this server #named-checkconf command detection syntax

4. Modify the regional configuration file

#Used to save the location of the correspondence between domain names and IP addresses. In this file, the domain name and IP address resolution rules, the saved file location, and the service type are defined, but it does not include specific domain name, IP address correspondence information. There are three types of services, hint (root zone), master (primary zone), and slave (secondary zone). The commonly used master and slave refer to the primary server and the slave server zone "c74.com" IN {  
     type master; #Service type file "c74.com.zone"; #Domain name and IP address resolution rule save file allow-update { none; }; #Which clients are allowed to dynamically update resolution information }; #Forward resolution parameter zone "1.168.192.in-addr.arpa" IN { #Reflection resolution zone represented by 192.168.1.0/24 network segment type master;  
     file "192.168.1.arpa"; 
     }; #Reverse parsing parameters

5. Forward parsing

5.1 vi /etc/named.rfc1912.zones

It can be modified on the original basis, or cleared to keep only the used information zone "c74.com" IN { #Service type type master; #Domain name and IP address resolution rule save file file "c74.com.zone"; #Which clients are allowed to dynamically update the resolution information allow-update { none; }; 
     }; 
#named-checkzone checks the configuration of the zone file

5.2#Edit the data configuration file. Copy a forward resolution template file (named.localhost) from the /var/named directory, then fill in the corresponding data of the domain name and IP address into the data configuration file and save it. Remember to add the -a parameter when copying, which can retain the original file's owner, group, permission attributes, etc.

cd /var/named
cp -a named.localhost c74.com.zone #Copy the file content (template) in named.localhost to c74.com.zone vi c74.com.zone 
$TTL 1D #Life cycle is 1 day @ IN SOA c74.com. root.c74.com.( #@Current domain name #Authorization information starts #Address of DNS zone #Do not use @ symbol for domain administrator email 0 ; serial #Update serial number 1D ; refresh #Update time 1H ; retry #Retry delay 1W ; expire #Expiration time 3H ) ; minimum #Invalid resolution record time NS ns.c74.com. #Domain name server record ns IN A 192.168.5.153 #Address record ns.c74.com.  
 IN MX 10 mail.c74.com. #Mailbox exchange record 10 is the priority number, the smaller the number, the higher the level mail IN A 192.168.5.153 #Address record mail.c74.com. 
 www IN A 192.168.5.153 #Address record www.c74.com. 
 news IN A 192.168.5.153 #Address record news.c74.com. 

5.3 Start the service and test

 systemctl restart named 
 yum install bind-utils -y 
 #bind-utils tests dns for the client using nslookup 
 > www.c74.com 
 Server: 192.168.5.153 
 Address: 192.168.5.153#53
 #Other tests are also required, omitted here

6. Reverse analysis

#The function of reverse resolution is to resolve the IP address submitted by the user into the corresponding domain name information. It is generally used to block all domain names bound to a certain IP address as a whole, and to block spam sent by certain domain names.

6.1 vi /etc/named.rfc1912.zones

zone "1.168.192.in-addr.arpa" IN { 
 type master; 
 file "192.168.1.arpa";
 };

6.2 Editing the Configuration File

 #Copy a reverse parsing template file (named.loopback) from the /var/named directory, and then fill in the following parameters into the file cd /var/named 
 cp -a named.loopback 192.168.1.arpa 
 vi 192.168.1.arpa 
 $TTL 1D 
 @ IN SOA c74.com. root.c74.com. (          
       0 ; serial          
       1D ; refresh          
       1H ; retry          
       1W ; expire          
       3H ) ; minimum  
      NS ns.c74.com. 
  ns A 192.168.5.153 
  153 PTR ns.c74.com. #PTR is a pointer record, only used for reverse resolution 153 PTR mail.c74.com.
  153 PTR www.c74.com. 
  153 PTR news.c74.com.

6.3 Testing

 systemctl restart named 
  nslookup

7. DNS Advanced Master-Slave Service

#Since the master server has been deployed above, the following mainly introduces the slave server
#In the DNS domain name resolution service, the slave server can obtain the specified zone data file from the master server, thereby playing the role of backup resolution record and load balancing. Therefore, by deploying the slave server, the load pressure of the master server can be reduced and the query efficiency of users can be improved.
#Testing requires two servers! Master 192.168.10.10, Slave 192.168.10.20

7.1#Allow the update request of the slave server in the zone configuration file of the master server, that is, modify the allow-update {host address that allows updating zone information;}; parameter, and then restart the DNS service program of the master server

 vi /etc/named.rfc1912.
  zones zone "c74.com" IN { 
        type master;
        file "c74.com.zone"; 
        allow-update { 192.168.10.20; }; 
        }; 
  zone "10.168.192.in-addr.arpa" IN { 
        type master; file "192.168.10.arpa"; 
        allow-update { 192.168.10.20; };
        }; 
  systemctl restart named 

7.2#Fill in the IP address of the master server and the area information to be captured in the slave server, and then restart the service. Note that the service type at this time should be slave, not master. The masters parameter should be followed by the IP address of the master server, and the file parameter defines the location where the synchronized data configuration file will be saved. You can see the synchronized files in this directory later.

 vi /etc/named.rfc1912.zones 
  zone "c74.com" IN {
       type slave; 
       masters { 192.168.10.10; }; 
       file "slaves/c74.com.zone"; 
       }; 
  zone "10.168.192.in-addr.arpa" IN { 
       type slave; 
       masters { 192.168.10.10; }; 
       file "slaves/192.168.10.arpa"; 
       }; #The file parameter defines the location where the synchronized data configuration file will be saved. You can see the synchronized files in this directory later.}; systemctl restart named

7.3 #Verify the parsing results. When the DNS service program of the slave server is restarted, the data configuration file is generally automatically synchronized from the master server, and the file is placed in the directory location defined in the zone configuration file by default. Then modify the network parameters of the slave server and change the DNS address parameters to 192.168.10.20, so that you can use the DNS domain name resolution service provided by the slave server itself. After that, you can use the nslookup command to successfully see the parsing results.

 cd /var/named/slaves
  ls #Note that the slave server will synchronize the files of the master server!
  nslookup 
  www.c74.com 
  192.168.10.10

The above is the detailed integration of setting up DNS server in Linux introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!