﻿                        DNS Exercise - Delegation
                        -------------------------

In this exercise, we will create a new TLD in our root.
for example: MYTLD

You will create a master nameservice on your own machine, and someone else
will provide slave service. Then you will ask the administrator for the
domain above you (dns) to delegate your domain to you.

Note: the following should be done as the "root" superuser.

Firstly, note that your hostname is configured correctly
on your machine.  Check that it is configured correctly by
using the 'hostname' command - e.g. on master.grpXX.ws.nsrc.org, if you type:

 # hostname

You should see:

  master.grpXX.ws.nsrc.org

If not, then configure your server with its name: e.g. for
	master.grp25.ws.nsrc.org, type:


 # hostname master.grp25.ws.nsrc.org

Remember to replace "grpXX" with the the proper group number!

Edit the file /etc/rc.conf (using "vi" or "pico", i.e.: pico /etc/rc.conf),
and update the "hostname":

  hostname="master.grpXX.ws.nsrc.org"

In the file /etc/hosts, you should see a line:

  10.10.25.1   master.grpXX master.grpXX.ws.nsrc.org


Exercise
--------

*   Choose a new domain, write it down somewhere

    i.e.: "MYTLD" or "EARTH" - whatever you feel like.

    (Do NOT choose any of the PC names, e.g. `master.grpXX`, as your subdomain)

    This could for example be the name of your country code or country name,
    but REMEMBER that someone might pick the same name! First come, first
	serve.


*   Find someone who will agree to be slave for your domain. Please find
    someone on a different table than you (Remember RFC2182: secondaries must
    be on remote networks but here we work on a flat net). You can
    have more than one slave if you wish.

*   Create your zone file in `/etc/namedb/master/MYTLD`
    (where MYTLD is your chosen domain) -- you can pretty much
    "copy and paste" the section below -- but remember to update
    the XXX with your IP:

- - - - - - - - - - - - - cut below - - - - - - - - - - - -

$TTL 10m
@       IN      SOA     master.grpXX.ws.nsrc.org. your@email.address. (
                        2011021601    ; Serial
                        10m           ; Refresh
                        5m            ; Retry
                        4w            ; Expire
                        10m )         ; Negative

        IN      NS      master.grpXXX.ws.nsrc.org.   ; master
        IN      NS      master.grpYYY.ws.nsrc.org.   ; slave

www     IN      A       10.10.XXX.1             ; your own IP

- - - - - - - - - - - - - cut above - - - - - - - - - - - -

    Replace `your@email.address.` with your home E-mail address.

	XXX and YYY are the IP of your group, and your slave's, respectively.
	
    We have chosen purposely low values for TTL, refresh, and retry to make
    it easier to fix problems in the classroom. For a production domain you
    might use higher values.

*   Edit `/etc/namedb/named.conf` and do the following:

    - If it is still there, REMOVE the following line:

         listen { 127.0.0.1; };

    ... and add another line:

        allow-query { any; };

    ... so that your nameserver will now answer queries from the network

    - Add a section to configure your machine as master for
      your domain, by adding something like this at the end
	  (the bottom) of the file:

    zone "MYTLD" { type master; file "/etc/namedb/master/MYTLD"; };

    Pay attention to the ';' and '}' !

*   Check that your config file and zone file are valid:

        # named-checkconf
        # named-checkzone MYTLD /etc/namedb/master/

    * If there are any errors, correct them ! *

*   If this is not already done, enable named in your server's configuration,
    by editing the file /etc/rc.conf and adding, if this is not already done:

        named_enable="YES"

    - Then start/restart named with

        # /etc/rc.d/named restart

    Check the result with

        # tail /var/log/messages

	Verify with dig that MYTLD is now configured on your host:

		# dig @localhost MYTLD. NS

    - If there are any errors, correct them. Some configuration errors can
    cause the daemon to die completely, in which case you may have to
    start it again:

        # /etc/rc.d/named restart

*   Assist your slaves to configure themselves as slave for your domain, and
    configure yourself as a slave if asked to do so by another table.

    The instructions for how to do this are on the slides, but here's a hint:

    zone "MYTLD" { 
       type slave; masters { 10.10.XXX.1; }; file "/etc/namedb/slave/MYTLD";
    };

	... where XXX is the IP of the group of your slave.

	Remember, you will also need to be a slave for someone else's zone!

    When you have changed your `named.conf` so that you are a slave for
    someone else, make sure there are no errors in `/var/log/messages` after
    you restart your nameserver.

*   Check that you and your slaves are giving authoritative answers for
    your domain:

        # dig +norec @10.10.XXX.1 MYTLD. SOA
        # dig +norec @10.10.YYY.1 MYTLD. SOA

    Check that you get an AA (authoritative answer) from both, and that
    the serial numbers match.

*   Now you are ready to request delegation – indicate to the instructor,
    on a piece of paper:


        Domain name:          ___________________

        Master nameserver:    master.grp___.ws.nsrc.org

        Slave nameserver:     master.grp___.ws.nsrc.org


*   You will not get delegation until the instructor has checked:

    - Your nameservers are all authoritative for your domain
    - They all have the same SOA serial number
    - The NS records within the zone match the list of servers you are
      requesting delegation for
    - The slave(s) are not on the same side of the room as you :)

	=> This is called policy!

*   Once you have delegation, try to resolve www.MYTLD:

    - On your own machine
    - On someone else's machine (who is not slave for you):

  # dig @10.10.XXX.1 www.MYTLD       (where MYTLD is your domain)

*   Add a new resource record to your zone file. Remember to update the
    serial number. Check that your slaves have updated. Try resolving this
    new name.
