DNS Domain Name Resolution Service and Its Configuration

  dns, Domain name resolution

I. background

By the end of 1970s, ARPAnet was a very small and friendly network with hundreds of hosts. Only one file named HOSTS.TXT is needed to hold all the host information that needs to be known: it contains name-to-addressmapping of all host names connected to ARPAnet.

TXT files are maintained by SRI’s Network Information Center (NIC) and distributed from one host SRI-NIC to the entire network. ARPAnet administrators usually notify the NIC by email and regularly FTP to SRI-NIC to obtain the latest HOSTS.TXT file.

However, with the growth of ARPAnet, this method does not work. The change of each host will result in the change of HOSTS.TXT, resulting in all hosts needing to obtain updated files on SRI-NIC. After ARPAnet adopted TCP/IP protocol, the number of hosts on the network exploded and the following problems occurred:

  • Flow and load:
  • Name conflict:
  • Consistency

Introduction to DNS

DNS(Domain Name System), a distributed database on the World Wide Web that maps domain names and IP addresses to each other, can make it easier for users to access the Internet without remembering the IP number strings that can be read directly by machines. The process of finally obtaining the IP address corresponding to the domain name through the domain name is called domain name resolution (or hostname resolution). The DNS protocol runs over UDP and uses port number 53. In RFC documents, RFC 2181 specifies DNS, RFC 2136 specifies dynamic update of DNS, and RFC 2308 specifies reverse caching of DNS queries.

Three, DNS data structure

3.1 DNS record type

The correspondence between domain name and IP is called “record”. According to the purpose of the use of different, and divided into different types, common DNS record types are as follows:

  • A: Address Record (ADDRESS), which returns the IP address pointed to by the domain name.
  • NS: Domain Name Server Record (NAME Server), which returns the server address where the next-level domain name information is stored. This record can only be set as a domain name, not as an IP address.
  • MX: Mail eXchange, which returns the address of the server receiving the e-mail.
  • CNAME: Canonical Name, which returns another domain name, that is, the domain name currently queried is a jump to another domain name.
  • PTR: Pointer Record, which is only used to query domain names from IP addresses.

3.2 working principle

DNS service work process

When a DNS client needs to query the name used in the program, it queries the local DNS server to resolve the name. Each query message sent by the client includes 3 pieces of information to specify the questions the server should answer.

  • The specified DNS domain name, expressed as a fully qualified domain name (FQDN).
  • Specifies the query type, which can specify resource records according to the type, or as a specialized type of query operation.
  • The specified category of DNS domain names.

For DNS servers, it should always be designated as an Internet category. For example, the specified name can be a fully qualified domain name of the computer, such as im.qq.com, and the specified query type is used to search for address resource records through the name.

DNS queries are resolved in various ways. The client can sometimes respond to queries in place by using cached information obtained from previous queries. The DNS server can use its own resource record information cache to answer the query, or query or contact other DNS servers on behalf of the requesting client to fully resolve the name and then return the response to the client. This process is called recursion.

In addition, the client itself can also try to contact other DNS servers to resolve the name. If the client does this, it will use independent and additional queries based on server responses. This process is called iteration, i.e. interactive queries between DNS servers are iterative queries.

DNS query process

DNS installation

YUM installation

yum install bind*   caching-nameserver

Source installation

tar zxvf bind-9.6.1.tar.gz
cd bind-9.6.1
./configure --prefix=/usr/local/bind9   --sysconfdir=/etc/named/ --enable-threads --disable-chroot --disable-ipv6
make &&  make install

Configure environment variables

vim /etc/profile.d/bind.sh

Append the following lines

export PATH=/usr/local/bind9/bin:/usr/local/bind9/sbin:$PATH

Help document viewing

man -M share/man/ named

vim /etc/man.config

Append the following lines

MANPATH /usr/local/bind9/share/man

DNS single point configuration

#修改/etc/named.conf
 listen-on port 53 { any; }; 
 directory       "/var/named";
 dump-file       "/var/named/data/cache_dump.db";
 statistics-file "/var/named/data/named_stats.txt";
 memstatistics-file "/var/named/data/named_mem_stats.txt";
 allow-query     { any; }; 
 recursion yes; 
#(此处,做的是dns转发,当本地服务器无法解析的,如公网上的域名时,转发到114.114.114.114上)
forwarders { 114.114.114.114; };
};
#配置/etc/named.rfc1912.zones 
zone "test.com" IN { 
  type master; 
file "test.com.zone";
}; 
  
zone "40.168.192.in-addr.arpa" IN {
  type master;
  file "40.168.192.in-addr.arpa.zone";
};
  
#test.com.zone 配置文件
  
$TTL         600
@            IN SOA  ns.test.com.  root.test.com. (
                                201810131834 ; serial
                                300        ; refresh (5 minutes)
                                60         ; retry (1 minute)
                                604800    ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
  
@        IN         NS     ns.test.com.
ns       IN         A      192.168.40.105
mail     IN         A      192.168.40.103  
rhl      IN         A      192.168.40.102
  
#40.168.192.in-addr.arpa.zone 配置文件
  
$TTL 600
@                       IN SOA  ns.test.com. root.test.com. (
                                201810151834 ; serial
                                300        ; refresh (5 minutes)
                                60         ; retry (1 minute)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
 @               IN       NS         ns.test.com.
 103             IN       PTR        mail.test.com.

Master-slave synchronization of DNS

1) Primary Server Configuration

#修改/etc/named.conf
 options {
     listen-on port 53 { any; }; 
     directory       "/var/named";
     dump-file       "/var/named/data/cache_dump.db";
     statistics-file "/var/named/data/named_stats.txt";
     memstatistics-file "/var/named/data/named_mem_stats.txt";
     allow-query     { any; }; 
     recursion yes; 
#(此处,做的是dns转发,当本地服务器无法解析的,如公网上的域名时,转发到114.114.114.114上
  
  forwarders { 114.114.114.114; };    
#配置/etc/named.rfc1912.zones 
zone "test.com" IN { 
  type master; 
  file "test.com.zone";
allow-update {none;}; 
#从服务器地址
  allow-transfer {192.168.40.170;}; 
  notify yes; 
}; 
  
#反向解析 
zone "40.168.192.in-addr.arpa" IN { 
  type master; 
  file "named.192.168.40"; 
allow-update {none;}; 
#从服务器地址
  allow-transfer {192.168.40.170;};  
  notify yes; 
};

2) Configuration of Slave Server

#修改/etc/named.conf
  
options {
  
  
     listen-on port 53 { any; }; 
     directory       "/var/named";
     dump-file       "/var/named/data/cache_dump.db";
     statistics-file "/var/named/data/named_stats.txt";
     memstatistics-file "/var/named/data/named_mem_stats.txt";
     allow-query     { any; };
        recursion yes;
     forwarders { 114.114.114.114; };
};
  
#配置/etc/named.rfc1912.zones 
  
  
zone "test.com" IN {
  type slave;           
   file "slaves/test.com.zone";
  #设置主dns服务器的地址
  
masters { 192.168.40.105; };  
  allow-update { none; };
};
  
zone "40.168.192.in-addr.arpa" IN {
  type slave;
  file "slaves/40.168.192.in-addr.arpa.zone";
  masters { 192.168.40.105; };
  allow-update { none; };
};

DNS profile check

#检查主配置文件
named-checkconf
 #检查域名配置文件 
named-checkzone test.com /var/named/test.com.zone
 #测试正向解析
dig -t A rhl.test.com  @192.168.40.105
 #测试反向解析
dig -x  192.168.40.103  @192.168.40.105

Author: Qin Wei/Ji Baoman/Ren Hongli

Source:Yixin Institute of Technology

Expand reading:Data in Taiwan: Construction Practice of Yixin Agile Data in Taiwan | Record of Sharing