Difference between revisions of "OPS535 A2 201603"
m (→Due Dates: - updating for Summer 2019) |
m (Updating for online delivery) |
||
(15 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [[Category:OPS535]][[Category:rchan]] | + | [[Category:OPS535]][[Category:rchan]][[Category:peter.callaghan]] |
= Due Dates = | = Due Dates = | ||
* This assignment worth 15% of your final grade. | * This assignment worth 15% of your final grade. | ||
− | * | + | * See blackboard for the due date. |
− | * Important: You must be in the Lab on the due date to present your systems in order to have your assignment marked unless it is for medical reason. | + | <!--* Important: You must be in the Lab on the due date to present your systems in order to have your assignment marked unless it is for medical reason.--> |
=Specification= | =Specification= | ||
== Basic Services == | == Basic Services == | ||
− | Setup an Internet email system for your assigned DNS Domain using the Virtual Machines in your Virtual Network. Your Internet email system must provide the following functions | + | Setup an Internet email system for your assigned DNS assignment Domain using the Virtual Machines in your assignment Virtual Network. Your Internet email system must provide the following functions: |
* A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain. | * A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain. | ||
− | ** Users in your domain must be able to send emails to users in the same domain and users in other students' domains in the class. | + | <!--** Users in your domain must be able to send emails to users in the same domain and users in other students' domains in the class. |
− | ** Users in your domain must be able to receive emails from other email users (both in your domain | + | ** Users in your domain must be able to receive emails from other email users (both in your domain and from other domains).--> |
− | * An IMAP Access Agent (running dovecot) allowing users in your domain to remotely access their mail. | + | ** Users in your assignment domain must be able to send emails to users in the same domain and users in your lab domain (in theory, this would include any other domain). |
− | ** Users in your domain must be able to access/manage their mail box using IMAP(s) clients | + | ** Users in your domain must be able to receive emails from other email users (both in your lab domain and from other domains). |
− | * You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject | + | <!--* An IMAP Access Agent (running dovecot) allowing users in your domain to remotely access their mail. |
− | * Configure your | + | ** Users in your domain must be able to access/manage their mail box using IMAP(s) clients.--> |
− | * Configure your | + | * You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject emails that are violating the sender policy. |
− | **Provide the administrator for | + | * Configure your pri-dns server to implement and provide the SPF protection for your assignment domain. |
− | **Configure a DNSSEC Trust Anchor so that your co-nfs server considers the .ops | + | * Configure your pri-dns server to implement and provide the DNSSEC records for your assignment domain. |
+ | **Provide the administrator for your top domain (The one on your host) with a copy of the DS key for your assignment domain. If you have not already done so, include the glue record as well. | ||
+ | **Configure a DNSSEC Trust Anchor so that your co-nfs server considers your top-domain server (the one with the <yourname>.ops zone) to already be authenticated. | ||
== Supporting Services == | == Supporting Services == | ||
You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1): | You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1): | ||
− | * | + | * Pri-dns must be the primary DNS name server for your assignment domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s). It must be queriable by any machine. |
− | **Provide the administrator of the .ops domain | + | **Provide the administrator of the <yourname>.ops domain with glue records for your domain. |
− | * | + | * Co-nfs must be a caching DNS server, accessible to machines in your networks, that will forward traffic to the server for the <yourname>.ops domain (your host), then to your rns-ldap. |
+ | * Rns-ldap must be a forwarding server only. | ||
+ | **It must only be queriable by your co-nfs. | ||
+ | **It must have a copy of the root-hints zone. | ||
+ | <!-- | ||
== BONUS == | == BONUS == | ||
# Optional: Use LDAP authentication to secure your web mail server or Access Agent. (Bonus item +10%) | # Optional: Use LDAP authentication to secure your web mail server or Access Agent. (Bonus item +10%) | ||
− | + | # Optional: Implement dynamic firewall rules to block black-listed IP addresses of email spammer. (Bonus item +10%) --> | |
= Evaluation = | = Evaluation = | ||
==Script== | ==Script== | ||
− | + | <!-- | |
On the due date you will be tasked to: | On the due date you will be tasked to: | ||
# Add two new email users to your domain. Name of the new users will be given in class. | # Add two new email users to your domain. Name of the new users will be given in class. | ||
Line 39: | Line 45: | ||
# receive the reply email from the designated user of the other domain. | # receive the reply email from the designated user of the other domain. | ||
# query a record from another domain | # query a record from another domain | ||
− | # query a record from another domain with dnssec information included. | + | # query a record from another domain with dnssec information included.--> |
I will post a script to blackboard that will capture your configuration and logs. You will run this script on your machines and upload the output to blackboard. | I will post a script to blackboard that will capture your configuration and logs. You will run this script on your machines and upload the output to blackboard. | ||
If you have any questions or need any clarification, please email your instructor at least one week before the posted due date. | If you have any questions or need any clarification, please email your instructor at least one week before the posted due date. |
Latest revision as of 20:04, 3 November 2020
Contents
Due Dates
- This assignment worth 15% of your final grade.
- See blackboard for the due date.
Specification
Basic Services
Setup an Internet email system for your assigned DNS assignment Domain using the Virtual Machines in your assignment Virtual Network. Your Internet email system must provide the following functions:
- A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain.
- Users in your assignment domain must be able to send emails to users in the same domain and users in your lab domain (in theory, this would include any other domain).
- Users in your domain must be able to receive emails from other email users (both in your lab domain and from other domains).
- You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject emails that are violating the sender policy.
- Configure your pri-dns server to implement and provide the SPF protection for your assignment domain.
- Configure your pri-dns server to implement and provide the DNSSEC records for your assignment domain.
- Provide the administrator for your top domain (The one on your host) with a copy of the DS key for your assignment domain. If you have not already done so, include the glue record as well.
- Configure a DNSSEC Trust Anchor so that your co-nfs server considers your top-domain server (the one with the <yourname>.ops zone) to already be authenticated.
Supporting Services
You need the following services and network infrastructure to support your Internet Email System (some of which should have been configured in assignment 1):
- Pri-dns must be the primary DNS name server for your assignment domain with the proper MX record(s), SPF record(s), A record(s), and PTR record(s). It must be queriable by any machine.
- Provide the administrator of the <yourname>.ops domain with glue records for your domain.
- Co-nfs must be a caching DNS server, accessible to machines in your networks, that will forward traffic to the server for the <yourname>.ops domain (your host), then to your rns-ldap.
- Rns-ldap must be a forwarding server only.
- It must only be queriable by your co-nfs.
- It must have a copy of the root-hints zone.
Evaluation
Script
I will post a script to blackboard that will capture your configuration and logs. You will run this script on your machines and upload the output to blackboard.
If you have any questions or need any clarification, please email your instructor at least one week before the posted due date.