当前位置:网站首页>DNS review
DNS review
2022-06-26 00:08:00 【XUPT-BDAL-LAB-ML&OP】
sketch
In order to lower the threshold for users to access network resources , The domain name system (Domain Name System,DNS) Technology came into being . This is a program for managing and resolving domain names and IP The technology of address correspondence . Simply speaking , It can accept the domain name or IP Address , And then automatically find a match with it ( Or have a mapping relationship ) Of IP Address or domain name , Resolve domain name to IP Address ( Forward analysis ), Or will IP Address resolution to domain name ( Reverse DNS ). thus , Just enter the domain name in the browser to open the website you want to visit .DNS The forward resolution of domain name resolution technology is also one of the most commonly used working modes .
3 Two types of servers .
master server : Unique in a specific area , Responsible for maintaining domain names and IP Correspondence between addresses .
From the server : Get the domain name and IP Address correspondence and maintenance , In case the main server goes down .
Cache server : Get the domain name and... By querying other domain name resolution servers IP Correspondence of address , And often query the domain name information saved to the server local , In order to improve the efficiency of repeated queries .
A query
DNS The domain name resolution service adopts Distributed Data structure to store a large number of “ Regional data ” Information , When executing the domain name query request initiated by the user , have recursive query and Iterative query Two ways .
Recursive query , Refer to DNS When the server receives a user initiated request , An exact query result must be returned to the user . If DNS The server does not store the corresponding information locally , Then the server needs to ask other servers , And submit the returned query results to the user .
And iterative query means ,DNS When the server receives a user initiated request , Do not reply directly to the query results , But tell the other one DNS The address of the server , The user asked this DNS The server submits the request , This is repeated in turn , Until the query result is returned .
Domain name classification
. : Root region , Omit not to write
com: Top-level domain , from ICANN Organization designation and management
classification :
Country / region domain name :cn( China )、hk( Hong Kong )、sg( Singapore ) Such as the general top-level domain name :com( business organization )、org ( Non profit organization )、edu( educational services ) And so on :red( Red 、 Enthusiasm )、top( top 、 High-end ) etc.
atguigu: The secondary domain ( Register domain ), Registration can be applied for by individuals or organizations
www: Level 3 domain ( Subdomain ), The server site name represents
Host name :s1.www.atguigu.com. Medium s1 That's the hostname , It is generally used to represent a specific host
technological process
- In the first place to find /etc/hosts
- Find the local cache
- Request forwarding to specify DNS The server
- Check whether the domain name is resolved locally
- lookup DNS Server cache
- Send to the root server DNS request , return org Domain address list
- Use one of org Domain ip, send out DNS request ,org Domain returns kernel Domain server address list
- Use one of kernel Domain ip, send out DNS request ,kernel Domain returns www.kernel The host ip Address , Local DNS When the service is received , Back to the client , And locally DNS The server keeps a copy of
Software information
The software name bind or bind-chroot
service name named
port 53
To configure
/etc/named.conf
The first 11 Xing He 19 The address of the line is changed to any, Represents all of... On the server IP Address is available DNS Domain name resolution service , And allow everyone to send DNS Query request . These two places must be revised accurately
[[email protected] ~]# vim /etc/named.conf
1 //
2 // named.conf
3 //
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
5 // server as a caching only nameserver (as a localhost DNS resolver only).
6 //
7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
8 //
9
10 options {
11 listen-on port 53 {
any; };
12 listen-on-v6 port 53 {
::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 secroots-file "/var/named/data/named.secroots";
18 recursing-file "/var/named/data/named.recursing";
19 allow-query {
any; };
20
21 /*
22 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
23 - If you are building a RECURSIVE (caching) DNS server, you need to enable
24 recursion.
25 - If your recursive DNS server has a public IP address, you MUST enable access
26 control to limit queries to your legitimate users. Failing to do so will
27 cause your server to become part of large scale DNS amplification
28 attacks. Implementing BCP38 within your network would greatly
29 reduce such attack surface
30 */
31 recursion yes;
32
33 dnssec-enable yes;
34 dnssec-validation yes;
35
36 managed-keys-directory "/var/named/dynamic";
37
38 pid-file "/run/named/named.pid";
39 session-keyfile "/run/named/session.key";
40
41 /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
42 include "/etc/crypto-policies/back-ends/bind.config";
43 };
44
45 logging {
46 channel default_debug {
47 file "data/named.run";
48 severity dynamic;
49 };
50 };
51
52 zone "." IN {
53 type hint;
54 file "named.ca";
55 };
56
57 include "/etc/named.rfc1912.zones";
58 include "/etc/named.root.key";
59
Zone profile /etc/named.rfc1912.zones
Data profile /etc/named/XXXX
experiment
basic
positive
vim /etc/named.conf
listen-on port 53 {
any; };
allow-query {
any; };
vim /etc/named.rfc1912.zones
zone "syh.com" IN {
type master;
file "syh.com.zone";
allow-update {
none;};
};
cp -a named.localhost /etc/named/syh.com.zone
vim /var/named/syh.com.zone
$TTL 1D
@ IN SOA syh.com. root.syh.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.syh.com.
ns IN A 192.168.222.110
vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
IPADDR=192.168.222.110
NETMASK=255.255.255.0
DNS1=192.168.222.110
GATEWAY=192.168.222.110
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="ens33"
UUID="b5c352d6-b21b-4925-8cc0-a2f6f287b876"
DEVICE="ens33"
ONBOOT="yes"
service network restart
[[email protected] named]# nslookup ns.syh.com
Server: 192.168.222.110
Address: 192.168.222.110#53
Name: ns.syh.com
Address: 192.168.222.110
reverse
vim /etc/named.rfc1912.zones
zone "syh.com" IN {
type master;
file "syh.com.zone";
allow-update {
none;};
};
zone "222.168.192.in-addr.arpa" IN {
type master;
file "192.168.222.arpa";
};
cp -a /var/named/named.loopback /var/named/192.168.222.arpa
Master slave service
Lord
vim /etc/named.rfc1912.zones
zone "syh.com" IN {
type master;
file "syh.com.zone";
allow-update {
192.168.222.111; };
};
zone "222.168.192.in-addr.arpa" IN {
type master;
file "192.168.222.arpa";
allow-update {
192.168.222.111; };
};
from
vim /etc/named.conf
listen-on port 53 {
any; };
allow-query {
any; };
vim /etc/named.rfc1912.zones
zone "syh.com" IN {
type slave;
masters {
192.168.222.110; };
file "slaves/syh.com.zone";
};
zone "222.168.192.in-addr.arpa" IN {
type slave;
masters {
192.168.222.110; };
file "slaves/192.168.222.arpa";
};
Cache server
1
forwarders { The superior DNS Server address ; };”, The superior DNS The server address refers to the server that gets the data configuration file .
vim /etc/named.conf
allow-query {
any; };
forwarders {
210.73.64.1; };
yum install dnsmasq -y
vim /etc/dnsmasq.conf
# Include all files in /etc/dnsmasq.d except RPM backup files
domain=www.syh.com
server=192.168.222.110
cache-size=15000
intelligence DNS
dns
The first 1 Step : modify bind The main configuration file of the service program , The first 11 Line monitor port and line 19 The allowed query host of line is modified to any. Because of the configuration DNS Separate the parsing function from DNS There is a conflict in the root server configuration parameters , So we need to put 52~55 Delete the root domain information of line .
The first 2 Step : Edit area profile . Clear the original data in the regional configuration file , Then write the parameters in the following format . use first acl Parameters define two variable names (china And america), When the following needs to match IP The address can only be written in the variable name , It's not only easy to read and recognize , It's also good for modification and maintenance . The difficulty here is to understand view Function of parameters . Its function is to judge the user's IP Is the address Chinese or American , Then load different data configuration files separately (linuxprobe.com.china or linuxprobe.com.america). such , When the corresponding IP After the address is respectively written to the data configuration file , That is to say DNS The separation and analysis function of . thus , When Chinese users visit linuxprobe.com Domain name , Will follow linuxprobe.com.china In the data configuration file IP Address to find the corresponding server .
acl "china" {
122.71.115.0/24; };
acl "america" {
106.185.25.0/24; };
view "china" {
match-clients {
"china"; };
zone "syh.com" {
type master;
file "syh.com.china";
};
};
view "america" {
match-clients {
"america"; };
zone "syh.com" {
type master;
file "syh.com.america";
};
};
The first 3 Step : Create a data profile . Create two regional data files with different names through template files , Its name should correspond to the parameters in the area configuration file above .
[[email protected] ~]# cd /var/named
[[email protected] named]# cp -a named.localhost syh.com.china
[[email protected] named]# cp -a named.localhost syh.com.america
[[email protected] named]# vim syh.com.china
topic
https://www.linuxprobe.com/basic-learning-13.html#136
边栏推荐
- 如何配置SQL Server 2008管理器_过路老熊_新浪博客
- Topic36——53. 最大子数组和
- Building cloud computers with FRP
- 10.4.1、數據中臺
- About the solution to prompt modulenotfounderror: no module named'pymongo 'when running the scratch project
- Literature research (III): overview of data-driven building energy consumption prediction models
- Stop eating vitamin C tablets. These six fruits have the highest vitamin C content
- Implement const in Es5
- 正则表达式介绍及一些语法
- DateTimeFormatter与LocalDateTime
猜你喜欢
Literature research (IV): Hourly building power consumption prediction based on case-based reasoning, Ann and PCA
Literature research (I): hourly energy consumption prediction of office buildings based on integrated learning and energy consumption pattern classification
《网络是怎么样连接的》读书笔记 - 集线器、路由器和路由器(三)
The role of iomanip header file in actual combat
猕猴桃酵素的功效_过路老熊_新浪博客
文献调研(二):基于短期能源预测的建筑节能性能定量评估
WINCC与STEP7的仿真连接_过路老熊_新浪博客
Redis jump table
Circuit de fabrication manuelle d'un port série de niveau USB à TTL pour PL - 2303hx Old bear passing Sina blog
My blog is 2 years old and 167 days old today. I received the pioneer blogger Badge_ Old bear passing by_ Sina blog
随机推荐
Common methods of object class
SMT贴片加工PCBA板清洗注意事项
文献调研(四):基于case-based reasoning、ANN、PCA的建筑小时用电量预测
Redis之内存淘汰机制
Keil compilation run error, missing error: # 5: # includecore_ cm3.h_ Old bear passing by_ Sina blog
猕猴桃酵素的功效_过路老熊_新浪博客
Rocket之消息存储
正则表达式介绍及一些语法
SPI锡膏检查机的作用及原理
10.2.2、Kylin_kylin的安装,上传解压,验证环境变量,启动,访问
如何绕过SSL验证
详解synchronize关键字
Redis memory elimination mechanism
ValueError: color kwarg must have one color per data set. 9 data sets and 1 colors were provided
懒人教你用猕猴桃一月饱减16斤_过路老熊_新浪博客
About the solution to prompt modulenotfounderror: no module named'pymongo 'when running the scratch project
10.2.3、Kylin_ The dimension is required for kylin
How postman tests interfaces that require login
电路板去板边—V-Cut分板机注意事项
Implement const in Es5