CIS 192B – Lesson 2

Domain Name

System

CIS 192B – Lesson 2

Types of Services

• Infrastructure– DHCP, DNS, NIS, AD, TIME

• Intranet– SSH, NFS, SAMBA

• Internet– MAIL, WEB, FTP, CUPS

CIS 192B – Lesson 2

Components of a Service

/

etc usr var

sysconfig init.d bin libsbin log

CIS 192B – Lesson 2

An OverviewCreated in 1983 from the work led by Paul MockapetrisImproves the deficiencies of the /etc/hosts fileDNS manages two databases (zones) Forward lookup zones: for mapping Domain names to IP addresses Reverse lookup zones: for mapping IP addresses to Domain namesThree components to DNS: Resolver The Server

Primary Secondary Caching

Database files (db.domain-name)Supports two type of queries: Recursive Iterative

Most popular implementation of DNS is Berkely Internet Name Daemon (BIND)Maintained by the Internet Software Consortium: www.isc.org

CIS 192B – Lesson 2

DNS Service Installation

• Package names: bind, caching-nameserver, [bind-chroot]

• Daemon name: /usr/sbin/named

• Startup script: /etc/rc.d/init.d/named startor service named start

• Database files: /var/named/named.ca IP address of root servers/var/named/db.in-addr.arpa reverse

lookups/var/named/db.domain-name forward

lookups

• Configuration files: /etc/named.conf/etc/resolv.conf/etc/nsswitch.conf

• To reload configuration files: rndc reload

CIS 192B – Lesson 2

Steps to Installation

1. Install software package using yum or rpm2. Customize service’s configuration file3. Modify the firewall to allow access to the

service4. Configure service to automatically start

when system boots5. Monitor and verify service is running6. Troubleshoot as necessary7. Monitor log files as appropriate8. Configure additional security

CIS 192B – Lesson 2

named.conf

CIS 192B – Lesson 2

SyntaxSections:

name {

directives ...

};

Address Match Lists:{ ! 172.30.4.125; 172.30.4/24; };

{ 172.30.4/24; 10.10/16; 127.0.0.1; };

Zones:zone “zone-name” {

type [master | slave]

file db.zone-name

};

CIS 192B – Lesson 2

Database Zone files$TTL 86400

; domain Zone Definition

@ IN SOA hostname.fqdn. root.fqdn. (

2012041700 ; serial number10800 ; refresh (sec) 1800 ; retry

1209600 ; expire 300 ) ; minimum

IN NS hostname.gqdn.

hostname IN A ip-address

alias IN CNAME hostname

CIS 192B – Lesson 2

Database Resource Records

• SOA Start of Authority• NS Nameserver• MX Mail hubs• A Address• CNAME Aliases• PTR Pointer (for reverse lookups)

CIS 192B – Lesson 2

Network Diagrams

CIS 192B – Lesson 2

Network Diagrams

CIS 192B – Lesson 2

Project Diagram 1

RoterRouter/Firewall

RoterRoterRoter

172.30.4.0/24

NoPar

Internet

192.168.X.0/24

DNSDHCPNFS

MailCUPSSSH

Server1 Server2 Client1

CIS 192B – Lesson 2

Project Diagram 2

RoterRouter/Firewall NoPar

172.30.4.0/24

192.168.X.0/24 192.168.Y.0/24

Roter Roter Roter Roter

Client Server NFS SSH DHCP

Server Mail DNS

Server HTTP FTP

Internet

CIS 192B – Lesson 2

Project Diagram 3

RoterRouter/Firewall NoPar

172.30.4.0/24

Internet

RoterRouter/FirewallRoterServer CUPS DNS

RoterServer1 DHCP NFS

RoterServer2 SSH DNS