------------------------- Week 12 Notes for NET2003 ------------------------- -Ian! D. Allen - idallen@idallen.ca - www.idallen.com Remember - knowing how to find out an answer is more important than memorizing the answer. Learn to fish! RTFM! (Read The Fine Manual) Keep up on your readings (Course Outline: average 5 hours/week homework). A good way to memorize the material is to take notes in class and then merge your notes with my published note summaries after class. You won't be able to Google search during tests and exams. * Abbreviation "ALN" = your "Advanced Linux Networking" text by R.W.Smith Free O'Reilly Safari eBook Resources (from an Algonquin network address): http://proquest.safaribooksonline.com/ Review: Week 11 notes =============================================================================== Configuring DNS (BIND/named) - ALN Chapter 18 p.451 ---------------------------- - What does D.N.S. stand for and what is its purpose? p.451 - Give two major reasons for running a DNS server on your machine. p.451,452 - Describe how a DNS server might resolve "www.google.ca" into an IP address. p.452-453 - In a lookup of "www.google.ca", why is it unlikely that the root DNS servers would need to be queried? p.454 - If you want to run DNS and connect your DNS server to the broader Internet, what is the minimum number of DNS servers you will be asked to run? p.454 - What makes a "dynamic DNS" different from the usual static DNS? p.455 - Can a single DNS server running on your machine provide both names for machines that are not on your own network and also provide names for machines that are on your own network? p.455 - If you run a local DNS server to look up external addresses (e.g. look up google.ca), what advantages are there over using an outside DNS server? p.455 - True/False: All entries in a DNS server must be public names visible to the Internet. p.455-456 - What is a common alternate way to do name resolution on Unix/Linux systems, without using DNS servers? Where is the config file? p.456 - What is the title (NAME) of the Unix man page for the hosts file? - True/False: the hosts file is usable with DHCP dynamic addresses. p.456 - When you register a new domain name, how many (minimum) DNS servers must you supply at registration? p.458 - What is the package name of the most popular DNS server for Unix/Linux? p.458-459 - What is the actual running name of the DNS server program (and man page) in the above package? p.459 - What is the name of the DNS SysV start-up script? - Looking in the start-up script, what is the name of the Linux userid used to run the DNS system (given as an option to the DNS program when it is started as a daemon)? Does this userid exist in the password file? What is the numeric uid and gid for this userid? - Where is the main BIND DNS configuration file? p.459 - What is the title (NAME) of the Unix man page for the BIND DNS config file? - True/False: if the main BIND DNS configuration file exists but is empty, the DNS SysV start-up script will exit without starting DNS. (Go look!) - There is a FAQ file in the BIND documentation directory. What is the absolute pathname of this FAQ file? p.460 - The FAQ says how to solve the error "/var/run/named.pid: Permission denied". Does the suggested directory already exist in your Mini system? Note that, unlike C language, you must put a ';' after a closing brace inside the DNS named.conf file! p.460 - What is the function of the named.conf "directory" option? p.460 Note: Write in the comment "A Forwarding DNS Server" before the options section in Listing 18.1 in your textbook. Unfortunately, the comment and syntax conventions for the main named.conf config file and its subsidiary zone-specific config files are different! (They used to be the same until BIND version 8.) Comment syntax for the named.conf file is documented in the man page (RTFM) - you can use C, C++, or shell-style comments. You must *NOT* use a semicolon. DNS zone-specific file comments *MUST* begin with a semicolon. See the warning p.467 - What is the absolute pathname to the threeroomco.com zone file in Listing 18.1? p.460 - The first stage in a DNS lookup requires the addresses of the DNS root name servers, which are kept in a local file that is referred to by the root zone (".") in the main named.conf file. What does the root zone specification in named.conf look like? p.461 - The root name servers zone-specific file (often called named.ca) has comments at the top that indicate from where you can fetch a fresh copy. Based on the comments, when was this root server file last updated? - Unix pathnames often use "/" to indicate the "root" of the file system. What is the name of the "root" zone of the DNS domain name system? p.461 - What is a "Forwarding DNS Server" (the "fourth" option)? p.462 - What is the function of the DNS "forwarders" and "forward" options? p.462 - What is a BIND "zone"? p.462-463 - What is a "reverse DNS lookup"? p.463 - How would I configure a zone in named.conf for reverse DNS for 127.0.0.0/24? p.463,461 - How would I configure a zone in named.conf for reverse DNS for 127.0.0.0/8? p.463,461 Yes, the book is wrong and should have configured the /8 not the /24. - The zone names for reverse DNS end in what domain name? p.463,461 - What is specified in the smallest basic named.conf zone configuration? p.463 (Hint: You need two lines for the zone. What lines are they?) - Describe these DNS zone types: "master", "slave", "hint" p.463-464 - True/False: a named.conf file can contain only one type of DNS zone. p.464 - What changes are needed to a named.conf zone entry to turn it from a "master" zone to a "slave" zone? p.464 - A slave DNS zone must obtain DNS information from another DNS server (often the "master" for the zone) using a "zone transfer". What DNS keyword is used to specify the IP addresses of the other server(s)? On the other server(s), what DNS config file option controls which machines are allowed to initiate this zone transfer? p.465 Zone transfers are often done using TCP, where most of the rest of DNS runs on UDP. You must open both ports in your firewall. If you have any "master" zones in your named.conf file, those zones refer to other zone-specific config files that you must create. You must create the associated zone-specific config files that contain the actual names and IP addresses of your domain. p.465-466 - What is the name of a common small-network DNS configuration? p.471 A minimal ("caching") DNS config file needs only the root name server zone. The book claims no root zone is needed (the named.conf file can be empty!); but, that's only because the "named" program comes with a "compiled-in" list of root servers that may or may not be correct - it's best to have the current, up-to-date set of root servers specified. Having a zone to reverse-map localhost 127. is also handy, but not essential. A minimal DNS server minimally configured this way will operate as a "caching-only server" as in Figure 18.1 and cache results received. p.471-472 The book claims that a caching server must have "forward" options; this is not true. You can run a useful caching server without any forwarding set (an empty named.conf file!) - it will simply cache requests that it resolves. See the Warning p.472. I think it better to have "slow but correct" DNS answers rather than "quick but wrong" answers! - How is the DNS server usually started? p.474 - What tool is useful to try DNS host name lookups? p.474 - How would you look up www.google.ca in the DNS server running on machine ns1.algonquincollege.com ? Another useful DNS tool is "dig". The example below fetches the "a" type (address) records for the host idallen.ca. from the name server localhost: $ dig @localhost idallen.ca. a ... ;; ANSWER SECTION: idallen.ca. 7303 IN A 216.180.243.122 ... Where the "host" command often fetches more than you ask for (e.g. it fetches mail delivery MX records too), the "dig" command only asks for exactly what you want. The "dig" command also shows the number of seconds remaining in the cache lifetime of the record fetched. - What well-known port does DNS use? TCP or UDP or both? - What is the Unix name for this port/service (from /etc/services)? =============================================================================== How to future-proof your DNS: http://www.uit.co.uk/practical-tcp/w-dnsfut-039.pdf - assign IP addresses to services, not servers http://www.uit.co.uk/practical-tcp/w-ipaliasl-005.pdf - configure your servers to multi-home (one NIC, many addresses) =============================================================================== //*EOF End of Lecture Notes for 2008 ===============================================================================