Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Operations and Administration

Similar presentations


Presentation on theme: "Linux Operations and Administration"— Presentation transcript:

1 Linux Operations and Administration
Chapter Eleven Domain Name System

2 Objectives Describe Domain Name System and how it relates to the Internet Install and configure Berkeley Internet Name Daemon (BIND) Check the status of a DNS server via the command line Identify zones and describe the elements in a zone file Explain how the different types of resource records affect zones

3 Introduction to Domain Name System
Name server A central database that translates names to IP addresses (or IP addresses to names) Simplified network management dramatically This method worked for local networks, but not for resources on the Internet Resource record A file containing resource information or characteristics about a zone or domain

4 DNS on the Internet Internet’s Domain Name System (DNS)
Associates an IP address (such as ) with an actual name (such as server1) Network resources can be accessed by easy-to remember names Berkeley Internet Name Daemon (BIND) Usually carries out translation for DNS Open-source software containing DNS protocols needed to resolve hostnames to IP addresses

5 DNS on the Internet (cont’d.)
Goal of DNS is to decentralize administration DNS is a distributed and hierarchical database Allows controlling DNS management locally Local DNS server Can handle cached hostname requests Doesn’t contain information on every hostname on the Internet Forwards requests for unknown hostnames to a forwarder

6 DNS on the Internet (cont’d.)
Forwarder A type of DNS server Forwarder’s job is to handle off-site requests generated at the system known as “localhost” Caching A feature that stores DNS queries on the local site for fast hostname–to–IP address resolution Local administrators can manage local DNS servers

7 DNS on the Internet (cont’d.)
Root DNS servers Centrally controlled public DNS servers Control the Internet’s top-level domains (TLDs) Table 11-1 Describes some of the most recognizable top-level domains

8 DNS on the Internet (cont’d.)
Table 11-1 Common top-level domains

9 DNS on the Internet (cont’d.)
DNS database is structured as an inverted tree Also known as domain namespace Root at top of the tree TLDs beneath it Nodes (leaves) of the tree are called domains and have labels Such as .gov for U.S. government domain Domain names are derived from node labels Each level of hierarchy is separated by dots in domain name

10 DNS on the Internet (cont’d.)
Figure 11-1 The DNS structure © Cengage Learning 2013

11 Installing BIND Installing BIND is similar to installing Apache Web Server YaST Software Management is used to install the DHCP and DNS Server pattern Installs: All the necessary DNS modules, such as BIND BIND documentation files DNS Server Configuration utility

12 Installing BIND (cont’d.)
BIND documentation files Found in /usr/share/doc/packages/bind/arm/ directory Consist of eight chapters Activity 11-1: Installing BIND Install BIND and other DNS-related packages

13 Configuring BIND BIND named.conf
Requires no further configuration after being installed in openSUSE Runs as a daemon known as named Pronounced “name-dee,” not “named” named.conf Main BIND DNS configuration file Found in /etc directory

14 Configuring BIND (cont’d.)
To start the named daemon (BIND): Use rcnamed start command Table 11-2 Describes common commands for determining the daemon’s status Options to edit named.conf file Use a text editor, such as vim Use YaST DNS module Available after you install BIND

15 Configuring BIND (cont’d.)
Table 11-2 Common named commands

16 Configuring BIND (cont’d.)
To start YaST DNS module Use yast2 dns-server command Requires root privileges DNS Server Installation Wizard Opens the first time you start the module Enables you to add forwarders Expert mode Available after you step through the basic settings For more advanced configuration tasks

17 Configuring BIND (cont’d.)
Figure 11-2 The DNS Server Installation Wizard © Cengage Learning 2013

18 Forwarder Can have up to three forwarders in DNS configuration
These servers enable you to: Forward unresolved queries to an off-site DNS server Cache results on your local DNS server

19 Forwarder (cont’d.) First time you configure a DNS server, the forwarder list is empty Forwarder declaration in /etc/named.conf file is, by default, a commented line; for example: #forwarders { ; ; }; Deleting # symbol adds the two servers ( and in example) to forwarder list

20 DNS Zones Zone Zone file Master name server
A portion of the DNS namespace Zone file Stores the data for a zone Master name server An authoritative name server that stores the primary copies of zone records

21 DNS Zones (cont’d.) Slave name server
Also known as a secondary name server Maintains a copy of master zone file that’s used as a backup Provides redundancy if master name server is unavailable

22 DNS Zones (cont’d.) Entries in zone file Line 1 Line 2 Line 3 Line 4
Time-to-live (TTL) entry Line 2 Start of Authority (SOA) resource record Line 3 Serial number Line 4 Refresh rate

23 DNS Zones (cont’d.) Line 5 Line 6 Line 7 Line 8 Retry rate
Expiration entry Line 7 Negative TTL entry Line 8 NS resource record

24 MX RR Identifies mail servers (mail exchangers) for a zone Table 11-3
Describes fields in MX RR Example:

25 MX RR (cont’d.) Table 11-3 MX resource record fields

26 A RR A (address) RR Table 11-4 Example: Most common resource record
Used to resolve a hostname to an IPv4 address for locating a resource Table 11-4 Describes fields in the A RR Example:

27 A RR (cont’d.) Table 11-4 A resource record

28 PTR RR PTR (pointer) RR Table 11-5 Example:
Used to resolve an IPv4 address to its hostname Performs the reverse of what an A RR does Table 11-5 Describes fields in the PTR RR Example:

29 PTR RR (cont’d.) Table 11-5 PTR resource record

30 CNAME RR CNAME (canonical name) RR Table 11-6 Example:
Enables you to create an alias for a host Table 11-6 Describes fields in the CNAME RR Example:

31 CNAME RR (cont’d.) Table 11-6 CNAME resource record

32 Expert Configuration Mode
Final window in DNS Server Installation Wizard Option to open DNS port in your firewall Option to start DNS server automatically at bootup After completing DNS Server Installation Wizard Whenever you open the DNS module, you’re in expert configuration mode

33 Start-Up Settings under Start-Up window
Whether DNS starts automatically when the server starts or must be started manually Firewall settings, such as opening the firewall port to allow remote computers to access DNS service Stop, start, and reload DNS server

34 Start-Up (cont’d.) Figure 11-3 The Start-Up window
© Cengage Learning 2013

35 Forwarders Forwarders window
Used for the same task as in DNS Server Installation Wizard Adding IP addresses to the list of forwarder servers

36 Basic Options Basic Options window Ways to add options: Table 11-7
Displays options that have already been defined for the zone Ways to add options: Use Basic Options window If you use this window, information is updated in /etc/named.conf file automatically Edit /etc/named.conf file Table 11-7 Describes the options that can be added or modified

37 Basic Options (cont’d.)
Figure 11-4 The Basic Options window © Cengage Learning 2013

38 Basic Options (cont’d.)
Table 11-7 Settings in the Basic Options window

39 Basic Options (cont’d.)
Table 11-7 Settings in the Basic Options window (continued)

40 Logging Logging window
Can be used to configure logging options for DNS server By default, DNS server sends log data to the systemwide log file /var/log/messages Additional Logging section Log All DNS Queries option Log Zone Updates option Log Zone Transfers option

41 Logging (cont’d.) Figure 11-5 The Logging window
© Cengage Learning 2013

42 Access Control List (ACL)
Access Control List (ACL) window Used by BIND administrators to control who can perform operations on the name server When creating an ACL, you must: Give it a unique name Specify an IP address under Value heading

43 Access Control List (ACL) (cont’d.)
When creating an ACL, the IP address must be: Enclosed by braces End with a semicolon Example: { ; }

44 TSIG Keys Transaction signatures
Used to secure communication between two servers Usually between DHCP and DNS servers Ways to generate keys for this signature: TSIG Keys window dnssec-keygen command

45 TSIG Keys (cont’d.) Activity 11-2: Configuring BIND
Review settings in the /etc/named.conf file and configure a BIND server with the DNS Server Installation Wizard Activity 11-3: Creating a Resource Record in YaST Use the YaST DNS Server module to create a resource record

46 TSIG Keys (cont’d.) Figure 11-6 An A resource record added to the master zone file © Cengage Learning 2013

47 Summary Domain Name System (DNS) BIND
Translates domain names and hostnames to IP addresses A distributed and hierarchical database Allows controlling DNS management locally BIND Open-source DNS server software Local DNS sites can forward DNS queries to a forwarder DNS server It forwards the request to an off-site DNS server

48 Summary (cont’d.) DNS structure is viewed as an inverted tree
Main DNS configuration file is named.conf file in the /etc directory YaST DNS module is included with DNS installation and is used to configure DNS servers DNS zone file is a text file that stores resource records and other data for a zone Expert configuration mode for YaST DNS module gives access to more advanced configuration tasks


Download ppt "Linux Operations and Administration"

Similar presentations


Ads by Google