Difference between revisions of "OPS535 A2"
(→Assignment Deliverables) |
(→Assignment Deliverables) |
||
Line 26: | Line 26: | ||
**Provide the administrator for your top domain (The root name server operator(s)) with a copy of the DS key for your domain. If you have not already done so, include the glue record as well. | **Provide the administrator for your top domain (The root name server operator(s)) with a copy of the DS key for your domain. If you have not already done so, include the glue record as well. | ||
**Configure a DNSSEC Trust Anchor so that your co-nfs server considers your primary DNS server (the one with the <yourname>.ops zone) to already be authenticated. | **Configure a DNSSEC Trust Anchor so that your co-nfs server considers your primary DNS server (the one with the <yourname>.ops zone) to already be authenticated. | ||
+ | |||
+ | == Supporting Services == | ||
+ | You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1): | ||
+ | * pri-dns must be the primary DNS name server for your domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s). It must be queriable by any machines in the 192.168.0.0/16 network. | ||
+ | **Provide the root name server operator(s) of the <yourname>.ops domain with glue records for your domain. | ||
+ | * co-nfs must be a caching DNS server, accessible only to machines in your networks, that will start its query with the root name server(s) in the virtual lab (e.g. rns-ldap.rdu6.ops (192.168.6.4), rns-ldap.wsu15.ops (192.168.35.4)), and then the appropriate primary DNS server. | ||
+ | * if you are one of the root name server operators, your rns-ldap must provide authoritative responses to any valid DNS queries. | ||
+ | ** All authorized root name servers in the virtual lab must be queriable by any network devices from the 192.168.0.0/16 network. | ||
+ | ** It must have a copy of the root zone data of the virtual lab. | ||
+ | |||
+ | <!-- | ||
+ | == BONUS == | ||
+ | # Optional: Use LDAP authentication to secure your web mail server or Access Agent. (Bonus item +10%) | ||
+ | # Optional: Implement dynamic firewall rules to block black-listed IP addresses of email spammer. (Bonus item +10%) --> | ||
= Completing the Assignment = | = Completing the Assignment = | ||
* On the assignment due date on Apr 12, 2021, please attend the online assessment meeting to complete the final task and demonstrate the assignment deliverables as prescribed. | * On the assignment due date on Apr 12, 2021, please attend the online assessment meeting to complete the final task and demonstrate the assignment deliverables as prescribed. |
Revision as of 16:56, 23 March 2021
Contents
Under Construction, Please wait for the official release announcement
Weighting and Due Date
- This assignment worth 15% of your final grade.
- Due Date: April 12, 2021 (Monday)
- Important: You must join and present in the online assessment meeting on the due date to demonstration the required task on your systems (VMs) in order to have your assignment graded.
Specification
Basic Services
Install and configure an Internet email system for your assigned Domain using the four Virtual Machines assigned to your in the OPS535 Virtual Lab. Your Internet email system must provide the deliverables listed below.
Assignment Deliverables
- A SMTP email server (running postfix) that is capable of receiving and sending emails
- Users in your domain must be able to send emails to users in the same domain and users in other students' domains in the class.
- Users in your domain must be able to receive emails from other email users (both in your domain and from other domains).
- You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject emails that are violating the sender policy.
- Configure your pri-dns server to implement and provide the SPF protection for your assignment domain.
- Configure your pri-dns server to implement and provide the DNSSEC records for your assignment domain.
- Provide the administrator for your top domain (The root name server operator(s)) with a copy of the DS key for your domain. If you have not already done so, include the glue record as well.
- Configure a DNSSEC Trust Anchor so that your co-nfs server considers your primary DNS server (the one with the <yourname>.ops zone) to already be authenticated.
Supporting Services
You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1):
- pri-dns must be the primary DNS name server for your domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s). It must be queriable by any machines in the 192.168.0.0/16 network.
- Provide the root name server operator(s) of the <yourname>.ops domain with glue records for your domain.
- co-nfs must be a caching DNS server, accessible only to machines in your networks, that will start its query with the root name server(s) in the virtual lab (e.g. rns-ldap.rdu6.ops (192.168.6.4), rns-ldap.wsu15.ops (192.168.35.4)), and then the appropriate primary DNS server.
- if you are one of the root name server operators, your rns-ldap must provide authoritative responses to any valid DNS queries.
- All authorized root name servers in the virtual lab must be queriable by any network devices from the 192.168.0.0/16 network.
- It must have a copy of the root zone data of the virtual lab.
Completing the Assignment
- On the assignment due date on Apr 12, 2021, please attend the online assessment meeting to complete the final task and demonstrate the assignment deliverables as prescribed.