1,576
edits
Changes
→Firewall rules update
We will now be '''installing, configuring and running a DNS server on our host'''. In most networks, the gateway would '''not''' also be a DNS server,
but if we places placed ours on a separate virtual machine we would need that VM to always be running in order for the other VMs to retrieve updates, install software, or even communicate with each other.
== Preparation ==
directory "/var/named/";
allow-query {127.0.0.1; 192.168.X.0/24;};
forwarders { 192.168.4840.2; };
};
zone "localhost" {
# Check that the ''named'' service is running using the '''ps ax''' command (perhaps combined with '''grep'''), and separately, the '''systemctl''' command (if necessary), or check the '''/var/log/messages''' file for troubleshooting purposes.
# Once you are certain that the ''named'' service had started and runs without errors, then set it to '''start automatically''' (i.e. enable the named service) when this virtual machine boots.
# You also need to set '''host''' as the primary domain name server ('''DNS1''') for your '''host''' machine to your '''host machine's ifcfg file'''<br /># If your host's external facing interface (ens33) is on DHCP, you will need to also add PEERDNS=NO to ifcfg file to prevent DHCP server from assigning the original DNS server (i.e. 192.168.40.2 which is used as forwarder instead by the DNS server you are setting up) <br /><br />'''NOTE:''' You should know how to do that, but if you forgot the procedure, refer to [http://zenit.senecac.on.ca/wiki/index.php/OPS335_Lab_1#Making_Persistent_.28Permanent.29_Network_Setting_Changes Lab 1].<br><br>
# Now that you know the service works, '''add the resource records necessary for it to provide forward lookups of the other machines in your virtual network''' (hint: You should only need three more records) and restart the service.
# You will need to update the firewall on '''host''' to allow <u>incoming</u> connections to '''port 53 for both UDP and TCP''' (i.e. the protocol and port that DNS uses).
# After you have updated your firewall, save your iptables rules.
# <b>Once you rules are saved, restart libvirtd to ensure NAT and forwarding rules are re-added.</b>
'''NOTE:''' You could just disable the firewall '''but that is a poor workaround!''' You are expected to be able to handle configuration (such as this) at this point in this course.
'''Arrange evidence (command output) for each of these items on your screen, then ask your instructor to review them and sign off on the lab's completion:'''
::<span style="color:green;font-size:1.5em;">✓</span>Comment out the hostname resolution (/etc/hosts) files for ALL vms, and use '''host''' command to query from a VM, the IPADDR for:<br><blockquote>'''host.yoursenecaid.ops''' , '''vm1.yoursenecaid.ops''' , '''vm2.yoursenecaid.ops''' , and '''vm3.yoursenecaid.ops'''<br/blockquote>::<span style="color:green;font-size:1.5em;">✓</span>'''nslookup''' information ('''A''', '''NS''', '''MX''' records) for:<br><blockquote>'''host.yoursenecaid.ops''' , '''vm1.yoursenecaid.ops''' , '''vm2.yoursenecaid.ops''' , '''vm3.yoursenecaid.ops'''.</blockquote>::<span style="color:green;font-size:1.5em;">✓</span>'''dig +trace''' for:<br><blockquote>'''host.yoursenecaid.ops''' , '''vm1.yoursenecaid.ops''' , '''vm2.yoursenecaid.ops''' , '''vm3.yoursenecaid.ops'''.</blockquote>
::<span style="color:green;font-size:1.5em;">✓</span>Download the labcheck3.bash checking bash shell script by issuing the command:<br><br>'''wget http://matrix.senecac.on.ca/~peter.callaghan/files/OPS335/labcheck3.bash'''<br><br>set execute permission and run the shell script on your '''host''' machine.
::*For '''Peter's classes''', follow his Online Submission instructions in Moodle.
