当前位置：网站首页>DNS domain name resolution

DNS domain name resolution

2022-07-02 02:05:00 【Hadron's blog】

One , Domain name service

1, What is the DNS

DNS DNS is a core service of the Internet , It is used to IP A distributed database with address mapping , Make it easier for people to access the Internet , Instead of remembering what can be read directly by the machine IP Number string . The global 13 platform DNS Root server distribution ： The United States VeriSign company 　2 platform Network management organization IANA(Internet Assigned Number Authority)　1 platform European network management organization RIPE-NCC(Resource IP Europeens Network Coordination Centre)　1 platform The United States PSINet company 　1 platform The United States ISI(Information Sciences Institute)　1 platform The United States ISC(Internet Software Consortium)　1 platform University of Maryland (University of Maryland)　1 platform NASA (NASA)　1 platform Us department of defense 　1 platform U.S. Army Research Institute 　1 platform The Norwegian NORDUnet　1 platform Japan WIDE(Widely Integrated Distributed Environments) Research plan 　1 platform “ All over the world 13 platform （ this 13 The name of the root DNS server is “A” to “M”）,1 Primary root servers in the United States . rest 12 Secondary root servers , among 9 One in America , The European 2 individual , Located in the UK and Sweden , Asia 1 In Japan

2,DNS The role of

Forward analysis ： Search for the corresponding IP Address Reverse DNS ： according to IP Address to find the corresponding domain name ( Anti spam verification )

3,DNS Protocol and port number used

DNS The default port of is 53, Ports are divided into TCP and UDPTCP For area transfer , Mostly used for master-slave synchronization

In a district DNS The server reads the data file of this area DNS Data and information , And auxiliary DNS The server is from the master of the zone DNS The server reads the DNS Data and information .

UDP Used to do DNS analysis

domain name ： Usually a fully qualified domain name （FQDN） identification .FQDN Full name Fully Qualified Domain Name , It can accurately express its relative to DNS The location of the root of the domain tree , That is to say, node to DNS The complete expression of tree roots , Reverse writing from node to root , And use “.” Separate , about DNS Domain google Come on , Its fully official domain name （FQDN） by google.com. for example ,google by com A subdomain of a domain , Its expression is google.com, and www by google A subdomain in a domain , have access to www.google.com. Express .

4, Domain name composition

      
      
       
       1 http://www.sina.com.cn./
       
       
2 http:// host . Subdomain . The secondary domain . Top-level domain   Root region /
      
      
      
      
       
       1.
       
       2.

5,DNS Domain name resolution process

Forward analysis ：FQDN--------IP（ One to many ）------ Forward parsing is generally used Reverse DNS ：IP------------FQDN FQDN：(Fully Qualified Domain Name) Fully qualified domain name ： Name with both host name and domain name . From the information contained in the fully qualified domain name, we can see the location of the host in the domain name tree .

1. Forward parsing process ：

1） First query the local cache records ; 2） Inquire about hosts file ; 3） Inquire about dns Domain name server , hand dns Domain name server processing 4） This dns The server may be a local domain name server , There is also a cache , If there is a direct return result , If there is no , Go to the next step 【 client --- Local dns The server ： It belongs to recursive query 】

5） Help the root domain server , The root domain server returns the top-level domain server that may know the result , Let him find the top-level domain server 6） Help the top-level domain server , The top-level domain server returns the secondary domain server that may know the result , Let him find the secondary domain server 7） Turn to the secondary domain server , The secondary domain server found that it is my host , Find out IP The address is returned to the local domain name server 8） The local domain name server logs the results to the cache , Then put the domain name and IP The corresponding relationship is returned to the client 【 Local dns The server ---- Extranet ： It belongs to iterative query 】

2. Two ways to query

1） recursive query

DNS The server received a client request , You must reply to the client with an accurate query result ; if DNS The server does not store queries locally DNS Information , The server will ask other servers , And return the query results to the client 【 After the client sends the request , Just wait for the result , The specific process in the middle is left to the server 】

2） Iterative query （ Heavy guidance ）

When the client sends a query request ,DNS The server does not reply directly to the query results , Instead, tell the client another DNS Server address ; The client is here DNS The server submits the request , Loop back and forth until the result of the query is returned 【 The client's request needs to be queried one by one to get the result , When the server has no results, it will only give you the address of other servers , Instead of asking for your inquiry 】

Sum up ：

Recursive query , There are only two results returned : Iterative query is also called re guidance , The best query point or host address is returned .

【windows System query dns Cache command ：ipconfig /displaydnswindows System cleanup dns Cache command ：ipconfig /flushdnslinux clear dns Cache needs to be installed nscd Software , start-up 、 perform nscd -i hosts】

6, Domain name Architecture

1）DNS Distributed Internet parsing library

root . Root domain name DNS The server ：

Located at the top of the domain name space , Usually use one “.” Express ; Responsible for root domain name

Class A DNS The server （ Top-level domain ）：

Responsible for first level domain name resolution （ A type of organization or country ）

      
      
       
       .com( Business circles   Enterprises )   .net( Network providers )   .edu( educational services )    .cn( Chinese national domain name )   .org( Group organizations )      .gov ( Government sector )
      
      
      
      
       
       1.

second level DNS The server ：

Specify a specific organization within the top-level domain , The secondary domain names under the national top-level domain are managed by the national network department ; Responsible for secondary domain name resolution

      
      
       
        The secondary domain name set under the top-level domain name : .com.cn  .net.cn   .edu.cn
      
      
      
      
       
       1.

subdomain DNS The server ： Also known as tertiary domain name Organizations or users are free to apply for their own domain names

2） Domain name Architecture

      
      
       
        All domain names must end with a dot ：www.qq.com.   www.baidu.com
       
       
 Root domain name （.）
       
       
 First level domain name ：.cn（ China ） .kr（ South Korea ） .jp（ Japan ） .hk（ Hong Kong ）.uk( The British ) 
       
       
 Two level domain name ：.com.cn( Chinese business organizations ) edu.cn( educational services )  .org.cn( uncommercially ) .net.cn( Chinese operators )
       
       
 Three level domain name ：sina.com.cn nb.com.cn haixi.com.cn .........
       
       
 Organizational domain ：.com .org .net .CC
       
       
 National domain ：.cn .tw（ Taiwan ） .hk( Hong Kong ) .iq .ir .jp（ Japan ）
       
       
 Reverse domain 
       
       
-----------------------------------
       
       
 The copyright belongs to the author ： come from 51CTO The original work of the blogger's angry code , Please contact the author for permission to reprint , Otherwise, the legal liability will be investigated 
       
       
DNS Domain name resolution 
       
       
https://blog.51cto.com/u_15436647/4935890
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.
       
       7.
       
       8.
       
       9.
       
       10.
       
       11.
       
       12.

common ： 114.114.114.114 It's domestic mobile 、 Common to China Telecom and China Unicom DNS 8.8.8.8 yes GOOGLE Provided by the company DNS, The address is universal 223.5.5.5 and 223.6.6.6： Alibaba cloud DNS Nanjing, jiangsu province ( China Telecom ) The preferred DNS by ：218.2.135.1 spare DNS by ：61.147.37.1

Two ,DNS Server type

1） Primary domain server ：

Responsible for maintaining all domain name information of a region , It's the authoritative source of all the information in a given place , Data can be modified . When building the primary domain name server , It is necessary to establish the address data file of the responsible area .

2） From the domain name server ：

When the primary DNS server fails 、 When closed or overloaded , Provide domain name resolution services from the domain name server as a backup service . The resolution results provided from the domain name server are not determined by yourself , But from the main domain name server . When building a slave domain name server , You need to specify the location of the primary domain name server , So that the server can automatically synchronize the address database of the region .

3） Cache domain name server ：

Only provide the caching function of domain name resolution results , The purpose is to improve the query speed and efficiency , But there is no domain name database . It obtains the results of each domain name server query from a remote server , And put it in the cache , Use it to respond to future queries for the same information . The cache domain name server is not an authoritative server , Because all the information provided is indirect . When building a cached domain name server , You must set the root domain or specify another DNS Server as the source of resolution .

4） Forward DNS ：

Responsible for local query of all non local domain names . After receiving the query request, the forwarding domain name server , Find... In its cache , If it cannot be found, forward the request to the specified domain name server in turn , Until you find the result , Otherwise, the result that cannot be mapped is returned .

Improve cluster speed ：host Configure the hostname in the file +IP Address

BIND The software package is as follows

bind-9.9.4-37.el7.x86_64.rpm // Provides the main procedures and related documents of domain name service .

bind-utils-9.9.4-37.el7.x86_64.rpm // Provide for the right to DNS Server test tool program , Such as nslookup etc.

bind-libs-9.9.4-37.el7.x86_64.rpm // Provides bind、bind-utils Library functions to be used .

bind-chroot-9.9.4-37.el7.x86_64.rpm // by BIND The service provides a disguised root directory （ take /var/named/chroot/ Folder As BIND Root directory of the service ）, To improve security .

To configure ：

install bind software package

yum install bind -y （ Network source or CD must be mounted ） or rpm -ivh The premise is to mount the CD （ System disk ISO Mirror image ）

Modify the main configuration file

vim /etc/named.conf

options {

listen-on port 53 { 192.168.10.10; }; ● monitor 53 port ,ip Address uses the local where the service is provided IP, Also available any Express all

#listen-on-v6 port 53 { ::1; }; #ipv6 Lines can be commented out or deleted if they are not used

directory undefined/var/namedundefined; # The default storage location of area data file

dump- file undefined/var/named/data/cache_dump.dbundefined; # Location of domain name cache database file

statistics-file undefined/var/named/data/named stats.txtundefined; # The location of the status statistics file

memstatistics-file undefined/var/named/data/named mem stats.txtundefined; # Location of memory statistics file

allow-query { 192.168.10.0/24; 172.16.30.0/24; };● Allow to use this DNS The network segment of the resolution service , Also available any On behalf of all

}

zone undefined.undefined IN {# Forward analysis “.undefined Root area

type hint;# The type is the root region

file undefinednamed.caundefined;# The area data file is named.ca,# Recorded 13 The domain name of the root domain server and IP Address and other information

};

include undefined/etc/named. rfc1912. zonesundefined; # Contains all the configurations in the zone configuration file

Configure forward zone data file

cd /var/ named/

cp -p named.localhost ceshi.com.zone # Keep the permissions of the source file and the properties of the owner

vim /var/named/ceshi.com.zone

$TTL 1D # The lifetime of valid resolution records

@ in SOA ceshi.com. admin.ceshi.com. ( #“@undefined The symbol represents the current DNS Area name

0 ; serial # Update serial number , It can be 10 Integers within bits

1D ; refresh # Refresh time , The interval between re downloading address data

1H ; retry # Retry delay , Retry interval after download failure

1W ; expire # Failure time , If you still can't download after this time, give up #

3H) ; minimum # Invalid lifetime records for resolution ,

NS ceshi.com. # Record the current area of DNS Name of the server

A 192.168.10.10 # Recording host IP Address

IN MX 10 mail.ceshi.com. #MX Record for mail exchange , The higher the number, the lower the priority

www IN A 192.168.10.10 # Record forward resolution www.ceshi.com Corresponding IP

mail IN A 192.168.10.11 #MX Record for mail exchange , The higher the number, the lower the priority

ftp IN CNAME www #CNAME Use the alias ,ftp yes www Another name for

* IN A 192.168.10.100 # Pan domain name resolution ,“*undefined Represents any host name

Start the service , Turn off firewall

systemctl start named

systemctl stop firewalld

setenforce 0

# If the service fails to start , You can view the log file to troubleshoot errors

tail -f /var/log/messages

Add... In the domain name resolution configuration file of the client DNS Server address

vi /etc/resolv .conf

# The modification will take effect immediately

nameserver 192.168.10.10

vi /etc/sysconfig/network-scripts/ifcfg-ens33

# After modification, you need to restart the network card

test DNS analysis

host www.ceshi.com

nslookup www.ceshi.com

Reverse DNS

vim /etc/named.rfc1912.zones

// 192.168.10.0 The reverse is 10.168.192

zone undefined10.168.192.in-addr.arpaundefined IN {

type master;

file undefinedceshi.com.zone.localundefined; // Specify the data file for reverse parsing , It can also be the same as the forward parsing data file

allow-update { none; };

};

cd /var/named/

cp -p ceshi.com.zone ceshi.com.zone.local

$TTL 1D # The lifetime of valid resolution records , The default unit is seconds

@ IN SOA ceshi.com. admin.ceshi.com. ( #SOA Mark 、 Domain name and administrator email ,@ The variable represents the domain name

0 ; serial # Update serial number ,10 Numbers within digits , For master-slave synchronization , The value of the master server should be greater than that of the slave server, otherwise it cannot be synchronized

1D ; refresh # Refresh time

1H ; retry # Retry refresh interval

1W ; expire # Failure time , After that time, give up

3H ) ; minimum # Invalid lifetime records for resolution

NS ceshi.com.

A 192.168.10.10

100 IN PTR www.ceshi.com.

200 IN PTR mail.ceshi.com.

# 20 yes 192.168.10.10 It means

# PTR Reverse pointer function ： Reverse DNS

systemctl restart named //rndc reload You can also reload the configuration file

host 192.168.10.10

// The domain name will be resolved in reverse www.ceshi.com

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.

27.

28.

29.

30.

31.

32.

33.

34.

35.

36.

37.

38.

39.

40.

41.

42.

43.

44.

45.

46.

47.

48.

49.

50.

51.

52.

53.

54.

55.

56.

57.

58.

59.

60.

61.

62.

63.

64.

65.

66.

67.

68.

69.

70.

71.

72.

73.

74.

75.

76.

77.

78.

79.

80.

81.

82.

83.

84.

85.

86.

87.

88.

89.

90.

91.

92.

93.

94.

95.

96.

97.

98.

99.

100.

101.

原网站

版权声明
本文为[Hadron's blog]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202152108268404.html