DNS ( Domain Name System)

網管 Intern

DNS

( Domain Name System)

台大資工 吳謹豪主講人：

2012/05/29

 FQDN

 RR (Resource Record)

 ZONE

 TLDs

 Domain Name Space

目錄

 Fully Qualified Domain Name

 Host Name + Domain Name

www.yahoo.com.tw

dns.synnex.com.tw

FQDN

 Fully Qualified Domain Name

 Host Name + Domain Name

www.yahoo.com.tw

www yahoo.com.tw dns.synnex.com.tw

dns synnex.com.tw

FQDN

 一個 DNS 資源記錄 (RR ， resource records) 是 DNS 域名系統中的基本數據單元。每一條記錄由記錄類型 (type) ，老化時長 (TTL), 類型 (class) ，以及其他 類型相關的數據組成。 相同類型的資源記錄被定義成 一個資源記錄集 (RRset).

 DNS 資源記錄的格式由 RFC 1035定義 .

RR (Resource Record)

 Domain Record

SOA:Start Of Authority NS:Name Server

MX:Mail Exchange

 Host Record

A:Address (IPv4)

AAAA:Address (IPv6) CNAME:Alias

PTR:Pointer

RR (Resource Record

 每個特定的網域名稱責任區域 (domain zone) 都必 須定義一個 SOA (Start Of Authority ，網域權限區 的起始宣告 )

  SOA 記錄裏，記載著關於該 域名權責區域的一些主 要網域名稱伺服器 ( primary DNS server) 和其它 相關的次要名稱伺服器 ( secondary DNS server) 之運作資訊。

SOA

 nslookup

 > fourleave.com.tw Server: ns3.green.net Address: 202.182.203.253

 fourleave.com.tw

primary name server = nsc.green.net responsible mail addr = info.green.net serial = 2001082912

refresh = 10800 (3 hours) retry = 3600 (1 hour) expire = 604800 (7 days) default TTL = 86400 (1 day)

fourleave.com.tw nameserver = nsc.wyith.net fourleave.com.tw nameserver = ns4.wyith.net fourleave.com.tw nameserver = ns3.wyith.net

fourleave.com.tw MX preference = 10, mail exchanger = mxc.green.net fourleave.com.tw nameserver = nsc.green.net

fourleave.com.tw nameserver = ns4.green.net fourleave.com.tw nameserver = ns3.green.net nsc.green.net internet address = 202.182.203.249 ns4.green.net internet address = 202.182.203.253 ns3.green.net internet address = 202.182.203.252 mxc.green.net internet address = 202.182.170.39

 資料來源 :

 http://eservice.seed.net.tw/class/class45.html

SOA example

Zone

 最上方一定是 . ^{(root) 這個 DNS 伺服器}

例如 yahoo.com.tw .

 一般最上層領域名稱 (Generic TLDs, gTLD) ： 例如 .com, .org, .gov 等等

 國碼最上層領域名稱 (Country code TLDs, ccTLD)

：例如 .tw, .uk, .jp, .cn 等等

TLDs

Domain Name Space

Recursive （遞迴式）

Iterative （交談式）

 從主機名稱查詢到 IP 的流程稱為：正解

 從 IP 反解析到主機名稱的流程稱為：反解

介紹正、反解

 Cmd

 nslookup

 set type=ns

 xxxxxx.com.tw

 server dns.xxxxxx.com.tw

 ls xxxxxx.com.tw

實作開胃前菜

 http://hi.baidu.com/zhangwf/blog/item/c8096b81 620fd1dbbc3e1edb.html

如何安裝



Step 0: Network Config

sudo vi /etc/network/interfaces

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Auto lo

iface lo inet loopback

Auto eth0

Iface eth0 inet static address 10.8.10.1 netmask 255.255.255.0

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

sudo /etc/init.d/networking restart



Step 1: Install "bind9" and related packages       sudo apt-get install bind9

Setup DNS Server



Step 2: Modify /etc/bind/named.conf.local



      sudo vi /etc/bind/named.conf.local

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Add the following codes:

#This is the zone definition. replace example.com with your domain name zone "iptv.com" {

         type master;

         file "/etc/bind/zones/iptv.com.db";

         };

# This is the zone definition for reverse DNS. replace 3.168.192 with yo ur network address in reverse notation - e.g my network address is 192.1 68.3

zone "10.8.10.in-addr.arpa" {       type master;

      file "/etc/bind/zones/rev.10.8.10.in-addr.arpa";

};

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 Step 3: Modify /etc/bind/named.conf.opt ions

       

sudo vi /etc/bind/named.conf.options

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Search the following lines:

// forwarders { //      0.0.0.0;

// };

Modify to following lines:

# Replace the address below with the address of your provider's DNS server forwarders {

        10.8.10.1;

};

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 Step 4: Create folder in /etc/bind/

       sudo mkdir /etc/bind/zones

 Step 5: Add files in /etc/bind/zones/

       sudo vi /etc/bind/zones/iptv.com.db

 Add the following blue fonts codes:

//Replace iptv.com with your domain name. Do not forget the. After the domain name! Also, replace l ivetv with the name of your DNS server 

iptv.com.      IN      SOA     livetv.iptv.com. admin.iptv.com. ( // Do not modify the following lines!

       2006081401

       28800

       3600

       604800

       38400 )

// Replace the following line as necessary:

// livetv = DNS Server name // mta = mail server name // iptv.com = domain name

iptv.com.      IN      NS        livetv.iptv.com.

iptv.com.      IN      MX     10       mta.iptv.com.

 livetv       IN      A       10.8.10.1 mta        IN      A       10.8.10.1 cod        IN      A       10.8.10.1 www        IN      A       10.8.10.1 stb        IN      A       10.8.10.1

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

        sudo vi /etc/bind/zones/rev.10.8.10.in-addr.arpa

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Add the following blue fonts codes:

//replace example.com with your domain name, livetv with your DNS server name.

// The number before IN PTR iptv.com is the machine address of the DNS server.

in my case, it's 1, as my IP address is 10.8.10.1.

@ IN SOA livetv.iptv.com. admin.iptv.com. (

        2006081401; 

        28800; 

        604800; 

        604800; 

        86400 )

         IN    NS     livetv.iptv.com.

1        IN    PTR    iptv.com

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PS: The red font content please doesn't add to you codes, may be it will happen error.

 Public : 140.112.91.83

實做 / 驗證

 http://www.techrepublic.com/blog/datacenter/ho w-do-i-install-and-configure-a-dns-server-in-w indows-server-2008/327

Microsoft DNS server



DNS Best Practices, Network Protections, and Attack Identifi cation

 http://www.cisco.com/web/about/security/intell igence/dns-bcp.html

Cisco 文件

 http://blog.xuite.net/jyoutw/xtech/43469736

 Round Robin