DNS: dns2-exercise3.txt

File dns2-exercise3.txt, 4.3 KB (added by admin, 9 years ago)

DNS2 Exercise 3

Line 
1Exercise 2.3: Building a DNS cache
2==================================
3
41. Check the version of BIND which is installed
5-----------------------------------------------
6
7    $ named -v
8    BIND 9.6.2-P2
9
10
112. Configure your cache to accept queries from neighbors
12--------------------------------------------------------
13
14Edit the file /etc/namedb/named.conf (using vi or ee)
15
16Then find the line:
17
18        listen-on       { 127.0.0.1; };
19
20... and REMOVE IT.
21
22Instead, add another line:
23
24        allow-recursion { 127.0.0.1; 119.2.100.0/24; };
25
26Be careful about the semicolons ';' and braces { } - BIND
27will complain if they are not placed correctly
28
29By removing the line "listen-on ..." and adding the line
30"allow-recursion", we are telling BIND:
31
32- please listen to the network for queries, not only on
33  the local interface "127.0.0.1";
34
35- please allow clients in the 119.2.100.0/24 to send queries
36  to me, as well as myself;
37
383. Start the cache and check it is running
39------------------------------------------
40
41Now, edit `/etc/rc.conf` and add a line saying `named_enable="YES"`
42
43Then run these commands:
44    # cd /etc/namedb/master
45    # /etc/rc.d/named start
46    # ps auxwww | grep named
47    # tail /var/log/messages
48
49Check for successful startup with no error messages (you can ignore errors
50about missing `master/localhost.rev` and `master/localhost-v6.rev` for now)
51
524. Reconfigure your resolver to use your own cache only
53-------------------------------------------------------
54
55Edit `/etc/resolv.conf` as follows:
56
57Remove any existing 'nameserver' lines, or comment them out by inserting '#'
58at the front. 127.0.0.1 is the loopback address; that is, an IP address
59which means 'send the packet to myself', and we'll use it as our nameserver:
60
61    search ws3.conference.sanog.org
62    nameserver 127.0.0.1
63
645. Send some queries
65--------------------
66
67Issue a query. Make a note of whether the response has the 'aa' flag set.
68Look at the answer section and note the TTL of the answer. Also note how long
69the query took to process.
70
71Then repeat the _exact same_ query, and note the information again.
72
73    $ dig www.tiscali.co.uk.   Does it have the 'aa' flag?     ______
74                               What is the TTL of the answer?  ______ seconds
75                               How long is the Query Time?     ______
76                               milliseconds
77
78    $ dig www.tiscali.co.uk.   Does it have the 'aa' flag?     ______
79                               What is the TTL of the answer?  ______ seconds
80                               How long is the Query Time?     ______
81                               milliseconds
82
83Repeat it a third time. Can you explain the differences?
84
85If your neighbour has got their cache working, then try sending some queries
86to their cache (remember `dig @119.2.100.XXX somedomain.name`)
87
88... where XXX is the IP of the PC in the class you want to send the
89query to, and "somedomain.name" is the query you would like to perform.
90
916. Watch the cache in operation
92-------------------------------
93
94You can take a snapshot of the cache contents like this:
95
96    # /usr/sbin/rndc dumpdb
97    # less /var/named/var/dump/named_dump.db
98
99(Don't do this on a busy cache - you will generate a huge dump file!)
100
101You can watch the cache making queries to the outside world using
102`tcpdump` in a different window or screen (ALT-F1, ALT-F2, etc...):
103
104    # tcpdump -n -s1500 -i xyz0 udp port 53
105
106Replace `xyz0` with the name of your ethernet interface - e.g. `em0` or
107`bge0` - run "ifconfig" to find out what your interface is.
108
109While tcpdump is running, in the first window flush your cache (so it forgets
110all existing data) and then issue some queries.
111
112    # rndc flush
113    # dig www.tiscali.co.uk.   -- and watch tcpdump output. What do you see?
114
115    # dig www.tiscali.co.uk.   -- watch tcpdump again. This time?
116
1177. Tightening up the configuration (optional)
118---------------------------------------------
119
120Following the examples on the presentation, create zonefiles which map
121localhost to 127.0.0.1 and 127.0.0.1 to localhost, and test.
122
123Following the examples on the presentation, create an ACL which restricts
124access to your cache to your machine only. Get someone else to try to
125resolve names using your cache. Remember:
126
127    rndc reload                 # to make your modified configuration active
128    tail /var/log/messages      # to check for errors in your configuration
129