1,234
edits
Changes
Created page with "= Objectives = * Understand the principles of how DNS works. = PART 1: PREREQUISITES = You should have completed all the previous labs to date. That means before starting t..."
= Objectives =
* Understand the principles of how DNS works.
= PART 1: PREREQUISITES =
You should have completed all the previous labs to date. That means before starting this lab you'll have:
* c7host set up and running, with the default firewall modified to allow incoming SSH connections from the 192.168.210.0/24 network.
* lin1 with a static IP address, running a web server, and the default firewall modified to allow access to that web server.
* lin2 with a static IP address.
* All your machines should have iptables services installed and firewalld uninstaled (or at least disabled and stopped).
If any of that is not working for you already - you will struggle more than needed while debugging configuration issues in this lab.
= PART 2: DNS OVERVIEW =
DNS is technically not a required part of the internet, but effectively it's indispensable for nearly all services of every sort on the internet. We'll spend a couple of weeks on topics related to DNS.
Read sections 1-3 from the [https://en.wikibooks.org/wiki/Communication_Networks/DNS Wikibooks DNS page].
= PART 3: YOUR OWN DNS SERVER =
Each of you will set up your own DNS server. We'll set up Bind on lin2 to do the work. The domains you configure will work for you or anyone who explicitly sets up their systems to use your DNS server. They will not work on the internet, because you'd have to pay a registrar to have your domain/server globally registered.
== Installation ==
Install Bind on your '''lin2'''.
== Configuration ==
An [https://en.wikipedia.org/wiki/Domain_Name_System#Authoritative_name_server authoritative] Bind server has a global configuration file (named.conf) and at least one zone file for the zone it's authoritative for.
=== /etc/named.conf ===
When you install Bind you'll get a default '''/etc/named.conf'''. Copy this file over to a backup location and empty the original (do not delete or move it as that will cause SELinux not to trust it). We will be writing one from scratch with only the following contents, but use your own X value where applicable.
<pre>
options {
directory "/var/named/";
allow-query {any;};
forwarders { 142.204.1.2; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel my_queries_channel {
file "queries/log.txt";
severity info;
};
category queries {
my_queries_channel;
};
};
zone "localhost" {
type master;
file "named.localhost";
};
zone "yoursenecaid.ops" {
type master;
file "mydb-for-yoursenecaid-ops";
};
</pre>
You need to understand all the options in this file except the localhost zone, so that in the future (for example in a test) you can quickly set up a DNS server for a new zone. So look up in [http://www.zytrax.com/books/dns/ch7/statements.html the reference] these things and write down what they do:
* '''directory'''
* '''allow-query'''
* '''forwarders'''
* '''type'''
* '''file'''
Create the directory and the log file for logging queries:
<source>
mkdir /var/named/queries
touch /var/named/queries/log.txt
chown root:named /var/named/queries
chown named:named /var/named/queries/log.txt
chmod 770 /var/named/queries
chmod 644 /var/named/queries/log.txt
</source>
If you have SELinux enabled, you need to set the proper file context for the direcotry and the log file using the following two commands:
<source>
chcon system_u:object_r:named_cache_t:s0 /var/named/queries
chcon system_u:object_r:named_cache_t:s0 /var/named/queries/log.txt
</source>
The "ls -lZ" command lists the file context.
= Lab completion =
* Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
* Have notes in your labbook from this lab.
* Show your work to the professor and have them sign your labbook.
* Understand the principles of how DNS works.
= PART 1: PREREQUISITES =
You should have completed all the previous labs to date. That means before starting this lab you'll have:
* c7host set up and running, with the default firewall modified to allow incoming SSH connections from the 192.168.210.0/24 network.
* lin1 with a static IP address, running a web server, and the default firewall modified to allow access to that web server.
* lin2 with a static IP address.
* All your machines should have iptables services installed and firewalld uninstaled (or at least disabled and stopped).
If any of that is not working for you already - you will struggle more than needed while debugging configuration issues in this lab.
= PART 2: DNS OVERVIEW =
DNS is technically not a required part of the internet, but effectively it's indispensable for nearly all services of every sort on the internet. We'll spend a couple of weeks on topics related to DNS.
Read sections 1-3 from the [https://en.wikibooks.org/wiki/Communication_Networks/DNS Wikibooks DNS page].
= PART 3: YOUR OWN DNS SERVER =
Each of you will set up your own DNS server. We'll set up Bind on lin2 to do the work. The domains you configure will work for you or anyone who explicitly sets up their systems to use your DNS server. They will not work on the internet, because you'd have to pay a registrar to have your domain/server globally registered.
== Installation ==
Install Bind on your '''lin2'''.
== Configuration ==
An [https://en.wikipedia.org/wiki/Domain_Name_System#Authoritative_name_server authoritative] Bind server has a global configuration file (named.conf) and at least one zone file for the zone it's authoritative for.
=== /etc/named.conf ===
When you install Bind you'll get a default '''/etc/named.conf'''. Copy this file over to a backup location and empty the original (do not delete or move it as that will cause SELinux not to trust it). We will be writing one from scratch with only the following contents, but use your own X value where applicable.
<pre>
options {
directory "/var/named/";
allow-query {any;};
forwarders { 142.204.1.2; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel my_queries_channel {
file "queries/log.txt";
severity info;
};
category queries {
my_queries_channel;
};
};
zone "localhost" {
type master;
file "named.localhost";
};
zone "yoursenecaid.ops" {
type master;
file "mydb-for-yoursenecaid-ops";
};
</pre>
You need to understand all the options in this file except the localhost zone, so that in the future (for example in a test) you can quickly set up a DNS server for a new zone. So look up in [http://www.zytrax.com/books/dns/ch7/statements.html the reference] these things and write down what they do:
* '''directory'''
* '''allow-query'''
* '''forwarders'''
* '''type'''
* '''file'''
Create the directory and the log file for logging queries:
<source>
mkdir /var/named/queries
touch /var/named/queries/log.txt
chown root:named /var/named/queries
chown named:named /var/named/queries/log.txt
chmod 770 /var/named/queries
chmod 644 /var/named/queries/log.txt
</source>
If you have SELinux enabled, you need to set the proper file context for the direcotry and the log file using the following two commands:
<source>
chcon system_u:object_r:named_cache_t:s0 /var/named/queries
chcon system_u:object_r:named_cache_t:s0 /var/named/queries/log.txt
</source>
The "ls -lZ" command lists the file context.
= Lab completion =
* Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
* Have notes in your labbook from this lab.
* Show your work to the professor and have them sign your labbook.
