中華技術學院 linux 課程中華技術學院 linux 課程 chap two : dns 王俊城rhce/rhcx

中華技術學院中華技術學院LinuxLinux 課程課程

Chap two : DNSChap two : DNS王俊城王俊城RHCE/RHCXRHCE/RHCX

AgendaAgenda DNS overviewDNS overview Configuring BINDConfiguring BIND Creating BIND databasesCreating BIND databases Additional DNS methodsAdditional DNS methods Using BIND toolsUsing BIND tools

Domain Name System (DNS)Domain Name System (DNS) forward lookupforward lookup

www.hinet.netwww.hinet.net -> 61.219.38.89 -> 61.219.38.89

reverse lookupreverse lookup61.219.38.89 -> 61.219.38.89 -> www.hinet.netwww.hinet.net

Logically group by name domains Logically group by name domains Provides email routing informationProvides email routing information

Name Server HierarchyName Server Hierarchy

Master name serverMaster name servermaintain zone file itselfmaintain zone file itself

Slave name serverSlave name serverProvides a backup to the master name Provides a backup to the master name

serverserverSynchronization with master or another Synchronization with master or another

slave name serverslave name server Cache-onlyCache-only

No any one zone fileNo any one zone file

DNS ServerDNS Server Server receives requestServer receives request

If zone file have answerIf zone file have answerIf cache have answerIf cache have answerIf forward assignIf forward assignAsks root name serverAsks root name server

/var/named/named.ca/var/named/named.ca dig @168.95.192.1dig @168.95.192.1

BINDBIND Berkeley Internet Name Domain (BIND)Berkeley Internet Name Domain (BIND)

BIND 9BIND 9/usr/share/doc/bind*/README/usr/share/doc/bind*/READMEhttp://www.isc.org/products/Bhttp://www.isc.org/products/B

INDIND

Service Profile : DNSService Profile : DNS Type:Type: System V-manager serviceSystem V-manager service Packages:Packages: bind,bind-utilsbind,bind-utils

caching-nameservercaching-nameserveropensslopenssl

Daemons:Daemons: namednamed Script:Script: namednamed Ports:Ports: UDP(53),TCP(53)UDP(53),TCP(53) Configs:Configs: /etc/named.conf/etc/named.conf

/var/named/named.ca/var/named/named.ca/var/named/*/var/named/*

Log:Log: /var/log/messages/var/log/messages

Configuring BINDConfiguring BIND /etc/named.conf/etc/named.conf service named restartservice named restart Text-file specifying directives:zones,optiText-file specifying directives:zones,opti

ons,access control lists,etcons,access control lists,etc Comments can be in C,C++ or shell styleComments can be in C,C++ or shell style

/* C style comment *//* C style comment */// C++ style comment// C++ style comment# shell style comment# shell style comment

Global OptionsGlobal Options

acl "mynet" { 192.168.0/24;acl "mynet" { 192.168.0/24; 192.168.1/24; };192.168.1/24; };options {options {

directorydirectory "/var/named"; "/var/named";forwardsforwards { 168.95.192.1; }; { 168.95.192.1; };

forward only;forward only;allow-queryallow-query { mynet; }; { mynet; };allow-transfer { mynet; };allow-transfer { mynet; };

};};

BIND utlitiesBIND utlities host: gather host/domain informationhost: gather host/domain information

host example.comhost example.comhost –al example.comhost –al example.comhost –t mx example.comhost –t mx example.com

dig: send queries to name server directlydig: send queries to name server directlydig @168.95.192.1 dig @168.95.192.1 www.redhat.comwww.redhat.comdig @168.95.192.1dig @168.95.192.1

nslookup is deprecatednslookup is deprecated

LAB1-Cache-only DNS ServerLAB1-Cache-only DNS Server

/var/named/chroot/etc/named.conf/var/named/chroot/etc/named.conf

/etc/hosts/etc/hosts /etc/resolv.conf/etc/resolv.conf service named restartservice named restart host station251.example.com host station251.example.com

options {options {directory "/var/named/chroot/var/named";directory "/var/named/chroot/var/named";forwarders { 192.168.0.249; };forwarders { 192.168.0.249; };forward only;forward only;

};};

Slave ZonesSlave Zones

zone "example.com" {zone "example.com" {type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "example.com.zone-slave";file "example.com.zone-slave";

};};zone "0.168.192.in-addr.arpa" {zone "0.168.192.in-addr.arpa" {

type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "192.168.0.zone";file "192.168.0.zone";

};};

LAB2-Slave DNS ServerLAB2-Slave DNS Server /var/named/chroot/etc/named.conf/var/named/chroot/etc/named.conf


zone "example.com" {zone "example.com" {type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "example.com.zone-slave";file "example.com.zone-slave";


type slave;type slave;masters { 192.168.0.249; };masters { 192.168.0.249; };file "192.168.0.zone";file "192.168.0.zone";

};};

Master ZonesMaster Zones

zone "domain251.example.com" {zone "domain251.example.com" {

type master;type master;

file "domain251.example.com.zone";file "domain251.example.com.zone";

};};

zone "0.168.192.IN-ADDR.ARPA" {zone "0.168.192.IN-ADDR.ARPA" {

type master;type master;

file "192.168.0.251.zone";file "192.168.0.251.zone";

};};

Special ZonesSpecial Zones Root zone: “.” Root zone: “.”

zone "." {zone "." {type hint;type hint;file "named.ca";file "named.ca";


type master;type master;file "127.0.0.zone";file "127.0.0.zone";

};};

Zone FilesZone Files /var/named/* ( or /var/named/chroot/va/var/named/* ( or /var/named/chroot/va

r/named/*)r/named/*) Begin with $TTL (time to live)Begin with $TTL (time to live) First resource record is zone`s start of aFirst resource record is zone`s start of a

uthority(SOA)uthority(SOA) Zone data in additional resource recordsZone data in additional resource records Comments can be “;”Comments can be “;”

Example Zone FilesExample Zone Files SOA recordSOA record NS recordsNS records A recordsA records CNAME recordsCNAME records MX recordsMX records

Example Zone FilesExample Zone Files$TTL 86400$TTL 86400@ IN SOA station251.domain251.example.com. root.station251.domain251.example.com. (@ IN SOA station251.domain251.example.com. root.station251.domain251.example.com. (; Dont forget to increment the serial number; Dont forget to increment the serial number 20030401002003040100 ;serial number;serial number 1H1H ;refresh slave;refresh slave 5M5M ;retry refresh;retry refresh 1W1W ;expire zone;expire zone 5M 5M ;cache time-to-live for negative answers;cache time-to-live for negative answers)); Name server resource records ( NS ); Name server resource records ( NS ); owner; owner TTL CL typeTTL CL type RDATARDATA@@ IN NS IN NS station251.domain251.example.com.station251.domain251.example.com.; Mail exchanger resource records ( MX ); Mail exchanger resource records ( MX ); owner; owner TTL CL type RDATATTL CL type RDATAdomain251.example.com.domain251.example.com. IN MXIN MX 10 station251.domain251.example.com. 10 station251.domain251.example.com.; Internet address resource records( A ); Internet address resource records( A ); owner; owner TTLTTL CL typeCL type RDATARDATA@@ IN AIN A 192.168.0.251192.168.0.251station251.domain251.example.com.station251.domain251.example.com. IN AIN A 192.168.0.251192.168.0.251

LAB2-Master DNS ServerLAB2-Master DNS Server

/var/named/chroot/etc/named.conf/var/named/chroot/etc/named.conf


zone “domain251.example.com" {zone “domain251.example.com" {type master;type master;file "domain251.example.com.zone";file "domain251.example.com.zone";

};};

Delegating SubdomainsDelegating Subdomains Configure the subdomain as a zone on tConfigure the subdomain as a zone on t

he new serverhe new server On delegating server,set up NS record foOn delegating server,set up NS record fo

r the subdomain pointing to the new serr the subdomain pointing to the new serverver

If new server is in subdomain it manages,If new server is in subdomain it manages,on delegating server need a “glue” A ron delegating server need a “glue” A record for new serverecord for new server

T h an k Y ou !

中華技術學院 linux 課程 中華技術學院 linux 課程 chap two : dns 王俊城rhce/rhcx

Documents

中華技術學院 linux 課程中華技術學院 linux 課程 chap two : dns 王俊城rhce/rhcx