Enterprise Linux notes the practice of engineers to study 15: DNS server

Installation of BIND
1. Http://www.isc.org to download the latest version, such as bind-9.3.2.tar.gz
2. Compilers installed
# tar zxvf bind-9.3.2.tar.gz
# cd bind-9.3.2
#. / configure - sysconfdir = / etc configuration files on / etc
# make
# make install
rpm package installation, the program on / usr / sbin directory, the default compiler on the installation process / usr / local directory, the compiler need to manually install the main configuration file created
# vi / etc / named.conf



Compile-time, pay attention to the need for large spaces around the brackets, there is a CD-ROM called the caching-nameserver package, Bahrain will automatically copy a default configuration file. Here we are all created by hand
option (
directory "/ var / named"; specified working directory server
);
zone "." (root zone, the server must know how to find the root, because there are no root server database. type hint; therefore defined as a hint, link to the root of the database, and specify the file pull chain
file "name.ca";
);

# mkdir / var / named
named.ca used to save the address of root domain servers, but now do not know the root domain server address is a number in the end. Here is an illustration of how to find the root server addresses have named.ca documents:
First of all, we find an available DNS IP, use the DNS to find the root address.
# echo "nameserver 192.58.128.30"> / etc / resolv.conf
# dig-t NS. (dig is a DNS record digging tools)
-t specify the type of NS, that is, to find the root DNS records to find the results: the left is the root of the domain, the right is the root server's host name
# dig-t NS.> / var / named / named.ca
With the root server, this DNS server can be started.

Control server with RNDC
1. Rndc control file generated
# rndc-confgen> / etc / rndc.conf
# tail +13 / etc / rndc.conf>> / etc / named.conf
13 line configuration file will be played at the end of additional content to named.conf
2. Named to start the server, monitoring / var / log / messages
# named
# tail / var / log / messages
If there is an error, according to prompts, such as RPM package may be prompted to install Can not open / var / run / named / named.pid
Root user can delete / var / run / named directory, and then rebuild a.
3. Rndc and Analysis of test results
# rndc status
# echo "nameserver 127.0.0.1"> / etc / resolv.conf
# host www.chinaunix.com
Will be the first to resolve the host information into the cache, at a later time to resolve quickly, as long as with the root zone can be found on the Internet.

host, dig through the DNS query for a server, the application of our own environment there will always be a host called localhost, localhost default host is always defined in the hosts file, hosts file to replace the need to localhost add DNS servers, any host network, there will be a loop device address, device address does not circle the corresponding host name, many services will be起不来.
Add localhost domain
# vi / etc / named.conf add
zone "localhost" (zone name localhost
type master; that this is the primary domain server, the database is to maintain their own do not need other people management
file "named.local"; database files (zone files) location
);
Edit / var / named / named.local
@ 1D IN SOA localhost. Root (
Updated their 2006081201 number plus 1, when the change will notify the other domain name server update the database
1H how long other DNS refresh the database records
15M master to send a message from the DNS server error, will be every 15 minutes and then try again
1W try again if there is a mistake, after a week overdue
1D) to preserve the cache time defaults to 1 day
IN NS @ specify the domain of the DNS server
IN A 127.0.0.1 specify DNS server IP address

In this document, the document must specify the domain by the scope of services, which in the end for the service domain, the first field, generally the domain name or host name, @ said the current domain name, is behind the front zone of the phrase "localhost", localhost will serve as a variable passed to the document named.local
The second field, that the domain type, IN for the Internet, type
The third field, recording the type of document in any area have a SOA record. There are other record types, such as NS nameserver, A Address, and then the back of the domain name is the domain of information and managers, managers of information is an email address, using the abbreviation for the above, all writing should be root.localhost.
@ Attention can not be used, as said earlier, it is said that the current domain, and the last is the end point.
Before and after the brackets have a small space, small brackets, including the entire domain of management information.
localhost. IN NS localhost. that localhost. domain DNS server localhost
localhost. IN A 127.0.0.1 that IP address for localhost host 127.0.0.1
Host name, domain name to point at the end of that end. The same can be omitted from a record field

To add a forward zone
/ etc / named.conf add
zone "chinaitlab.com" (
type master;
file "chinaitlab.com.zone";
);

/ var / named / chinaitlab.com.zone:
@ 1D IN SOA chinaitlab.com. Root (
2006081201
1H
15M
1W
1D)
IN NS ns
IN MX 10 mail
ns IN A 192.168.0.22
www IN A 10.0.0.1
news IN CNAME www

FQDN: full name
A record of that address
SOA followed by the current domain, if the whole point was to use its end, the initials are not
the default root domain suffix with the current, the above should be root to write the whole root.chinaitlab.com.
NS with the host name must not be with the IP address
MX mail exchange, pointing out that the current domain of the mail server
10 for priority
When the designated NS, MX records, must be an IP address assigned to them
news is an alias for www
# rndc reload Reload configuration file named.conf
# dig chinaitlab.com testing, query information chinaitlab.com this domain
# host www.chinaitlab.com inquiries www.chinaitlab.com host IP (default is the A record query)

NS records sometimes wrote
.... IN NS @
IN A 192.168.0.22
Omitted that the current in front of the domain name, said the current behind the @ domain, host although this can be used both before and after the @, but @ in NS means that the host rather than domain.
# host-t NS chinaitlab.com
Query the DNS server chinaitlab.com Who
# host-t A chinaitlab.com
Chinaitlab.com query the A record of the domain, that is, the domain's DNS server IP
-t that the record type, you can with the SOA, NS, A, etc.
dig a more detailed query, host relatively simple query information.
In order to use the initials of the host name, you can
# echo "search chinaitlab.com">> / etc / resolv.conf
# Host www so, it will automatically fill in the www back to search the whole domain, which is equivalent to # host www.chinaitlab.com
Small brackets the main application of management information in the main domain server and between the secondary server.
In the first line can add a global variable $ TTL 1D that life cycle, so that the fields on the life cycle can be omitted.
(Being) a zone file must have a SOA record, NS records and NS records of the NS IP address corresponding to point out that the records
(Reverse) reverse a document, there must be an SOA, a NS, a PTR record

127.0.0 reverse the district
Reverse district in turn, were written by the IP with. In-addr.arpa suffix, such as 127.0.0 of the reverse zone: 0.0.127.in-addr.arpa
vi / etc / named.conf additional
zone "0.0.127.in-addr.arpa" (
type master;
file "127.0.0.zone";
);
Edit / var/named/127.0.0.zone:
$ TTL 1D
@ IN SOA@root.localhost. (
2006081201
1H
15M
1W
1D)
IN NS localhost.
1 IN PTR localhost.
In the reverse zone file @ that name 0.0.127.in-addr.arpa zone, so root can not be abbreviated, SOA followed by the current scope of services, @ said the current scope of services the district, said the last point to localhost to 127.0.0.1 .. 1 is a simplified, it said 1.0.0.127.in-addr.arpa

If it is installed can use the rpm package
# service named restart to restart the server
# service named reload to reload the configuration file
However, the installation of the compiler can only use rndc
# rndc reload
Test
# host 127.0.0.1 address inquiries point to the name of
# dig-x 127.0.0.1

TIP: If the putty run vi, where vi can not be used in a small keyboard, the putty settings TeminalàFeatures, check Disable application keypad mode
vi to delete the first line of characters
:.,$- 1s / ^ # \ / /
. S to replace the current line / / Remove
To the first line ^ # #
The penultimate line of $ -1 \ escaped space character

A true increase in the reverse zone
192.168.0 reverse zone
/ etc / named.conf
zone "0.168.192.in-addr.arpa" (
type master;
file "192.168.0.zone";
);
/ var/named/192.168.0.zone:
@ IN SOA chinaitlab.com root.chinaitlab.com. (
2006091201
36000
7200
3600000
86400)
IN NS chinaitlab.com.
1 IN PTR www.chinaitlab.com.
2 IN PTR ftp.chinaitlab.com.
3.0.168.192.in-addr.arpa. IN PTR mail.chinaitlab.com.

NS records of the current zone DNS server, DNS must be able to find, there must be a positive resolution of the NS, as a result of the previous analysis in the chinaitlab.com domain chinaitlab.com, so here's DNS host name chinaitlab.com can found. If the front of the ns.chinaitlab.com to resolve DNS server should be changed here ns.chinaitlab.com.
Must be able to distinguish between the initials, in the reverse zone file, the host name can not initials, but can address. As long as the @ character to ascertain the meaning represented by the line, it is the acronym for the content.

Test:
# rndc reload
# host 192.168.0.2

Skills:
# history show history (carried out the orders)
# history 20 show the 20 most recent recording
# history-c Clear History
vi search "-c" character, use ": / \-c / on behalf of Search \ behalf of escape

Sub-domain authorization
The main server / etc / named / chinaitlab.com.zone
domain IN NS ns.domain
ns.domain IN A 192.168.0.2
In the parent domain's zone file chinaitlab.com, specify the sub-domain domain to the DNS server ns.domain, and add A records. When the host domain domain.chinaitlab.com inquiries will be passed ns.domain.chinaitlab.com this table to query the domain server, but can not find the service sub-domain domain host parent that the parent domain and sub-domain is between one-way street.
When using # host ns.domina.chinaitlab.com inquiries, still unable to query the success, although the district ns.domain document defines the A record, but we query the sub-domain domain host, it will go to the 192.168.0.2 sub-domain server to find the host record, but also sub-domain server is not configured.
Ns.domain above can also be changed to:
domain IN NS domain
domain IN A 192.168.0.2
Father domain with the domain host name domain subdomain point, regardless of sub-domain how to change DNS host name, as long as the subdomain to point to the DNS server on the line.

Sub-domain login server 192.168.0.2
Compiled in accordance with the previous settings to install or rpm to install, and then
# named-u named start
In / etc / named.conf add
zone "domain.chinaitlab.com" (
type master;
file "domain.chinaitlab.com.zone";
);
Edit / var / named / domain.chinaitlab.com.zone
$ TTL 1D
@ IN SOA @ root (
2006091201
1H
15M
1W
1D)
IN NS ns.
ns IN A 192.168.0.2
www IN A 192.168.0.3

# rndc reload
# echo "nameserver 127.0.0.1"> / etc / resolv.conf
# host ns.domain.chinaitlab.com
# host www.domain.chinaitlab.com

Resolv.conf file now if subdomain nameserver is 192.168.0.2, then the only resolution to the sub-domain of the host, can not find the father of the host domain. However, if the nameserver is the main domain DNS192.168.0.22, available to the parent domain and child domain host, so we use the DNS client as long as the main point to the DNS server, here is that Taiwan 192.168.0.22, so can resolve the hostname of the whole domain.

Auxiliary domain name server
Supporting the role of the domain name server is the primary domain server backup data, when the main server crashes or is temporarily offline, can replace the main server to work, general machine can set up two DNS servers, one main and one backup.
First of all, to ensure that the main server to function properly, this secondary server to primary server data synchronization. We mainly do-assisted configured domain name server.
Log in secondary server 192.168.0.2
The main configuration file / etc / named.conf add
zone "chinaitlab.com" (
type slave;
file "chinaitlab.com.zone";
masters (192.168.0.22;);
);
Auxiliary domain configuration is very simple, just an increase in the main configuration file can be a district, there was no need to configure zone file, it automatically generated by the server synchronization.
said auxiliary slave server
chinaitlab.com.zone do not have to create will be automatically generated.
After synchronization, etc., we can look at its contents, should be the main file server is the same area. masters designated primary domain server, and pay attention to the format, the spaces before and after the brackets, the semicolon.
# rndc reload
# tail / var / log / messages when the synchronization error was found, which is due to / var / named directory permissions do not allow users to write named, and named service is started by the named user, and so we must change the / var / named directory permissions
# ls-ld / var / named /
-d that the directory information
# chmod g + w / var / named
rndc reload
Test, in the supporting server, nameserver own.
# host www.chinaitlab.com successfully resolved
Master-slave synchronization server and update the main document by the district to achieve the SOA record of the. To the front as an example, the first synchronization, the server to download from the main database file (District files), every 1 hour update management information, such as changes found in code, the database file synchronization, synchronization to the main server to send request failed in every 15 minutes try again, when a retry after 1 week can not be successful, not to send the request expired, the cache time to 1 day preservation.

As a normal user and the implementation of
First of all, modify named.conf, set the value of pid.file options
option (
....
pid-file "/ var / run / named / named.pid";
);
# useradd-s / bin / false-d / dev / null named (not allowed to log on, there is no home directory)
# mkdir / var / run / named
# chown named.named / var / run / named
# chmod 700 / var / run / named
# named-u named
# echo "/ usr / local / sbin / named-u named">> / etc / rc.local
Edit / var / named directory attributes. The use of named user to run, to ensure that the server's security, to prevent the server after being attacked root permissions.
# ps aux | grep named
aux printing process user
If rpm is installed, then
# echo "/ usr / sbin / named-u named">> / etc / rc.local
If the rpm installation, create a user, directory, directories, permissions, etc. have been automatically completed. If the secondary server, synchronization is required to write / var / named, but named no right to write the user is, therefore, should be amended / var / named directory permissions to allow write named group.

Commonly used configuration options
options (
directory "/ var / named"; default working directory, the location of database files
forwarders (192.168.2.1;); when the server can not resolve a request, forwarded to 192.168.2.1 to resolve, then the request could not be resolved on the root
allow-transfer (192.168.1.1;); allow synchronization server which database files are generally used to control the secondary server, here for the Global Settings
allow-query (192.168.0/24;); allows a host or a network segment access to this DNS server
);
zone "chinaitlab.com" (
type master;
file "chinaitlab.com.zone";
allow-transfer (192.168.1.1;);
);

1. Edit / etc / named.conf
Set options options
A root zone
Analysis of the areas they need
And the corresponding reverse zone
2.rndc-confgen have rndc.conf
And the last few lines added to the named.conf
3. The root zone database file, you can use dig tools, and other areas manually edit documents.