932
edits
Changes
m
Moving DNS server onto host - investigation 1
= INVESTIGATION 1: CONFIGURING THE DNS SERVER =
We will now be '''installing, configuring and running a DNS server on our vm1host'''. In most networks, the gateway would '''not''' also be a DNS server,but if we places ours on a virtual machine we would need that VM to always be running in order for the other VMs to retrieve updates, install software, or even communicate with each other.
== Preparation ==
First, ensure that the '''host''' and '''vms''' are running, and (on that none of your machines have entries for the host only) set or any of the '''domain name''' of each of your four machines via '''VMs in /etc/hosts''': * '''host.yoursenecaid.ops'''* '''vm1.yoursenecaid.ops'''* '''vm2.yoursenecaid.ops'''* '''vm3.yoursenecaid.ops''' You should notice that these host and domain names are settings that are <u>local</u> to each machine. What In previous courses you did may have relied on the host does not affect the VMs and contents of /etc/hosts but you will still not be able to contact '''vm1.yoursenecaid.ops''' from '''vm3'''. That occurs since use them in this course so that you are currently using the '''Seneca''' and other public can see how vital a properly functioning DNS servers which know nothing about domain name: ''yoursenecaid.ops'' This preparation step server is actually unnecessary for this lab's purpose (do you know why it is unnecessary?). On the other hand, by performing the above operations, it will make things appear more consistent, and may make your life a little easier.
== Installation ==
Install Bind on your '''vm1host''' machine.
== Configuration ==
directory "/var/named/";
allow-query {127.0.0.1; 192.168.X.0/24;};
forwarders { 192.168.X48.1; };
};
zone "localhost" {
* '''type'''
* '''file'''
Note: If you are using a drive an a removable bay, you will need to set the forwarders address differently. Pick any one of the DNS servers that are provided through DHCP.
=== Zone file ===
<pre>
$TTL 3D
@ IN SOA vm1host.yoursenecaid.ops. hostmaster.yoursenecaid.ops.( 2016010301 2018042901 ; Serial
8H ; Refresh
2H ; Retry
1D ; Negative Cache TTL
);
@ IN NS vm1host.yoursenecaid.ops.vm1 host IN A 192.168.X.21
</pre>
# Check that the ''named'' service is running using the '''ps ax''' command (perhaps combined with '''grep'''), and separately, the '''systemctl''' command (if necessary), or check the '''/var/log/messages''' file for troubleshooting purposes.
# Once you are certain that the ''named'' service had started and runs without errors, then set it to '''start automatically''' (i.e. enable the named service) when this virtual machine boots.
# You also need to set '''vm1host''' as the primary domain name server ('''DNS1''') for your '''vm1host''' machine to your '''vm1 host machine's ifcfg file'''<br /><br />'''NOTE:''' You should know how to do that, but if you forgot the procedure, refer to [http://zenit.senecac.on.ca/wiki/index.php/OPS335_Lab_1#Making_Persistent_.28Permanent.29_Network_Setting_Changes Lab 1].<br><br># Now that you know the service works, '''add the resource records necessary for it to provide forward lookups of the other machines in your virtual network''' (hint: You should only need three morerecords) and restart the service.
== Firewall rules update ==
Remember that you are supposed to have a working firewall on your '''vm1host''' (and every other machine), but we will focus on our vm1 machine for now. A <u>working</u> firewall will block requests to ports that you didn't explicitly allow. This means that at this point, your DNS server, even though it's perfectly configured, is <u>'''inaccessible'''</u> to any other machine because iptables won't allow the requests to come in (the machine can communicate with itself using the rule that allows all traffic on the '''lo''' interface).
'''Perform the Following Steps:'''
# Note: Since you are going to save your firewall at the end of this step, you may wish to restart iptables now in order to avoid saving the rules the libvirtd automatically adds to your INPUT, FORWARD, and POSTROUTING chains.# You will need to update the firewall on '''vm1host''' to allow <u>incoming</u> connections to '''port 53 for both UDP and TCP''' (i.e. the protocol and port that DNS uses).
# After you have updated your firewall, save your iptables rules.