Linux Operations and Administration Chapter Eleven Domain Name System

Linux Operations and Administration

Chapter ElevenDomain Name System


Objectives

• Describe Domain Name System and how it relates to the Internet

• Install and configure Berkeley Internet Name Daemon (BIND)

• Check the status of a DNS server via the command line

• Identify zones and describe the elements in a zone file

• Explain how the different types of resource records affect zones

2


Introduction to Domain Name System

• Name server– A central database that translates names to IP

addresses (or IP addresses to names)– Simplified network management dramatically– This method worked for local networks, but not for

resources on the Internet

• Resource record– A file containing resource information or

characteristics about a zone or domain

3


DNS on the Internet

• Internet’s Domain Name System (DNS)– Associates an IP address (such as 204.21.112.110)

with an actual name (such as server1)– Network resources can be accessed by easy-to

remember names

• Berkeley Internet Name Daemon (BIND)– Usually carries out translation for DNS– Open-source software containing DNS protocols

needed to resolve hostnames to IP addresses

4


DNS on the Internet (cont’d.)

• Goal of DNS is to decentralize administration– DNS is a distributed and hierarchical database– Allows controlling DNS management locally

• Local DNS server– Can handle cached hostname requests– Doesn’t contain information on every hostname on

the Internet– Forwards requests for unknown hostnames to a

forwarder

5



• Forwarder– A type of DNS server– Forwarder’s job is to handle off-site requests

generated at the system known as “localhost”

• Caching– A feature that stores DNS queries on the local site

for fast hostname–to–IP address resolution

• Local administrators can manage local DNS servers

6



• Root DNS servers– Centrally controlled public DNS servers– Control the Internet’s top-level domains (TLDs)

• Table 11-1– Describes some of the most recognizable top-level

domains

7



8

Table 11-1 Common top-level domains



• DNS database is structured as an inverted tree– Also known as domain namespace– Root at top of the tree– TLDs beneath it– Nodes (leaves) of the tree are called domains and

have labels• Such as .gov for U.S. government domain

– Domain names are derived from node labels– Each level of hierarchy is separated by dots in

domain name

9



10

Figure 11-1 The DNS structure© Cengage Learning 2013


Installing BIND

• Installing BIND is similar to installing Apache Web Server

• YaST Software Management is used to install the DHCP and DNS Server pattern– Installs:

• All the necessary DNS modules, such as BIND

• BIND documentation files

• DNS Server Configuration utility

11


Installing BIND (cont’d.)

• BIND documentation files– Found in /usr/share/doc/packages/bind/arm/ directory

– Consist of eight chapters

• Activity 11-1: Installing BIND– Install BIND and other DNS-related packages

12


Configuring BIND

• BIND– Requires no further configuration after being

installed in openSUSE– Runs as a daemon known as named

• Pronounced “name-dee,” not “named”

• named.conf– Main BIND DNS configuration file– Found in /etc directory

13


Configuring BIND (cont’d.)

• To start the named daemon (BIND):– Use rcnamed start command

• Table 11-2– Describes common commands for determining the

daemon’s status

• Options to edit named.conf file– Use a text editor, such as vim– Use YaST DNS module

• Available after you install BIND

14



15

Table 11-2 Common named commands



• To start YaST DNS module– Use yast2 dns-server command

• Requires root privileges

• DNS Server Installation Wizard– Opens the first time you start the module– Enables you to add forwarders– Expert mode

• Available after you step through the basic settings

• For more advanced configuration tasks

16



17

Figure 11-2 The DNS Server Installation Wizard© Cengage Learning 2013


Forwarder

• Can have up to three forwarders in DNS configuration– These servers enable you to:

• Forward unresolved queries to an off-site DNS server

• Cache results on your local DNS server

18


Forwarder (cont’d.)

• First time you configure a DNS server, the forwarder list is empty– Forwarder declaration in /etc/named.conf file is,

by default, a commented line; for example:

#forwarders { 192.0.2.1; 192.0.2.2; };– Deleting # symbol adds the two servers (192.0.2.1

and 192.0.2.2 in example) to forwarder list

19


DNS Zones

• Zone– A portion of the DNS namespace

• Zone file– Stores the data for a zone

• Master name server– An authoritative name server that stores the primary

copies of zone records

20


DNS Zones (cont’d.)

• Slave name server– Also known as a secondary name server– Maintains a copy of master zone file that’s used as a

backup– Provides redundancy if master name server is

unavailable

21



• Entries in zone file– Line 1

• Time-to-live (TTL) entry

– Line 2• Start of Authority (SOA) resource record

– Line 3• Serial number

– Line 4• Refresh rate

22



– Line 5• Retry rate

– Line 6• Expiration entry

– Line 7• Negative TTL entry

– Line 8• NS resource record

23


MX RR

• Identifies mail servers (mail exchangers) for a zone

• Table 11-3– Describes fields in MX RR

• Example:

24


MX RR (cont’d.)

25

Table 11-3 MX resource record fields


A RR

• A (address) RR– Most common resource record– Used to resolve a hostname to an IPv4 address for

locating a resource

• Table 11-4– Describes fields in the A RR

• Example:

26


A RR (cont’d.)

27

Table 11-4 A resource record


PTR RR

• PTR (pointer) RR– Used to resolve an IPv4 address to its hostname– Performs the reverse of what an A RR does

• Table 11-5– Describes fields in the PTR RR

• Example:

28


PTR RR (cont’d.)

29

Table 11-5 PTR resource record


CNAME RR

• CNAME (canonical name) RR– Enables you to create an alias for a host

• Table 11-6– Describes fields in the CNAME RR

• Example:

30


CNAME RR (cont’d.)

31

Table 11-6 CNAME resource record


Expert Configuration Mode

• Final window in DNS Server Installation Wizard– Option to open DNS port in your firewall– Option to start DNS server automatically at bootup

• After completing DNS Server Installation Wizard– Whenever you open the DNS module, you’re in

expert configuration mode

32


Start-Up

• Settings under Start-Up window– Whether DNS starts automatically when the server

starts or must be started manually– Firewall settings, such as opening the firewall port to

allow remote computers to access DNS service– Stop, start, and reload DNS server

33


Start-Up (cont’d.)

34

Figure 11-3 The Start-Up window© Cengage Learning 2013


Forwarders

• Forwarders window – Used for the same task as in DNS Server Installation

Wizard• Adding IP addresses to the list of forwarder servers

35


Basic Options

• Basic Options window– Displays options that have already been defined for

the zone

• Ways to add options:– Use Basic Options window

• If you use this window, information is updated in /etc/named.conf file automatically

– Edit /etc/named.conf file

• Table 11-7– Describes the options that can be added or modified

36


Basic Options (cont’d.)

37

Figure 11-4 The Basic Options window© Cengage Learning 2013



38

Table 11-7 Settings in the Basic Options window



39

Table 11-7 Settings in the Basic Options window (continued)


Logging

• Logging window– Can be used to configure logging options for DNS

server– By default, DNS server sends log data to the

systemwide log file /var/log/messages– Additional Logging section

• Log All DNS Queries option

• Log Zone Updates option

• Log Zone Transfers option

40


Logging (cont’d.)

41

Figure 11-5 The Logging window© Cengage Learning 2013


Access Control List (ACL)

• Access Control List (ACL) window– Used by BIND administrators to control who can

perform operations on the name server

• When creating an ACL, you must:– Give it a unique name– Specify an IP address under Value heading

42


Access Control List (ACL) (cont’d.)

• When creating an ACL, the IP address must be:– Enclosed by braces– End with a semicolon– Example: { 204.21.112.24; }

43


TSIG Keys

• Transaction signatures– Used to secure communication between two servers

• Usually between DHCP and DNS servers

• Ways to generate keys for this signature:– TSIG Keys window– dnssec-keygen command

44


TSIG Keys (cont’d.)

• Activity 11-2: Configuring BIND– Review settings in the /etc/named.conf file and

configure a BIND server with the DNS Server Installation Wizard

• Activity 11-3: Creating a Resource Record in YaST– Use the YaST DNS Server module to create a

resource record

45


TSIG Keys (cont’d.)

46

Figure 11-6 An A resource record added to the master zone file© Cengage Learning 2013


Summary

• Domain Name System (DNS)– Translates domain names and hostnames to IP

addresses– A distributed and hierarchical database– Allows controlling DNS management locally

• BIND– Open-source DNS server software

• Local DNS sites can forward DNS queries to a forwarder DNS server– It forwards the request to an off-site DNS server

47


Summary (cont’d.)

• DNS structure is viewed as an inverted tree

• Main DNS configuration file is named.conf file in the /etc directory

• YaST DNS module is included with DNS installation and is used to configure DNS servers

• DNS zone file is a text file that stores resource records and other data for a zone

• Expert configuration mode for YaST DNS module gives access to more advanced configuration tasks

48

Documents

Linux Operations and Administration Chapter Eleven Domain Name System