Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cookie Session Mohammed M. Ali cig .mot .com - Larry P. Schrof

Published bySi̇mge Özgür Akpınar Modified over 6 years ago

Similar presentations

Presentation on theme: "Cookie Session Mohammed M. Ali cig .mot .com - Larry P. Schrof"— Presentation transcript:

1 BIND @ Cookie Session - Mohammed M. Ali alimm @ cig .mot .com - Larry P. Schrof schrof@cig.mot.com
9/17/2018

2 WELCOME TO THE BIND @ COOKIE SESSION
9/17/2018

3 Introduction to BIND The most common implementation of a DNS server is BIND. Berkeley Internet Name Domain (BIND) is an open implementation of the Domain Name System(DNS) protocols which includes : A Domain Name System server (named) A Domain Name System resolver library Tools to verify the proper operation of DNS server. 9/17/2018

4 History of BIND The birth of BIND was at University of California at Berkeley as a graduate student project under a grant from DARPA. BIND versions 4.9 and were released by DEC ( now Compaq) BIND versions from onward have been developed and maintained by ISC. 9/17/2018

5 . BIND BIND Operation Guide (BOG) Understanding of BIND Zone Vs Domain
Types of Servers Boot File Resolver Configuration Cache Initialization File Domain Data Files Standard Resource Record Format . BIND 9/17/2018

6 Definitions in BIND A Zone is part of the namespace
A Domain is also part of the namespace, but it covers several zones. 9/17/2018

7 Name Servers The DNS server replies to DNS queries sent by resolvers.
Listen at UDP and TCP port 53 Here UDP for routine queries and TCP for zone transfers. Primary Name server contains only writeable authoritative copy of the zones. Secondary Nameserver contains the duplicate copy of the data from the primary name server. The Caching only name server relies on other name servers for authoritative answers. 9/17/2018

8 Resource Records (RR’s)
Resource Records contain various pieces of information about hosts in the DNS. (RFC 1035 specifies exactly how these records should look.) Some Example Resource Records Owner Class Type Data cig.mot.com. IN NS motcig.cig.mot.com. motcig.cig.mot.com. IN A motcig.cig.mot.com. IN HINFO “Hardware” “Software” name.cig.mot.com. IN CNAME realname.cig.mot.com. Name.cig.mot.com. IN TXT “Anything you want” cig.mot.com. IN MX Priority#mailhost.domain.dom. IN-ADDR.ARPA. I N PTR motcig.cig.mot.com. 9/17/2018

9 Standard Resource Record Format
{name} {ttl} addr-class Record Type Record Specific data Column 1 is the name of the domain record, or the “owner”. Column 2 is the optional time to live field. Column 3 is the address class; IN indicates the Internet class. Column 4 is the type of resource record (A, MX, SOA, NS, CNAME, etc...) Column 5 (and beyond) are the data fields. The types of data in these fields depend on the RR type. 9/17/2018

10 The SOA Record SOA stands for ‘Start Of Authority’.
The SOA record defines the default parameters that affect the entire zone @ in soa motcig.cig.mot.com. hostmaster.cig.mot.com. ( ; Serial # ; Refresh ; Retry ; Expiration 86400 ) ; minimum TTL Origin Server : Name of the host on which the master zone file resides. contact : address of the administrator. is changed to a .) Refresh Rate : How often a secondary name server contacts a primary name server Retry Rate : How often a secondary contacts a primary if a refresh fails. Expiration : How long secondaries will consider a zone valid before expiring it. Cache Interval(Minimum TTL) : The time slot for this data to be cached= 1 day 9/17/2018

11 The MX record MX stands for ‘Mail Exchange(r)’
“Why can I send to if cig.mot.com isn’t an actual machine?” cig.mot.com has MX records in the DNS: cig.mot.com. in mx relay2.cig.mot.com. in mx ilds01.cig.mot.com. in mx ilms01.cig.mot.com. Format of an MX record: [owner] [ttl] [class] MX <PREFERENCE> <HOST> HOSTs with lower PREFERENCES are tried first when transporting . 9/17/2018

12 The NS record The NS record is used to specify what hosts act as name servers for a zone. cig.mot.com. in ns motcig.cig.mot.com. in ns koala.cig.mot.com. 9/17/2018

13 The A Record The A record is probably the most familiar type of RR in DNS. An A record is used to assign an IP address to a host. lyric IN A 9/17/2018

14 The HINFO Record The HINFO Record is commonly misused.
It should have EXACTLY two data fields First field specifies hardware platform Second field specifies software (OS) version It’s best to put each field in its own pair of double quotes. No Other Information Should be Put In An HINFO Record!!! Other, miscellaneous information, should be put into a TXT record. 9/17/2018

15 The TXT Record The TXT Record is used to hold miscellaneous information about a host. TXT records should have only one data field. Enclose the data field in double quotes. The data field should not span across lines. It may take more than one TXT record to hold all the info you want. This is perfectly acceptable. nil in txt “Location: IL CR Rack 06 Section 03.” nil in txt “Class: Boot” 9/17/2018

16 The CNAME Record CNAME Records are a mapping from one DNS hostname to another. They are commonly called ‘aliases’. xtime in cname trumpet.cig.mot.com. CNAMEs should never point to IP addresses. Don’t use a CNAME in other RR’s. 9/17/2018

17 Things To Remember Domain info. MUST be in the relevant domain file.
Fully-qualified domain names should always end with periods. (This keeps the name server from tacking on an extra copy of the domain name to the data) All name servers should be listed using NS records. The owner (name) field in an NS record should be the domain. CNAME must never have any MX, TXT, HINFO , etc. pointing to it. 9/17/2018

18 zfck zfck is a Perl script written to catch common mistakes in DNS zone files. zfck -f <FILE> [-a] [-w] [-s] [-p #] [-help] -f <FILE> : Specifies zone file to check -a : Advise how to correct errors found -w : Display non-fatal errors -p # : Display progress dots every # lines -s : Short output. -help : Display a usage summary 9/17/2018

19 BIND MAINTENANCE Procedure : Forward domain
I. DNS changes necessary when adding/deleting a node. A.Use the selected unique IP hostname and IP address of the node to the DNS database files. 1. Log onto motcig with the login ID 2. Change to the subdirectory containing the DNS database files for the forward domain by issuing the command cd /var/spool/named/primary 3. Edit the cig.mot.com file. 4. Change the serial value in the SOA record. The serial value is in yyyymmddhhh format ( year month day hour). 5. YOU MUST INCREMENT THE SERIAL NUMBER, OR THE NEW DATA WILL NOT BE TRANSFERRED TO THE SECONDARY NAMESERVERS. 6. For adding A RR, put ipname A 7. For deleting A RR, put ; A 8. Save the file and exit. 9/17/2018

20 BIND MAINTENANCE Procedure : Reverse domain
II. DNS changes necessary when adding/deleting node B. Use the selected unique IP hostname and IP address of the node to the DNS database files. 1. Log onto motcig with the login ID 2. Change to the subdirectory containing the DNS database files for the forward domain by issuing the command cd /var/spool/named/primary 3. Edit the rev.domain file for the relevant reverse domain. 4.Change the serial value in the SOA record. The serial value is in yyyymmddhhh format ( year month day hour). 5.YOU MUST INCREMENT THE SERIAL NUMBER, OR THE NEW DATA WILL NOT BE TRANSFERRED TO THE SECONDARY NAMESERVERS. 6. For adding PTR RR, put PTR ipname.cig.mot.com. 7. For deleting PTR RR, put ;11 PTR .cig.mot.com. 7. Save the file and exit. 8. The trailing period after ipname.cig.mot.com. It is intentional and VERY IMPORTANT. Do not omit the trailing period from this entry. Otherwise DNS will automatically append the current origin of the database file to this name, such as ipname.cig.mot.com.cig.mot.com. 9/17/2018

21 (Re)starting DNS At CIG, you should never have to restart DNS manually. It is done periodically. Commonly, there are two scripts: named.reload and named.restart named.restart should only be used when named is not running OR The named.boot file has been modified named.reload should be used after making any changes to the zone files. These scripts were incorrectly switched for CIG. 9/17/2018

22 Named Configuration Files
Telnet motcig.cig.mot.com cd /var/spool/named Boot File : named.boot = named configuration Root Cache : root.servers = point to dns1.Corp.mot.com and dns2.Corp.mot.com Forward Mappings : Converts host names to IP addresses. Reverse Mappings : Converts IP addresses to names. 9/17/2018

23 Named.Boot File motcig 134 % vi named.boot ;
; Named.boot file for cig.mot.com ; $Id: named.boot,v /11/24 20:52:23 david2 Exp $ directory /var/spool/named ;forwarders sortlist cache root.servers bogusns include primary.zones include secondary.zones 9/17/2018

24 Root.Cache : root.servers File
motcig 141 % vi root.servers ; ; Data to prime the cache with ; Motorola ROOT nameservers in ns dns1.corp.mot.com. in ns dns2.corp.mot.com. ; Nameservers for .com com in ns dns1.corp.mot.com. ; Nameservers for mot.com mot.com in ns dns1.corp.mot.com. 9/17/2018

25 Cig.mot.com File 9/17/2018 motcig 137 % vi cig.mot.com
; $Id: cig.mot.com,v /05/27 19:50:05 alimm Exp corrie $ ; @ in soa motcig.cig.mot.com. hostmaster.cig.mot.com. ( ; Serial = yyyymmddhh ; Refresh = 1h ; Retry = 10m ; Expire = 3d 86400 ) ; Minimum = 1d in ns motcig.cig.mot.com. in ns koala.cig.mot.com. ; ============================================================================= ; MAIL EXCHANGERS START HERE cig.mot.com. in mx po_box.cig.mot.com. in mx relay1.cig.mot.com. in mx relay2.cig.mot.com. in mx ilds01.cig.mot.com. in mx ilms01.cig.mot.com. in mx ilms02.cig.mot.com. mail-relay in a 9/17/2018

26 Host.rev : rev.160.44 File 9/17/2018 motcig 150 % vi rev.160.44 ;
; rev (ORIGIN = in-addr.arpa. ) ; $Id: rev ,v /05/25 17:04:43 alimm Exp $ @ in soa motcig.cig.mot.com. hostmaster.cig.mot.com. ( ; Serial ( yyyymmddhh ) ; Refresh ( every hour ) ; Retry ( every 10 minutes ) ; Expire ( if !refresh after 3 days ) 86400 ) ; Minimum ( non-specified ttl - 1 day ) in ns motcig.cig.mot.com. in ns koala.cig.mot.com. $ORIGIN in-addr.arpa. in ptr gli_j4840_5_225.cig.mot.com. in ptr gli_j4840_5_226.cig.mot.com. in ptr gli_j4840_5_227.cig.mot.com. in ptr gli_j4840_5_228.cig.mot.com. in ptr rfd50_1e_2-e1.cig.mot.com. $ORIGIN in-addr.arpa. in ptr rfd50_1e_2-e2.cig.mot.com. 9/17/2018

27 r3121_penny in cname rfd3121_penny.cig.mot.com. 4) PTR RR :
1) Name server RR: in ns motcig.cig.mot.com. in ns koala.cig.mot.com. 2) A RR rfd3121_penny in a ; f0 in hinfo Cisco "Cisco " 3) Canonical Name RR : r3121_penny in cname rfd3121_penny.cig.mot.com. 4) PTR RR : in ptr rfd3121_penny-f0.cig.mot.com. 5) Mail Exchanger RR : cig.mot.com. in mx po_box.cig.mot.com. 9/17/2018

28 BIND to QIP 5.0 The current BIND migration is outlined by migration in two phases:- Phase 1 : Import phil.cig.mot.com to QIP format. Phase 2 : Import cig.mot.com to QIP format The highlights of Release 5.0 of QIP are New "Organization" Layer Full Classless DNS/CIDR Support (RFC2317) Ability to Control/Define Reverse Zones for DNS New Administrative Model New Motif User Interface Ability to Define and Manage User Profiles DHCP Feature/Performance Enhancements Support for Microsoft NT 4.0 DHCP Server LDAP Enabled DHCP and DNS Servers New User-Defined Hierarchy Many-to-one DHCP Fail over 9/17/2018

29 Recommendations To change the layout of domain data files on motcig name server. Restrict access to motcig name server. Modify boot file by few people only. Use Make command (perl script) to maintain BIND. To modify any forward or reverse file, I recommend to make a copy of the original file to that date, and then edit the files. To Modify the format of Serial # in the SOA record to yyyymmddrr (The recommended format is valid for up to 99 revisions a day versus the current use of hour format). 9/17/2018

Download ppt "Cookie Session Mohammed M. Ali cig .mot .com - Larry P. Schrof"

Similar presentations

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Web Server Administration

Web Server Administration
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Module 12: Domain Name System (DNS)

Module 12: Domain Name System (DNS)
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Chabot College ELEC 99.08 Name Resolution.

Chabot College ELEC Name Resolution.
DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.

DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.
DNS and Active Directory Integration

DNS and Active Directory Integration
Name Resolution Domain Name System.

Name Resolution Domain Name System.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

Similar presentations

Ads by Google