1. DNS Server Introduction Domain Name System (English: Domain Name System, abbreviation: DNS) is a service of the Internet. It acts as a distributed database that maps domain names and IP addresses to each other, making it easier for people to access the Internet. DNS uses TCP and UDP port 53. Currently, the limit for the length of each domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters. Before the emergence of dns, we stored the domain name and IP comparison in the /etc/hosts file, but as the IP continues to increase, the use of file storage is not enough. And it is not conducive to synchronization with other hosts, DNS came into being. The structure of DNS: He is the architecture that uses the tree directory. The management of the host name is assigned to DNS servers at different levels, so that each layer of modification and lookup becomes a single function. DNS query hostname process: (1) first in the machine has no records, if not, to (.root) query; (2) to the topmost query; (3) then hierarchical query, only query each time The next layer it is facing. (4) After the check is found, the cache is recorded and the path is returned to the user. Note: In the system we can use the dig command for path tracking. The workflow is as shown in the figure: 2. Building a DNS server. Today we are building a DNS server ourselves. This kind of demand is still there in the company. First, let's find out which packages to install dns are: ??? Install dns server: ??? After opening the service, see the port number of the dns service is 53:??? Next we need to modify the configuration file to provide the corresponding Service, here we modify the configuration file in the /var/named/chroot directory for security reasons, instead of directly modifying the files in the /etc/named directory, the two are synchronized, but there is a constraint, the former It can only be used if dns is successfully opened! ! ! ???? We turned off the opening of ipv6 in the options, and allows any user to use. The last two lines of the main configuration file are the secondary configuration file and our dns encrypted file: ?? (1) DNS forward resolution: ? We will check in order: ???? Let's set up our own domain name system The above is the template, the bottom we specify the name of the domain name configuration file, this should be created by yourself, the location is under /var/named/chroot/var/named:???? This directory also has a template for the domain name configuration file. We copy and set it up: ??? This is the initial look, please remember, and compare it with the modified:???? After the modification: ???? Note: Here @ is equal to example.com So in the last two lines, if the domain name is not completed, the system will add the value represented by @ to the end, and note that there is another point behind each com. At this time we restarted the service and checked if the firewall was closed: After the server was set up, we accessed the dns server on another machine. The first thing to do is to modify the DNS1 parameter in the ifcfg-eth0 file to specify the IP address of the DNS server: 192.168.2.100. Then restart the network service: ????? Restart network:?????? We track A bit, I found that you can find www.example.com, and the dns server is 192.168.2.100. This shows that the previous dns server configuration is no problem. The above part is the forward resolution of the dns server. At the same time, we also know that dns has the ability of reverse parsing. How to achieve it? Of course, we still need to modify the configuration file, which is not much different from the step of forward parsing. ?? (2) DNS reverse resolution: ?? Back to the secondary configuration file, in the directory /var/named/chroot/etc: ???? See the format of our IP writing, yes, since Is the reverse parsing, the IP writing order is also reversed, and the configuration file is specified: ???? Jump to the configuration file directory, first we copy the template of the reverse parsing configuration file, and then edit: ???? Is the format of the template: ???? After we modify the look: ??? Remember the last line, which means that the domain name corresponding to 192.168.2.200 is ptr.example.com. This is we will check whether the configuration is The right standard. ?? Exit the save and restart the dns service: ???? Back to the client, we will reversely analyze what domain name is 192.168.2.200:???? Summary:?? As mentioned above, the forward resolution and reverse of dns The parsing has been completed, but such a function is somewhat singular. In fact, it is still not used. For example, how to synchronize the changes, how to cooperate with dhcp to provide ddns services, which we will explain in the next section. ?