DNS: dns3-exercise.txt

File dns3-exercise.txt, 5.2 KB (added by admin, 9 years ago)

DNS3 exercise

Line 
1DNS Exercise 3.1: Setting up a domain
2=====================================
3
4In this exercise, you will create a new domain, _something_.ws3.conference.sanog.org.
5You will create master nameservice on your own machine, and someone else will
6setup their machine to be a slave server for your domain. Then you will ask
7the administrator for the domain above you (ws3.conference.sanog.org) to delegate your
8domain to you.
9
10Firstly, note that each machine in the classroom has been given a working
11DNS name: wsX.ws3.conference.sanog.org. Check that it is configured correctly by
12using the `hostname` command - e.g. on ws13 you should see
13
14>     # hostname
15>     ws13.ws3.conference.sanog.org
16
17If not, then configure your server with its name: e.g. for ws13
18
19>     # hostname ws13.ws3.conference.sanog.org
20>     # vi /etc/rc.conf
21>     ...
22>     hostname="ws13.ws3.conference.sanog.org"
23>     # vi /etc/hosts
24>     ...
25>     119.2.100.239     ws13.ws3.conference.sanog.org
26
27You should also be able to see your machine's hostname at the login screen
28on the console:
29
30>     FreeBSD/i386 (ws13.ws3.conference.sanog.org) (ttyv0)
31>
32>     login:
33
34Exercise
35--------
36
37*   Choose a new domain, write it here:  `___________________.ws3.conference.sanog.org` 
38    (Do NOT choose any of the ws names, e.g. `ws13`, as your subdomain)
39
40*   Find someone who will agree to be slave for your domain. You must choose
41    someone on a DIFFERENT table to you. (Remember RFC2182: secondaries must
42    be on remote networks). You can have more than one slave if you wish.
43
44*   Create your zone file in `/etc/namedb/master/xxxxx.ws3.conference.sanog.org`
45    (where xxxxxx is your chosen domain).  Here's a sample zone file to help:
46
47
48
49$TTL 10m
50@       IN     SOA    wsX.ws3.conference.sanog.org.  yourname.example.com. (
51                                  2010071601    ; Serial
52                                  10m           ; Refresh
53                                  10m           ; Retry
54                                  4w            ; Expire
55                                  10m )         ; Negative
56
57            IN      NS      wsX.ws3.conference.sanog.org.   ; master
58            IN      NS      wsY.ws3.conference.sanog.org.   ; slave
59
60www         IN      A       119.2.100.X          ; your own IP
61
62
63
64    Replace `yourname.example.com.` with your home E-mail address, changing
65    "@" to "." and adding a "." to the end.
66
67    We have chosen purposely low values for TTL, refresh, and retry to make
68    it easier to fix problems in the classroom. For a production domain you
69    would use higher values, e.g. `$TTL 1d`
70
71*   Edit `/etc/namedb/named.conf` to configure your machine as master for your
72    domain (see slides for information how to do this -
73    reminder:
74
75zone "xxxxx.ws3.conference.sanog.org" {
76    file "/etc/namedb/master/xxxxx.ws3.conference.sanog.org";
77    type master;
78};
79
80*   Check that your config file and zone file are valid, and then reload
81    the nameserver daemon:
82
83        # named-checkconf
84        # named-checkzone xxxxx.ws3.conference.sanog.org /etc/namedb/master/xxxxx.ws3.conference.sanog.org
85
86*   If there are any errors, correct them*
87
88        # rndc reconfig
89        # tail /var/log/messages
90
91*   If there are any errors, correct them*. Some configuration errors can
92    cause the daemon to die completely, in which case you may have to
93    start it again:
94
95        # /etc/rc.d/named restart
96
97*   Assist your slaves to configure themselves as slave for your domain,
98    and configure yourself as a slave if asked to do so by another table.
99    Again, the instructions for how to do this are on the slides. If you
100    have changed your `named.conf` so that you are a slave for someone
101    else, make sure there are no errors in `/var/log/messages` after you
102    do `rndc reload`.
103
104*   Check that you and your slaves are giving authoritative answers for
105    your domain:
106
107        # dig +norec @119.2.100.X xxxxx.ws3.conference.sanog.org. soa
108        # dig +norec @119.2.100.Y xxxxx.ws3.conference.sanog.org. soa
109
110    Check that you get an AA (authoritative answer) from both, and that
111    the serial numbers match.
112
113*   Now you are ready to request delegation. Bring the following information
114    to the classroom instructor (on paper)
115
116        Domain name:          ___________________.ws3.conference.sanog.org
117
118        Master nameserver:    ws____.ws3.conference.sanog.org
119
120        Slave nameserver:     ws____.ws3.conference.sanog.org
121
122                OPTIONAL:
123
124        Slave nameserver:     ws____.ws3.conference.sanog.org (optional)
125
126        Slave nameserver:     ws____.ws3.conference.sanog.org (optional)
127
128
129*   You will not get delegation until the instructor has checked:
130
131    - Your nameservers are all authoritative for your domain
132    - They all have the same SOA serial number
133    - The NS records within the zone match the list of servers you are
134      requesting delegation for
135    - The slave(s) are not on the same desk as you
136
137*   Once you have delegation, try to resolve www.xxxxx.ws3.conference.sanog.org:
138
139    - From your own machine
140    - From someone else's machine (who is not slave for you)
141    - From a machine elsewhere on the Internet, if you have access to one
142
143*   Add a new resource record to your zone file. Remember to update the
144    serial number. Check that your slaves have updated. Try resolving this
145    new name from elsewhere.