Welcome!

RH253
Red Hat Network Services
and Security Administration
Objectives Day 12
 Understanding and Managing DNS Server
 Understanding DNS
 Server Configuration
 Creating Zones
 Creating Zone Resource Records
 Client Configuration
 Testing DNS
 Understanding and Managing DHCP Server
 Understanding DHCP Server
 Server Configuration
 Creating Leases and Reservation
 Client Configuration
 Using DHCP Server to obtain IP-Address

2
Understanding and Managing
DNS Server

3
What is DNS?
 DNS associates hostnames with their respective IP addresses, so that when users
want to connect to other machines on the network, they can refer to them by name,
without having to remember IP addresses.

 Use of DNS and FQDNs also has advantages for system administrators, allowing the
flexibility to change the IP address for a host without affecting name-based queries to
the machine. Conversely, administrators can shuffle which machines handle a name-
based query.

 DNS is normally implemented using centralized servers that are authoritative for
some domains and refer to other DNS servers for other domains.

 When a client host requests information from a nameserver, it usually connects to

port 53. The nameserver then attempts to resolve the FQDN based on its resolver
library, which may contain authoritative information about the host requested or
cached data from an earlier query. If the nameserver does not already have the
answer in its resolver library, it queries other nameservers, called root nameservers,
to determine which nameservers are authoritative for the FQDN in question. Then,
with that information, it queries the authoritative nameservers to determine the IP
address of the requested host. If a reverse lookup is performed, the same procedure
is used, except that the query is made with an unknown IP address rather than a 4
name.
Nameserver Zones
 On the Internet, the FQDN of a host can be broken down into different sections. These
sections are organized into a hierarchy (much like a tree), with a main trunk, primary
branches, secondary branches, and so forth. Consider the following FQDN:

 bob.example.com When looking at how an FQDN is resolved to find the IP address that
relates to a particular system, read the name from right to left, with each level of the
hierarchy divided by periods (.). In this example, com defines the top level domain
for this FQDN. The example is a sub-domain. The name furthest to the left, bob,
identifies a specific machine hostname.

 Except for the hostname, each section is called a zone, which defines a specific
namespace. A namespace controls the naming of the sub-domains to its left. FQDN
must contain at least one sub-domain but may include many more, depending upon
how the namespace is organized.

 Zones are defined on authoritative nameservers through the use of zone files (which
describe the namespace of that zone), the mail servers to be used for a particular
domain or sub-domain, and more. Zone files are stored on primary nameservers (also
called master nameservers), which are truly authoritative and where changes are
made to the files, and secondary nameservers (also called slave nameservers), which
receive their zone files from the primary nameservers. Any nameserver can be a
primary and secondary nameserver for different zones at the same time, and they may
also be considered authoritative for multiple zones. It all depends on how the
nameserver is configured. 5
Name Server Type:
 There are four primary nameserver configuration types:
 master
 Stores original and authoritative zone records for a namespace, and answers
queries about the namespace from other nameservers.
 slave
 Answers queries from other nameservers concerning namespaces for which it is
considered an authority. However, slave nameservers get their namespace
information from master nameservers.
 caching-only
 Offers name-to-IP resolution services, but is not authoritative for any zones.
Answers for all resolutions are cached in memory for a fixed period of time,
which is specified by the retrieved zone record.
 forwarding
 Forwards requests to a specific list of nameservers for name resolution. If none
of the specified nameservers can perform the resolution, the resolution fails.
A nameserver may be one or more of these types. For example, a nameserver can be a
master for some zones, a slave for others, and only offer forwarding resolutions for
others.

6
ZONE
 What is Zone?
 A zone is a part of the DNS database administered by a single name
server.
 Zone files contain information about a namespace and are stored in the
named working directory (/var/named/) by default. Each zone file is
named according to the file option data in the zone statement, usually in
a way that relates to the domain in question and identifies the file as
containing zone data, such as example.com.zone.
 Types of Zones
 Forward lookup [ Maps Host name to IP-Address ]
 Reverse lookup [ Maps IP-Address to Host name ]

7
Main Records Types

 A Record
 [ A Records map hostname to IP-Address ]
 PTR Record
 [ PTR Records map IP-Address to hostname ]
 CNAME Record
 [ CNAME Records map address alias ]
 MX Record
 [ MX Records map mail server for a domain ]

8
DNS Server Configuration

9
DNS Server Configuration Files
 /etc/named.conf (or /var/named/chroot/etc)
 [ Main Configuration File ]
 /var/named (or /var/named/chroot/var/named)
 [ Main Configuration Folder contains Zone Files ]

10
/etc/named.conf
acl Statement
The acl statement (or access control statement) defines groups of hosts which
can then be permitted or denied access to the nameserver.
An acl statement takes the following form:
acl <acl-name> {
<match-element>;
[<match-element>; ...]
};

11
/etc/named.conf
The following example defines two access control lists and uses an options
statement to define how they are treated by the nameserver:

acl black-hats
{ 10.0.2.0/24; 192.168.0.0/24; };
acl red-hats { 10.0.1.0/24; };

options {
blackhole { black-hats; };
allow-query { red-hats; };
allow-recursion { red-hats; };
}

This example contains two access control lists, black-hats and red-hats. Hosts in
the black-hats list are denied access to the nameserver, while hosts in the
red-hats list are given normal access.

12
Zone statement for the primary nameserver hosting example.com (192.168.0.1):
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
In the statement, the zone is identified as example.com, the type is set to master,
and the named service is instructed to read the /var/named/example.com.zone
file. It also tells named not to allow any other hosts to update.
The following is an example slave server zone statement for example.com zone:
zone "example.com" {
type slave;
file "example.com.zone";
masters { 192.168.0.1; };
};
This zone statement configures named on the slave server to query the master
server at the 192.168.0.1 IP address for information about the example.com zone.
The information that the slave server receives from the master server is saved to
the /var/named/example.com.zone file.

13
/etc/named.conf
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
allow-update { none; };
};

14
 /var/named/example.com.zone
$ORIGIN example.com.
$TTL 86400
@ IN SOA dns1.example.com. hostmaster.example.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
IN NS dns1.example.com.
IN NS dns2.example.com.
IN MX 10 mail.example.com.
IN MX 20 mail2.example.com.
dns1 IN A 10.0.1.1
dns2 IN A 10.0.1.2
server1 IN A 10.0.1.5
server2 IN A 10.0.1.6
ftp IN A 10.0.1.3
IN A 10.0.1.4
mail IN CNAME server1
mail2 IN CNAME server2
www IN CNAME server1
15
 Reverse Zone File
A reverse name resolution zone file is used to translate an IP address in a
particular namespace into an FQDN. It looks very similar to a standard zone
file, except that PTR resource records are used to link the IP addresses to a
fully qualified domain name.

$ORIGIN 1.0.10.in-addr.arpa.
$TTL 86400
@ IN SOA dns1.example.com. hostmaster.example.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
1 IN PTR dns1.example.com.
2 IN PTR dns2.example.com.
5 IN PTR server1.example.com.
6 IN PTR server2.example.com.
3 IN PTR ftp.example.com.
4 IN PTR ftp.example.com.

16
Other Configuration
 (do it only when not using under “chroot” environment)
 Comment out following line from /etc/sysconfig/named file
 #ROOTDIR=/var/named/chroot

 Change the ownership

chown root:named /etc/named.conf

chown root:named /var/named/example.com.zone

 Now start named service and also make it start permanent

 service named start
 chkconfig --level 345 named on

17
Caching only name server
 vi /etc/named.conf

options {

forwarders { 192.168.0.253 };

forward only;

};

18
DNS Client Configuration

19
DNS Client Configuration Files
 vi /etc/resolv.conf
 Contain the name of the domain to search and the nameserver
information.

 search example.com
 nameserver 192.168.0.1

20
DNS Client Configuration Files
 vi /etc/host.conf

 contain the order of search.
 order bind,hosts

21
Other Configuration Files
 vi /etc/hosts
 Contain the entry of the local machine for local lookups
 192.168.0.1 station1.example.com station1
192.168.0.2 station2.example.com station2
192.168.0.3 station3.example.com station3

22
Testing Configuration
 dig station1.example.com
 nslookup station1.example.com
 dig -x 192.168.0.1
 nslookup 192.168.0.1

23
Understanding and Managing
DHCP Server

24
What is DHCP Server?
• DHCP ( Dynamic Host Configuration Protocol ) protocol that allow a
client computer to get network configuration information from DHCP server

25
26
DHCP Server Configuration Files
 vi /etc/dhcpd.conf

subnet 192.168.0.0 netmask 255.255.255.0 {

option routers 192.168.0.1;
option domain-name “example.com”;
option domain-name-server 192.168.0.1;
range 192.168.0.10 192.168.0.50;
}
host station101 {
hardware ethernet 00:20:4A:40:1C:2D;
fixed-address 192.168.0.101;
}

27
ddns-update-style interim;
ignore client-updates;

subnet 10.0.0.0 netmask 255.0.0.0 {

option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
option subnet-mask 255.0.0.0;
option domain-name "networknuts.net";

range dynamic-bootp 10.0.0.150 10.0.0.225;

default-lease-time 21600;
max-lease-time 43200;
# Set name server to appear at a fixed address
host alokpc {
next-server ns1.networknuts.net;
hardware ethernet 00:D0:B3:79:B5:35;
fixed-address 10.0.0.1;
}
}
28
If you have multiple ranges of addresses on the same subnetwork,
you can add multiple range options to a subnet declaration. Here
is an example:

subnet 10.0.0.0 netmask 255.0.0.0 {

range 10.0.0.10 10.0.0.100;
range 10.0.0.200 10.0.0.250;
}

There are a few ways you can check that your DHCP server is
working:

/var/lib/dhcp/dhcpd.leases
29
By default, a DHCP server, which listens for requests on the
eth0 network card. Alternatively, to have a DHCP server listen
on the eth1 network interface, run the following command:

# service dhcpd start eth1

If these commands don't get a response, you probably haven't

created a /etc/dhcpd.conf configuration file.

You can watch the DHCP server in action. Stop the DHCP
server with the service dhcpd stop command. You can then
restart it in the foreground with the following command:

# /usr/sbin/dhcpd -d -f
30
DHCP for different subnets
 All subnets that share the same physical network should be declared within a shared-
network declaration. The name of the shared-network should be a descriptive title for
the network such as test-lab to describe all the subnets in a test lab environment.
shared-network name {
option domain-name “example.com";
option domain-name-servers ns1.example.com, ns2.example.com;
option routers 192.168.1.254;

subnet 192.168.1.0 netmask 255.255.255.0

{ parameters for subnet
range 192.168.1.1 192.168.1.31; }

subnet 192.168.1.32 netmask 255.255.255.0

{ parameters for subnet
range 192.168.1.33 192.168.1.63; }
}
31
DHCP for different subnets
 Group declaration can be used to apply global parameters to a group of
declarations. For example, shared networks, subnets, hosts, or other groups
can be grouped.
group {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-name "example.com";
option domain-name-servers 192.168.1.1;
option time-offset -18000;
.
.
}

32
DHCP Relay Agent
 The DHCP Relay Agent (dhcrelay) allows for the relay of DHCP and BOOTP
requests from a subnet with no DHCP server on it to one or more DHCP
servers on other subnets.

 When a DHCP client requests information, the DHCP Relay Agent forwards
the request to the list of DHCP servers specified when the DHCP Relay
Agent is started. When a DHCP server returns a reply, the reply is broadcast
or unicast on the network that sent the original request.

 The DHCP Relay Agent listens for DHCP requests on all interfaces unless
the interfaces are specified in /etc/sysconfig/dhcrelay with the
INTERFACES directive.

 To start the DHCP Relay Agent, use the command service dhcrelay start.

33
DHCP Related Service
 Temporary
service dhcpd start
 Permanent
chkconfig --level 345 dhcpd on

34
DHCP Client Configuration
netconfig / neat
[ To obtain IP-Address from DHCP Server ]
dhclient
[ For IP-Address from DHCP Server ]
dhclient -r
[ To release IP-Address from DHCP Server ]

35
 ?
Questions
What have we learnt ?
 Understanding and Managing DNS Server
 Understanding DNS
 Server Configuration
 Creating Zones
 Creating Zone Resource Records
 Client Configuration
 Testing DNS
 Understanding and Managing DHCP Server
 Understanding DHCP Server
 Server Configuration
 Creating Leases and Reservation
 Client Configuration
 Using DHCP Server to obtain IP-Address
Day 12 Complet e ! !!

?
Questions
Thank You !!!