Open main menu

CDOT Wiki β

SRA840 Lab4

Revision as of 01:05, 12 April 2009 by Kliang10 (talk | contribs) (Kezhong Liang)

Milton Paiva Neto

1. What is the version number of the installed BIND package?

bind94-9.4.2.2

2. What is bind tool called "named-checkconf" use for?

To check the configuration file for syntax errors.

3. What are the names of all the other tools in the bind package?

/usr/bin/dig /usr/bin/host /usr/bin/nslookup /usr/bin/nsupdate

4. We have used the dig and nslookup bind utilities in this lab, what are the other two bind utilities and what are they for?

  • Package bind - Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

/etc/logrotate.d/named - log file /usr/sbin/dns-keygen /usr/sbin/dnssec-keygen /usr/sbin/dnssec-signzone /usr/sbin/lwresd /usr/sbin/named-bootconf /usr/sbin/named-checkconf /usr/sbin/named-checkzone /usr/sbin/named-compilezone /usr/sbin/rndc /usr/sbin/rndc-confgen

  • Package bind-chroot - A chroot runtime environment for the ISC BIND DNS server

5. What is the information provided by the "service named status" command?

version: 9.5.1-P2-RedHat-9.5.1-2.P2.fc10 number of zones: 19 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running named (pid 2113) is running...

6. Will the "version" statement in the "/etc/named.conf" file change the output of the "service named status" command?

No, it will not change.

7. The SOA resource record in a zone file contains 5 numbers, what is the usage of the last one?

This is how long a remote nameserver can cache negative responses about the zone, answers that say that a particular domain name or the type of data sought for a particular domain name doesn't exist.

8. Linux x BSD

The main difference between Bind on FreeBSD and Bind on Linux is the path of the files or how to start the server on boot time, but major things are the same. Like the content of the configuration files.

Gregory Masseau

Differences in DNS between freeBSD and Linux:

Really, there are very few differences that I can find, at least that are universal - the differences between the way bind is set up can vary just as widely between two distributions of Linux as they do between a given distribution and FreeBSD. The primary differences between any two free operating systems installations of bind tend to be in the default configuration and the location of some files, as well as perhaps a preference with regards to calling it 'bind9' or simply 'named' in paths and filenames.

The four main types of name server:

Master: A master (or primary) DNS is authoritative for at least some of the zone files it holds, and is generally the only sort of DNS server on which records can be added or removed from a zone. By definition, any valid hostname on the internet is stored in at least one master DNS server somewhere.

Slave: A slave (or secondary) DNS is one that is not authoritative for the zones it holds. Rather, it receives it's records from a DNS server one step up from itself in the DNS hierarchy, which may either be the master DNS for the records in question or be another slave DNS in between them in the DNS hierarchy. This is done because always querying the master server for a domain would add unnecessary load on the master DNS, as well as creating unnecessary latency for the client.

Caching: A caching DNS server could be viewed as a special case of a secondary DNS server. Rather than downloading a fixed set of entire zone files in the way a secondary DNS ordinarily would, a caching DNS starts with no records, but with knowledge of one or more DNS servers further up the DNS hierarchy. When a request is received, the caching server locates the record using one of these other servers it has been made aware of, and then stores that itself, so that further requests for resolution of the same name can be resolved from it's own local cache. This is useful for reducing bandwidth used for DNS traffic, as installing a local caching server can greatly reduce the need to repeatedly resolve the same names using an external resolver.

Forwarding: The forwarding DNS may seem like an unusual option at first - it stores no records, and instead only forwards requests to a series of other DNS servers of which it is aware. In most cases, it is not a terribly useful option. There are a small number of cases, however, where it can be useful, such as where the local DNS server does not support recursion but a remote, forwarding DNS server does - in this case, using the forwarding DNS server can reduce the ammount of traffic across the network.

Nestor CHAN

Differences I think the most difference of DNS between Linux and BSD is the path. Linus's named path is /var/named/ when FreeBSD uses /var/named/etc/named/. And the start up binary files are also stored in /etc/sbin/named

Actually, there are not much different of name server between linux and BSD. Since BIND is an open source package, and linux and BSD are using it. The way to configure name server are the same too. Althought Linux and BSD save config files in different location since they have different file structure.


The four main types of name server:

Master: The master name server should be the main name server in the local network. It has the top authority in all other name servers.

Slave: Slave name servers sometime act as a secondary name server. One local network or WAN can have more than one slave name server. It has less control than Master name server but more control than forward and caching name servers.

Caching: Cache name server dose not have much power in the network. It basically update the table instead. It is widely used in small subnet to obtain better performance.

Fowarding: Fowarding server dose not store any record. It would be useful in a big network.

Kezhong Liang

1. What is the version number of the installed BIND package? Answer:

  9.5.0-P2(Fedora10)
  9.4.2.2(FreeBSD7.1)

2. What is bind tool called "named-checkconf" use for? Answer:

  "named-checkconf" checks the syntax, but not the semantics, of a named configuration file.

3. What is bind tool called "named-checkzone" use for? Answer:

 "named-checkzone" checks the syntax and integrity of a zone file. It
      performs the same checks as named does when loading a zone. This makes
      named-checkzone useful for checking zone files before configuring them
      into a name server.

4. What are the names of all the other tools in the bind package? Answer: (Fedora10)

 /usr/sbin/dns-keygen
 /usr/sbin/dnssec-keygen
 /usr/sbin/dnssec-signzone
 /usr/sbin/lwresd
 /usr/sbin/named
 /usr/sbin/named-bootconf
 /usr/sbin/named-checkconf
 /usr/sbin/named-checkzone
 /usr/sbin/named-compilezone
 /usr/sbin/rndc
 /usr/sbin/rndc-confgen

(FreeBSD7)

 /usr/bin/dig
 /usr/bin/host
 /usr/bin/nslookup
 /usr/bin/nsupdate

5. We have used the dig and nslookup bind utilities in this lab, what are the other two bind utilities and what are they for? Answer: The other two bind utilities are “host” and “nsupdate”. /usr/bin/host

      "host" is a simple utility for performing DNS lookups. It is normally
      used to convert names to IP addresses and vice versa.

/usr/bin/nsupdate

      "nsupdate" is used to submit Dynamic DNS Update requests as defined in
      RFC2136 to a name server. This allows resource records to be added or
      removed from a zone without manually editing the zone file. A single
      update request can contain requests to add or remove more than one
      resource record.

6. What is the information provided by the "service named status" command? Answer: version: 9.5.0-P2 number of zones: 15 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running named (pid 3166) is running...

7. Will the "version" statement in the "/etc/named.conf" file change the output of the "service named status" command? Answer: Yes. It will change the version line to "version: 9.5.0-P2 (version.bind/txt/ch disabled)".

8. The SOA resource record in a zone file contains 5 numbers, what is the usage of the last one? Answer: It is used for "default TTL". When the TTL is not declared, this number will replace it.

Mohak Vyas

Q: What version of BIND are we using in the lab ?

A: 9.5.0-P2

Q: Name two new features in BIND9 that are not in BIND8.

A:

  • With BIND 9.x, you can sign your domain zones as well as sign DNS requests to allow even more strict query and zone access rules.
  • Although BIND 8.x servers can host domain zones that contain IPv6 addresses, it could not listen nor respond to queries transported using IPv6. BIND 9.x now be setup to listen to and respond over IPv6-only, IPv4-only, or a combination of IPv4 and IPv6. BIND 9.x also supports some additional IPv6-specific record data.

Q: How many root servers are there ?

A: 13

Q: Name 5 top-level domains.

A:

  • .com
  • .gov
  • .edu
  • .info
  • .org

Q: What is meant by the term "Negative Cache".

A: Classical DNS caching stores only the results of successful name resolutions. It is also possible for DNS servers to cache the results of unsuccessful name resolution attempts; this is called negative caching.

Q: What is the purpose of the "dig" command? Give an example of its use.

A: "dig" is a DNS lookup utility. It is a flexible tool for interrogating DNS name servers.

e.g.

[root@localhost ~]# dig @192.168.2.16 ns.lux.on.ca
; <<>> DiG 9.5.0-P2 <<>> @192.168.2.16 ns.lux.on.ca
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57822
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ns.lux.on.ca.			IN	A
;; ANSWER SECTION:
ns.lux.on.ca.		86400	IN	A	142.204.141.75
;; AUTHORITY SECTION:
lux.on.ca.		86400	IN	NS	ns.lux.on.ca.lux.on.ca.
;; Query time: 9 msec
;; SERVER: 192.168.2.16#53(192.168.2.16) 
;; WHEN: Sun Oct 26 23:34:19 2008
;; MSG SIZE  rcvd: 73

Q: What is the purpose of the "host" command ? Give an example of its use.

A: Host is a simple tool to perform DNS lookups. e.g.

[root@localhost ~]# host -v ns.lux.on.ca 192.168.2.16
Trying "ns.lux.on.ca"
Using domain server:
Name: 192.168.2.16
Address: 192.168.2.16#53
Aliases: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3584
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.lux.on.ca.                  IN      A
;; ANSWER SECTION:
ns.lux.on.ca.           86400   IN      A       142.204.141.75
;; AUTHORITY SECTION:
lux.on.ca.              86400   IN      NS      ns.lux.on.ca.lux.on.ca.
Received 73 bytes from 192.168.2.16#53 in 5 ms
Trying "ns.lux.on.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56036
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.lux.on.ca.                  IN      AAAA
;; AUTHORITY SECTION:
lux.on.ca.              10800   IN      SOA     ns.lux.on.ca. root.ns.lux.on.ca. 0 86400 3600 604800 10800
Received 71 bytes from 192.168.2.16#53 in 4 ms
Trying "ns.lux.on.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15611
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.lux.on.ca.                  IN      MX
;; AUTHORITY SECTION:
lux.on.ca.              10800   IN      SOA     ns.lux.on.ca. root.ns.lux.on.ca. 0 86400 3600 604800 10800
Received 71 bytes from 192.168.2.16#53 in 17 ms

Q: What is the purpose of the "nslookup" command ? Give an example of its use.

A: "nslookup" is a program to query Internet Domain Name servers. e.g.

[root@localhost ~]# nslookup
> server 192.168.2.16
Default server: 192.168.2.16
Address: 192.168.2.16#53
> set debug
> ns.lux.on.ca
Server:		192.168.2.16
Address:	192.168.2.16#53
------------
QUESTIONS:
ns.lux.on.ca, type = A, class = IN
ANSWERS:
->  ns.lux.on.ca
internet address = 142.204.141.75
AUTHORITY RECORDS:
->  lux.on.ca
nameserver = ns.lux.on.ca.lux.on.ca.
ADDITIONAL RECORDS:
------------
Name:	ns.lux.on.ca
Address: 142.204.141.75
>

Q: What port does DNS use ? A: 53

Varinder Singh

Configuration file Location


Fedora                                                  FreeBSD

/etc/named.conf                                     /etc/namedb/named.conf

/var/named/chroot/etc/                               /var/chroot/named/


Bind Service Location and start

chkconfig named on                                  edit /etc/rc.conf

/etc/rc.d/init.d/                                   named_enable="YES"

service named start                                 /etc/rc.d/named start

Stealth Name Server: A stealth server is defined as being a name server which does not appear in any publicly visible NS Record for the domain. The stealth server is normally used in a configuration called Split Severs which can be roughly defined as having the following characteristics:

1.The organisation needs a public DNS to enable access to its public services e.g. web, mail ftp etc.. 2.The organisation does not want the world to see any of its internal hosts either by interrogation (query or zone transfer) or should the DNS service be compromised.

Configuration file for slave server, Caching only Name server and Authoritative only Name Server // Slaver server configuration file zone "varinder.net" {

   type slave;
   file "slave/varinder.net";
   allow-transfer { localhost; };
   allow-update { key rndc-key};

}; // Caching only Name server configuration file zone "." {

   type hint;
   file "cache/varinder.net";
   };

// options section for Authoritative Name Server // recursion no = limits caching options {

       directory "/var/named";
       version "not currently available";
       recursion no;

};