Master DNS: From Resolution Basics to BIND and dnsmasq Deployment

DNS Resolution

1. User Access Flow

0. Client ensures internet connectivity
1. Browser enters URL (e.g., www.yuchaoit.cn)
2. Local DNS lookup for the domain's IP address
3. Client contacts the IP, initiates TCP three‑way handshake
4. After TCP connection, browser sends HTTP request (multiple requests possible)
5. Server processes and responds to HTTP requests
6. Browser renders the response
7. Client closes the connection (TCP four‑way handshake)

2. Key Technical Terms

1. Domain name
2. Domain name resolution
3. TCP/IP three‑way handshake
4. TCP/IP four‑way handshake
5. HTTP request
6. HTTP response

1. DNS Domain Structure

Domain names use a hierarchical tree structure. Each label is separated by a dot, forming root, top‑level, second‑level, and sub‑domains.

Root domain: "." (the root name server)

Top‑level domain (TLD): the final label (e.g., .cn, .com)

Second‑level domain: the label before the TLD (e.g., yuchaoit)

Sub‑domains: further subdivisions under the second‑level domain

2. DNS Server Hierarchy

Four main DNS server types:

Root DNS server – provides top‑level server information.

Top‑level domain server – manages records for second‑level domains.

Authoritative name server – stores the actual domain‑to‑IP mappings.

Local DNS resolver – the DNS server configured on a client or provided by an ISP.

DNS Resolution Process

DNS domain resolution
1. Browser checks local hosts file for a static mapping.
2. If not found, it queries the configured local DNS server.
3. The local server checks its cache; if missing, it queries the root server.
4. The root server returns the address of the TLD server.
5. The TLD server returns the authoritative server for the domain.
6. The authoritative server returns the final IP address, which is cached locally.

3. DNS Specific Terms

Recursive Query

Similar to recursively creating directories:
mkdir -p /opt/linux/0224/chaoge666.log

1. The local resolver must return an exact IP.
2. If it lacks the record, it follows the recursive process until the answer is found.

Iterative Query

The resolver returns a referral to another server, which repeats the process until the correct record is obtained.

DNS Cache

Stores domain‑to‑IP mappings near the client to reduce query latency.

TTL (Time To Live)

Specifies how long a cached record remains valid before it must be refreshed.

4. Using the dig Command

# yum install bind-utils -y
# cat /etc/resolv.conf
nameserver 223.5.5.5
# dig +trace www.yuchaoit.cn
... (output showing the step‑by‑step trace through root, .cn TLD, and authoritative servers) ...

5. DNS Service Deployment

Two common DNS server implementations:

BIND – full‑featured, suitable for large enterprises.

dnsmasq – lightweight, ideal for small networks.

Deploying BIND

# yum install bind bind-utils -y
# systemctl stop firewalld
# iptables -F
# cp /etc/named.conf /etc/named.conf.bak
# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
# Edit /etc/named.conf (options, logging, zone definitions)
# Edit /etc/named.rfc1912.zones to add a zone for "yuchaoit.cn"
# cp /var/named/named.localhost /var/named/yuchaoit.cn.zone
# Edit yuchaoit.cn.zone to map the domain to an IP and add www record
# chmod 640 yuchaoit.cn.zone
# named-checkconf /etc/named.conf
# systemctl start named

Deploying dnsmasq

# yum install dnsmasq -y
# Edit /etc/dnsmasq.conf:
#   resolv-file=/etc/resolv.dnsmasq.conf
#   listen-address=172.16.1.61
#   addn-hosts=/etc/dnsmasq.hosts
#   log-queries
#   log-facility=/var/log/dnsmasq.log
#   conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
# Create /etc/resolv.dnsmasq.conf with upstream nameservers
# Create /etc/dnsmasq.hosts with custom domain mappings
# systemctl start dnsmasq

6. Practical Exercises

Add DNS records for new domains (e.g., 0224web7.cn → 172.16.1.7) by editing the appropriate zone files and reloading the BIND service.

7. Summary

Deploy DNS servers and configure domain‑to‑IP records.

Clients must point to the configured DNS server to resolve custom domains.

Understanding the DNS query flow and using tools like dig helps troubleshoot resolution issues.