If you can see this check that

next section prev section up prev page next page

Domain Name Server - DNS

DNS

Basics

Terminology

WHOIS

DNS Distributed Database

Manual Lookups

> dig www.napier.ac.uk @dns0.napier.ac.uk
www.napier.ac.uk.       86400   IN      A       146.176.222.174

;; AUTHORITY SECTION:
napier.ac.uk.           86400   IN      NS      dns0.napier.ac.uk.
napier.ac.uk.           86400   IN      NS      dns1.napier.ac.uk.

;; ADDITIONAL SECTION:
dns0.napier.ac.uk.      86400   IN      A       146.176.1.5
dns1.napier.ac.uk.      86400   IN      A       146.176.2.5

Reverse Lookup

> dig 222.176.146.IN-ADDR.ARPA
...
;; AUTHORITY SECTION:
222.176.146.IN-ADDR.ARPA. 86400 IN      SOA     dns0.napier.ac.uk. root.central.napier.ac.uk. 200808271 28800 7200 604800 86400
> dig 174.222.176.146.IN-ADDR.ARPA @dns0.napier.ac.uk -t any
...
;; ANSWER SECTION:
174.222.176.146.IN-ADDR.ARPA. 86400 IN  PTR     www.napier.ac.uk.

Linux DNS

Resolver in Linux

$ cat /etc/host.conf

order hosts,bind

/etc/hosts

> cat /etc/resolv.conf

search linuxzoo.net net
nameserver 10.200.0.1

> dig www.linuxzoo.net @10.200.0.1

Your own nameserver

Nameserver daemons

What is a chroot

However, in our experiments we will not be using a chroot for additional security. Instead we will use SELinux. This gives the kernel a set of rules which named must obey, including what files can be opened and what sort of network connections can be made. Fortunately this is all pre-configured in Fedora and thus completely invisible to us as administrators.

RNDC

In a non-chroot solution this needs only to be stored in /etc/rndc.key If you are (for some reason) using a chroot it must also be copied to /var/named/chroot/etc/rndc.key

Generate the key

/etc/named.conf

Master and slave

zone "." IN {
        type hint;
        file "named.ca";
};
This tells the daemon to use the root servers listed in named.ca to resolve things not solved by other entries. This can be considered the "default".
options {
        directory "/var/named";
        forward only;
};
zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

localhost.zone

$TTL    86400
$ORIGIN localhost.
@                       1D IN SOA       @ root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        1D IN A         127.0.0.1

named.local

$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

1       IN      PTR     localhost.

Example : grussell.org, in IP 50.1.1.0/24

$ cat /var/named/grussell.zone

$TTL    86400
$ORIGIN grussell.org.
@                       	1D IN SOA       ns1 admin.grussell.org. (
                                        2004101701     	 ; serial
                                        3H              	; refresh
                                        15M             	; retry
                                        1W              	; expiry
                                        1D )            	; minimum

                       	1D IN NS      ns1
                        1D IN A       50.1.1.1
www                     CNAME         grussell.org.
ns1			1D IN A       50.1.1.10

$ cat /var/named/grussell.rev

$TTL    86400
@       IN      SOA     ns1.grussell.org. admin.grussell.org.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
      	IN      NS      ns1.grussell.org.
1	IN      PTR     grussell.org.
10  	IN      PTR     ns1.grussell.org.

MX (Mail Exchange) records

host1		IN	MX	10	host1
			IN	MX	20	backuphost
			IN	MX	30	mx.easydns.com.

Load Balancing

Email server balancing

host1		IN	MX	10	smtp1
			IN	MX	10	smtp2
			IN	MX	10	smtp3
smtp1		IN	A		10.0.0.1
smtp2		IN	A		10.0.0.2
smtp3		IN	A		10.0.0.3

Email server balancing with A

host1		IN	MX	10	smtp		
smtp		IN	A		10.0.0.1
			IN	A		10.0.0.2
			IN	A		10.0.0.3

Server balancing with A

www		IN	A		10.0.0.1
			IN	A		10.0.0.2
			IN	A		10.0.0.3
ftp			IN	A		10.0.0.10
ftp			IN	A		10.0.0.11

DNS record types

Capturing DNS

Demonstration of a DNS Query

Dump file

$ cat dump
17:48:54.147146 IP 146.176.162.6.40501 > 146.176.2.5.domain:  6869+ A? www.napier.ac.uk. (34)
17:48:54.148326 IP 146.176.2.5.domain > 146.176.162.6.40501:  6869* 1/2/2 A 146.176.222.174 (120)

Discussion

Discussion

Discussion

Question 1

Provide a forward DNS file for the domain test.com. The parameters of the SOA are unimportant. Make sure of the following:

Question 2

In a server using DNS round robin load balancing across three different A records, discuss what would happen if one of the machines associated with one of the A records failed. How could such a problem be managed?
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 Mail
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7a | 7b | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2017 Edinburgh Napier University