Difference between revisions of "NAD810 DDNS LAB"

From CDOT Wiki
Jump to: navigation, search
(New page: =Dynamic DNS Zone Configuration= In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS...)
(No difference)

Revision as of 15:10, 10 February 2009

Dynamic DNS Zone Configuration

In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS zone accepts updates from the command line utility "nsupdate" and/or a properly configured DHCP client or server.

Prerequisite:

   * Complete Lab on Caching Name Server and/or Authoritative Name Server (NAD710)

Reference:

  • BIND 9 Administrator Reference Manual
  • Secure dynamic DNS howto
  • RFC 2136 - Dynamic Updates in the Domain Name System (DNS UPDATE)
  • Man page: nsupdate

Tasks:

  • Add a sub-domain called "ddns" to your domain
  • Configure named.conf to allow dynamic DNS update to the ddns sub-domain zone file
  • Create the initial forward-mapping and reverse-mapping zone files for dynamic DNS update
  • Perform dynamic DNS update using the "nsupdate" command

Data used in the following instructions (replace the Host Names and IP addresses as are appropriate for your domain):

  • Primary DNS name server:
    • Host Name: ns1.mydomain.com
    • IP: 192.168.0.105
  • Domain: mydomain.com
  • Dynamic DNS sub-domain: ddns.mydomain.com
  • All hosts in the dynamic DNS sub-domain are in the 172.16.101.0/24 network


PART 1 - Add a sub-domain called "ddns" to your domain

  • If your domain is called "mydomain.com", create a sub-domain called "ddns.mydomain.com".
  • Set aside the network 172.16.101.0/24 for the "ddns" sub-domain.

PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain.

  • Add the "forward-mapping" and "reverse-mapping" zones for the new sub-domain to your named.conf file. If the new sub-domain is "ddns.mydomain.com", use the same name for the forward-mapping zone name. If all the hosts in the sub-domain are in the same network "172.16.101.0/24", use "101.16.172.in-addr.arpa" for the reverse-mapping zone name. Use the following file names for the forward-mapping and reverse-mapping zone file:
    • forward-mapping zone file: db-ddns.hosts
    • reverse-mapping zone file: db-ddns.rev
  • Locate the file called "named.conf", either in /etc or /var/named/chroot/etc directory.
  • Edit the file "/etc/named.conf" (or "/var/named/chroot/etc/named.conf" if you run "bind" in a "chroot jail"). You need to add two zone statements, one points to the file "db-ddns.hosts" and the other points to "db-ddns.rev":
     zone "ddns.mydomain.com" IN {
             type master;
             file "db-ddns.hosts";
             allow-update { localhost; };
     };
     zone "101.16.172.in-addr.arpa" IN {
             type master;
             file "db-ddns.rev";
             allow-update { localhost; };
     };


  • Replace "ddns.mydomain.com" and "101.16.172.in-addr.arpa" with your own zone names.

PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates

  • Create the initial forward-mapping zone file: db-ddns.hosts:
     $TTL 1d1h
     ddns.mydomain.com. IN SOA ns1.mydomain.com. root.ns1.mydomain.com. (               
     					20051004 ; Serial             
     					1h       ; Refresh        
     					15m      ; Retry      
     					30d      ; Expire  
     					1h)      ; Minimum
     ddns.mydomain.com.   IN    NS    ns1.mydomain.com.
  • Create the inital reverse-mapping zone file: db-ddns.rev:
     $TTL    1d1h
     @       IN      SOA     ns1.mydomain.com. root.ns1.mydomain.com.  (
                                           200510041 ; Serial
                                           1h        ; Refresh
                                           15m       ; Retry
                                           30d       ; Expire
                                           1h )      ; Minimum
                   IN      NS      localhost.
  • In the above two files, replace "mydomain.com" with your own domain name and "ns1" with the host name of your DNS server.
  • Start (or re-start) the "named" daemon (service named restart), if it does not complain, go to next step, otherwise check the contents of "named.conf", "db-ddns.hosts" and "db-ddns.rev". You should also check the file "/var/log/messages" for diagnostic messages. There are two utilities that come with the "bind" package, they are "/usr/sbin/named-checkconf" and "/usr/sbin/named-checkzone". You can use "named-checkconf" to check for "typo" or syntax errors in "named.conf" and use "named-checkzone" to check for errors in your zone files. Look up the man page on how to use these two time-saving utilities.

PART 4 - Perform dynamic DNS update using the "nsupdate" command

  • Try "nslookup" to verify that your DNS server answers queries (the static zone information) properly.
  • Run "nsupdate" to add an A record for the host "myhost.ddns.mydomain.com" with 172.16.101.12:
     # nsupdate -d
     > server 192.168.0.105
     > update add myhost.ddns.mydomain.com. 300 A 172.16.101.12
     > send
     Reply from SOA query:
     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  18703
     ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
     ;; QUESTION SECTION:
     ;myhost.ddns.mydomain.com.      IN      SOA
      
     ;; AUTHORITY SECTION:
     ddns.mydomain.com.      0       IN      SOA     ns1.mydomain.com. root.ns1.mydomain.com. 20051005 3600 900 2592000 3600
      
      
     Found zone name: ddns.mydomain.com
     The master is: ns1.mydomain.com
      
     Reply from update query:
     ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  26198
     ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
  • Run "nsupdate" to add an incorrect PTR record for the host "myhost.ddns.mydomain.com.":
     # nsupdate -d
     > server 192.168.0.105
     > update add 123.101.16.172.in-addr.arpa. 7200 PTR myhost.ddns.mydomain.com.
     > send
     Reply from SOA query:
     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  30282
     ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
     ;; QUESTION SECTION:
     ;123.101.16.172.in-addr.arpa.   IN      SOA
      
     ;; AUTHORITY SECTION:
     101.16.172.in-addr.arpa. 0      IN      SOA     ns1.mydomain.com. root.ns1.mydomain.com. 200510041 3600 900 2592000 3600
      
      
     Found zone name: 101.16.172.in-addr.arpa
     The master is: ns1.mydomain.com
      
     Reply from update query:
     ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7560
     ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
  • Restart "named" and view and record the contents of the two zone files: "db-ddns.hosts" and "db-ddns.rev".
  • Run "nsupdate" to delete an non-existence PTR record and then the incorrect PTR record for myhost.ddns.mydomain.com. Compare the debug messages.
     (a) Try first to delete a non-existence PTR record:
     > update delete 29.101.16.172.in-addr.arpa.
     > send
     Reply from SOA query:
     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:   1839
     ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
     ;; QUESTION SECTION:
     ;29.101.16.172.in-addr.arpa.    IN      SOA
      
     ;; AUTHORITY SECTION:
     101.16.172.in-addr.arpa. 0      IN      SOA     ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600
      
      
     Found zone name: 101.16.172.in-addr.arpa
     The master is: ns1.mydomain.com
      
     Reply from update query:
     ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  55537
     ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
     (b) Now try to delete the incorrect PTR record that was added before:
     > update delete 123.101.16.172.in-addr.arpa.
     > send
     Reply from SOA query:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  23250
     ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
     ;; QUESTION SECTION:
     ;123.101.16.172.in-addr.arpa.   IN      SOA
      
     ;; AUTHORITY SECTION:
     101.16.172.in-addr.arpa. 3600   IN      SOA     ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600
      
      
     Found zone name: 101.16.172.in-addr.arpa
     The master is: ns1.mydomain.com
      
     Reply from update query:
     ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22171
     ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
  • Restart "named", view and record the contents of the reverse-mapping zone file "db-ddns.rev".
  • Add the correct PTR record for myhost.ddns.mydomain.com:
     # nsupdate -d


     > server 192.168.0.105
     > update add 12.101.16.172.in-addr.arpa. 120 PTR myhost.ddns.mydomain.com.
     > send
     Reply from SOA query:
     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  64116
     ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
     ;; QUESTION SECTION:
     ;12.101.16.172.in-addr.arpa.    IN      SOA
      
     ;; AUTHORITY SECTION:
     101.16.172.in-addr.arpa. 0      IN      SOA     ns1.mydomain.com. root.ns1.mydomain.com. 200510045 3600 900 2592000 3600
      
      
     Found zone name: 101.16.172.in-addr.arpa
     The master is: ns1.mydomain.com
      
     Reply from update query:
     ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  65232
     ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
  • Restart named, check and record the change(s) in the db-ddns.rev file
  • Try to add the same PTR record the second time and find out what would happen.
  • Copy BIND's main configuration file named.conf (in /etc or in /var/named/chroot/etc directory) and all your zone files to a temporary directory and tar them into a tar ball file called bind_data.tar and email it to your instructor.


Questions:

  1. What rpm package contains the "nsupdate" command?
  2. What does the "-d" option do for the "nsupdate" command?
  3. What RFC define Dynamic DNS update protocol?
  4. Can you send dynamic DNS update to a name server which use a non-standard (i.e 53) port?
  5. What are the steps to add an "A" record to your "ddns" domain for a host called "linux" with 172.16.101.90 using nsupdate?
  6. What are the steps to add an "PTR" record for the host in question 5 using nsupdate?
  7. What are the steps to add a "CNAME" record for "gnu.ddns.mydomain.com" that point to linux.ddns.mydomain.com" using nsupdate?
  8. What are the steps to delete the "A" record create in question 5?
  9. What are the steps to delete the "PTR" record in question 6?
  10. What are the steps to delete the CNAME record in question 7?
  11. What would happen when you try to delete a non-existence resouce record (PRT, A record etc.) to a dynamic zone?
  12. What would happen when you try to add a duplicated resource record to a dynamic zone?

Note: When using the nsupdate to create A, PTR and CNAME records, use a TTL of 5 minutes.