• 沒有找到結果。

DNS ( Domain Name System)

N/A
N/A
Protected

Academic year: 2022

Share "DNS ( Domain Name System)"

Copied!
27
0
0

加載中.... (立即查看全文)

全文

(1)

網管 Intern

DNS

( Domain Name System)

台大資工 吳謹豪主講人:

2012/05/29

(2)

 FQDN

 RR (Resource Record)

 ZONE

 TLDs

 Domain Name Space

目錄

(3)

 Fully Qualified Domain Name

 Host Name + Domain Name

www.yahoo.com.tw

dns.synnex.com.tw

FQDN

(4)

 Fully Qualified Domain Name

 Host Name + Domain Name

www.yahoo.com.tw

www yahoo.com.tw dns.synnex.com.tw

dns synnex.com.tw

FQDN

(5)

 一個 DNS 資源記錄 (RR , resource records) 是 DNS 域名系統中的基本數據單元。每一條記錄由記錄類型 (type) ,老化時長 (TTL), 類型 (class) ,以及其他 類型相關的數據組成。 相同類型的資源記錄被定義成 一個資源記錄集 (RRset).

 DNS 資源記錄的格式由 RFC 1035定義 .

RR (Resource Record)

(6)

 Domain Record

SOA:Start Of Authority NS:Name Server

MX:Mail Exchange

 Host Record

A:Address (IPv4)

AAAA:Address (IPv6) CNAME:Alias

PTR:Pointer

RR (Resource Record

(7)

 每個特定的網域名稱責任區域 (domain zone) 都必 須定義一個 SOA (Start Of Authority ,網域權限區 的起始宣告 )

  SOA 記錄裏,記載著關於該 域名權責區域的一些主 要網域名稱伺服器 ( primary DNS server) 和其它 相關的次要名稱伺服器 ( secondary DNS server) 之運作資訊。

SOA

(8)

nslookup

> fourleave.com.tw Server: ns3.green.net Address: 202.182.203.253

fourleave.com.tw

primary name server = nsc.green.net responsible mail addr = info.green.net serial = 2001082912

refresh = 10800 (3 hours) retry = 3600 (1 hour) expire = 604800 (7 days) default TTL = 86400 (1 day)

fourleave.com.tw nameserver = nsc.wyith.net fourleave.com.tw nameserver = ns4.wyith.net fourleave.com.tw nameserver = ns3.wyith.net

fourleave.com.tw MX preference = 10, mail exchanger = mxc.green.net fourleave.com.tw nameserver = nsc.green.net

fourleave.com.tw nameserver = ns4.green.net fourleave.com.tw nameserver = ns3.green.net nsc.green.net internet address = 202.182.203.249 ns4.green.net internet address = 202.182.203.253 ns3.green.net internet address = 202.182.203.252 mxc.green.net internet address = 202.182.170.39

資料來源 :

http://eservice.seed.net.tw/class/class45.html

SOA example

(9)

Zone

(10)

 最上方一定是 . (root) 這個 DNS 伺服器

例如 yahoo.com.tw .

 一般最上層領域名稱 (Generic TLDs, gTLD) : 例如 .com, .org, .gov 等等

 國碼最上層領域名稱 (Country code TLDs, ccTLD)

:例如 .tw, .uk, .jp, .cn 等等

TLDs

(11)

Domain Name Space

(12)

Recursive (遞迴式)

Iterative (交談式)

(13)
(14)

 從主機名稱查詢到 IP 的流程稱為:正解

 從 IP 反解析到主機名稱的流程稱為:反解

介紹正、反解

(15)

 Cmd

 nslookup

 set type=ns

 xxxxxx.com.tw

 server dns.xxxxxx.com.tw

 ls xxxxxx.com.tw

實作開胃前菜

(16)

 http://hi.baidu.com/zhangwf/blog/item/c8096b81 620fd1dbbc3e1edb.html

如何安裝

(17)

Step 0: Network Config

sudo vi /etc/network/interfaces

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Auto lo

iface lo inet loopback

Auto eth0

Iface eth0 inet static address 10.8.10.1 netmask 255.255.255.0

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

sudo /etc/init.d/networking restart

Step 1: Install "bind9" and related packages       sudo apt-get install bind9

Setup DNS Server

(18)

Step 2: Modify /etc/bind/named.conf.local

      sudo vi /etc/bind/named.conf.local

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Add the following codes:

#This is the zone definition. replace example.com with your domain name zone "iptv.com" {

         type master;

         file "/etc/bind/zones/iptv.com.db";

         };

# This is the zone definition for reverse DNS. replace 3.168.192 with yo ur network address in reverse notation - e.g my network address is 192.1 68.3

zone "10.8.10.in-addr.arpa" {       type master;

      file "/etc/bind/zones/rev.10.8.10.in-addr.arpa";

};

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

(19)

 Step 3: Modify /etc/bind/named.conf.opt ions

      

sudo vi /etc/bind/named.conf.options

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Search the following lines:

// forwarders { //      0.0.0.0;

// };

Modify to following lines:

# Replace the address below with the address of your provider's DNS server forwarders {

        10.8.10.1;

};

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

(20)

 Step 4: Create folder in /etc/bind/

       sudo mkdir /etc/bind/zones

 Step 5: Add files in /etc/bind/zones/

       sudo vi /etc/bind/zones/iptv.com.db

(21)

Add the following blue fonts codes:

//Replace iptv.com with your domain name. Do not forget the. After the domain name! Also, replace l ivetv with the name of your DNS server 

iptv.com.      IN      SOA     livetv.iptv.com. admin.iptv.com. ( // Do not modify the following lines!

       2006081401

       28800

       3600

       604800

       38400 )

// Replace the following line as necessary:

// livetv = DNS Server name // mta = mail server name // iptv.com = domain name

iptv.com.      IN      NS        livetv.iptv.com.

iptv.com.      IN      MX     10       mta.iptv.com.

livetv       IN      A       10.8.10.1 mta        IN      A       10.8.10.1 cod        IN      A       10.8.10.1 www        IN      A       10.8.10.1 stb        IN      A       10.8.10.1

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

(22)

       sudo vi /etc/bind/zones/rev.10.8.10.in-addr.arpa

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Add the following blue fonts codes:

//replace example.com with your domain name, livetv with your DNS server name.

// The number before IN PTR iptv.com is the machine address of the DNS server.

in my case, it's 1, as my IP address is 10.8.10.1.

@ IN SOA livetv.iptv.com. admin.iptv.com. (

        2006081401; 

        28800; 

        604800; 

        604800; 

        86400 )

        IN    NS     livetv.iptv.com.

1        IN    PTR    iptv.com

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PS: The red font content please doesn't add to you codes, may be it will happen error.

(23)

 Public : 140.112.91.83

實做 / 驗證

(24)

 http://www.techrepublic.com/blog/datacenter/ho w-do-i-install-and-configure-a-dns-server-in-w indows-server-2008/327

Microsoft DNS server

(25)

DNS Best Practices, Network Protections, and Attack Identifi cation

 http://www.cisco.com/web/about/security/intell igence/dns-bcp.html

Cisco 文件

(26)

 http://blog.xuite.net/jyoutw/xtech/43469736

(27)

 Round Robin

參考文獻

相關文件

則察看自己的 cache 是否有紀錄,若否才前往 root(.)3. DNS 主機會先將該查詢記錄記憶在自己的

You need to configure DC1 to resolve any DNS requests that are not for the contoso.com zone by querying the DNS server of your Internet Service Provider (ISP). What should

最後特別提出說明,本研究用戶端作業系統為 Win 2000 Professional,伺服 器端作業系統為 Windows 2000 Server 並啟動 Active Directory

(一) 建議人姓名、住址;建議人為法人或機關、團體者,其 名稱、負責人及地址。. (二)

例如 : http ( 網頁伺服器所用的協定 ) 定義了 client 如何向 server request 網頁及 server 如何 將網頁及其中的各種內容回傳給 client 。. 提供服務給 application layer

(A) NAT (Network Address Translation) (B) DHCP (Dynamic Host Configuration Protocol) (C) DNS (Domain Name Server) (D) ARP (Address Resolution

每個 zone 交由一部 name server負責的作 法會有一個問題,萬一這個 name server 當 掉,可能造成 Internet上其它機器無法取得屬 於這個 zone 的資料(就是 domain name

並存入百事可樂企業內部網站的 伺服 並存入百事可樂企業內部網站的 IBM RS/6000 伺服 器資料庫。然後,主管與分析師可以使用上型電腦