網管 Intern

DNS( Domain Name System)

主講人：台大資工 吳謹豪2012/05/29

FQDNRR (Resource Record)ZONETLDsDomain Name Space

目錄

Fully Qualified Domain Name

Host Name + Domain Name

www.yahoo.com.tw dns.synnex.com.tw

FQDN

Fully Qualified Domain Name

Host Name + Domain Name

www.yahoo.com.twwww yahoo.com.tw dns.synnex.com.twdns synnex.com.tw

FQDN

一個 DNS 資源記錄 (RR ， resource records) 是DNS 域名系統中的基本數據單元。每一條記錄由記錄類型 (type) ，老化時長 (TTL), 類型 (class) ，以及其他類型相關的數據組成。 相同類型的資源記錄被定義成一個資源記錄集 (RRset).

DNS 資源記錄的格式由 RFC 1035定義 .

RR (Resource Record)

Domain RecordSOA:Start Of AuthorityNS:Name ServerMX:Mail Exchange

Host RecordA:Address (IPv4)AAAA:Address (IPv6)CNAME:AliasPTR:Pointer

RR (Resource Record

每個特定的網域名稱責任區域 (domain zone) 都必須定義一個 SOA (Start Of Authority ，網域權限區的起始宣告 )

 SOA 記錄裏，記載著關於該 域名權責區域的一些主要網域名稱伺服器 ( primary DNS server) 和其它相關的次要名稱伺服器 ( secondary DNS server) 之運作資訊。

SOA

nslookup > fourleave.com.tw

Server: ns3.green.netAddress: 202.182.203.253

fourleave.com.twprimary name server = nsc.green.netresponsible mail addr = info.green.netserial = 2001082912refresh = 10800 (3 hours)retry = 3600 (1 hour)expire = 604800 (7 days)default TTL = 86400 (1 day)fourleave.com.tw nameserver = nsc.wyith.netfourleave.com.tw nameserver = ns4.wyith.netfourleave.com.tw nameserver = ns3.wyith.netfourleave.com.tw MX preference = 10, mail exchanger = mxc.green.netfourleave.com.tw nameserver = nsc.green.netfourleave.com.tw nameserver = ns4.green.netfourleave.com.tw nameserver = ns3.green.netnsc.green.net internet address = 202.182.203.249ns4.green.net internet address = 202.182.203.253ns3.green.net internet address = 202.182.203.252mxc.green.net internet address = 202.182.170.39

資料來源 : http://eservice.seed.net.tw/class/class45.html

SOA example

Zone

最上方一定是 . (root) 這個 DNS 伺服器 例如 yahoo.com.tw.

一般最上層領域名稱 (Generic TLDs, gTLD) ：例如 .com, .org, .gov 等等國碼最上層領域名稱 (Country code TLDs,

ccTLD) ：例如 .tw, .uk, .jp, .cn 等等

TLDs

Domain Name Space

Recursive （遞迴式）Iterative （交談式）

從主機名稱查詢到 IP 的流程稱為：正解從 IP 反解析到主機名稱的流程稱為：反解

介紹正、反解

Cmd

nslookupset type=nsxxxxxx.com.twserver dns.xxxxxx.com.twls xxxxxx.com.tw

實作開胃前菜

http://hi.baidu.com/zhangwf/blog/item/c8096b81620fd1dbbc3e1edb.html

如何安裝

Step 0: Network Configsudo vi /etc/network/interfaces

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Auto loiface lo inet loopback

Auto eth0Iface eth0 inet static address 10.8.10.1 netmask 255.255.255.0+++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++sudo /etc/init.d/networking restart

Step 1: Install "bind9" and related packages      sudo apt-get install bind9

Setup DNS Server

Step 2: Modify /etc/bind/named.conf.local       sudo vi /etc/bind/named.conf.local

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Add the following codes:#This is the zone definition. replace example.com with your domain namezone "iptv.com" {         type master;         file "/etc/bind/zones/iptv.com.db";         };# This is the zone definition for reverse DNS. replace 3.168.192 with your network address in reverse notation - e.g my network address is 192.168.3zone "10.8.10.in-addr.arpa" {      type master;      file "/etc/bind/zones/rev.10.8.10.in-addr.arpa";};+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Step 3: Modify /etc/bind/named.conf.options

      sudo vi /etc/bind/named.conf.options+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Search the following lines:// forwarders {//      0.0.0.0;// };Modify to following lines:# Replace the address below with the address of your provider's DNS serverforwarders {        10.8.10.1;};+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Step 4: Create folder in /etc/bind/      sudo mkdir /etc/bind/zones

Step 5: Add files in /etc/bind/zones/      sudo vi /etc/bind/zones/iptv.com.db

Add the following blue fonts codes://Replace iptv.com with your domain name. Do not forget the. After the domain name! Also, replace livetv with the name of your DNS server iptv.com.      IN      SOA     livetv.iptv.com. admin.iptv.com. (// Do not modify the following lines!                                                 2006081401                                                 28800                                                 3600                                                 604800                                                 38400)// Replace the following line as necessary:// livetv = DNS Server name// mta = mail server name// iptv.com = domain nameiptv.com.      IN      NS              livetv.iptv.com.iptv.com.      IN      MX     10       mta.iptv.com.

livetv             IN      A       10.8.10.1mta              IN      A       10.8.10.1cod              IN      A       10.8.10.1www            IN      A       10.8.10.1stb                IN      A       10.8.10.1++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

       sudo vi /etc/bind/zones/rev.10.8.10.in-addr.arpa++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Add the following blue fonts codes://replace example.com with your domain name, livetv with your DNS server name.// The number before IN PTR iptv.com is the machine address of the DNS server. in my case, it's 1, as my IP address is 10.8.10.1.@ IN SOA livetv.iptv.com. admin.iptv.com. (                        2006081401;                         28800;                         604800;                         604800;                         86400)

                      IN    NS     livetv.iptv.com.1                    IN    PTR    iptv.com

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++PS: The red font content please doesn't add to you codes, may be it will happen error.

Public : 140.112.91.83

實做 / 驗證

http://www.techrepublic.com/blog/datacenter/how-do-i-install-and-configure-a-dns-server-in-windows-server-2008/327

Microsoft DNS server

DNS Best Practices, Network Protections, and Attack Identification

http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

Cisco 文件

http://blog.xuite.net/jyoutw/xtech/43469736

Round Robin