Your SlideShare is downloading. ×
0
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Ch20 system administration
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ch20 system administration

959

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
959
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
45
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Can have one master NIS, or multiple NIS masters. Discuss the good/bad points of each.
  • Transcript

    • 1. Name Services Chapter 20
    • 2. Chapter Goals <ul><li>Understand Local vs. global name services. </li></ul><ul><li>Understand basic use of NIS. </li></ul><ul><li>Understand how DNS works. </li></ul><ul><li>Understand DNS configuration files. </li></ul><ul><li>Understand how to make multiple name services work together. </li></ul>
    • 3. Network Configuration <ul><li>Review </li></ul><ul><ul><li>In order to install a network connection on a UNIX box, you have to do the following: </li></ul></ul><ul><ul><ul><li>Set up the nameservice files: </li></ul></ul></ul><ul><ul><ul><ul><li>/etc/nsswitch.conf </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>set the hosts entry to use the appropriate name service (this step to be discussed later) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>If you are using NIS, you have to set up files in /var/yp. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>/etc/resolv.conf </li></ul></ul></ul></ul><ul><ul><ul><ul><li>nameserver 129.74.70.77 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>domain cselab.nd.edu </li></ul></ul></ul></ul><ul><ul><ul><ul><li>search cselab.nd.edu cse.nd.edu helios.nd.edu cc.nd.edu nd.edu </li></ul></ul></ul></ul>
    • 4. Name Service <ul><li>There are several name services available. </li></ul><ul><ul><li>For UNIX, the most common are: </li></ul></ul><ul><ul><ul><li>Network Information Services (NIS)(NIS+) </li></ul></ul></ul><ul><ul><ul><li>/etc/hosts file (static mappings) </li></ul></ul></ul><ul><ul><ul><li>Network Information Service (Federated Name Services - FNS) </li></ul></ul></ul><ul><ul><ul><li>Domain Name Service </li></ul></ul></ul><ul><ul><li>For WINDOWS, the most common are: </li></ul></ul><ul><ul><ul><li>lmhosts file </li></ul></ul></ul><ul><ul><ul><li>Wins </li></ul></ul></ul><ul><ul><ul><li>DNS </li></ul></ul></ul>
    • 5. Name Services <ul><li>The Network Information Service ( NIS ) (and it’s successor NIS+ ) are local information servers. </li></ul><ul><ul><li>NIS/NIS+ provides hostname to IP address lookups, password lookups, and other local information lookups. </li></ul></ul><ul><ul><li>NIS/NIS+ are not global services. </li></ul></ul><ul><ul><ul><li>It does not make sense to make some of the NIS services global (passwords, email aliases, ...). </li></ul></ul></ul><ul><ul><ul><li>Must run DNS for Internet name lookups. </li></ul></ul></ul>
    • 6. Name Services <ul><ul><li>NIS/NIS+ Strong Points: </li></ul></ul><ul><ul><ul><li>Centralized Administration (all local information in one database). </li></ul></ul></ul><ul><ul><ul><li>Several versions of Unix include NIS/NIS+ </li></ul></ul></ul><ul><ul><ul><ul><li>Integral part of Solaris. </li></ul></ul></ul></ul><ul><ul><ul><li>Easy to understand file formats </li></ul></ul></ul><ul><ul><ul><li>Configurable </li></ul></ul></ul><ul><ul><li>NIS Shortcomings: </li></ul></ul><ul><ul><ul><li>The database does not scale well. </li></ul></ul></ul><ul><ul><ul><li>NIS requires/facilitates centralized administration. </li></ul></ul></ul><ul><ul><ul><li>NIS/NIS+ are not available on all platforms. </li></ul></ul></ul><ul><ul><ul><li>NIS/NIS+ open the site up to security problems. </li></ul></ul></ul>
    • 7. Name Services <ul><li>NIS allows the site to split the namespace into organizational unit service “domains” </li></ul><ul><li>NIS allows for multiple servers </li></ul><ul><ul><li>Master server – authoratative for a domain </li></ul></ul><ul><ul><li>Slave server – a backup server for a domain </li></ul></ul><ul><ul><li>Each sub-domain may have master and slave servers which are authoritative for their own sub-domains. </li></ul></ul>
    • 8. &nbsp;
    • 9. NIS Summary <ul><li>NIS is a LOCAL name service. </li></ul><ul><ul><li>You must still run DNS to be on the Internet! </li></ul></ul><ul><ul><ul><li>Alternate: You can have your ISP run DNS for you. </li></ul></ul></ul><ul><li>NIS is not secure (No Information Security) </li></ul>
    • 10. Name Services <ul><li>DNS is a distributed database which holds information about hosts IP addresses, mail routing information, and hostnames. </li></ul><ul><ul><li>DNS is typically implemented via the Berkeley Internet Name Domain system (bind). </li></ul></ul><ul><ul><ul><li>Other name service packages are available: Cisco Network Registrar is one example. </li></ul></ul></ul><ul><ul><li>DNS uses a hierarchical tree of name servers to minimize impact on any one nameserver. </li></ul></ul><ul><ul><ul><li>At the top of the hierarchy is the root domain. </li></ul></ul></ul><ul><ul><ul><li>The root domain has no name server. </li></ul></ul></ul>
    • 11. Name Services <ul><li>DNS specifications set aside certain top-level domain names. </li></ul><ul><ul><li>These domains reside under the root domain. </li></ul></ul><ul><ul><li>Each of these top level domains has one (or more) master name servers. </li></ul></ul><ul><ul><ul><li>Unfortunately, these are referred to as the root name servers. </li></ul></ul></ul><ul><ul><li>These top-level domains are different in the US than in other countries. </li></ul></ul>
    • 12. Name Services <ul><li>In the US, the top level domains are: </li></ul><ul><ul><ul><li>.com - commercial companies </li></ul></ul></ul><ul><ul><ul><li>.edu - educational institutions </li></ul></ul></ul><ul><ul><ul><li>.gov - government agencies </li></ul></ul></ul><ul><ul><ul><li>.mil - military agencies </li></ul></ul></ul><ul><ul><ul><li>.net - network providers </li></ul></ul></ul><ul><ul><ul><li>.org - non-profit organizations </li></ul></ul></ul><ul><ul><ul><li>.int - international organizations </li></ul></ul></ul><ul><ul><ul><li>.arpa - a dead elephant (historical) </li></ul></ul></ul><ul><ul><li>Each of these domains has (at least) one authoritative name server. </li></ul></ul>
    • 13. Name Services <ul><li>In other countries, the ISO country codes are used as top level domain names: </li></ul><ul><ul><ul><li>au - Australia </li></ul></ul></ul><ul><ul><ul><li>ca - Canada </li></ul></ul></ul><ul><ul><ul><li>dk - Denmark </li></ul></ul></ul><ul><ul><ul><li>fi - Finland </li></ul></ul></ul><ul><ul><ul><li>fr - France </li></ul></ul></ul><ul><ul><ul><li>jp - Japan </li></ul></ul></ul><ul><ul><ul><li>se - Sweden </li></ul></ul></ul><ul><ul><ul><li>hk - Hong Kong </li></ul></ul></ul><ul><ul><ul><li>ch - Switzerland </li></ul></ul></ul>
    • 14. Name Services <ul><ul><li>Within each top-level domain there are several second level domains. </li></ul></ul><ul><ul><ul><li>Each second level domain can have an authoritative name server. </li></ul></ul></ul><ul><ul><ul><li>nd.edu is a second level domain. </li></ul></ul></ul><ul><ul><ul><li>bind.cc.nd.edu is the name server for the nd.edu domain. </li></ul></ul></ul>
    • 15. Name Services <ul><ul><li>Under each second level domain you might find many subdomains. </li></ul></ul><ul><ul><ul><li>cse.nd.edu, math.nd.edu, lsc.nd.edu and cselab.nd.edu are all subdomains of nd.edu. </li></ul></ul></ul><ul><ul><ul><li>These domains may or may not have their own nameservers. </li></ul></ul></ul><ul><ul><ul><ul><li>If not, they rely upon the second level server for address resolution. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If so, they generally rely upon the higher level name servers for information on hosts outside of the subdomain. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>music.cselab.nd.edu (129.74.70.77) is our lab nameserver. The cselab domain is a 3 rd level domain. </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Music refers requests to bind.nd.edu for hosts outside of the lab domain. </li></ul></ul></ul></ul></ul>
    • 16. &nbsp;
    • 17. Name Services <ul><ul><li>There are three components to the name service system: </li></ul></ul><ul><ul><ul><li>A daemon ( named ) that answers queries </li></ul></ul></ul><ul><ul><ul><li>Library routines that programs call in order to contact the server when they need to resolve hostnames/addresses. </li></ul></ul></ul><ul><ul><ul><li>Command line interfaces to the DNS database ( nslookup, dig, host ) </li></ul></ul></ul><ul><ul><li>Named is the process that answers queries about hostnames and IP addresses. </li></ul></ul><ul><ul><ul><li>If named knows the answer, it replies. </li></ul></ul></ul><ul><ul><ul><li>If not, it queries a nameserver at a higher level to get the information required </li></ul></ul></ul><ul><ul><ul><li>named is also responsible for transferring the database from high level servers to the lower level servers ( zone transfers ). </li></ul></ul></ul>
    • 18. Name Services <ul><ul><li>Named operates in one of three modes: </li></ul></ul><ul><ul><ul><li>master - one per domain - keeps the master copy of the DNS database for this domain. </li></ul></ul></ul><ul><ul><ul><li>slave - copies it’s data from the primary server via a zone transfer. Multiple secondary servers allowed within a domain. </li></ul></ul></ul><ul><ul><ul><li>caching - loads a few important addresses into it’s database, and gathers information on other hosts through normal operation. </li></ul></ul></ul>
    • 19. Name Services <ul><ul><li>Nameservers come in two flavors: </li></ul></ul><ul><ul><ul><li>recursive nameservers - stick with a query until they get a resolution for the client machine. </li></ul></ul></ul><ul><ul><ul><ul><li>The cache management becomes very resource intensive. </li></ul></ul></ul></ul><ul><ul><ul><li>non-recursive - are lazy. </li></ul></ul></ul><ul><ul><ul><ul><li>If they don’t know the answer, they return a “go ask him” response to the client. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Their cache of information is not very resource intensive. </li></ul></ul></ul></ul><ul><ul><ul><li>Low level servers are usually recursive, while higher level servers are usually non-recursive. </li></ul></ul></ul>
    • 20. &nbsp;
    • 21. Name Services <ul><ul><li>START </li></ul></ul><ul><ul><ul><li>A user on a system called darwin.cc.nd.edu wants to finger a user on a system called foyt.central.sun.com </li></ul></ul></ul><ul><ul><ul><li>Darwin looks in the /etc/hosts file to see if it knows who foyt.central.sun.com is and how to get there. </li></ul></ul></ul><ul><ul><ul><ul><li>If we find an entry in the hosts file, skip to host-resolved. </li></ul></ul></ul></ul><ul><ul><ul><li>If darwin does not find foyt.central.sun.com in it’s hosts file, it checks /etc/resolv.conf, finds the name of it’s nameserver. </li></ul></ul></ul><ul><ul><ul><li>Darwin creates a DNS query packet, and sends it to the nameserver. </li></ul></ul></ul><ul><ul><ul><li>The nameserver receives the DNS query packet and examines it: </li></ul></ul></ul><ul><ul><ul><ul><li>“ Hi, I’m darwin, I live at 129.74.250.114, my MAC address is 08:00:20:00:4e:3f. Who is foyt.central.sun.com and how do I get there?” </li></ul></ul></ul></ul>
    • 22. Name Services <ul><ul><ul><li>The nameserver (bind.cc.nd.edu) looks in its database to see if it knows who foyt.central.sun.com is and how to get there. </li></ul></ul></ul><ul><ul><ul><ul><li>If the nameserver has an entry for the foyt.central.sun.com machine skip to DNS-resolved . </li></ul></ul></ul></ul><ul><ul><ul><li>If the nameserver does not have an address for the foyt machine, it sends out an DNS request to it’s master nameserver (.edu) saying “Hi, I’m bind.cc.nd.edu, I live at 129.74.250.100, my MAC address is 08:00:20:ff:ee:dd. Who is foyt.central.sun.com and how do I get there?” </li></ul></ul></ul><ul><ul><ul><ul><li>This starts an iterative process of nameservice lookups... </li></ul></ul></ul></ul>
    • 23. Name Services <ul><ul><ul><li>The master .edu nameserver is lazy (non-recursive). It tells bind to go ask the nameserver for .com. The reply packet tells bind the address of a .com name server. </li></ul></ul></ul><ul><ul><ul><li>The master .com nameserver is lazy (non-recursive). It tells bind to go ask the nameserver at Sun.com. The reply packet dives bind the address of the Sun.com name server. </li></ul></ul></ul><ul><ul><ul><li>Bind queries the Sun.com nameserver. </li></ul></ul></ul><ul><ul><ul><ul><li>If Sun.com is recursive, it will go ask Central.sun.com. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If Sun.com is non-recursive, it will tell bind to ask central.sun.com. </li></ul></ul></ul></ul><ul><ul><ul><li>If no nameserver knows who foyt.central.sun.com is, then the user gets the always helpful “host unknown” message on their console. Skip to DONE. </li></ul></ul></ul>
    • 24. Name Services <ul><ul><ul><li>If a nameserver finds the foyt.central.sun.com machine in it’s database, then it will reply back through the chain that “foyt.central.sun.com is at 123.45.67.89”. </li></ul></ul></ul><ul><ul><ul><li>Some of the name server(s) which are contacted add bind.cc.nd.edu, and foyt.central.sun.com to their named cache. </li></ul></ul></ul>
    • 25. Name Services <ul><ul><li>DNS-resolved </li></ul></ul><ul><ul><ul><li>Bind.cc.nd.edu adds foyt to it’s named cache, and forwards the information about foyt.central.sun.com (from the master nameserver) on to darwin. </li></ul></ul></ul><ul><ul><ul><li>Darwin receives the address information from bind, and thanks bind. </li></ul></ul></ul><ul><ul><ul><li>Darwin adds the bind.cc.nd.edu information to it’s named cache. </li></ul></ul></ul><ul><ul><ul><li>GO TO ARP </li></ul></ul></ul>
    • 26. Name Services <ul><ul><li>host-resolved </li></ul></ul><ul><ul><ul><li>Darwin looks to see if it has the hardware address of foyt. </li></ul></ul></ul><ul><ul><ul><ul><li>If not , GO TO ARP </li></ul></ul></ul></ul><ul><ul><ul><li>ARP </li></ul></ul></ul><ul><ul><ul><ul><li>Darwin sends a hardware broadcast packet that says: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Hi, I’m Darwin, my IP address is 129.74.250.114, my MAC address is 08:00:20:00:4e:3f. Who is Foyt, and what is his MAC address? </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>If Foyt is on the same network, it replies with it’s MAC address. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Otherwise the router replies with it’s MAC address. </li></ul></ul></ul></ul></ul>
    • 27. Name Services <ul><ul><ul><li>Darwin sends an IP packet to foyt.central.sun.com at IP address 123.45.67.89 saying “Hi, I’m darwin.cc.nd.edu, I live at 129.74.250.114 and my MAC address is 08:00:20:00:4e:3f. I’d like to contact your finger server (port 79) with the information contained in the data segment of this packet” </li></ul></ul></ul><ul><ul><ul><li>Foyt.central.sun.com receives the packet, decodes the protocol information and determines that it is for the /usr/etc/in.fingerd program. </li></ul></ul></ul><ul><ul><ul><li>Foyt forwards the packet to it’s finger daemon on port 79. </li></ul></ul></ul><ul><ul><ul><li>Foyt adds the darwin machine to it’s named cache. </li></ul></ul></ul>
    • 28. Name Services <ul><ul><ul><li>The finger server on foyt looks up the information requested by the user on Darwin, and sends a packet out on the net saying “Hi there darwin.cc.nd.edu, I am foyt.central.sun.com. I live at 123.45.67.89, my MAC address is 11:22:33:44:55:66, here is the information you requested. </li></ul></ul></ul><ul><ul><ul><li>Darwin receives the information from foyt, thanks the foyt machine, and sends the data to the user’s terminal. </li></ul></ul></ul><ul><ul><ul><li>Darwin adds the Foyt machine to it’s named cache. </li></ul></ul></ul><ul><ul><li>DONE </li></ul></ul><ul><ul><ul><li>The user finds out their friend wasn’t logged in, goes home and drinks beer (or whatever users do when not logged in to a system). </li></ul></ul></ul>
    • 29. Name Services <ul><ul><li>Now it is time to look at the contents of the DNS database(s), and see what information is there, what it does, and how it is used. </li></ul></ul><ul><ul><li>Client-side database files </li></ul></ul><ul><ul><ul><li>The /etc/resolv.conf file is the simplest DNS database file. </li></ul></ul></ul><ul><ul><ul><ul><li>This file contains the IP address(es) of the nameserver(s), a search list, and the domain information for this host. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>All hosts in the domain need a copy of the /etc/resolv.conf file so their name/address resolver knows where to go for information. </li></ul></ul></ul></ul>
    • 30. Name Service <ul><li># cat /etc/resolv.conf domain cse.nd.edu ; search cse and nd </li></ul><ul><li>search cse.nd.edu. nd.edu. nameserver 129.74.250.100 nameserver 129.74.37.173 nameserver 129.74.4.18 </li></ul>
    • 31. Name Services <ul><ul><li>While the resolver only requires one file, the name server (named) requires several configuration files. </li></ul></ul><ul><ul><ul><li>named.conf - Sets general named parameters and points to locations (disk files or other servers) which we obtain our information from. </li></ul></ul></ul><ul><ul><ul><li>root.hint - Points to the root domain servers. </li></ul></ul></ul><ul><ul><ul><li>localhost.zone - Used to resolve the loopback addresses. </li></ul></ul></ul><ul><ul><ul><li>d.zonename - The zone file that maps names to IP addresses. </li></ul></ul></ul><ul><ul><ul><li>d.reverse-ip - the zone file for reverse domain lookups (IP address to hostname). </li></ul></ul></ul><ul><ul><li>We’ll start by looking at some of the keywords allowed in the named.conf file. </li></ul></ul>
    • 32. Name Services <ul><ul><ul><li>named.conf - allows several keywords: </li></ul></ul></ul><ul><ul><ul><ul><li>directory - Directory for all subsequent file references. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>primary - Declares this server as primary for this zone. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>secondary - Declares this server as secondary in zone. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>cache - Points to the cache file. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>forwarders - Lists servers to which we send requests. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>slave - Forces the server to forward all requests. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>; - Comment (note, that # works, but is not correct!) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>(data) - Allow data to span lines </li></ul></ul></ul></ul><ul><ul><ul><ul><li>@ - The current domain name </li></ul></ul></ul></ul><ul><ul><ul><ul><li>* - Wildcard (name field only) - dangerous! </li></ul></ul></ul></ul>
    • 33. Name Services <ul><li># cat /etc/named.conf </li></ul><ul><li>options { </li></ul><ul><li>version &amp;quot;Surely you must be joking!&amp;quot;; </li></ul><ul><li>listen-on { 129.74.70.77; }; </li></ul><ul><li>directory &amp;quot;.&amp;quot;; </li></ul><ul><li>statistics-file &amp;quot;named.stats&amp;quot;; </li></ul><ul><li>dump-file &amp;quot;named_dump.db&amp;quot;; // _PATH_DUMPFILE </li></ul><ul><li>pid-file &amp;quot;named.pid&amp;quot;; // _PATH_PIDFILE </li></ul><ul><li>notify yes; </li></ul><ul><li>auth-nxdomain yes; </li></ul><ul><li>interface-interval 60; // scan for new or deleted interfaces </li></ul><ul><li> allow-transfer { 129.74.250.100; 129.74.4.18; 129.74.25.98; }; </li></ul><ul><li>forwarders { 129.74.250.100; }; </li></ul><ul><li>}; </li></ul>
    • 34. Name Services <ul><li>logging { </li></ul><ul><li>category default { default_syslog; default_debug; } ; </li></ul><ul><li> channel goobers { file &amp;quot;/var/log/named.log&amp;quot; versions 5 size 32m; } ; </li></ul><ul><li>category queries { goobers; }; </li></ul><ul><li>category lame-servers { null; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &amp;quot;.&amp;quot; { </li></ul><ul><li>type hint; </li></ul><ul><li>file &amp;quot;root.hint&amp;quot;; </li></ul><ul><li>}; </li></ul>
    • 35. Name Services <ul><li>zone &amp;quot;cselab.nd.edu&amp;quot; { </li></ul><ul><li>type master; </li></ul><ul><li>file &amp;quot;d.cselab.nd.edu&amp;quot;; </li></ul><ul><li>allow-update { none; }; </li></ul><ul><li>allow-transfer { 129.74.250.100; 128.74.4.18; 129.74.25.98; }; </li></ul><ul><li>allow-query { 129.74.0.0/16; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &amp;quot;70.74.129.in-addr.arpa&amp;quot; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &amp;quot;d.70.74.129.in-addr.arpa&amp;quot;; </li></ul><ul><li>allow-transfer { 129.74.250.100; 128.74.4.18; 129.74.25.98; }; </li></ul><ul><li>allow-update { none; }; </li></ul><ul><li>allow-query { 129.74.0.0/16; }; </li></ul><ul><li>}; </li></ul>
    • 36. Name Services <ul><li>zone &amp;quot;nd.edu&amp;quot; { </li></ul><ul><li>type slave; </li></ul><ul><li>file &amp;quot;nd.edu.zone&amp;quot;; </li></ul><ul><li>masters { 129.74.250.100; 129.74.4.18; }; </li></ul><ul><li>forwarders { 129.74.250.100; 129.74.4.18; }; </li></ul><ul><li>allow-query { 129.74.0.0/16; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &amp;quot;74.129.in-addr.arpa&amp;quot; IN { </li></ul><ul><li>type slave; </li></ul><ul><li>file &amp;quot;d.74.129.in-addr.arpa&amp;quot;; </li></ul><ul><li> masters { 129.74.250.100; 129.74.4.18; }; </li></ul><ul><li>forwarders { 129.74.250.100; }; </li></ul><ul><li>allow-query { 129.74.0.0/16; }; </li></ul><ul><li>}; </li></ul>
    • 37. Name Services <ul><li>zone &amp;quot;localhost&amp;quot; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &amp;quot;localhost.zone&amp;quot;; </li></ul><ul><li> allow-update { none; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &amp;quot;0.0.127.in-addr.arpa&amp;quot; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &amp;quot;127.0.0.zone&amp;quot;; </li></ul><ul><li> allow-update { none; }; </li></ul><ul><li>}; </li></ul>
    • 38. Name Services <ul><li>The named.conf file defines the zones and files to use. </li></ul><ul><li>The files referenced in the named.conf file contain resource records that govern the information provided by the name service. </li></ul>
    • 39. Name Services <ul><ul><li>The format of a DNS resource record is: </li></ul></ul><ul><ul><ul><li>[name] [ttl] [class] type data </li></ul></ul></ul><ul><ul><ul><ul><li>name - is the name of the domain object this record refers to. This can be a hostname, or an entire domain. Name is relative to the current domain unless it ends in a “ . ” (dot). If the name is blank, this record applies to the domain object from the last name command. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ttl - Time-to-live defines the length of time (in seconds) that the resource record should be kept in cache. Usually blank so the default (in an SOA record) is used. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>class - defines this to be an Internet DNS record. Other record types are possible but not used by DNS. </li></ul></ul></ul></ul>
    • 40. Name Services <ul><ul><ul><li>type - identifies what type of record this is: </li></ul></ul></ul><ul><ul><ul><ul><li>SOA - Start Of Authority - Marks the beginning of a zone’s data and defines global (zone) parameters. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>NS - Name Server - Identifies a domain’s name server. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>A - Address - Converts a hostname to an IP address. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>PTR - Pointer - Converts an IP address to a hostname. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>MX - Mail eXchange - Identifies where to deliver mail for a given domain name. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>CNAME - Canonical Name - Defines an alias host name. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>HINFO - Host Information - Describes host hardware/OS. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>WKS - Well Known Services - advertises network services. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>RP - Responsible Person - who is in charge of this server. </li></ul></ul></ul></ul><ul><ul><ul><li>data - the data specific to this record (IP address for a host). </li></ul></ul></ul>
    • 41. Name Services <ul><li>The database files are </li></ul><ul><ul><li>root.hint – used to locate the root name servers. </li></ul></ul><ul><ul><li>d.zonename – used to define the forward lookup records for the zone. </li></ul></ul><ul><ul><li>d-reverse-ip – used to define the reverse lookup records for the zone. </li></ul></ul>
    • 42. <ul><li>; Root.hint Data file for initial cache data for root domain servers. </li></ul><ul><li>. 6D IN NS G.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS J.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS K.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS L.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS M.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS A.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS H.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS B.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS C.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS D.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS E.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS I.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS F.ROOT-SERVERS.NET. </li></ul><ul><li>G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 </li></ul><ul><li>J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10 </li></ul><ul><li>K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129 </li></ul><ul><li>L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12 </li></ul><ul><li>M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33 </li></ul><ul><li>A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 </li></ul><ul><li>H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 </li></ul><ul><li>B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 </li></ul><ul><li>C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 </li></ul><ul><li>D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90 </li></ul><ul><li>E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 </li></ul><ul><li>I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 </li></ul><ul><li>F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 </li></ul>
    • 43. Name Services <ul><li>Localhost zone files </li></ul><ul><li># cat localhost.zone </li></ul><ul><li>; Forward lookup for 127.0.0. zone </li></ul><ul><li>$ORIGIN localhost. </li></ul><ul><li>@ 1D IN SOA @ root ( </li></ul><ul><li>42 ; serial (d. adams) </li></ul><ul><li>3H ; refresh </li></ul><ul><li>15M ; retry </li></ul><ul><li>1W ; expiry </li></ul><ul><li>1D ) ; minimum </li></ul><ul><li>1D IN NS @ </li></ul><ul><li>1D IN A 127.0.0.1 </li></ul>
    • 44. Name Services <ul><li>Localhost zone files </li></ul><ul><li># cat 127.0.0.zone </li></ul><ul><li>; Reverse information file for 127.0.0 zone </li></ul><ul><li>$ORIGIN 0.0.127.in-addr.arpa. </li></ul><ul><li>@ 1D IN SOA localhost. root.localhost. ( </li></ul><ul><li>42 ; serial (d. adams) </li></ul><ul><li>3H ; refresh </li></ul><ul><li>15M ; retry </li></ul><ul><li>1W ; expiry </li></ul><ul><li>1D ) ; minimum </li></ul><ul><li>1D IN NS localhost. </li></ul><ul><li>1 1D IN PTR localhost. </li></ul>
    • 45. <ul><li># more d.cselab.nd.edu </li></ul><ul><li>$ORIGIN nd.edu. </li></ul><ul><li>; Lab Start of Authority Record </li></ul><ul><li>cselab 86400 IN SOA music.cselab.nd.edu. root.music.cselab.nd.edu. ( </li></ul><ul><li>261 86400 21600 604800 86400 ) </li></ul><ul><li>86400 IN NS music.cselab.nd.edu. </li></ul><ul><li>music.cselab 86400 IN A 129.74.70.77 </li></ul><ul><li>; Now define the lab hosts </li></ul><ul><li>$ORIGIN cselab.nd.edu. </li></ul><ul><li>localhost 86400 IN A 127.0.0.1 </li></ul><ul><li>loghost 86400 IN A 127.0.0.1 </li></ul><ul><li>stu-gw 86400 IN A 129.74.46.33 </li></ul><ul><li>86400 IN HINFO &amp;quot;Cisco 4500&amp;quot; &amp;quot;IOS&amp;quot; </li></ul><ul><li>stu-switch 86400 IN A 129.74.46.34 </li></ul><ul><li>86400 IN HINFO &amp;quot;Cisco 4500&amp;quot; &amp;quot;IOS&amp;quot; </li></ul><ul><li>dilbert 86400 IN A 129.74.46.35 </li></ul><ul><li>86400 IN HINFO &amp;quot;Generic PC&amp;quot; &amp;quot;Linux/BSD&amp;quot; </li></ul>
    • 46. <ul><li># cat d.70.74.129.in-addr.arpa </li></ul><ul><li>$ORIGIN 74.129.in-addr.arpa. </li></ul><ul><li>70 86400 IN SOA bind.nd.edu. root.music.cselab.nd.edu. ( </li></ul><ul><li>241 86400 21600 604800 86400 ) </li></ul><ul><li>86400 IN NS bind.nd.edu. </li></ul><ul><li>$ORIGIN 70.74.129.in-addr.arpa. </li></ul><ul><li>66 86400 IN PTR cselab-gw.cselab.nd.edu. </li></ul><ul><li>67 86400 IN PTR noise.cselab.nd.edu. </li></ul><ul><li>69 86400 IN PTR acapella.cselab.nd.edu. </li></ul><ul><li>70 86400 IN PTR latin.cselab.nd.edu. </li></ul><ul><li>71 86400 IN PTR swing.cselab.nd.edu. </li></ul><ul><li>72 86400 IN PTR spiritual.cselab.nd.edu. </li></ul><ul><li>73 86400 IN PTR march.cselab.nd.edu. </li></ul><ul><li>74 86400 IN PTR country.cselab.nd.edu. </li></ul><ul><li>75 86400 IN PTR salsa.cselab.nd.edu. </li></ul><ul><li>76 86400 IN PTR blues.cselab.nd.edu. </li></ul><ul><li>77 86400 IN PTR music.cselab.nd.edu. </li></ul><ul><li>78 86400 IN PTR pop.cselab.nd.edu. </li></ul>
    • 47. Name Services <ul><ul><li>Once all of the databases are set up you need to start the named daemon. </li></ul></ul><ul><ul><ul><li>The startup is usually handled by the /etc/rc* files. </li></ul></ul></ul><ul><ul><ul><li>To manually start the named process, login as root, and type: </li></ul></ul></ul><ul><ul><ul><ul><li># /path/to/ named </li></ul></ul></ul></ul><ul><ul><li>After named is started, it is a good idea to query the DNS database to see how things look. </li></ul></ul><ul><ul><ul><li>There are two common commands used to query the database: nslookup , and dig . </li></ul></ul></ul>
    • 48. Name Services <ul><ul><li>Query the database </li></ul></ul><ul><ul><ul><li>nslookup is a standard part of BIND. It allows you to query the BIND database files to determine information about a host. </li></ul></ul></ul><ul><ul><ul><li>nslookup allows interactive, or command line queries. </li></ul></ul></ul><ul><ul><ul><li>In the simple form, the syntax is nslookup hostname </li></ul></ul></ul><ul><ul><ul><li>grumpy% nslookup wizard </li></ul></ul></ul><ul><ul><ul><li>Server: bind.nd.edu </li></ul></ul></ul><ul><ul><ul><li>Address: 129.74.250.100 </li></ul></ul></ul><ul><ul><ul><li>  </li></ul></ul></ul><ul><ul><ul><li>Name: wizard.cse.nd.edu </li></ul></ul></ul><ul><ul><ul><li>Address: 129.74.25.101 </li></ul></ul></ul>
    • 49. Name Services
    • 50. Name Services
    • 51. Name Services
    • 52. Name Services <ul><li>Querying the DNS database </li></ul><ul><ul><li>We have dig online (in the lab), in /usr/site/bin/dig. </li></ul></ul><ul><ul><ul><li>The user interface for dig is nicer than the nslookup command. </li></ul></ul></ul><ul><ul><ul><li>dig is generally easier to use than nslookup. </li></ul></ul></ul><ul><ul><ul><li>Nslookup will go away soon, replaced by dig </li></ul></ul></ul>
    • 53. Network Configuration <ul><li>Common problem: </li></ul><ul><ul><li>You can ping/telnet/... a host by address, but not by hostname. </li></ul></ul><ul><ul><ul><li>This tells you that some things are right, and something is wrong: </li></ul></ul></ul><ul><ul><ul><ul><li>Right: The network card is operable, and the wiring is all correct. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Wrong: The name service software is not properly configured. </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>By using the IP address of the remote host, you bypass the name service. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>When you use the hostname of the remote host, the name service software needs to resolve the IP address. This step is failing... </li></ul></ul></ul></ul></ul>
    • 54. Name Services <ul><li>It is possible, and even common to use multiple name services concurrently. </li></ul><ul><ul><li>This configuration is controlled via the nsswitch.conf file. </li></ul></ul>
    • 55. <ul><li># cat /etc/nsswitch.conf </li></ul><ul><li>passwd: files </li></ul><ul><li>group: files </li></ul><ul><li>hosts: files dns </li></ul><ul><li>ipnodes: files </li></ul><ul><li>networks: files </li></ul><ul><li>protocols: files </li></ul><ul><li>rpc: files </li></ul><ul><li>ethers: files </li></ul><ul><li>netmasks: files </li></ul><ul><li>bootparams: files </li></ul><ul><li>publickey: files </li></ul><ul><li>netgroup: files </li></ul><ul><li>automount: files </li></ul><ul><li>aliases: files </li></ul><ul><li>services: files </li></ul><ul><li>sendmailvars: files </li></ul><ul><li>printers: user files </li></ul><ul><li>auth_attr: files </li></ul><ul><li>prof_attr: files </li></ul><ul><li>project: files </li></ul>
    • 56. Summary <ul><li>Name Services are an essential component of the network. </li></ul><ul><li>Local name services provide the capability of distributing several types of information. </li></ul><ul><ul><li>Many of these pieces of information should not be distributed globally. </li></ul></ul><ul><li>Global name services (DNS) are required for sites on the Internet. </li></ul><ul><li>Management and security of DNS is a time consuming task. </li></ul>

    ×