Sample DNS configurations

Example 1: Master

'master' DNS and is authoritative for this zone for example.com

provides 'caching' services for all other domains

provides recursive query services to local resolvers only (a closed DNS)

Example 2: Slave

‘Slave’ DNS for this zone for example.com Gets its information from the zone master

and is authoritative when it has a valid zone configuration.

provides 'caching' services for all other domains

provides recursive query services to local resolvers only (a closed DNS)

Example 3: Caching only server

The name server is not a 'master' or 'slave' for any domain All BIND servers will cache previous queries until

TTL expires Provides 'caching' services for all other

domains Provides recursive query services to local

resolvers only (a closed DNS) [Could act as caching only for some

domains, master for other domains (zones)]

Example 4: Forwarding server

Also known as Proxy, Remote and Client Server The name server is not a 'master' or 'slave' for any

domain All requests are forwarded to the specified

forwarders Only means it will stop if the forwarders have no answer default is first – start with forwarders and then look

elsewhere

Reduces network traffic – particularly over a slow link.

Example 5: Stealth server

Also known as DMZ or Split Server Need for a public DNS to enable access to

web, mail ftp etc.. Does not want the world to see any of its

internal hosts either by interrogation (query or zone transfer) or should the DNS service be compromised.

Example 5: Stealth server

How?

The zone file for the 'Stealth' server will contain both public and private hosts

Whereas the 'Public' server's master zone file will contain only public hosts. Options such as 'master', 'allow-notify','allow-

transfer' must not refer to the Stealth Server

Example 5: Stealth server

DHCP

Dynamic Host Configuration Protocol

DHCP

Dynamic Host Configuration Protocol Provides services to both DHCP and BOOTP clients DHCP/BOOTP Clients request and are granted IP

addresses (and other information about themselves and the network)

Best to have only one machine on an Ethernet segment (VLAN) is designated a DHCP server

DHCP Service Profile

System-V Managed Service Daemon: dhcpd Script: dhcpd Ports: 67 (bootps) 68 (bootpc) Configuration:

/etc/dhcpd.conf /var/lib/dhcp/dhcp.leases

Client: dhclient

DHCP Configuration

/etc/dhcpd.conf Must have a broadcast address specified for

the relevant interface (ifconfig) Leases are recorded in

/var/lib/dhcp/dhcpd.leases as they are assigned

DHCP

DHCP Information

Typically a DHCP server will supply information about the network’s subnet address and mask The default gateway Domain Name and DNS Servers Locations of kick-start configuration files (for diskless

clients) DHCP is a superset of BOOTP BOOTP does not have the notion of a ‘lease’ period

DHCP – How it works

DHCP Client sends a DHCP Discover message Subnet broadcast address as destination 0.0.0.0 as source address

DHCP server responds with a DHCP Offer message Includes a suggested IP address to use

DHCP – How it works

DHCP Client receives DHCP Offer and sends DHCP Request Message

DHCP Server receives DHCP Request and sends a DHCP Ack message

DHCP Client receives DHCP Ack message Configures TCP/IP stack to use the address

Other messages: DHCP Inform DHCP Release

Configuration in /etc/dhcp.conf

#global settingsoption domain-name “example.com”option domain-name-servers 192.158.0.254

default –lease-time 21600 # 6 hours to expirymax-lease-time 43200 # max lease time

Dynamic/Static IP Addresses

IP addresses are either assigned dynamically from a pool of available addresses or Statically, based on the MAC address of the

requesting machine. This is usually called a reservation

The assigned IP address is made available for a configurable amount of time, the ‘lease’ period, and may be renewed by the client

DHCP Configuration by scope

# DHCP scope settingssubnet 192.168.0.0 netmask 255.255.255.0{

range 192.168.0.128 192.168.0.250;option domain-name “example.com”;option routers 192.168.0.254;

host station1{hardware ethernet 00:ab:08:33:cd:92;fixed-address 192.168.0.129;

}}