Franske ITC-2480 DNS Lab: Difference between revisions
Jump to navigation
Jump to search
BenFranske (talk | contribs) |
BenFranske (talk | contribs) No edit summary |
||
| Line 4: | Line 4: | ||
== Prerequisites == | == Prerequisites == | ||
# Open an SSH console to your Linux system using the PuTTY software, login with your standard user account. | # Open an SSH console to your Linux system using the PuTTY software, login with your standard user account. | ||
# Make sure that | # Make sure that Webmin is installed on your system. | ||
== Install BIND & Enable Caching == | == Install BIND & Enable Caching == | ||
<ol> | |||
<li>First you will need to install BIND. BIND (Berkeley Internet Name Domain) is one of the available DNS server applications for Linux and the most well known and used nameserver on the Internet. To install it, use the package manager to install '''bind9'''. In order to use the '''nslookup''' and '''dig''' programs for DNS testing and troubleshooting you will also want to install the '''dnsutils''' package.</li> | |||
<li>Now we will need to enable DNS caching and forwarding on the BIND server. This will allow us to use it for DNS resolving locally, as well as speed up frequent DNS requests. To do this, open up ''/etc/bind/named.conf.options'' with your favorite text editor.</li> | |||
<li>You are now in the local options file for BIND. You will need to uncomment (remove the // from the front of) the following lines: | |||
<pre>// forwarders { | <pre>// forwarders { | ||
// 0.0.0.0; | // 0.0.0.0; | ||
// };</pre> | // };</pre> | ||
* Note that you will need to replace 0.0.0.0 with 172.17.139.10 for outside DNS lookups to function. | * Note that you will also need to replace 0.0.0.0 with 172.17.139.10 for outside DNS lookups to function correctly.</li> | ||
<li>The reason we setup a forwarder address is so that domain requests that are not on our system are passed to another DNS server instead of being searched against the root nameservers. You may want to do this in domain or enterprise environments as most large networks have internal domain names setup that only redirect inside of a local LAN. By using a forwarder, as long as the DNS server you push requests to is able to access those internal records, you will be able to access local content from internal domain names instead of needing to rely on IP addresses.</li> | |||
<li>To apply this change, you will need to restart the BIND server. to do this run '''service bind9 restart''' with administrative permissions.</li> | |||
<li>Next, we will need to change the DNS server set in ''/etc/network/interfaces'' so our network interface uses our local system for DNS lookups. To do this, open up your interfaces file with your favorite file editor, and change the dns server for the primary network interface to ''127.0.0.1''.</li> | |||
<li>The change to ''/etc/network/interfaces'' will take effect if you restart your system. To avoid doing that right now you can edit the ''/etc/resolv.conf'' file so that it has only one nameserver line like ''nameserver 127.0.0.1'' Note that unless you reboot the system it will eventually get reset back to it's prior setting by a background system process so at some point you will want to reboot your system to make the change permanent.</li> | |||
<li>To test if its working, run the command '''nslookup inverhills.edu'''. If BIND is working, you should now see the following output: | |||
<pre>Server: 127.0.0.1 | <pre>Server: 127.0.0.1 | ||
Address: 127.0.0.1#53 | Address: 127.0.0.1#53 | ||
| Line 23: | Line 24: | ||
Non-authoritative answer: | Non-authoritative answer: | ||
Name: inverhills.edu | Name: inverhills.edu | ||
Address: 134.29. | Address: 134.29.182.42 | ||
</pre> | </pre> | ||
* Notice how it shows it is using 127.0.0.1 as the server. If you do not see this, then your interface file or resolv.conf file is not set to use the local machine for DNS lookups. | * Notice how it shows it is using 127.0.0.1 as the server. If you do not see this, then your interface file or resolv.conf file is not set to use the local machine for DNS lookups. Note also that the IP address returned for this domain may vary from the one shown in the output above.</li> | ||
<li>Experiment using the '''dig''' utility to check DNS name resolution which can provide more detailed output than '''nslookup'''. Run ''dig inverhills.edu''' and see if you can find where the IP address for the domain is reported in the output as well as where the server IP address is reported in the output.</li> | |||
</ol> | |||
== Create a Domain using Webmin == | == Create a Domain using Webmin == | ||
<ol> | |||
<li>Now we are going to use Webmin to create a few different type of domain records and have our system serve as a DNS server for a domain. We will utilize A (Host), AAAA (IPv6 host), MX (Mail Exchange), and CNAME (Canonical Name) records.</li> | |||
# Now under the Servers tab, open up BIND DNS Server | <li>Open up your Webmin panel and sign in. Now that we have BIND installed, you will need to click the Refresh Modules option on the left sidebar to have Webmin recheck the system for installed packages and services so that it will show up as an option in the ''Servers'' tab.</li> | ||
# Now under the ''Servers'' tab, open up ''BIND DNS Server'', under ''Existing DNS Zones'' click ''Create master zone''. From here we will create a new domain name for our server to respond to DNS queries for.</li> | |||
<li>Use the following options, '''where * is replaced by your System ID''' that was defined in [[Franske ITC-2480 Lab 5|Lab 5]] (just the letter of your system, for example the domain name would be ''debserv-A.test'' if you had System ID "A"). | |||
<pre>Zone type: Forward (Names to Addresses) | <pre>Zone type: Forward (Names to Addresses) | ||
Domain name / Network: debserv-*.test | Domain name / Network: debserv-*.test | ||
Records file: Automatic | Records file: Automatic | ||
Master server: Leave as your hostname | Master server: Leave as your hostname | ||
Email address: root@debserv-*.test</pre> | Email address: root@debserv-*.test</pre></li> | ||
<li>Click the ''create'' button to add the domain. As this point you should now be on the ''Edit Master Zone'' page. From here you can add and edit domain records for this domain name.</li> | |||
<li>To create our ''A record'' which points your domain to an IP address, click the ''Address'' button. For the ''Name'' enter ''@''. The ''@'' symbol in DNS Zones defines the parent domain (alternatively you could re-enter the parent domain ''debserv-*.test.'' with the period at the end). In the ''address'' field enter your VM's static IP set in [[Franske ITC-2480 Lab 5|Lab 5]] and click ''Create''. Return to the main BIND DNS Server page. Click the ''Apply Configuration'' link in the top right corner.</li> | |||
<li> To test the record use '''nslookup''' or '''dig''' to lookup the domain you just created, which should be ''debserv-*.test'' by entering '''nslookup debserv-*.test''' or '''dig debserv-*.test''' (don't forget to replace the * with your System ID letter). | |||
* ''' | * If you have issues looking up the domain, make sure that the system is still using 127.0.0.1 as the DNS server. If not, check your ''/etc/resolv.conf'' file.</li> | ||
</ol> | |||
== Adding additional record types == | == Adding additional record types == | ||
# Now we are going to add a few more record types to our Domain. This will include a MX (Mail Exchange) and CNAME (Canonical Name) record. | # Now we are going to add a few more record types to our Domain. This will include a MX (Mail Exchange) and CNAME (Canonical Name) record. | ||
Revision as of 22:02, 23 February 2018
Introduction
Lab Procedure
Prerequisites
- Open an SSH console to your Linux system using the PuTTY software, login with your standard user account.
- Make sure that Webmin is installed on your system.
Install BIND & Enable Caching
- First you will need to install BIND. BIND (Berkeley Internet Name Domain) is one of the available DNS server applications for Linux and the most well known and used nameserver on the Internet. To install it, use the package manager to install bind9. In order to use the nslookup and dig programs for DNS testing and troubleshooting you will also want to install the dnsutils package.
- Now we will need to enable DNS caching and forwarding on the BIND server. This will allow us to use it for DNS resolving locally, as well as speed up frequent DNS requests. To do this, open up /etc/bind/named.conf.options with your favorite text editor.
- You are now in the local options file for BIND. You will need to uncomment (remove the // from the front of) the following lines:
// forwarders { // 0.0.0.0; // };- Note that you will also need to replace 0.0.0.0 with 172.17.139.10 for outside DNS lookups to function correctly.
- The reason we setup a forwarder address is so that domain requests that are not on our system are passed to another DNS server instead of being searched against the root nameservers. You may want to do this in domain or enterprise environments as most large networks have internal domain names setup that only redirect inside of a local LAN. By using a forwarder, as long as the DNS server you push requests to is able to access those internal records, you will be able to access local content from internal domain names instead of needing to rely on IP addresses.
- To apply this change, you will need to restart the BIND server. to do this run service bind9 restart with administrative permissions.
- Next, we will need to change the DNS server set in /etc/network/interfaces so our network interface uses our local system for DNS lookups. To do this, open up your interfaces file with your favorite file editor, and change the dns server for the primary network interface to 127.0.0.1.
- The change to /etc/network/interfaces will take effect if you restart your system. To avoid doing that right now you can edit the /etc/resolv.conf file so that it has only one nameserver line like nameserver 127.0.0.1 Note that unless you reboot the system it will eventually get reset back to it's prior setting by a background system process so at some point you will want to reboot your system to make the change permanent.
- To test if its working, run the command nslookup inverhills.edu. If BIND is working, you should now see the following output:
Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: inverhills.edu Address: 134.29.182.42
- Notice how it shows it is using 127.0.0.1 as the server. If you do not see this, then your interface file or resolv.conf file is not set to use the local machine for DNS lookups. Note also that the IP address returned for this domain may vary from the one shown in the output above.
- Experiment using the dig' utility to check DNS name resolution which can provide more detailed output than nslookup. Run dig inverhills.edu and see if you can find where the IP address for the domain is reported in the output as well as where the server IP address is reported in the output.
Create a Domain using Webmin
- Now we are going to use Webmin to create a few different type of domain records and have our system serve as a DNS server for a domain. We will utilize A (Host), AAAA (IPv6 host), MX (Mail Exchange), and CNAME (Canonical Name) records.
- Open up your Webmin panel and sign in. Now that we have BIND installed, you will need to click the Refresh Modules option on the left sidebar to have Webmin recheck the system for installed packages and services so that it will show up as an option in the Servers tab.
- Now under the Servers tab, open up BIND DNS Server, under Existing DNS Zones click Create master zone. From here we will create a new domain name for our server to respond to DNS queries for.
- Use the following options, where * is replaced by your System ID that was defined in Lab 5 (just the letter of your system, for example the domain name would be debserv-A.test if you had System ID "A").
Zone type: Forward (Names to Addresses) Domain name / Network: debserv-*.test Records file: Automatic Master server: Leave as your hostname Email address: root@debserv-*.test
- Click the create button to add the domain. As this point you should now be on the Edit Master Zone page. From here you can add and edit domain records for this domain name.
- To create our A record which points your domain to an IP address, click the Address button. For the Name enter @. The @ symbol in DNS Zones defines the parent domain (alternatively you could re-enter the parent domain debserv-*.test. with the period at the end). In the address field enter your VM's static IP set in Lab 5 and click Create. Return to the main BIND DNS Server page. Click the Apply Configuration link in the top right corner.
- To test the record use nslookup or dig to lookup the domain you just created, which should be debserv-*.test by entering nslookup debserv-*.test or dig debserv-*.test (don't forget to replace the * with your System ID letter).
- If you have issues looking up the domain, make sure that the system is still using 127.0.0.1 as the DNS server. If not, check your /etc/resolv.conf file.
Adding additional record types
- Now we are going to add a few more record types to our Domain. This will include a MX (Mail Exchange) and CNAME (Canonical Name) record.
- We will start with the MX record. MX records are used by email servers to look up where to forward email for a specific domain.
- So to create a MX record we will use Webmin again. In Webmin on the BIND DNS Server page, click the domain on the bottom named debserv-*.test and then click the Mail Server button. Under name, enter @ again, and for mail server enter mail.debserv-*.test. (with the final period). Now for Priority, enter 10. The Priority entry allows people to define more than 1 MX record for a domain, and the Priority defines which one should be used before the rest.
- Now go back to the domain zone overview page. Add an A record for mail.debserv-*.test which uses the IP of your system.
- Now go back to the domain zone overview page. We are now going to create a CNAME record. CNAME records are useful as they allow you to create virtual A records, but point them to a domain name instead of a host. This is most helpful in situations where you have a dynamic IP address on a system that always has a common DNS name.
- Now on the Edit Master Zone page for your domain, click the Name Alias button. For the Name, enter "blog" and for the Real Name, enter your domain "debserv-*.test." but remember to put a period at the end of the domain as this is an absolute name. Then press create to add the record.
- Now press the Apply Configuration option in the top right of the page again. This will apply the records you have created. Now back in putty, run "nslookup blog.debserv-*.test". You should get a response similar to:
Server: 127.0.0.1 Address: 127.0.0.1#53 blog.debserv-*.test canonical name = debserv-*.test. Name: debserv-*.test Address: 172.17.50.XXX
- Now we are going to create a virtual web host in apache that listens for the domain blog.debserv-*.test, and then forwards you directly to your blog folder.
- In Webmin under the servers tab, select Apache Webserver. Then on the top, click the Create virtual host button and use the following Configuration:
Handle Connections to Address: any address Port: 80 Document Root: /var/www/html/blog/ Server Name: blog.debserv-*.test Add virtual server to file: new file under virtual servers directory Copy directives from: nowhere
- When done, press Create Now. When you are back at the Apache Webserver page, then click Apply Changes in the top right.
- Now in a SSH session, open up your favorite command line web browser like w3m and visit blog.debserv-*.test. Notice how you are now visiting the blog directly, instead of your modified index.html file. This is because we setup a virtual host in apache that listens for requests directly from the CNAME we created.
- Congrats, at this point you have a basic domain working with a MX, CNAME, and A record.
Adding a AAAA record
- Now we are going to add an AAAA (IPv6 host) record to our domain. To do this, we will first need to make sure that IPv6 networking is setup in our virtual machine.
- In putty, using your favorite text editor, open up /etc/network/interfaces. We are going to enable IPv6 autoconfiguration to make sure that IPv6 is running on our VM. Add "iface eth0 inet6 auto" to the end if the eth0 configuration to do this if it's not already there. Your interface should now look similar to this:
auto eth0 iface eth0 inet static address 172.17.50.xxx netmask 255.255.255.0 gateway 172.17.50.1 dns-nameservers 127.0.0.1 iface eth0 inet6 auto
- Afterwords, restart the eth0 interface by using "ifdown eth0 && ifup eth0". Remember that you need to run both of these commands (hint there are two commands on this line) as root otherwise it will not work.
- Now use ifconfig to find your IPv6 address. Remember this as we will use it in webmin to create our AAAA record.
- Back in webmin, under servers and BIND DNS Server, select your debserv-*.test domain from the bottom and then click the IPv6 Address button. For the name, enter @ and for the address enter your IPv6 address WITHOUT the subnet prefix. It should look similar to this. 2607:f930:1c00:50:xxxx:xxxx:xxxx:xxxx
- When done press create. Remember to press the apply configuration button in the top right to make these changes applied. Now use nslookup to lookup your domain, and notice how you now have a IPv6 and IPv4 record for your domain.
- Congratulations, you have now setup a dual-stack DNS server for your debian server.
Adding a Delegated Domain
- Now we are going to add another domain to the system, but this domain is a delegated domain. Luckily we can add this to BIND the same way we added our first domain.
- So in Webmin, go to Servers, then BIND DNS Server. Then under Existing DNS Zones, Click on Create Master Zone and use the following settings:
Zone type: Forward (Names to Addresses) Domain name / Network: *.itc2480.campus.ihitc.net Records file: Automatic Master server: *.itc2480.campus.ihitc.net. Email address: root@ *.itc2480.campus.ihitc.net
- NOTE: the * stands for your hostname letter, the same as you used for the other domain we created.
- Now using webmin, create an A record for @ the same way as we did for the last domain. If you need help with this step, you can review the process we did earlier. Make sure to apply your changes after adding the record.
- Test that the record and delegation are working correctly. From your host computer try doing an nslookup on *.itc2480.campus.ihitc.net does the correct address come back?
- Create an MX record for the domain which directs mail for your delegated domain to your system as well.
- Test your setup using a web browser on your local computer, can you access your webserver by going to http://*.itc2480.campus.ihitc.net (where * is your hostname letter)?
- Create a CNAME record for the blog just like in the previous example and create a new Apache virtual server just like in the previous example as well
- Test your setup using a web browser on your local computer, can you access your blog directly by going to http://blog.*.itc2480.campus.ihitc.net (where * is your hostname letter)?
Manually editing a zone file
- Lastly we are going to look at the domain zone file. While webmin provides a nice interface to add records, all it is doing is manually adding our records to our zone file. When you use BIND for DNS, every domain created gets its own record file which is called the zone file. In this file all subdomains and records are stored for said domain.
- By default, the location for these records will be in /var/lib/bind, so cd into that folder and ls the contents.
- Now, with your favorite text editor, open up the file. It should look similar to this:
$ttl 38400 debserv-A.test. IN SOA VMHostname. root.debserv-A.test. ( 1395013947 10800 3600 604800 38400 ) debserv-A.test. IN NS VMHostname. debserv-A.test. IN A 172.17.50.XXX debserv-A.test. IN MX 1 172.17.50.XXX cname.debserv-A.test. IN CNAME debserv-A.test.
- Notice the formatting for domain records. Each record is defined by the domain or subdomain, IN, then the record type, followed by what the record is pointed to.
- For this example, we want to change the MX priority from 1 to 10, so change the MX record settings using your text editor.
- When you are done, restart the bind9 service to reload the changes. We will now use a new command, dig, to lookup the record to make sure the changes were applied correctly.
- Note: when restarting bind, if you have any errors restarting the service this normally means you have a typo in one of your zone files. If this is the case, go through the file again in a text editor to make sure you did not add anything extra.
- dig is a very powerful DNS tool that allows you to lookup specific records for DNS domains, as well as many other things such as PTR, or reverse records. For our reasons though, we will use it to lookup the edited MX record. To do this, run "dig MX debserv-*.test".
- Note: If you are having issues, add @127.0.0.1 to the end of the dig command to force dig to use the local DNS server.
- You should see the following response:
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> MX debserv-*.test @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59875 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;debserv-*.test. IN MX ;; ANSWER SECTION: debserv-*.test. 38400 IN MX 10 172.17.50.XXX.debserv-*.test. ;; AUTHORITY SECTION: debserv-*.test. 38400 IN NS VMHostname. ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 16 20:40:02 2014 ;; MSG SIZE rcvd: 78
- Notice how the Answer Section shows the MX record is pointed to the IP of the domain, and that the priority is set to 10.
- Congrats, you have now setup a functional DNS server.