Lab Questions

1. 

In this lab, you'll set up a caching DNS nameserver on your network. Use the /etc/named.caching-nameserver.conf file, modify appropriate files on the clients on your network, and make sure the appropriate daemon is active and starts the next time you boot Linux.

1. 

In this lab, you have the benefit of the /etc/named.caching-nameserver.conf configuration file. All you need to do is:

1. Copy the template configuration file to /etc/named.conf.

2. Modify the listen-on port 53 directive to include the local IP address; for example, if your IP address is 10.11.12.13, the directive will look like:

    listen-on port 53 { 127.0.0.1; 10.11.12.13; }; 

3. Modify the allow-query directive to include the local IP address; for example, if your network IP address is 10.11.12.0/24, the directive will look like:

    allow-query { localhost; 10.11.12.0/24; }; 

4. Save your changes to /etc/named.conf.

5. Start the named service using the remote named daemon control facility, also known as the rndc command.

    # rndc start 

6. Change the local client to point to the local DNS caching name server; replace any nameserver directives in /etc/resolv.conf with the IP address of the local system. For example, if the local computer is on 10.11.12.13, the directive is

    nameserver 10.11.12.13 

7. Now test it out. Try commands such as dig www.yahoo.com. You should see the following near the end of the output:

    ;; SERVER: 10.11.12.13#53(10.11.12.13) 

8. This comes from Chapter 7; to make sure the local system (and any other systems you reconfigure) points to the DNS server, add the aforementioned nameserver directive to /etc/ resolv.conf:

    nameserver 10.11.12.13 

   Then make sure PEERDNS=no in the appropriate network card configuration file, such as ifcfg-eth0 in the /etc/sysconfig/network-scripts/ directory.

9. To make sure the DNS service starts the next time you boot Linux, run the following command:

    # chkconfig named on 

2. 

Your internal network is growing, and you're having trouble keeping up with the different workstations that are being added on a regular basis. You use the good.example.com subdomain for your internal network, and you've named your computers for your departments, such as engr1 through engr10.good .example.com.

Your mail server is named postal, your Web server is named www, your FTP server is named ftp. You want to configure a DNS server on the computer named names. What do you need to do?

While you may not have enough information in this lab to create a complete and working file, you should be able to determine an outline of what you need to do, with the possible exception of specific IP addresses.

2. 

While you could subcontract out the task to an ISP, it's easy to create a DNS server for your internal network. The basic files are already available in RHEL 5. All you need to do is modify these files and add appropriate zone files to your /var/named/chroot/var/named directory. I'll describe the basics on how you can set up a DNS server by directly editing the appropriate configuration files. Assume that you're using the 10.11.12.0/255.255.255.0 network addresses for your LAN.

First, you'll need to modify the default /etc/named.conf configuration file. It's best to start by backing up this file. You'll need to add stanzas that refer to a zone and a reverse zone file. The stanzas are straightforward:

 zone "good.example.com" IN {       type master;       file "good.example.com.zone"; }; zone "12.11.10.in-addr.apra" IN {      type master;      file "good.example.com.rr.zone";      allow-update { none; } }; 

Next, you can create the good.example.com.zone and good.example.com.rr.zone files in the /var/named/chroot/var/named and link them to the /var/named directory. These files will contain a database of local and reverse local computer names and IP addresses for your LAN.

In the good.example.com.zone file, you'll want to create the forward database for your DNS server. It will contain the records for your domain as well as the administrator e-mail address. There's not enough information in the problem to set up a full file, but the following principles apply:

1. You need to start the zone file with a general Time To Live (TTL) variable; for example, the following command sets a standard TTL (4 days) for data on this DNS server:

    $TTL 4D 

2. You'll need a Start Of Authority (SOA) record with the name of the DNS server and your administrative e-mail address. The format of the e-mail address is a little strange; the following line sets an e-mail address of admin@good.example.com. It also sets a serial number based on the date (which you should change to reflect the current date), a refresh (16 hours) and a retry frequency (4 hours), an expatriation period (2 weeks), as well as a TTL (4 days). Do note the dot at the end of each name:

    @   IN   SOA     names.good.example.com. admin.good.example.com. (                  200402121                  16H                  4H                  2W                  4D 

3. Now you can specify the computers associated with the DNS and mail servers:

    IN   NS     names.good.example.com. IN   MX     10 postal.good.example.com. 

4. Then you can specify the different computers on your network. While no specific IP addresses are given, you know that you have computers with the following names in the good.example .com.zone file. I've added arbitrary IP addresses on the given IPv4 network. You'll have to find the proper IP addresses for yourself with ifconfig commands on each computer:

    engr1    IN   A    10.11.12.1 engr2    IN   A    10.11.12.2 engr3    IN   A    10.11.12.3 engr4    IN   A    10.11.12.4 engr5    IN   A    10.11.12.5 engr6    IN   A    10.11.12.6 engr7    IN   A    10.11.12.7 engr8    IN   A    10.11.12.8 engr9    IN   A    10.11.12.9 engr10   IN   A    10.11.12.10 ftp      IN   A    10.11.12.11 www      IN   A    10.11.12.12 postal   IN   A    10.11.12.13 

5. Finally, to make sure that the DNS server works the next time you boot this Linux computer, you'll want to set it to run at the appropriate runlevels with a command such as the following:

    # chkconfig named on