Construction of enterprise dns server

Posted by trevorturtle on Thu, 17 Feb 2022 16:51:07 +0100

I Explanation of dns terms

Domain name service

About client: (
/etc/resolv.conf ##dns points to the file


host       Address resolution command
dig        Address detail resolution command

A record                 ip The address is called domain name Address record
SOA            		 Authorization start host
	dns top-level					.  13
	secondary						.com .net .edu .org

About the server (

bind        		Installation package
named        		Service name
/etc/named.conf     Master profile
/var/named    		Data directory
 port        fifty-three

Information about error reporting: servers could be reached    		The service cannot be accessed (the service opens "firewall", "network" port?)
2.Service startup failed            				Wrong configuration file journalctl -xe query error
3.dig query state

NOERROR									Indicates that the query is successful
REFUSED									Service denied access
SERVFAIL	 							Failed to query record,(dns The server cannot reach the superior, and the cache is rejected)
NXDOMAIN	 							This domain name A Record in dns Does not exist in

II Installation and enabling of dns Service

1. Installation

dnf install bind.x86_64 -y

2. Enable

systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

On the real machine:

vim /etc/named.conf

11 listen-on port 53 { any; }; Open port 53 on all local network interfaces
19 allow-query { any; }; List of clients allowed to query A records
34 dnssec-validation no; Disabling dns detection enables dns to cache external information to the local machine

systemctl restart named

netstat -antlupe | grep named query port

Set up network:


3, Cache dns

Function: under the direct connection network in the enterprise, each host will go to the external network to obtain dns resolution, which will be relatively slow. You can set a host with internet access in the internal network as a dns server to provide dns resolution services to the direct connection host.

20         forwarders {; };

4, Forward parsing of dns

$: restore the cache just now when doing this experiment
Note out: 20 Forwarders {;};

vim /etc/

$: the contents of the file written below must be consistent with those set here
What the landlord set here is
So my file name is westostuu org. zone

cd /var/named/
cp -p named.localhost

$TTL 1D        #TIME-TO-LIVE(dns address storage time)
@       IN SOA (    			SOA Authorization start(Start of Authority)
                                    0       ; serial    		Domain name version serial number
                                    1D      ; refresh    		Refresh time (secondary) dns)
                                    1H      ; retry        		Retry time (secondary) dns)
                                    1W      ; expire    		Expiration time (secondary) dns,Query failed (stop responding to the secondary domain name after expiration)
                                    3H )    ; minimum    		A Minimum validity period of records     MX 1                   		Mail resolution record

dig        Query forward parsing

dns mail resolution

dnf install mailx postfix -y
systemctl start postfix
dig -t mx

5, Reverse parsing of dns

vim /etc/named.rfc1912.zones
$: reverse parsing, identified by ip, so the file name is ip

@    IN SOA (
                			0    ; serial
                			1D    ; refresh
               			   1H    ; retry
                		   1W    ; expire
                		   3H )    ; minimum


systemctl restart named
dig -x

dig -x

6, Bidirectional parsing of dns

Experimental environment:

1 client

In the client host of

vim /etc/resolv.conf

One server with two network segments ip        
ifconfig enp1s0 netmask

$: the following are implemented on the dual network segment host:!!!!!!

vim /etc/resolv.conf

Configuration mode:
cd /var/named/
cp -p

$: the ip corresponding to dns here is written to the dual network segment host ip

vim /etc/named.conf

Address resolution of the same domain name in the hosts of the two network segments
The A records obtained are different

7, dns cluster

1. What is a DNS cluster

DNS When the server is generally in use, in order to alleviate the pressure of the server, use more than one master DNS Server, multiple secondary DNS These servers DNS The server forms a DNS Cluster.

2. Configuration process of DNS cluster

$: the difference between two-way proxy and cluster preparation is that the cluster is the primary secondary relationship, while the proxy is the relationship between the server and the client. Therefore, we first configure the host and auxiliary network:

1>. network configuration

Host network:

Restart the network

$: the ip resolved here is the host's own ip

Auxiliary machine network:

Restart the network

$: the ip parsed here is the ip of the auxiliary machine itself

2>. Host configuration

$: restore files in two-way agent

Configuration file: / etc / named rfc1912. zones

3>. Auxiliary machine configuration

To install the named service on the auxiliary machine:

vim /etc/named.conf

vim /etc/named.rfc1912.zones

Restart service

Turn off the firewall

On the main machine and auxiliary machine respectively

Then perform the following on the secondary host:

You can see the synchronized information:

8, dns update

dns ip address based update:
Set in dns:

vim /etc/named.rfc1912.zones

zone "" IN {
    type master;
    file "";
    allow-update {; };        ##Allows the specified client to update the westos domain
    also-notify {; };

At 254.25.172

[root@node2 ~]# nsupdate

update add 86400 A    Xinzeng A record
update delete            delete A record


Topics: Linux Operation & Maintenance