Ch20 system administration


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Can have one master NIS, or multiple NIS masters. Discuss the good/bad points of each.
  • Ch20 system administration

    1. 1. Name Services Chapter 20
    2. 2. Chapter Goals <ul><li>Understand Local vs. global name services. </li></ul><ul><li>Understand basic use of NIS. </li></ul><ul><li>Understand how DNS works. </li></ul><ul><li>Understand DNS configuration files. </li></ul><ul><li>Understand how to make multiple name services work together. </li></ul>
    3. 3. Network Configuration <ul><li>Review </li></ul><ul><ul><li>In order to install a network connection on a UNIX box, you have to do the following: </li></ul></ul><ul><ul><ul><li>Set up the nameservice files: </li></ul></ul></ul><ul><ul><ul><ul><li>/etc/nsswitch.conf </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>set the hosts entry to use the appropriate name service (this step to be discussed later) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>If you are using NIS, you have to set up files in /var/yp. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>/etc/resolv.conf </li></ul></ul></ul></ul><ul><ul><ul><ul><li>nameserver </li></ul></ul></ul></ul><ul><ul><ul><ul><li>domain </li></ul></ul></ul></ul><ul><ul><ul><ul><li>search </li></ul></ul></ul></ul>
    4. 4. Name Service <ul><li>There are several name services available. </li></ul><ul><ul><li>For UNIX, the most common are: </li></ul></ul><ul><ul><ul><li>Network Information Services (NIS)(NIS+) </li></ul></ul></ul><ul><ul><ul><li>/etc/hosts file (static mappings) </li></ul></ul></ul><ul><ul><ul><li>Network Information Service (Federated Name Services - FNS) </li></ul></ul></ul><ul><ul><ul><li>Domain Name Service </li></ul></ul></ul><ul><ul><li>For WINDOWS, the most common are: </li></ul></ul><ul><ul><ul><li>lmhosts file </li></ul></ul></ul><ul><ul><ul><li>Wins </li></ul></ul></ul><ul><ul><ul><li>DNS </li></ul></ul></ul>
    5. 5. Name Services <ul><li>The Network Information Service ( NIS ) (and it’s successor NIS+ ) are local information servers. </li></ul><ul><ul><li>NIS/NIS+ provides hostname to IP address lookups, password lookups, and other local information lookups. </li></ul></ul><ul><ul><li>NIS/NIS+ are not global services. </li></ul></ul><ul><ul><ul><li>It does not make sense to make some of the NIS services global (passwords, email aliases, ...). </li></ul></ul></ul><ul><ul><ul><li>Must run DNS for Internet name lookups. </li></ul></ul></ul>
    6. 6. Name Services <ul><ul><li>NIS/NIS+ Strong Points: </li></ul></ul><ul><ul><ul><li>Centralized Administration (all local information in one database). </li></ul></ul></ul><ul><ul><ul><li>Several versions of Unix include NIS/NIS+ </li></ul></ul></ul><ul><ul><ul><ul><li>Integral part of Solaris. </li></ul></ul></ul></ul><ul><ul><ul><li>Easy to understand file formats </li></ul></ul></ul><ul><ul><ul><li>Configurable </li></ul></ul></ul><ul><ul><li>NIS Shortcomings: </li></ul></ul><ul><ul><ul><li>The database does not scale well. </li></ul></ul></ul><ul><ul><ul><li>NIS requires/facilitates centralized administration. </li></ul></ul></ul><ul><ul><ul><li>NIS/NIS+ are not available on all platforms. </li></ul></ul></ul><ul><ul><ul><li>NIS/NIS+ open the site up to security problems. </li></ul></ul></ul>
    7. 7. Name Services <ul><li>NIS allows the site to split the namespace into organizational unit service “domains” </li></ul><ul><li>NIS allows for multiple servers </li></ul><ul><ul><li>Master server – authoratative for a domain </li></ul></ul><ul><ul><li>Slave server – a backup server for a domain </li></ul></ul><ul><ul><li>Each sub-domain may have master and slave servers which are authoritative for their own sub-domains. </li></ul></ul>
    8. 9. NIS Summary <ul><li>NIS is a LOCAL name service. </li></ul><ul><ul><li>You must still run DNS to be on the Internet! </li></ul></ul><ul><ul><ul><li>Alternate: You can have your ISP run DNS for you. </li></ul></ul></ul><ul><li>NIS is not secure (No Information Security) </li></ul>
    9. 10. Name Services <ul><li>DNS is a distributed database which holds information about hosts IP addresses, mail routing information, and hostnames. </li></ul><ul><ul><li>DNS is typically implemented via the Berkeley Internet Name Domain system (bind). </li></ul></ul><ul><ul><ul><li>Other name service packages are available: Cisco Network Registrar is one example. </li></ul></ul></ul><ul><ul><li>DNS uses a hierarchical tree of name servers to minimize impact on any one nameserver. </li></ul></ul><ul><ul><ul><li>At the top of the hierarchy is the root domain. </li></ul></ul></ul><ul><ul><ul><li>The root domain has no name server. </li></ul></ul></ul>
    10. 11. Name Services <ul><li>DNS specifications set aside certain top-level domain names. </li></ul><ul><ul><li>These domains reside under the root domain. </li></ul></ul><ul><ul><li>Each of these top level domains has one (or more) master name servers. </li></ul></ul><ul><ul><ul><li>Unfortunately, these are referred to as the root name servers. </li></ul></ul></ul><ul><ul><li>These top-level domains are different in the US than in other countries. </li></ul></ul>
    11. 12. Name Services <ul><li>In the US, the top level domains are: </li></ul><ul><ul><ul><li>.com - commercial companies </li></ul></ul></ul><ul><ul><ul><li>.edu - educational institutions </li></ul></ul></ul><ul><ul><ul><li>.gov - government agencies </li></ul></ul></ul><ul><ul><ul><li>.mil - military agencies </li></ul></ul></ul><ul><ul><ul><li>.net - network providers </li></ul></ul></ul><ul><ul><ul><li>.org - non-profit organizations </li></ul></ul></ul><ul><ul><ul><li>.int - international organizations </li></ul></ul></ul><ul><ul><ul><li>.arpa - a dead elephant (historical) </li></ul></ul></ul><ul><ul><li>Each of these domains has (at least) one authoritative name server. </li></ul></ul>
    12. 13. Name Services <ul><li>In other countries, the ISO country codes are used as top level domain names: </li></ul><ul><ul><ul><li>au - Australia </li></ul></ul></ul><ul><ul><ul><li>ca - Canada </li></ul></ul></ul><ul><ul><ul><li>dk - Denmark </li></ul></ul></ul><ul><ul><ul><li>fi - Finland </li></ul></ul></ul><ul><ul><ul><li>fr - France </li></ul></ul></ul><ul><ul><ul><li>jp - Japan </li></ul></ul></ul><ul><ul><ul><li>se - Sweden </li></ul></ul></ul><ul><ul><ul><li>hk - Hong Kong </li></ul></ul></ul><ul><ul><ul><li>ch - Switzerland </li></ul></ul></ul>
    13. 14. Name Services <ul><ul><li>Within each top-level domain there are several second level domains. </li></ul></ul><ul><ul><ul><li>Each second level domain can have an authoritative name server. </li></ul></ul></ul><ul><ul><ul><li> is a second level domain. </li></ul></ul></ul><ul><ul><ul><li> is the name server for the domain. </li></ul></ul></ul>
    14. 15. Name Services <ul><ul><li>Under each second level domain you might find many subdomains. </li></ul></ul><ul><ul><ul><li>,, and are all subdomains of </li></ul></ul></ul><ul><ul><ul><li>These domains may or may not have their own nameservers. </li></ul></ul></ul><ul><ul><ul><ul><li>If not, they rely upon the second level server for address resolution. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If so, they generally rely upon the higher level name servers for information on hosts outside of the subdomain. </li></ul></ul></ul></ul><ul><ul><ul><ul><li> ( is our lab nameserver. The cselab domain is a 3 rd level domain. </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Music refers requests to for hosts outside of the lab domain. </li></ul></ul></ul></ul></ul>
    15. 17. Name Services <ul><ul><li>There are three components to the name service system: </li></ul></ul><ul><ul><ul><li>A daemon ( named ) that answers queries </li></ul></ul></ul><ul><ul><ul><li>Library routines that programs call in order to contact the server when they need to resolve hostnames/addresses. </li></ul></ul></ul><ul><ul><ul><li>Command line interfaces to the DNS database ( nslookup, dig, host ) </li></ul></ul></ul><ul><ul><li>Named is the process that answers queries about hostnames and IP addresses. </li></ul></ul><ul><ul><ul><li>If named knows the answer, it replies. </li></ul></ul></ul><ul><ul><ul><li>If not, it queries a nameserver at a higher level to get the information required </li></ul></ul></ul><ul><ul><ul><li>named is also responsible for transferring the database from high level servers to the lower level servers ( zone transfers ). </li></ul></ul></ul>
    16. 18. Name Services <ul><ul><li>Named operates in one of three modes: </li></ul></ul><ul><ul><ul><li>master - one per domain - keeps the master copy of the DNS database for this domain. </li></ul></ul></ul><ul><ul><ul><li>slave - copies it’s data from the primary server via a zone transfer. Multiple secondary servers allowed within a domain. </li></ul></ul></ul><ul><ul><ul><li>caching - loads a few important addresses into it’s database, and gathers information on other hosts through normal operation. </li></ul></ul></ul>
    17. 19. Name Services <ul><ul><li>Nameservers come in two flavors: </li></ul></ul><ul><ul><ul><li>recursive nameservers - stick with a query until they get a resolution for the client machine. </li></ul></ul></ul><ul><ul><ul><ul><li>The cache management becomes very resource intensive. </li></ul></ul></ul></ul><ul><ul><ul><li>non-recursive - are lazy. </li></ul></ul></ul><ul><ul><ul><ul><li>If they don’t know the answer, they return a “go ask him” response to the client. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Their cache of information is not very resource intensive. </li></ul></ul></ul></ul><ul><ul><ul><li>Low level servers are usually recursive, while higher level servers are usually non-recursive. </li></ul></ul></ul>
    18. 21. Name Services <ul><ul><li>START </li></ul></ul><ul><ul><ul><li>A user on a system called wants to finger a user on a system called </li></ul></ul></ul><ul><ul><ul><li>Darwin looks in the /etc/hosts file to see if it knows who is and how to get there. </li></ul></ul></ul><ul><ul><ul><ul><li>If we find an entry in the hosts file, skip to host-resolved. </li></ul></ul></ul></ul><ul><ul><ul><li>If darwin does not find in it’s hosts file, it checks /etc/resolv.conf, finds the name of it’s nameserver. </li></ul></ul></ul><ul><ul><ul><li>Darwin creates a DNS query packet, and sends it to the nameserver. </li></ul></ul></ul><ul><ul><ul><li>The nameserver receives the DNS query packet and examines it: </li></ul></ul></ul><ul><ul><ul><ul><li>“ Hi, I’m darwin, I live at, my MAC address is 08:00:20:00:4e:3f. Who is and how do I get there?” </li></ul></ul></ul></ul>
    19. 22. Name Services <ul><ul><ul><li>The nameserver ( looks in its database to see if it knows who is and how to get there. </li></ul></ul></ul><ul><ul><ul><ul><li>If the nameserver has an entry for the machine skip to DNS-resolved . </li></ul></ul></ul></ul><ul><ul><ul><li>If the nameserver does not have an address for the foyt machine, it sends out an DNS request to it’s master nameserver (.edu) saying “Hi, I’m, I live at, my MAC address is 08:00:20:ff:ee:dd. Who is and how do I get there?” </li></ul></ul></ul><ul><ul><ul><ul><li>This starts an iterative process of nameservice lookups... </li></ul></ul></ul></ul>
    20. 23. Name Services <ul><ul><ul><li>The master .edu nameserver is lazy (non-recursive). It tells bind to go ask the nameserver for .com. The reply packet tells bind the address of a .com name server. </li></ul></ul></ul><ul><ul><ul><li>The master .com nameserver is lazy (non-recursive). It tells bind to go ask the nameserver at The reply packet dives bind the address of the name server. </li></ul></ul></ul><ul><ul><ul><li>Bind queries the nameserver. </li></ul></ul></ul><ul><ul><ul><ul><li>If is recursive, it will go ask </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If is non-recursive, it will tell bind to ask </li></ul></ul></ul></ul><ul><ul><ul><li>If no nameserver knows who is, then the user gets the always helpful “host unknown” message on their console. Skip to DONE. </li></ul></ul></ul>
    21. 24. Name Services <ul><ul><ul><li>If a nameserver finds the machine in it’s database, then it will reply back through the chain that “ is at”. </li></ul></ul></ul><ul><ul><ul><li>Some of the name server(s) which are contacted add, and to their named cache. </li></ul></ul></ul>
    22. 25. Name Services <ul><ul><li>DNS-resolved </li></ul></ul><ul><ul><ul><li> adds foyt to it’s named cache, and forwards the information about (from the master nameserver) on to darwin. </li></ul></ul></ul><ul><ul><ul><li>Darwin receives the address information from bind, and thanks bind. </li></ul></ul></ul><ul><ul><ul><li>Darwin adds the information to it’s named cache. </li></ul></ul></ul><ul><ul><ul><li>GO TO ARP </li></ul></ul></ul>
    23. 26. Name Services <ul><ul><li>host-resolved </li></ul></ul><ul><ul><ul><li>Darwin looks to see if it has the hardware address of foyt. </li></ul></ul></ul><ul><ul><ul><ul><li>If not , GO TO ARP </li></ul></ul></ul></ul><ul><ul><ul><li>ARP </li></ul></ul></ul><ul><ul><ul><ul><li>Darwin sends a hardware broadcast packet that says: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Hi, I’m Darwin, my IP address is, my MAC address is 08:00:20:00:4e:3f. Who is Foyt, and what is his MAC address? </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>If Foyt is on the same network, it replies with it’s MAC address. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Otherwise the router replies with it’s MAC address. </li></ul></ul></ul></ul></ul>
    24. 27. Name Services <ul><ul><ul><li>Darwin sends an IP packet to at IP address saying “Hi, I’m, I live at and my MAC address is 08:00:20:00:4e:3f. I’d like to contact your finger server (port 79) with the information contained in the data segment of this packet” </li></ul></ul></ul><ul><ul><ul><li> receives the packet, decodes the protocol information and determines that it is for the /usr/etc/in.fingerd program. </li></ul></ul></ul><ul><ul><ul><li>Foyt forwards the packet to it’s finger daemon on port 79. </li></ul></ul></ul><ul><ul><ul><li>Foyt adds the darwin machine to it’s named cache. </li></ul></ul></ul>
    25. 28. Name Services <ul><ul><ul><li>The finger server on foyt looks up the information requested by the user on Darwin, and sends a packet out on the net saying “Hi there, I am I live at, my MAC address is 11:22:33:44:55:66, here is the information you requested. </li></ul></ul></ul><ul><ul><ul><li>Darwin receives the information from foyt, thanks the foyt machine, and sends the data to the user’s terminal. </li></ul></ul></ul><ul><ul><ul><li>Darwin adds the Foyt machine to it’s named cache. </li></ul></ul></ul><ul><ul><li>DONE </li></ul></ul><ul><ul><ul><li>The user finds out their friend wasn’t logged in, goes home and drinks beer (or whatever users do when not logged in to a system). </li></ul></ul></ul>
    26. 29. Name Services <ul><ul><li>Now it is time to look at the contents of the DNS database(s), and see what information is there, what it does, and how it is used. </li></ul></ul><ul><ul><li>Client-side database files </li></ul></ul><ul><ul><ul><li>The /etc/resolv.conf file is the simplest DNS database file. </li></ul></ul></ul><ul><ul><ul><ul><li>This file contains the IP address(es) of the nameserver(s), a search list, and the domain information for this host. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>All hosts in the domain need a copy of the /etc/resolv.conf file so their name/address resolver knows where to go for information. </li></ul></ul></ul></ul>
    27. 30. Name Service <ul><li># cat /etc/resolv.conf domain ; search cse and nd </li></ul><ul><li>search nameserver nameserver nameserver </li></ul>
    28. 31. Name Services <ul><ul><li>While the resolver only requires one file, the name server (named) requires several configuration files. </li></ul></ul><ul><ul><ul><li>named.conf - Sets general named parameters and points to locations (disk files or other servers) which we obtain our information from. </li></ul></ul></ul><ul><ul><ul><li>root.hint - Points to the root domain servers. </li></ul></ul></ul><ul><ul><ul><li> - Used to resolve the loopback addresses. </li></ul></ul></ul><ul><ul><ul><li>d.zonename - The zone file that maps names to IP addresses. </li></ul></ul></ul><ul><ul><ul><li>d.reverse-ip - the zone file for reverse domain lookups (IP address to hostname). </li></ul></ul></ul><ul><ul><li>We’ll start by looking at some of the keywords allowed in the named.conf file. </li></ul></ul>
    29. 32. Name Services <ul><ul><ul><li>named.conf - allows several keywords: </li></ul></ul></ul><ul><ul><ul><ul><li>directory - Directory for all subsequent file references. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>primary - Declares this server as primary for this zone. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>secondary - Declares this server as secondary in zone. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>cache - Points to the cache file. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>forwarders - Lists servers to which we send requests. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>slave - Forces the server to forward all requests. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>; - Comment (note, that # works, but is not correct!) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>(data) - Allow data to span lines </li></ul></ul></ul></ul><ul><ul><ul><ul><li>@ - The current domain name </li></ul></ul></ul></ul><ul><ul><ul><ul><li>* - Wildcard (name field only) - dangerous! </li></ul></ul></ul></ul>
    30. 33. Name Services <ul><li># cat /etc/named.conf </li></ul><ul><li>options { </li></ul><ul><li>version &quot;Surely you must be joking!&quot;; </li></ul><ul><li>listen-on {; }; </li></ul><ul><li>directory &quot;.&quot;; </li></ul><ul><li>statistics-file &quot;named.stats&quot;; </li></ul><ul><li>dump-file &quot;named_dump.db&quot;; // _PATH_DUMPFILE </li></ul><ul><li>pid-file &quot;;; // _PATH_PIDFILE </li></ul><ul><li>notify yes; </li></ul><ul><li>auth-nxdomain yes; </li></ul><ul><li>interface-interval 60; // scan for new or deleted interfaces </li></ul><ul><li> allow-transfer {;;; }; </li></ul><ul><li>forwarders {; }; </li></ul><ul><li>}; </li></ul>
    31. 34. Name Services <ul><li>logging { </li></ul><ul><li>category default { default_syslog; default_debug; } ; </li></ul><ul><li> channel goobers { file &quot;/var/log/named.log&quot; versions 5 size 32m; } ; </li></ul><ul><li>category queries { goobers; }; </li></ul><ul><li>category lame-servers { null; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;.&quot; { </li></ul><ul><li>type hint; </li></ul><ul><li>file &quot;root.hint&quot;; </li></ul><ul><li>}; </li></ul>
    32. 35. Name Services <ul><li>zone &quot;; { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;;; </li></ul><ul><li>allow-update { none; }; </li></ul><ul><li>allow-transfer {;;; }; </li></ul><ul><li>allow-query {; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;;; </li></ul><ul><li>allow-transfer {;;; }; </li></ul><ul><li>allow-update { none; }; </li></ul><ul><li>allow-query {; }; </li></ul><ul><li>}; </li></ul>
    33. 36. Name Services <ul><li>zone &quot;; { </li></ul><ul><li>type slave; </li></ul><ul><li>file &quot;;; </li></ul><ul><li>masters {;; }; </li></ul><ul><li>forwarders {;; }; </li></ul><ul><li>allow-query {; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;; IN { </li></ul><ul><li>type slave; </li></ul><ul><li>file &quot;;; </li></ul><ul><li> masters {;; }; </li></ul><ul><li>forwarders {; }; </li></ul><ul><li>allow-query {; }; </li></ul><ul><li>}; </li></ul>
    34. 37. Name Services <ul><li>zone &quot;localhost&quot; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;;; </li></ul><ul><li> allow-update { none; }; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;; IN { </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;;; </li></ul><ul><li> allow-update { none; }; </li></ul><ul><li>}; </li></ul>
    35. 38. Name Services <ul><li>The named.conf file defines the zones and files to use. </li></ul><ul><li>The files referenced in the named.conf file contain resource records that govern the information provided by the name service. </li></ul>
    36. 39. Name Services <ul><ul><li>The format of a DNS resource record is: </li></ul></ul><ul><ul><ul><li>[name] [ttl] [class] type data </li></ul></ul></ul><ul><ul><ul><ul><li>name - is the name of the domain object this record refers to. This can be a hostname, or an entire domain. Name is relative to the current domain unless it ends in a “ . ” (dot). If the name is blank, this record applies to the domain object from the last name command. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ttl - Time-to-live defines the length of time (in seconds) that the resource record should be kept in cache. Usually blank so the default (in an SOA record) is used. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>class - defines this to be an Internet DNS record. Other record types are possible but not used by DNS. </li></ul></ul></ul></ul>
    37. 40. Name Services <ul><ul><ul><li>type - identifies what type of record this is: </li></ul></ul></ul><ul><ul><ul><ul><li>SOA - Start Of Authority - Marks the beginning of a zone’s data and defines global (zone) parameters. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>NS - Name Server - Identifies a domain’s name server. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>A - Address - Converts a hostname to an IP address. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>PTR - Pointer - Converts an IP address to a hostname. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>MX - Mail eXchange - Identifies where to deliver mail for a given domain name. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>CNAME - Canonical Name - Defines an alias host name. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>HINFO - Host Information - Describes host hardware/OS. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>WKS - Well Known Services - advertises network services. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>RP - Responsible Person - who is in charge of this server. </li></ul></ul></ul></ul><ul><ul><ul><li>data - the data specific to this record (IP address for a host). </li></ul></ul></ul>
    38. 41. Name Services <ul><li>The database files are </li></ul><ul><ul><li>root.hint – used to locate the root name servers. </li></ul></ul><ul><ul><li>d.zonename – used to define the forward lookup records for the zone. </li></ul></ul><ul><ul><li>d-reverse-ip – used to define the reverse lookup records for the zone. </li></ul></ul>
    39. 42. <ul><li>; Root.hint Data file for initial cache data for root domain servers. </li></ul><ul><li>. 6D IN NS G.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS J.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS K.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS L.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS M.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS A.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS H.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS B.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS C.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS D.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS E.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS I.ROOT-SERVERS.NET. </li></ul><ul><li>. 6D IN NS F.ROOT-SERVERS.NET. </li></ul><ul><li>G.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>J.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>K.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>L.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>M.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>A.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>H.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>B.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>C.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>D.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>E.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>I.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul><ul><li>F.ROOT-SERVERS.NET. 5w6d16h IN A </li></ul>
    40. 43. Name Services <ul><li>Localhost zone files </li></ul><ul><li># cat </li></ul><ul><li>; Forward lookup for 127.0.0. zone </li></ul><ul><li>$ORIGIN localhost. </li></ul><ul><li>@ 1D IN SOA @ root ( </li></ul><ul><li>42 ; serial (d. adams) </li></ul><ul><li>3H ; refresh </li></ul><ul><li>15M ; retry </li></ul><ul><li>1W ; expiry </li></ul><ul><li>1D ) ; minimum </li></ul><ul><li>1D IN NS @ </li></ul><ul><li>1D IN A </li></ul>
    41. 44. Name Services <ul><li>Localhost zone files </li></ul><ul><li># cat </li></ul><ul><li>; Reverse information file for 127.0.0 zone </li></ul><ul><li>$ORIGIN </li></ul><ul><li>@ 1D IN SOA localhost. root.localhost. ( </li></ul><ul><li>42 ; serial (d. adams) </li></ul><ul><li>3H ; refresh </li></ul><ul><li>15M ; retry </li></ul><ul><li>1W ; expiry </li></ul><ul><li>1D ) ; minimum </li></ul><ul><li>1D IN NS localhost. </li></ul><ul><li>1 1D IN PTR localhost. </li></ul>
    42. 45. <ul><li># more </li></ul><ul><li>$ORIGIN </li></ul><ul><li>; Lab Start of Authority Record </li></ul><ul><li>cselab 86400 IN SOA ( </li></ul><ul><li>261 86400 21600 604800 86400 ) </li></ul><ul><li>86400 IN NS </li></ul><ul><li>music.cselab 86400 IN A </li></ul><ul><li>; Now define the lab hosts </li></ul><ul><li>$ORIGIN </li></ul><ul><li>localhost 86400 IN A </li></ul><ul><li>loghost 86400 IN A </li></ul><ul><li>stu-gw 86400 IN A </li></ul><ul><li>86400 IN HINFO &quot;Cisco 4500&quot; &quot;IOS&quot; </li></ul><ul><li>stu-switch 86400 IN A </li></ul><ul><li>86400 IN HINFO &quot;Cisco 4500&quot; &quot;IOS&quot; </li></ul><ul><li>dilbert 86400 IN A </li></ul><ul><li>86400 IN HINFO &quot;Generic PC&quot; &quot;Linux/BSD&quot; </li></ul>
    43. 46. <ul><li># cat </li></ul><ul><li>$ORIGIN </li></ul><ul><li>70 86400 IN SOA ( </li></ul><ul><li>241 86400 21600 604800 86400 ) </li></ul><ul><li>86400 IN NS </li></ul><ul><li>$ORIGIN </li></ul><ul><li>66 86400 IN PTR </li></ul><ul><li>67 86400 IN PTR </li></ul><ul><li>69 86400 IN PTR </li></ul><ul><li>70 86400 IN PTR </li></ul><ul><li>71 86400 IN PTR </li></ul><ul><li>72 86400 IN PTR </li></ul><ul><li>73 86400 IN PTR </li></ul><ul><li>74 86400 IN PTR </li></ul><ul><li>75 86400 IN PTR </li></ul><ul><li>76 86400 IN PTR </li></ul><ul><li>77 86400 IN PTR </li></ul><ul><li>78 86400 IN PTR </li></ul>
    44. 47. Name Services <ul><ul><li>Once all of the databases are set up you need to start the named daemon. </li></ul></ul><ul><ul><ul><li>The startup is usually handled by the /etc/rc* files. </li></ul></ul></ul><ul><ul><ul><li>To manually start the named process, login as root, and type: </li></ul></ul></ul><ul><ul><ul><ul><li># /path/to/ named </li></ul></ul></ul></ul><ul><ul><li>After named is started, it is a good idea to query the DNS database to see how things look. </li></ul></ul><ul><ul><ul><li>There are two common commands used to query the database: nslookup , and dig . </li></ul></ul></ul>
    45. 48. Name Services <ul><ul><li>Query the database </li></ul></ul><ul><ul><ul><li>nslookup is a standard part of BIND. It allows you to query the BIND database files to determine information about a host. </li></ul></ul></ul><ul><ul><ul><li>nslookup allows interactive, or command line queries. </li></ul></ul></ul><ul><ul><ul><li>In the simple form, the syntax is nslookup hostname </li></ul></ul></ul><ul><ul><ul><li>grumpy% nslookup wizard </li></ul></ul></ul><ul><ul><ul><li>Server: </li></ul></ul></ul><ul><ul><ul><li>Address: </li></ul></ul></ul><ul><ul><ul><li>  </li></ul></ul></ul><ul><ul><ul><li>Name: </li></ul></ul></ul><ul><ul><ul><li>Address: </li></ul></ul></ul>
    46. 49. Name Services
    47. 50. Name Services
    48. 51. Name Services
    49. 52. Name Services <ul><li>Querying the DNS database </li></ul><ul><ul><li>We have dig online (in the lab), in /usr/site/bin/dig. </li></ul></ul><ul><ul><ul><li>The user interface for dig is nicer than the nslookup command. </li></ul></ul></ul><ul><ul><ul><li>dig is generally easier to use than nslookup. </li></ul></ul></ul><ul><ul><ul><li>Nslookup will go away soon, replaced by dig </li></ul></ul></ul>
    50. 53. Network Configuration <ul><li>Common problem: </li></ul><ul><ul><li>You can ping/telnet/... a host by address, but not by hostname. </li></ul></ul><ul><ul><ul><li>This tells you that some things are right, and something is wrong: </li></ul></ul></ul><ul><ul><ul><ul><li>Right: The network card is operable, and the wiring is all correct. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Wrong: The name service software is not properly configured. </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>By using the IP address of the remote host, you bypass the name service. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>When you use the hostname of the remote host, the name service software needs to resolve the IP address. This step is failing... </li></ul></ul></ul></ul></ul>
    51. 54. Name Services <ul><li>It is possible, and even common to use multiple name services concurrently. </li></ul><ul><ul><li>This configuration is controlled via the nsswitch.conf file. </li></ul></ul>
    52. 55. <ul><li># cat /etc/nsswitch.conf </li></ul><ul><li>passwd: files </li></ul><ul><li>group: files </li></ul><ul><li>hosts: files dns </li></ul><ul><li>ipnodes: files </li></ul><ul><li>networks: files </li></ul><ul><li>protocols: files </li></ul><ul><li>rpc: files </li></ul><ul><li>ethers: files </li></ul><ul><li>netmasks: files </li></ul><ul><li>bootparams: files </li></ul><ul><li>publickey: files </li></ul><ul><li>netgroup: files </li></ul><ul><li>automount: files </li></ul><ul><li>aliases: files </li></ul><ul><li>services: files </li></ul><ul><li>sendmailvars: files </li></ul><ul><li>printers: user files </li></ul><ul><li>auth_attr: files </li></ul><ul><li>prof_attr: files </li></ul><ul><li>project: files </li></ul>
    53. 56. Summary <ul><li>Name Services are an essential component of the network. </li></ul><ul><li>Local name services provide the capability of distributing several types of information. </li></ul><ul><ul><li>Many of these pieces of information should not be distributed globally. </li></ul></ul><ul><li>Global name services (DNS) are required for sites on the Internet. </li></ul><ul><li>Management and security of DNS is a time consuming task. </li></ul>