Difference between revisions of "NAD810 DDNS LAB"
(→Dynamic DNS Zone Configuration) |
Bossa nesta (talk | contribs) (→PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates) |
||
(One intermediate revision by one other user not shown) | |||
Line 15: | Line 15: | ||
Tasks: | Tasks: | ||
− | * Add a sub-domain called "ddns" to your domain | + | =* Add a sub-domain called "ddns" to your domain |
* Configure named.conf to allow dynamic DNS update to the ddns sub-domain zone file | * Configure named.conf to allow dynamic DNS update to the ddns sub-domain zone file | ||
* Create the initial forward-mapping and reverse-mapping zone files for dynamic DNS update | * Create the initial forward-mapping and reverse-mapping zone files for dynamic DNS update | ||
Line 30: | Line 30: | ||
− | PART 1 - Add a sub-domain called "ddns" to your domain | + | ==PART 1 - Add a sub-domain called "ddns" to your domain== |
* If your domain is called "mydomain.com", create a sub-domain called "ddns.mydomain.com". | * If your domain is called "mydomain.com", create a sub-domain called "ddns.mydomain.com". | ||
* Set aside the network 172.16.101.0/24 for the "ddns" sub-domain. | * Set aside the network 172.16.101.0/24 for the "ddns" sub-domain. | ||
− | PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain. | + | ==PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain.== |
* Add the "forward-mapping" and "reverse-mapping" zones for the new sub-domain to your named.conf file. If the new sub-domain is "ddns.mydomain.com", use the same name for the forward-mapping zone name. If all the hosts in the sub-domain are in the same network "172.16.101.0/24", use "101.16.172.in-addr.arpa" for the reverse-mapping zone name. Use the following file names for the forward-mapping and reverse-mapping zone file: | * Add the "forward-mapping" and "reverse-mapping" zones for the new sub-domain to your named.conf file. If the new sub-domain is "ddns.mydomain.com", use the same name for the forward-mapping zone name. If all the hosts in the sub-domain are in the same network "172.16.101.0/24", use "101.16.172.in-addr.arpa" for the reverse-mapping zone name. Use the following file names for the forward-mapping and reverse-mapping zone file: | ||
Line 59: | Line 59: | ||
* Replace "ddns.mydomain.com" and "101.16.172.in-addr.arpa" with your own zone names. | * Replace "ddns.mydomain.com" and "101.16.172.in-addr.arpa" with your own zone names. | ||
− | PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates | + | ==PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates== |
* Create the initial forward-mapping zone file: db-ddns.hosts: | * Create the initial forward-mapping zone file: db-ddns.hosts: | ||
− | |||
$TTL 1d1h | $TTL 1d1h | ||
ddns.mydomain.com. IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( | ddns.mydomain.com. IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( | ||
Line 70: | Line 69: | ||
30d ; Expire | 30d ; Expire | ||
1h) ; Minimum | 1h) ; Minimum | ||
− | |||
ddns.mydomain.com. IN NS ns1.mydomain.com. | ddns.mydomain.com. IN NS ns1.mydomain.com. | ||
* Create the inital reverse-mapping zone file: db-ddns.rev: | * Create the inital reverse-mapping zone file: db-ddns.rev: | ||
− | |||
$TTL 1d1h | $TTL 1d1h | ||
@ IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( | @ IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( | ||
Line 87: | Line 84: | ||
* Start (or re-start) the "named" daemon (service named restart), if it does not complain, go to next step, otherwise check the contents of "named.conf", "db-ddns.hosts" and "db-ddns.rev". You should also check the file "/var/log/messages" for diagnostic messages. There are two utilities that come with the "bind" package, they are "/usr/sbin/named-checkconf" and "/usr/sbin/named-checkzone". You can use "named-checkconf" to check for "typo" or syntax errors in "named.conf" and use "named-checkzone" to check for errors in your zone files. Look up the man page on how to use these two time-saving utilities. | * Start (or re-start) the "named" daemon (service named restart), if it does not complain, go to next step, otherwise check the contents of "named.conf", "db-ddns.hosts" and "db-ddns.rev". You should also check the file "/var/log/messages" for diagnostic messages. There are two utilities that come with the "bind" package, they are "/usr/sbin/named-checkconf" and "/usr/sbin/named-checkzone". You can use "named-checkconf" to check for "typo" or syntax errors in "named.conf" and use "named-checkzone" to check for errors in your zone files. Look up the man page on how to use these two time-saving utilities. | ||
− | PART 4 - Perform dynamic DNS update using the "nsupdate" command | + | ==PART 4 - Perform dynamic DNS update using the "nsupdate" command== |
* Try "nslookup" to verify that your DNS server answers queries (the static zone information) properly. | * Try "nslookup" to verify that your DNS server answers queries (the static zone information) properly. | ||
Line 211: | Line 208: | ||
− | Questions: | + | ==Questions:== |
# What rpm package contains the "nsupdate" command? | # What rpm package contains the "nsupdate" command? |
Latest revision as of 18:59, 20 March 2009
Contents
- 1 Dynamic DNS Zone Configuration
- 1.1 PART 1 - Add a sub-domain called "ddns" to your domain
- 1.2 PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain.
- 1.3 PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates
- 1.4 PART 4 - Perform dynamic DNS update using the "nsupdate" command
- 1.5 Questions:
Dynamic DNS Zone Configuration
In this lab, you add a sub-domain and configure a dynamic DNS update zone for your DNS server using the BIND software on your Fedora Linux. The Dynamic DNS zone accepts updates from the command line utility "nsupdate" and/or a properly configured DHCP client or server.
Prerequisite:
* Complete Lab on Caching Name Server and/or Authoritative Name Server (NAD710)
Reference:
- BIND 9 Administrator Reference Manual
- Secure dynamic DNS howto
- RFC 2136 - Dynamic Updates in the Domain Name System (DNS UPDATE)
- Man page: nsupdate
Tasks:
=* Add a sub-domain called "ddns" to your domain
- Configure named.conf to allow dynamic DNS update to the ddns sub-domain zone file
- Create the initial forward-mapping and reverse-mapping zone files for dynamic DNS update
- Perform dynamic DNS update using the "nsupdate" command
Data used in the following instructions (replace the Host Names and IP addresses as are appropriate for your domain):
- Primary DNS name server:
- Host Name: ns1.mydomain.com
- IP: 192.168.0.105
- Domain: mydomain.com
- Dynamic DNS sub-domain: ddns.mydomain.com
- All hosts in the dynamic DNS sub-domain are in the 172.16.101.0/24 network
PART 1 - Add a sub-domain called "ddns" to your domain
- If your domain is called "mydomain.com", create a sub-domain called "ddns.mydomain.com".
- Set aside the network 172.16.101.0/24 for the "ddns" sub-domain.
PART 2 - Configure named.conf to allow dynamic DNS update to the zone file for your "ddns" sub-domain.
- Add the "forward-mapping" and "reverse-mapping" zones for the new sub-domain to your named.conf file. If the new sub-domain is "ddns.mydomain.com", use the same name for the forward-mapping zone name. If all the hosts in the sub-domain are in the same network "172.16.101.0/24", use "101.16.172.in-addr.arpa" for the reverse-mapping zone name. Use the following file names for the forward-mapping and reverse-mapping zone file:
- forward-mapping zone file: db-ddns.hosts
- reverse-mapping zone file: db-ddns.rev
- Locate the file called "named.conf", either in /etc or /var/named/chroot/etc directory.
- Edit the file "/etc/named.conf" (or "/var/named/chroot/etc/named.conf" if you run "bind" in a "chroot jail"). You need to add two zone statements, one points to the file "db-ddns.hosts" and the other points to "db-ddns.rev":
zone "ddns.mydomain.com" IN { type master; file "db-ddns.hosts"; allow-update { localhost; }; };
zone "101.16.172.in-addr.arpa" IN { type master; file "db-ddns.rev"; allow-update { localhost; }; };
- Replace "ddns.mydomain.com" and "101.16.172.in-addr.arpa" with your own zone names.
PART 3 - Create the initial forward-mapping and reverse-mapping zone files for dynamic updates
- Create the initial forward-mapping zone file: db-ddns.hosts:
$TTL 1d1h ddns.mydomain.com. IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( 20051004 ; Serial 1h ; Refresh 15m ; Retry 30d ; Expire 1h) ; Minimum ddns.mydomain.com. IN NS ns1.mydomain.com.
- Create the inital reverse-mapping zone file: db-ddns.rev:
$TTL 1d1h @ IN SOA ns1.mydomain.com. root.ns1.mydomain.com. ( 200510041 ; Serial 1h ; Refresh 15m ; Retry 30d ; Expire 1h ) ; Minimum IN NS localhost.
- In the above two files, replace "mydomain.com" with your own domain name and "ns1" with the host name of your DNS server.
- Start (or re-start) the "named" daemon (service named restart), if it does not complain, go to next step, otherwise check the contents of "named.conf", "db-ddns.hosts" and "db-ddns.rev". You should also check the file "/var/log/messages" for diagnostic messages. There are two utilities that come with the "bind" package, they are "/usr/sbin/named-checkconf" and "/usr/sbin/named-checkzone". You can use "named-checkconf" to check for "typo" or syntax errors in "named.conf" and use "named-checkzone" to check for errors in your zone files. Look up the man page on how to use these two time-saving utilities.
PART 4 - Perform dynamic DNS update using the "nsupdate" command
- Try "nslookup" to verify that your DNS server answers queries (the static zone information) properly.
- Run "nsupdate" to add an A record for the host "myhost.ddns.mydomain.com" with 172.16.101.12:
# nsupdate -d > server 192.168.0.105 > update add myhost.ddns.mydomain.com. 300 A 172.16.101.12 > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18703 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;myhost.ddns.mydomain.com. IN SOA ;; AUTHORITY SECTION: ddns.mydomain.com. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 20051005 3600 900 2592000 3600 Found zone name: ddns.mydomain.com The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 26198 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Run "nsupdate" to add an incorrect PTR record for the host "myhost.ddns.mydomain.com.":
# nsupdate -d > server 192.168.0.105 > update add 123.101.16.172.in-addr.arpa. 7200 PTR myhost.ddns.mydomain.com. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30282 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;123.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510041 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7560 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Restart "named" and view and record the contents of the two zone files: "db-ddns.hosts" and "db-ddns.rev".
- Run "nsupdate" to delete an non-existence PTR record and then the incorrect PTR record for myhost.ddns.mydomain.com. Compare the debug messages.
(a) Try first to delete a non-existence PTR record:
> update delete 29.101.16.172.in-addr.arpa. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1839 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;29.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 55537 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
(b) Now try to delete the incorrect PTR record that was added before:
> update delete 123.101.16.172.in-addr.arpa. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23250 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;123.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 3600 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510042 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22171 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Restart "named", view and record the contents of the reverse-mapping zone file "db-ddns.rev".
- Add the correct PTR record for myhost.ddns.mydomain.com:
# nsupdate -d
> server 192.168.0.105 > update add 12.101.16.172.in-addr.arpa. 120 PTR myhost.ddns.mydomain.com. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64116 ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;12.101.16.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 101.16.172.in-addr.arpa. 0 IN SOA ns1.mydomain.com. root.ns1.mydomain.com. 200510045 3600 900 2592000 3600 Found zone name: 101.16.172.in-addr.arpa The master is: ns1.mydomain.com Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 65232 ;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
- Restart named, check and record the change(s) in the db-ddns.rev file
- Try to add the same PTR record the second time and find out what would happen.
- Copy BIND's main configuration file named.conf (in /etc or in /var/named/chroot/etc directory) and all your zone files to a temporary directory and tar them into a tar ball file called bind_data.tar and email it to your instructor.
Questions:
- What rpm package contains the "nsupdate" command?
- What does the "-d" option do for the "nsupdate" command?
- What RFC define Dynamic DNS update protocol?
- Can you send dynamic DNS update to a name server which use a non-standard (i.e 53) port?
- What are the steps to add an "A" record to your "ddns" domain for a host called "linux" with 172.16.101.90 using nsupdate?
- What are the steps to add an "PTR" record for the host in question 5 using nsupdate?
- What are the steps to add a "CNAME" record for "gnu.ddns.mydomain.com" that point to linux.ddns.mydomain.com" using nsupdate?
- What are the steps to delete the "A" record create in question 5?
- What are the steps to delete the "PTR" record in question 6?
- What are the steps to delete the CNAME record in question 7?
- What would happen when you try to delete a non-existence resouce record (PRT, A record etc.) to a dynamic zone?
- What would happen when you try to add a duplicated resource record to a dynamic zone?
Note: When using the nsupdate to create A, PTR and CNAME records, use a TTL of 5 minutes.