Download presentation
1
Linux Operations and Administration
Chapter Eleven Domain Name System
2
Objectives Describe Domain Name System and how it relates to the Internet Install and configure Berkeley Internet Name Daemon (BIND) Check the status of a DNS server via the command line Identify zones and describe the elements in a zone file Explain how the different types of resource records affect zones
3
Introduction to Domain Name System
Name server A central database that translates names to IP addresses (or IP addresses to names) Simplified network management dramatically This method worked for local networks, but not for resources on the Internet Resource record A file containing resource information or characteristics about a zone or domain
4
DNS on the Internet Internet’s Domain Name System (DNS)
Associates an IP address (such as ) with an actual name (such as server1) Network resources can be accessed by easy-to remember names Berkeley Internet Name Daemon (BIND) Usually carries out translation for DNS Open-source software containing DNS protocols needed to resolve hostnames to IP addresses
5
DNS on the Internet (cont’d.)
Goal of DNS is to decentralize administration DNS is a distributed and hierarchical database Allows controlling DNS management locally Local DNS server Can handle cached hostname requests Doesn’t contain information on every hostname on the Internet Forwards requests for unknown hostnames to a forwarder
6
DNS on the Internet (cont’d.)
Forwarder A type of DNS server Forwarder’s job is to handle off-site requests generated at the system known as “localhost” Caching A feature that stores DNS queries on the local site for fast hostname–to–IP address resolution Local administrators can manage local DNS servers
7
DNS on the Internet (cont’d.)
Root DNS servers Centrally controlled public DNS servers Control the Internet’s top-level domains (TLDs) Table 11-1 Describes some of the most recognizable top-level domains
8
DNS on the Internet (cont’d.)
Table 11-1 Common top-level domains
9
DNS on the Internet (cont’d.)
DNS database is structured as an inverted tree Also known as domain namespace Root at top of the tree TLDs beneath it Nodes (leaves) of the tree are called domains and have labels Such as .gov for U.S. government domain Domain names are derived from node labels Each level of hierarchy is separated by dots in domain name
10
DNS on the Internet (cont’d.)
Figure 11-1 The DNS structure © Cengage Learning 2013
11
Installing BIND Installing BIND is similar to installing Apache Web Server YaST Software Management is used to install the DHCP and DNS Server pattern Installs: All the necessary DNS modules, such as BIND BIND documentation files DNS Server Configuration utility
12
Installing BIND (cont’d.)
BIND documentation files Found in /usr/share/doc/packages/bind/arm/ directory Consist of eight chapters Activity 11-1: Installing BIND Install BIND and other DNS-related packages
13
Configuring BIND BIND named.conf
Requires no further configuration after being installed in openSUSE Runs as a daemon known as named Pronounced “name-dee,” not “named” named.conf Main BIND DNS configuration file Found in /etc directory
14
Configuring BIND (cont’d.)
To start the named daemon (BIND): Use rcnamed start command Table 11-2 Describes common commands for determining the daemon’s status Options to edit named.conf file Use a text editor, such as vim Use YaST DNS module Available after you install BIND
15
Configuring BIND (cont’d.)
Table 11-2 Common named commands
16
Configuring BIND (cont’d.)
To start YaST DNS module Use yast2 dns-server command Requires root privileges DNS Server Installation Wizard Opens the first time you start the module Enables you to add forwarders Expert mode Available after you step through the basic settings For more advanced configuration tasks
17
Configuring BIND (cont’d.)
Figure 11-2 The DNS Server Installation Wizard © Cengage Learning 2013
18
Forwarder Can have up to three forwarders in DNS configuration
These servers enable you to: Forward unresolved queries to an off-site DNS server Cache results on your local DNS server
19
Forwarder (cont’d.) First time you configure a DNS server, the forwarder list is empty Forwarder declaration in /etc/named.conf file is, by default, a commented line; for example: #forwarders { ; ; }; Deleting # symbol adds the two servers ( and in example) to forwarder list
20
DNS Zones Zone Zone file Master name server
A portion of the DNS namespace Zone file Stores the data for a zone Master name server An authoritative name server that stores the primary copies of zone records
21
DNS Zones (cont’d.) Slave name server
Also known as a secondary name server Maintains a copy of master zone file that’s used as a backup Provides redundancy if master name server is unavailable
22
DNS Zones (cont’d.) Entries in zone file Line 1 Line 2 Line 3 Line 4
Time-to-live (TTL) entry Line 2 Start of Authority (SOA) resource record Line 3 Serial number Line 4 Refresh rate
23
DNS Zones (cont’d.) Line 5 Line 6 Line 7 Line 8 Retry rate
Expiration entry Line 7 Negative TTL entry Line 8 NS resource record
24
MX RR Identifies mail servers (mail exchangers) for a zone Table 11-3
Describes fields in MX RR Example:
25
MX RR (cont’d.) Table 11-3 MX resource record fields
26
A RR A (address) RR Table 11-4 Example: Most common resource record
Used to resolve a hostname to an IPv4 address for locating a resource Table 11-4 Describes fields in the A RR Example:
27
A RR (cont’d.) Table 11-4 A resource record
28
PTR RR PTR (pointer) RR Table 11-5 Example:
Used to resolve an IPv4 address to its hostname Performs the reverse of what an A RR does Table 11-5 Describes fields in the PTR RR Example:
29
PTR RR (cont’d.) Table 11-5 PTR resource record
30
CNAME RR CNAME (canonical name) RR Table 11-6 Example:
Enables you to create an alias for a host Table 11-6 Describes fields in the CNAME RR Example:
31
CNAME RR (cont’d.) Table 11-6 CNAME resource record
32
Expert Configuration Mode
Final window in DNS Server Installation Wizard Option to open DNS port in your firewall Option to start DNS server automatically at bootup After completing DNS Server Installation Wizard Whenever you open the DNS module, you’re in expert configuration mode
33
Start-Up Settings under Start-Up window
Whether DNS starts automatically when the server starts or must be started manually Firewall settings, such as opening the firewall port to allow remote computers to access DNS service Stop, start, and reload DNS server
34
Start-Up (cont’d.) Figure 11-3 The Start-Up window
© Cengage Learning 2013
35
Forwarders Forwarders window
Used for the same task as in DNS Server Installation Wizard Adding IP addresses to the list of forwarder servers
36
Basic Options Basic Options window Ways to add options: Table 11-7
Displays options that have already been defined for the zone Ways to add options: Use Basic Options window If you use this window, information is updated in /etc/named.conf file automatically Edit /etc/named.conf file Table 11-7 Describes the options that can be added or modified
37
Basic Options (cont’d.)
Figure 11-4 The Basic Options window © Cengage Learning 2013
38
Basic Options (cont’d.)
Table 11-7 Settings in the Basic Options window
39
Basic Options (cont’d.)
Table 11-7 Settings in the Basic Options window (continued)
40
Logging Logging window
Can be used to configure logging options for DNS server By default, DNS server sends log data to the systemwide log file /var/log/messages Additional Logging section Log All DNS Queries option Log Zone Updates option Log Zone Transfers option
41
Logging (cont’d.) Figure 11-5 The Logging window
© Cengage Learning 2013
42
Access Control List (ACL)
Access Control List (ACL) window Used by BIND administrators to control who can perform operations on the name server When creating an ACL, you must: Give it a unique name Specify an IP address under Value heading
43
Access Control List (ACL) (cont’d.)
When creating an ACL, the IP address must be: Enclosed by braces End with a semicolon Example: { ; }
44
TSIG Keys Transaction signatures
Used to secure communication between two servers Usually between DHCP and DNS servers Ways to generate keys for this signature: TSIG Keys window dnssec-keygen command
45
TSIG Keys (cont’d.) Activity 11-2: Configuring BIND
Review settings in the /etc/named.conf file and configure a BIND server with the DNS Server Installation Wizard Activity 11-3: Creating a Resource Record in YaST Use the YaST DNS Server module to create a resource record
46
TSIG Keys (cont’d.) Figure 11-6 An A resource record added to the master zone file © Cengage Learning 2013
47
Summary Domain Name System (DNS) BIND
Translates domain names and hostnames to IP addresses A distributed and hierarchical database Allows controlling DNS management locally BIND Open-source DNS server software Local DNS sites can forward DNS queries to a forwarder DNS server It forwards the request to an off-site DNS server
48
Summary (cont’d.) DNS structure is viewed as an inverted tree
Main DNS configuration file is named.conf file in the /etc directory YaST DNS module is included with DNS installation and is used to configure DNS servers DNS zone file is a text file that stores resource records and other data for a zone Expert configuration mode for YaST DNS module gives access to more advanced configuration tasks
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.