Linux服务器 DNS Resolution Principle Linux DNS Configuration BIND DNS Server Domain Name Resolution Steps hosts configuration 2025-12-08 78 views

Have you ever wondered why typing www.baidu.com directly takes you to Baidu’s website without remembering the boring IP address (e.g., 14.215.177.38)? This is all made possible by DNS working silently in the background. DNS (Domain Name System) acts like the internet’s “phone book,” translating human-readable domain names (like baidu.com) into machine-understandable IP addresses, making network communication simple.

I. DNS Resolution Principle: The “Wayfinding” Process from Domain to IP

DNS resolution can be likened to a “multi-layered wayfinding” process. Let’s use a real-life analogy:
Imagine you want to call a friend in Beijing named “Xiaoming.” You know his name but not his phone number. You first check your phone’s contact list (local cache). If not found, you ask the neighborhood courier (local DNS server). If the courier doesn’t know, they contact the city’s telephone office (root server), which directs you to “Xiaoming’s area is managed by Beijing Telecom” (top-level domain server). Beijing Telecom then tells you, “Xiaoming’s number is 138xxxx1234” (authoritative server), and the courier finally informs you.

Step-by-Step DNS Resolution:

  1. Local Cache Check
    When you enter a domain in your browser, the operating system first checks the local cache (e.g., the hosts file). The hosts file is a local “mini-contacts list” with the format IP address domain alias (e.g., 127.0.0.1 localhost). If a matching record exists, the IP is used directly.

  2. Local DNS Server Query
    If not in the local cache, the system sends the request to the configured local DNS server (usually provided by your ISP, e.g., 114.114.114.114). The local DNS server checks its own cache; if found, it returns the result immediately. If not, it queries further up.

  3. Root Name Server Query
    The local DNS server asks the “root name servers” (e.g., .com, .cn). Root servers respond: “The domain baidu.com you’re querying belongs to the .com top-level domain; contact the .com server.”

  4. Top-Level Domain Server Query
    The local DNS server then queries the .com top-level domain server, which replies: “The authoritative server for baidu.com is ns.baidu.com; contact it.”

  5. Authoritative Name Server Query
    Finally, the local DNS server queries baidu.com’s authoritative server (maintained by Baidu), which returns the IP address for www.baidu.com (e.g., 14.215.177.38).

  6. Result Return
    The local DNS server sends the IP back to the operating system, and the browser uses this IP to access the target website.

II. Linux Local DNS Configuration: Making the System “Understand” Domain Names

In Linux systems, you can control local DNS resolution by modifying configuration files. Two common files are:

1. /etc/hosts: Local “Mini-Contacts List”

The hosts file is a local domain name resolution file with higher priority than network DNS queries. The system checks this first when resolving domains.
Format: Each line has a record with space-separated fields: IP address hostname alias (alias is optional).
Example: 

# Retain default local loopback addresses
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# Add custom resolution: Map www.test.com to 192.168.1.100
192.168.1.100  www.test.com test-server

Effect: No restart is needed after modification. For example, ping www.test.com will directly resolve to 192.168.1.100.

2. /etc/resolv.conf: DNS Client Configuration

resolv.conf is the DNS client configuration file in Linux, specifying which DNS servers to query.
Format: Each line is a nameserver directive specifying a DNS server’s IP.
Example: 

# Google DNS (primary)
nameserver 8.8.8.8
# 114 DNS (secondary)
nameserver 114.114.114.114

Modification: Edit directly with a text editor (e.g., vi /etc/resolv.conf), add nameserver lines, and save.
⚠️ Note: resolv.conf may be dynamically overwritten by services like NetworkManager. For temporary testing, direct modification works; for long-term configuration, use systemd-resolved (e.g., nmcli general dns "8.8.8.8 114.114.114.114").

III. Building a DNS Server on Linux: Becoming the “Telephone Office”

To build a DNS server (e.g., using BIND) on a Linux server so other devices can access it via a domain, follow these steps:

1. Install BIND (Most Common DNS Server Software)

For CentOS/RHEL: 

yum install bind -y

(Ubuntu/Debian: apt install bind9)

2. Configure the Main Configuration File: /etc/named.conf

named.conf is BIND’s core config, defining listening ports, allowed clients, etc.
Example Modifications: 

# Open the file
vi /etc/named.conf

# Add simplified configuration:
options {
    listen-on port 53 { any; };  # Listen on all interfaces on port 53 (DNS default)
    directory       "/var/named"; # Directory for zone data files
    allow-query     { any; };     # Allow all clients to query (adjust for production)
};

# Define forward and reverse zones
zone "example.com" IN {  # Forward zone: example.com
    type master;       # Master server (authoritative)
    file "example.com.zone";  # Zone data file (create manually)
};

zone "1.168.192.in-addr.arpa" IN {  # Reverse zone: 192.168.1.x
    type master;
    file "192.168.1.zone";  # Reverse zone data file
};

3. Create Zone Data Files (Forward and Reverse)

Forward Zone File (/var/named/example.com.zone): Maps domains to IPs: 

$TTL 86400  # Default TTL (1 day)
@       IN SOA  ns1.example.com. admin.example.com. (
                    2023010101 ; Serial number
                    3600       ; Refresh (1 hour)
                    1800       ; Retry (30 minutes)
                    604800     ; Expire (1 week)
                    86400      ; Minimum TTL (1 day)
)
@       IN NS    ns1.example.com.  ; Name server
ns1     IN A     192.168.1.100     ; ns1.example.com IP
www     IN A     192.168.1.100     ; www.example.com IP

Reverse Zone File (/var/named/192.168.1.zone): Maps IPs to domains: 

$TTL 86400
@       IN SOA  ns1.example.com. admin.example.com. (
                    2023010101
                    3600
                    1800
                    604800
                    86400
)
@       IN NS    ns1.example.com.
100     IN PTR   ns1.example.com.  ; Reverse lookup for 192.168.1.100

4. Start and Test the Service

  • Start and enable BIND: 
  systemctl start named
  systemctl enable named  # Auto-start on boot
  • Test resolution:
    Use nslookup or dig to verify: 
  nslookup www.example.com 127.0.0.1  # Query www.example.com
  dig www.example.com @127.0.0.1       # Detailed query results

IV. Common Issues and Troubleshooting

  1. DNS Service Fails to Start?
    Check configuration errors: 
   named-checkconf /etc/named.conf  # Check main config
   named-checkzone example.com /var/named/example.com.zone  # Check zone file

Check logs: tail -f /var/log/messages or /var/log/named.log (if enabled).

  1. Firewall Blocks Access?
    Open ports 53 (UDP/TCP): 
   # CentOS 7+
   firewall-cmd --add-port=53/udp --permanent
   firewall-cmd --add-port=53/tcp --permanent
   firewall-cmd --reload
  1. Other Devices Can’t Resolve?
    Ensure other devices’ resolv.conf points to your Linux server’s IP (e.g., 192.168.1.100).

V. Summary

DNS is the internet’s “navigation beacon.” Understanding its resolution principle makes configuring local DNS or building an authoritative DNS server on Linux straightforward. From the local hosts file to BIND servers, mastering DNS helps you manage network services efficiently.

(Note: In production, restrict allow-query and implement access controls to prevent abuse!)

Related Articles

Essential for Beginners: 5 Basic Linux Server Commands 2025-12-08 Zero to Hero: A Guide to Installing Linux on a Server 2025-12-08 Understanding Linux SSH Service: A Complete Guide to Configuration and Usage 2025-12-08 Setting up Apache on Linux Servers: Quick Deployment of Websites 2025-12-08 Beginner's Guide to Nginx: From Installation to Reverse Proxy Configuration 2025-12-08
Xiaoye