NAD710 Lab 5

From CDOT Wiki
Jump to: navigation, search

NAD710 - Introduction to Networks - Using Linux

Objective

  • Install the BIND (Berkeley Internet Name Domain) software and study some of its basic features
  • Set up and Configure BIND for a Caching-only Name server

Background Information

The Domain Name System (DNS) is a hierarchical, distributed database storing information mainly for mapping FQDNs (fully qualify domain name) to IP addresses and vice versa. The distributed database consists of "zone" files which are managed by software called "name server". BIND is one of the popular name servers software in use today. The BIND software supports all three type of name servers: Caching-only (or recursive/resolving) name server, Primary (or authoritative) Name Server, and Secondary (or slave) Name Server. This lab investigates the set up and configuration of Caching-only name server.

Procedure

Software update and Installation

If you are doing this lab in T2107, boot up Fedora Core 8 Test and issue the following command to check the availability of the BIND software on the system:

[poker@localhost ~]$ rpm -q bind

If the output is "package bind is not installed", then you need to install the "bind" package. Before you run any "yum" command, you must first go through the Senenet authentication with a web browser and then open a terminal window for running the following steps to install the "bind" package from Fedora Core's repository:

[poker@localhost ~]$ su -
password: ....
[root@localhost ~]# yum update
...
[root@localhost ~]# yum install bind

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 bind                    x86_64     32:9.5.0-29.P2.fc8  updates-newkey    1.6 M
Updating:
 bind-libs               x86_64     32:9.5.0-29.P2.fc8  updates-newkey    986 k
Updating for dependencies:
bind-utils              x86_64     32:9.5.0-29.P2.fc8  updates-newkey    194 k 

Transaction Summary
=============================================================================
Install      1 Package(s)         
Update       2 Package(s)         
Remove       0 Package(s)         

Total download size: 2.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): bind-utils-9.5.0-2 100% |=========================| 194 kB    00:00     
(2/3): bind-libs-9.5.0-29 100% |=========================| 986 kB    00:01     
(3/3): bind-9.5.0-29.P2.f 100% |=========================| 1.6 MB    00:02     
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6df2196f
Importing GPG key 0x6DF2196F "Fedora (8 and 9) <fedora@fedoraproject.org>" from  /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-8-and-9
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : bind-libs                    ######################### [1/5] 
  Installing: bind                         ######################### [2/5] 
  Updating  : bind-utils                   ######################### [3/5] 
  Cleanup   : bind-libs                    ######################### [4/5] 
  Cleanup   : bind-utils                   ######################### [5/5] 

Installed: bind.x86_64 32:9.5.0-29.P2.fc8
Updated: bind-libs.x86_64 32:9.5.0-29.P2.fc8
Dependency Updated: bind-utils.x86_64 32:9.5.0-29.P2.fc8
Complete!

Study the BIND package

  • Use the "rpm -ql" command to list all the files in the bind package.
  • There are several man pages included with the bind package for the corresponding bind tools, study the following man pages to find out the function of each of the following tools:
    • named-checkconf
    • named-checkzone
    • rndc
  • Use the "rpm -ql" command to list all the file in the bind-utils package.
  • There are several man pages included with the bind-utils package for the corresponding bind utilities, study the following man page to find out how to use them:
    • dig
    • host
    • nslookup

Files for running a Caching-Only Name Server

To run a Caching-Only name server, you need at least the following files:

/etc/named.conf - main configuration file for named (the name server daemon)
/var/named/named.ca - caching file for the root name servers
/var/named/named.localhost - zone file for the localhost zone
/var/named/named.loopback - reverse zone file for the loopback interface 127.0.0.1
/var/named/named.empty - reverse zone file for the 0.in-addr.arpa zone
/etc/named.rfc1912.zones - container file for zone files

You should have the above files on your system after installing the bind package. Take a quick look at each file and make sure that they are not empty.

Start/stop the name server

  • Use the command "service named start" to start the name server
  • Use the command "service named stop" to stop the name server.
  • Use the command "service named status" to check the status of the name server.

Testing the name server locally

You can use the bind utilities: host, dig, or nslookup. The following is an interactive nslookup session:

[root@localhost ~]# nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

1.0.0.127.in-addr.arpa  name = localhost.
> localhost.
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   localhost
Address: 127.0.0.1
> exit

The BIND software has a feature that return the version number of the name server daemon running if a special query is sent to the server. The following dig query command can be used to obtain this information:

[root@localhost ~]# dig @127.0.0.1 version.bind txt chaos

; <<>> DiG 9.5.0-P2 <<>> @127.0.0.1 version.bind txt chaos
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10152
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.5.0-P2" 

;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Oct  1 11:53:41 2008
;; MSG SIZE  rcvd: 65

You can do the same with the following interactive nslookup session:

[root@localhost ~]# nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> set type=txt
> set class=chaos
> version.bind.
Server:         127.0.0.1
Address:        127.0.0.1#53

version.bind    text = "9.5.0-P2"

Testing the name server remotely

The default configuration for the Caching-only name server is to answer DNS queries only on the loopback interface. To make the Caching-only namer server to answer queries from the network, modify the "options" section in the /etc/named.conf file from:

options {
	listen-on port 53 { 127.0.0.1; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
       memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; };
	recursion yes;
};

to:

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
       memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };
	recursion yes;
};

Use the /sbin/ifconfig command to find out the IP address of your name server. Boot up another computer next to your name server and use this as the remote test machine.

Perform the same tests on the remote machine as described above for the local tests but use the IP address of your name server in place for the server address. If the IP address of your name server is 142.204.141.176, the dig command should be in the format of "dig @142.204.141.176 ..." and the server command within the interactive nslookup session should be "server 142.204.141.176".

Make sure that you get the same results.

Hiding the BIND version number

Add the following line at the beginning of the "options" section in the /etc/named.conf file:

options {
       version none;
       listening ...
       ...
};

After the change, restart the name server and run the dig or nslookup utilities to verify the change.

Questions

  1. What is the version number of the installed BIND package?
  2. What is bind tool called "named-checkconf" use for?
  3. What is bind tool called "named-checkzone" use for?
  4. What are the names of all the other tools in the bind package?
  5. We have used the dig and nslookup bind utilities in this lab, what are the other two bind utilities and what are they for?
  6. What is the information provided by the "service named status" command?
  7. Will the "version" statement in the "/etc/named.conf" file change the output of the "service named status" command?
  8. The SOA resource record in a zone file contains 5 numbers, what is the usage of the last one?

Completing this Lab

  • Post your answers for this lab to Lab 5 Answer Page or email your answers to your professor.