1 / 27

DNS ( Domain Name System)

DNS ( Domain Name System). 網管 Intern. 主講人: 台大資工 吳謹豪 2012/05/29. 目錄. FQDN RR (Resource Record) ZONE TLDs Domain Name Space. FQDN. Fully Qualified Domain Name Host Name + Domain Name www.yahoo.com.tw dns.synnex.com.tw. FQDN. Fully Qualified Domain Name Host Name + Domain Name

rance
Télécharger la présentation

DNS ( Domain Name System)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS( Domain Name System) 網管Intern 主講人: 台大資工 吳謹豪 2012/05/29

  2. 目錄 • FQDN • RR (Resource Record) • ZONE • TLDs • Domain Name Space

  3. FQDN • Fully Qualified Domain Name • Host Name + Domain Name www.yahoo.com.tw dns.synnex.com.tw

  4. FQDN • Fully Qualified Domain Name • Host Name + Domain Name www.yahoo.com.tw wwwyahoo.com.tw dns.synnex.com.tw dnssynnex.com.tw

  5. RR (Resource Record) • 一個DNS資源記錄(RR,resource records)是DNS域名系統中的基本數據單元。每一條記錄由記錄類型(type),老化時長(TTL), 類型(class),以及其他類型相關的數據組成。 相同類型的資源記錄被定義成一個資源記錄集(RRset). • DNS資源記錄的格式由RFC 1035定義.

  6. RR (Resource Record • Domain Record SOA:Start Of Authority NS:Name Server MX:Mail Exchange • Host Record A:Address (IPv4) AAAA:Address (IPv6) CNAME:Alias PTR:Pointer

  7. SOA • 每個特定的網域名稱責任區域 (domain zone) 都必須定義一個 SOA (Start Of Authority,網域權限區的起始宣告) •  SOA 記錄裏,記載著關於該 域名權責區域的一些主要網域名稱伺服器 ( primary DNS server) 和其它相關的次要名稱伺服器( secondary DNS server) 之運作資訊。

  8. SOA example • nslookup • > fourleave.com.twServer: ns3.green.netAddress: 202.182.203.253 • fourleave.com.twprimary name server = nsc.green.netresponsible mail addr = info.green.netserial = 2001082912refresh = 10800 (3 hours)retry = 3600 (1 hour)expire = 604800 (7 days)default TTL = 86400 (1 day)fourleave.com.tw nameserver = nsc.wyith.netfourleave.com.tw nameserver = ns4.wyith.netfourleave.com.tw nameserver = ns3.wyith.netfourleave.com.tw MX preference = 10, mail exchanger = mxc.green.netfourleave.com.tw nameserver = nsc.green.netfourleave.com.tw nameserver = ns4.green.netfourleave.com.tw nameserver = ns3.green.netnsc.green.net internet address = 202.182.203.249ns4.green.net internet address = 202.182.203.253ns3.green.net internet address = 202.182.203.252mxc.green.net internet address = 202.182.170.39 • 資料來源: • http://eservice.seed.net.tw/class/class45.html

  9. Zone

  10. TLDs • 最上方一定是 .(root) 這個 DNS 伺服器 例如 yahoo.com.tw. • 一般最上層領域名稱 (Generic TLDs, gTLD):例如 .com, .org, .gov等等 • 國碼最上層領域名稱 (Country code TLDs, ccTLD):例如 .tw, .uk, .jp, .cn等等

  11. Domain Name Space

  12. Recursive (遞迴式)Iterative (交談式)

  13. 介紹正、反解 • 從主機名稱查詢到 IP 的流程稱為:正解 • 從 IP 反解析到主機名稱的流程稱為:反解

  14. 實作開胃前菜 • Cmd • nslookup • set type=ns • xxxxxx.com.tw • server dns.xxxxxx.com.tw • ls xxxxxx.com.tw

  15. 如何安裝 • http://hi.baidu.com/zhangwf/blog/item/c8096b81620fd1dbbc3e1edb.html

  16. Setup DNS Server • Step 0: Network Config sudo vi /etc/network/interfaces +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Auto lo iface lo inet loopback Auto eth0 Iface eth0 inet static address 10.8.10.1 netmask 255.255.255.0 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ sudo /etc/init.d/networking restart • Step 1: Install "bind9" and related packages sudo apt-get install bind9

  17. Step 2: Modify /etc/bind/named.conf.local • sudo vi /etc/bind/named.conf.local+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Add the following codes:#This is the zone definition. replace example.com with your domain namezone "iptv.com" {         type master;         file "/etc/bind/zones/iptv.com.db";         };# This is the zone definition for reverse DNS. replace 3.168.192 with your network address in reverse notation - e.g my network address is 192.168.3zone "10.8.10.in-addr.arpa" {      type master;      file "/etc/bind/zones/rev.10.8.10.in-addr.arpa";};+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  18. Step 3: Modify /etc/bind/named.conf.options • sudo vi /etc/bind/named.conf.options+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Search the following lines:// forwarders {//      0.0.0.0;// };Modify to following lines:# Replace the address below with the address of your provider's DNS serverforwarders {        10.8.10.1;};+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  19. Step 4: Create folder in /etc/bind/ • sudomkdir /etc/bind/zones • Step 5: Add files in /etc/bind/zones/ • sudo vi /etc/bind/zones/iptv.com.db

  20. Add the following blue fonts codes://Replace iptv.com with your domain name. Do not forget the. After the domain name! Also, replace livetv with the name of your DNS server iptv.com.      IN      SOA     livetv.iptv.com. admin.iptv.com. (// Do not modify the following lines! 2006081401                                                 28800                                                 3600                                                 604800                                                 38400)// Replace the following line as necessary:// livetv = DNS Server name// mta = mail server name// iptv.com = domain nameiptv.com.      IN      NS              livetv.iptv.com.iptv.com.      IN      MX     10       mta.iptv.com. • livetv             IN      A       10.8.10.1mta              IN      A       10.8.10.1cod              IN      A       10.8.10.1www            IN      A       10.8.10.1stb                IN      A       10.8.10.1++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  21. sudo vi /etc/bind/zones/rev.10.8.10.in-addr.arpa++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Add the following blue fonts codes://replace example.com with your domain name, livetv with your DNS server name.// The number before IN PTR iptv.com is the machine address of the DNS server. in my case, it's 1, as my IP address is 10.8.10.1.@ IN SOA livetv.iptv.com. admin.iptv.com. (                        2006081401;                         28800;                         604800;                         604800;                         86400) •                       IN    NS     livetv.iptv.com.1                    IN    PTR    iptv.com • +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++PS: The red font content please doesn't add to you codes, may be it will happen error.

  22. 實做/驗證 • Public : 140.112.91.83

  23. Microsoft DNS server • http://www.techrepublic.com/blog/datacenter/how-do-i-install-and-configure-a-dns-server-in-windows-server-2008/327

  24. Cisco 文件 • DNS Best Practices, Network Protections, and Attack Identification • http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

  25. http://blog.xuite.net/jyoutw/xtech/43469736

  26. Round Robin

More Related