DNS
Introduction to name resolution and DNS
The Domain Name System (DNS) is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it makes it easier for people to access the Internet. DNS uses UDP port 53. Currently, each level of a domain name is limited to 63 characters, and the total length of a domain name cannot exceed 253 characters.
Domain Name System (DNS) is a System for naming machines on the Internet. Just like visiting friends to say how people go to the prophet, the Internet when a host to visit another host, must first know its address, TCP/IP IP address is by four to “. Separate numbers (IPv4 addresses for example, IPv6 addresses for example) are not always as convenient as names, so the domain name system (DNS) is used to manage the relationship between names and IP addresses.
Local name resolution configuration file: hosts
Linux: /etc/hosts windows: C/Windows/system32 / drivers/etc/hosts IP address # format domain/root @ localhost ~ # vim/etc/nsswitch. Conf # modify DNS hosts priority: [root@localhost ~]# grep name /etc/services ## service-name port/protocol [aliases ...] [# comment] nameserver 42/tcp name # IEN 116 nameserver 42/udp name # IEN 116 nicname 43/tcp whois nicname 43/udp whois domain 53/tcp # name-domain server hostname 101/tcp hostnames # usually from sri-nic hostname 101/udp hostnames # usually from sri-nic csnet-ns 105/tcp cso # also used by CSO name server at-nbp 202/tcp # AppleTalk name binding #>Ports are used in the TCP [RFC793] to name the ends of logical # Gracilis Packeten remote config server. The official name is listed as # the primary name, with the unregistered name as an alias. # being registred. The primary names are the registered names, and the # unregistered names used by zebra are listed as aliases. # This port is registered as wnn6, but also used under the unregistered name swat 901/tcp smpnameres # Samba Web Administration Tool ptcnameservice 597/tcp # PTC Name Service ptcnameservice 597/udp # PTC Name Service smpnameres 901/udp # SMPNAMERES oraclenames 1575/tcp # oraclenames oraclenames 1575/udp # oraclenames enl-name 1805/tcp # ENL-Name enl-name 1805/udp # ENL-Name linkname 1903/tcp # Local Link Name Resolution linkname 1903/udp # Local Link Name Resolution bcinameservice 3415/tcp # BCI Name Service bcinameservice 3415/udp # BCI Name Service namemunge 3950/tcp # Name Munging namemunge 3950/udp # Name Munging fmpro-internal 5003/udp # FileMaker, Inc. - Proprietary name binding ub-dns-control 8953/tcp # unbound dns nameserver controlCopy the code2. DNS server type
-
Cache domain name server: caches domain name resolution results to improve query speed and efficiency.
But it does not have its own area address data. When building a cache DNS server, the root domain must be set or specified
Other DNS servers serve as resolution sources.
-
Master DNS: A server that manages and maintains the domain resolution libraries it is responsible for resolving
-
Secondary domain name server
“Copy” (zone transport) parsing library copies from master or slave servers
Serial number: the resolver version number, which increases in sequence as the master resolver changes
Refresh interval: The interval between requests for synchronization resolution from the master server
Retry interval: The interval between retry attempts when a request from the server fails to synchronize
Expiration time: Specifies the period after which the secondary server stops services when the primary server cannot be contacted
Notification mechanism: The master server actively notifies the slave server of any changes to the resolution library
IPv4 root name servers: there are 13 DNS servers that resolve root domains around the world, 10 in the United States, 1 in the United Kingdom, 1 in Sweden, and 1 in Japan
IPv6 root name servers: there are 25 root name servers in the world, including one primary name server in China and three secondary name servers in the United States
3. DNS query types and principles
3.1 Query Methods
- Recursive query: The query between the client and the local DNS server is recursive. That is, after the client sends a request to the DNS server,
If the DNS server cannot resolve the DNS server, it sends a query request to another DNS server to obtain a positive or negative result
This is then passed on to the client. The source and target of this query remain the same, and you only need to issue a query once for the results. (No need to do it yourself)
- Iterative query: Generally (with exceptions) the local DNS server queries other DNS servers iteratively, for example, if yes
If the party cannot return the authoritative result, it will initiate the next DNS server (refer to the result returned by the previous DNS server)
Query until the result of the query is returned. The source of this query is unchanged, but the target of the query is constantly changing, which is generally required for the query result
Make multiple queries. (Do it yourself)
3.2 Query Process
The forward lookup query process is as follows: (1) Query the local cache records (2) query the hosts file (3) Query the DNS domain name server (DNS) and submit the query process to the DNS domain name server (DNS). I want an answer you will give me the result directly (4) the DNS server may be local domain name server, also have a cache, if there is a direct return a result, if not then on to the next step (5) for the root domain server, root domain server returns may know the result of top-level domain server to let him go to top-level domain server 6. Turn to the top-level domain server, Top-level domain server returns are likely to know the result of secondary domain server, but he went to the secondary domain server all landowners for secondary domain server, secondary domain server queries found is my host, the query to the IP address of the returns to the local domain name server end local domain name server record results to the cache, then the corresponding relationship between domain name and IP returned to the client
In Windows, run the ipconfig /displaydns command to clear the DNS cache in Windows, run the ipconfig /flushdns command
To clear DNS cache in Linux, install the NSCD software and start and run NSCD -i hosts
======DNS distributed Internet DNS resolution library ===== Large and distributed Internet DNS resolution library root. Root DNS server: dedicated to root domain DNS server level 1: Specialized in domain name resolution (generally representing a type of organization or country).com(industrial and commercial enterprise).net(network provider).edu(educational institution).cn(Chinese national domain name).org(organization).gov (government department) Secondary DNS server: Net.cn.edu.cn.com.cn Subdomain name DNS server: specialized in resolving subdomain names. Also called ina.com.cn. Pku.edu.cn Host site tts9 tts6 Mail WWW
Domain name Agent/Registration/purchase service provider – xinwang, www.xinnet.com – Wanwang, www.net.cn – China Internet, Hulian. Top China data
Domain name Architecture All domain names must end with a dot www.qq.com. www.baidu.com Root domain name (.) First class domain name:.cn (China).us.tw.kr (Korea).jp (Japan).hk (Hong Kong) UK (UK)……..
Secondary domain name: com.cn(Chinese commercial organization) edu.cn(educational institution) org.cn(non-profit).net.cn(Chinese operator)
Level 3 domain name: sina.com.cn nb.com.cn Haixi.com.cn………
Organization domain:.com.org.net.cc
Country region:.cn.tw (Taiwan).hk(Hong Kong).Ii.ir.JP (Japan)
4. Forward parsing
4.1Various resource records
Area resolution library: consists of multiple Resource records (RRS)
Record types: A, AAAA, PTR, SOA, NS, CNAME, MX
SOA: Start Of Authority, Start authorization record. A zone resolution library has and can only have one SOA record, which must be located in the solution
The first record in the repository, SOA, is the origin authority record, which indicates which of the many NS records is the primary server. In any DNS record file, it starts with SOA (Startof Authority) record. The SOA resource record indicates that this DNS name server is the best source of data information for the DNS domain.
A (Internet Address) : function. The domain name is resolved into an IP Address
AAAA (FQDN) : –> IPV6
PTR (PoinTeR) : PoinTeR is reversed to resolve an IP address into a domain name
NS (Name Server) : specifies the DNS Server of the current zone. The Server type is domain Name Server
CNAME: Canonical Name, alias record
MX Mail eXchanger (11003
TXT: identifies and describes domain names. This parameter is used for authentication records, for example, SPF (anti-spam)
Documents) records, HTTPS authentication, etc
The differences between SOA records and NS records are as follows: NS records represent DNS records, which specify the DNS server to resolve the domain name. The SOA record sets information such as data version and update and expiration time.
4.4.1 SOA record
Name: indicates the current region name, for example, “kgc.com.”
Value: Consists of multiple parts
Note:
-
Forward lookup of the active DNS server of the current zone. You can also use the name of the current zone
-
Email address of the current regional administrator. But you can’t use the @ sign in the address. replace
For example: admin.kgc.com
- Unified TTL for master and slave servant region transport definitions and negative answers
Example:
$TTL 1D
@ IN SOA master.kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
Copy the code4.1.2 NS records
Name: indicates the name of the current region
Value: indicates the name of a DNS server in the current zone, for example, ns.kgc.org.
Note:
-
If the names of two adjacent resource records are the same, the subsequent records can be omitted
-
For NS records, any server name that follows an NS record should be followed by an A record
-
An area can have multiple NS records
sample
master IN NS kgc.com.
master IN NS kgc.com.
Copy the code4.1.3 MX records
Name: indicates the name of the current region
Value: indicates the host name of a mail server (SMTP server) in the current zone
Note:
- There can be multiple MX records in a region; However, the value of each record should be preceded by a number (0-99) indicating the value of this server
The priority; A smaller number indicates a higher priority
- For MX records, any server name that follows an MX record should be followed by an A record
Example:
Mail IN MX 10 mx1.kgc.org. IN MX 20 mx2.kgc.org. mx1 A 192.168.91.10 mx2 A 192.168.91.10Copy the code4.1.4 A record
Name: indicates the domain name resolution of a host, for example, www.kgc.com
Value: indicates the IP address of the host
To avoid incorrect answers when a user writes a wrong name, the user can use the universal domain name resolution to resolve the name to a specific address
Example:
IN A 2.2.2.2 www.kgc.com. IN A 3.3.3.3 www.kgc.com. IN A 4.4.4.4 * IN A 5.5.5.5# stands for generic domain nameThe @in 6.6.6.6 A# means no name required
Copy the code4.1.5 PTR records
name: IP, has a specific format, write the IP address in reverse, 1.2.3.4, write 4.3.2.1; It has a special suffix: inaddr.arpa. So the complete writing is: 4.3.2.1.in-addr.arpa.value: FQDN
Copy the codeSuch as:
3.2.1. The in - addr. ARPA. PTR in www.kgc.org.1.2.3 network address
4 IN PTR www.kgc.com
Copy the code4.1.6 CNAME Alias Records
Name: FQDN of the alias value: FQDN of the real name ftp.kgc.com. IN CNAME www.kgc.comCopy the code# fixed formatName [TTL] IN rr_type value Cache duration Internet record area parsing library value$TTL1D @ IN SOA master.kgc.com. admin.kgc.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; Master A 192.168.91.100 WWW A 192.168.91.103 db A 192.168.91.101 IN MX 10 mail.kgc.mail A 192.168.91.10 FTP CNAME WWW$TTL 1D Parse the lifetime of records effectively
@ in SOA benet.com. admin.benet.com. ( The # "@" symbol indicates the current DNS zone name0; serialThe sequence number can be an integer up to 10 digits
1D ; refresh # refresh time, the interval between redownloading address data
1H ; retry Retry delay, retry interval after download failure
1W ; expire # expire time, after this time still cannot download, abandon #
3H) ; minimum # invalid parse record lifetime,
NS benet.com. Record the name of the DNS server in the current zone
A 192.168.80.10 Record the host IP address
IN MX 10 mail.benet.com. #MX indicates the mail exchange record. The higher the number, the lower the priorityWWW IN 192.168.80.10 ARecord the IP address corresponding to www.benet.comMail IN A 192.168.80.11#MX indicates an email exchange record. A larger number has a lower priority
ftp IN CNAME www FTP is an alias for WWW
* IN A 192.168.80.100 * stands for any host name
Copy the codeNote:
-
TTL can be inherited globally
-
Use the “@” sign to refer to the domain name of the current region
-
Multiple different values can be defined for the same name through multiple records; The DNS server responds in polling mode
-
The same value may have several different definition names; Define the same value with multiple different names; This parameter only indicates pass
Multiple names can be used to find the same host
5. Experiment — DNS forward lookup
2, vim /etc/named.conf listen-on port 53 {any; }; Allow-query {any; }; Vim /etc/named.rfc122. zones zone "lyn.com" IN {type master; Copy 5 lines of file "lyn.com.zone"; }; 4, CD /var/named/ 2, cp -p named. Localhost lyn.com.zone 6, vim lyn.com.zone @in SOA master admin.lyn.com. (0; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; Minimum, NS master master A 192.168.58.5 WWW A 192.168.58.6 * A 192.168.58.6@a 192.168.58.6 FTP CNAME WWW 7 vim /etc/sysconfig/network-scripts/ifcfg-ens33 DNS1=192.168.58.5 ### namedCopy the code6. Experiment — DNS reverse lookup
[root@localhost named]#vim /etc/named.zones # zone "91.168.192.in-addr. ARPA "in {type master; file "ky15.com.zone"; allow-update { none; }; }; [root@localhost named]#cp -p kgc.com.zone ky15.com.zone # copy forward lookup file [root@localhost named]#chmod 640 ky15.com.zone; CHGRP named ky15.com.zone [root@localhost named]#vim ky15.com.zone # edit file TTL 1D @in SOA master.yun.admin.yun.com. (0; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; Minimum NS master.yun.com. Master A 192.168.91.100 100 IN PTR www.yun.com. 88 IN PTR ftp.yun.com.Copy the code7. Experiment — DNS primary/secondary replication
***** : yum install bind-y: yum install bind-y: vim /etc/named.conf listen-on port 53 {any; }; Allow-query {any; }; Vim /etc/named.rfc122. zones zone "lyn.com" IN {type master; Copy 5 lines of file "lyn.com.zone"; }; Zone $TTL 1D @ IN SOA master rname.invalid. (0; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; Minimum NS master master A 192.168.58.100 WWW A 192.168.58.100 6, vim /etc/sysconfig/network-scripts/ifcfg-ens33 DNS2=192.168.58.6 ### named server IP 1, vim /etc/named.conf listen-on port 53 {any; }; Allow-query {any; }; Vim /etc/named.rfc192. zones zone "lyn.com" IN {type slave; file "slave/lyn.com.zone"; Masters {192.168.58.5; }; Primary server IP address}; 4, systemctl start named 4, systemctl stop firewalld.service 4, setenforce 0, /var/named/slaves/ if there is a master server fileCopy the code8. Experiment — DNS separation and resolution
Experimental environment:
Configure the Linux server with two nics in host mode only
Ens33:192.168.100.1
Ens37:12.0.0.1
Windows 7 as extranet: 12.0.0.12 255.0.0.0
Windows 10 as Intranet: 192.168.100.100
[root@test5 ~]# vim /etc/named.conf ## listen-on port 53 {any; }; allow-query { any; }; Zone "." IN {type hint; file "named.ca"; }; [root@test5 named]# vim /etc/ named.zones ### Named.zones view "LAN" {match-clients {192.168.100.0/24; }; Zone "kgc.com" IN {type master; file "kgc.com.lan"; }; zone "." IN { type hint; file "named.ca"; }; }; View "wan" {match-clients {12.0.0.0/24; }; zone "kgc.com" IN { type master; file "kgc.com.wan"; }; zone "." IN { type hint; file "named.ca"; }; }; [root@test5 named]# vim kgc.com.lan $TTL 1D @ IN SOA master.kgc.com. admin.kgc.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; Minimum NS master master A 192.168.100.1 WWW A 192.168.100.88 SFTP A 192.168.100.99 [root@test5 named]# vim kgc.com.wan $TTL 1D @ IN SOA master.kgc.com. admin.kgc.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; Minimum NS master Master A 12.0.0.1 WWW A 12.0.0.1 SFTP A 12.0.0.1 ~Copy the code