NAD710 Lab 5A
Contents
- 1 NAD710 - Introduction to Networks - Using Linux
- 2 Objectives
- 3 Procedure
- 3.1 Preparation
- 3.2 Domain Information
- 3.3 Create forward lookup zone data in /var/named/lux.db
- 3.4 Create reverse lookup zone data in /var/named/142.204.141.db
- 3.5 Add the zone definition to named.conf
- 3.6 Configure the name server to act as an authoritative only name server
- 3.7 Add logging for queries
- 3.8 Start the Name Server
- 3.9 If iptables is running
- 3.10 Test your authoritative name server
- 3.11 Configure your authoritative name server to perform resolving function
- 3.12 Test your authoritative and resolving name server
- 4 Completing the Lab
NAD710 - Introduction to Networks - Using Linux
Objectives
- Configure BIND to run as an authoritative Name server for the domain lux.on.ca
- Configure BIND to run as an authoritative and resolving Name server
- Study recursive and iterative DNS queries/responds
Procedure
Preparation
If you are doing this lab in T2107, you should boot up "Fedora Core 8 Test" and follow the procedure to install and configure a caching only name server as described in Lab 5. If you are doing this lab on your own computer, you must complete Lab 5 first.
Domain Information
- You have registered the Internet Domain Name called "lux.on.ca".
- You have assigned the following IP addresses and host names to your servers:
- 142.204.141.71 to nad710 (FQDN: nad710.lux.on.ca)
- 142.204.141.72 to spr720
- 142.204.141.73 to lpt730
- 142.204.141.74 to xwn740
- 142.204.141.xx to ns
- ns.lux.on.ca is your primary DNS server, replace xx with the actual IP
- You have registered the Inverse Internet Domain "141.204.142.in-addr.arpa" for your 142.204.141.0/24 network
Create forward lookup zone data in /var/named/lux.db
$TTL 1D @ IN SOA ns.lux.on.ca. root.ns.lux.on.ca. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.lux.on.ca. ns.lux.on.ca. A 142.204.141.xx nad710 A 142.204.141.71 spr720 A 142.204.141.72 lpt730 A 142.204.141.73 xwn740 A 142.204.141.74
You need to set the proper file ownership and permissions as well:
chown root.named /var/named/lux.db chmod 640 /var/named/lux.db
Create reverse lookup zone data in /var/named/142.204.141.db
$TTL 1D @ IN SOA ns.lux.on.ca. root.ns.lux.on.ca. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.lux.on.ca. xx PTR ns.lux.on.ca. 71 PTR nad710.lux.on.ca. 72 PTR spr720.lux.on.ca. 73 PTR lpt730.lux.on.ca. 74 PTR xwn740.lux.on.ca.
You need to set the proper file ownership and permissions as well:
chown root.named /var/named/142.204.141.db chmod 640 /var/named/142.204.141.db
Add the zone definition to named.conf
Add the zone for "lux.on.ca" to /etc/named.conf
zone "lux.on.ca" IN {
type master;
file "lux.db";
};
Add the zone for "141.204.142.in-addr.arpa" to /etc/named.conf
zone "141.204.142.in-addr.arpa" IN {
type master;
file "142.204.141.db";
};
Configure the name server to act as an authoritative only name server
Set the following in the "options" section:
- listen-on port 53 { any; };
- allow-query { any; };
- recursion no;
Add logging for queries
Add the following blue coloured lines to the main configuration file /etc/named.conf
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel my_queries_channel {
file "queries/log.txt";
severity info;
};
category queries {
my_queries_channel;
};
};
Excute the following command to create the directory and the log file for logging queries:
mkdir /var/named/queries touch /var/named/queries/log.txt chown root:named /var/named/queries chown named:named /var/named/queries/log.txt chmod 770 /var/named/queries chmod 644 /var/named/queries/log.txt
If you have SELinux enabled, you need to set the proper file context for the direcotry and the log file using the following two commands:
chcon system_u:object_r:named_cache_t:s0 /var/named/queries chcon system_u:object_r:named_cache_t:s0 /var/named/queries/log.txt
The "ls -lZ" command lists the file context.
Start the Name Server
Use the following service command to start the Name Server daemon:
service named start
If there is any error or warning when starting up the named daemon, you should see them show up in the system log file (/var/log/messages).
If iptables is running
Enter the following commands to open UDP and TCP port 53 for DNS queries from other computers:
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
Test your authoritative name server
You can perform the following tests on the name server machine or from other computers in the lab:
Tests using nslookup
- start nslookup
- set the server to point to your authoritative name server
- turn on debug: set debug
- query "ns.lux.on.ca" and record the output
- query "cs.senecac.on.ca" and record the output
- query 142.204.141.71 and record the output
- query 142.204.1.2 and record the output
- check the logging file (/var/named/queries/log.txt) to make sure that the logging function is configure properly.
Tests using the dig command
- use the dig command with the appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
- do the same for cs.senecac.on.ca
- use the dig command with the appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
- do the same for 142.204.1.2
Tests using the host command
- use the host command with the -v and other appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
- do the same for cs.senecac.on.ca
- use the host command with the -v and other appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
- do the same for 142.204.1.2
Configure your authoritative name server to perform resolving function
Modify the recursion option in the options statement to yes in the named.conf file:
recursion yes;
Restart the name server daemon. Check the system log file to make sure that the name server daemon restarted successfully.
Test your authoritative and resolving name server
You can perform the following tests on your computer or from other computers in the lab:
Tests using nslookup
- start nslookup
- set the server to point to your name server
- turn on debug: set debug
- query "ns.lux.on.ca" and record the output
- query "cs.senecac.on.ca" and record the output
- turn off recursion: set norecurse
- query "cs.senecac.on.ca" and record the output
Tests using the dig command
- use the dig command with the appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
- do the same for cs.senecac.on.ca
- use the no recursion switch to lookup A record for cs.senecac.on.ca. Record the command and output
- use the dig command with the appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
- do the same for 142.204.1.2
- use the no recursion switch to lookup PTR record for 142.204.1.2. Record the command and output.
Tests using the host command
- use the host command with the -v and other appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
- do the same for cs.senecac.on.ca
Completing the Lab
- Review the query log file (/var/named/queries/log.txt)
- Document and comment on your test results (including commands used and their corresponding outputs) in a text file (lab5a.txt)
- Email the text file and the query log file to your professor before the study break.
