View
220
Download
0
Category
Preview:
Citation preview
CIS 192B – Lesson 2
Domain Name
System
CIS 192B – Lesson 2
Types of Services
• Infrastructure– DHCP, DNS, NIS, AD, TIME
• Intranet– SSH, NFS, SAMBA
• Internet– MAIL, WEB, FTP, CUPS
CIS 192B – Lesson 2
Components of a Service
/
etc usr var
sysconfig init.d bin libsbin log
CIS 192B – Lesson 2
An OverviewCreated in 1983 from the work led by Paul MockapetrisImproves the deficiencies of the /etc/hosts fileDNS manages two databases (zones) Forward lookup zones: for mapping Domain names to IP addresses Reverse lookup zones: for mapping IP addresses to Domain namesThree components to DNS: Resolver The Server
Primary Secondary Caching
Database files (db.domain-name)Supports two type of queries: Recursive Iterative
Most popular implementation of DNS is Berkely Internet Name Daemon (BIND)Maintained by the Internet Software Consortium: www.isc.org
CIS 192B – Lesson 2
DNS Service Installation
• Package names: bind, caching-nameserver, [bind-chroot]
• Daemon name: /usr/sbin/named
• Startup script: /etc/rc.d/init.d/named startor service named start
• Database files: /var/named/named.ca IP address of root servers/var/named/db.in-addr.arpa reverse
lookups/var/named/db.domain-name forward
lookups
• Configuration files: /etc/named.conf/etc/resolv.conf/etc/nsswitch.conf
• To reload configuration files: rndc reload
CIS 192B – Lesson 2
Steps to Installation
1. Install software package using yum or rpm2. Customize service’s configuration file3. Modify the firewall to allow access to the
service4. Configure service to automatically start
when system boots5. Monitor and verify service is running6. Troubleshoot as necessary7. Monitor log files as appropriate8. Configure additional security
CIS 192B – Lesson 2
named.conf
CIS 192B – Lesson 2
SyntaxSections:
name {
directives ...
};
Address Match Lists:{ ! 172.30.4.125; 172.30.4/24; };
{ 172.30.4/24; 10.10/16; 127.0.0.1; };
Zones:zone “zone-name” {
type [master | slave]
file db.zone-name
};
CIS 192B – Lesson 2
Database Zone files$TTL 86400
; domain Zone Definition
@ IN SOA hostname.fqdn. root.fqdn. (
2012041700 ; serial number10800 ; refresh (sec) 1800 ; retry
1209600 ; expire 300 ) ; minimum
IN NS hostname.gqdn.
hostname IN A ip-address
alias IN CNAME hostname
CIS 192B – Lesson 2
Database Resource Records
• SOA Start of Authority• NS Nameserver• MX Mail hubs• A Address• CNAME Aliases• PTR Pointer (for reverse lookups)
CIS 192B – Lesson 2
Network Diagrams
CIS 192B – Lesson 2
Network Diagrams
CIS 192B – Lesson 2
Project Diagram 1
RoterRouter/Firewall
RoterRoterRoter
172.30.4.0/24
NoPar
Internet
192.168.X.0/24
DNSDHCPNFS
MailCUPSSSH
Server1 Server2 Client1
CIS 192B – Lesson 2
Project Diagram 2
RoterRouter/Firewall NoPar
172.30.4.0/24
192.168.X.0/24 192.168.Y.0/24
Roter Roter Roter Roter
Client Server NFS SSH DHCP
Server Mail DNS
Server HTTP FTP
Internet
CIS 192B – Lesson 2
Project Diagram 3
RoterRouter/Firewall NoPar
172.30.4.0/24
Internet
RoterRouter/FirewallRoterServer CUPS DNS
RoterServer1 DHCP NFS
RoterServer2 SSH DNS
Recommended