One 、DNS What is it?

DNS（Domain Name Server） Domain name resolution system

function ： Be responsible for converting domain names into network recognizable IP Address , For example, will www.Baidu.com.cn convert to

119.75.217.109, Domain name and IP One to one correspondence between addresses .

Countless servers are connected to the Internet 、 Personal computer , There are also countless websites 、 Mail server , They all use addresses in the form of domain names , for example www.baidu.com,www.aliyun.com wait . Obviously , These websites have their own IP Address of the , But compared with the address in digital form and IP The possibility of address variability , Obviously , The above letters form IP The structure is more intuitive to remember , This is it. DNS The role of ： Convert the entered domain name into the corresponding IP Address to find the right resource location .

Two 、DNS System

in fact , Distributed all over the world 13 platform DNS Root server

13 The distribution location of root servers and IP Address ：

A,INTERNIC.NET（ Virginia, USA ）,IP Address ：198.41.0.4

B, American Institute of Information Science （ California, USA ）,IP Address ：128.9.0.107

C,PSINet company （ Virginia, USA ）,IP Address ：192.33.4.12

D, University of Maryland （ Maryland, USA ） IP Address ：128.8.10.90

E, NASA （ California, USA ）,IP Address ：192.203.230.10

F, Internet Software Alliance （ California, USA ）,IP Address ：192.5.5.241

G, DOD Network Information Center （ Virginia, USA ）,IP Address ：192.112.36.4

H, U.S. Army Research Institute （ Maryland, USA ）,IP Address ：128.63.2.53

I,Autonomica company （ Stockholm, Sweden ）,IP Address ：192.36.148.17

J,VeriSign company （ Virginia, USA ）,IP Address ：192.58.128.30

K,RIPE NCC（ London, England ）,IP Address ：193.0.14.129

L,IANA（ Virginia, USA ）,IP Address ：198.32.64.12

M,WIDE Project（ Tokyo, Japan ）,IP Address ：202.12.27.33

The root server is mainly used to manage the home directory of the Internet , All over the world 13 platform （ this 13 The name of the root DNS server is “A” to “M”）,1 One is the main root

The server is in the United States . rest 12 Secondary root servers , among 9 One in America , The European 2 individual , Located in the UK and Sweden , Asia 1 In Japan .

Forward analysis ：  Search for the corresponding IP Address , Inquire about hosts file （ host A Record ）

Reverse DNS ：  according to IP Address to find the corresponding domain name （ host P Record ）

DNS The structure of the system can be understood as ： root > Top-level domain name > Two level domain name > Three level domain name > Four level domain name

Because of this structure , Therefore, from the perspective of network, the interpretation of domain names is actually the opposite www.baidu.com.cn.

namely ：www              .baidu                  .com                 .cn              .

      Host name      ..  Subdomain     ..          First level domain              Top-level domain         Root region

Top level domain names have ：cn,uk,jp,us,de...( National Area )edu,org,gov,com...( Institutional organization )

Specific meaning and more detailed classification , I won't explain it here .

3、 ... and 、DNS Query type

(1) recursive query
Recursive query is a kind of DNS The query mode of the server is in this mode DNS The server receives client requests , You must reply to the client with an accurate query result . If DNS The server does not store queries locally DNS Information , Then the server will ask other servers , And submit the returned query results to the client . That is, after the client sends the request, it only needs to wait for the result , The middle specific process is handed over to the server to realize .

(2) Iterative query

DNS When inquiring S Server query results , And tell the client another DN Server address , The client will go to this NS The server requests , Follow the loop until the query result is returned . in other words , The client's request needs to be queried one by one to get the result , When the server has no results, it will only provide you with the address of other servers , Instead of asking for information for you .

Local DNS Search order ：

1、 cache

2、/etc/hosts                                                        ( Store the local domain name and IP The mapping relation of )

[[email protected] /]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

3、/etc/resolv.conf                                             （DNS Configuration file for ）       

[[email protected] /]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 114.114.114.114

4、/etc/sysconfig/network-scripts/ifcfg-ens33   （ Configure a single network card DNS）

*114.114.114.114 It's domestic mobile 、 Common to China Telecom and China Unicom DNS, Both mobile phones and computers can be used .

8.8.8.8 yes GOOGLE Provided by the company DNS, The address is universal , relatively speaking , More suitable for foreign countries and users visiting foreign websites

223.5.5.5 and 223.6.66: Alibaba cloud DNS

IPV6 2400:3200:1 and 2400:3200baba::1

Nanjing, jiangsu province ( China Telecom )

The preferred DNS by :218.2.135.1 spare DNS by :61.147.37.1

Four 、DNS Server type

Primary domain server : Responsible for maintaining all domain name information of a region , It's the authoritative source of all the information in a given place , Data can be modified . When building the primary domain name server , It is necessary to establish the address data file of the responsible area .

From the domain name server : When the primary DNS server fails 、 When closed or overloaded , Provide domain name resolution services from the domain name server as a backup service . The resolution results provided from the domain name server are not determined by yourself , But from the main domain name server . When building a slave domain name server , You need to specify the location of the primary domain name server , So that the server can automatically synchronize the address database of the region .

Cache domain name server : Only provide the caching function of domain name resolution results , The purpose is to improve the query speed and efficiency , But there is no domain name database . It obtains the results of each domain name server query from a remote server , And put it in the cache , Use it to respond to future queries for the same information . The cache domain name server is not an authoritative server , Because all the information provided is indirect . When building a cached domain name server , You must set the root domain or specify another DNS Server as the source of resolution .

Forward DNS : Responsible for local query of all non local domain names . After receiving the query request, the forwarding domain name server , Find... In its cache , If it cannot be found, forward the request to the specified domain name server in turn , Until you find the result , Otherwise, the result that cannot be mapped is returned .
 

5、 ... and 、 Forward analysis experiment

1、 stay centos7 Check whether there is Bind Tools , without , Use yum download .

rpm -q Bind
bind-9.11.4-26.P2.el7_9.9.x86_64

2、rpm -qc bind  View the profile location

[[email protected] /]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf               # Master profile 
/etc/named.iscdlv.key
/etc/named.rfc1912.zones      # Zone profile 
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost    # Area data files 
/var/named/named.loopback

3、 Modify area profile , Add forward zone configuration

vim  /etc/named.conf

options {
	listen-on port 53 { 192.168.116.23; };    # Listening port 53,ip192.168.116.23
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { 192.168.116.0/24; };       # Allowed to pass through 192.168.116.0 Network segment 

vim  /etc/named.rfc1912.zones

among ：

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN

It's the dividing line , Upward is forward parsing , Next is reverse parsing

Copy “ Demarcation line ” Configure the above example ：

zone "ljp.com" IN {
        type master;
        file "ljp.com.zone";
        allow-update { none; };
};

4、 Configure forward zone data file

touch  /var/named/ljp.com.zone                 # establish ljp.com.zone Forward data file

cp -p named.localhost ./ljp.com.zone        # take named.localhost Copy with reserved permission to ljp.com.zone

 vim   /var/named/ljp.com.zone   

$TTL 1D
@	IN SOA	ljp.com.  admin.ljp.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ljp.com.
	A	192.168.116.23
	AAAA	::1
IN MX 10                      mail.ljp.com.
WWW IN  A                     192.168.116.23
mail IN  A                    192.168.116.223
ftp     IN CNAME   www       
*       IN   A                192.168.116.200

Start the service

systemctl start named

Turn off firewall

systemctl stop firewalld 

View service status

systemctl status named 

 5、 change dns( Three methods ）

/etc/hosts   （ The amendment takes effect immediately ）

/etc/resolv.conf   （ The amendment takes effect immediately , Others must be deleted DNS）

/etc/sysconfig/network-scripts/ifcfg-ens33   （ After setting, restart the network card device ）

6、 Check the test results

（ Before the test, you should /etc/hosts and /etc/resolv.conf Delete others from the file DNS The server ）

nslookup www.ljp.com
nslookup ljp.com
nslookup mail.ljp.com

[[email protected] network-scripts]# nslookup ljp.com
Server:		192.168.116.23
Address:	192.168.116.23#53

Name:	ljp.com
Address: 192.168.116.23
Name:	ljp.com
Address: ::1

[[email protected] network-scripts]# nslookup mail.ljp.com
Server:		192.168.116.23
Address:	192.168.116.23#53

Name:	mail.ljp.com
Address: 192.168.116.24

[[email protected] network-scripts]# nslookup ftp.ljp.com
Server:		192.168.116.23
Address:	192.168.116.23#53

ftp.ljp.com	canonical name = www.ljp.com.
Name:	WWW.ljp.com
Address: 192.168.116.23