Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
RH253
Red Hat Network Services
and Security Administration
Objectives Day 12
Understanding and Managing DNS Server
Understanding DNS
Server Configuration
Creating Zones
Creating Zone Resource Records
Client Configuration
Testing DNS
Understanding and Managing DHCP Server
Understanding DHCP Server
Server Configuration
Creating Leases and Reservation
Client Configuration
Using DHCP Server to obtain IP-Address
2
Understanding and Managing
DNS Server
3
What is DNS?
DNS associates hostnames with their respective IP addresses, so that when users
want to connect to other machines on the network, they can refer to them by name,
without having to remember IP addresses.
Use of DNS and FQDNs also has advantages for system administrators, allowing the
flexibility to change the IP address for a host without affecting name-based queries to
the machine. Conversely, administrators can shuffle which machines handle a name-
based query.
DNS is normally implemented using centralized servers that are authoritative for
some domains and refer to other DNS servers for other domains.
bob.example.com When looking at how an FQDN is resolved to find the IP address that
relates to a particular system, read the name from right to left, with each level of the
hierarchy divided by periods (.). In this example, com defines the top level domain
for this FQDN. The example is a sub-domain. The name furthest to the left, bob,
identifies a specific machine hostname.
Except for the hostname, each section is called a zone, which defines a specific
namespace. A namespace controls the naming of the sub-domains to its left. FQDN
must contain at least one sub-domain but may include many more, depending upon
how the namespace is organized.
Zones are defined on authoritative nameservers through the use of zone files (which
describe the namespace of that zone), the mail servers to be used for a particular
domain or sub-domain, and more. Zone files are stored on primary nameservers (also
called master nameservers), which are truly authoritative and where changes are
made to the files, and secondary nameservers (also called slave nameservers), which
receive their zone files from the primary nameservers. Any nameserver can be a
primary and secondary nameserver for different zones at the same time, and they may
also be considered authoritative for multiple zones. It all depends on how the
nameserver is configured. 5
Name Server Type:
There are four primary nameserver configuration types:
master
Stores original and authoritative zone records for a namespace, and answers
queries about the namespace from other nameservers.
slave
Answers queries from other nameservers concerning namespaces for which it is
considered an authority. However, slave nameservers get their namespace
information from master nameservers.
caching-only
Offers name-to-IP resolution services, but is not authoritative for any zones.
Answers for all resolutions are cached in memory for a fixed period of time,
which is specified by the retrieved zone record.
forwarding
Forwards requests to a specific list of nameservers for name resolution. If none
of the specified nameservers can perform the resolution, the resolution fails.
A nameserver may be one or more of these types. For example, a nameserver can be a
master for some zones, a slave for others, and only offer forwarding resolutions for
others.
6
ZONE
What is Zone?
A zone is a part of the DNS database administered by a single name
server.
Zone files contain information about a namespace and are stored in the
named working directory (/var/named/) by default. Each zone file is
named according to the file option data in the zone statement, usually in
a way that relates to the domain in question and identifies the file as
containing zone data, such as example.com.zone.
Types of Zones
Forward lookup [ Maps Host name to IP-Address ]
Reverse lookup [ Maps IP-Address to Host name ]
7
Main Records Types
A Record
[ A Records map hostname to IP-Address ]
PTR Record
[ PTR Records map IP-Address to hostname ]
CNAME Record
[ CNAME Records map address alias ]
MX Record
[ MX Records map mail server for a domain ]
8
DNS Server Configuration
9
DNS Server Configuration Files
/etc/named.conf (or /var/named/chroot/etc)
[ Main Configuration File ]
/var/named (or /var/named/chroot/var/named)
[ Main Configuration Folder contains Zone Files ]
10
/etc/named.conf
acl Statement
The acl statement (or access control statement) defines groups of hosts which
can then be permitted or denied access to the nameserver.
An acl statement takes the following form:
acl <acl-name> {
<match-element>;
[<match-element>; ...]
};
11
/etc/named.conf
The following example defines two access control lists and uses an options
statement to define how they are treated by the nameserver:
acl black-hats
{ 10.0.2.0/24; 192.168.0.0/24; };
acl red-hats { 10.0.1.0/24; };
options {
blackhole { black-hats; };
allow-query { red-hats; };
allow-recursion { red-hats; };
}
This example contains two access control lists, black-hats and red-hats. Hosts in
the black-hats list are denied access to the nameserver, while hosts in the
red-hats list are given normal access.
12
Zone statement for the primary nameserver hosting example.com (192.168.0.1):
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
In the statement, the zone is identified as example.com, the type is set to master,
and the named service is instructed to read the /var/named/example.com.zone
file. It also tells named not to allow any other hosts to update.
The following is an example slave server zone statement for example.com zone:
zone "example.com" {
type slave;
file "example.com.zone";
masters { 192.168.0.1; };
};
This zone statement configures named on the slave server to query the master
server at the 192.168.0.1 IP address for information about the example.com zone.
The information that the slave server receives from the master server is saved to
the /var/named/example.com.zone file.
13
/etc/named.conf
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
allow-update { none; };
};
14
/var/named/example.com.zone
$ORIGIN example.com.
$TTL 86400
@ IN SOA dns1.example.com. hostmaster.example.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
IN NS dns1.example.com.
IN NS dns2.example.com.
IN MX 10 mail.example.com.
IN MX 20 mail2.example.com.
dns1 IN A 10.0.1.1
dns2 IN A 10.0.1.2
server1 IN A 10.0.1.5
server2 IN A 10.0.1.6
ftp IN A 10.0.1.3
IN A 10.0.1.4
mail IN CNAME server1
mail2 IN CNAME server2
www IN CNAME server1
15
Reverse Zone File
A reverse name resolution zone file is used to translate an IP address in a
particular namespace into an FQDN. It looks very similar to a standard zone
file, except that PTR resource records are used to link the IP addresses to a
fully qualified domain name.
$ORIGIN 1.0.10.in-addr.arpa.
$TTL 86400
@ IN SOA dns1.example.com. hostmaster.example.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
1 IN PTR dns1.example.com.
2 IN PTR dns2.example.com.
5 IN PTR server1.example.com.
6 IN PTR server2.example.com.
3 IN PTR ftp.example.com.
4 IN PTR ftp.example.com.
16
Other Configuration
(do it only when not using under “chroot” environment)
Comment out following line from /etc/sysconfig/named file
#ROOTDIR=/var/named/chroot
17
Caching only name server
vi /etc/named.conf
options {
forwarders { 192.168.0.253 };
forward only;
};
18
DNS Client Configuration
19
DNS Client Configuration Files
vi /etc/resolv.conf
Contain the name of the domain to search and the nameserver
information.
search example.com
nameserver 192.168.0.1
20
DNS Client Configuration Files
vi /etc/host.conf
contain the order of search.
order bind,hosts
21
Other Configuration Files
vi /etc/hosts
Contain the entry of the local machine for local lookups
192.168.0.1 station1.example.com station1
192.168.0.2 station2.example.com station2
192.168.0.3 station3.example.com station3
22
Testing Configuration
dig station1.example.com
nslookup station1.example.com
dig -x 192.168.0.1
nslookup 192.168.0.1
23
Understanding and Managing
DHCP Server
24
What is DHCP Server?
• DHCP ( Dynamic Host Configuration Protocol ) protocol that allow a
client computer to get network configuration information from DHCP server
25
26
DHCP Server Configuration Files
vi /etc/dhcpd.conf
27
ddns-update-style interim;
ignore client-updates;
There are a few ways you can check that your DHCP server is
working:
/var/lib/dhcp/dhcpd.leases
29
By default, a DHCP server, which listens for requests on the
eth0 network card. Alternatively, to have a DHCP server listen
on the eth1 network interface, run the following command:
You can watch the DHCP server in action. Stop the DHCP
server with the service dhcpd stop command. You can then
restart it in the foreground with the following command:
# /usr/sbin/dhcpd -d -f
30
DHCP for different subnets
All subnets that share the same physical network should be declared within a shared-
network declaration. The name of the shared-network should be a descriptive title for
the network such as test-lab to describe all the subnets in a test lab environment.
shared-network name {
option domain-name “example.com";
option domain-name-servers ns1.example.com, ns2.example.com;
option routers 192.168.1.254;
32
DHCP Relay Agent
The DHCP Relay Agent (dhcrelay) allows for the relay of DHCP and BOOTP
requests from a subnet with no DHCP server on it to one or more DHCP
servers on other subnets.
When a DHCP client requests information, the DHCP Relay Agent forwards
the request to the list of DHCP servers specified when the DHCP Relay
Agent is started. When a DHCP server returns a reply, the reply is broadcast
or unicast on the network that sent the original request.
The DHCP Relay Agent listens for DHCP requests on all interfaces unless
the interfaces are specified in /etc/sysconfig/dhcrelay with the
INTERFACES directive.
To start the DHCP Relay Agent, use the command service dhcrelay start.
33
DHCP Related Service
Temporary
service dhcpd start
Permanent
chkconfig --level 345 dhcpd on
34
DHCP Client Configuration
netconfig / neat
[ To obtain IP-Address from DHCP Server ]
dhclient
[ For IP-Address from DHCP Server ]
dhclient -r
[ To release IP-Address from DHCP Server ]
35
?
Questions
What have we learnt ?
Understanding and Managing DNS Server
Understanding DNS
Server Configuration
Creating Zones
Creating Zone Resource Records
Client Configuration
Testing DNS
Understanding and Managing DHCP Server
Understanding DHCP Server
Server Configuration
Creating Leases and Reservation
Client Configuration
Using DHCP Server to obtain IP-Address
Day 12 Complet e ! !!
?
Questions
Thank You !!!