Difference between revisions of "NAD810 DDNS LAB"
(New page: =Dynamic DNS Zone Configuration= In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS...) |
(No difference)
|
Revision as of 15:10, 10 February 2009
Dynamic DNS Zone Configuration
In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS zone accepts updates from the command line utility "nsupdate" and/or a properly configured DHCP client or server.
Prerequisite:
* Complete Lab on Caching Name Server and/or Authoritative Name Server (NAD710)
Reference:
- BIND 9 Administrator Reference Manual
- Secure dynamic DNS howto
- RFC 2136 - Dynamic Updates in the Domain Name System (DNS UPDATE)
- Man page: nsupdate
Tasks:
- Add a sub-domain called "ddns" to your domain
- Configure named.conf to allow dynamic DNS update to the ddns sub-domain zone file
- Create the initial forward-mapping and reverse-mapping zone files for dynamic DNS update
- Perform dynamic DNS update using the "nsupdate" command
Data used in the following instructions (replace the Host Names and IP addresses as are appropriate for your domain):
- Primary DNS name server:
- Host Name: ns1.mydomain.com
- IP: 192.168.0.105
- Domain: mydomain.com
- Dynamic DNS sub-domain: ddns.mydomain.com
- All hosts in the dynamic DNS sub-domain are in the 172.16.101.0/24 network
PART 1 - Add a sub-domain called "ddns" to your domain
- If your domain is called "mydomain.com", create a sub-domain called "ddns.mydomain.com".
- Set aside the network 172.16.101.0/24 for the "ddns" sub-domain.
PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain.
- Add the "forward-mapping" and "reverse-mapping" zones for the new sub-domain to your named.conf file. If the new sub-domain is "ddns.mydomain.com", use the same name for the forward-mapping zone name. If all the hosts in the sub-domain are in the same network "172.16.101.0/24", use "101.16.172.in-addr.arpa" for the reverse-mapping zone name. Use the following file names for the forward-mapping and reverse-mapping zone file:
- forward-mapping zone file: db-ddns.hosts
- reverse-mapping zone file: db-ddns.rev
- Locate the file called "named.conf", either in /etc or /var/named/chroot/etc directory.
- Edit the file "/etc/named.conf" (or "/var/named/chroot/etc/named.conf" if you run "bind" in a "chroot jail"). You need to add two zone statements, one points to the file "db-ddns.hosts" and the other points to "db-ddns.rev":
zone "ddns.mydomain.com" IN { type master; file "db-ddns.hosts"; allow-update { localhost; }; };
zone "101.16.172.in-addr.arpa" IN { type master; file "db-ddns.rev"; allow-update { localhost; }; };
- Replace "ddns.mydomain.com" and "101.16.172.in-addr.arpa" with your own zone names.
PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates
- Create the initial forward-mapping zone file: db-ddns.hosts:
$TTL 1d1h ddns.mydomain.com. IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( 20051004 ; Serial 1h ; Refresh 15m ; Retry 30d ; Expire 1h) ; Minimum
ddns.mydomain.com. IN NS ns1.mydomain.com.
- Create the inital reverse-mapping zone file: db-ddns.rev:
$TTL 1d1h @ IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( 200510041 ; Serial 1h ; Refresh 15m ; Retry 30d ; Expire 1h ) ; Minimum IN NS localhost.
- In the above two files, replace "mydomain.com" with your own domain name and "ns1" with the host name of your DNS server.
- Start (or re-start) the "named" daemon (service named restart), if it does not complain, go to next step, otherwise check the contents of "named.conf", "db-ddns.hosts" and "db-ddns.rev". You should also check the file "/var/log/messages" for diagnostic messages. There are two utilities that come with the "bind" package, they are "/usr/sbin/named-checkconf" and "/usr/sbin/named-checkzone". You can use "named-checkconf" to check for "typo" or syntax errors in "named.conf" and use "named-checkzone" to check for errors in your zone files. Look up the man page on how to use these two time-saving utilities.
PART 4 - Perform dynamic DNS update using the "nsupdate" command
- Try "nslookup" to verify that your DNS server answers queries (the static zone information) properly.
- Run "nsupdate" to add an A record for the host "myhost.ddns.mydomain.com" with 172.16.101.12:
# nsupdate -d > server 192.168.0.105 > update add myhost.ddns.mydomain.com. 300 A 172.16.101.12 > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18703 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;myhost.ddns.mydomain.com. IN SOA ;; AUTHORITY SECTION: ddns.mydomain.com. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 20051005 3600 900 2592000 3600 Found zone name: ddns.mydomain.com The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 26198 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Run "nsupdate" to add an incorrect PTR record for the host "myhost.ddns.mydomain.com.":
# nsupdate -d > server 192.168.0.105 > update add 123.101.16.172.in-addr.arpa. 7200 PTR myhost.ddns.mydomain.com. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30282 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;123.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510041 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7560 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Restart "named" and view and record the contents of the two zone files: "db-ddns.hosts" and "db-ddns.rev".
- Run "nsupdate" to delete an non-existence PTR record and then the incorrect PTR record for myhost.ddns.mydomain.com. Compare the debug messages.
(a) Try first to delete a non-existence PTR record:
> update delete 29.101.16.172.in-addr.arpa. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1839 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;29.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 55537 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
(b) Now try to delete the incorrect PTR record that was added before:
> update delete 123.101.16.172.in-addr.arpa. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23250 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;123.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 3600 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22171 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Restart "named", view and record the contents of the reverse-mapping zone file "db-ddns.rev".
- Add the correct PTR record for myhost.ddns.mydomain.com:
# nsupdate -d
> server 192.168.0.105 > update add 12.101.16.172.in-addr.arpa. 120 PTR myhost.ddns.mydomain.com. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64116 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;12.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510045 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 65232 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Restart named, check and record the change(s) in the db-ddns.rev file
- Try to add the same PTR record the second time and find out what would happen.
- Copy BIND's main configuration file named.conf (in /etc or in /var/named/chroot/etc directory) and all your zone files to a temporary directory and tar them into a tar ball file called bind_data.tar and email it to your instructor.
Questions:
- What rpm package contains the "nsupdate" command?
- What does the "-d" option do for the "nsupdate" command?
- What RFC define Dynamic DNS update protocol?
- Can you send dynamic DNS update to a name server which use a non-standard (i.e 53) port?
- What are the steps to add an "A" record to your "ddns" domain for a host called "linux" with 172.16.101.90 using nsupdate?
- What are the steps to add an "PTR" record for the host in question 5 using nsupdate?
- What are the steps to add a "CNAME" record for "gnu.ddns.mydomain.com" that point to linux.ddns.mydomain.com" using nsupdate?
- What are the steps to delete the "A" record create in question 5?
- What are the steps to delete the "PTR" record in question 6?
- What are the steps to delete the CNAME record in question 7?
- What would happen when you try to delete a non-existence resouce record (PRT, A record etc.) to a dynamic zone?
- What would happen when you try to add a duplicated resource record to a dynamic zone?
Note: When using the nsupdate to create A, PTR and CNAME records, use a TTL of 5 minutes.