Post on 30-Dec-2015
description
DNS
DNS
DNS
DNS
DNS is a network service that enables clients to resolve names to IP address and vice-versa.
Allows machines to be logically grouped by domain names.
Provides email routing information.
Internet Naming Hierarchy
DNS
The silent dot at theend of all addresses
.com .net .org .in
.sidbi
www
.ac .co
.iitk
www
.yahoo
www
DNS OperationDNS Setup
A DNS server maintains the name to IP address mapping of the domain for which it is the name server.
The DNS server for a domain is registered with the domain registrar and the entry is maintained by the Internet Root-Servers (13) or Country Level Root-Servers.
Whenever a server is queried, if doesn’t have the answer, the root servers are contacted.
The root servers refer to the DNS server for that domain (in case the domain is a top level domain) or the Country Root Server (in case the domain is country level domain).
DNS Configuration
DNS Setup
named daemon is used
A DNS Server may be caching/master/slave server
The named.ca file has information of all Root Servers.
There is a Forward Zone file and a Reverse Zone file for every domain.
Configuration file:
/var/named/chroot/etc/named.conf
Forward Zone File:
/var/named/chroot/var/named/<forward_zone_file>
Reverse Zone File:
/var/named/chroot/var/named/<reverse_zone_file>
Sample Master named.confDNS Setup
zone "." { type hint; file "named.ca";};zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-query {any;};};zone "iitk.ac.in" { type master; file "hosts.db"; allow-query {any;};};zone "95.200.203.IN-ADDR.ARPA" { type master; file "hosts.rev.203.200.95"; allow-query {any;};
};
zone "iitk.ernet.in" {
type slave;
file "hosts.iitk.ernet.in";
masters { 202.141.40.10; };
allow-query {any;};
Sample Forward Zone File
DNS Setup
$TTL 86400
@ IN SOA ns.iitk.ac.in. root.ns.iitk.ac.in. (
200605091 ; Serial
10800 ; Refresh - 3 hours
3600 ; Retry - 1 hour
1209600 ;Expire - 1 week
43200 ) ; Minimum TTL for negative answers - 12 hours
IN NS ns.iitk.ac.in.
IN NS proxy.iitk.ac.in.
IN MX 5 mail0.iitk.ac.in.
IN MX 10 mail1.iitk.ac.in.
IN MX 20 mail2.iitk.ac.in.
$ORIGIN iitk.ac.in.
ns IN A 203.200.95.142
mail IN A 203.200.95.144
proxy IN CNAME mail
Sample Reverse Zone FileDNS Setup
$TTL 86400$ORIGIN 200.203.in-addr.arpa.95 IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 5 minutes 3600 ; Retry - 1 minute 1209600 ; Expire - 1 weeks 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns.iitk.ac.in. IN NS proxy.iitk.ac.in.
$ORIGIN 95.200.203.in-addr.arpa.;;142 IN PTR ns.iitk.ac.in.144 IN PTR mail.iitk.ac.in.
Configuring Local ResolverDNS Setup
/etc/resolv.conf
server 127.0.0.1
Test DNSDNS Setup
nslookup
host
dig
Test your DNS with the following DNS diagnostics web site: dnsstuff.com
Advanced BIND FeaturesDNS Setup
Access List
Round Robin Load Sharing
Dynamic DNS Update
Access Control ListDNS Setup
ACL is a list of semi-colon separated IP addresses or networks.
Create ACLs and apply directives on specified ACLs
acl “mynetwork” { 172.31.0.0/16; 172.30.1.1; };
allow-query {mynetwork; };
allow-transfer {mynetwork; };
allow-update {mynetwork; };
Dynamic DNS UpdateDNS Setup
Allows the DNS server to update the Name and IP address of hosts on the network.
To disable DDNS, use the directive:
allow-update {none; };
Round Robin Load SharingDNS Setup
Load Balancing can be achieved by use of multiple A records for the same name:
www IN A 203.200.95.140
www IN A 203.200.95.141
www IN A 203.200.95.142