Upload
charleen-berry
View
253
Download
0
Tags:
Embed Size (px)
Citation preview
Linux Operations and Administration
Chapter ElevenDomain Name System
Linux Operations and Administration
Objectives
• Describe Domain Name System and how it relates to the Internet
• Install and configure Berkeley Internet Name Daemon (BIND)
• Check the status of a DNS server via the command line
• Identify zones and describe the elements in a zone file
• Explain how the different types of resource records affect zones
2
Linux Operations and Administration
Introduction to Domain Name System
• Name server– A central database that translates names to IP
addresses (or IP addresses to names)– Simplified network management dramatically– This method worked for local networks, but not for
resources on the Internet
• Resource record– A file containing resource information or
characteristics about a zone or domain
3
Linux Operations and Administration
DNS on the Internet
• Internet’s Domain Name System (DNS)– Associates an IP address (such as 204.21.112.110)
with an actual name (such as server1)– Network resources can be accessed by easy-to
remember names
• Berkeley Internet Name Daemon (BIND)– Usually carries out translation for DNS– Open-source software containing DNS protocols
needed to resolve hostnames to IP addresses
4
Linux Operations and Administration
DNS on the Internet (cont’d.)
• Goal of DNS is to decentralize administration– DNS is a distributed and hierarchical database– Allows controlling DNS management locally
• Local DNS server– Can handle cached hostname requests– Doesn’t contain information on every hostname on
the Internet– Forwards requests for unknown hostnames to a
forwarder
5
Linux Operations and Administration
DNS on the Internet (cont’d.)
• Forwarder– A type of DNS server– Forwarder’s job is to handle off-site requests
generated at the system known as “localhost”
• Caching– A feature that stores DNS queries on the local site
for fast hostname–to–IP address resolution
• Local administrators can manage local DNS servers
6
Linux Operations and Administration
DNS on the Internet (cont’d.)
• Root DNS servers– Centrally controlled public DNS servers– Control the Internet’s top-level domains (TLDs)
• Table 11-1– Describes some of the most recognizable top-level
domains
7
Linux Operations and Administration
DNS on the Internet (cont’d.)
8
Table 11-1 Common top-level domains
Linux Operations and Administration
DNS on the Internet (cont’d.)
• DNS database is structured as an inverted tree– Also known as domain namespace– Root at top of the tree– TLDs beneath it– Nodes (leaves) of the tree are called domains and
have labels• Such as .gov for U.S. government domain
– Domain names are derived from node labels– Each level of hierarchy is separated by dots in
domain name
9
Linux Operations and Administration
DNS on the Internet (cont’d.)
10
Figure 11-1 The DNS structure© Cengage Learning 2013
Linux Operations and Administration
Installing BIND
• Installing BIND is similar to installing Apache Web Server
• YaST Software Management is used to install the DHCP and DNS Server pattern– Installs:
• All the necessary DNS modules, such as BIND
• BIND documentation files
• DNS Server Configuration utility
11
Linux Operations and Administration
Installing BIND (cont’d.)
• BIND documentation files– Found in /usr/share/doc/packages/bind/arm/ directory
– Consist of eight chapters
• Activity 11-1: Installing BIND– Install BIND and other DNS-related packages
12
Linux Operations and Administration
Configuring BIND
• BIND– Requires no further configuration after being
installed in openSUSE– Runs as a daemon known as named
• Pronounced “name-dee,” not “named”
• named.conf– Main BIND DNS configuration file– Found in /etc directory
13
Linux Operations and Administration
Configuring BIND (cont’d.)
• To start the named daemon (BIND):– Use rcnamed start command
• Table 11-2– Describes common commands for determining the
daemon’s status
• Options to edit named.conf file– Use a text editor, such as vim– Use YaST DNS module
• Available after you install BIND
14
Linux Operations and Administration
Configuring BIND (cont’d.)
15
Table 11-2 Common named commands
Linux Operations and Administration
Configuring BIND (cont’d.)
• To start YaST DNS module– Use yast2 dns-server command
• Requires root privileges
• DNS Server Installation Wizard– Opens the first time you start the module– Enables you to add forwarders– Expert mode
• Available after you step through the basic settings
• For more advanced configuration tasks
16
Linux Operations and Administration
Configuring BIND (cont’d.)
17
Figure 11-2 The DNS Server Installation Wizard© Cengage Learning 2013
Linux Operations and Administration
Forwarder
• Can have up to three forwarders in DNS configuration– These servers enable you to:
• Forward unresolved queries to an off-site DNS server
• Cache results on your local DNS server
18
Linux Operations and Administration
Forwarder (cont’d.)
• First time you configure a DNS server, the forwarder list is empty– Forwarder declaration in /etc/named.conf file is,
by default, a commented line; for example:
#forwarders { 192.0.2.1; 192.0.2.2; };– Deleting # symbol adds the two servers (192.0.2.1
and 192.0.2.2 in example) to forwarder list
19
Linux Operations and Administration
DNS Zones
• Zone– A portion of the DNS namespace
• Zone file– Stores the data for a zone
• Master name server– An authoritative name server that stores the primary
copies of zone records
20
Linux Operations and Administration
DNS Zones (cont’d.)
• Slave name server– Also known as a secondary name server– Maintains a copy of master zone file that’s used as a
backup– Provides redundancy if master name server is
unavailable
21
Linux Operations and Administration
DNS Zones (cont’d.)
• Entries in zone file– Line 1
• Time-to-live (TTL) entry
– Line 2• Start of Authority (SOA) resource record
– Line 3• Serial number
– Line 4• Refresh rate
22
Linux Operations and Administration
DNS Zones (cont’d.)
– Line 5• Retry rate
– Line 6• Expiration entry
– Line 7• Negative TTL entry
– Line 8• NS resource record
23
Linux Operations and Administration
MX RR
• Identifies mail servers (mail exchangers) for a zone
• Table 11-3– Describes fields in MX RR
• Example:
24
Linux Operations and Administration
MX RR (cont’d.)
25
Table 11-3 MX resource record fields
Linux Operations and Administration
A RR
• A (address) RR– Most common resource record– Used to resolve a hostname to an IPv4 address for
locating a resource
• Table 11-4– Describes fields in the A RR
• Example:
26
Linux Operations and Administration
A RR (cont’d.)
27
Table 11-4 A resource record
Linux Operations and Administration
PTR RR
• PTR (pointer) RR– Used to resolve an IPv4 address to its hostname– Performs the reverse of what an A RR does
• Table 11-5– Describes fields in the PTR RR
• Example:
28
Linux Operations and Administration
PTR RR (cont’d.)
29
Table 11-5 PTR resource record
Linux Operations and Administration
CNAME RR
• CNAME (canonical name) RR– Enables you to create an alias for a host
• Table 11-6– Describes fields in the CNAME RR
• Example:
30
Linux Operations and Administration
CNAME RR (cont’d.)
31
Table 11-6 CNAME resource record
Linux Operations and Administration
Expert Configuration Mode
• Final window in DNS Server Installation Wizard– Option to open DNS port in your firewall– Option to start DNS server automatically at bootup
• After completing DNS Server Installation Wizard– Whenever you open the DNS module, you’re in
expert configuration mode
32
Linux Operations and Administration
Start-Up
• Settings under Start-Up window– Whether DNS starts automatically when the server
starts or must be started manually– Firewall settings, such as opening the firewall port to
allow remote computers to access DNS service– Stop, start, and reload DNS server
33
Linux Operations and Administration
Start-Up (cont’d.)
34
Figure 11-3 The Start-Up window© Cengage Learning 2013
Linux Operations and Administration
Forwarders
• Forwarders window – Used for the same task as in DNS Server Installation
Wizard• Adding IP addresses to the list of forwarder servers
35
Linux Operations and Administration
Basic Options
• Basic Options window– Displays options that have already been defined for
the zone
• Ways to add options:– Use Basic Options window
• If you use this window, information is updated in /etc/named.conf file automatically
– Edit /etc/named.conf file
• Table 11-7– Describes the options that can be added or modified
36
Linux Operations and Administration
Basic Options (cont’d.)
37
Figure 11-4 The Basic Options window© Cengage Learning 2013
Linux Operations and Administration
Basic Options (cont’d.)
38
Table 11-7 Settings in the Basic Options window
Linux Operations and Administration
Basic Options (cont’d.)
39
Table 11-7 Settings in the Basic Options window (continued)
Linux Operations and Administration
Logging
• Logging window– Can be used to configure logging options for DNS
server– By default, DNS server sends log data to the
systemwide log file /var/log/messages– Additional Logging section
• Log All DNS Queries option
• Log Zone Updates option
• Log Zone Transfers option
40
Linux Operations and Administration
Logging (cont’d.)
41
Figure 11-5 The Logging window© Cengage Learning 2013
Linux Operations and Administration
Access Control List (ACL)
• Access Control List (ACL) window– Used by BIND administrators to control who can
perform operations on the name server
• When creating an ACL, you must:– Give it a unique name– Specify an IP address under Value heading
42
Linux Operations and Administration
Access Control List (ACL) (cont’d.)
• When creating an ACL, the IP address must be:– Enclosed by braces– End with a semicolon– Example: { 204.21.112.24; }
43
Linux Operations and Administration
TSIG Keys
• Transaction signatures– Used to secure communication between two servers
• Usually between DHCP and DNS servers
• Ways to generate keys for this signature:– TSIG Keys window– dnssec-keygen command
44
Linux Operations and Administration
TSIG Keys (cont’d.)
• Activity 11-2: Configuring BIND– Review settings in the /etc/named.conf file and
configure a BIND server with the DNS Server Installation Wizard
• Activity 11-3: Creating a Resource Record in YaST– Use the YaST DNS Server module to create a
resource record
45
Linux Operations and Administration
TSIG Keys (cont’d.)
46
Figure 11-6 An A resource record added to the master zone file© Cengage Learning 2013
Linux Operations and Administration
Summary
• Domain Name System (DNS)– Translates domain names and hostnames to IP
addresses– A distributed and hierarchical database– Allows controlling DNS management locally
• BIND– Open-source DNS server software
• Local DNS sites can forward DNS queries to a forwarder DNS server– It forwards the request to an off-site DNS server
47
Linux Operations and Administration
Summary (cont’d.)
• DNS structure is viewed as an inverted tree
• Main DNS configuration file is named.conf file in the /etc directory
• YaST DNS module is included with DNS installation and is used to configure DNS servers
• DNS zone file is a text file that stores resource records and other data for a zone
• Expert configuration mode for YaST DNS module gives access to more advanced configuration tasks
48