Nhng vn v DNS (phn 1)

Chc hn nhiu ngi quan tm ti lnh vc h thng v khng th khng bit ti trong cc dc

l DNS. Mt dch v quan trng nht trn Internet v trong ni b ca cc doanh nghip, cho p v khi truy cp vo h thng DNS s chuyn t tn sang a ch IP v ngc li. Khi lm vic vi DNS bn cn phi c nh ngha v cc vn lin quan ti DNS l.

nh ngha DNS: DNS c vai tr cung cp d liu vi cu trc ngi dng truy cp vo cc ti nguyn theo tn trn mn Cc thnh phn ca DNS - DNS Domain Name Space - Zones - Name Servers DNS ca Internet.

DNS Domain Name Space: Mi DNS domain s c mt tn duy nht. H thng DNS l h thng c cu trc phn tng c

c k hiu l du "." bao gm 13 my ch gc ca Internet th gii cc bn c th vo root hint ca DNS xem a c c th l host name nh micrsosoft.com.

.com, .vn, .net... Tng ny mi tn min bao gm t 2 n 5 k t, ring tn min 2 k t dnh ring cho mi quc gia. Ti

Hnh 1: cu trc internet: Cch phn bit tng phn trong mt tn min bao gm nh: hostname, subdomain, top level v root.

Hnh 2: Cc thnh phn trong mt tn min trn internet. Zone trong DNS

Mt vn quan trng khc ca DNS l Zone. Trong h thng DNS ngi ta chia nh thnh nhng phn gn nh nh hn d qun l l cc Zone. V trn thc t d liu DNS c cha trn cc my ch Zone v thc t d liu ca DNS l d liu ca cc Zone. Khi Trong DNS khi bn to ra mt Zone mi bn s c ba s la chn l: Primary Zone: Mt my ch cha d liu Primary Zone l my ch c th ton quyn trong vic update d liu Zone.

v cn nhiu ngi qun l cc vng khc nhau, cn phi chia ra cc Zone m bo vic qun l DNS mt cch d d

Secondary Zone: L mt bn copy ca Primary Zone, do n cha d liu Zone nn cung cp kh nng resolution cho c Primary

Stub Zone: D liu ca Stub Zone ch bao gm d liu NS Record trn my ch Primary Zone m thi, vi vic cha d Zone no n trc tip my ch c thm quyn ca Zone . Vn ny kh quan trng v bn cng cn phi phn bit gia s dng Stub Zone v Forward Lookup.

Trong Forward Lookup c th s dng chuyn cc yu cu n mt my ch c thm quyn. Mt iu quan trng ca

Zone nn c kh nng thng minh trong qu trnh cp nht d liu, a ch ca my ch NS ca Zone nn vic chuyn

Forward Lookup l nh mt my ch resolve tn h, v khng th t ng cp nht d liu, nhng cng l mt li th domain c nhiu Zone con (delegation zone) v ch dnh cho mt t chc khi truy cp vo cc d liu ca t chc Name Server chnh l my ch cha d liu Primary Zone Cch hot ng ca DNS Khi chng ta hiu c cc thnh phn ca DNS chng ta tm hiu v cch thc hot ng ca DNS. Ta c mt v d:

My ch DNS cha d liu vne.com bao gm c my ch web l web1.vne.com vi a ch 192.168.1.5 Khi mt my client.vne.com truy cp vo web1.vne.com.

Bc 1: my client1.vne.com gi mt gi tin yu cu my ch DNS ca vne xem my web1.vne.com c a ch l th no Bc 2: my ch DNS tr li cho client1.vne.com gi tin bao gm a ch IP l: 192.168.1.5 ca web1.vne.com Bc 3: my client1.vne.com giao tip vi my web1.vne.com T v d ny bn c th t hnh dung ra qu trnh truy vn t my client ti my DNS. Qu trnh lm vic ca DNS c th chia lm hai mng: - Forward Lookup Query: Mt Forward Lookup Query l mt yu cu chuyn i t mt tn sang mt a ch IP. - Reverse Lookup Query: mt Reverse Lookup Query l mt yu cu chuyn i t mt IP sang mt tn.

Nhng vn v DNS (Phn 2 - DNS Server Proper

Khi nghin cu v DNS chng ta cn nghin cu u tin v cc thuc tnh v ngha ca cc cu

ny ti trnh bay chi tit ngha ca tng thuc tnh v vic vn dng chng trong mi trng thc DNS Server properties bao gm cc vn nh: - Interfaces: Cho php ta cu hnh nhng card mng no nghe cc request - Forwarders: Chuyn cc request mt domain no ti mt my ch DNS no - Advanced: Cho php nng cao cc thuc tnh cc tnh nng trong DNS Server - Root hints: Cho php cu hnh gc ca domain, v cn thit cho client vo internet - Debug logging: ghi li cc tin trnh phn tch nu li xy ra - Event logging: Cc tnh hung ghi li - Monitoring: Gim st DNS Server - Security: Bo mt d liu DNS 1. Nghin cu v tab Interfaces

a. V d: Chng hn y ta c my ch DNS c FQDN l VNEXPERTS.VNE.COM my ch c 4 card mng vi a ch LAN1: 192.168.0.5 dnh cho public web site LAN 2: 192.168.1.5 dnh cho name resolution LAN 3: 192.168.2.5 dnh cho name resolution LAN 4: 192.168.3.5 dnh cho ng dng SQL iu ny c ngha l my ch ny cn phi cu hnh sao cho ch p ng cc yu cu (Lookup Forward Query) v DNS mng s dn n nh hng bng thng ng truyn vi cc dch v khc. Mc nh my ch DNS nghe cc request t tt c cc card mng nhng trong tnh hung ny bn cn phi cu hnh li 2. Nghin cu v Forwarders.

V d: Cng ty ca bn c ba a im khc nhau l Ngh An, Thi Nguyn, H Ni (vne.com). Mi site c mt domain ri v tn.com ti my ch DNS ca na.com DNS server ca vne.com l - 192.168.1.5 DNS server ca na.com l 192.168.0.5 DNS server ca tn.com l 192.168.2.5 Lc ny my client ti na.com mun truy cp vo mt my ch ti vne.com c tn web1.vne.com.

vi nhau qua ng VPN. My ch ti na.com rt yu v ch c th nghe nhng yu cu v DNS ti Site Ngh an m th

Khi cu hnh nh trn hnh trn c ngha l khi user truy cp vo domain vne.com my ch DNS s gi ton b cc reque

Trong thc t chng ta ch s dng Forwarders khi: th nht khng th to c secondary zone hay stub zone ca m

www.microsoft.com ta gi lun ln my ch DNS ca M thay v forward ti DNS ca ISP). Hoc my ch DNS ca chn

Du check box "do not use recusion for this domain" khi bn khng dnh du check box ny, tr li v d trn. Khi m

ton b request ln my ch DNS ti vne.com d nh resolve h. Nhng chng may gi tin c gi t my ch DNS t na.

bn khng tch du check box my ch DNS ti na.com s t ng gi li gi tin yu cu bao gi kt ni c th th

Du check box ch p dng cho mt domain cn nu mun cu hnh khng gi li c ngha l "do not use recusion all

3. Nghin cu v Tab Advanced Mt tab quan trng nht ca DNS Server properties cho php ta cu hnh nhiu tnh cht quan trng ca DNS.

a. Du check box "disable recusion (also disable forwarders)

- Nh ta nghin cu v forwarder khi bn nh du check box ny c ngha l bn s khng bao gi s dng vic gi l du check box ny (hnh trn l mc nh ca DNS server). b. Du check box "BIND secondaries"

Khi h thng DNS ca bn c my ch Linux ci BIND service ln y cng l dch v DNS trn h iu hnh *nix. Vic b Primary zone v.

c. du check box "Fail on load if bad zone data" - Nu qu trnh truyn d liu zone gia primary v secondary b li s c d. du check box "Enable round robin" V d my ch VNEXPERTS.VNE.COM c a ch LAN 1: 192.168.0.5 LAN 2: 192.168.0.6 LAN 3: 192.168.0.7

C ba a ch ny u c dng cho cc client trong mng truy cp vo web ni b ca cng ty c t ti my ch Nu cc bn khng enable tnh nng ny:

Mt client1 truy cp vo http://vnexperts.vne.com my ch DNS s tr v a ch tht l 192.168.0.5, tip n my ch cli 192.168.0.5.

Nhng nu enable tnh nng ny ln my ch DNS s kim sot qu trnh truy cp vo mt my tnh c nhiu card mng Mt client 1 truy cp vo http://vnexperts.vne.com my ch cp a ch l 192.168.0.5 nhng mt client 2 li truy cp vo vy DNS s kim sot qu trnh truy cp vo mt my tnh. e. Du check box "Enable netmask ordering" Chng hn c mt my ch vi tn vnexperts.vne.com c a ch l LAN 1: 192.168.1.5 LAN 2: 192.168.2.5 LAN 3: 192.168.3.5

Mt client vi a ch 192.168.2.53 truy cp vo http://vnexperts.vne.com my ch DNS s cp li cho client a ch no?. vnexperts.vne.com l 192.168.1.5 theo ng th t ghi trn d liu ca DNS.

Nu enable tnh nng ny my ch DNS s so snh a ch IP ca client v ca vnexperts.vne.com sau s tr li a c f. Du check box "Secure cache against pollution"

Khi mt client yu cu my ch DNS v www.microsoft.com my ch DNS sau khi truy vn cc my ch ngoi Internet l nng ny th ch c cc a ch c query th mi lu vo cache m thi.

DNS s lu li thng tin vo cache, nhng nu khng enable tnh nng ny chng hn mt k gi mo gi tin DNS v

Du check box "enable automatic scavenging of stale records" l tnh nng xo d liu cache trong khong thi gian bao 4. Nghin cu v tab root hints

Mc nh tab root hints cha a ch 13 my ch gc ca Internet iu ny c ngha khi client truy vn vo mt a ch tr s gi yu cu resolve tn ln 13 my ch gc ny nh resolve h. Nu bn khng mun vo internet bn ch cn remove ton b 13 my ch root hints i l c.

Mt ng dng root hints l bn c th thm vo root hints to gc cho DNS ca bn (lu ch s dng c trong Ngoi ra chng ta cn c nhng tab cn li nhng cc tab ti ngh rt d dng hiu bi n vit kh chi tit v kin 3 cng l phn cui v DNS ti s gii thiu.

vit ti s gii thiu v Zone Properties vi ni dung v cc dng ca zone, cch lu tr d liu zone, cch cp nht cc

Nhng vn v DNS (Phn cui - Zone Properties)

Nhiu ngi thc mc rng d liu DNS c lu tr nh th no? v sao li lin quan n Zone

cch n gin ngi ta ngh ra cch l chia thnh cc Zones c cng cc chnh sch qun l h Ni lu tr d liu Zone D liu c cp nht nh th no

D liu Zone c truyn gia cc my ra sao.... Trong phn 3 cc vn lin quan ti DNS ti s gii thiu vi cc Chng ta nghin cu v Zone Properties s ra c ton b cc vn trn.

Trong Zone Properties c nhng tab sau: General: Vi thit lp v ni lu tr d liu Zone, cch cp nht d liu zone, v cu hnh dng Zone (type of Zone).. Start of Authority: Chng ta s bit my ch no l my ch Primary cha d liu Zone , cu hnh thi gian cho vic

Name Server: Cu hnh trong ny s nh hng ti cc my ch cha d liu Zone, cho php tranfer d liu zone ngo domain controller cho domain ny.

Security: Trong tab security chng ta s c th gn cho tng group c th, user c th c kh nng lm c mt vic c Zone Tranfer: Trong tab ny chng ta s cu hnh cch thc d liu zone c truyn WINS: cu hnh my ch WINS cho Zone ny. 1. Nghin cu v tab General

Trong tab ny chng ta c th cu hnh v status ca Zone ny nh Pause, Resume, Stop vi mt nt bm u tin. Trong Zone Type l mt trong nhng vng cu hnh quan trng nht i vi Zone.

 y cho php ta cu hnh d liu ang cha trn my tnh dng Zone no:

Primary: D liu Zone c cha trn my ch cha Primary Zone, Primary cho php cp nht d liu v tranfer vi cc Secondary: Cha d liu Copy ca Primary Zone, ch c kh nng cp nht vi d liu trn Primary khng c kh nng Stub: L bn sao d liu NS (Name Server) trn Primary Zone, khng c kh nng resolve tn cho cc my con.

Nh bi u tin ti c gii thiu v ngha ca tng Type of Zone cc bn c th xem li hiu c khi no phi dn client v m bo ng truyn cho h thng.

Du check box cui hnh cc bn nhn thy chnh l vic c lu d liu Zone trn Active Directory hay khng. Cc b Replication c cn khng th s khng c. Khi cc bn nh du vo du check box c ngha d liu Zone ca Replication trn Active Directory.

Ngoi ra ch khi bn lu d liu DNS trn Active Directory th d liu Zone mi cho tnh nng Dynamic Update nhng d

Khi cu hnh cho d liu Zone lu trn Active Directory bn cn phi quan tm ti rng d liu Zone c ng b tr

du check box u tin: S ng b ton b d liu Zone vi tt c my ch DNS trn ton forest du check box th hai: S ng b ton b d liu Zone vi tt c my ch DNS trn ton domain du check box th ba: S ng b ton b d liu Zone vi ton b my ch Domain Controller trn ton Domain.

Sau khi cu hnh xong v vn dng d liu Zone (Type Zone), Cch lu tr d liu Zone trn Active Directory chng t

Dynamic update: My ch DNS cha cc record quan trng l Host A Record (v d server.vne.com --- 192.168.1.2) v

tr li li request l 192.168.1.2. Vy mt my client50.vne.com cp a ch IP t ng th th no, hm nay d liu H Khc phc vn ny my ch DNS cho php d liu t ng update.

a ch IP ng my client50 s nhn a ch IP khc khng phi 55 na vy khi c request ti client50.vne.com th my c

Dynamic update: Cho php my ch DNS t ng thay i cc d liu Record Cu hnh Dynamic update c cc vn sau: None: Khng t ng cp nht d liu None Security and Security: Cho php t ng cp nht d liu khng yu cu bo mt gia my client v my DNS v nh bi cho php c cc my client khng trong domain v trong domain. Secure Only la chn ny ch c khi bn lu d liu Zone trong Active Directory, khi bn la chn ny yu cu tt c s

Trong tab general cn mt vn khc l l xo cc thng tin c Aging trong cu hnh ny cho php bn xo cc d 2. Nghin cu v tab Start of Authority (SOA).

Trong tab ny c mc Serial number y l thng tin cha s lng cc record cha trn my ch DNS. V nh khi bn

Trong thng s Primary server chnh l my ch cha d liu Primary Zone. Khi chng ta c nhiu my ch DNS v khi m th phi vo y thay i. Trong ny c mc l Responsible Person chnh l my ch tr li cc request.

Trong phn Refresh Interval vi mc nh l 15 pht l khong thi gian ng b d liu gia my ch cha Prima

i khng s dng mc nh na bi v nu d liu DNS t c s thay i ta c th khong thi gian ny ln gim Retry Interval: nu qu trnh Refresh m xy ra li th sau mt khong thi gian no s refresh li. Expire after: thng tin DNS nu khng refresh s khng cn gi tr sau mt ngy. D liu DNS c lm ti lin tc vi thi gian l 1h vi mc nh tt c cc d liu.

Khi nghin cu v Tab ny chng ta c th thy c ngha ca n vi DNS l cho chng ta bit s lng record, my ra chng ta cn c th cu hnh thi gian cho vic refresh d liu gia Primary v Secondary. 3. Nghin cu v Tab Name Server.

Trong tab ny chng ta s thy sut hin cc domain controller ca domain , nu bn cu hnh cho d liu DNS lu tr

Ngoi ra chng ta c th thm nhng my ch NS vo tab ny ta c th da vo cc thng tin y ng b d li domain controller) hoc bn c th add manual vo. 4. Nghin cu v tab Security.

NS table ny m thi. Ngoi ra d liu NS l d liu c Stub Zone copy v v da vo n gi cc request ti cc m

ng nh tn gi ca n trong tab ny chng ta cu hnh gn Permission cho ngi dng hoc nhm ngi dng c kh trong Zone. 5. Nghin cu v Zone Transfers.

D liu Zone l mt trong cc d liu quan trng bc nht trong h thng mng, n cho php bn qun l cc my tnh th

cuar bn b l th mt k tn cng c th da vo d liu ny phn tch h thng mng ca bn v t s tn cng x

Do d liu Zone ch nn ng b v cho php truyn ti mt s my m thi mc nh vi "to any server" ci ny c n my ch c trong danh sch ca NS table m thi. Ngoi ra DNS cn c Options cho php bn ch ng b ti mt my 6. Nghin cu v Tab WINS.

Zone. Nhng nu nh vy th ai cng c th ly c thng tin v Zone, nhng DNS cn c cc la chn khc nh "On

Bn l nh qun tr mng trong h thng ca bn c hai domain vne.com my ch DNS v Domain controllers l cc my h thng cn c domain sov vi cc my ch Windows NT Server 4.0, cc my con chy Windows NT 4.0

Cc my client trong domain sov ni vo d liu c hai vng mt cch bnh thng, nhng cc my client trong domain v nhn ti sao?. Windows NT 4.0 Server chy dch v WINS l dch v Name Resolution v cng ngh NT 4.0 cha c DNS. Do vy khi my client mun vo d liu trn domain sov th bn phi cu hnh trong tab WINS vi du check box "Use WINS lookup forward" sau bn add thm mt my ch chy dch v WINS vo l c. 7. Kt lun.

Trong ba phn cc vn v DNS ti trnh by cc bn c bit v cc thng tin v DNS, cc d liu cha trn DNS (reco tab ca DNS ti trnh by kh chi tit v cc ng dng ca mi trng hp khi c s thay i v cu hnh. Chc cc bn thnh cng!