mycpen

Mycpen

记录学习历程与受益知识
github
telegram
bilibili
HomeArchives

24_Linux Basics - DNS Service

#Linux#DNS31
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This article discusses the basics of DNS (Domain Name System) services in Linux. DNS allows users to access services using domain names instead of complicated IP addresses. The article explains the concept of Fully Qualified Domain Names (FQDN) and different levels of domains. It also covers DNS resolution processes, including checking the local hosts file and cache. The article provides examples of common DNS commands for domain name resolution. The recommended DNS software for Linux is BIND.

Reference article: https://blog.csdn.net/loukundeboke/article/details/80012231

DNS Service
DNS (Domain Name System)

Prerequisite:

Our network communicates using IP addresses, whether accessing services or exchanging data between different hosts.

There are many IP addresses, and if each service is accessed via its IP address, users would need to remember these complex IP addresses, which is inconvenient.

Just like the phone numbers saved in a mobile phone, there is a note that helps find the correct contact's phone number.

Domain name resolution works similarly; ordinary users access services using domain names, which are resolved to obtain the corresponding IP addresses.

The DNS service acts like a phone book, providing a queryable mapping of domain names to IP addresses.

# Note: When you enter www.taobao.com in the browser and hit enter, it first resolves the domain name.

# Note: Domain name system; provides domain name resolution; IP addresses are less convenient for users than domain names.

1. Fully Qualified Domain Name (FQDN)#

FQDN: Full Qualified Domain Name, Fully Qualified Domain Name, meaning each domain is unique in the global network; it is also worth mentioning that a domain does not refer to domain names like www.google.com, but google.com is the domain.

Note: www.music.163.com/ 163.com is the domain, the part before is the hostname.#

Install the DNS service package bind
[root@cPen_B ~]# yum install bind
# Note: After installation, data is stored in /var/named/
[root@cPen_B ~]# cd /var/named/
[root@cPen_B named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves

2. Classification of Domains#

  1. Root Domain (.) There are 13 groups of root domain name servers globally, named sequentially from A to M, with the domain name format being “letter.root-servers.net”.

You can view it in the /var/named/name.ca file. # Note: Identified as .

  1. Top-Level Domain

Top-Level Domains (TLD) are divided into three categories:

1> Generic Top-Level Domains: such as .com (commercial organizations), .org (non-profit organizations), .net (network service organizations), etc.

2> Country Code Top-Level Domains: such as .cn (China), .uk (United Kingdom), .us (United States), .jp (Japan), .hk

3> Reverse Domains (Infrastructure Top-Level Domain): .arpa, which is for reverse resolution from IP to FQDN. # Note: Reverse lookup

# Note: Forward domain: from domain name to IP; reverse domain: from IP to domain name.

Second-Level Domain

Third-Level Domain

www.sc.163.com --> Top-Level Domain .com --> Second-Level Domain 163.com --> Third-Level Domain sc.163.com

# Note: The preceding www is its hostname.

3. DNS Resolution#

Forward Resolution: Domain Name --> IP

Reverse Resolution: IP --> Domain Name

Common Commands for Domain Name Resolution#

Common commands for domain name resolution
1. Ping
[root@cPen_A ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=55 time=16.3 ms
# Note: The ping command can only return one IP.

2. Host
Install the bind-utils package
yum install bind-utils
[root@cPen_A ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com. # Note: Alias www.baidu.com to www.a.shifen.com
www.a.shifen.com has address 14.215.177.38 # Note: IP address
www.a.shifen.com has address 14.215.177.39

3. Dig # Note: Provides detailed information, recommended
[root@cPen_A ~]# dig www.baidu.com
;; ANSWER SECTION:
www.baidu.com.		34	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	216	IN	A	14.215.177.38
www.a.shifen.com.	216	IN	A	14.215.177.39

4. Nslookup
[root@cPen_A ~]# nslookup www.baidu.com
www.baidu.com canonical name = www.a.shifen.com. # Note: The root domain is added during the query, which is usually not noticeable.
Address: 14.215.177.38
Address: 14.215.177.39

# Note: DNS can be used for load balancing. The domain name of the new machine can be resolved to two IPs.
# Note: Load balancing: Treat many machines as one. DNS can achieve load balancing by distributing traffic to many machines.
# Note: High availability: If one machine fails, high availability means redirecting traffic to other machines.
# Note: High availability avoids single points of failure.
# Note: Operations and maintenance philosophy: backup, high availability. For example, if there are two system disks, and one fails, the other can continue to serve.
# Note: Load balancing and high availability generally coexist.

DNS Service Software: bind#

DNS service software: bind
Default port UDP protocol 53
[root@cPen_A ~]# less /etc/services 
domain          53/udp

Example: Modify the /etc/hosts file
--------------------------------------------------------------------------------------------
[root@cPen_A ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@cPen_A ~]# ping localhost # Note: Resolves to 127.0.0.1
PING localhost (127.0.0.1) 56(84) bytes of data.
[root@cPen_A ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1   www.baidu.com baid.com # Note: Added this line
[root@cPen_A ~]# ping www.baidu.com
PING www.baidu.com (127.0.0.1) 56(84) bytes of data. # Note: Resolves to 127.0.0.1
[root@cPen_A ~]# ping baid.com
PING www.baidu.com (127.0.0.1) 56(84) bytes of data. # Note: Resolves to 127.0.0.1
# Note: The /etc/hosts file has the highest priority in resolution.

Example
--------------------------------------------------------------------------------------------
[root@cPen_A html]# pwd
/usr/share/nginx/html
[root@cPen_A html]# vim index.html
hello world
cPen
[root@cPen_A html]# ip a
	inet 192.168.0.19/24 brd 192.168.0.255 scope global noprefixroute dynamic ens33
# On Windows machines
Windows: C:\Windows\System32\drivers\etc\hosts
# Note: In the hosts file
# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost
192.168.0.39 www.ldj.com # Note: Added this line
Thus, searching for www.ldj.com in the browser will access the website on the Linux machine. www.ldj.com is resolved to 192.168.0.39.

4. DNS Resolution Process#

DNS Resolution Process:

Note: Interview question: What happens when you type www.baidu.com?#

  1. First, check the local hosts file, Linux: /etc/hosts; Windows: C:\Windows\System32\drivers\etc\hosts.
    If it can resolve, return the address directly.
  2. If the hosts file cannot resolve, check the local cache. If found, return the result; if not, proceed to the next step.
    Linux domain name cache: nscd service
    [root@cPen_A html]# yum install nscd
    [root@cPen_A html]# service nscd restart # Note: Clear cache (restarting the service clears the cache)
    Cache has a cache time, which can be specified.

    Note: If DNS service is set but not effective, consider 1. cache clearing and 2. whether /etc/hosts is hardcoded.#

  3. If the local cache is not found, it will request the local domain name server. If the local domain name server exists, it will return the query result.
    The file for specifying the domain name resolution server in Linux is /etc/resolv.conf (the file for configuring the local domain name server IP address).
    The first specified nameserver is the preferred DNS server, and the rest are backup DNS servers.
[root@cPen_A html]# vim /etc/resolv.conf 
# Generated by NetworkManager
nameserver 114.114.114.114 # Note: Multiple IPs can be specified for resolution.
nameserver 192.168.0.1 # Note: Specified using nameserver.
[root@cPen_A html]# dig www.baidu.com
;; SERVER: 114.114.114.114#53(114.114.114.114) # Note: Access 114.114.114.114 port 53 to resolve IP.

  1. If the local domain name server does not find the corresponding record, if forwarding is set, it will query the forwarding server. If no forwarding is set, or none is found, it will query the root domain (iterative lookup).
    The local DNS sends the request to the 13 root DNS servers. When the root DNS server receives the request, it determines which entity manages the domain name (.com) and returns an IP address of the responsible top-level domain server. After receiving the IP information, the local DNS server will contact the server responsible for the .com domain. If this server cannot resolve it, it will find the address of the next-level DNS server managing the .com domain (qq.com) and give it to the local DNS server. When the local DNS server receives this address, it will find the qq.com domain server, repeating the above action until it finds the www.qq.com host.

Note: Interview question: What happens when you type www.baidu.com? (DNS resolution process)#

Answer: DNS resolution process
Step 1: First go to the local hosts file (/etc/hosts) to find the mapping relationship between IP and domain name. If found, return. If not, go to
Step 2: local DNS cache to find... If found, return. If not, go to
Step 3: local domain name server (/etc/resolv.conf) to find... If found, return. If not,
Step 4: If the local domain name server has forwarding set, it will look for the forwarding server... If found, return.
If not found or not set, go to root domain to find the IP address of the top-level domain server, returning the IP address of the top-level domain to the local domain name server.
The local domain name server will then look for the top-level domain server, and if not found, return the IP address of the second-level domain server, and so on until the entire domain name is found.
Or go to the root domain to look up iteratively until found.

5. Types of DNS Services#

Types of DNS Services

  1. Caching Name Server
  2. Master Name Server
    This defines the true mapping of IP to domain name.
  3. Slave Name Server
    The domain name mapping data is obtained from the master name server.

1. Caching Name Server
Also known as a high-speed caching server.
It obtains domain -> IP address records by querying other name servers.
It caches the domain query results locally to improve speed for repeated queries.
2. Master Name Server
The official server for a specific DNS zone, with uniqueness and authority.
It is responsible for maintaining all domain -> IP address mapping records within that zone.
3. Slave Name Server
Also known as an auxiliary name server.
Its maintained domain -> IP address records come from the master name server.

6. Domain Name Server Configuration#

1. Install bind, bind-utils
Domain resolution main program
[root@cPen_B etc]# which named
/usr/sbin/named

2. Configuration file
If the bind-chroot package is not installed
Main configuration file: /etc/named.conf   Data files are located in: /var/named/
[root@cPen_B etc]# less /etc/named.conf 

3. Modify configuration
	1. vim /etc/named.conf # Note: Global configuration file
options {
        listen-on port 53 { 127.0.0.1; };	
        listen-on port 53 { any; }; # Note: Change listening address to any, set to listen on any IP on the local machine.
        allow-query     { localhost; }; # Note: Allow access from the host.
        allow-query     { any; }; # Note: Set permissions to any, allowing anyone to query.
zone "." IN { # Note: Define root domain
        type hint; # Note: Specify root domain.
        file "named.ca"; # Note: Look for in named.ca /var/named/named.ca
};
include "/etc/named.rfc1912.zones"; # Note: Define other domains.
include "/etc/named.root.key";
	2. Domain configuration file /etc/named.rfc1912.zones
Add domain configuration:
[root@cPen_B ~]# vim /etc/named.rfc1912.zones
zone "sc.com" IN { # Note: Add resolution for sc.com domain.
        type master; # Note: Master name server.
        file "sc.com"; # Note: Domain configuration storage file (where to find the domain resolution).
        allow-update { none; };
};

4. Configure the resolution file for the specified domain.
Directory: /var/named
# Note: Pay attention to permissions, named user must have read access.
# Note: Pay attention to group ownership.
[root@cPen_B named]# cp named.empty sc.com
[root@cPen_B named]# pwd
/var/named
[root@cPen_B named]# vim sc.com 
$TTL 3H # Note: Cache time.
@       IN SOA   sc.com. ( # Note: Modified part.
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
; Note: A record for forward resolution.
dns A 192.168.136.129; # Note: IP address of the DNS server.
www A 192.168.136.129; # Note: IP address of the www server.
*    A  192.168.136.123; # Note: Configure wildcard domain resolution.
;mail MX 192.168.136.129; # Note: Semicolon comments.
;dns  IN 600 A  192.168.136.129; # Note: Configure A record resolution, cache time is 600s.
[root@cPen_B named]# service named restart # Note: Restart the service.
[root@cPen_B named]# lsof -i:53 # Note: Port is up.
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
named   1839 named   21u  IPv4  42519      0t0  TCP localhost:domain (LISTEN)
named   1839 named   22u  IPv4  42521      0t0  TCP cPen_B:domain (LISTEN)
named   1839 named   23u  IPv6  42523      0t0  TCP localhost:domain (LISTEN)
[root@cPen_B named]# dig www.sanchuang.com
;; SERVER: 192.168.136.2#53(192.168.136.2)
[root@cPen_B named]# cat /etc/resolv.conf # Note: Specify the local DNS server.
# Generated by NetworkManager
search localdomain
nameserver 192.168.136.2
[root@cPen_B named]# dig www.sc.com @192.168.136.129 # Note: Resolve using 192.168.136.129.
;; QUESTION SECTION:
;www.sc.com.			IN	A

;; ANSWER SECTION:
www.sc.com.		10800	IN	A	192.168.136.129 # Note: Resolution successful.

;; AUTHORITY SECTION:
sc.com.			10800	IN	NS	sc.com.


# Set up reverse domain.
[root@cPen_B named]# vim /etc/named.rfc1912.zones
zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

[root@cPen_B named]# pwd
/var/named
[root@cPen_B named]# less named.loopback

7. Resource Record Types#

Resource Record Types
(1) A Record (Address) Forward Resolution
The A record associates a hostname (Fully Qualified Domain Name, FQDN) with an IP address. This is also the default query type for most client programs.

(2) PTR Record (Pointer) Reverse Resolution
PTR records map an IP address to a hostname (Fully Qualified Domain Name, FQDN). These records are stored in the in-addr.arpa domain.

(3) CNAME Record (Canonical Name) Alias
Alias records, also known as canonical names (CNAME). This type of record allows you to map multiple names to the same computer.

(4) MX Record (Mail eXchange)
MX records are mail exchange records that point to a mail server, used by email systems to locate mail servers based on the recipient's address suffix. MX records are also called mail routing records, allowing users to point the mail server under the domain to their own mail server, thus controlling all mailbox settings.
When there are multiple MX records (i.e., multiple mail servers), values need to be set to determine their priority. By setting priority numbers, the preferred server is indicated, with smaller numbers indicating higher priority.

(5) NS Record (Name Server)
NS (Name Server) records are domain name server records, also known as authoritative servers, used to specify which DNS server resolves the domain name.
Pointing the website's NS records to the target address requires setting the target website's pointing simultaneously; otherwise, the NS records will not resolve properly.
NS records take precedence over A records. That is, if a host address has both NS and A records, the A record will not take effect.

8. Summary#

DNS Service
DNS (Domain Name System)

Note: Domain name system; provides domain name resolution; IP addresses are less convenient for users than domain names.#

FQDN Fully Qualified Domain Name
www.baidu.com
Domain: baidu.com
Hostname: www

Domain Classification
Root Class (.) Only 13 groups nationwide.
Top-Level Domain Generic Domain Names
.com Used for commerce
.org Non-profit organizations
.net Network services
Country
.cn
.jp
.hk
.us
Reverse Resolution Domain .arpa
Second-Level Domain, Third-Level Domain...

DNS Resolution
Forward Resolution Converts domain names to IP addresses.
Reverse Resolution Converts IP addresses to domain names.

DNS Resolution Process (Interview)

  1. First, check the local hosts file for the mapping relationship between IP and domain name; if it exists, return it.

  2. If not found in the hosts file, check the local cache; if found, return the result and complete the resolution.

  3. If not found in the local cache, check the local domain name server; if found, return the result and complete the resolution.

  4. If not found in the local domain name server, if forwarding is set, it will look for the forwarding server. If not found or not set, it will look for the top-level domain server's IP address in the root domain, returning it to the local domain name server, which will then look for the second-level domain server's IP address, and so on until the entire domain name result is found.

  5. After DNS iterative queries, if a result is obtained, it is returned to the local domain name server, which then returns it to the client.

# Note: DNS client iterative lookup.

Simple Setup of DNS Service

Package Installation
bind
bind-utils

Configuration Files
Main configuration file: /etc/named.conf
Domain configuration file: /etc/named.rfc1912.zones
Data directory: /var/named (files here need to be readable by the named user).

DNS Port 53 UDP

Record Types
A Record Forward Resolution Record
PTR Record Reverse Resolution Record
CNAME Alias
MX Mail Record
NS Authoritative DNS Server

Wildcard Domain Resolution
For the domain sc.com add: * A 192.168.0.39 # Note: This is only for hostname wildcard domain resolution.
It indicates any hostname 123.sc.com # Note: abc.123.sc.com is not allowed.
abc.sc.com

Common Domain Name Resolution Commands

ping
host
dig
nslookup

Related Configuration Files

/etc/hosts Specify the mapping relationship between domain names and IP addresses, with the highest priority.
/etc/resolv.conf Specify the DNS server address.
Network connectivity is a prerequisite for accessing services.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.