DNS Server Quick Guide
Ideal@linuxaid.com.cn) AT LinuxAid (www.linuxaid.com.cn)
Introduction
I hope that by this article, a Linux can quickly set up a DNS server quickly, the content of this article is based on RedHat6.2, but other versions and publishing principles are the same.
The DNS server in the usual sense has the meaning of two levels: for users of a Win98 client, the DNS server is the server specified in TCPIP settings, which can complete their domain name resolution requests; for a network For administrators, DNS servers not only mean the resolution request of the LAN user, implement the server's domain name resolution, or the server that provides its own network domain parsing information to the Internet.
For the case of implementing the customer resolution request response, the working principle is shown in the following figure:
For the Internet to provide your own network domain name resolution information, the working principle is shown in the following figure:
But under Linux servers, these two application requirements are implemented by a server software -bind. That is to use the software, the software can meet the first and second needs, and the difference is only the setting of the configuration file.
Software Installation
First, RedHat 6.2 is the own DNS server is 8.2.2-p5 version. This version has bugs, which may cause an attacker to get the system's root account, so the system is 2.2 series kernel, must upgrade to BIND 8.2 .3, and systems that run the 2.4 version of the kernel can choose to upgrade to BIND 9.1.1RC3. The following discussion is for BIND 8.2.3.
Download the source code from http://www.isc.org to the Linux server / usr / src directory, then decompress, compile and install:
[root @ DNS SRC] # tar xvfz bind-src.tar.gz [root @ DNS SRC] # Make All; make install
At this time, there should be an executable name named NAMED in / usr / sbin directory, and you can check the version number of bind by the following command:
[LiX @ DNS SRC] $ / usr / sbin / named -v
Named 8.2.3-Rel Fri Feb 16 15:21:51 CST 2001
Ideal @ DNS: / USR / SRC / SRC / BIN / NAMED
It can be seen that now Named version is 8.2.3, which is already an upgraded version.
Start operation
Starting the DNS server can be commanded by the NDC (NAME DAEMON Control Program), as long as the BIND package is installed in the above steps, this command will be in the / usr / sbin directory. This command is a program that is dedicated to launching a DNS server. Use the following command to launch Named:
[root @ DNS SRC] # NDC StartNew Pid IS 16064
To stop the Named server:
[root @ DNS SRC] # ndc stop
After the DNS server process Named starts, you can check the information existing by the following command:
[root @ DNS SRC] # PS AX | GREP NAMED 16064? S 0:00 / usr / sbin / named
If you just want to provide domain name analysis when providing users on the LAN, now you have completed this job! You only need to set the client's DNS server to the IP address of the DNS server, and the default configuration after installation can meet this needs.
For example, you have built a small LAN in the home. You are using Linux dial as a gateway, you also want the 98 client in the small LAN, you can install the domain name server in the top of the Linux gateway, and will 98 DNS server configuration points to the Linux gateway to implement domain name resolution. But if your needs are more than just this, but to maintain a local area network and have one or more yourself, you want your DNS server to provide domain name resolution services when providing access to the LAN user, and The DNS server maintains the authority information of your domain name, responds to your domain name information for services from the Internet. At this time you need to further configure the DNS server.
Configure
This section assumes that the LAN has two domain names: LinuxAid.com.cn and LinuxAid.net.cn, and the local area network consists of two C-network networks: 172.18.0.0/24 and 172.18.1.0/24, and assume the IP address of the domain name server It is 172.18.0.4.
It is also necessary to explain the /etc/resvole.conf file, which is equivalent to the configuration information of TCPIP under Win98, containing DNS servers and domain information used in this unit, for example:
Domain linuxaid.com.cn.domain Linuxaid.net.cn.nameserver 172.18.0.4
For the DNS server, the IP behind NameDserver is set to the IP address of the native.
The main configuration file of the DNS server is /etc/named.conf, and you also need to create a number of data files containing domain names and IP matching information. For the network situation assumed herein, the content of Named.conf should be as follows:
Options {Directory "/ var / named";
"." {type hint; file "named.ca";
Zone "0.0.127.in-addr.arpa" {Type Master; file "named.local";
Zone "LinuxAid.com.cn" {Type Master; File "Linuxaid.com.cn.db";
Zone "LinuxAid.net.cn" {Type Master; File "LinuxAid.com.cn.db";
Zone "0.18.172.in-addr.arpa" {type master; file "172.18.0.db";
Zone "1.18.172.in-addr.arpa" {Type Master; File "172.18.1.db";
The first part of the file Option specifies that domain data files are stored in / var / named directory, generally do not need to be modified.
ZONE "." Defining root domain information, that is, when the domain name server receives a domain name query request, it is found that the customer wants the domain name of the query is not the local domain name, it will query the root domain name server defined in this domain file Named.ca. Until the domain name you want to query.
Zone "0.0.127.in-addr.arpa" defines the reverse domain parsing information of the local loop, which generally does not need to be modified. The so-called reverse resolution refers to the matching information from IP to the domain name, that is, the data required to provide a query from the IP address to the domain name.
The zone "linuxaid.com.cn" section defines information about the domain LinuxAid.com.cn. Specifies the meaning of the data file that should be domain as /var/named/linuxaid.com.cn.db, the server is the server is the main DNS server of the domain (relative to the Secondary DNS server). The meaning of zone "LinuxAid.net.cn" is the same, the difference is only the domain of LinuxAid.net.cn.
Zone "0.18.172.in-addr.arpa" defines the reverse parsing information of the 172.18.0 domain.
Zone "1.18.172.in-addr.arpa" defines the reverse parsing information of 172.18.1 this domain.
Where LinuxAid.com.cn.db, LinuxAid.Net.cn.db, 172.18.0.db, 172.18.1.db need to be created manually in the / var / named directory.
Let's take a look at LinuxAid.com.cn.db:
@ In soa ns.linuxaid.com.cn. Root.linuxaid.com.cn.
2000080701; Serial
28800; Refresh
7200; RETRY
604800; EXPIRE
86400; Default_TTL
)
@ In ns ns.linuxAid.com.cn.
@ In mx 10 mail.linuxaid.com.cn.
@ In a 172.18.0.1
Localhost in A 127.0.0.1
WWW in a 172.18.0.1
Mail in a 172.18.0.2
NS in a 172.18.0.4
LinuxAid.net.cn.db content:
@ In soa ns.linuxAid.net.cn. Root.linuxAid.net.cn.
2000080701; Serial
28800; Refresh
7200; RETRY
604800; EXPIRE
86400; Default_TTL
)
@ In ns ns.linuxAid.net.cn.
@ In mx 10 mail.linuxAid.net.cn.
@ In a 172.18.0.1
Localhost in A 127.0.0.1
WWW in a 172.18.1.1
Mail in a 172.18.1.2
NS in a 172.18.1.4
For different actual conditions, just replace LinuxAID.com.cn for its own domain name and modify the IP address to the actual IP address. Here A record indicates that the conversion host is named to the address.
The MX record is to be specifically described, which defines how to get the domain name of the server that really handles the message when sending an email to user@linuxAid.com.cn? When sending an email to the address user@linuxAid.com.cn, the remote mail sending the server first makes the MX type parsing request for LinuxAid.com.cn, which will get dominated mail.linuxaid.com.cn, and then query then remote mail The sender will contact mail.linuxAid.com.cn. 172.18.0.db content should be related to LinuxAid.com.cn.db:
@ In soa ns.linuxaid.com.cn. Root.linuxaid.com.cn.
2000080501; Serial
28800; Refresh
7200; RETRY
604800; EXPIRE
86400; Default_TTL
)
@ In ns ns.linuxAid.com.cn.
;
; Server Section
;
1 in ptr www.linuxaid.com.cn.
2 in ptr mail.linuxaid.com.cn.
4 in ptr ns.linuxaid.com.cn.
172.18.1.db content should be related to LinuxAid.net.cn.db:
@ In soa ns.linuxAid.net.cn. Root.linuxAid.net.cn.
2000080501; Serial
28800; Refresh
7200; RETRY
604800; EXPIRE
86400; Default_TTL
)
@ In ns ns.linuxAid.net.cn.
;
; Server Section
;
1 in ptr www.linuxAid.net.cn.
2 in ptr mail.linuxAid.net.cn.
4 in ptr ns.linuxAid.net.cn.
After these files are set, use the command NDC Restart to restart the NAMED process. You can test:
[root @ aid named] # nslookupdefault server: ns.linuxaid.com.cnaddress: 172.18.0.4> You can test any domain name-IP match information configured in a data file, such as:
> www
Server: ns.linuxaid.com.cnaddress: 172.18.0.4name: www.linuxaid.com.cnaddress: 172.18.0.1> 172.18.0.1
Server: ns.linuxaid.com.cnaddress: 172.18.0.4name: www.linuxaid.com.cnaddress: 172.18.0.1
If these tests pass, you have successfully assumed a DNS server. Just specify the DNS server in the TCPIP settings in the WIN98 machine to 172.18.0.4, then ping www.linuxaid.com.cn, you should be able to resolve the IP address that you defined in the data file LinuxAid.com.db.
However, how do you inform Internet users to ask for your DNS server when you need to access LinuxAid.com.cn and LinuxAID.NET.cn domain? The DNS server of all machines in the Internet is unrealistic to point to your DNS server. Only by registering your DNS server (ns.linuxaid.com.cn, 172.18.0.4) by the service provider you registered with the domain name, the Internet users can query LinuxAid.com.cn and LinuxAid.net.cn domains 172.18.0.4 This server is responsible for parsing, by accessing the server, you can get www.linuxaid.com.cn and other local name information. FAQ
1. How to achieve a sub-domain?
For example, I want to divide a sub-domain named NIC.LinuxAid.com.cn for the company, and the domain name server that is maintained by the network is parsed by the domain name server of the network. Then you need to modify LinuxAid.com.cn.db, add the following:
NIC in ns dns.nic.linuxaid.com.cn.
DNS.NIC.LINUXAID.COM.CN. IN A 172.18.0.3
172.18.0.3 This machine is responsible for maintenance by the network center, only need to configure the running domain server on it, the difference is that it is responsible for the analysis of the domain of nic.linuxAid.com.cn.
2, if I point to the same IP, I can use an alias mechanism so that when I replace this IP, I just need to modify one?
It is only necessary to implement a CNAME record, such as www.linuxaid.com.cn, serv1.linuxaid.com.cn, ideal.linuxaid.com.cn These three domain names point to the same server, can be in LinuxAid.com.cn The .db is set as follows:
Serv1 in a 172.18.0.5
WWW CNAME Serv1
Ideal CNAME Serv1
