Linux Operations and Administration Chapter Eleven Domain Name System

Objectives Describe Domain Name System and how it relates to the Internet Install and configure Berkeley Internet Name Daemon (BIND) Check the status of a DNS server via the command line Identify zones and describe the elements in a zone file Explain how the different types of resource records affect zones

Introduction to Domain Name System Name server A central database that translates names to IP addresses (or IP addresses to names) Simplified network management dramatically This method worked for local networks, but not for resources on the Internet Resource record A file containing resource information or characteristics about a zone or domain

DNS on the Internet Internet’s Domain Name System (DNS) Associates an IP address (such as 204.21.112.110) with an actual name (such as server1) Network resources can be accessed by easy-to remember names Berkeley Internet Name Daemon (BIND) Usually carries out translation for DNS Open-source software containing DNS protocols needed to resolve hostnames to IP addresses

DNS on the Internet (cont’d.) Goal of DNS is to decentralize administration DNS is a distributed and hierarchical database Allows controlling DNS management locally Local DNS server Can handle cached hostname requests Doesn’t contain information on every hostname on the Internet Forwards requests for unknown hostnames to a forwarder

DNS on the Internet (cont’d.) Forwarder A type of DNS server Forwarder’s job is to handle off-site requests generated at the system known as “localhost” Caching A feature that stores DNS queries on the local site for fast hostname–to–IP address resolution Local administrators can manage local DNS servers

DNS on the Internet (cont’d.) Root DNS servers Centrally controlled public DNS servers Control the Internet’s top-level domains (TLDs) Table 11-1 Describes some of the most recognizable top-level domains

DNS on the Internet (cont’d.) Table 11-1 Common top-level domains

DNS on the Internet (cont’d.) DNS database is structured as an inverted tree Also known as domain namespace Root at top of the tree TLDs beneath it Nodes (leaves) of the tree are called domains and have labels Such as .gov for U.S. government domain Domain names are derived from node labels Each level of hierarchy is separated by dots in domain name

DNS on the Internet (cont’d.) Figure 11-1 The DNS structure © Cengage Learning 2013

Installing BIND Installing BIND is similar to installing Apache Web Server YaST Software Management is used to install the DHCP and DNS Server pattern Installs: All the necessary DNS modules, such as BIND BIND documentation files DNS Server Configuration utility

Installing BIND (cont’d.) BIND documentation files Found in /usr/share/doc/packages/bind/arm/ directory Consist of eight chapters Activity 11-1: Installing BIND Install BIND and other DNS-related packages

Configuring BIND BIND named.conf Requires no further configuration after being installed in openSUSE Runs as a daemon known as named Pronounced “name-dee,” not “named” named.conf Main BIND DNS configuration file Found in /etc directory

Configuring BIND (cont’d.) To start the named daemon (BIND): Use rcnamed start command Table 11-2 Describes common commands for determining the daemon’s status Options to edit named.conf file Use a text editor, such as vim Use YaST DNS module Available after you install BIND

Configuring BIND (cont’d.) Table 11-2 Common named commands

Configuring BIND (cont’d.) To start YaST DNS module Use yast2 dns-server command Requires root privileges DNS Server Installation Wizard Opens the first time you start the module Enables you to add forwarders Expert mode Available after you step through the basic settings For more advanced configuration tasks

Configuring BIND (cont’d.) Figure 11-2 The DNS Server Installation Wizard © Cengage Learning 2013

Forwarder Can have up to three forwarders in DNS configuration These servers enable you to: Forward unresolved queries to an off-site DNS server Cache results on your local DNS server

Forwarder (cont’d.) First time you configure a DNS server, the forwarder list is empty Forwarder declaration in /etc/named.conf file is, by default, a commented line; for example: #forwarders { 192.0.2.1; 192.0.2.2; }; Deleting # symbol adds the two servers (192.0.2.1 and 192.0.2.2 in example) to forwarder list

DNS Zones Zone Zone file Master name server A portion of the DNS namespace Zone file Stores the data for a zone Master name server An authoritative name server that stores the primary copies of zone records

DNS Zones (cont’d.) Slave name server Also known as a secondary name server Maintains a copy of master zone file that’s used as a backup Provides redundancy if master name server is unavailable

DNS Zones (cont’d.) Entries in zone file Line 1 Line 2 Line 3 Line 4 Time-to-live (TTL) entry Line 2 Start of Authority (SOA) resource record Line 3 Serial number Line 4 Refresh rate

DNS Zones (cont’d.) Line 5 Line 6 Line 7 Line 8 Retry rate Expiration entry Line 7 Negative TTL entry Line 8 NS resource record

MX RR Identifies mail servers (mail exchangers) for a zone Table 11-3 Describes fields in MX RR Example:

MX RR (cont’d.) Table 11-3 MX resource record fields

A RR A (address) RR Table 11-4 Example: Most common resource record Used to resolve a hostname to an IPv4 address for locating a resource Table 11-4 Describes fields in the A RR Example:

A RR (cont’d.) Table 11-4 A resource record

PTR RR PTR (pointer) RR Table 11-5 Example: Used to resolve an IPv4 address to its hostname Performs the reverse of what an A RR does Table 11-5 Describes fields in the PTR RR Example:

PTR RR (cont’d.) Table 11-5 PTR resource record

CNAME RR CNAME (canonical name) RR Table 11-6 Example: Enables you to create an alias for a host Table 11-6 Describes fields in the CNAME RR Example:

CNAME RR (cont’d.) Table 11-6 CNAME resource record

Expert Configuration Mode Final window in DNS Server Installation Wizard Option to open DNS port in your firewall Option to start DNS server automatically at bootup After completing DNS Server Installation Wizard Whenever you open the DNS module, you’re in expert configuration mode

Start-Up Settings under Start-Up window Whether DNS starts automatically when the server starts or must be started manually Firewall settings, such as opening the firewall port to allow remote computers to access DNS service Stop, start, and reload DNS server

Start-Up (cont’d.) Figure 11-3 The Start-Up window © Cengage Learning 2013

Forwarders Forwarders window Used for the same task as in DNS Server Installation Wizard Adding IP addresses to the list of forwarder servers

Basic Options Basic Options window Ways to add options: Table 11-7 Displays options that have already been defined for the zone Ways to add options: Use Basic Options window If you use this window, information is updated in /etc/named.conf file automatically Edit /etc/named.conf file Table 11-7 Describes the options that can be added or modified

Basic Options (cont’d.) Figure 11-4 The Basic Options window © Cengage Learning 2013

Basic Options (cont’d.) Table 11-7 Settings in the Basic Options window

Basic Options (cont’d.) Table 11-7 Settings in the Basic Options window (continued)

Logging Logging window Can be used to configure logging options for DNS server By default, DNS server sends log data to the systemwide log file /var/log/messages Additional Logging section Log All DNS Queries option Log Zone Updates option Log Zone Transfers option

Logging (cont’d.) Figure 11-5 The Logging window © Cengage Learning 2013

Access Control List (ACL) Access Control List (ACL) window Used by BIND administrators to control who can perform operations on the name server When creating an ACL, you must: Give it a unique name Specify an IP address under Value heading

Access Control List (ACL) (cont’d.) When creating an ACL, the IP address must be: Enclosed by braces End with a semicolon Example: { 204.21.112.24; }

TSIG Keys Transaction signatures Used to secure communication between two servers Usually between DHCP and DNS servers Ways to generate keys for this signature: TSIG Keys window dnssec-keygen command

TSIG Keys (cont’d.) Activity 11-2: Configuring BIND Review settings in the /etc/named.conf file and configure a BIND server with the DNS Server Installation Wizard Activity 11-3: Creating a Resource Record in YaST Use the YaST DNS Server module to create a resource record

TSIG Keys (cont’d.) Figure 11-6 An A resource record added to the master zone file © Cengage Learning 2013

Summary Domain Name System (DNS) BIND Translates domain names and hostnames to IP addresses A distributed and hierarchical database Allows controlling DNS management locally BIND Open-source DNS server software Local DNS sites can forward DNS queries to a forwarder DNS server It forwards the request to an off-site DNS server

Summary (cont’d.) DNS structure is viewed as an inverted tree Main DNS configuration file is named.conf file in the /etc directory YaST DNS module is included with DNS installation and is used to configure DNS servers DNS zone file is a text file that stores resource records and other data for a zone Expert configuration mode for YaST DNS module gives access to more advanced configuration tasks