Dns

2,754 views
2,602 views

Published on

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,754
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
115
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Dns

  1. 1. <ul><li>Domain Name System (DNS) </li></ul>
  2. 2. <ul><li>Hệ thống tên miền DNS </li></ul><ul><li>Giới thiệu </li></ul><ul><li>DNS server và cấu trúc cơ sở dữ liệu tên miền </li></ul><ul><li>Hoạt động của hệ thống DNS </li></ul><ul><li>Cài đặt DNS Server cho Window 20003 </li></ul><ul><li>Cài đặt, cấu hình DNS cho Linux </li></ul>
  3. 3. <ul><li>DNS </li></ul><ul><li>When hosts on a network connect to one another via a hostname, also called a fully qualified domain name ( FQDN ) , DNS is used to associate the names of machines to the IP address for the host . </li></ul><ul><li>Use of DNS and FQDNs also has advantages for system administrators, allowing the flexibility to change the IP address for a host without effecting name-based queries to the machine . </li></ul><ul><li>DNS is normally implemented using centralized servers that are authoritative for some domains and refer to other DNS servers for other domains. </li></ul><ul><li>The DNS server is a device on a network that manages domain names and responds to requests from clients to translate a domain name into the associated IP address. </li></ul><ul><li>The DNS system is set up in a hierarchy that creates different levels of DNS servers . </li></ul>
  4. 4. <ul><li>Lịch sử hình thành của DNS </li></ul><ul><li>Đến năm 1984 Paul Mockpetris thuộc viện USC's Information Sciences Institute phát triển một hệ thống quản lý tên miền mới (miêu tả trong chuẩn RFC 882 - 883) gọi là DNS (Domain Name System) </li></ul>
  5. 5. <ul><li>Mục đích của hệ thống DNS </li></ul><ul><li>Hệ thống DNS ra đời nhằm giúp cho người dùng có thể chuyển đổi từ địa chỉ IP khó nhớ mà máy tính sử dụng sang một tên dễ nhớ cho người sử dụng và đồng thời nó giúp cho hệ thống Internet dễ dàng sử dụng để liên lạc và ngày càng phát triển. </li></ul>
  6. 6. <ul><li>Mục đích của hệ thống DNS </li></ul>
  7. 7. <ul><li>Internet Domain name space </li></ul><ul><li>Internet domain name được tổ chức thành 7 domain cơ bản: </li></ul><ul><li>. COM : Commercial, các tổ chức thương mại, như Hewlett-Packard ( hp.com ), Sun Microsystems ( sun.com ), và IBM ( ibm.com ) </li></ul><ul><li>. EDU : Education, các tổ chức giáo dục, như U.C.Berkeley ( berkeley.edu ) và HCM University of Agriculture and Forestry ( hcmuaf.edu.vn ) </li></ul><ul><li>. GOV : Government, các tổ chức của chính phủ như NASA ( nasa.gov ) và National Science Foundation ( nsf.gov ) </li></ul><ul><li>. MIL : Military, quân đội như US army ( army.mil ) và Navy ( navy.mil ) </li></ul><ul><li>. NET : Networking, các tổ chức mạng như NSF NET ( nsf.net ) </li></ul><ul><li>. ORG : Organizations, các tổ chức phi thương mại như Electronic Frontier Foundation ( eff.org ) </li></ul><ul><li>. INT : International organization như NATO ( nato.int ) </li></ul>
  8. 8. <ul><li>Cấu trúc cơ sở dữ liệu </li></ul>Thường xử dụng xác định dịch vụ web hosting Canonical NAME CNAME Xác định chuyển từ địa chỉ IP sang tên miền Mail Exchanger MX Ánh xạ xác định địa chỉ IP của một host Host A Chuyển quyền quản lý tên miền xuống một DNS cấp thấp hơn Name Server NS Xác định máy chủ DNS có thẩm quyền cung cấp thông tin về tên miền xác định trên DN Start of Authority SOA Mục đích Tên đầy đủ Tên trường
  9. 9. <ul><li>Phân loại DNS server </li></ul><ul><li>Caching-only server : </li></ul><ul><ul><li>Cơ sở dữ liệu lưu trong bộ nhớ. </li></ul></ul><ul><ul><li>Không quản lý bất kỳ domain nào. </li></ul></ul><ul><ul><li>Tất cả các name server đều là Caching server. </li></ul></ul><ul><li>Primary server : dữ liệu của zone từ một file trên máy. </li></ul>
  10. 10. <ul><li>Phân loại DNS server </li></ul><ul><li>Secondary server : lấy dữ liệu của zone từ name server khác (Primary server) đã được ủy quyền cho nó. </li></ul><ul><ul><li>Khi secondary được khởi động, nó sẽ tìm primary server để lấy dữ liệu về máy, quá trình này được gọi là zone transfer. </li></ul></ul><ul><ul><li>Slave thường lưu dữ liệu này vào một file, </li></ul></ul><ul><ul><li>Khi slave được khởi động lại thì nó sẽ đọc dữ liệu lấy từ file này và kiểm tra xem dữ liệu đó có còn sử dụng được nữa hay không, nếu không nó sẽ thực hiện động tác zone transfer nữa để lấy dữ liệu mới hơn. </li></ul></ul>
  11. 11. <ul><li>Phân loại DNS server </li></ul><ul><li>Root Name Servers </li></ul><ul><ul><li>Root name servers có vai trò rất quan trọng trong việc phân giải. </li></ul></ul><ul><ul><li>Quá trình phân giải được bắt đầu từ những root name server, vì vậy nếu tất cả các Internet root name server đều bị hư thì quá trình phân giải trong Internet sẽ bị đình trệ. </li></ul></ul><ul><ul><li>Người ta thiết lập đến 13 root name server phân bố trên những vùng khác nhau, 2 ở MILNET (the U.S military’s portion of the Internet), 1 ở SPAN (NASA’s internet), 2 ở châu Âu, và 1 ở Nhật bản </li></ul></ul><ul><ul><li>Root Name Servers có tên từ : A.ROOT-SERVERS.NET đến M.ROOT-SERVERS.NET </li></ul></ul>
  12. 12. <ul><li>Họat động của DNS </li></ul><ul><li>Tất cả các dns server đều được cấu hình để biết ít nhất một cách đến root server </li></ul><ul><li>Một máy tính kết nối vào mạng phải biết làm thế nào để liên lạc với ít nhất là một DNS server </li></ul><ul><li>Truy vấn sẽ bắt đầu ngay tại client computer để xác định câu trả lời </li></ul><ul><li>Khi ngay tại client không có câu trả lời, câu hỏi sẽ được chuyển đến DNS server để tìm câu trả lời. </li></ul>
  13. 13. <ul><li>Tự tìm câu trả lời truy vấn </li></ul><ul><li>Ngay tại máy tính truy vấn thông tin được lấy từ hai nguồn sau: </li></ul><ul><ul><li>Trong file HOSTS được cấu hình ngay tại máy tính. </li></ul></ul><ul><ul><li>Thông tin được lấy từ các câu trả lời của truy vấn trước đó. Theo thời gian các câu trả lời truy vấn được lưu giữ trong bộ nhớ cache của máy tính và nó được sử dụng khi có một truy vấn lặp lại một tên miền trước đó. </li></ul></ul>
  14. 14. <ul><li>Truy vấn DNS server </li></ul><ul><li>Khi DNS server nhận được một truy vấn. Đầu tiên nó sẽ kiểm tra câu trả lời liệu có phải là thông tin của bản ghi mà nó quản lý trong các zone của server. </li></ul><ul><li>Nếu truy vấn phù hợp với bản ghi mà nó quản lý thì nó sẽ sử dụng thông tin đó để trả lời trả lời và kết thúc truy vấn. </li></ul><ul><li>Nếu truy vấn không tìm thấy thông tin phù hợp để trả lời từ cả cache và zone mà dns server quản lý thì truy vấn sẽ tiếp tục. Nó sẽ nhờ DNS server khác để trả lời truy vấn đển khi tìm được câu trả lời. </li></ul>
  15. 15. <ul><li>Hoạt động của DNS cache </li></ul><ul><li>Khi DNS server xử lý các truy vấn của client và sử dụng các truy vấn lặp lại. Nó sẽ xác định và lưu lại các thông tin quan trọng của tên miền mà client truy vấn. Thông tin đó sẽ được ghi lại trong bộ nhớ cache của DNS server. </li></ul><ul><li>Khi thông tin được lưu trong cache, thì các bản ghi được ghi trong cache sẽ được cung cấp thời gian sống (TTL - Time-To-Live). </li></ul>
  16. 16. <ul><li>DNS: Problems with using IP address </li></ul>
  17. 17. <ul><li>DNS </li></ul><ul><li>When hosts on a network connect to one another via a hostname, also called a fully qualified domain name ( FQDN ) , DNS is used to associate the names of machines to the IP address for the host . </li></ul><ul><li>Use of DNS and FQDNs also has advantages for system administrators, allowing the flexibility to change the IP address for a host without effecting name-based queries to the machine . </li></ul><ul><li>DNS is normally implemented using centralized servers that are authoritative for some domains and refer to other DNS servers for other domains. </li></ul><ul><li>The DNS server is a device on a network that manages domain names and responds to requests from clients to translate a domain name into the associated IP address. </li></ul><ul><li>The DNS system is set up in a hierarchy that creates different levels of DNS servers . </li></ul>
  18. 18. <ul><li>DNS: System </li></ul>. vnn com edu gov com edu gov uk fr vn
  19. 19. <ul><li>DNS: Database </li></ul>www – 203.162.50.100 mail – 203.162.50.101 Lab – 203.160.100.1 ctt – 203.162.50.1 aaa – 203.162.70.201 bbb – 203.160.9.7 . vn com ctt www.ctt.com.vn 203.162.50.100 www 203.162.4.10 203.162.50.1 203.162.0.1 63.63.0.1
  20. 20. <ul><li>DNS: Resolve www.yahoo.com </li></ul>Request Reply vnn yahoo com vn . Address of com server Address of yahoo.com server Address of www.yahoo.com Address of www.yahoo.com
  21. 21. <ul><li>Nameserver Types </li></ul><ul><li>master — Stores original and authoritative zone records for a certain namespace, answering questions from other nameservers searching for answers concerning that namespace. </li></ul><ul><li>slave — Answers queries from other nameservers concerning namespaces for which it is considered an authority. However, slave nameservers get their namespace information from master nameservers. </li></ul><ul><li>caching-only — Offers name to IP resolution services but is not authoritative for any zones. Answers for all resolutions are cached in memory for a fixed period of time, which is specified by the retrieved zone record. </li></ul><ul><li>forwarding — Forwards requests to a specific list of nameservers for name resolution. If none of the specified nameservers can perform the resolution, the resolution fails. </li></ul>
  22. 22. <ul><li>BIND as a Nameserver </li></ul><ul><li>BIND name performs name resolution services through the /usr/sbin/named daemon. </li></ul><ul><li>BIND stores its configuration files in the following two places: </li></ul><ul><ul><li>/etc/named.conf — The configuration file for the named daemon. </li></ul></ul><ul><ul><li>/var/named / directory — The named working directory which stores zone, statistic, and cache files. </li></ul></ul><ul><li>Do not manually edit the /etc/named.conf file or any files in the /var/named/ directory if you are using the Bind Configuration Tool . Any manual changes to those files will be overwritten the next time the Bind Configuration Tool is used </li></ul>
  23. 23. <ul><li>Server Configuration Files </li></ul><ul><li>The three required files are </li></ul><ul><li>named.conf — found in the /etc directory, this file contains global properties and sources of configuration files. </li></ul><ul><li>named.ca — found in /var/named , this file contains the names and addresses of root servers. </li></ul><ul><li>named.local — found in /var/named , this file provides information for resolving the loopback address for the localhost. </li></ul><ul><li>The two files required for the master domain server are </li></ul><ul><li>zone — this file contains the names and addresses of servers and workstations in the local domain and maps names to IP addresses </li></ul><ul><li>reverse zone — this file provides information to map IP addresses to names </li></ul>
  24. 24. <ul><li>The named.conf file </li></ul><ul><li>options — lists global configurations and defaults </li></ul><ul><li>include — gets information from another file and includes it </li></ul><ul><li>acl — specifies IP addresses used in an access control list </li></ul><ul><li>logging — specifies log file locations and contents </li></ul><ul><li>server — specifies properties of remote servers </li></ul><ul><li>zone — specifies information about zones </li></ul><ul><li>key — specifies security keys used for authentication </li></ul>
  25. 25. <ul><li>The named.conf file - Options </li></ul><ul><li>Options statements use the following syntax. </li></ul><ul><li>options { </li></ul><ul><li>value “property” ; </li></ul><ul><li>} </li></ul>Path of the directory where server configuration files are located (the default value: /var/named/ ) Usage: directory “path to directory”; directory Accepts queries only from hosts in the address list (by default queries are accepted from any host). Usage: allow-query {“address-list”}; allow-query Meaning Value
  26. 26. <ul><li>The named.conf file - Options </li></ul>Specifies a list of valid IP addresses for nameservers where requests should be forwarded for resolution. Usage: forwarders {“address-list”}; forwarders Controls whether named notifies the slave servers when a zone is updated. It accepts the following options: yes — Notifies slave servers. no — Does not notify slave servers. notify Controls forwarding behavior of a forwarders directive. If set to first , the servers listed in the forwarders option are queried first, and then the server tries to find the answer itself. If set to only , just the servers in the forwarders list are queried. Usage: forward “ first or only ”; ( choose one ). forward Meaning Value
  27. 27. <ul><li>The named.conf file - acl Statement </li></ul><ul><li>The acl statement (or access control statement) defines groups of hosts which can then be permitted or denied access to the nameserver . An acl statement takes the following form: </li></ul><ul><li>acl < acl-name > { < match-element > ; [ < match-element > ; ...] }; </li></ul><ul><li>Most of the time, an individual IP address or IP network notation (such as 10.0.1.0/24 ) is used to identify the IP addresses within the acl statement. </li></ul><ul><li>The following access control lists are already defined as keywords to simplify configuration: </li></ul><ul><ul><li>any — Matches every IP address. </li></ul></ul><ul><ul><li>localhost — Matches any IP address in use by the local system. </li></ul></ul><ul><ul><li>localnets — Matches any IP address on any network to which the local system is connected. </li></ul></ul><ul><ul><li>none — Matches no IP addresses. </li></ul></ul>
  28. 28. <ul><li>The named.conf file </li></ul><ul><li>acl l ocal-net { </li></ul><ul><li>10.0.2.0/24; </li></ul><ul><li>192.168.0.0/24; </li></ul><ul><li>}; </li></ul><ul><li>options { </li></ul><ul><li>allow-query { local-net; }; </li></ul><ul><li>directory &quot;/var/named/&quot;; </li></ul><ul><li> forwarders { </li></ul><ul><li> 203.162.4.1; </li></ul><ul><li> 203.162.0.11; </li></ul><ul><li> }; </li></ul><ul><li>} </li></ul>
  29. 29. <ul><li>The named.conf file - zone Statement </li></ul><ul><li>The main DNS configuration is kept in the named.conf file which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file: </li></ul><ul><li>+ Forward zone file definitions which list files to map domains to IP addresses </li></ul><ul><li>+ Reverse zone file definitions which list files to map IP addresses to domains </li></ul><ul><li>A zone statement takes the following form: </li></ul><ul><li>zone < zone-name > { < zone-options > ; [ < zone-options > ; ...] }; </li></ul><ul><li>For example, if a zone statement defines the namespace for example.com , use example.com as the < zone-name > </li></ul>
  30. 30. <ul><li>The named.conf file - zone Statement </li></ul><ul><li>The most common zone statement options include the following: </li></ul><ul><li>allow-query — Specifies the clients that are allowed to request information about this zone. The default is to allow all query requests. </li></ul><ul><li>allow-transfer — Specifies the slave servers that are allowed to request a transfer of the zone's information. The default is to allow all transfer requests. </li></ul><ul><li>allow-update — Specifies the hosts that are allowed to dynamically update information in their zone. The default is to deny all dynamic update requests. Be careful when allowing hosts to update information about their zone. Do not enable this option unless the host specified is completely trusted. In general, it better to have an administrator manually update the records for a zone and reload the named service. </li></ul><ul><li>file — Specifies the name of the file in the named working directory that contains the zone's configuration data. </li></ul><ul><li>masters — The masters option lists the IP addresses from which to request authoritative zone information. Used only if the zone is defined as type slave. </li></ul>
  31. 31. <ul><li>The named.conf file - zone Statement </li></ul><ul><li>notify — Controls whether named notifies the slave servers when a zone is updated. It accepts the following options: </li></ul><ul><ul><li>yes — Notifies slave servers. </li></ul></ul><ul><ul><li>no — Does not notify slave servers. </li></ul></ul><ul><li>type — Defines the type of zone. Below is a list of valid options: </li></ul><ul><ul><li>forward — Forwards all requests for information about this zone to other nameservers. </li></ul></ul><ul><ul><li>hint — A special type of zone used to point to the root nameservers which resolve queries when a zone is not otherwise known. No configuration beyond the default is necessary with a hint zone. </li></ul></ul><ul><ul><li>master — Designates the nameserver as authoritative for this zone. A zone should be set as the master if the zone's configuration files reside on the system. </li></ul></ul><ul><ul><li>slave — Designates the nameserver as a slave server for this zone. Also specifies the IP address of the master nameserver for the zone. </li></ul></ul>
  32. 32. <ul><li>Sample zone Statements </li></ul><ul><li>The following is an example of a zone statement for the primary nameserver hosting example.com ( 192.168.0.1 ): zone &quot; example.com &quot; { type master ; file &quot; example.com.zone &quot;; allow-update { none ; }; }; </li></ul><ul><li>The zone is identified as example.com , the type is set to master , and the named service is instructed to read the / var/named/example.com.zone file. It also tells named not to allow by any other hosts to update. </li></ul><ul><li>A slave server's zone statement for example.com may look like this: zone &quot; example.com &quot; { type slave ; file &quot; example.com.zone &quot;; masters { 192.168.0.1 ; }; }; </li></ul><ul><li>This zone statement configures named on the slave server to look for the master server at the 192.168.0.1 IP address for information about the example.com zone. The information the slave server receives from the master server is saved to the / var/named/example.com.zone file. </li></ul>
  33. 33. <ul><li>The named.ca file </li></ul><ul><li>The first zone file is known as the cache file, and it references a file called named.ca , which contains information about the world’s root name servers. This information changes and needs to be updated periodically. </li></ul><ul><li>This information must be retrieved from the Internet host ftp.rs.internic.net ( 198.41.0.7 ). Use anonymous ftp to retrieve the file named.root from the domain subdirectory. ( named.root is the same file we've been calling named.ca . Just rename named.root to named.ca after you've retrieved it.) </li></ul><ul><li>If you have on your system a copy of dig , a utility that works a lot like nslookup and is included in the BIND distribution, you can retrieve the current list of roots just by running: </li></ul><ul><li># dig @a.root-servers.net . ns > named.ca </li></ul>
  34. 34. <ul><li>Zone File Resource Records </li></ul><ul><li>SOA — START OF AUTHORITY </li></ul><ul><li>NS — NAME SERVERS IN THIS DOMAIN </li></ul><ul><li>A — THE IP ADDRESS FOR THE NAME </li></ul><ul><li>PTR — POINTER FOR ADDRESS NAME MAPPING </li></ul><ul><li>CNAME — CANONICAL NAME </li></ul><ul><li>MX RECORD — MAIL EXCHANGE RECORD </li></ul><ul><li>A — Address record, which specifies an IP address to assign to a name, as in this example: </li></ul><ul><li>< host > IN A < IP-address > </li></ul><ul><li>If the < host > value is omitted, then an A record points to a default IP address for the top of the namespace . Consider the following A record examples for the example.com zone file: </li></ul><ul><li> IN A 10.0.1.3 </li></ul><ul><li>server1 IN A 10.0.1.5 </li></ul><ul><li>Requests for example.com are pointed to 10.0.1.3 , while requests for server1.example.com are pointed to 10.0.1.5 . </li></ul>
  35. 35. <ul><li>Zone File Resource Records </li></ul><ul><li>CNAME — Canonical name record, maps one name to another. This type of record is also known as an alias record. </li></ul><ul><li>The next example tells named that any requests sent to the < alias-name > will point to the host, < real-name > . CNAME records are most commonly used to point to services that use a common naming scheme, such as www for Web servers. </li></ul><ul><li>< alias-name > IN CNAME < real-name > </li></ul><ul><li>In the following example, an A record binds a hostname to an IP address, while a CNAME record points the commonly used www hostname to it. </li></ul><ul><li>server1 IN A 10.0.1.5 </li></ul><ul><li>www IN CNAME server1 </li></ul>
  36. 36. <ul><li>Zone File Resource Records </li></ul><ul><li>MX — Mail eXchange record, which tells where mail sent to a particular namespace controlled by this zone should go. </li></ul><ul><li>IN MX < preference-value > < email-server-name > </li></ul><ul><li>In this example, the < preference-value > allows numerical ranking of the email servers for a namespace, giving preference to some email systems over others. The MX resource record with the lowest < preference-value > is preferred over the others. However, multiple email servers can possess the same value to distribute email traffic evenly among them. </li></ul><ul><li>The < email-server-name > may be a hostname or FQDN. </li></ul><ul><li>IN MX 10 mail.example.com . </li></ul><ul><li>IN MX 20 mail2.example.com . </li></ul><ul><li>In this example, the first mail.example.com email server is preferred to the mail2.example.com email server when receiving email destined for the example.com domain. </li></ul>
  37. 37. <ul><li>Zone File Resource Records </li></ul><ul><li>PTR — PoinTeR record, designed to point to another part of the namespace. PTR records are primarily used for reverse name resolution, as they point IP addresses back to a particular name. </li></ul><ul><li>SOA — Start Of Authority record, proclaims important authoritative information about a namespace to the nameserver. Located after the directives, an SOA resource record is the first resource record in a zone file. </li></ul><ul><li>The following example shows the basic structure of an SOA record: </li></ul><ul><li>@ IN SOA < primary-name-server > < master-email > ( </li></ul><ul><li>< serial-number > </li></ul><ul><li>< time-to-refresh > </li></ul><ul><li>< time-to-retry > </li></ul><ul><li>< time-to-expire > </li></ul><ul><li>< minimum-TTL > </li></ul><ul><li>) </li></ul>
  38. 38. <ul><li>Zone File Resource Records </li></ul><ul><li>< serial-number > incremented every time you change the zone file so that named will know that it should reload this zone. Usually in the date format YYYYMMDD with single digit incremented number tagged to the end </li></ul><ul><li>< time-to-refresh > Tells the slave DNS server how often it should check the master DNS server . </li></ul><ul><li>< serial-number > value is used by the slave to determine if it is using outdated zone data and should refresh it. </li></ul><ul><li>< time-to-retry > The slave's retry interval to connect the master in the event of a connection failure. </li></ul><ul><li>< time-to-expire > Total amount of time a slave will retry to contact the master before expiring the data it contains. Afterthis time, the slave stops responding as an authority for requests concerning that namespace. </li></ul><ul><li>< minimum-TTL > requests that other nameservers cache the zone's information for at least this amount of time (in seconds). </li></ul>
  39. 39. <ul><li>Zone File Resource Records </li></ul><ul><li>$ORIGIN example.com. </li></ul><ul><li>$TTL 86400 </li></ul><ul><li>@ IN SOA dns1.example.com. hostmaster.example.com. ( </li></ul><ul><li>2001062501 ; serial </li></ul><ul><li>21600 ; refresh after 6 hours </li></ul><ul><li>3600 ; retry after 1 hour </li></ul><ul><li>604800 ; expire after 1 week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS dns1.example.com . ; dns1 </li></ul><ul><li>IN NS dns2.example.com . ; dns2 </li></ul><ul><li>IN MX 10 mail.example.com . ; mail </li></ul><ul><li>IN MX 20 mail2.example.com . ; mail2 </li></ul><ul><li>server1 IN A 10.0.1.5 </li></ul><ul><li>server2 IN A 10.0.1.7 </li></ul><ul><li>dns1 IN A 10.0.1.2 </li></ul><ul><li>dns2 IN A 10.0.1.3 </li></ul><ul><li>ftp IN CNAME server1 </li></ul><ul><li>mail IN CNAME server1 </li></ul><ul><li>mail2 IN CNAME server2 </li></ul><ul><li>www IN CNAME server2 </li></ul>
  40. 40. <ul><li>Reverse Name Resolution Zone Files </li></ul><ul><li>< last-IP-digit > IN PTR < FQDN-of-system > </li></ul><ul><li>In the follow example, IP addresses 10.0.1.20 through 10.0.1.25 are pointed to corresponding FQDNs. </li></ul><ul><li>$ORIGIN 1.0.10.in-addr.arpa </li></ul><ul><li>$TTL 86400 </li></ul><ul><li>@ IN SOA dns1.example.com. hostmaster.example.com. ( </li></ul><ul><li>2001062501 ; serial </li></ul><ul><li>21600 ; refresh after 6 hours </li></ul><ul><li>3600 ; retry after 1 hour </li></ul><ul><li>604800 ; expire after 1 week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS dns1.example.com. </li></ul><ul><li>IN NS dns2.example.com. </li></ul><ul><li>20 IN PTR alice.example.com. </li></ul><ul><li>21 IN PTR betty.example.com. </li></ul><ul><li>22 IN PTR charlie.example.com. </li></ul><ul><li>23 IN PTR doug.example.com. </li></ul><ul><li>24 IN PTR ernest.example.com. </li></ul><ul><li>25 IN PTR fanny.example.com . </li></ul>
  41. 41. <ul><li>Reverse Name Resolution Zone Files </li></ul><ul><li>This zone file would be called into service with a zone statement in the named.conf file which looks similar to the following: </li></ul><ul><li>zone &quot; 1.0.10.in-addr.arpa &quot; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot; 1.0.10.in-addr.arpa.zone &quot;; </li></ul><ul><li>allow-update { none; }; </li></ul><ul><li>}; </li></ul><ul><li>There is very little difference between this example and a standard zone statement, except for the zone name. Note that a reverse name resolution zone requires the first three blocks of the IP address reversed followed by .in-addr.arpa . This allows the single block of IP numbers used in the reverse name resolution zone file to be associated with the zone. </li></ul>
  42. 42. <ul><li>Example : named.conf </li></ul><ul><li>zone &quot;0.0.127.in-addr.arpa&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;0.0.127.in-addr.arpa.zone&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;1.168.192.in-addr.arpa&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;1.168.192.in-addr.arpa.zone&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;2.168.192.in-addr.arpa&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;2.168.192.in-addr.arpa.zone&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;localhost&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;localhost.zone&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;hcmuaf.edu.vn&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;hcmuaf.edu.vn.zone&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;.&quot; { </li></ul><ul><li>type hint; </li></ul><ul><li>file &quot;named.ca&quot;; </li></ul><ul><li>}; </li></ul><ul><li>options { </li></ul><ul><li>directory &quot;/var/named/&quot;; </li></ul><ul><li>forwarders { </li></ul><ul><li> 203.162.4.1; </li></ul><ul><li> 203.162.0.11; </li></ul><ul><li>}; </li></ul><ul><li>}; </li></ul>
  43. 43. <ul><li>Example : 1.168.192.in-addr.arpa.zone </li></ul><ul><li>$TTL 86400 </li></ul><ul><li>@ IN SOA dns1.hcmuaf.edu.vn. pvtinh.hcmuaf.edu.vn.( </li></ul><ul><li>2001062501 ; serial </li></ul><ul><li>21600 ; refresh after 6 hours </li></ul><ul><li>3600 ; retry after 1 hour </li></ul><ul><li>604800 ; expire after 1 week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS dns1.hcmuaf.edu.vn. </li></ul><ul><li>IN NS dns2.hcmuaf.edu.vn. </li></ul><ul><li>2 IN PTR www. hcmuaf.edu.vn. </li></ul><ul><li>3 IN PTR dns1.hcmuaf.edu.vn. </li></ul><ul><li>4 IN PTR mail. hcmuaf.edu.vn. </li></ul><ul><li>5 IN PTR dns2.hcmuaf.edu.vn. </li></ul>
  44. 44. <ul><li>Example : 2 .168.192.in-addr.arpa.zone </li></ul><ul><li>$TTL 86400 </li></ul><ul><li>@ IN SOA dns1.hcmuaf.edu.vn. pvtinh.hcmuaf.edu.vn.( </li></ul><ul><li>2001062501 ; serial </li></ul><ul><li>21600 ; refresh after 6 hours </li></ul><ul><li>3600 ; retry after 1 hour </li></ul><ul><li>604800 ; expire after 1 week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS dns1.hcmuaf.edu.vn. </li></ul><ul><li>IN NS dns2.hcmuaf.edu.vn. </li></ul><ul><li>1 IN PTR router. hcmuaf.edu.vn. </li></ul><ul><li>2 IN PTR router1.hcmuaf.edu.vn. </li></ul><ul><li>3 IN PTR router2. hcmuaf.edu.vn. </li></ul><ul><li>4 IN PTR poxy2.hcmuaf.edu.vn. </li></ul>
  45. 45. <ul><li>Example : hcmuaf.edu.vn.zone </li></ul><ul><li>$TTL 86400 </li></ul><ul><li>@ IN SOA dns1.hcmuaf.edu.vn. pvtinh.hcmuaf.edu.vn.( </li></ul><ul><li>2001062501 ; serial </li></ul><ul><li>21600 ; refresh after 6 hours </li></ul><ul><li>3600 ; retry after 1 hour </li></ul><ul><li>604800 ; expire after 1 week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS dns1.hcmuaf.edu.vn. </li></ul><ul><li>IN NS dns2.hcmuaf.edu.vn. </li></ul><ul><li>IN MX 1 mail.hcmuaf.edu.vn. </li></ul><ul><li>mail IN A 192.168.1.4 </li></ul><ul><li>www IN A 192.168.1.2 </li></ul><ul><li>ftp IN A 192.168.1.6 </li></ul><ul><li>proxy2 IN A 192.168.2.4 </li></ul><ul><li>router IN A 192.168.2.1 </li></ul><ul><li>router1 IN A 192.168.2.2 </li></ul><ul><li>router2 IN A 192.168.2.3 </li></ul><ul><li>libserv.lib IN A 192.168.117.2 </li></ul><ul><li>dns1 IN A 192.168.1.3 </li></ul><ul><li>dns2 IN A 192.168.1.5 </li></ul><ul><li>testweb IN CNAME ftp.hcmuaf.edu.vn. </li></ul><ul><li>proxy1 IN CNAME proxy2.hcmuaf.edu.vn. </li></ul>
  46. 46. <ul><li>Creating and Delegating a Subdomain </li></ul><ul><li>We need to create a new subdomain of hcmuaf.edu.vn for our special effects lab of faculty of Information Technology in Nong Lam University. </li></ul><ul><li>We've chosen the name itlab.hcmuaf.edu.vn  - short, recognizable, unambiguous. Because we're delegating itlab.hcmuaf.edu.vn to administrators in the lab, it'll be a separate zone. </li></ul><ul><li>The hosts itdns1 and itdns2 , both within the special effects lab, will serve as the zone's name servers ( itdns1 will serve as the primary master ). We've chosen to run two name servers for the domain for redundancy - a single itlab.hcmuaf.edu.vn name server would be a single point of failure that could effectively isolate the entire special effects lab. </li></ul>
  47. 47. <ul><li>The file: itlab.hcmuaf.edu.vn.zone </li></ul><ul><li>@ IN SOA itdns1.itlab.hcmuaf.edu.vn. itmaster.itlab.hcmuaf.edu.vn. ( </li></ul><ul><li>1 ; serial </li></ul><ul><li>10800 ; refresh every 3 hours </li></ul><ul><li>3600 ; retry every hour </li></ul><ul><li>604800 ; expire after a week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS itdns1 </li></ul><ul><li>IN NS itdns2 </li></ul><ul><li>IN MX 1 itmail ; MX records for itlab.hcmuaf.edu.vn </li></ul><ul><li>itdns1 IN A 192.168.98.2 </li></ul><ul><li>itdns2 IN A 192.168.98.3 </li></ul><ul><li>itmail IN A 192.168.98.4 </li></ul><ul><li>www IN A 192.168.98.5 </li></ul><ul><li>ftp IN A 192.168.98.6 </li></ul>
  48. 48. <ul><li>The file: 98.168.192.in-addr.arpa.zone </li></ul><ul><li>@ IN SOA itdns1.itlab.hcmuaf.edu.vn. itmaster.itlab.hcmuaf.edu.vn. ( </li></ul><ul><li>1 ; serial </li></ul><ul><li>10800 ; refresh every 3 hours </li></ul><ul><li>3600 ; retry every hour </li></ul><ul><li>604800 ; expire after a week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS itdns1.itlab.hcmuaf.edu.vn. </li></ul><ul><li>IN NS itdns2.itlab.hcmuaf.edu.vn. </li></ul><ul><li>2 IN PTR Itdns1 .itlab.hcmuaf.edu.vn. </li></ul><ul><li>3 IN PTR itdns2.itlab.hcmuaf.edu.vn. </li></ul><ul><li>4 IN PTR Itmail.itlab.hcmuaf.edu.vn. </li></ul><ul><li>5 IN PTR www.itlab.hcmuaf.edu.vn. </li></ul><ul><li>6 IN PTR ftp.itlab.hcmuaf.edu.vn. </li></ul>
  49. 49. <ul><li>Named.conf for primary server itdns1 </li></ul><ul><li>options { </li></ul><ul><li>directory &quot;/var/named/&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;0.0.127.in-addr.arpa&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file “0.0.127.zone&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone “itlab.hcmuaf.edu.vn&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot; itlab.hcmuaf.edu.vn &quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone “98.168.192.in-addr.arpa&quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot; 98.168.192.in-addr.arpa &quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;.&quot; { </li></ul><ul><li>type hint; </li></ul><ul><li>file “named.ca&quot;; </li></ul><ul><li>}; </li></ul>
  50. 50. <ul><li>Named.conf for slave server itdns2 </li></ul><ul><li>options { </li></ul><ul><li>directory &quot;/var/named/&quot;; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;0.0.127.in-addr.arpa&quot; { </li></ul><ul><li>type slave; </li></ul><ul><li>file “0.0.127.zone&quot;; </li></ul><ul><li> masters { 192.168.98.2; }; </li></ul><ul><li>}; </li></ul><ul><li>zone “itlab.hcmuaf.edu.vn&quot; { </li></ul><ul><li>type slave; </li></ul><ul><li>file &quot; itlab.hcmuaf.edu.vn &quot;; </li></ul><ul><li> masters { 192.168.98.2; }; </li></ul><ul><li>}; </li></ul><ul><li>zone “98.168.192.in-addr.arpa&quot; { </li></ul><ul><li>type slave; </li></ul><ul><li>file &quot; 98.168.192.in-addr.arpa &quot;; </li></ul><ul><li>masters { 192.168.98.2; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;.&quot; { </li></ul><ul><li>type hint; </li></ul><ul><li>file “named.ca&quot;; </li></ul><ul><li>}; </li></ul>
  51. 51. <ul><li>On the hcmuaf.edu.vn Primary Master </li></ul><ul><li>$TTL 86400 </li></ul><ul><li>@ IN SOA dns1.hcmuaf.edu.vn. pvtinh.hcmuaf.edu.vn.( </li></ul><ul><li>2001062501 ; serial </li></ul><ul><li>21600 ; refresh after 6 hours </li></ul><ul><li>3600 ; retry after 1 hour </li></ul><ul><li>604800 ; expire after 1 week </li></ul><ul><li>86400 ) ; minimum TTL of 1 day </li></ul><ul><li>IN NS dns1.hcmuaf.edu.vn. </li></ul><ul><li>IN NS dns2.hcmuaf.edu.vn. </li></ul><ul><li>IN MX 1 mail.hcmuaf.edu.vn. </li></ul><ul><li>mail IN A 192.168.1.4 </li></ul><ul><li>www IN A 192.168.1.2 </li></ul><ul><li>itlab 86400 IN NS itdns1.itlab.hcmuaf.edu.vn. </li></ul><ul><li>86400 IN NS itdns2.itlab.hcmuaf.edu.vn. </li></ul><ul><li>itdns1.itlab.hcmuaf.edu.vn. 86400 IN A 192.168.98.2 </li></ul><ul><li>itdns2.itlab.hcmuaf.edu.vn. 86400 IN A 192.168.98.3 </li></ul>
  52. 52. <ul><li>Updating db Files - Adding and Deleting Hosts </li></ul><ul><li>Update the serial number in db.DOMAIN . The serial number is likely to be at the top of the file, so it's easy to do first and reduces the chance that you'll forget. </li></ul><ul><li>Add any A (address), CNAME (alias), and MX (mail exchanger) records for the host to the db.DOMAIN file. We added the following resource records to the db.movie file when a new host (cujo) was added to our network: </li></ul><ul><ul><li>new_host IN A 192.168.1.155 </li></ul></ul><ul><li>Update the serial number and add PTR records to each db.ADDR file for which the host has an address. new_host only has one address, on network 192.168.1; therefore, we added the following PTR record to the db.192.168.1 file: </li></ul><ul><ul><li>155 IN PTR cujo.movie.edu. </li></ul></ul><ul><li>Restart the primary master name server by sending it a HUP signal; this forces it to load the new information: </li></ul><ul><ul><li># kill -HUP `cat /etc/named.pid` </li></ul></ul>
  53. 53. <ul><li>How To Get BIND Started </li></ul><ul><li>You can use the chkconfig command to get BIND configured to start at boot: </li></ul><ul><li>[root@bigboy tmp]# chkconfig named on </li></ul><ul><li>To start/stop/restart BIND after booting  </li></ul><ul><li>[root@bigboy tmp]# /etc/init.d/named start [root@bigboy tmp]# / etc/init.d/named stop [root@bigboy tmp]# / etc/init.d/named restart   </li></ul><ul><li>Note: Remember to restart the BIND process every time you make a change to the configuration file for the changes to take effect on the running process . </li></ul>
  54. 54. <ul><li>NSLOOKUP </li></ul><ul><li>NSLOOKUP  </li></ul><ul><li>> Command </li></ul><ul><li>> EXIT : Kết thúc </li></ul>
  55. 55. <ul><li>NSLOOKUP </li></ul><ul><li>server NAME - Chỉ định máy chủ mặc định NAME. </li></ul><ul><li>ls [ opt ] DOMAIN - Hiển thị các địa chỉ trong miền DOMAIN </li></ul><ul><li>-a list canonical names and aliases </li></ul><ul><li>-d list all records </li></ul><ul><li>-t TYPE list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.) </li></ul>
  56. 56. <ul><li>NSLOOKUP </li></ul><ul><li>Set timeout= X : Chỉ định thời gian đợi time-out là X giây </li></ul><ul><li>Set type= X hoặc set q= X : Chỉ định loại dữ liệu sẽ hiển thị ( A,ANY,CNAME,MX,NS,PTR,SOA) </li></ul>

×