IS 333 Lab 5

IS 333 Lab 5: DNS

Purpose

Thus far, you have set up your own private network, and configured a router so that you can access the other networks in the lab. However the only way to reach any of these machines is using IP addresses. The domain name service (DNS) allows access by name instead of by IP address, and names are much easier for a human to understand. Since DNS is hierarchical, once a DNS server is running, it is easy to attach to our lab network (or in real life, the Internet).

This week's exercise is to configure your local network to use DNS, and to attach your DNS to the lab's "global" name service. On your server computer, you will be modifying several DNS configuration files indirectly using the Yast tool in Suse. Then you will test your configuration using your client and server computers. DNS uses plain-text configurations files; however this is one case where it is simpler to modify these files using a configuration program like Yast.

Readings

DNS HOWTO
man pages for named

1. Getting Started

Turn on your computer, login as root and open a terminal window. Make certain that you can ping 192.168.0.1, the other computers in your workgroup, and at least one computer outside of your workgroup.

Take a moment and write down the IP address of your server computer, plus the names of it and the one or two client machines in your network.

To configure DNS, several files will be created and/or modified. These are /etc/resolv.conf, /etc/named.conf, plus the files in the directory /var/lib/named/master. For the moment, you need not worry about their contents, as Yast will make the necessary modifications. However you should save a listing of the files in /var/lib/named/master that includes their modifications times, so that you can see later on what has been modified.

If these files/directories are not present on your system, they should appear after the first time you run the DNS server option in Yast which we will get to shortly.

Pick a name for your group, groupn. your workgroup's domain name groupn.syslab.cs.calvin.edu.

2. Initial Testing

In order to see how DNS behaves when it is working correctly, it is useful to observe how it behaves when it is not working completely correctly. First, try the following commands on your server and note the results:

   ping -c 5 192.168.0.1
   ping -c 5 matrix
   ping -c 5 matrix.syslab.cs.calvin.edu

Then try these commands on a client machine and note the results. What does not work? Look in the file /etc/resolve.conf on each of these computers, to get a hint as to what the problem is. Don't change this file (yet).

There is a program called host that queries DNS servers to find the IP address for a given host name. (Older systems and Windows offer a similar program called nslookup.) Programs that let humans enter a host name typically send that name to a DNS server, which sends back the corresponding IP address -- a DNS lookup. Other programs (e.g., that log accesses, or restrict accesses by computers) send a DNS server an IP address, which sends back the corresponding host name -- a reverse DNS lookup. Run these commands on your server and note the results:

   host matrix.syslab.cs.calvin.edu
   host matrix
   host 192.168.0.1

Then try these commands on your client and server computers and note the results:

   host yourhostname.yourgroupname.syslab.cs.calvin.edu
   host www.yourgroupname.syslab.cs.calvin.edu
   host 192.168.x.y

where the last IP address is that of your workgroup's server.

3. Initial Interface Check

static ip address: The first thing you need to do before setting up your dns is to make sure you have the correct settings in Network Devices in Yast. Verify you have a static ip address with a netmask of 255.255.255.0. For example if you are group number 23 your server might have a static address of 192.168.23.2 with a netmask of 255.255.255.0.
hostname and name servers: Enter an agreed on host name for your server. If for example your group name is "blue" you might name your server "blue1". Also add your server ip address 192.168.x.y and 192.168.0.1 to the name server entries which are also found in the Yast Network Devices menu system.
file check: After exiting Yast properly saving your entries you should be able to observe these settings in the /etc/hosts and /etc/resolv.conf files.

4. Initial DNS Configuration (Yast, Network Services, DNS Server for the first time)

In the following steps, use your domain name of yourname.syslab.cs.calvin.edu. You will create a new domain (aka master zone) on your workgroup's server, create a reverse mapping for that domain (aka reverse master zone), add your server's name and IP address to that domain, and then finally add a separate entry for the alias of a www server. This will require the creation and modification of three files:

/var/lib/named/master/yourname.syslab.cs.calvin.edu - matches the name with the address
/var/lib/named/master/x.168.192.in-addr.arpa - matches the address with the name (x being your group number)
/etc/named.conf - holds the names of the above configuration files

Yast is going to set all these files up for you. From the main panel in Yast select Network Services, DNS Server. You may get an option to "Set Forwarders" if this is the first time you go into this menu system. Go ahead and select "Set Forward Manually" and Add ip address 192.168.0.1 and the ip address of your server, then continue by selecting Next.

Since this is probably the first time you have entered Network Services, DNS Server you will probably be taken to the DNS Server Installation: DNS Zones where "example.com" will already be entered for you in the Name field. Change that to groupn.syslab.cs.calvin.edu! (example.com was bad even before there was a real example.com!) Click Add to select groupn.syslab.cs.calvin.edu for your name, then Edit. You should now be in the Zone Editor.

First we want to specify our name server so select NS Record tab and enter "yourservername.groupn.syslab.cs.calvin.edu" and click ADD.
Second we want to give our name server an address so select the Records tab. In the Record Key field enter the name of your machine, leave the type as "A: Domain Name Translation" and give it a value of the ip address of your server and click Add, then OK, this should take you back to the DNS Server Installation: DNS Zones menu.
Third we would like to give our server a name like www instead of the server name so we could reference as www.groupn.syslab.cs.calvin.edu. This is accomplished using an alias record. Select the Records tab again, in the Record key field enter www but instead of using "A: Domain Name Translation" use "CNAME: Alias for Domain Name" , enter your server name in the Value field and press Add, Click OK, Next and then Finish

5. Test Your DNS Server

To see if your server is running properly, first see if your server is running! Then try these commands on your server and client computers, and note the results:

   host www.groupn.syslab.cs.calvin.edu
   host
servername.groupn.syslab.cs.calvin.edu
   host w.x.y.z

where w.x.y.z is your server's IP address. None of these should return an error. If they do, your DNS server is not quite right which should be expected since we still have a few things to do. Try manually starting the dns server with the command "/etc/init.d/named restart" then repeat the of host commands. Do you see any difference? If not try running the commands followed by a space and the ip address of your server. "host www.groupn.syslab.cs.calvin.edu 192.168.x.y".

This tells host to use your-server's-ip-address as its DNS server. If this works, then your server's DNS service is working correctly, so recheck your DHCP configuration. The most likely culprit is that your clients are getting invalid DNS information via DHCP, so recheck /etc/dhcpd.conf on your server and look for problems there. There should be a line

   option domain-name-servers 192.168.x.y;

listing the IP address of your workgroup's server. You should also have your domain-name listed here:

   option domain-name "yourDomain.syslab.cs.calvin.edu";

If you have to make a change here, restart dhcpd on your server; then restart network services on each client.

Once DNS is working using host, try pinging from your client as before:

   ping -c 5 192.168.0.1
   ping -c 5 matrix
   ping -c 5 matrix.syslab.cs.calvin.edu

Do any of these still not work?

Repeat these commands on your server. Note which ones do and do not work. To fix the problem. compare /etc/resolv.conf on your client and server, and modify the file on your server as necessary. (The client gets its DNS information via DHCP, your server does not.) Record what you have to do to solve the problem. If you get stuck, ask for help.

6. Miscellaneous Items

There can be some confusion over what your DNS server is called. The actual DNS server is called named. The entire package of server, resolver library, and testing tools is called the Berkeley Internet Name Domain (BIND). We will use the Yast tool to start the server (named), but once we have it working, we will set it to start automatically at boot time.

7. Reverse DNS Lookup Get back into Yast, Network Services, DNS Server. Three of the following options within Yast, Network Services, DNS Server should have these corresponding values:

Start-Up should have "When Booting"
Forwarders add 192.168.0.1 (it may be there already) (To tell your DNS server what to do with names it does not know)
Logging leave as the default "System Log"

In the Fourth option, the DNS Zones options, add the second name of "x.168.192.in-addr.arpa" where "x" is your group number. These will be the names of the config files that /etc/named.conf references. One will map names to ip address, the other will map ip addresses to names, other wise known as reverse mapping.

Under NS Records make sure that matrix.syslab.cs.calvin.edu and servern.syslab.cs.calvin.edu appear.

Next we need to add records to these files to achieve these mappings. Both "groupname.syslab.cs.calvin.edu" and "x.168.192.in-addr.arpa" should appear in the "configured DNS Zones" list.

For "x.168.192.in-addr.arpa" add the following records:

for NS Records, add "matrix.syslab.cs.calvin.edu" and "servername.groupname.syslab.cs.calvin.edu"
for the Records entry add the last number of your ip address of your server in the Record Key field. The type should be "PTR: Reverse Translation" and the Value the full name of your server and again press the Add button and click OK which should take you back to the "Configured DNS Zones" list.

Click Finish and Yast should save your work and take you back to the main Yast Network Services menu. In a seperate terminal window on the server issue the following command: ls -al /var/lib/named/master/

Do you see something like the following?, you should.
total 12
drwxr-xr-x 2 root root 168 Feb 27 17:20 .
drwxr-xr-x 9 root root 312 Apr 24 2006 ..
-rw-r--r-- 1 root root 320 Feb 27 11:24 23.168.192.in-addr.arpa
-rw-r--r-- 1 root root 326 Feb 27 11:24 blue.syslab.cs.calvin.edu
-rw-r--r-- 1 root root 284 Feb 27 17:20 example.com

Then try these commands on your client and server computers and note the results:

host yourservername.yourgroupname.syslab.cs.calvin.edu
host www.yourgroupname.syslab.cs.calvin.edu
host 192.168.x.y where the last IP address is that of your workgroup's server.

8. Connect Your DNS Server to the Lab Internet (Downstream)

Your clients can now access names in the lab internet domain, but they cannot get to any of the computers in the subdomains. This is because the root name server does not know how to get to each individual network. To solve this, you have to register your domain name with the root server. This entails telling the proper authority your domain name, the name and IP address of your DNS server, and paying a nominal fee. On the Internet, the proper authority is the Internet Corporation for Assigned Names and Numbers -- aka ICANN. In the Systems Lab, this authority is ICANT, and your instructor is the local agent. Fees are negotiable. The root authority will then update its list of mappings, and once that is done, your computers are now accessible by everyone else. This can be tested during the next lab.

Turn In

A lab writeup, by the due date, in which you answer the lab questions, plus those below:

Show the results of pinging IP addresses and domain names from your server and client computers. Why do they behave differently? What controls this behavior?

List the files that were created or modified while configuring DNS. Explain what gets set in the file /etc/resolv.conf now that you have DNS working. Once your DNS is working with a "real" domain name, show the contents of these three files.

Show the results of all your host commands on your server and clients.

If your clients had trouble finding matrix.syslab.calvin.edu, what did you have to change on your server to get DNS queries to work correctly? How/why did this solve the problem?

You only configured DNS to recognize the server, not the clients. Explain why, with our current setup, using DNS to name the client machines would not add much value.

Back to the
IS 333 Page

Back to the
IS 333 Labs Page

This page maintained by David Laverell.