Difference between revisions of "NAD710 Lab 5"
(New page: <h2>NAD710 - Introduction to Networks - Using Linux</h2> =Objective= * Install the BIND (Berkeley Internet Name Domain) software and study some of its basic features * Set up and Configur...) |
(→Completing this Lab) |
||
Line 206: | Line 206: | ||
=Completing this Lab= | =Completing this Lab= | ||
* Post your answers for this lab to [[NAD710 Lab 5 Answers| Lab 5 Answer Page]] or email your answers to your professor. | * Post your answers for this lab to [[NAD710 Lab 5 Answers| Lab 5 Answer Page]] or email your answers to your professor. | ||
+ | |||
+ | [[Category:LUX]][[Category:NAD]] |
Revision as of 02:00, 2 October 2008
Contents
NAD710 - Introduction to Networks - Using Linux
Objective
- Install the BIND (Berkeley Internet Name Domain) software and study some of its basic features
- Set up and Configure BIND for a Caching-only Name server
Background Information
The Domain Name System (DNS) is a hierarchical, distributed database storing information mainly for mapping FQDNs (fully qualify domain name) to IP addresses and vice versa. The distributed database consists of "zone" files which are managed by software called "name server". BIND is one of the popular name servers software in use today. The BIND software supports all three type of name servers: Caching-only (or recursive/resolving) name server, Primary (or authoritative) Name Server, and Secondary (or slave) Name Server. This lab investigates the set up and configuration of Caching-only name server.
Procedure
Software update and Installation
If you are doing this lab in T2107, boot up Fedora Core 8 Test and issue the following command to check the availability of the BIND software on the system:
[poker@localhost ~]$ rpm -q bind
If the output is "package bind is not installed", then you need to install the "bind" package. Before you run any "yum" command, you must first go through the Senenet authentication with a web browser and then open a terminal window for running the following steps to install the "bind" package from Fedora Core's repository:
[poker@localhost ~]$ su - password: .... [root@localhost ~]# yum update ... [root@localhost ~]# yum install bind Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: bind x86_64 32:9.5.0-29.P2.fc8 updates-newkey 1.6 M Updating: bind-libs x86_64 32:9.5.0-29.P2.fc8 updates-newkey 986 k Updating for dependencies: bind-utils x86_64 32:9.5.0-29.P2.fc8 updates-newkey 194 k Transaction Summary ============================================================================= Install 1 Package(s) Update 2 Package(s) Remove 0 Package(s) Total download size: 2.8 M
Is this ok [y/N]: y Downloading Packages: (1/3): bind-utils-9.5.0-2 100% |=========================| 194 kB 00:00 (2/3): bind-libs-9.5.0-29 100% |=========================| 986 kB 00:01 (3/3): bind-9.5.0-29.P2.f 100% |=========================| 1.6 MB 00:02 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6df2196f Importing GPG key 0x6DF2196F "Fedora (8 and 9) <fedora@fedoraproject.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-8-and-9 Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : bind-libs ######################### [1/5] Installing: bind ######################### [2/5] Updating : bind-utils ######################### [3/5] Cleanup : bind-libs ######################### [4/5] Cleanup : bind-utils ######################### [5/5] Installed: bind.x86_64 32:9.5.0-29.P2.fc8 Updated: bind-libs.x86_64 32:9.5.0-29.P2.fc8 Dependency Updated: bind-utils.x86_64 32:9.5.0-29.P2.fc8 Complete!
Study the BIND package
- Use the "rpm -ql" command to list all the files in the bind package.
- There are several man pages included with the bind package for the corresponding bind tools, study the following man pages to find out the function of each of the following tools:
- named-checkconf
- named-checkzone
- rndc
- Use the "rpm -ql" command to list all the file in the bind-utils package.
- There are several man pages included with the bind-utils package for the corresponding bind utilities, study the following man page to find out how to use them:
- dig
- host
- nslookup
Files for running a Caching-Only Name Server
To run a Caching-Only name server, you need at least the following files:
/etc/named.conf - main configuration file for named (the name server daemon) /var/named/named.ca - caching file for the root name servers /var/named/named.localhost - zone file for the localhost zone /var/named/named.loopback - reverse zone file for the loopback interface 127.0.0.1 /var/named/named.empty - reverse zone file for the 0.in-addr.arpa zone /etc/named.rfc1912.zones - container file for zone files
You should have the above files on your system after installing the bind package. Take a quick look at each file and make sure that they are not empty.
Start/stop the name server
- Use the command "server named start" to start the name server
- Use the command "service named stop" to stop the name server.
- Use the command "server named status" to check the status of the name server.
Testing the name server locally
You can use the bind utilities: host, dig, or nslookup. The following is an interactive nslookup session:
[root@localhost ~]# nslookup > server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 > 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 1.0.0.127.in-addr.arpa name = localhost. > localhost. Server: 127.0.0.1 Address: 127.0.0.1#53 Name: localhost Address: 127.0.0.1 > exit
The BIND software has a feature that return the version number of the name server daemon running if a special query is sent to the server. The following dig query command can be used to obtain this information:
[root@localhost ~]# dig @127.0.0.1 version.bind txt chaos ; <<>> DiG 9.5.0-P2 <<>> @127.0.0.1 version.bind txt chaos ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10152 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;version.bind. CH TXT ;; ANSWER SECTION: version.bind. 0 CH TXT "9.5.0-P2" ;; AUTHORITY SECTION: version.bind. 0 CH NS version.bind. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Oct 1 11:53:41 2008 ;; MSG SIZE rcvd: 65
You can do the same with the following interactive nslookup session:
[root@localhost ~]# nslookup > server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 > set type=txt > set class=chaos > version.bind. Server: 127.0.0.1 Address: 127.0.0.1#53 version.bind text = "9.5.0-P2"
Testing the name server remotely
The default configuration for the Caching-only name server is to answer DNS queries only on the loopback interface. To make the Caching-only namer server to answer queries from the network, modify the "options" section in the /etc/named.conf file from:
options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; };
to:
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; };
Use the /sbin/ifconfig command to find out the IP address of your name server. Boot up another computer next to your name server and use this as the remote test machine.
Perform the same tests on the remote machine as described above for the local tests but use the IP address of your name server in place for the server address. If the IP address of your name server is 142.204.141.176, the dig command should be in the format of "dig @142.204.141.176 ..." and the server command within the interactive nslookup session should be "server 142.204.141.176".
Make sure that you get the same results.
Hiding the BIND version number
Add the following line at the beginning of the "options" section in the /etc/named.conf file:
options { version none; listening ... ... };
After the change, restart the name server and run the dig or nslookup utilities to verify the change.
Questions
- What is the version number of the installed BIND package?
- What is bind tool called "named-checkconf" use for?
- What is bind tool called "named-checkzone" use for?
- What are the names of all the other tools in the bind package?
- We have used the dig and nslookup bind utilities in this lab, what are the other two bind utilities and what are they for?
- What is the information provided by the "service named status" command?
- Will the "version" statement in the "/etc/named.conf" file change the output of the "service named status" command?
- The SOA resource record in a zone file contains 5 numbers, what is the usage of the last one?
Completing this Lab
- Post your answers for this lab to Lab 5 Answer Page or email your answers to your professor.