4
Lab Exercise 3 – Authoritative Server Created: 23 Aug 2013 Version 3.0 Updated: 27 Aug 2014 Page 1 of 4 Lab Exercise 3 – Authoritative DNS Servers Objectives: Participants should be able to configure primary and secondary name server for a given domain name and do a zone transfer between them. This should include creating, modifying, deleting RRs and incrementing Primary name server serial number. Each participant name servers should be visible from other name servers since we will use the lab root and GTLD server. A custom lab root hint will be used. Note: Configure your PC to be the primary (also called master) of your own domain and also a slave for PCs in your right side. PC in your left will act as slave for your own domain. Steps: 1. Register your domain name and its name server’s FQDN (master & slave) together with their IP addresses to the domain name registry. In our lab you should approach the instructor for registration. Instructor will also act as a GTLD server for this exercise. He will be creating the delegation of .net subdomains to every pc in the lab. 2. Create a new working directory for your master server under /var/named mkdir /var/named/master 3. Create a zone file for your domain under /var/named/master and add necessary resource records like NS record, A record, txt record, MX record that will determine which host is receiving mail for your domain. For example, if you have myzone.net as your domain, you must create db.myzone.net, with the following base contents: $TTL 1d @ SOA NS.MYZONE.NET. email.myzone.net. ( 20130823 ;serial no. 30m ;refresh 15m ;retry 1d ;expire 30m ;negative cache ttl ) NS ns.myzone.net. ns A 192.168.11.1 www A 192.168.11.100 myzone.net. MX 10 mail01.myzone.net. MX 20 mail02.myzone.net. mail01 A 192.168.11.200 mail01 A 192.168.11.201

Lab 3 - Auth Server

Embed Size (px)

DESCRIPTION

DNS-Auth

Citation preview

  • Lab Exercise 3 Authoritative Server Created: 23 Aug 2013 Version 3.0 Updated: 27 Aug 2014

    Page 1 of 4

    Lab Exercise 3 Authoritative DNS Servers

    Objectives: Participants should be able to configure primary and secondary name server for a given domain name and do a zone transfer between them. This should include creating, modifying, deleting RRs and incrementing Primary name server serial number. Each participant name servers should be visible from other name servers since we will use the lab root and GTLD server. A custom lab root hint will be used. Note: Configure your PC to be the primary (also called master) of your own domain and also a slave for PCs in your right side. PC in your left will act as slave for your own domain. Steps: 1. Register your domain name and its name servers FQDN (master & slave) together with their IP

    addresses to the domain name registry. In our lab you should approach the instructor for registration. Instructor will also act as a GTLD server for this exercise. He will be creating the delegation of .net subdomains to every pc in the lab.

    2. Create a new working directory for your master server under /var/named mkdir /var/named/master 3. Create a zone file for your domain under /var/named/master and add necessary resource records

    like NS record, A record, txt record, MX record that will determine which host is receiving mail for your domain.

    For example, if you have myzone.net as your domain, you must create db.myzone.net, with the following base contents:

    $TTL 1d @ SOA NS.MYZONE.NET. email.myzone.net. ( 20130823 ;serial no. 30m ;refresh 15m ;retry 1d ;expire 30m ;negative cache ttl

    )

    NS ns.myzone.net. ns A 192.168.11.1 www A 192.168.11.100 myzone.net. MX 10 mail01.myzone.net. MX 20 mail02.myzone.net.

    mail01 A 192.168.11.200 mail01 A 192.168.11.201

  • Lab Exercise 3 Authoritative DNS Servers

    Lab Exercise 3 Authoritative Server Created: 23 Aug 2013 Version 3.0 Updated: 27 Aug 2014

    Page 2 of 4

    4. Create the configuration file (named.conf). Please note that the primary zone is of "type master" while a secondary zone is of "type slave. Specify your nameservers working directory.

    options { directory "/var/named/master"; }; zone myzone.net {

    type master; file db.myzone.net; };

    Most authoritative servers are also recursive/caching servers for their own networks. If this is the case, also add the zones defined in the recursive named.conf.

    zone . { type hint; file root.hint; }; zone "localhost" { type master; file "db.localhost" ; };

    5. In /var/named/master run bind and see if it's running properly. Error messages will give you hints

    where the error is.

    named -g -c named.conf

    6. Once BIND is running, you can do some basic test using DNS tools like "dig"

    To test your name server to display the SOA records for your domain. dig @192.168.x.1 myzone.net SOA To test your name server to display NS records dig @192.168.x.1 myzone.net NS To test your name server to display other resource records (A, MX, or TXT). You can also use the -t option to set the query type.

    dig @192.168.x.1 ns1.pcx.net A dig t MX @192.168.x.1 pcx.net

    7. Setup your server as the secondary server for your neighbour.

    (Optional) Create a folder called slave. Your primary servers zonefile will be copied to this folder.

    mkdir /var/named/master/slave

  • Lab Exercise 3 Authoritative DNS Servers

    Lab Exercise 3 Authoritative Server Created: 23 Aug 2013 Version 3.0 Updated: 27 Aug 2014

    Page 3 of 4

    In your named.conf, add the following:

    zone neighbour-zone.net {

    type slave; file //db.neighbour-zone.net; masters { ; }; };

    8. Secure your zones by restricting who can get the zone file.

    You can test this by trying zone transfer from another nameserver in the lab.

    dig @ ANOTHER-ZONE.NET AXFR If successful, you will see all the resource records as an output.

    Now, add the following line in your named.conf for the zones where you are primary:

    zone myzone.net { type master; file db.myzone.net; allow-transfer { ; };

    };

    Execute the same dig command again. If successful, the status in the dig output should say Transfer Failed.

    The complete named.conf for an authoritative+recursive server is as follows: // NAMED.CONF // global configuration options { directory /var/named/master; }; // root-hints zone . { type hint; file root.hint; }; // primary zones zone myzone.net {

    type master;

  • Lab Exercise 3 Authoritative DNS Servers

    Lab Exercise 3 Authoritative Server Created: 23 Aug 2013 Version 3.0 Updated: 27 Aug 2014

    Page 4 of 4

    file db.myzone.net; allow-transfer { ; }; };

    // secondary zones zone neighbour-zone.net {

    type slave; file //db.neighbour-zone.net; masters { ; }; };

    // recursive name server config zone "localhost" { type master; file "db.localhost" ; }; zone 0.0.127.in-addr.arpa { type master; file db.127.0.0; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { type master; file "db.ip6"; allow-update { none; };

    };


LAB 6 Backup Windows Server 2008

LAB 6 Backup Windows Server 2008

Documents
File Transfer Protocol System (FTPS) · Explicit SSL uses an explicit command (such as AUTH SSL or AUTH TLS) to ask a FTP Server initiating a secure control connection. The FTP server

File Transfer Protocol System (FTPS) · Explicit SSL uses an explicit command (such as AUTH SSL or AUTH TLS) to ask a FTP Server initiating a secure control connection. The FTP server

Documents
WebLogic Server 11gR1 Foundation Lab - img.oradba.netimg.oradba.net/files/docs/02-oracle-application-server/weblogic/03... · WebLogic Server 11gR1 Foundation Lab Introduction The

WebLogic Server 11gR1 Foundation Lab - img.oradba.netimg.oradba.net/files/docs/02-oracle-application-server/weblogic/03... · WebLogic Server 11gR1 Foundation Lab Introduction The

Documents
Lab 11 Ftp Server

Lab 11 Ftp Server

Documents
LAB 12 Print Server

LAB 12 Print Server

Documents
SQL Server Lab 2

SQL Server Lab 2

Documents
Windows Server 2008 Installation Lab

Windows Server 2008 Installation Lab

Documents
Lab DHCP Server

Lab DHCP Server

Documents
Cisco IOS Troubleshooting · redirects AAA requests to the server specified for method list sanj_aaa1:10.6.20.70 auth-port 1698 acct-port 1699. aaa group server radius sg1 server

Cisco IOS Troubleshooting · redirects AAA requests to the server specified for method list sanj_aaa1:10.6.20.70 auth-port 1698 acct-port 1699. aaa group server radius sg1 server

Documents
Lecture # 32.1 Lab 10: Server 1. Lab 10 Server 1 Add and delete names

Lecture # 32.1 Lab 10: Server 1. Lab 10 Server 1 Add and delete names

Documents
Lab 10 web server

Lab 10 web server

Documents
Lab RHN Satellite Server

Lab RHN Satellite Server

Documents
Lab 8 Mail Server

Lab 8 Mail Server

Documents
MANAGING AND MAINTAINING A MICROSOFT WINDOWS SERVER 2003 ... · lab answers: managing and maintaining a microsoft windows server 2003 environment lab manual lab answers:

MANAGING AND MAINTAINING A MICROSOFT WINDOWS SERVER 2003 ... · lab answers: managing and maintaining a microsoft windows server 2003 environment lab manual lab answers:

Documents
LAB 7 Windows Server 2008 Server Core

LAB 7 Windows Server 2008 Server Core

Documents
Server 08 Lab Manual

Server 08 Lab Manual

Documents
Lab 10: Security Testing – Linux Server

Lab 10: Security Testing – Linux Server

Documents
LAB SIP Server Installation & Testing

LAB SIP Server Installation & Testing

Documents
Client&Server Lab

Client&Server Lab

Documents
SQL Server lab notes

SQL Server lab notes

Documents
LAN Authentication Client Tested Solution host 127.0.0.1 key awplus-local-radius-server aaa group server radius Internal server 127.0.0.1 aaa authentication auth-Web default group

LAN Authentication Client Tested Solution host 127.0.0.1 key awplus-local-radius-server aaa group server radius Internal server 127.0.0.1 aaa authentication auth-Web default group

Documents
Lab Equus Computer Systems SERVER STORAGEIO® LAB …WHICH ENTERPRISE HDD TO USE WITH A CONTENT SERVER PLATFORM Server StorageIO® Lab Report Compliments of Equus Computer Systems

Lab Equus Computer Systems SERVER STORAGEIO® LAB …WHICH ENTERPRISE HDD TO USE WITH A CONTENT SERVER PLATFORM Server StorageIO® Lab Report Compliments of Equus Computer Systems

Documents
Lab Assignment 4 Basics of ArcGIS Server - TerpConnectterpconnect.umd.edu/~mhumber/files/lab_4/GEOG677_Lab4_Detailed... · Lab Assignment 4 – Basics of ArcGIS Server ... This lab

Lab Assignment 4 Basics of ArcGIS Server - TerpConnectterpconnect.umd.edu/~mhumber/files/lab_4/GEOG677_Lab4_Detailed... · Lab Assignment 4 – Basics of ArcGIS Server ... This lab

Documents
DATA NOTIFICATIONS AUTH SERVER LOGIC LOGGING DIAGNOSTICS PLATFORMS: SCHEDULER SCALE

DATA NOTIFICATIONS AUTH SERVER LOGIC LOGGING DIAGNOSTICS PLATFORMS: SCHEDULER SCALE

Documents
Server 2008 Lab Manual

Server 2008 Lab Manual

Documents
SQL Server Lab 3

SQL Server Lab 3

Documents
The Perfect Server - CentOS 5.5 x86 64 [ISPConfig 2 ... · server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, ... FTP Server: Proftpd POP3/IMAP server:

The Perfect Server - CentOS 5.5 x86 64 [ISPConfig 2 ... · server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, ... FTP Server: Proftpd POP3/IMAP server:

Documents
Web Security: Vulnerabilities & Attacksdawnsong/teaching/f12...secure = (only over SSL) Dawn Song Cookie authentication Browser Web Server Auth server POST login.cgi Username & pwd

Web Security: Vulnerabilities & Attacksdawnsong/teaching/f12...secure = (only over SSL) Dawn Song Cookie authentication Browser Web Server Auth server POST login.cgi Username & pwd

Documents
Lab Equus Computer Systems SERVER STORAGEIO® LAB REVIEW · Server StorageIO® Lab Report Compliments of Equus Computer Systems and Seagate October 31, 2015 This Server ... Server

Lab Equus Computer Systems SERVER STORAGEIO® LAB REVIEW · Server StorageIO® Lab Report Compliments of Equus Computer Systems and Seagate October 31, 2015 This Server ... Server

Documents
Carlos Armas Roundtrip Networks Hervey Allen NSRC · snmp-server view vista-ro internet included snmp-server group ReadGroup v3 auth read vista-ro snmp-server user admin ReadGroup

Carlos Armas Roundtrip Networks Hervey Allen NSRC · snmp-server view vista-ro internet included snmp-server group ReadGroup v3 auth read vista-ro snmp-server user admin ReadGroup

Documents