Transcript Configuring Local Resolver
DNS DNS
DNS
DNS
DNS is a network service that enables clients to resolve names to IP address and vice-versa.
Allows machines to be logically grouped by domain names.
Provides email routing information.
DNS
Internet Naming Hierarchy
The silent dot at the end of all addresses .com
.net
.org
.in
.sidbi
.ac
.iitk
www www .co
DNS Setup
DNS Operation
A DNS server maintains the name to IP address mapping of the domain for which it is the name server.
The DNS server for a domain is registered with the domain registrar and the entry is maintained by the Internet Root-Servers (13) or Country Level Root Servers.
Whenever a server is queried, if doesn’t have the answer, the root servers are contacted.
The root servers refer to the DNS server for that domain (in case the domain is a top level domain) or the Country Root Server (in case the domain is country level domain).
DNS Setup
DNS Configuration
named daemon is used A DNS Server may be caching/master/slave server The named.ca file has information of all Root Servers.
There is a Forward Zone file and a Reverse Zone file for every domain.
Configuration file:
/var/named/chroot/etc/named.conf
Forward Zone File:
/var/named/chroot/var/named/
Reverse Zone File:
/var/named/chroot/var/named/
DNS Setup
Sample Master named.conf
zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; allow-query {any;}; }; zone "iitk.ac.in" { type master; file "hosts.db"; allow-query {any;}; }; zone "95.200.203.IN-ADDR.ARPA" { type master; file "hosts.rev.203.200.95"; allow-query {any;}; }; zone "iitk.ernet.in" { type slave; file "hosts.iitk.ernet.in"; masters { 202.141.40.10; }; allow-query {any;};
DNS Setup
Sample Forward Zone File
$TTL 86400 @ IN SOA ns.iitk.ac.in. root.ns.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 3 hours 3600 ; Retry - 1 hour 1209600 ;Expire - 1 week 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns.iitk.ac.in.
IN NS proxy.iitk.ac.in.
IN MX 5 mail0.iitk.ac.in.
IN MX 10 mail1.iitk.ac.in.
IN MX 20 mail2.iitk.ac.in.
$ORIGIN iitk.ac.in.
ns mail proxy IN IN IN A A CNAME 203.200.95.142
203.200.95.144
DNS Setup
Sample Reverse Zone File
$TTL 86400 $ORIGIN 200.203.in-addr.arpa.
95 IN SOA ns1.iitk.ac.in. root.ns1.iitk.ac.in. ( 200605091 ; Serial 10800 ; Refresh - 5 minutes 3600 ; Retry - 1 minute 1209600 ; Expire - 1 weeks 43200 ) ; Minimum TTL for negative answers - 12 hours IN NS ns.iitk.ac.in.
IN NS proxy.iitk.ac.in.
; $ORIGIN 95.200.203.in-addr.arpa.
; 142 IN PTR ns.iitk.ac.in.
144 IN PTR mail.iitk.ac.in.
DNS Setup
Configuring Local Resolver
/etc/resolv.conf
server 127.0.0.1
DNS Setup
Test DNS
nslookup host dig Test your DNS with the following DNS diagnostics web site: dnsstuff.com
DNS Setup
Advanced BIND Features
Access List Round Robin Load Sharing Dynamic DNS Update
DNS Setup
Access Control List
ACL is a list of semi-colon separated IP addresses or networks.
Create ACLs and apply directives on specified ACLs
acl “mynetwork” { 172.31.0.0/16; 172.30.1.1; }; allow-query {mynetwork; }; allow-transfer {mynetwork; }; allow-update {mynetwork; };
DNS Setup
Dynamic DNS Update
Allows the DNS server to update the Name and IP address of hosts on the network.
To disable DDNS, use the directive:
allow-update {none; };
DNS Setup
Round Robin Load Sharing
Load Balancing can be achieved by use of multiple A records for the same name:
www www www IN IN IN A A A 203.200.95.140
203.200.95.141
203.200.95.142