Changes

Jump to: navigation, search

NAD810 DDNS LAB

10,944 bytes added, 15:10, 10 February 2009
New page: =Dynamic DNS Zone Configuration= In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS...
=Dynamic DNS Zone Configuration=
In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS zone accepts updates from the command line utility "nsupdate" and/or a properly configured DHCP client or server.

Prerequisite:

* Complete Lab on Caching Name Server and/or Authoritative Name Server (NAD710)

Reference:

* BIND 9 Administrator Reference Manual
* Secure dynamic DNS howto
* RFC 2136 - Dynamic Updates in the Domain Name System (DNS UPDATE)
* Man page: nsupdate

Tasks:

* Add a sub-domain called "ddns" to your domain
* Configure named.conf to allow dynamic DNS update to the ddns sub-domain zone file
* Create the initial forward-mapping and reverse-mapping zone files for dynamic DNS update
* Perform dynamic DNS update using the "nsupdate" command

Data used in the following instructions (replace the Host Names and IP addresses as are appropriate for your domain):

* Primary DNS name server:
** Host Name: ns1.mydomain.com
** IP: 192.168.0.105
* Domain: mydomain.com
* Dynamic DNS sub-domain: ddns.mydomain.com
* All hosts in the dynamic DNS sub-domain are in the 172.16.101.0/24 network


PART 1 - Add a sub-domain called "ddns" to your domain

* If your domain is called "mydomain.com", create a sub-domain called "ddns.mydomain.com".
* Set aside the network 172.16.101.0/24 for the "ddns" sub-domain.

PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain.

* Add the "forward-mapping" and "reverse-mapping" zones for the new sub-domain to your named.conf file. If the new sub-domain is "ddns.mydomain.com", use the same name for the forward-mapping zone name. If all the hosts in the sub-domain are in the same network "172.16.101.0/24", use "101.16.172.in-addr.arpa" for the reverse-mapping zone name. Use the following file names for the forward-mapping and reverse-mapping zone file:
**forward-mapping zone file: db-ddns.hosts
** reverse-mapping zone file: db-ddns.rev
* Locate the file called "named.conf", either in /etc or /var/named/chroot/etc directory.
* Edit the file "/etc/named.conf" (or "/var/named/chroot/etc/named.conf" if you run "bind" in a "chroot jail"). You need to add two zone statements, one points to the file "db-ddns.hosts" and the other points to "db-ddns.rev":

zone "ddns.mydomain.com" IN {
type master;
file "db-ddns.hosts";
allow-update { localhost; };
};

zone "101.16.172.in-addr.arpa" IN {
type master;
file "db-ddns.rev";
allow-update { localhost; };
};



* Replace "ddns.mydomain.com" and "101.16.172.in-addr.arpa" with your own zone names.

PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates

* Create the initial forward-mapping zone file: db-ddns.hosts:

$TTL 1d1h
ddns.mydomain.com. IN SOA ns1.mydomain.com. root.ns1.mydomain.com. (
20051004 ; Serial
1h ; Refresh
15m ; Retry
30d ; Expire
1h) ; Minimum

ddns.mydomain.com. IN NS ns1.mydomain.com.

* Create the inital reverse-mapping zone file: db-ddns.rev:

$TTL 1d1h
@ IN SOA ns1.mydomain.com. root.ns1.mydomain.com. (
200510041 ; Serial
1h ; Refresh
15m ; Retry
30d ; Expire
1h ) ; Minimum
IN NS localhost.

* In the above two files, replace "mydomain.com" with your own domain name and "ns1" with the host name of your DNS server.
* Start (or re-start) the "named" daemon (service named restart), if it does not complain, go to next step, otherwise check the contents of "named.conf", "db-ddns.hosts" and "db-ddns.rev". You should also check the file "/var/log/messages" for diagnostic messages. There are two utilities that come with the "bind" package, they are "/usr/sbin/named-checkconf" and "/usr/sbin/named-checkzone". You can use "named-checkconf" to check for "typo" or syntax errors in "named.conf" and use "named-checkzone" to check for errors in your zone files. Look up the man page on how to use these two time-saving utilities.

PART 4 - Perform dynamic DNS update using the "nsupdate" command

* Try "nslookup" to verify that your DNS server answers queries (the static zone information) properly.
* Run "nsupdate" to add an A record for the host "myhost.ddns.mydomain.com" with 172.16.101.12:

# nsupdate -d
> server 192.168.0.105
> update add myhost.ddns.mydomain.com. 300 A 172.16.101.12
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18703
;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;myhost.ddns.mydomain.com. IN SOA

;; AUTHORITY SECTION:
ddns.mydomain.com. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 20051005 3600 900 2592000 3600


Found zone name: ddns.mydomain.com
The master is: ns1.mydomain.com

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 26198
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

* Run "nsupdate" to add an incorrect PTR record for the host "myhost.ddns.mydomain.com.":

# nsupdate -d
> server 192.168.0.105
> update add 123.101.16.172.in-addr.arpa. 7200 PTR myhost.ddns.mydomain.com.
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30282
;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;123.101.16.172.in-addr.arpa. IN SOA

;; AUTHORITY SECTION:
101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510041 3600 900 2592000 3600


Found zone name: 101.16.172.in-addr.arpa
The master is: ns1.mydomain.com

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7560
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

* Restart "named" and view and record the contents of the two zone files: "db-ddns.hosts" and "db-ddns.rev".
* Run "nsupdate" to delete an non-existence PTR record and then the incorrect PTR record for myhost.ddns.mydomain.com. Compare the debug messages.

(a) Try first to delete a non-existence PTR record:

> update delete 29.101.16.172.in-addr.arpa.
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1839
;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;29.101.16.172.in-addr.arpa. IN SOA

;; AUTHORITY SECTION:
101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600


Found zone name: 101.16.172.in-addr.arpa
The master is: ns1.mydomain.com

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 55537
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

(b) Now try to delete the incorrect PTR record that was added before:

> update delete 123.101.16.172.in-addr.arpa.
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23250
;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;123.101.16.172.in-addr.arpa. IN SOA

;; AUTHORITY SECTION:
101.16.172.in-addr.arpa. 3600 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600


Found zone name: 101.16.172.in-addr.arpa
The master is: ns1.mydomain.com

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22171
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

* Restart "named", view and record the contents of the reverse-mapping zone file "db-ddns.rev".
* Add the correct PTR record for myhost.ddns.mydomain.com:
# nsupdate -d


> server 192.168.0.105
> update add 12.101.16.172.in-addr.arpa. 120 PTR myhost.ddns.mydomain.com.
> send
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64116
;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;12.101.16.172.in-addr.arpa. IN SOA

;; AUTHORITY SECTION:
101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510045 3600 900 2592000 3600


Found zone name: 101.16.172.in-addr.arpa
The master is: ns1.mydomain.com

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 65232
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0

* Restart named, check and record the change(s) in the db-ddns.rev file
* Try to add the same PTR record the second time and find out what would happen.
* Copy BIND's main configuration file named.conf (in /etc or in /var/named/chroot/etc directory) and all your zone files to a temporary directory and tar them into a tar ball file called bind_data.tar and email it to your instructor.


Questions:

# What rpm package contains the "nsupdate" command?
# What does the "-d" option do for the "nsupdate" command?
# What RFC define Dynamic DNS update protocol?
# Can you send dynamic DNS update to a name server which use a non-standard (i.e 53) port?
# What are the steps to add an "A" record to your "ddns" domain for a host called "linux" with 172.16.101.90 using nsupdate?
# What are the steps to add an "PTR" record for the host in question 5 using nsupdate?
# What are the steps to add a "CNAME" record for "gnu.ddns.mydomain.com" that point to linux.ddns.mydomain.com" using nsupdate?
# What are the steps to delete the "A" record create in question 5?
# What are the steps to delete the "PTR" record in question 6?
# What are the steps to delete the CNAME record in question 7?
# What would happen when you try to delete a non-existence resouce record (PRT, A record etc.) to a dynamic zone?
# What would happen when you try to add a duplicated resource record to a dynamic zone?

Note: When using the nsupdate to create A, PTR and CNAME records, use a TTL of 5 minutes.

[[Category:LUX]][[Category:NAD810]][[Category:LAB]]
1
edit

Navigation menu