1 / 18

DNS server & Client

DNS server & Client. Objectives to learn how to setup dns servers Contents An Introduction to DNS How To Download and Install The BIND Packages How To Get BIND Started The /etc/resolv.conf File Configuring A Caching Nameserver Important File Locations Configuring A Regular Nameserver

kanoa
Download Presentation

DNS server & Client

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS server & Client • Objectives • to learn how to setup dns servers • Contents • An Introduction to DNS • How To Download and Install The BIND Packages • How To Get BIND Started • The /etc/resolv.conf File • Configuring A Caching Nameserver • Important File Locations • Configuring A Regular Nameserver • Troubleshooting BIND

  2. Download and Install The DNS Package • Download the DNS server as RPM • SuSE keep a lot of RPM files for bind • Install the caching only DNS and the normal DNS RPM’s • To get started we need at least bind • SuSE bind keeps it’s configuration in /etc/named.conf and /var/lib/named • You can also obtain dhcp sources directly from • This is the standard bind in Unix world • It keeps configuration files in /etc/named.conf and /var/named • Modern bind is places in chroot jail by security reasons # wget ftp://ftp.suse.com//pub/suse/i386/9.3/suse/i586/bind* # rpm -ivh bind-lwresd-9.3.1-3.i586.rpm # rpm -ivh bind-9.3.1-3.i586.rpm http://www.isc.org/index.pl?/sw/bind/

  3. How To Get BIND Started • Set named/bind startup at boot: You can use the insserv or chkconfig command to get BIND configured to start at boot: • To start/stop/restart BIND after booting • Without any configuration bind act as cache only • lwresd is an deligated cache only nameserver Do not run bind and lwresd at same time # insserv named # rcnamed start # rcnamed stop # rcnamed restart # rclwresd start # rclwresd stot # rclwresd restart

  4. The client /etc/resolv.conf File • Sample resolv.conf file: The client server's main domain is my-site.com, but it also is a member of domains my-site.net and my-site.org which should be searched for short hand references to other servers. Two nameservers, 192.168.0.1 and 192.168.0.22 provide DNS name resolution. • Don’t forget /etc/nsswitch.conf and host.conf hosts: files dns order hosts,bind • The nameserver need loopback as first nameserver: domain my-site.com search my-site.com net my-site.net my-site.org nameserver 192.168.0.1 nameserver 192.168.0.22 nameserver 127.0.0.1

  5. Configuring A Caching Nameserver • Two caching only nameservers • Normal bind without configuration • The deligated lwresd • Using normal bind In /etc/resolv.conf: Example old Entry nameserver 192.168.0.1 Example New Entry # nameserver 192.168.0.1 or: nameserver 127.0.0.1 This must be first in the list of nameservers, if there are more!

  6. Configuring A Regular Nameserver • Configuring /etc/resolv.conf You'll have to make your DNS server refer to itself for all DNS queries by configuring the /etc/resolv.conf file to only reference localhost. • Configuring /etc/named.conf home/port This is the head of named.conf Forward resoulution: Revers resolution: • options { • directory "/var/named"; • query-source port 53; • }; zone ”my-site.com" { type master; notify no; allow-query { any; }; file ”master/my-site.com"; }; zone ”0.168.192.in-addr.arpa" { type master; notify no; file ” master/192.168.0.rev"; };

  7. Configuring A Regular Nameserver ”extras” • Activate logging After the ”head” in /etc/named.conf Here we log only zone transfers and mandatory messages:- • Masterzone Example Masterzone, that notify 2 slaves: • logging { • category xfer-out { • default_syslog; • }; • category xfer-in { • default_syslog; • }; • category lame-servers • { • null; • }; • }; zone ”my-site.com" { type master; file ”master/my-site.com"; allow-query { any; }; allow-transfer { 194.22.190.13; 80.84.32.10; localhost; }; notify yes; };

  8. Configuring the Zone Files SOA In the head of /var/lib/named/master/my-site.com: • Time to Live Value on first line: Cache lifetime of this file, allways in top of zonefile! • The SOA (Start Of Authority) Record my-site.com. is this zonefile served domain ns.my-site.com. is the nameserver fqdn root.my-site.com. is the mail address root@my-site.com (dns-admin) • The serial number is extremely important. You MUST increment it after editing the file or else BIND will not apply the changes you made when you restart "named". $TTL 3D my-site.com. IN SOA ns.my-site.com. root.my-site.com. ( 2003037 ; incremental serial number (s) 10800 ; slave refresh ratio (s) 3600 ; slave retry interval (s) 604800 ; slave retry expires (s) 86400 ) ; cache TTL

  9. Next in the zonefile is NS & MX RECORD’s • The IN NS name server record’s for the domain Tells who resolve names for the domain my-site.com. is the served domain ns.my-site.com. is the nameserver fqdn for this domain. • The IN MX name server record’s Tells who handle email in the domain my-site.com. is the served domain mail.my-site.com. is the primary mailserver mail2.my-site.com. is the secondary mailserver ; Define the nameservers my-site.com. IN NS ns.my-site.com. ; master my-site.com. IN NS ns2.other-site.com. ; slave ; Define the mailservers IN MX 10 mail.my-site.com. IN MX 20 mail2.my-site.com.

  10. Populate zonefile with IN A & CNAME records • The IN A (InterNet Address) record’s for the domain ns will be extended to ns.my-site.com since we did not end with . mail will be extended to mail.my-site.com • The CNAME record’s for the domain ftp will be extended to ftp.my-site.com with mail’s IP www will be extended to www.my-site.com with ns’s IP ; Define the hosts in this zone ns IN A 192.168.0.1 ; primary nameserver mail IN A 192.168.0.2 ; pri mailserver mail2 IN A 192.168.0.3 ; sec mailserver Zyxel IN A 192.168.0.4 ; zyxel router ; alias names ftp CNAME mail.my-site.com. student CNAME mail2.my-site.com. www CNAME ns.my-site.com. ntp CNAME mail1.my-site.com.

  11. The reverse Zone File • File has the same SOA format as the forward Exept the SOA opening statement which is reverse: • The PTR reverse pointer record’s look like: $ttl 3d 0.168.192.in-addr.arpa. IN SOA ns.my-site.com. root.my-site.com. ( same SOA as on page 8 of 17 ) ; nameservers 0.168.192.in-addr.arpa. IN NS ns.my-site.com. ; normal pointers 1.0.168.192.in-addr.arpa. IN PTR ns.my-site.com. 2.0.168.192.in-addr.arpa. IN PTR mail.my-site.com. 3.0.168.192.in-addr.arpa. IN PTR mail2.my-site.com. 4.0.168.192.in-addr.arpa. IN PTR zyxel.my-site.com. ; alias names ftp.my-site.com. IN CNAME mail.my-site.com. Student.my-site.com. IN CNAME mail2.my-site.com. www.my-site.com. IN CNAME ns.my-site.com. ntp.my-site.com. IN CNAME mail2.my-site.com.

  12. Loopback reverse and forward lookup • Needed for named loopback reverse lookups /var/lib/named/127.0.0.1.zone • Needed for named loopback forward lookups /var/lib/named/localhost.zone $TTL 3D @ IN SOA ns.my-site.com. root.my-site.com. ( 20011121 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.my-site.com. 1 IN PTR localhost.

  13. Root servers file (cache root servers) • Root servers file /var/named/root.hint . Means all network 3600000 Timeout set to max ; formerly NS.INTERNIC.NET . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; formerly NS1.ISI.EDU . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107

  14. Internal/External queries • Different name lookups for internal and external networks: /etc/named.conf • view internal view "internal" { // What the internal network will see add your zones } • view external view "external" { // What the public network will see add your zones }

  15. Now it’s time to test your configurations • Restart your nameserver # rcnamed restart Check your /var/log/messages file for errors, and correct! • Check forward resolution # nslookup ns.my-site.com Name: ns.my-site.com Address: 192.168.0.1 • Check reverse resolution # nslookup 192.168.0.1 1.0.168.192.in-addr.arpa name = ns.my-site.com. Check your /var/log/messages file for errors, and correct!

  16. Dynamic DNS main configuration • Dynamic DNS allow clients to add hostname to domain name • Dynamic DNS updates comes from DHCP server • The DHCP server updates the zonefiles • DHCP server need to be configured as in chapter 2 of unix-netadmin • DNSSEC is used for the updates • Makes the updates much more secure than classic updates • Master protection key entry • In /etc/named.conf file: • Key was generated in chapter 2 of unix-netadmin copy and paste here. key DHCP-UPDATER { algorithm HMAC-MD5; secret ”<key-data"; };

  17. Dynamic DNS zonefile configuration • Forward and Reverse Zones to update must allow updates • DHCP server ac as shadow master and make faked zone file updates zone ”my-site.com" { type master; notify no; allow-query { any; }; allow-update { key DHCP-UPDATER; };file ”master/my-site.zone"; }; zone ”0.168.192.in-addr.arpa" { type master; notify no;allow-update { key DHCP-UPDATER; }; file ” master/192.168.0.rev"; };

  18. Summary • DNS server is used to resolve name and IP • Configuration sit in /etc/named.conf • Zonefiles are in /var/named/ • Zone transfter from master to slaves • Cache only nameserver is default setting • You have two files for each zone • Hosts can share same IP with CNAME • Stop dns server with /etc/init.d/named stop • Reload dns server with /etc/init.d/named restart • ACL and view can policy quieries • It takes time for names to update globaly • DNS server has 127.0.0.1 as first entry in /etc/resolv.conf • Dynamic DNS uses DHCP for zonefile updates

More Related