NAD710 Lab 5A

From CDOT Wiki
Jump to: navigation, search

NAD710 - Introduction to Networks - Using Linux

Objectives

  • Configure BIND to run as an authoritative Name server for the domain lux.on.ca
  • Configure BIND to run as an authoritative and resolving Name server
  • Study recursive and iterative DNS queries/responds

Procedure

Preparation

If you are doing this lab in T2107, you should boot up "Fedora Core 8 Test" and follow the procedure to install and configure a caching only name server as described in Lab 5. If you are doing this lab on your own computer, you must complete Lab 5 first.

Domain Information

  • You have registered the Internet Domain Name called "lux.on.ca".
  • You have assigned the following IP addresses and host names to your servers:
    • 142.204.141.71 to nad710 (FQDN: nad710.lux.on.ca)
    • 142.204.141.72 to spr720
    • 142.204.141.73 to lpt730
    • 142.204.141.74 to xwn740
    • 142.204.141.xx to ns
  • ns.lux.on.ca is your primary DNS server, replace xx with the actual IP
  • You have registered the Inverse Internet Domain "141.204.142.in-addr.arpa" for your 142.204.141.0/24 network

Create forward lookup zone data in /var/named/lux.db

$TTL 1D
@	IN SOA ns.lux.on.ca. root.ns.lux.on.ca. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
		NS	ns.lux.on.ca.
ns.lux.on.ca.	A	142.204.141.xx
nad710		A	142.204.141.71
spr720		A	142.204.141.72
lpt730		A	142.204.141.73
xwn740		A	142.204.141.74

You need to set the proper file ownership and permissions as well:

chown root.named /var/named/lux.db
chmod 640 /var/named/lux.db

Create reverse lookup zone data in /var/named/142.204.141.db

$TTL 1D
@	IN SOA	ns.lux.on.ca. root.ns.lux.on.ca. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ns.lux.on.ca.
xx	PTR	ns.lux.on.ca.
71	PTR	nad710.lux.on.ca.
72	PTR	spr720.lux.on.ca.
73	PTR	lpt730.lux.on.ca.
74	PTR	xwn740.lux.on.ca.

You need to set the proper file ownership and permissions as well:

chown root.named /var/named/142.204.141.db
chmod 640 /var/named/142.204.141.db

Add the zone definition to named.conf

Add the zone for "lux.on.ca" to /etc/named.conf

zone "lux.on.ca" IN {
          type master;
          file "lux.db";
};

Add the zone for "141.204.142.in-addr.arpa" to /etc/named.conf

zone "141.204.142.in-addr.arpa" IN {
          type master;
          file "142.204.141.db";
};

Configure the name server to act as an authoritative only name server

Set the following in the "options" section:

  • listen-on port 53 { any; };
  • allow-query { any; };
  • recursion no;

Add logging for queries

Add the following blue coloured lines to the main configuration file /etc/named.conf

logging {
       channel default_debug {
               file "data/named.run";
               severity dynamic;
       };
	channel my_queries_channel {
		file "queries/log.txt";
		severity info;
	};
	category queries {
		my_queries_channel;
	};
};

Excute the following command to create the directory and the log file for logging queries:

 mkdir /var/named/queries
 touch /var/named/queries/log.txt
 chown root:named /var/named/queries
 chown named:named /var/named/queries/log.txt
 chmod 770 /var/named/queries 
 chmod 644 /var/named/queries/log.txt

If you have SELinux enabled, you need to set the proper file context for the direcotry and the log file using the following two commands:

 chcon system_u:object_r:named_cache_t:s0 /var/named/queries
 chcon system_u:object_r:named_cache_t:s0 /var/named/queries/log.txt

The "ls -lZ" command lists the file context.

Start the Name Server

Use the following service command to start the Name Server daemon:

 service named start

If there is any error or warning when starting up the named daemon, you should see them show up in the system log file (/var/log/messages).

If iptables is running

Enter the following commands to open UDP and TCP port 53 for DNS queries from other computers:

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

Test your authoritative name server

You can perform the following tests on the name server machine or from other computers in the lab:

Tests using nslookup

  • start nslookup
  • set the server to point to your authoritative name server
  • turn on debug: set debug
  • query "ns.lux.on.ca" and record the output
  • query "cs.senecac.on.ca" and record the output
  • query 142.204.141.71 and record the output
  • query 142.204.1.2 and record the output
  • check the logging file (/var/named/queries/log.txt) to make sure that the logging function is configure properly.

Tests using the dig command

  • use the dig command with the appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
  • do the same for cs.senecac.on.ca
  • use the dig command with the appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
  • do the same for 142.204.1.2

Tests using the host command

  • use the host command with the -v and other appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
  • do the same for cs.senecac.on.ca
  • use the host command with the -v and other appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
  • do the same for 142.204.1.2

Configure your authoritative name server to perform resolving function

Modify the recursion option in the options statement to yes in the named.conf file:

 recursion yes;

Restart the name server daemon. Check the system log file to make sure that the name server daemon restarted successfully.

Test your authoritative and resolving name server

You can perform the following tests on your computer or from other computers in the lab:

Tests using nslookup

  • start nslookup
  • set the server to point to your name server
  • turn on debug: set debug
  • query "ns.lux.on.ca" and record the output
  • query "cs.senecac.on.ca" and record the output
  • turn off recursion: set norecurse
  • query "cs.senecac.on.ca" and record the output

Tests using the dig command

  • use the dig command with the appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
  • do the same for cs.senecac.on.ca
  • use the no recursion switch to lookup A record for cs.senecac.on.ca. Record the command and output
  • use the dig command with the appropriate options and arguments to lookup the PTR record for 142.204.141.71. Record the command and the output
  • do the same for 142.204.1.2
  • use the no recursion switch to lookup PTR record for 142.204.1.2. Record the command and output.

Tests using the host command

  • use the host command with the -v and other appropriate options and arguments to lookup the A record for ns.lux.on.ca. Record the command and the output
  • do the same for cs.senecac.on.ca

Completing the Lab

  • Review the query log file (/var/named/queries/log.txt)
  • Document and comment on your test results (including commands used and their corresponding outputs) in a text file (lab5a.txt)
  • Email the text file and the query log file to your professor before the study break.