2/26/2014

Ni dung

Dch v tn min - DNS

Vai tr ca DNS
H thng tn min
Cc thnh phn ca h thng tn min
C ch gii tn min
Cc vn v bo mt
Cc loi server DNS
Ci t v cu hnh DNS

DNS

DNS

DNS l t vit tt trong ting Anh ca Domain Name System, l

H thng tn min gip cho n c th ch nh tn min

cho cc nhm ngi s dng Internet trong mt cch c
ngha, c lp vi mi a im ca ngi s dng.

H thng tn min c pht minh vo nm 1984 cho Internet,

ch mt h thng cho php thit lp tng ng gia a ch IP v
tn min
N chuyn tn min c ngha cho con ngi vo s nh danh
(nh phn), lin kt vi cc trang thit b mng cho cc mc ch
nh v v a ch ha cc thit b khp th gii

Tn min internet d nh hn cc a ch IP nh l
208.77.188.166 (IPv4)
hoc 2001: db8: 1f70:: 999: de8: 7648:6 e8 (IPv6).

N phc v nh mt Danh b in thoi tm trn Internet

bng cch dch tn my ch my tnh thnh a ch IP V d,
www.example.com dch thnh 208.77.188.166.

Chc nng ca DNS

Cu trc gi tin DNS

Mi Website c mt tn (l tn min hay ng dn

URL:Uniform Resource Locator) v mt a ch IP.
a ch IP gm 4 nhm s cch nhau bng du
chm(IPv4).
Khi m mt trnh duyt Web v nhp tn website, trnh
duyt s n thng website m khng cn phi thng
qua vic nhp a ch IP ca trang web.
Qu trnh "dch" tn min thnh a ch IP cho trnh
duyt hiu v truy cp c vo website l cng vic
ca mt DNS server

ID: L mt trng 16 bits, cha m nhn dng, n c to

ra bi mt chng trnh thay cho truy vn. Gi tin hi
p s da vo m nhn dng ny hi p li. Chnh v
vy m truy vn v hi p c th ph hp vi nhau.
QR: L mt trng 1 bit. Bt ny s c thit lp l 0 nu
l gi tin truy vn, c thit lp l 1 nu l gi tin hi p.
Opcode: L mt trng 4 bits, c thit lp l 0 cho c
hiu truy vn, c thit lp l 1 cho truy vn ngc, v
c thit lp l 2 cho tnh trng truy vn.
AA: L trng 1 bit, nu gi tin hi p c thit lp l 1,
sau n s i n mt server c thm quyn gii quyt
truy vn.

2/26/2014

Cu trc gi tin DNS

TC: L trng 1 bit, trng ny s cho bit l
gi tin c b ct khc ra do kch thc gi tin
vt qu bng thng cho php hay khng.
RD: L trng 1 bit, trng ny s cho bit l
truy vn mun server tip tc truy vn mt
cch qui.
RA: Trng 1 bit ny s cho bit truy vn
qui c c thc thi trn server khng .
Z: L trng 1 bit. y l mt trng d tr,
v c thit lp l 0.

Cu trc gi tin DNS

Cu trc gi tin DNS

Rcode: L trng 4 bits, gi tin hi p s c th
nhn cc gi tr sau:
0: Cho bit l khng c li trong qu trnh truy vn.
1: Cho bit nh dng gi tin b li, server khng hiu
c truy vn.
2: Server b trc trc, khng thc hin hi p c.
3: Tn b li. Ch c server c thm quyn mi c th
thit lp gi tr ny.
4: Khng thi hnh. Server khng th thc hin chc
nng ny .
5: Server t chi thc thi truy vn.

Vai tr ca DNS

QDcount: S ln truy vn ca gi tin trong mt

vn .
ANcount: S lng ti nguyn tham gia trong
phn tr li.
NScount: Ch ra s lng ti nguyn c ghi
li trong cc phn c thm quyn ca gi tin.
ARcount: Ch ra s lng ti nguyn ghi li
trong phn thm vo ca gi tin.

Vai tr ca DNS

H thng cc tn min-cu trc

Phn gii tn min thnh IP

L dch v cn thit cho cc dch v mng
khc
C nhiu gii php
WINNS, NIS, DNS, host file

Gii php tp trung

Gii php phn tn
Chc nng, d liu, qun l

2/26/2014

H thng tn min-cu trc

Gc .
Tn min cp 1
Chc nng (gTLD), quc gia (ccTLD), ti tr (sTLD)

Tn min cp 2
Chc nng-quc gia, tnh-quc gia, khc

FQDN-tn min y
www.hut.edu.vn.

Cc thnh phn ca h thng tn min

Root Server
TLD server
Cc server khc
DNS resolver
D liu trn cc server
Cu hnh ca cc server
D liu c phn b trn server (zone file)
D liu b nh m

H thng tn min-qun l
ICANN (Internet Corporation for Assigned
Numbers and Names
Root Servers Systems Advisory Committee
(RSSAC)
y quyn cho
Cc y ban ca cc nc (ccTLD)
Cc nh ng k (gTLD, sTLD)
Cc nh ng k phm vi tng nc

y quyn hon ton

Nguyn tc bn tri

D liu phn b trn server

Zone file: lu tr cc thng tin v mt zone
Cc bn ghi trong zone file
Thng tin chung v zone
Thng tin v cc host trong zone (A, AAAA,
CNAME)
Thng tin v cc dch v trong zone (MX, SRV, .)
Thng tin v cc subdomain trong zone (NS)

D liu phn b trn server

D liu phn b trn server

B gii (Resolvers)
Khi mt chng trnh cn gii mt tn host th
cn s dng mt c ch gi l b gii
(resolver).
B gii u tin s tra cu file /etc/nsswitch
(trc /etc/host.conf) v xc nh phng
thc no s c s dng gii cc tn host
(local file, name server, NIS hay ldap server).

File /etc/host.conf (hoc /etc/nsswitch.conf):

Cc file ny c qut bi b gii tn xc nh xem u
l cc file, my ch dns, c s d liu ldap hoc my ch nis
s c tra cu.
V d (/etc/nsswitch):
hosts: files dns nis
networks: files
Dng u tin cho thy cc file ( y l /etc/hosts) s
c truy vn u tin v sau l my ch DNS nu n b
li. Dng th hai ch dn s s dng file /etc/networking
cho thng tin v mng

2/26/2014

D liu phn b trn server

File /etc/hosts
Vi mt s nh cc my tnh c ni mng th c th chuyn i
a ch IP thnh tn bng cch s dng file /etc/hosts. Cc trng
c th l:
IP

machine

machine.domain

alias

V d: file /etc/hosts
192.168.1.233

io

61.20.187.42

callisto callisto.physics.edu

io.my.domain

D liu phn b trn server

V d i vi cc tn min cp 1 (top level)
com
Cc t chc thng mi
edu
Cc t chc gio dc M
gov
Cc t chc chnh ph M
mil
Cc t chc qun s M
net
Cc nh cc dch v v cng truy cp
org
Cc trang phi thng mi
uk
Cc trang thuc v nc Anh

D liu phn b trn server

File /etc/named.boot:

directory
/var/named
cache
named.ca
primary myco.org
named.myco
primary 0.0.127.in-addr.arp
named.local
primary 1.168.192.in-addr.arp named.rev

D liu phn b trn server

File /etc/resolv.conf
Nu b gii cn s dng mt my ch tn min
(DNS) th n s tra cu danh sch cc my ch
hin c ti file /etc/resolv.conf
Cu trc c cp bc
Cc my ch tn (Name servers) u c mt cu
trc cp bc (hierachical structure). Ph thuc
vo v tr trong tn min iu kin y (fully
qualified domain name - FQDM) m mt tn
min c th c gi l mc top - level, mc th
hai (second level) hoc mc th ba (third level).

D liu phn b trn server

File cu hnh DNS
Trong phin bn BIND c
(trc phin
bn BIND
8) file cu hnh l
/etc/named.boot.
Vi BIND phin bn 8, file /etc/named.conf
c thay th. Bn c th s dng tin ch
named-bootconf.pl chuyn i t file cu
hnh c sang file cu hnh mi.

D liu phn b trn server

Dng u tin nh ngha th mc c s c s dng. File
name.ca s cha danh sch cc a ch IP DNS cho vic truy
vn cc a ch m rng. Dng th ba l tham s la chn
v cha cc bn ghi cho mng ni b. Hai tham s tip theo
c s dng cho tm kim ngc li (reverse lookup).
Trong /etc/named.conf
cache
c thay th bi hint
secondary
c thay th bi slave
primary
c thay th bi master.

2/26/2014

D liu phn b trn server

p dng cc thay i ny i vi file cu hnh BIND4 s
sinh ra cc file cu hnh BIND8 v BIND9 nh sau.
File /etc/named.conf:
options {
directory /var/named;
};
zone
.
{
type hint;
file named.ca;
};

D liu phn b trn server

File vng DNS
Trong v d ny my ch c thit lp nh mt my ch ch by
(catching-only server). Tt c cc file vng (zone file) u cha cc
bn ghi ti nguyn.
V d file named.local zone file:
@

IN
SOA
localhost. root.localhost. (
2001022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000
; Expire
86400 ) ; Minimum
IN
NS
localhost.
IN
PTR
localhost.

D liu phn b trn server

Bng 2: Cc tham s vng
@
IN
SOA (Start Of Authority)
Xc nh mt vng c cho php bi cc
tham s la chn nm trong du ngoc kp
serial -Gi tr c tng bng tay khi d liu thay
i. Cc my ch ph (secondary servers) s
truy vn s hiu (serial number) ca my ch
chnh. Nu n thay i, ton b file vng s
c ti v (downloaded)

D liu phn b trn server

zone myco.org
type master;
file named.myco;
};

zone 1.168.192.in-addr.arp {
type master;
file named.rev;
};

zone 0.0.127.in-addr.arpa {
type master;
file named.local;
};

D liu phn b trn server

K hiu @ s gii (tham chiu) ti mt vng lin quan
c khai bo trong /etc/named.conf. iu ny cho
php bt k file vng no cng c th s dng nh l
mt template cho cc vng khc
Bng 1: Kiu bn ghi thng thng
NS
Xc nh cc vng ca my ch tn min chnh
PTR Tham chiu ngc a ch IP ti tn my host
MX Bn ghi th in t Mail Exchange
A
Tng ng mt a ch IP vi mt my host
CNAME
Tng ng mt tn gn (alias) vi mt tn
chnh ca my host

D liu phn b trn server

refresh
Thi gian c tnh bng giy trc khi my
ch ph truy vn bn ghi SOA ca tn min chnh
(primary domain). Gi tr ca n nh nht l mt ngy.
retry Khong thi gian tnh bng giy trc khi mt
vng mi c chuyn (transfer) nu vic download
trc li.
Expire
Thi gian sau khi my ch ph loi b tt c
d liu vng nu n lin h vi my ch chnh. Gi th
ca tham s ny thng thng t nht l 1 tun
minimum y l ttl i vi cc d liu c cached.
Gi tr mc nh l 1 ngy (86400 giy) nhng cng c
th lu hn i vi cc mng LAN n nh

2/26/2014

Phn tn khng gian tn

Khng gian tn v khng gian a ch

32

3/27/2010

Qun l khng gian tn

C ch gii tn min khng qui

Mc ton cu

Mc
vn
Mc hnh chnh hnh
(administratial) (managerial
)

Client gi yu cu dng khng qui n server

Qui m a l

Ton cu

Quc gia/t chc

T chc nh
ln

Nu khng

S lng server tng tc

Mt vi (16)

Nhiu

Ln

Thi gian p ng

Giy

10-3 giy

Ngay

Tc cp nht

t cp nht

Lin tc

Lin tc

S lng sao lu

Nhiu

Rt t

Khng c

B nh m trn client

Tnh cht

Server tha thun vi client c h tr hay khng

Nu tn ti host, gi thng bo tr li v cho client
Nu khng c tr li l khng c host no nh vy
Nu server ang bn boli

Nu c Server tm trong d liu cc b (khng

thy)
Server gi cho client a ch ca cc root server
Client hi Cc root server v tn min
Cc root server tr li a ch ca cc DNS
Client tip tc hi cc server khc
33

C ch gii tn min qui

Client gi thng bo qui n server

Server tha thun vi client c h tr hay khng

Nu tn ti host, gi thng bo tr li v cho client
Nu khng c tr li l khng c host no nh vy
Hoc tr li l host ang bn

Server tm trong d liu cc b (khng thy)

Server gi cho cc root server
Cc root server gi IP cc NS TL
Server hi cc server khc v tn min
Tr li li client

Din gii ngc tn min

Gi thng bo yu cu din gii ngc
Khng c nhiu DNS server h tr

Dng zone ngc lu tr cc thng tin

gii a ch ngc
142.47.202.in-addr.arpa.zone
Cc bn ghi PTR

2/26/2014

Cc loi server DNS

Master

Slave

Qun l cc thng
tin lin quan n
mt hoc nhiu
tn min
Tr li cc yu
cu lin quan n
tn min
Chuyn tip cc
yu cu nu
khng c thng tin
Cc thng tin tr
li c ly cc
b t server
Cc thng bo tr
li c t l
Authoritative

Qun l cc thng
tin v mt min
c Master
qun l
Nhn thng tin v
min thng qua
thao tc chuyn
min

Cache
Khng tham gia
vo qu trnh
qun l thng tin
ca domain
Ch lu tr cc
thng tin bng b
nh m

Cc loi server DNS

Cc thao tc gia
cc server
Cp nht y
zone
Cp nht tng
dn
Thng bo v s
thay i
Cp nht ng

Ci t DNS di linux

Qui trnh ci t

Cu hnh mng vi IP c nh
Ci t cc gi
bind9
bind9utils
dnsutils

Cu hnh bind

Cu hnh bind daemon

2/26/2014

Forward lookup

Zone file

Reverse lookup

Zone file

Cache file

resolver

2/26/2014

Hn ch trao i zone

Cp nht thng tin trn DNS

Bi tp

Ci t bind9
Xc nh cc tp cu hnh
Xc nh cc tp d liu cho localhost v cho hint
Cu hnh master server qun l domain is12.hedspi
Cu hnh cc my may1, may2, may3 trong domain ni
trn nh x sang a ch IP ca my
Cu hnh /etc/resolve.conf s dng my cc b nh
DNS server.
Cu hnh server s dng c Internet nh bnh
thng.
Dng CNAME cu hnh may2 may3