Browsing And Finding: DNS (Domain Naming System)

1. What is DNS?

DNS stands for Domain Naming System. The DNStranslates Internet domain and host names to IP addresses.

DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites.

DNS implements a distributed database to store this name and address information for all public hosts on the Internet.

DNS assumes IP addresses do not change (are statically assigned rather than dynamically assigned).

2. What is DNS server and how it works?

In any network, the hosts primarily communicate between each other through IP addresses. For example, if my computer is doing a google search, my computer is actually communicating with the IP address of one of the web servers of google.com. However, even if the computer is efficient with numbers, humans on the other hand work better with names. For this reason, the TCP/IP protocol includes the Domain Name System (DNS) to link between IPs and computer names i.e. hostnames. The DNS is a distributed database of computers that is responsible for resolving hostnames against IP addresses and vice-versa.

Any DNS query involves two parts.

(i) The Resolver: The resolver forms up or initiates the query. The resolver itself does not run as a program. /etc/resolve.conf is an example of a resolver.

(ii) Name Server: The Name Server is the service running in the server that responds to the DNS query generated by the resolver i.e. answers to the question of the resolver.

The working DNS :

(i) The client initiates a query to find a domain example.com. The client sends the query to the DNS server of the ISP. (The DNS Server IP in the client computer is set as the IP address of the DNS Server of the ISP)

(ii) The DNS Server of the ISP first checks it's own cache to check whether it already knows the answer. But as the answer is not present, it generates another query. As the Top Level Domain of example.com is .com, so the DNS server queries the Internet Registration Authority to find who is responsible for example.com.

(iii) The Internet Registration Authority responds to the ISP by answering the query.

(iv) Once the ISP DNS Server knows the authoritative name servers, it contacts the authoritative name servers to find out the IP address for www.example.com i.e. the IP address of host www in the domain example.com.

(v) example.com responds to the ISP DNS Server by answering the query and providing the IP address of the web server i.e. www

(vi) The ISP DNS Server stores the answer in it's cache for future use and answers to the client by sending the IP address of the www server.

(vii)The client may store the answer to the DNS query in it's own cache for future use. Then the client communicates directly with the www server of domain example.com using the IP address.

(viii) The www server responds by sending the index.html page.

3. What is the format of the domain name?

Like a physical address, internet domain names are hierarchical way. If the Fully Qualified Domain Name is www.google.co.in ,

the www is the Hostname,

google is the Domain,

co is the Second Level

in is the Top Level Domain.

4. What are the files we have to edit to configure the DNS?

There are four files to edit to configure the DNS. They are /etc/named.conf, /etc/named.rfc1912.zones, Forward Lookup Zoneand Reverse Lookup Zone. DNS provides a centralised database for resolution. Zone is storage databasewhich contains all the records.

Forward Lookup Zone is used to resolveHostnames to IP addresses.

Reverse Lookup Zone is used to resolve IP addresses to Hostnames.

5. What are the DNS record and explain them?

(i) SOA Record : (Start of Authority)

SOA contains the general administration and control information about the domain.

(ii) Host A Record :

(a) It is nothing but aForward Lookup Zone.

(b) It maps Hostname to IP address.

(iii) PTR : (Pointer Record)

(a) It is nothing but a Reverse Lookup Zone.

(b) It maps IP address to Hostname.

(iv) NS Record : (Name Server Record)

It stores the DNS server IP addresses.

(v) MX Record : (Mail Exchange Record)

It stores the records of the Mail Server IP address.

(vi) CNME Record :

It is nothing but Host's Canonical name allows additional names or aliases to be used locate a system.

6. What is the profile of the DNS?

Package : bind and caching-name

Script : /etc/init.d/named

Configuration file : /etc/named.conf and /etc/named.rfc1912.zones

Client's configuration file : /etc/resolve.conf

Document root : /var/named/

Log file : /var/log/messages

Deamon : named

Port number : 53

7. How to configure the DNS server?

(i) Install the packages bind, caching-name for RHEL - 6 &bind, cashing-name and unbound for RHEL - 7.

# yum install bind* caching-name* -y(to install the DNS packages for RHEL - 6)

# yum install bind* caching-name* unbound* -y(to install the DNS packages for RHEL - 7)

(ii) Change the hostname by adding fully qualified domain name and make it permanent.

# hostname <fully qualified domain name>(to change the hostname in RHEL - 6)

# hostname server9.example.com(example for setting hostname temporarily in RHEL - 6)

# hostnamectl set <fully qualified domain name>(to change the hostname in RHEL - 7)

# hostnamectl set server9.example.com(example for setting hostname temporarilyin RHEL - 7)

# vim /etc/hosts (open this file and go to last line and type as below in RHEL - 6 only)

<IP address><fully qualified domain name> <hostname> 172.25.9.11 server9.example.com server9 (for example of the above syntax)

# vim /etc/sysconfig/network(open this file and go to last line and type as below in RHE-6 only)

HOSTNAME=<fully qualified domain name>

HOSTNAME= server9.example.com (for example of the above syntax)

(ii) Open the DNS main configuration file by # vim /etc/named.conf command.

* Go to line number 11 and edit this line as below.

listen-on port 53 { 127.0.0.1; <server IP address>; };

Example : listen-on port 53 {127.0.0.1; 172.25.9.11; };

* Go to line number 17 and edit this line as below.

allow-query { localhost; <Network ID>/<netmask>; };

Example : allow-query {localhost; 172.25.9.0/24; };(save and exit this file)

(iii) Open the DNS zone reference file by # vim /etc/named.rfc1912.zones command

* Go to line number 19 and copy 5 lines and paste them at last of the file.

zone "<domain name>" IN {

type-master;

file "<forward lookup zone file name>";

allow-update { none; };

};

Example : zone "example.com" IN {

type-master;

file "named.forward";

allow-update { none; };

};

* Go to line number 31 and copy 5 lines and paste them at last of the file.

zone "<Three octets of the DNS server IP address> . in . addr . arpa" IN {

type-master;

file "<reverse lookup zone file name>";

allow-update { none; };

};

Example : zone "9.25.172 . in . addr . arpa" IN {

type-master;

file "named.reverse";

allow-update { none; };

}; (save and exit this file)

(iv) Copy /var/named/named.localhost file to /var/named/named.forward and edit as follows.

# cp -p /var/named/named.localhost /var/named/named.forward

# vim /var/named/named.forward

* Go to line number 2 and edit as follows.

@ IN SOA <DNS server fully qualified domain name> . com root . <domain name> . {

* Go to line number 8 and edit as follows.

NS <DNS server fully qualified domain name> .

A <DNS server IP address>

www IN CNAME <DNS server fully qualified domain name>

Example : The line number 2 should be edited as follows.

@ IN SOA server9.example.com. root.example.com. {

The line number 8 should be edited as follows.

NS server9.example.com.

A 172.25.9.11

server9.example.com. IN A 172.25.9.11

client9.example.com. IN A 172.25.9.10

client10.example.com. IN A 172.25.9.12

client11.example.com. IN A 172.25.9.13

www IN CNAME server9.example.com. (save and exit this file)

(v) Copy /var/named/named.empty file to /var/named/named.reverse and edit as follows.

# cp -p /var/named/named.empty /var/named/named.reverse

# vim /var/named/named.reverse

* Go to line number 2 and edit as follows.

@ IN SOA <DNS server fully qualified domain name> . com root . <domain name> . {

* Go to line number 8 and edit as follows.

NS <DNS server fully qualified domain name> .

www IN CNAME <DNS server fully qualified domain name>

Example : The line number 2 should be edited as follows.

@ IN SOA server9.example.com. root.example.com. {

The line number 8 should be edited as follows.

NS server9.example.com.

11 IN PTR server9.example.com.

10 IN PTR client9.example.com.

12 IN PTR client10.example.com.

13 IN PTR client11.example.com.

server9.example.com. IN A 172.25.9.11

www IN CNAME server9.example.com. (save and exit this file)

(vi) Check the DNS configuration files for syntax errors.

# named-checkconf /etc/named.conf

# named-checkconf /etc/named.rfc1912.zones

# name-checkzone <domain name><forward lookup zone>

Example : # named-checkzone example.com /var/named/named.forward

# named-checkzone <domain name><reverse lookup zone>

Example : # named-checkzone example.com /var/named/named.reverse

(vii) Give full permissions to the forward and reverse lookup zones.

# chmod 777 /var/named/named.forward

# chmod 777 /var/named/named.reverse

(viii) Open /etc/sysconfig/network-scripts/ifcfg-eth0 and enter the DNS domain details if not present.

# vim /etc/sysconfig/network-scripts/ifcfg-eth0 (go to last line and type as follows)

DNS 1=example.com (save and exit this file)

(ix) Add the DNS server IP address in /etc/resolve.conf

# vim /etc/resolve.conf

search <domain name>

namesever <IP address of the DNS server>

Example :

search example.com

nameserver 172.25.9.11 (save and exit this file)

(x) Restart the DNS server deamons.

# service named restart (to restart the deamon in RHEL - 6)

# chkconfig named on (to enable the deamon at next boot time in RHEL - 6)

# systemctl restart named unbound (to restart the deamons in RHEL - 7)

# systemctl enable named unbound (to enable the deamons at next boot time in RHEL -7)

(xi) Add the DNS service to the IP tables and Firewall.

# setup (then select the Firewall configuration option and add DNS in RHEL - 6)

# service iptables restart (to restart the IP tables in RHEL - 6)

# service iptables save (to save the IP tables in RHEL - 6)

# firewall-cmd --permanent --add-service=dns(to add the DNS service to firewall in RHEL - 7)

# firewall-cmd --complete-reload (to reload the firewall in RHEL - 7)

(xi) Check whether the DNS is resolving or not.

# dig <DNS server fully qualified name> (to check the resolving from hostname to IP address)

# dig -x <DNS server IP address>(to check the resolving from IP address to hostname)

Example : # dig server9.example.com

# dig -x 172.25.9.11

(xii) Check the resolution with ping test.

# ping -c3 <DNS server fully qualified domain name>(to check the ping test with hostname)

# ping -c3 <IP address of the DNS server> (to check the ping test with IP address)

Example :

# ping -c3 server9.example.com

# ping -c3 172.25.9.11

(xiii) Check the resolution with host command.

# host <hostname> (to check the resolution with hostname)

# host <IP address> (to check the resolution with IP address)

Example :

# host server9.example.com

# host 172.25.9.11

(xiv) Check the resolution with nslookup command.

# nslookup <hostname> (to check the resolution with hostname)

# nslookup <IP address> (to check the resolution with IP address)

Example :

# nslookup server9.example.com

# nslookup 172.25.9.11

8. How to configure the DNS client?

(i) First assign the static IP address to the client.

(ii) Set the hostname to the client.

(iii) Restart the network service by #service network restart command.

(iv) Open /etc/resolve.conf file and edit as below.

# vim /etc/resolve.conf

search <domain name>

nameserver <DNS server IP address>

Example :

search example.com

nameserver 172.25.9.11 (save and exit this file)

(v) Check whether the DNS is resolving or not.

# dig <DNS server fully qualified name>(to check the resolving from hostname to IP address)

# dig -x <DNS server IP address> (to check the resolving from IP address to hostname)

Example : # dig server9.example.com

# dig -x 172.25.9.11

# dig client9.example.com

# dig -x 172.25.9.10

(vi) Check the resolution with ping test.

# ping -c3 <DNS client fully qualified domain name>(to check the ping test with hostname)

# ping -c3 <IP address of the DNS server> (to check the ping test with IP address)

Example :

# ping -c3 client9.example.com

# ping -c3 172.25.9.10

# ping -c3 server9.example.com

# ping -c3 172.25.9.11

(vii) Check the resolution with host command.

# host <hostname> (to check the resolution with hostname)

# host <IP address> (to check the resolution with IP address)

Example :

# host server9.example.com

# host 172.25.9.11

# host client9.example.com

# host 172.25.9.10

(viii) Check the resolution with nslookup command.

# nslookup <hostname> (to check the resolution with hostname)

# nslookup <IP address> (to check the resolution with IP address)

Example :

# nslookup server9.example.com

# nslookup 172.25.9.11

# nslookup client9.example.com

# nslookup 172.25.9.10

9. How to configure the Secondary DNS server?

(i) Install the packages bind, caching-name for RHEL - 6 &bind, cashing-name and unbound for RHEL - 7.

# yum install bind* caching-name* -y (to install the DNS packages for RHEL - 6)

# yum install bind* caching-name* unbound* -y(to install the DNS packages for RHEL- 7)

(ii) Change the hostname by adding fully qualified domain name and make it permanent.

# hostname <fully qualified domain name> (to change the hostname in RHEL - 6)

# hostname server6.example.com (example for setting hostname temporarily in RHEL - 6)

# hostnamectl set <fully qualified domain name>(to change the hostname in RHEL - 7)

# hostnamectl set server6.example.com(example for setting hostname temporarily in RHEL- 7)

# vim /etc/hosts (open this file and go to last line and type as below in RHEL - 6 only)

172.25.6.11 server6.example.com server6 (for example of the above syntax)

# vim /etc/sysconfig/network(open this file and go to last line and type as below in RHEL-6) o

HOSTNAME=<fully qualified domain name>

HOSTNAME=server6.example.com (for example of the above syntax)

(ii) Open the DNS main configuration file by # vim /etc/named.conf command.

* Go to line number 11 and edit this line as below.

listen-on port 53 { 127.0.0.1; <server IP address>; };

Example : listen-on port 53 {127.0.0.1; 172.25.6.11; };

* Go to line number 17 and edit this line as below.

allow-query { localhost; <Network ID>/<netmask>; };

Example : allow-query {localhost; 172.25.6.0/24; }; (save and exit this file)

(iii) Open the DNS zone reference file by # vim /etc/named.rfc1912.zones command

* Go to line number 19 and copy 5 lines and paste them at last of the file.

zone "<domain name>" IN {

type-slave;

file "slaves/<forward lookup zone file name>";

master { <Primary DNS server IP address; };

};

Example : zone "example.com" IN {

type-slave;

file "slaves/named.forward";

master { 172.25.9.11; };

};

* Go to line number 31 and copy 5 lines and paste them at last of the file.

zone "<Three octets of the DNS server IP address> . in . addr . arpa" IN {

type-slave;

file "slaves/<reverse lookup zone file name>";

master { <Primary DNS server IP address; };

};

Example : zone "9.25.172 . in . addr . arpa" IN {

type-slave;

file "slaves/named.reverse";

master { 172.25.9.11; };

}; (save and exit this file)

(iv) Copy /var/named/slaves/named.localhost to /var/named/slaves/named.forward and edit as follows.

# mkdir /var/named/slaves

# cp -p /var/named/slaves/named.localhost /var/named/slaves/named.forward

# vim /var/named/slaves/named.forward

* Go to line number 2 and edit as follows.

@ IN SOA <secondary DNS server fully qualified domain name> . com root . <domain name> . {

* Go to line number 8 and edit as follows.

NS <DNS server fully qualified domain name> .

A <DNS server IP address>

www IN CNAME <DNS server fully qualified domain name>

Example : The line number 2 should be edited as follows.

@ IN SOA server6.example.com. root.example.com. {

The line number 8 should be edited as follows.

NS server6.example.com.

A 172.25.6.11

server6.example.com. IN A 172.25.6.11

server9.example.com. IN A 172.25.9.11

client9.example.com. IN A 172.25.9.10

client10.example.com. IN A 172.25.9.12

client11.example.com. IN A 172.25.9.13

www IN CNAME server6.example.com. (save and exit this file)

(v) Copy /var/named/slaves/named.empty file to /var/named/slaves/named.reverse and edit as follows.

# cp -p /var/named/slaves/named.empty /var/named/slaves/named.reverse

# vim /var/named/slaves/named.reverse

* Go to line number 2 and edit as follows.

@ IN SOA <secondary DNS server fully qualified domain name> . com root . <domain name> . {

* Go to line number 8 and edit as follows.

NS <secondary DNS server fully qualified domain name> .

www IN CNAME <secondary DNS server fully qualified domain name>

Example : The line number 2 should be edited as follows.

@ IN SOA server6.example.com. root.example.com. {

The line number 8 should be edited as follows.

NS server6.example.com.

11 IN PTR server6.example.com.

11 IN PTR server9.example.com.

10 IN PTR client9.example.com.

12 IN PTR client10.example.com.

13 IN PTR client11.example.com.

server6.example.com. IN A 172.25.6.11

www IN CNAME server6.example.com.(save and exit this file)

(vi) Check the DNS configuration files for syntax errors.

# named-checkconf /etc/named.conf

# named-checkconf /etc/named.rfc1912.zones

# name-checkzone <domain name><forward lookup zone>

Example : # named-checkzone example.com /var/named/slaves/named.forward

# named-checkzone <domain name><reverse lookup zone>

Example : # named-checkzone example.com /var/named/slaves/named.reverse

(vii) Give full permissions to the forward and reverse lookup zones.

# chmod 777 /var/named/slaves/named.forward

# chmod 777 /var/named/slaves/named.reverse

(viii) Open /etc/sysconfig/network-scripts/ifcfg-eth0 and enter the DNS domain details if not present.

# vim /etc/sysconfig/network-scripts/ifcfg-eth0 (go to last line and type as follows)

DNS 1=example.com (save and exit this file)

(ix) Add the DNS server IP address in /etc/resolve.conf

# vim /etc/resolve.conf

search <domain name>

namesever <IP address of the DNS server>

namesever <IP address of the secondary DNS server>

Example :

search example.com

nameserver 172.25.9.11

nameserver 172.25.6.11 (save and exit this file)

(x) Restart the DNS server deamons.

# service named restart (to restart the deamon in RHEL - 6)

# chkconfig named on (to enable the deamon at next boot time in RHEL - 6)

# systemctl restart named unbound (to restart the deamons in RHEL - 7)

# systemctl enable named unbound (to enable the deamons at next boot time in RHEL -7)

(xi) Add the DNS service to the IP tables and Firewall.

# setup (then select the Firewall configuration option and add DNS in RHEL - 6)

# service iptables restart (to restart the IP tables in RHEL - 6)

# service iptables save (to save the IP tables in RHEL - 6)

# firewall-cmd --permanent --add-service=dns(to add the DNS service to firewall in RHEL - 7)

# firewall-cmd --complete-reload (to reload the firewall in RHEL - 7)

(xi) Check whether the DNS is resolving or not.

# dig <DNS server fully qualified name>(to check the resolving from hostname to IP address)

# dig -x <DNS server IP address> (to check the resolving from IP address to hostname)

Example : # dig server6.example.com

# dig -x 172.25.6.11

(xii) Check the resolution with ping test.

#ping -c <secondary DNS server fully qualified domain name>(to check the ping test with hostname)

# ping -c3 <IP address of the secondary DNS server> (to check the ping test with IP address)

Example :

# ping -c3 server6.example.com

# ping -c3 172.25.6.11

(xiii) Check the resolution with host command.

# host <hostname> (to check the resolution with hostname)

# host <IP address> (to check the resolution with IP address)

Example :

# host server6.example.com

# host 172.25.6.11

(xiv) Check the resolution with nslookup command.

# nslookup <hostname> (to check the resolution with hostname)

# nslookup <IP address> (to check the resolution with IP address)

Example :

# nslookup server6.example.com

# nslookup 172.25.6.11

Browsing And Finding

Search This Blog

Sunday, 21 April 2019

DNS (Domain Naming System)

No comments:

Post a Comment

Popular Posts

Search This Blog

Sunday, 21 April 2019

DNS (Domain Naming System)

No comments:

Post a Comment

Subscribe To