Sample DNS configurations. Example 1: Master 'master' DNS and is authoritative for this zone for...
-
Upload
marjorie-manning -
Category
Documents
-
view
217 -
download
0
Transcript of Sample DNS configurations. Example 1: Master 'master' DNS and is authoritative for this zone for...
Sample DNS configurations
Example 1: Master
'master' DNS and is authoritative for this zone for example.com
provides 'caching' services for all other domains
provides recursive query services to local resolvers only (a closed DNS)
Example 2: Slave
‘Slave’ DNS for this zone for example.com Gets its information from the zone master
and is authoritative when it has a valid zone configuration.
provides 'caching' services for all other domains
provides recursive query services to local resolvers only (a closed DNS)
Example 3: Caching only server
The name server is not a 'master' or 'slave' for any domain All BIND servers will cache previous queries until
TTL expires Provides 'caching' services for all other
domains Provides recursive query services to local
resolvers only (a closed DNS) [Could act as caching only for some
domains, master for other domains (zones)]
Example 4: Forwarding server
Also known as Proxy, Remote and Client Server The name server is not a 'master' or 'slave' for any
domain All requests are forwarded to the specified
forwarders Only means it will stop if the forwarders have no answer default is first – start with forwarders and then look
elsewhere
Reduces network traffic – particularly over a slow link.
Example 5: Stealth server
Also known as DMZ or Split Server Need for a public DNS to enable access to
web, mail ftp etc.. Does not want the world to see any of its
internal hosts either by interrogation (query or zone transfer) or should the DNS service be compromised.
Example 5: Stealth server
How?
The zone file for the 'Stealth' server will contain both public and private hosts
Whereas the 'Public' server's master zone file will contain only public hosts. Options such as 'master', 'allow-notify','allow-
transfer' must not refer to the Stealth Server
Example 5: Stealth server
DHCP
Dynamic Host Configuration Protocol
DHCP
Dynamic Host Configuration Protocol Provides services to both DHCP and BOOTP clients DHCP/BOOTP Clients request and are granted IP
addresses (and other information about themselves and the network)
Best to have only one machine on an Ethernet segment (VLAN) is designated a DHCP server
DHCP Service Profile
System-V Managed Service Daemon: dhcpd Script: dhcpd Ports: 67 (bootps) 68 (bootpc) Configuration:
/etc/dhcpd.conf /var/lib/dhcp/dhcp.leases
Client: dhclient
DHCP Configuration
/etc/dhcpd.conf Must have a broadcast address specified for
the relevant interface (ifconfig) Leases are recorded in
/var/lib/dhcp/dhcpd.leases as they are assigned
DHCP
DHCP Information
Typically a DHCP server will supply information about the network’s subnet address and mask The default gateway Domain Name and DNS Servers Locations of kick-start configuration files (for diskless
clients) DHCP is a superset of BOOTP BOOTP does not have the notion of a ‘lease’ period
DHCP – How it works
DHCP Client sends a DHCP Discover message Subnet broadcast address as destination 0.0.0.0 as source address
DHCP server responds with a DHCP Offer message Includes a suggested IP address to use
DHCP – How it works
DHCP Client receives DHCP Offer and sends DHCP Request Message
DHCP Server receives DHCP Request and sends a DHCP Ack message
DHCP Client receives DHCP Ack message Configures TCP/IP stack to use the address
Other messages: DHCP Inform DHCP Release
Configuration in /etc/dhcp.conf
#global settingsoption domain-name “example.com”option domain-name-servers 192.158.0.254
default –lease-time 21600 # 6 hours to expirymax-lease-time 43200 # max lease time
Dynamic/Static IP Addresses
IP addresses are either assigned dynamically from a pool of available addresses or Statically, based on the MAC address of the
requesting machine. This is usually called a reservation
The assigned IP address is made available for a configurable amount of time, the ‘lease’ period, and may be renewed by the client
DHCP Configuration by scope
# DHCP scope settingssubnet 192.168.0.0 netmask 255.255.255.0{
range 192.168.0.128 192.168.0.250;option domain-name “example.com”;option routers 192.168.0.254;
host station1{hardware ethernet 00:ab:08:33:cd:92;fixed-address 192.168.0.129;
}}