Linux: DNS server setup

Link: https://www.cnblogs.com/yanlzy/p/11918018.html

Introduction to DNS

DNS (Domain Name System):
A system that uses a client/server mechanism to convert computer names to IP addresses. As an important network service, DNS is not only the basis for the work of the international Internet, but is also widely used in corporate internal networks.

DNS server Role

Forward resolution: Find the corresponding IP address based on the host name (domain name)
Reverse resolution: Find the corresponding host domain name based on the IP address

Distributed data structure of the DNS system

DNS query method

Recursive query: The way most clients resolve domain names to DNS servers 
Iterative query: The way most DNS servers resolve domain names to other DNS servers

Types of DNS servers

Caching DNS

Cache domain name server: also known as a high-speed cache server, it obtains domain name->IP address records by querying other domain name servers, caches the domain name query results locally, and improves the speed of repeated queries.

Primary DNS Server

Primary domain name server: The official server of a specific DNS zone is unique and is responsible for maintaining the mapping records of all domain names -> IP addresses in the zone.

From the domain name server

Slave DNS server: Also called secondary DNS server, the domain name->IP address records it maintains are derived from the primary DNS server.

BIND Domain Name Service Basics

BIND (Berkeley Internet Name Daemon) Berkeley Internet Domain Name Service. 
Official website: https://www.isc.org/ 
BIND server program 
Main execution program: /usr/sbin/named 
Service script: /etc/init.d/named 
Default listening port: 53 
Main configuration file: /etc/named.conf 
The data file that saves DNS resolution records is located in: /var/named/chroot/var/named/

Configuration file analysis

/etc/named.conf

options { #Options
         listen- on port 53 { 127.0 . 0.1 ; }; #Service listening port is 53
         listen- on -v6 port 53 { :: 1 ; }; #Service listening port is 53 (ipv6)
         directory        "/var/named" ; #Directory where configuration files are stored
         dump- file        "/var/named/data/cache_dump.db" ; #Cache of parsed content
         statistics- file  "/var/named/data/named_stats.txt" ; #Static cache (generally not used)
         memstatistics- file  "/var/named/data/named_mem_stats.txt" ; #Static cache (stored in memory, generally not used)
         allow-query { localhost; }; #Allow connected clients
         recursion yes; #Recursive search
 
         dnssec-enable yes; #DNS encryption
         dnssec-validation yes; #DNS encryption advanced algorithm
         dnssec-lookaside auto; #DNS encryption related stuff
 
         /* Path to ISC DLV key */ 
        bindkeys- file  "/etc/named.iscdlv.key" ; #Encryption key (private key and public key encryption, very strong)
 }; 

logging { #Log
         channel default_debug { 
                file  "data/named.run" ; #Running status file
                 severity dynamic; #Static server address (root domain)
         }; 
}; 
 
zone "." IN { #Root domain resolution
         type hint; master slave 
        file  "named.ca" ; #Root domain configuration file
 }; 
 
include  "/etc/named.rfc1912.zones" ; #Extended configuration file (new domain name)

Configuring the Zone Profile

Copying Files

cp /var/named/named.empty /var/named/lzy.com.zone
cp /var/named/named.empty /var/named/134.192.168.zone

Modify permissions

chown :named zlt.com.zone

Forward parsing configuration

Design a forward resolution for the excesoft . com domain name, copy and rename /var/named/named . empty to excesoft . com . zone, 
change the file group to named, and modify its content 

$TTL 3H
 @		 IN SOA lzy . com. root . lzy . com. ( 
		0 		; serial 
		1D 	; refresh 
		1H 	; retry
 		1W	 ; expire 
		3H )	 ; minimum
 				NS dns . lzy . com. 
dns A		 192.168.134.139
 www A		 192.168.134.139

Reverse analysis configuration

Design reverse resolution for the excesoft.com domain name, copy and rename / var/named/named. empty to 137.168.192.zone , change the file group to named , and modify its content.

Configuring the Network Card

vim /etc/sysconfig/network-scripts/ifcfg-ens33 

BOOTPROTO=static 
IPADDR1=192.168.134.139 
NETMASK=255.255.255.0 
GATEWAY=192.168.134.2 
DNS1=192.168.134.139

Start DNS Server

systemctl  start  named.service

Check the configuration file

 named-checkconf

Configuring the Client

Modify the configuration file

Modify the configuration file: #vim /etc/resolv.conf.
 Write the following content: 
	excesoft. 
 	nameserver 192.168.137.22

Testing DNS Servers

Test the DNS server 
using the nslookup command on the client computer.

The spring recruitment has begun. If you are not adequately prepared, it will be difficult to find a good job during the spring recruitment.

Here is a big employment gift package for everyone. You can prepare for the spring recruitment and find a good job!