Dns

Kh

oa

CN

TT

1/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Domain Name System (DNS)Domain Name System (DNS)

Kh

oa

CN

TT

2/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Hệ thống tên miền DNSHệ thống tên miền DNS

• Giới thiệu

• DNS server và cấu trúc cơ sở dữ liệu tên miền

• Hoạt động của hệ thống DNS

• Cài đặt DNS Server cho Window 20003

• Cài đặt, cấu hình DNS cho Linux

Kh

oa

CN

TT

3/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

DNSDNS

• When hosts on a network connect to one another via a hostname, also called a fully qualified domain name (FQDN), DNS is used to associate the names of machines to the IP address for the host.

• Use of DNS and FQDNs also has advantages for system administrators, allowing the flexibility to change the IP address for a host without effecting name-based queries to the machine.

• DNS is normally implemented using centralized servers that are authoritative for some domains and refer to other DNS servers for other domains.

• The DNS server is a device on a network that manages domain names and responds to requests from clients to translate a domain name into the associated IP address.

• The DNS system is set up in a hierarchy that creates different levels of DNS servers.

Kh

oa

CN

TT

4/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Lịch sử hình thành của DNSLịch sử hình thành của DNS

• Đến năm 1984 Paul Mockpetris thuộc viện USC's Information Sciences Institute phát triển một hệ thống quản lý tên miền mới (miêu tả trong chuẩn RFC 882 - 883) gọi là DNS (Domain Name System)

Kh

oa

CN

TT

5/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Mục đích của hệ thống DNSMục đích của hệ thống DNS

• Hệ thống DNS ra đời nhằm giúp cho người dùng có thể chuyển đổi từ địa chỉ IP khó nhớ mà máy tính sử dụng sang một tên dễ nhớ cho người sử dụng và đồng thời nó giúp cho hệ thống Internet dễ dàng sử dụng để liên lạc và ngày càng phát triển.

Kh

oa

CN

TT

6/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Mục đích của hệ thống DNSMục đích của hệ thống DNS

Kh

oa

CN

TT

7/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Internet Domain name space Internet Domain name space

Internet domain name được tổ chức thành 7 domain cơ bản:

1. .COM : Commercial, các tổ chức thương mại, như Hewlett-Packard (hp.com), Sun Microsystems (sun.com), và IBM (ibm.com)

2. .EDU : Education, các tổ chức giáo dục, như U.C.Berkeley (berkeley.edu) và HCM University of Agriculture and Forestry (hcmuaf.edu.vn)

3. .GOV : Government, các tổ chức của chính phủ như NASA (nasa.gov) và National Science Foundation (nsf.gov)

4. .MIL : Military, quân đội như US army (army.mil) và Navy (navy.mil)

5. .NET : Networking, các tổ chức mạng như NSF NET (nsf.net)

6. .ORG : Organizations, các tổ chức phi thương mại như Electronic Frontier Foundation (eff.org)

7. .INT :International organization như NATO (nato.int)

Kh

oa

CN

TT

8/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Cấu trúc cơ sở dữ liệuCấu trúc cơ sở dữ liệu

Tên trường

Tên đầy đủ Mục đích

SOA Start of Authority Xác định máy chủ DNS cóthẩm quyền cung cấp thôngtin về tên miền xác địnhtrên DN

NS Name Server Chuyển quyền quản lý tênmiền xuống một DNS cấpthấp hơn

A Host Ánh xạ xác định địa chỉ IPcủa một host

MX Mail Exchanger Xác định chuyển từ địa chỉ IP sang tên miền

CNAME Canonical NAME Thường xử dụng xác định dịch vụ web hosting

Kh

oa

CN

TT

9/40

PH

ẠM

VĂ

N T

ÍNH

01-2

004

Phân loại DNS server

1. Caching-only server:

– Cơ sở dữ liệu lưu trong bộ nhớ.

– Không quản lý bất kỳ domain nào.

– Tất cả các name server đều là Caching server.

2. Primary server : dữ liệu của zone từ một file trên máy.

Kh

oa

CN

TT

10/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


3. Secondary server : lấy dữ liệu của zone từ name server khác (Primary server) đã được ủy quyền cho nó.

– Khi secondary được khởi động, nó sẽ tìm primary server để lấy dữ liệu về máy, quá trình này được gọi là zone transfer.

– Slave thường lưu dữ liệu này vào một file,

– Khi slave được khởi động lại thì nó sẽ đọc dữ liệu lấy từ file này và kiểm tra xem dữ liệu đó có còn sử dụng được nữa hay không, nếu không nó sẽ thực hiện động tác zone transfer nữa để lấy dữ liệu mới hơn.

Kh

oa

CN

TT

11/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


4. Root Name Servers – Root name servers có vai trò rất quan trọng

trong việc phân giải. – Quá trình phân giải được bắt đầu từ những root

name server, vì vậy nếu tất cả các Internet root name server đều bị hư thì quá trình phân giải trong Internet sẽ bị đình trệ.

– Người ta thiết lập đến 13 root name server phân bố trên những vùng khác nhau, 2 ở MILNET (the U.S military’s portion of the Internet), 1 ở SPAN (NASA’s internet), 2 ở châu Âu, và 1 ở Nhật bản

– Root Name Servers có tên từ : A.ROOT-SERVERS.NET đến M.ROOT-SERVERS.NET

Kh

oa

CN

TT

12/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Họat động của DNSHọat động của DNS

• Tất cả các dns server đều được cấu hình để biết ít nhất một cách đến root server

• Một máy tính kết nối vào mạng phải biết làm thế nào để liên lạc với ít nhất là một DNS server

• Truy vấn sẽ bắt đầu ngay tại client computer để xác định câu trả lời

• Khi ngay tại client không có câu trả lời, câu hỏi sẽ được chuyển đến DNS server để tìm câu trả lời.

Kh

oa

CN

TT

13/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Tự tìm câu trả lời truy vấn

• Ngay tại máy tính truy vấn thông tin được lấy từ hai nguồn sau:

– Trong file HOSTS được cấu hình ngay tại máy tính.

– Thông tin được lấy từ các câu trả lời của truy vấn trước đó. Theo thời gian các câu trả lời truy vấn được lưu giữ trong bộ nhớ cache của máy tính và nó được sử dụng khi có một truy vấn lặp lại một tên miền trước đó.

Kh

oa

CN

TT

14/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Truy vấn DNS server

• Khi DNS server nhận được một truy vấn. Đầu tiên nó sẽ kiểm tra câu trả lời liệu có phải là thông tin của bản ghi mà nó quản lý trong các zone của server.

• Nếu truy vấn phù hợp với bản ghi mà nó quản lý thì nó sẽ sử dụng thông tin đó để trả lời trả lời và kết thúc truy vấn.

• Nếu truy vấn không tìm thấy thông tin phù hợp để trả lời từ cả cache và zone mà dns server quản lý thì truy vấn sẽ tiếp tục. Nó sẽ nhờ DNS server khác để trả lời truy vấn đển khi tìm được câu trả lời.

Kh

oa

CN

TT

15/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Hoạt động của DNS cache

• Khi DNS server xử lý các truy vấn của client và sử dụng các truy vấn lặp lại. Nó sẽ xác định và lưu lại các thông tin quan trọng của tên miền mà client truy vấn. Thông tin đó sẽ được ghi lại trong bộ nhớ cache của DNS server.

• Khi thông tin được lưu trong cache, thì các bản ghi được ghi trong cache sẽ được cung cấp thời gian sống (TTL - Time-To-Live).

Kh

oa

CN

TT

18/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

DNS:DNS: System System

vnnvnn comcom eduedu govgov

comcom eduedu govgov ukukfrfrvnvn

..

Kh

oa

CN

TT

19/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

..

DNS:DNS: Database Database

vnvn

comcom

cttctt

www.ctt.com.vn 203.162.50.100

www

203.162.4.10

203.162.50.1

203.162.0.1

63.63.0.1

www – 203.162.50.100mail – 203.162.50.101Lab – 203.160.100.1

www – 203.162.50.100mail – 203.162.50.101Lab – 203.160.100.1

ctt – 203.162.50.1aaa – 203.162.70.201bbb – 203.160.9.7

ctt – 203.162.50.1aaa – 203.162.70.201bbb – 203.160.9.7

Kh

oa

CN

TT

20/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

DNS:DNS: Resolve Resolve www.yahoo.comwww.yahoo.com

vnnvnn yahooyahoo

comcomvnvn

..

Address of com server

Address of com serverAddress of yahoo.com

server

Address of yahoo.com

server

Address of www.yahoo.com

Address of www.yahoo.com

Address ofwww.yahoo.com

Address ofwww.yahoo.com

RequestRequestRequestRequest

ReplyReplyReplyReply

Kh

oa

CN

TT

21/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Nameserver Types Nameserver Types

• master — Stores original and authoritative zone records for a certain namespace, answering questions from other nameservers searching for answers concerning that namespace.

• slave — Answers queries from other nameservers concerning namespaces for which it is considered an authority. However, slave nameservers get their namespace information from master nameservers.

• caching-only — Offers name to IP resolution services but is not authoritative for any zones. Answers for all resolutions are cached in memory for a fixed period of time, which is specified by the retrieved zone record.

• forwarding — Forwards requests to a specific list of nameservers for name resolution. If none of the specified nameservers can perform the resolution, the resolution fails.

Kh

oa

CN

TT

22/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

BIND as a Nameserver BIND as a Nameserver

• BIND name performs name resolution services through the /usr/sbin/named daemon.

• BIND stores its configuration files in the following two places:

– /etc/named.conf — The configuration file for the named daemon.

– /var/named/ directory — The named working directory which stores zone, statistic, and cache files.

• Do not manually edit the /etc/named.conf file or any files in the /var/named/ directory if you are using the Bind Configuration Tool. Any manual changes to those files will be overwritten the next time the Bind Configuration Tool is used

Kh

oa

CN

TT

23/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Server Configuration Files

The three required files are

• named.conf — found in the /etc directory, this file contains global properties and sources of configuration files.

• named.ca — found in /var/named, this file contains the names and addresses of root servers.

• named.local — found in /var/named, this file provides information for resolving the loopback address for the localhost.

The two files required for the master domain server are

• zone — this file contains the names and addresses of servers and workstations in the local domain and maps names to IP addresses

• reverse zone — this file provides information to map IP addresses to names

Kh

oa

CN

TT

24/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.conf file

• options — lists global configurations and defaults

• include — gets information from another file and includes it

• acl — specifies IP addresses used in an access control list

• logging — specifies log file locations and contents

• server — specifies properties of remote servers

• zone — specifies information about zones

• key — specifies security keys used for authentication

Kh

oa

CN

TT

25/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.conf file - Options

Options statements use the following syntax. options {

value “property”; }

Value Meaning

allow-query

Accepts queries only from hosts in the address list(by default queries are accepted from any host).Usage: allow-query {“address-list”};

directory

Path of the directory where server configurationfiles are located (the default value: /var/named/ )Usage: directory “path to directory”;

Kh

oa

CN

TT

26/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.conf file - Options

Value Meaning

forward

Controls forwarding behavior of a forwarders directive. If set to first, the servers listed in theforwarders option are queried first, and then theserver tries to find the answer itself. If set to only,just the servers in the forwarders list are queried.Usage: forward “first or only”; (choose one).

forwarders

Specifies a list of valid IP addresses for nameservers where requests should be forwarded for resolution. Usage: forwarders {“address-list”};

notify

Controls whether named notifies the slave serverswhen a zone is updated. It accepts the followingoptions: yes — Notifies slave servers.no — Does not notify slave servers.

Kh

oa

CN

TT

27/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.conf file - acl Statement

• The acl statement (or access control statement) defines groups of hosts which can then be permitted or denied access to the nameserver. An acl statement takes the following form:

• acl <acl-name> { <match-element>; [<match-element>; ...] };

• Most of the time, an individual IP address or IP network notation (such as 10.0.1.0/24) is used to identify the IP addresses within the acl statement.

• The following access control lists are already defined as keywords to simplify configuration:

– any — Matches every IP address.

– localhost — Matches any IP address in use by the local system.

– localnets — Matches any IP address on any network to which the local system is connected.

– none — Matches no IP addresses.

Kh

oa

CN

TT

28/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.conf file

acl local-net { 10.0.2.0/24; 192.168.0.0/24; }; options { allow-query { local-net; };

directory "/var/named/";

forwarders {

203.162.4.1;

203.162.0.11;

}; }

Kh

oa

CN

TT

29/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.conf file - zone Statement

• The main DNS configuration is kept in the named.conf file which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file:

• + Forward zone file definitions which list files to map domains to IP addresses

• + Reverse zone file definitions which list files to map IP addresses to domains

• A zone statement takes the following form:

• zone <zone-name> { <zone-options>; [<zone-options>; ...] };

• For example, if a zone statement defines the namespace for example.com, use example.com as the <zone-name>

Kh

oa

CN

TT

30/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


The most common zone statement options include the following: • allow-query — Specifies the clients that are allowed to request

information about this zone. The default is to allow all query requests.

• allow-transfer — Specifies the slave servers that are allowed to request a transfer of the zone's information. The default is to allow all transfer requests.

• allow-update — Specifies the hosts that are allowed to dynamically update information in their zone. The default is to deny all dynamic update requests. Be careful when allowing hosts to update information about their zone. Do not enable this option unless the host specified is completely trusted. In general, it better to have an administrator manually update the records for a zone and reload the named service.

• file — Specifies the name of the file in the named working directory that contains the zone's configuration data.

• masters — The masters option lists the IP addresses from which to request authoritative zone information. Used only if the zone is defined as type slave.

Kh

oa

CN

TT

31/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


• notify — Controls whether named notifies the slave servers when a zone is updated. It accepts the following options:

– yes — Notifies slave servers.

– no — Does not notify slave servers.

• type — Defines the type of zone. Below is a list of valid options:

– forward — Forwards all requests for information about this zone to other nameservers.

– hint — A special type of zone used to point to the root nameservers which resolve queries when a zone is not otherwise known. No configuration beyond the default is necessary with a hint zone.

– master — Designates the nameserver as authoritative for this zone. A zone should be set as the master if the zone's configuration files reside on the system.

– slave — Designates the nameserver as a slave server for this zone. Also specifies the IP address of the master nameserver for the zone.

Kh

oa

CN

TT

32/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Sample zone Statements

• The following is an example of a zone statement for the primary nameserver hosting example.com (192.168.0.1): zone "example.com" { type master; file "example.com.zone"; allow-update { none; }; };

• The zone is identified as example.com, the type is set to master, and the named service is instructed to read the /var/named/example.com.zone file. It also tells named not to allow by any other hosts to update.

• A slave server's zone statement for example.com may look like this:zone "example.com" { type slave; file "example.com.zone"; masters { 192.168.0.1; }; };

• This zone statement configures named on the slave server to look for the master server at the 192.168.0.1 IP address for information about the example.com zone. The information the slave server receives from the master server is saved to the /var/named/example.com.zone file.

Kh

oa

CN

TT

33/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The named.ca file

• The first zone file is known as the cache file, and it references a file called named.ca, which contains information about the world’s root name servers. This information changes and needs to be updated periodically.

• This information must be retrieved from the Internet host ftp.rs.internic.net (198.41.0.7). Use anonymous ftp to retrieve the file named.root from the domain subdirectory. (named.root is the same file we've been calling named.ca. Just rename named.root to named.ca after you've retrieved it.)

• If you have on your system a copy of dig, a utility that works a lot like nslookup and is included in the BIND distribution, you can retrieve the current list of roots just by running:

• # dig @a.root-servers.net . ns > named.ca

Kh

oa

CN

TT

34/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Zone File Resource Records

SOA — START OF AUTHORITY NS — NAME SERVERS IN THIS DOMAIN A — THE IP ADDRESS FOR THE NAME PTR — POINTER FOR ADDRESS NAME MAPPING CNAME — CANONICAL NAME MX RECORD — MAIL EXCHANGE RECORD A — Address record, which specifies an IP address to assign

to a name, as in this example: <host> IN A <IP-address> If the <host> value is omitted, then an A record points to a

default IP address for the top of the namespace. Consider the following A record examples for the example.com zone file: IN A 10.0.1.3

server1 IN A 10.0.1.5 Requests for example.com are pointed to 10.0.1.3, while

requests for server1.example.com are pointed to 10.0.1.5.

Kh

oa

CN

TT

35/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


• CNAME — Canonical name record, maps one name to another. This type of record is also known as an alias record.

• The next example tells named that any requests sent to the <alias-name> will point to the host, <real-name>. CNAME records are most commonly used to point to services that use a common naming scheme, such as www for Web servers.

<alias-name> IN CNAME <real-name>• In the following example, an A record binds a hostname to an IP address, while a CNAME record points the commonly used www hostname to it.

server1 IN A 10.0.1.5 www IN CNAME server1

Kh

oa

CN

TT

36/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


• MX — Mail eXchange record, which tells where mail sent to a particular namespace controlled by this zone should go. IN MX <preference-value> <email-server-name>• In this example, the <preference-value> allows numerical

ranking of the email servers for a namespace, giving preference to some email systems over others. The MX resource record with the lowest <preference-value> is preferred over the others. However, multiple email servers can possess the same value to distribute email traffic evenly among them.

• The <email-server-name> may be a hostname or FQDN.

IN MX 10 mail.example.com. IN MX 20 mail2.example.com.• In this example, the first mail.example.com email server is

preferred to the mail2.example.com email server when receiving email destined for the example.com domain.

Kh

oa

CN

TT

37/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


• PTR — PoinTeR record, designed to point to another part of the namespace. PTR records are primarily used for reverse name resolution, as they point IP addresses back to a particular name.

• SOA — Start Of Authority record, proclaims important authoritative information about a namespace to the nameserver. Located after the directives, an SOA resource record is the first resource record in a zone file.

• The following example shows the basic structure of an SOA record: @ IN SOA <primary-name-server> <master-email> ( <serial-number> <time-to-refresh> <time-to-retry> <time-to-expire> <minimum-TTL> )

Kh

oa

CN

TT

38/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


• <serial-number> incremented every time you change the zone file so that named will know that it should reload this zone. Usually in the date format YYYYMMDD with single digit incremented number tagged to the end

• <time-to-refresh> Tells the slave DNS server how often it should check the master DNS server .

• <serial-number> value is used by the slave to determine if it is using outdated zone data and should refresh it.

• <time-to-retry> The slave's retry interval to connect the master in the event of a connection failure.

• <time-to-expire> Total amount of time a slave will retry to contact the master before expiring the data it contains. Afterthis time, the slave stops responding as an authority for requests concerning that namespace.

• <minimum-TTL> requests that other nameservers cache the zone's information for at least this amount of time (in seconds).

Kh

oa

CN

TT

39/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4


$ORIGIN example.com.$TTL 86400@ IN SOA dns1.example.com. hostmaster.example.com. ( 2001062501 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day IN NS dns1.example.com. ; dns1 IN NS dns2.example.com. ; dns2 IN MX 10 mail.example.com. ; mail IN MX 20 mail2.example.com. ; mail2server1 IN A 10.0.1.5server2 IN A 10.0.1.7dns1 IN A 10.0.1.2dns2 IN A 10.0.1.3ftp IN CNAME server1mail IN CNAME server1mail2 IN CNAME server2www IN CNAME server2

Kh

oa

CN

TT

40/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Reverse Name Resolution Zone Files

•<last-IP-digit> IN PTR <FQDN-of-system>• In the follow example, IP addresses 10.0.1.20 through 10.0.1.25 are

pointed to corresponding FQDNs. $ORIGIN 1.0.10.in-addr.arpa $TTL 86400 @ IN SOA dns1.example.com. hostmaster.example.com. ( 2001062501 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day IN NS dns1.example.com. IN NS dns2.example.com. 20 IN PTR alice.example.com. 21 IN PTR betty.example.com. 22 IN PTR charlie.example.com. 23 IN PTR doug.example.com. 24 IN PTR ernest.example.com. 25 IN PTR fanny.example.com.

Kh

oa

CN

TT

41/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Reverse Name Resolution Zone Files

• This zone file would be called into service with a zone statement in the named.conf file which looks similar to the following: zone "1.0.10.in-addr.arpa" IN { type master; file " 1.0.10.in-addr.arpa.zone"; allow-update { none; }; };• There is very little difference between this example and a standard zone statement, except for the zone name. Note that a reverse name resolution zone requires the first three blocks of the IP address reversed followed by .in-addr.arpa. This allows the single block of IP numbers used in the reverse name resolution zone file to be associated with the zone.

Kh

oa

CN

TT

42/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Example : Example : named.confnamed.conf zone "0.0.127.in-addr.arpa" {

type master; file "0.0.127.in-addr.arpa.zone";

};zone "1.168.192.in-addr.arpa" {


};zone "2.168.192.in-addr.arpa" {


};zone "localhost" {

type master; file "localhost.zone";

};zone "hcmuaf.edu.vn" {

type master; file "hcmuaf.edu.vn.zone";

};zone "." {

type hint; file "named.ca";

};options { directory "/var/named/";

forwarders { 203.162.4.1; 203.162.0.11;};

};

Kh

oa

CN

TT

43/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Example : Example : 1.168.192.in-addr.arpa.zone1.168.192.in-addr.arpa.zone

$TTL 86400@ IN SOA dns1.hcmuaf.edu.vn. pvtinh.hcmuaf.edu.vn.( 2001062501 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day

IN NS dns1.hcmuaf.edu.vn.


2 IN PTR www. hcmuaf.edu.vn.

3 IN PTR dns1.hcmuaf.edu.vn.

4 IN PTR mail. hcmuaf.edu.vn.

5 IN PTR dns2.hcmuaf.edu.vn.

Kh

oa

CN

TT

44/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Example : Example : 22.168.192.in-addr.arpa.zone.168.192.in-addr.arpa.zone




1 IN PTR router. hcmuaf.edu.vn.

2 IN PTR router1.hcmuaf.edu.vn.

3 IN PTR router2. hcmuaf.edu.vn.

4 IN PTR poxy2.hcmuaf.edu.vn.

Kh

oa

CN

TT

45/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Example : Example : hcmuaf.edu.vn.zonehcmuaf.edu.vn.zone


IN NS dns1.hcmuaf.edu.vn. IN NS dns2.hcmuaf.edu.vn.

IN MX 1 mail.hcmuaf.edu.vn.mail IN A 192.168.1.4www IN A 192.168.1.2ftp IN A 192.168.1.6proxy2 IN A 192.168.2.4router IN A 192.168.2.1router1 IN A 192.168.2.2router2 IN A 192.168.2.3libserv.lib IN A 192.168.117.2dns1 IN A 192.168.1.3dns2 IN A 192.168.1.5testweb IN CNAME ftp.hcmuaf.edu.vn.proxy1 IN CNAME proxy2.hcmuaf.edu.vn.

Kh

oa

CN

TT

46/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Creating and Delegating a Subdomain Creating and Delegating a Subdomain

• We need to create a new subdomain of hcmuaf.edu.vn for our special effects lab of faculty of Information Technology in Nong Lam University.

• We've chosen the name itlab.hcmuaf.edu.vn - short, recognizable, unambiguous. Because we're delegating itlab.hcmuaf.edu.vn to administrators in the lab, it'll be a separate zone.

• The hosts itdns1 and itdns2, both within the special effects lab, will serve as the zone's name servers (itdns1 will serve as the primary master). We've chosen to run two name servers for the domain for redundancy - a single itlab.hcmuaf.edu.vn name server would be a single point of failure that could effectively isolate the entire special effects lab.

Kh

oa

CN

TT

47/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The file: The file: itlab.hcmuaf.edu.vn.zoneitlab.hcmuaf.edu.vn.zone

@ IN SOA itdns1.itlab.hcmuaf.edu.vn. itmaster.itlab.hcmuaf.edu.vn. ( 1 ; serial 10800 ; refresh every 3 hours 3600 ; retry every hour 604800 ; expire after a week 86400 ) ; minimum TTL of 1 day IN NS itdns1 IN NS itdns2 IN MX 1 itmail ; MX records for itlab.hcmuaf.edu.vn

itdns1IN A 192.168.98.2itdns2 IN A 192.168.98.3itmail IN A 192.168.98.4www IN A 192.168.98.5ftp IN A 192.168.98.6

Kh

oa

CN

TT

48/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

The file: The file: 98.168.192.in-addr.arpa.zone98.168.192.in-addr.arpa.zone

@ IN SOA itdns1.itlab.hcmuaf.edu.vn. itmaster.itlab.hcmuaf.edu.vn. ( 1 ; serial 10800 ; refresh every 3 hours 3600 ; retry every hour 604800 ; expire after a week 86400 ) ; minimum TTL of 1 day IN NS itdns1.itlab.hcmuaf.edu.vn. IN NS itdns2.itlab.hcmuaf.edu.vn. 2 IN PTR Itdns1.itlab.hcmuaf.edu.vn.3 IN PTR itdns2.itlab.hcmuaf.edu.vn.4 IN PTR Itmail.itlab.hcmuaf.edu.vn.5 IN PTR www.itlab.hcmuaf.edu.vn.6 IN PTR ftp.itlab.hcmuaf.edu.vn.

Kh

oa

CN

TT

49/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Named.conf for primary server itdns1Named.conf for primary server itdns1

options { directory "/var/named/";};zone "0.0.127.in-addr.arpa" { type master; file “0.0.127.zone";};zone “itlab.hcmuaf.edu.vn" { type master; file " itlab.hcmuaf.edu.vn ";};zone “98.168.192.in-addr.arpa" { type master; file " 98.168.192.in-addr.arpa ";};zone "." { type hint; file “named.ca";};

Kh

oa

CN

TT

50/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Named.conf for slave server itdns2Named.conf for slave server itdns2

options { directory "/var/named/";};zone "0.0.127.in-addr.arpa" { type slave; file “0.0.127.zone"; masters { 192.168.98.2; }; };zone “itlab.hcmuaf.edu.vn" { type slave; file " itlab.hcmuaf.edu.vn ";

masters { 192.168.98.2; }; };zone “98.168.192.in-addr.arpa" { type slave; file " 98.168.192.in-addr.arpa "; masters { 192.168.98.2; }; };zone "." { type hint; file “named.ca";};

Kh

oa

CN

TT

51/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

On the hcmuaf.edu.vn Primary Master On the hcmuaf.edu.vn Primary Master


IN NS dns1.hcmuaf.edu.vn. IN NS dns2.hcmuaf.edu.vn.

IN MX 1 mail.hcmuaf.edu.vn.mail IN A 192.168.1.4www IN A 192.168.1.2

itlab 86400 IN NS itdns1.itlab.hcmuaf.edu.vn.

86400 IN NS itdns2.itlab.hcmuaf.edu.vn.

itdns1.itlab.hcmuaf.edu.vn. 86400 IN A 192.168.98.2

itdns2.itlab.hcmuaf.edu.vn. 86400 IN A 192.168.98.3

Kh

oa

CN

TT

52/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

Updating db Files - Adding and Deleting HostsUpdating db Files - Adding and Deleting Hosts

1.Update the serial number in db.DOMAIN. The serial number is likely to be at the top of the file, so it's easy to do first and reduces the chance that you'll forget.

2.Add any A (address), CNAME (alias), and MX (mail exchanger) records for the host to the db.DOMAIN file. We added the following resource records to the db.movie file when a new host (cujo) was added to our network: new_host IN A 192.168.1.155

3.Update the serial number and add PTR records to each db.ADDR file for which the host has an address. new_host only has one address, on network 192.168.1; therefore, we added the following PTR record to the db.192.168.1 file: 155 IN PTR cujo.movie.edu.

4.Restart the primary master name server by sending it a HUP signal; this forces it to load the new information:# kill -HUP `cat /etc/named.pid`

Kh

oa

CN

TT

53/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

How To Get BIND Started How To Get BIND Started

•You can use the chkconfig command to get BIND configured to start at boot:

[root@bigboy tmp]# chkconfig named on

•To start/stop/restart BIND after booting

[root@bigboy tmp]# /etc/init.d/named start[root@bigboy tmp]# /etc/init.d/named stop[root@bigboy tmp]# /etc/init.d/named restart

• Note: Remember to restart the BIND process every time you make a change to the configuration file for the changes to take effect on the running process.

Kh

oa

CN

TT

54/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

NSLOOKUPNSLOOKUP

• NSLOOKUP

• >Command

• >EXIT : Kết thúc

Kh

oa

CN

TT

55/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

NSLOOKUPNSLOOKUP

server NAME - Chỉ định máy chủ mặc định NAME.

ls [opt] DOMAIN - Hiển thị các địa chỉ trong miền DOMAIN

-a list canonical names and aliases

-d list all records

-t TYPE list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)

Kh

oa

CN

TT

56/4

0P

HẠ

M V

ĂN

TÍN

H01

-200

4

NSLOOKUPNSLOOKUP

• Set timeout=X : Chỉ định thời gian đợi time-out là X giây

• Set type=X hoặc set q=X : Chỉ định loại dữ liệu sẽ hiển thị ( A,ANY,CNAME,MX,NS,PTR,SOA)

Dns

Technology

Transcript of Dns