Download presentation
Presentation is loading. Please wait.
1
DNS
2
DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names. Provides email routing information.
3
Internet Naming Hierarchy DNS The silent dot at the end of all addresses.com.net.org.in.sidbi www.ac.co.iitk www
4
DNS Operation DNS Setup A DNS server maintains the name to IP address mapping of the domain for which it is the name server. The DNS server for a domain is registered with the domain registrar and the entry is maintained by the Internet Root-Servers (13) or Country Level Root- Servers. Whenever a server is queried, if doesn’t have the answer, the root servers are contacted. The root servers refer to the DNS server for that domain (in case the domain is a top level domain) or the Country Root Server (in case the domain is country level domain).
5
DNS Configuration DNS Setup named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information of all Root Servers. There is a Forward Zone file and a Reverse Zone file for every domain. Configuration file: /var/named/chroot/etc/named.conf Forward Zone File: /var/named/chroot/var/named/ Reverse Zone File: /var/named/chroot/var/named/
6
Sample Master named.conf DNS Setup zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-query {any;}; }; zone "iitk.ac.in" { type master; file "hosts.db"; allow-query {any;}; }; zone "95.200.203.IN-ADDR.ARPA" { type master; file "hosts.rev.203.200.95"; allow-query {any;}; }; zone "iitk.ernet.in" { type slave; file "hosts.iitk.ernet.in"; masters { 202.141.40.10; }; allow-query {any;};
7
Sample Forward Zone File DNS Setup $TTL 86400 @ IN SOA ns.iitk.ac.in. root.ns.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 3 hours 3600 ; Retry - 1 hour 1209600 ;Expire - 1 week 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns.iitk.ac.in. IN NS proxy.iitk.ac.in. IN MX 5 mail0.iitk.ac.in. IN MX 10 mail1.iitk.ac.in. IN MX 20 mail2.iitk.ac.in. $ORIGIN iitk.ac.in. ns IN A 203.200.95.142 mail IN A 203.200.95.144 proxy IN CNAME mail
8
Sample Reverse Zone File DNS Setup $TTL 86400 $ORIGIN 200.203.in-addr.arpa. 95 IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 5 minutes 3600 ; Retry - 1 minute 1209600 ; Expire - 1 weeks 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns.iitk.ac.in. IN NS proxy.iitk.ac.in. $ORIGIN 95.200.203.in-addr.arpa. ; 142 IN PTR ns.iitk.ac.in. 144 IN PTR mail.iitk.ac.in.
9
Configuring Local Resolver DNS Setup /etc/resolv.conf server 127.0.0.1
10
Test DNS DNS Setup nslookup host dig Test your DNS with the following DNS diagnostics web site: dnsstuff.comdnsstuff.com
11
Advanced BIND Features DNS Setup Access List Round Robin Load Sharing Dynamic DNS Update
12
Access Control List DNS Setup ACL is a list of semi-colon separated IP addresses or networks. Create ACLs and apply directives on specified ACLs acl “mynetwork” { 172.31.0.0/16; 172.30.1.1; }; allow-query {mynetwork; }; allow-transfer {mynetwork; }; allow-update {mynetwork; };
13
Dynamic DNS Update DNS Setup Allows the DNS server to update the Name and IP address of hosts on the network. To disable DDNS, use the directive: allow-update {none; };
14
Round Robin Load Sharing DNS Setup Load Balancing can be achieved by use of multiple A records for the same name: wwwINA203.200.95.140 wwwINA203.200.95.141 wwwINA203.200.95.142
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.