Linux Operations and Administration Chapter Eleven Domain Name System

Linux Operations and Administration

Chapter ElevenDomain Name System

Objectives

• Describe Domain Name System and how it relates to the Internet

• Install and configure Berkeley Internet Name Daemon (BIND)

• Check the status of a DNS server via the command line

• Identify zones and describe the elements in a zone file

• Explain how the different types of resource records affect zones

Introduction to Domain Name System

• Name server– A central database that translates names to IP

addresses (or IP addresses to names)– Simplified network management dramatically– This method worked for local networks, but not for

resources on the Internet

• Resource record– A file containing resource information or

characteristics about a zone or domain

DNS on the Internet

• Internet’s Domain Name System (DNS)– Associates an IP address (such as 204.21.112.110)

with an actual name (such as server1)– Network resources can be accessed by easy-to

remember names

• Berkeley Internet Name Daemon (BIND)– Usually carries out translation for DNS– Open-source software containing DNS protocols

needed to resolve hostnames to IP addresses

DNS on the Internet (cont’d.)

• Goal of DNS is to decentralize administration– DNS is a distributed and hierarchical database– Allows controlling DNS management locally

• Local DNS server– Can handle cached hostname requests– Doesn’t contain information on every hostname on

the Internet– Forwards requests for unknown hostnames to a

forwarder

• Forwarder– A type of DNS server– Forwarder’s job is to handle off-site requests

generated at the system known as “localhost”

• Caching– A feature that stores DNS queries on the local site

for fast hostname–to–IP address resolution

• Local administrators can manage local DNS servers

• Root DNS servers– Centrally controlled public DNS servers– Control the Internet’s top-level domains (TLDs)

• Table 11-1– Describes some of the most recognizable top-level

domains

Table 11-1 Common top-level domains

• DNS database is structured as an inverted tree– Also known as domain namespace– Root at top of the tree– TLDs beneath it– Nodes (leaves) of the tree are called domains and

have labels• Such as .gov for U.S. government domain

– Domain names are derived from node labels– Each level of hierarchy is separated by dots in

domain name

Figure 11-1 The DNS structure© Cengage Learning 2013

Installing BIND

• Installing BIND is similar to installing Apache Web Server

• YaST Software Management is used to install the DHCP and DNS Server pattern– Installs:

• All the necessary DNS modules, such as BIND

• BIND documentation files

• DNS Server Configuration utility

Installing BIND (cont’d.)

• BIND documentation files– Found in /usr/share/doc/packages/bind/arm/ directory

– Consist of eight chapters

• Activity 11-1: Installing BIND– Install BIND and other DNS-related packages

Configuring BIND

• BIND– Requires no further configuration after being

installed in openSUSE– Runs as a daemon known as named

• Pronounced “name-dee,” not “named”

• named.conf– Main BIND DNS configuration file– Found in /etc directory

Configuring BIND (cont’d.)

• To start the named daemon (BIND):– Use rcnamed start command

• Table 11-2– Describes common commands for determining the

daemon’s status

• Options to edit named.conf file– Use a text editor, such as vim– Use YaST DNS module

• Available after you install BIND

Table 11-2 Common named commands

• To start YaST DNS module– Use yast2 dns-server command

• Requires root privileges

• DNS Server Installation Wizard– Opens the first time you start the module– Enables you to add forwarders– Expert mode

• Available after you step through the basic settings

• For more advanced configuration tasks

Figure 11-2 The DNS Server Installation Wizard© Cengage Learning 2013

Forwarder

• Can have up to three forwarders in DNS configuration– These servers enable you to:

• Forward unresolved queries to an off-site DNS server

• Cache results on your local DNS server

Forwarder (cont’d.)

• First time you configure a DNS server, the forwarder list is empty– Forwarder declaration in /etc/named.conf file is,

by default, a commented line; for example:

#forwarders { 192.0.2.1; 192.0.2.2; };– Deleting # symbol adds the two servers (192.0.2.1

and 192.0.2.2 in example) to forwarder list

DNS Zones

• Zone– A portion of the DNS namespace

• Zone file– Stores the data for a zone

• Master name server– An authoritative name server that stores the primary

copies of zone records

DNS Zones (cont’d.)

• Slave name server– Also known as a secondary name server– Maintains a copy of master zone file that’s used as a

backup– Provides redundancy if master name server is

unavailable

• Entries in zone file– Line 1

• Time-to-live (TTL) entry

– Line 2• Start of Authority (SOA) resource record

– Line 3• Serial number

– Line 4• Refresh rate

– Line 5• Retry rate

– Line 6• Expiration entry

– Line 7• Negative TTL entry

– Line 8• NS resource record

• Identifies mail servers (mail exchangers) for a zone

• Table 11-3– Describes fields in MX RR

• Example:

MX RR (cont’d.)

Table 11-3 MX resource record fields

• A (address) RR– Most common resource record– Used to resolve a hostname to an IPv4 address for

locating a resource

• Table 11-4– Describes fields in the A RR

• Example:

A RR (cont’d.)

Table 11-4 A resource record

PTR RR

• PTR (pointer) RR– Used to resolve an IPv4 address to its hostname– Performs the reverse of what an A RR does

• Table 11-5– Describes fields in the PTR RR

• Example:

PTR RR (cont’d.)

Table 11-5 PTR resource record

CNAME RR

• CNAME (canonical name) RR– Enables you to create an alias for a host

• Table 11-6– Describes fields in the CNAME RR

• Example:

CNAME RR (cont’d.)

Table 11-6 CNAME resource record

Expert Configuration Mode

• Final window in DNS Server Installation Wizard– Option to open DNS port in your firewall– Option to start DNS server automatically at bootup

• After completing DNS Server Installation Wizard– Whenever you open the DNS module, you’re in

expert configuration mode

Start-Up

• Settings under Start-Up window– Whether DNS starts automatically when the server

starts or must be started manually– Firewall settings, such as opening the firewall port to

allow remote computers to access DNS service– Stop, start, and reload DNS server

Start-Up (cont’d.)

Forwarders

• Forwarders window – Used for the same task as in DNS Server Installation

Wizard• Adding IP addresses to the list of forwarder servers

Basic Options

• Basic Options window– Displays options that have already been defined for

the zone

• Ways to add options:– Use Basic Options window

• If you use this window, information is updated in /etc/named.conf file automatically

– Edit /etc/named.conf file

• Table 11-7– Describes the options that can be added or modified

Basic Options (cont’d.)

Table 11-7 Settings in the Basic Options window

Table 11-7 Settings in the Basic Options window (continued)

Logging

• Logging window– Can be used to configure logging options for DNS

server– By default, DNS server sends log data to the

systemwide log file /var/log/messages– Additional Logging section

• Log All DNS Queries option

• Log Zone Updates option

• Log Zone Transfers option

Logging (cont’d.)

Access Control List (ACL)

• Access Control List (ACL) window– Used by BIND administrators to control who can

perform operations on the name server

• When creating an ACL, you must:– Give it a unique name– Specify an IP address under Value heading

Access Control List (ACL) (cont’d.)

• When creating an ACL, the IP address must be:– Enclosed by braces– End with a semicolon– Example: { 204.21.112.24; }

TSIG Keys

• Transaction signatures– Used to secure communication between two servers

• Usually between DHCP and DNS servers

• Ways to generate keys for this signature:– TSIG Keys window– dnssec-keygen command

TSIG Keys (cont’d.)

• Activity 11-2: Configuring BIND– Review settings in the /etc/named.conf file and

configure a BIND server with the DNS Server Installation Wizard

• Activity 11-3: Creating a Resource Record in YaST– Use the YaST DNS Server module to create a

resource record

TSIG Keys (cont’d.)

Summary

• Domain Name System (DNS)– Translates domain names and hostnames to IP

addresses– A distributed and hierarchical database– Allows controlling DNS management locally

• BIND– Open-source DNS server software

• Local DNS sites can forward DNS queries to a forwarder DNS server– It forwards the request to an off-site DNS server

Summary (cont’d.)

• DNS structure is viewed as an inverted tree

• Main DNS configuration file is named.conf file in the /etc directory

• YaST DNS module is included with DNS installation and is used to configure DNS servers

• DNS zone file is a text file that stores resource records and other data for a zone

• Expert configuration mode for YaST DNS module gives access to more advanced configuration tasks

Linux Operations and Administration Chapter Eleven Domain Name System

Documents

Chapter Eleven - California Institute of Technologymurray/books/AM05/pdf/am08-loopsyn_04Mar1… · Chapter Eleven Frequency Domain ... 318 CHAPTER 11. ... signal y and a vector of

PowerPoint プレゼンテーションELEVEn MANPOWER EFFECIENCY IMPROVEMENT PROJECT ELEVEn Vin

Chapter Eleven THE MORTGAGE MARKETS. Chapter Eleven The Mortgage Markets

Linux Professional Institute Certification Level 2 Exam... · Linux - CentOS 6, CentOS 7 (or Other SysVInit or Systemd Distribution) 1 Topic 207 - Domain Name Server 1 ... 210.3 Configuring

Chapter Eleven - California Institute of Technologymurray/books/AM05/pdf/am08... · Chapter Eleven Frequency Domain Design ... the load disturbance d and the measurement noise n

Linux kernel 3.0 release - cnblogs.com...similar as Linux system call • event channel • grant table • domain control • … Linux wrapper interfaces trap Guest OS kernel to

Setting Up Your New Domain Mini-HOWTO. - Linux · PDF file · 2008-12-14speed networking and services under their own domain name. ... while servers and the private network gateway

Linux Multi-Domain Hosting Start-Up Guide

Eleven lessons: managing design in eleven global companies - Design Council

understand the times.” Eleven Guiding Eleven Guiding

Finger Eleven

Dell EMC BoostFS for Linux · Dell EMC BoostFS for Linux Version 1.2 Configuration Guide ... Boost Everywhere - Data Domain BoostFS Integration Guide: Application Validation and Best

Linux Kernel Networking – advanced topics (6) - Haifuxhaifux.org/lectures/219/netLec6.pdf · Linux Kernel Networking – advanced topics (6) ... Unix domain sockets do not support

Joining a SUSE Linux Enterprise Server to a Microsoft … Joining a SUSE Linux Enterprise Server to a Microsoft Azure Active Directory Domain Services Managed Domain You can also create

Eleven lessons: managing design in eleven global companies · 2015-03-23 · Eleven lessons: managing design in eleven global companies . Desk research report . Issue Date . 5 November

Chapter 6 · Section 6.4 below). Chapter Eleven contains limited design guidance for these secondary practices. 6.3.1 Conventional Practices Conventional or “public-domain” (as

Nomicon Saga Extremis No. 5 - Eleven Eleven

Plesk 8.3 for Linux/Unix Domain Administrator's Guide

Setting Up Your New Domain Mini-HOWTO. - The Linux Documentation

using QT Asymmetric Systems Solutions on Developing Embedded · 2019-12-24 · Linux and FreeRTOS talking Linux - Master Domain FreeRTOS – Remote Domain U-boot load and starts M4