Difference between revisions of "SRT210 Lab 4"

From CDOT Wiki
Jump to: navigation, search
(Created page with "= Objectives = * Understand the principles of how DNS works. = PART 1: PREREQUISITES = You should have completed all the previous labs to date. That means before starting t...")
(No difference)

Revision as of 00:23, 29 January 2019

Objectives

  • Understand the principles of how DNS works.

PART 1: PREREQUISITES

You should have completed all the previous labs to date. That means before starting this lab you'll have:

  • c7host set up and running, with the default firewall modified to allow incoming SSH connections from the 192.168.210.0/24 network.
  • lin1 with a static IP address, running a web server, and the default firewall modified to allow access to that web server.
  • lin2 with a static IP address.
  • All your machines should have iptables services installed and firewalld uninstaled (or at least disabled and stopped).

If any of that is not working for you already - you will struggle more than needed while debugging configuration issues in this lab.

PART 2: DNS OVERVIEW

DNS is technically not a required part of the internet, but effectively it's indispensable for nearly all services of every sort on the internet. We'll spend a couple of weeks on topics related to DNS.

Read sections 1-3 from the Wikibooks DNS page.

PART 3: YOUR OWN DNS SERVER

Each of you will set up your own DNS server. We'll set up Bind on lin2 to do the work. The domains you configure will work for you or anyone who explicitly sets up their systems to use your DNS server. They will not work on the internet, because you'd have to pay a registrar to have your domain/server globally registered.

Installation

Install Bind on your lin2.

Configuration

An authoritative Bind server has a global configuration file (named.conf) and at least one zone file for the zone it's authoritative for.

/etc/named.conf

When you install Bind you'll get a default /etc/named.conf. Copy this file over to a backup location and empty the original (do not delete or move it as that will cause SELinux not to trust it). We will be writing one from scratch with only the following contents, but use your own X value where applicable.

options {
        directory "/var/named/";
        allow-query {any;};
        forwarders { 142.204.1.2; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
	channel my_queries_channel {
		file "queries/log.txt";
		severity info;
	};
	category queries {
		my_queries_channel;
	};
};

zone "localhost" {
        type master;
        file "named.localhost";
};
zone "yoursenecaid.ops" {
        type master;
        file "mydb-for-yoursenecaid-ops";
};

You need to understand all the options in this file except the localhost zone, so that in the future (for example in a test) you can quickly set up a DNS server for a new zone. So look up in the reference these things and write down what they do:

  • directory
  • allow-query
  • forwarders
  • type
  • file

Create the directory and the log file for logging queries:

mkdir /var/named/queries
touch /var/named/queries/log.txt
chown root:named /var/named/queries
chown named:named /var/named/queries/log.txt
chmod 770 /var/named/queries 
chmod 644 /var/named/queries/log.txt

If you have SELinux enabled, you need to set the proper file context for the direcotry and the log file using the following two commands:

chcon system_u:object_r:named_cache_t:s0 /var/named/queries
chcon system_u:object_r:named_cache_t:s0 /var/named/queries/log.txt

The "ls -lZ" command lists the file context.


Lab completion

  • Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
  • Have notes in your labbook from this lab.
  • Show your work to the professor and have them sign your labbook.