Open main menu

CDOT Wiki β

Changes

NAD710 Lab 5A

7,177 bytes added, 01:14, 9 October 2008
New page: <h1>NAD710 - Introduction to Networks - Using Linux</h1> =Objectives= * Configure BIND to run as an authoritative Name server for the domain lux.on.ca * Configure BIND to run as an author...
<h1>NAD710 - Introduction to Networks - Using Linux</h1>

=Objectives=
* Configure BIND to run as an authoritative Name server for the domain lux.on.ca
* Configure BIND to run as an authoritative and resolving Name server
* Study recursive and iterative DNS queries/responds

=Procedure=

== Preparation ==
If you are doing this lab in T2107, you should boot up "Fedora Core 8 Test" and follow the procedure to install and configure a caching only name server as described in [[NAD710 Lab 5|Lab 5]]. If you are doing this lab on your own computer, you must complete [[NAD710 Lab 5|Lab 5]] first.

== Domain Information ==
* You have registered the Internet Domain Name called "lux.on.ca".
* You have assigned the following IP addresses and host names to your servers:
** 142.204.141.71 to nad710 (FQDN: nad710.lux.on.ca)
** 142.204.141.72 to spr720
** 142.204.141.73 to lpt730
** 142.204.141.74 to xwn740
** 142.204.141.xx to ns
* ns.lux.on.ca is your primary DNS server, replace xx with the actual IP
* You have registered the Inverse Internet Domain "141.204.142.in-addr.arpa" for your 142.204.141.0/24 network

== Create forward lookup zone data in /var/named/lux.db ==
$TTL 1D
@ IN SOA ns.lux.on.ca. root.ns.lux.on.ca. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.lux.on.ca.
ns.lux.on.ca. A 142.204.141.xx
nad710 A 142.204.141.71
spr720 A 142.204.141.72
lpt730 A 142.204.141.73
xwn740 A 142.204.141.74

== Create reverse lookup zone data in /var/named/142.204.141.db ==
$TTL 1D
@ IN SOA ns.lux.on.ca. root.ns.lux.on.ca. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.lux.on.ca.
xx PTR ns.lux.on.ca.
71 PTR nad710.lux.on.ca.
72 PTR spr720.lux.on.ca.
73 PTR lpt730.lux.on.ca.
74 PTR xwn740.lux.on.ca.

== Add the zone definition to named.conf ==
Add the zone for "lux.on.ca" to /etc/named.conf

zone "lux.on.ca" IN {
type master;
file "lux.db";
};

Add the zone for "141.204.142.in-addr.arpa" to /etc/named.conf

zone "141.204.142.in-addr.arap" IN {
type master;
file "142.204.141.db";
};

== Configure the name server to act as an authoritative only name server ==
Set the following in the "options" section:
* listen-on port 53 { any; };
* allow-query { any; };
* recursion no;

== Add logging for queries ==
Add the following blue coloured lines to the main configuration file /etc/named.conf
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};<font color="blue">
channel my_queries_channel {
file "queries/log.txt";
severity info;
};
category queries {
my_queries_channel;
};</font>
};

Excute the following command to create the directory and the log file for logging queries:

mkdir /var/named/queries
touch /var/named/queries/log.txt
chown root:named /var/named/queries
chown named:named /var/named/queries/log.txt
chmod 770 /var/named/queries
chmod 644 /var/named/queries/log.txt

If you have SELinux enabled, you need to set the proper file context for the direcotry and the log file using the following two commands:
chcon system_u:object_r:named_cache_t:s0 /var/named/queries
chcon system_u:object_r:named_cache_t:s0 /var/named/queries/log.txt

The "ls -lZ" command lists the file context.

== Start the Name Server ==
Use the following service command to start the Name Server daemon:

service named start

If there is any error or warning when starting up the named daemon, you should see them show up in the system log file (/var/log/messages).

== If iptables is running==
Enter the following commands to open UDP and TCP port 53 for DNS queries from other computers:

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

== Test your authoritative name server ==
You can perform the following tests on the name server machine or from other computers in the lab:

=== Tests using nslookup ===
* start nslookup
* set the server to point to your authoritative name server
* turn on debug: set debug
* query "ns.lux.on.ca" and record the output
* query "cs.senecac.on.ca" and record the output
* query 142.204.141.71 and record the output
* query 142.204.1.2 and record the output
* check the logging file (/var/named/queries/log.txt) to make sure that the logging function is configure properly.

=== Tests using the dig command ===
* use the dig command with the appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
* do the same for cs.senecac.on.ca
* use the dig command with the appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
* do the same for 142.204.1.2

=== Tests using the host command ===
* use the host command with the -v and other appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
* do the same for cs.senecac.on.ca
* use the host command with the -v and other appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
* do the same for 142.204.1.2

== Configure your authoritative name server to perform resolving function ==
Modify the recursion option in the options statement to yes in the named.conf file:
recursion yes;

Restart the name server daemon. Check the system log file to make sure that the name server daemon restarted successfully.

== Test your authoritative and resolving name server ==
You can perform the following tests on your computer or from other computers in the lab:

=== Tests using nslookup ===
* start nslookup
* set the server to point to your name server
* turn on debug: set debug
* query "ns.lux.on.ca" and record the output
* query "cs.senecac.on.ca" and record the output
* turn off recursion: set norecurse
* query "cs.senecac.on.ca" and record the output

=== Tests using the dig command ===
* use the dig command with the appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
* do the same for cs.senecac.on.ca
* use the no recursion switch to lookup A record for cs.senecac.on.ca. Record the command and output

* use the dig command with the appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
* do the same for 142.204.1.2

* use the no recursion switch to lookup PTR record for 142.204.1.2. Record the command and output.

=== Tests using the host command ===
* use the host command with the -v and other appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
* do the same for cs.senecac.on.ca

=Completing the Lab=
* Review the query log file (/var/named/queries/log.txt)
* Document and comment on your test results (including commands used and their corresponding outputs) in a text file (lab5a.txt)
*Email the text file and the query log file to your professor before the study break.

[[Category:NAD]]
1
edit