I Explanation of dns terms
dns:
Domain name service
About client: (172.25.254.201)
/etc/resolv.conf ##dns points to the file
nameserver 172.25.254.101
Test:
host www.baidu.com Address resolution command dig www.baidu.com Address detail resolution command A record ip The address is called domain name Address record SOA Authorization start host dns top-level . 13 secondary .com .net .edu .org ....baidu.com
About the server (172.25.254.130)
bind Installation package named Service name /etc/named.conf Master profile /var/named Data directory port fifty-three
Information about error reporting:
1.no servers could be reached The service cannot be accessed (the service opens "firewall", "network" port?) 2.Service startup failed Wrong configuration file journalctl -xe query error 3.dig query state NOERROR Indicates that the query is successful REFUSED Service denied access SERVFAIL Failed to query record,(dns The server cannot reach the superior, and the cache is rejected) NXDOMAIN This domain name A Record in dns Does not exist in
II Installation and enabling of dns Service
1. Installation
dnf install bind.x86_64 -y
2. Enable
systemctl enable --now named firewall-cmd --permanent --add-service=dns firewall-cmd --reload
On the real machine:
vim /etc/named.conf
11 listen-on port 53 { any; }; Open port 53 on all local network interfaces
19 allow-query { any; }; List of clients allowed to query A records
34 dnssec-validation no; Disabling dns detection enables dns to cache external information to the local machine
systemctl restart named
netstat -antlupe | grep named query port
Set up network:
Test:
3, Cache dns
Function: under the direct connection network in the enterprise, each host will go to the external network to obtain dns resolution, which will be relatively slow. You can set a host with internet access in the internal network as a dns server to provide dns resolution services to the direct connection host.
20 forwarders { 114.114.114.114; };
4, Forward parsing of dns
$: restore the cache just now when doing this experiment
Note out: 20 Forwarders {114.114.114.114;};
vim /etc/named.rfc1912.zone
$: the contents of the file written below must be consistent with those set here
What the landlord set here is
file: westostuu.org.zone
So my file name is westostuu org. zone
cd /var/named/ cp -p named.localhost westos.com.zone
$TTL 1D #TIME-TO-LIVE(dns address storage time)
@ IN SOA dns.westos.com. root.westos.com. ( SOA Authorization start(Start of Authority)
0 ; serial Domain name version serial number
1D ; refresh Refresh time (secondary) dns)
1H ; retry Retry time (secondary) dns)
1W ; expire Expiration time (secondary) dns,Query failed (stop responding to the secondary domain name after expiration)
3H ) ; minimum A Minimum validity period of records
westos.com. MX 1 172.25.254.101. Mail resolution record
dig bbs.westostuu.org Query forward parsing
dns mail resolution
dnf install mailx postfix -y systemctl start postfix dig -t mx westos.com
5, Reverse parsing of dns
vim /etc/named.rfc1912.zones
$: reverse parsing, identified by ip, so the file name is ip
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
Test:
systemctl restart named dig -x 172.25.254.200
dig -x 172.25.254.222
6, Bidirectional parsing of dns
Experimental environment:
1 client 1.1.1.230
In the client host of 1.1.1.230:
vim /etc/resolv.conf nameserver 1.1.1.130
One server with two network segments ip 1.1.1.130 172.25.254.130 ifconfig enp1s0 172.25.254.101 netmask 255.255.255.0
$: the following are implemented on the dual network segment host:!!!!!!
vim /etc/resolv.conf nameserver 1.1.1.130
Configuration mode:
cd /var/named/
cp -p westostuu.org.zone westos.org.inter
vim westostuu.org.inter
$: the ip corresponding to dns here is written to the dual network segment host ip
vim /etc/named.conf
Test:
Address resolution of the same domain name in the hosts of the two network segments
The A records obtained are different
7, dns cluster
1. What is a DNS cluster
DNS When the server is generally in use, in order to alleviate the pressure of the server, use more than one master DNS Server, multiple secondary DNS These servers DNS The server forms a DNS Cluster.
2. Configuration process of DNS cluster
$: the difference between two-way proxy and cluster preparation is that the cluster is the primary secondary relationship, while the proxy is the relationship between the server and the client. Therefore, we first configure the host and auxiliary network:
1>. network configuration
Host network:
Restart the network
$: the ip resolved here is the host's own ip
Auxiliary machine network:
Restart the network
$: the ip parsed here is the ip of the auxiliary machine itself
2>. Host configuration
$: restore files in two-way agent
Configuration file: / etc / named rfc1912. zones
3>. Auxiliary machine configuration
To install the named service on the auxiliary machine:
vim /etc/named.conf
vim /etc/named.rfc1912.zones
Restart service
Turn off the firewall
Test:
On the main machine and auxiliary machine respectively
dig www.westoshuu.org
Then perform the following on the secondary host:
You can see the synchronized information:
8, dns update
dns ip address based update:
Set in dns:
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { 172.25.254.230; }; ##Allows the specified client to update the westos domain
also-notify { 172.25.254.230; };
};
Test:
At 254.25.172
[root@node2 ~]# nsupdate server 172.25.254.130 update add hello.westos.com 86400 A 172.25.254.111 Xinzeng A record send update delete hello.westos.com delete A record send
Test: