Changes

Jump to: navigation, search

SRA840 Lab4

10,893 bytes added, 23:41, 16 July 2012
no edit summary
===Gregory Milton Paiva Neto=== 1. What is the version number of the installed BIND package? ''bind94-9.4.2.2'' 2. What is bind tool called "named-checkconf" use for? To check the configuration file for syntax errors. 3. What are the names of all the other tools in the bind package? /usr/bin/dig/usr/bin/host/usr/bin/nslookup/usr/bin/nsupdate 4. We have used the dig and nslookup bind utilities in this lab, what are the other two bind utilities and what are they for? * Package bind - Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server  /etc/logrotate.d/named - log file/usr/sbin/dns-keygen /usr/sbin/dnssec-keygen /usr/sbin/dnssec-signzone /usr/sbin/lwresd /usr/sbin/named-bootconf /usr/sbin/named-checkconf /usr/sbin/named-checkzone /usr/sbin/named-compilezone /usr/sbin/rndc /usr/sbin/rndc-confgen  * Package bind-chroot - A chroot runtime environment for the ISC BIND DNS server  5. What is the information provided by the "service named status" command? version: 9.5.1-P2-RedHat-9.5.1-2.P2.fc10number of zones: 19debug level: 0xfers running: 0xfers deferred: 0soa queries in progress: 0query logging is ONrecursive clients: 0/0/1000tcp clients: 0/100server is up and runningnamed (pid 2113) is running... 6. Will the "version" statement in the "/etc/named.conf" file change the output of the "service named status" command? No, it will not change. 7. The SOA resource record in a zone file contains 5 numbers, what is the usage of the last one?  This is how long a remote nameserver can cache negative responses about the zone, answers that say that a particular domain name or the type of data sought for a particular domain name doesn't exist. 8. Linux x BSD The main difference between Bind on FreeBSD and Bind on Linux is the path of the files or how to start the server on boot time, but major things are the same. Like the content of the configuration files. ===Katherine Masseau===
Differences in DNS between freeBSD and Linux:
The forwarding DNS may seem like an unusual option at first - it stores no records, and instead only forwards requests to a series of other DNS servers of which it is aware. In most cases, it is not a terribly useful option. There are a small number of cases, however, where it can be useful, such as where the local DNS server does not support recursion but a remote, forwarding DNS server does - in this case, using the forwarding DNS server can reduce the ammount of traffic across the network.
===Nestor CHAN===
===Nestor CHAN==='''Differences'''I think the most difference of DNS between Linux and BSD is the path. Linus's named path is /var/named/ when FreeBSD uses /var/named/etc/named/. And the start up binary files are also stored in /etc/sbin/named Actually, there are not much different of name server between linux and BSD. Since BIND is an open source package, and linux and BSD are using it. The way to configure name server are the same too. Althought Linux and BSD save config files in different location since they have different file structure.
Differences
There are not much different '''The four main types of name server between linux and BSD. Since BIND is an open source package, and linux and BSD are using it. The way to configure name server are the same too. Althought Linux and BSD save config files in different location since they have different file structure.:'''
The four main types of name server:'''Master''':
The master name server should be the main name server in the local network. It has the top authority in all other name servers.
'''Slave''':
Slave name servers sometime act as a secondary name server. One local network or WAN can have more than one slave name server. It has less control than Master name server but more control than forward and caching name servers.
'''Caching''':
Cache name server dose not have much power in the network. It basically update the table instead. It is widely used in small subnet to obtain better performance.
'''Fowarding''':
Fowarding server dose not store any record. It would be useful in a big network.
 
===Kezhong Liang===
1. What is the version number of the installed BIND package?
Answer:
9.5.0-P2(Fedora10)
9.4.2.2(FreeBSD7.1)
 
2. What is bind tool called "named-checkconf" use for?
Answer:
"named-checkconf" checks the syntax, but not the semantics, of a named configuration file.
 
3. What is bind tool called "named-checkzone" use for?
Answer:
"named-checkzone" checks the syntax and integrity of a zone file. It
performs the same checks as named does when loading a zone. This makes
named-checkzone useful for checking zone files before configuring them
into a name server.
 
4. What are the names of all the other tools in the bind package?
Answer:
 
(Fedora10)
/usr/sbin/dns-keygen
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-signzone
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-bootconf
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/rndc
/usr/sbin/rndc-confgen
 
(FreeBSD7)
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
 
5. We have used the dig and nslookup bind utilities in this lab, what are the other two bind utilities and what are they for?
Answer:
The other two bind utilities are “host” and “nsupdate”.
/usr/bin/host
"host" is a simple utility for performing DNS lookups. It is normally
used to convert names to IP addresses and vice versa.
/usr/bin/nsupdate
"nsupdate" is used to submit Dynamic DNS Update requests as defined in
RFC2136 to a name server. This allows resource records to be added or
removed from a zone without manually editing the zone file. A single
update request can contain requests to add or remove more than one
resource record.
 
6. What is the information provided by the "service named status" command?
Answer:
version: 9.5.0-P2
number of zones: 15
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 3166) is running...
 
7. Will the "version" statement in the "/etc/named.conf" file change the output of the "service named status" command?
Answer:
Yes.
It will change the version line to "version: 9.5.0-P2 (version.bind/txt/ch disabled)".
 
8. The SOA resource record in a zone file contains 5 numbers, what is the usage of the last one?
Answer:
It is used for "default TTL". When the TTL is not declared, this number will replace it.
 
===Mohak Vyas===
 
Q: What version of BIND are we using in the lab ?
 
A: 9.5.0-P2
 
Q: Name two new features in BIND9 that are not in BIND8.
 
A:
* With BIND 9.x, you can sign your domain zones as well as sign DNS requests to allow even more strict query and zone access rules.
* Although BIND 8.x servers can host domain zones that contain IPv6 addresses, it could not listen nor respond to queries transported using IPv6. BIND 9.x now be setup to listen to and respond over IPv6-only, IPv4-only, or a combination of IPv4 and IPv6. BIND 9.x also supports some additional IPv6-specific record data.
 
Q: How many root servers are there ?
 
A: 13
 
Q: Name 5 top-level domains.
 
A:
*.com
*.gov
*.edu
*.info
*.org
 
Q: What is meant by the term "Negative Cache".
 
A: Classical DNS caching stores only the results of successful name resolutions. It is also possible for DNS servers to cache the results of unsuccessful name resolution attempts; this is called negative caching.
 
Q: What is the purpose of the "dig" command? Give an example of its use.
 
A: "dig" is a DNS lookup utility. It is a flexible tool for interrogating DNS name servers.
 
e.g.
[root@localhost ~]# dig @192.168.2.16 ns.lux.on.ca
; <<>> DiG 9.5.0-P2 <<>> @192.168.2.16 ns.lux.on.ca
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57822
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns.lux.on.ca. IN A
;; ANSWER SECTION:
ns.lux.on.ca. 86400 IN A 142.204.141.75
;; AUTHORITY SECTION:
lux.on.ca. 86400 IN NS ns.lux.on.ca.lux.on.ca.
;; Query time: 9 msec
;; SERVER: 192.168.2.16#53(192.168.2.16)
;; WHEN: Sun Oct 26 23:34:19 2008
;; MSG SIZE rcvd: 73
 
Q: What is the purpose of the "host" command ? Give an example of its use.
 
A: Host is a simple tool to perform DNS lookups.
e.g.
[root@localhost ~]# host -v ns.lux.on.ca 192.168.2.16
Trying "ns.lux.on.ca"
Using domain server:
Name: 192.168.2.16
Address: 192.168.2.16#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3584
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.lux.on.ca. IN A
;; ANSWER SECTION:
ns.lux.on.ca. 86400 IN A 142.204.141.75
;; AUTHORITY SECTION:
lux.on.ca. 86400 IN NS ns.lux.on.ca.lux.on.ca.
Received 73 bytes from 192.168.2.16#53 in 5 ms
Trying "ns.lux.on.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56036
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.lux.on.ca. IN AAAA
;; AUTHORITY SECTION:
lux.on.ca. 10800 IN SOA ns.lux.on.ca. root.ns.lux.on.ca. 0 86400 3600 604800 10800
Received 71 bytes from 192.168.2.16#53 in 4 ms
Trying "ns.lux.on.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15611
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.lux.on.ca. IN MX
;; AUTHORITY SECTION:
lux.on.ca. 10800 IN SOA ns.lux.on.ca. root.ns.lux.on.ca. 0 86400 3600 604800 10800
Received 71 bytes from 192.168.2.16#53 in 17 ms
 
Q: What is the purpose of the "nslookup" command ? Give an example of its use.
 
A: "nslookup" is a program to query Internet Domain Name servers.
e.g.
[root@localhost ~]# nslookup
> server 192.168.2.16
Default server: 192.168.2.16
Address: 192.168.2.16#53
> set debug
> ns.lux.on.ca
Server: 192.168.2.16
Address: 192.168.2.16#53
------------
QUESTIONS:
ns.lux.on.ca, type = A, class = IN
ANSWERS:
-> ns.lux.on.ca
internet address = 142.204.141.75
AUTHORITY RECORDS:
-> lux.on.ca
nameserver = ns.lux.on.ca.lux.on.ca.
ADDITIONAL RECORDS:
------------
Name: ns.lux.on.ca
Address: 142.204.141.75
>
 
Q: What port does DNS use ?
A: 53
 
==Varinder Singh==
 
'''Configuration file Location'''
<pre>
 
Fedora FreeBSD
 
/etc/named.conf /etc/namedb/named.conf
 
/var/named/chroot/etc/ /var/chroot/named/
 
 
Bind Service Location and start
 
chkconfig named on edit /etc/rc.conf
 
/etc/rc.d/init.d/ named_enable="YES"
 
service named start /etc/rc.d/named start
</pre>
 
'''Stealth Name Server:'''
A stealth server is defined as being a name server which does not appear in any publicly visible NS Record for the domain. The stealth server is normally used in a configuration called Split Severs which can be roughly defined as having the following characteristics:
 
1.The organisation needs a public DNS to enable access to its public services e.g. web, mail ftp etc..
2.The organisation does not want the world to see any of its internal hosts either by interrogation (query or zone transfer) or should the DNS service be compromised.
 
'''Configuration file for slave server, Caching only Name server and Authoritative only Name Server'''
// Slaver server configuration file
zone "varinder.net" {
type slave;
file "slave/varinder.net";
allow-transfer { localhost; };
allow-update { key rndc-key};
};
// Caching only Name server configuration file
zone "." {
type hint;
file "cache/varinder.net";
};
// options section for Authoritative Name Server
// recursion no = limits caching
options {
directory "/var/named";
version "not currently available";
recursion no;
};
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/23398...86002"

Navigation menu