Preface:
Recent tidy up some of the previous study notes.
In the past, they were stored locally, and this time they were transferred to the network for reserve.
DNS
- Domain Name System
- As a distributed database that maps domain names and IP addresses, it makes it easier for people to access the Internet.
- At present, the limit for the length of domain names at each level is 63 characters, while the total length of domain names cannot exceed 253 characters.
- Protocol: TCP/UDP
- Default port: 53
- Functions of DNS Server:
- Forward Resolution: Find the corresponding ip address according to the registered domain name
- Reverse parsing: Find the corresponding registered domain name according to the ip address, which is not commonly used.
-
FQDN(Full Qualified Domain Name), Complete Qualified Domain Name
- Website name = server name. Domain name suffix
- www.pku.edu.cn = site name. ***. secondary domain. primary domain
-
All complete domain names will end with. (dots):
Root domain . ┌─────┬─────┼─────┬─────┬─────┬──────┬─ .com .cn .us .tw .kr .hk ....... #Level 1 DNS Server ┌─────┴────┬─────────┬─────────┬─ .com.cn .net.cn .org.cn .edu.cn #Secondary DNS Server ├─────────────────┬───────────────┬─ .lala.com.cn .haha.com.cn .xixi.com.cn #Three Level DNS Server ├─────────────────────┬─ web1.lala.com.cn tts.lala.com.cn #Full host name -
Common top-level domain names/first-level domain names:
Country/region .cn .us .kr .hk .tw ... Organizational domain .com .net .edu .org .gov ...
DNS parsing library
-
Resource record: rr(resource record), with the concept of type; properties used for parsing this record.
| Resource Record | Name | Meaning| | ------------ | ------------ | ------------ | A | Address address IPv4 | This record lists IP addresses for specific host names AAAA | Address address IPv6| NS | Name Server Domain Name Server | This record specifies the name server responsible for a given region SOA | Start of Authority authorization status| MX | Mail Exchanger mail exchange | This record lists the hosts responsible for receiving e-mail sent to the domain CNAME | Canonical Name specification name | This record specifies an alias for the standard host name PTR | Pointer pointer|
DNS query process
-
DNS query mechanism:
- Recursive Query
- The preferred DNS server, running to the corresponding other DNS servers, will ask the final results back to the process
- Client interacting with preferred DNS server
- Open recursive queries by default (recursion yes|no)
- Iterative Query
- The preferred DNS server interacts with other DNS servers
- Recursive Query
-
DNS query order:
1. Local hosts file 2, Local DNS cache 3, Local DNS server 4, Initiate iteration query
BIND Domain Name Service
- Berkeley Internet Name Domain, Berkeley Internet Domain Service
- It is the most widely used DNS server software in the world, supporting various unix platforms and windows platforms.
- Official website: https://www.isc.org/
- Software:
- Bid, Domain Name Service Package
- Bid-chroot, which provides virtual root support, depends on bind
- System Services: named
- Protocol Port: TCP/UDP 53
- Runtime virtual root path: / var/named/chroot
- Main Profile: / etc/named.conf// Set up the domain name responsible for local parsing
- Address Library File: / var/named // / Host Name and ip Address Correspondence
I. Building Basic DNS Server
svr7.test.cn ---> 192.168.4.7 pc207.test.cn ---> 192.168.4.207 www.test.cn ---> 192.168.4.100
Server (192.168.4.7)
1. Installation of software packages
]# yum -y install bind bind-chroot
2. Modify configuration files
]# vim /etc/named.conf options { listen-on port 53 { 192.168.4.7; }; #The address and port of the listening server directory "/var/named"; #By default, specify the address library file storage path allow-query { any; }; #Allow any client to query }; zone "test.cn" IN { #Specify the domain name to be resolved locally type master; #Specify native as authoritative master DNS server file "test.cn.zone"; #Specify the address library file as test.cn.zone }; ]# named-checkconf /etc/named.conf #Check configuration file syntax
3. Establishing Address Area File
]# cd /var/named/ #Preparing template files ]# cp -p named.localhost test.cn.zone #Privilege Attribute Invariant Copy Template ]# ls -l test.cn.zone -rw-r----- 1 root named 152 6 January 21, 2007 test.cn.zone ]# vim test.cn.zone #Editing area files $TTL 1D ;TTL=Time To Live=survival time @ IN SOA @ rname.invalid. ( ;SOA=Start Of Authority=Authorization information begins,@Regional name 0 ; serial,serial number ;semicolon; The beginning part represents a comment 1D ; refresh,Refresh time 1H ; retry,Retry interval 1W ; expire,Expiration time 3H ) ; minimum,Negative when unanswerable TTL value test.cn. NS svr7 ;NS=NameServer,statement test.cn.Domain name DNS The server is svr7.test.cn. svr7 A 192.168.4.7 ;Appoint svr7.test.cn.Of ip Address 192.168.4.7 www A 1.1.1.1 ftp A 2.2.2.2 ]# named-checkzone test.cn test.cn.zone #Check configuration file, command area name configuration file zone test.cn/IN: loaded serial 0 OK #Examination result ok
4. Enabling Services
]# systemctl restart named ]# systemctl enable named
Client
1. Setting up DNS Server
]# echo 'nameserver 192.168.4.7 > /etc/resolv.conf'
2. Detecting domain name resolution
-
host
]# host svr7.test.cn svr7.test.cn has address 192.168.4.7 -
nslookup
]# nslookup www.test.cn Server: 192.168.4.7 Address: 192.168.4.7#53 Name: www.test.cn Address: 1.1.1.1
II. Multilateral DNS Services
1. Modify the configuration file (following example 192.168.4.7)
]# vim /etc/named.conf #Additional new areas zone "qq.com" IN { type master; file "qq.com.zone"; };
2. Editing area files
]# cp -p /var/named/test.cn.zone /var/named/qq.com.zone ]# vim qq.com.zone $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum qq.com. NS svr7 svr7 A 192.168.4.7 www A 3.3.3.3 ftp A 4.4.4.4
3. Restart service
]# systemctl restart named
4. Client Testing
]# nslookup www.qq.com Server: 192.168.4.7 Address: 192.168.4.7#53 Name: www.qq.com Address: 3.3.3.3
III. Special Analytical Records
Connect with the preceding example
1. Load balancing based on DNS domain name:
#Server ]# vim qq.com.zone $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum qq.com. NS svr7 svr7 A 192.168.4.7 www A 192.168.4.11 ;To configure www Load balancing www A 192.168.4.12 www A 192.168.4.13 ftp A 4.4.4.4 ]# systemctl restart named #Client Testing ]# nslookup www.qq.com Server: 192.168.4.7 Address: 192.168.4.7#53 Name: www.qq.com Address: 192.168.4.12 Name: www.qq.com Address: 192.168.4.13 Name: www.qq.com Address: 192.168.4.11
2. Pan-domain name resolution:
The server: ]# cd /var/named ]# vim qq.com.zone $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum qq.com. NS svr7 svr7 A 192.168.4.7 www A 192.168.4.11 www A 192.168.4.12 www A 192.168.4.13 ftp A 4.4.4.4 * A 1.2.3.4 ;Pan-domain Name Resolution ]# systemctl restart named //Client: ]# host ftp.qq.com ftp.qq.com has address 4.4.4.4 ]# host fan.qq.com fan.qq.com has address 1.2.3.4
3. Regular pan-domain name resolution:
web1.qq.com------>192.168.10.1 web2.qq.com------>192.168.10.2 web3.qq.com------>192.168.10.3 web4.qq.com------>192.168.10.4 ...... web50.qq.com------>192.168.10.50
Function: $GENERATE generates continuous range numbers
The server: ]# cd /var/named/ ]# vim qq.com.zone $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum qq.com. NS svr7 svr7 A 192.168.4.7 www A 192.168.4.11 www A 192.168.4.12 www A 192.168.4.13 ftp A 4.4.4.4 * A 1.2.3.4 ;Pan-domain Name Resolution $GENERATE 1-50 web$ A 192.168.10.$ ;Use $GENERATE Function Generation Regular Pan-domain Name Resolution ]# systemctl restart named #Client ]# host web.qq.com web.qq.com has address 1.2.3.4 ]# host web1.qq.com web1.qq.com has address 192.168.10.1 ]# host web11.qq.com web11.qq.com has address 192.168.10.11 ]# host web50.qq.com web50.qq.com has address 192.168.10.50
IV. Subdomain Authorization of DNS
Connect with the preceding example
Parent domain www.test.cn svr7 server 192.168.4.7 Subdomain www.bj.test.cn Beijing Branch pc207 Server 192.168.4.207
-
Family Host Configuration Subdomain Authorization (192.168.4.7)
]# cd /var/named ]# vim test.cn.zone test.cn. NS svr7 bj.test.cn. NS pc207.bj ;Designated subdomain DNS The server svr7 A 192.168.4.7 pc207.bj A 192.168.4.207 www A 1.1.1.1 ftp A 2.2.2.2 ]# systemctl restart named -
Subdomain Host Configuration (192.168.4.207)
]# yum -y install bind bind-chroot #Installation software ]# vim /etc/named.conf #Modify configuration files options { directory "/var/named"; }; zone "bj.test.cn" IN { ;Resolving Subdomain Domain Names type master; file "bj.test.cn.zone"; }; ]# cd /var/named ]# cp -p named.localhost bj.test.cn.zone ]# vim bj.test.cn.zone #Editing area files $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum bj.test.cn. NS pc207 ;Setting up Domain Server pc207 A 192.168.4.207 www A 11.12.13.14 ]# systemctl restart named #Restart service ]# systemctl enable named -
test
]# nslookup www.bj.test.cn 192.168.4.207 Server: 192.168.4.207 Address: 192.168.4.207#53 Name: www.bj.test.cn Address: 11.12.13.14
5. Caching DNS
-
Function: Accelerate the parsing process, so that the client can get the parsing results as soon as possible.
-
Software package: bind bind-chroot
-
mode
-
Global forwarding:
- Forward the request to the designated public DNS (other cached DNS), requesting recursive service.
-
Root domain iteration:
- Iterate to the DNS server of the root, first and second level domains in turn.
-
-
Example:
- Idea: 192.168.4.254 serves as a cache DNS server, and the real DNS is 172.40.1.10.
1. Installation of software packages
]# yum -y install bind bind-chroot2. Editing configuration files
]# cat /etc/resolv.comf nameserver 172.40.1.10 ]# vim /etc/named.conf options { directory "/var/named"; forwarders { 172.40.1.10; }; #Designate 172.40.1.10 parsing when there is no corresponding parsing in the local cache }; ]# systemctl restart named3. Client. Virtual Machine Usage Resolution
]# nslookup www.360.com 192.168.4.254
6. Split Separation and Analysis
- Let the client access the nearest server in the network.
- When different types of clients request to parse the same domain name, they get different parsing results (Ip).
- When receiving DNS query requests from clients, it can distinguish the source addresses of clients and provide different parsing results (IP addresses) for different types of clients.
BIND view View
-
Clients are categorized according to the set of source addresses, and different clients get different results (different treatment).
- Note: Clients are properly categorized (all clients need to find the corresponding categorization)
- Note: Matching from top to bottom stops
- Note: All zone s must be in the view field
-
Format:
view "View Name" { match-clients { IP; } //Matching Client Address zone "Resolved domain name" { ... Address Library 1; } };view "nsd" { match-clients { 192.168.4.207; } #Match the address of the client zone "test.cn" { ...... Address Library 1; }; }; view "abc" { match-clients { any; } zone "test.cn" { ...... Address Library 2; }; }; -
Examples, environment and requirements:
- Authoritative DNS: svr7.test.cn 192.168.4.7
- Responsible area: test.cn
- A Record Separation and Resolution: A Case Study of www.test.cn
- The client's parsing results:
- 192.168.4.207 -----> 192.168.4.100
- Other Address - ----> 1.2.3.4
Operational steps //Virtual Machine A 1.Modify configuration files/etc/named.conf view "nsa" { match-client { 192.168.4.207; }; zone "test.cn" { type master; file "test.cn.nsd"; }; }; view "abc" { match-client { any; }; zone "test.cn" { type master; file "test.cn.abc"; }; }; 2.Establishing Address Library Files ]# vim /var/named/test.cn.nsd test.cn. NS svr7 svr7 A 192.168.4.7 www A 192.168.4.100 ]# vim /var/named/test.cn.abc test.cn. NS svr7 svr7 A 192.168.4.7 www A 1.2.3.4 3.restart named service ]# systemctl restart named 4.In Virtual Machine A,B Separate test analysis
7. DNS Cache Use Variables
]# vim /etc/named.conf options { directory "/var/named"; }; acl Variable name { Address 1; Address 2; Address 3; Address 4;...}; view "nsd" { match-clients { Variable name; }; zone "test.cn" { type master; file "test.cn.nsd"; }; }; view "abc" { match-clients { any; }; zone "test.cn" { type master; file "test.cn.abc"; }; };