*Made by Florian Berger and Yanis Mercier-Tallet, students in their 2nd year of BUT at the IT department of the IUT of Talence (33).*
The purpose of this manual is to introduce you to the configuration of a DNS server in order to simplify the management of a subnet.
Required software :
- [NEmu](https://gitlab.com/v-a/nemu) virtual environment
# Sommaire
- [1. The network](#1-The-network)
- [2. Before starting](#2-Before-starting)
- [3. Machine configuration](#3-Machine-configuration)
- [3.1. IPs](#31-IPs)
- [3.2. Local naming](#32-Local-naming)
- [3.3. DNS clients](#33-DNS-clients)
- [4. DNS server configuration](#4-DNS-server-configuration)
- [4.1. The primary server](#41-The-primary-server)
- [4.2. The secondary server](#42-The-secondary-server)
- [4.3. Study of the LAN SERVER](#43-Study-of-the-LAN-SERVER)
- [4.4. The main area](#44-The-main-area)
- [4.5. The reverse zone](#45-The-reverse-zone)
- [4.6. Configuration of a sub-domain](#46-Configuration-of-a-sub-domain)
- [4.7. Configuration of a new sub-domain](#46-Configuration-of-a-new-sub-domain)
<br>
## 1. The network
*image du réseau*
<br>
## 2. Before starting
In a regular terminal:
- To launch the virtual network:
```
~/iut-vms/vnet/nemu-vnet netdns
```
- To restore the previously backed up virtual network:
```
~/iut-vms/vnet/nemu-restore ~/vnet/netdns.tgz
```
In the NEmu terminal:
- To shut down a machine, type ``poweroff`` in its terminal
- To quit the virtual network, type quit() in the main terminal
- To save the network, type ```save()``` in the main terminal
<br>
## 3. Machine configuration
### 3.1 IPs
To start, in order for the machines to get an address by DHCP you must edit the file ``/etc/network/interfaces`` by adding on both DNS :
```
subnet 192.168.0.0 netmask 255.255.255.0 {
range <ip> <ip>;
}
```
with ip as ``192.168.0.1`` for DNS1 and ``192.168.0.2`` for DNS1
and on both clients :
```
iface eth0 inet dhcp
```
Then via the command ``ifup`` you can get the correspondence between the IP addresses of each machine. This should give :
```
192.168.0.10 on client1
192.168.0.20 on client2
192.168.0.1 on dns1
192.168.0.2 on dns2
```
You can ping to check that the network is working properly.
### 3.2. Local naming
Now, in order for dns1 to communicate with dns2, client1 and client2, you need to modify ``/etc/hosts`` on dns1 :
```
192.168.0.2 dns // <ip> <name> of dns2
192.168.0.10 client1 // <ip> <name> of client1
192.168.0.20 client2 // <ip> <name> of client2
```
You can now communicate with these machines from dns1 via their names, check with a ping (e.g. ``ping client1``)
Now you have to check the content of the file ``/etc/resolv.conf`` of each machine, normally you can see that there is an IP outside the subnet, it is provided by the DHCP root server.
### 3.3. DNS clients
If you use the `ifdown eth0` and `ifup eth0` commands it will modify `/etc/resolv.conf` by adding an IP address outside your subnet (provided by the root DHCP server)
Now we have to force the use of our own servers (that's why we want to create them, right?). To do this, modify the `/etc/dhcp/dhclient.conf` file on the corresponding machines:
```
# For dns1 and dns2 :
supersede domain-name-servers 127.0.0.1;
# For client1 :
supersede domain-name-servers <ip dns1>
# For client2 :
supersede domain-name-servers <ip dns2>
```
Then, in order to ask our future servers to relay external DNS requests, edit the `/etc/bind/named.conf.options` file on all DNS servers (dns1 and dns2):
```
forwarders {
172.16.0.3;
};
allow-query {
any;
};
```
*Pay attention to:*
*- Put this part of the code in the `options` block already present*.
*- Don't forget the ";" at the end of the braces*.
## 4. DNS server configuration
### 4.1. The primary server
We will first configure **dns1** so that it is responsible for the main **netas** domain
To do this, declare a new DNS primare zone in the file`/etc/bind/named.conf.local` :
```
zone "netas" {
type master;
file "/etc/bind/db.netas";
};
```
*The name of the file doesn't matter, but try to keep the name consistent.
*(Again, don't forget the ";" at the end of the braces)*
Copy the file `/etc/bind/db.empty` into a new file `/etc/bind/db.netas`.
*The new file must have the same name as what you put in the **file** area of the **netas** block.
Then, update the zone file header to `/etc/bind/db.netas` (at least the filename put in the **file** line of the **netas** zone) :
```
$TTL 86400
@ IN SOA dns1.netas. contact.netas. (
1 ; serial number to be incremented at each modification of the zone
604800
86400
2419200
86400
)
```
To indicate the name of the main DNS server add the following line in the same file :
```
@ IN NS dns1
```
*You have just modified the file, so you have to increment the serial number*.
You have indicated the name of the main DNS server, so you have to specify the IP address of this server (by adding a **A** entry):
```
dns1 IN A <192.168.0.1>
```
Here are the commands to interact with the DNS service:
```
// restart the DNS service
systemctl restart named
```
```
// reload the configuration files without having to restart the service
systemctl reload named
```
```
// verify that the service has been started
systemctl status named
```
```
// DNS service logs
// To be checked each time the DNS service is restarted
tail -n <nb lines> /var/log/syslog
```
```
// complete journal
journalctl --unit named
```
Here we can see that everything is working properly:
At this point you should be able to access **dns1.netas** from **client1** with the ping command :
```
ping dns1.netas
```
Now you have to add dns2. To do this, add a new entry A but for dns2 this time in the :
```
@ IN NS dns2
dns2 IN A 192.168.0.2
```
The last thing to do is to give the **dns-primary** and **dns-secondary** aliases to the **dns1** and **dns2** servers respectively.
To do this, add 2 **CNAME** entries like this (still in the `/etc/bind/db.netas` file):
```
dns-primaire IN CNAME dns1
dns-secondaire IN CNAME dns2
```
Finally, you can test your configuration from **client1** using the **ping** command to **dns1.netas**, **dns2.netas**, **dns-primary.netas** and**dns-secondary.netas**.
*Tip: the **host** command allows you to retrieve :*
```
// the ip of the machine with a given name
host <name>
```
```
// the name of the machine with a given ip
host <ip>
```
In the end you should get this: (apart from your **serial number**)
### 4.2. The secondary server
Now, in order to identify **dns2** as a server in the zone, you need to add a new NS entry:
``` @ IN NS dns2 ```
On the **dns2**, you must declare the **netas** zone as secondary to the dns1 server:
```
zone "netas" {
type slave;
file "/var/lib/bind/db.netas";
masters { <IP of the server dns1>; };
};
```
You will notice the "slave" type which indicates that the zone is secondary to another one of master type (**dns1**).
As after each modification, do not forget to restart the **dns1** and **dns2** services with `systemctl restart named`.
To check that what you have done is working, from client2 do a `ping` to the machines declared in the **netas** area.
From both clients, use the `host` command using the dns1 server and then dns2. Make sure both servers contain the **netas** zone defined above.
It should look like this:
Check the contents of the `/var/lib/bind/db.netas` file on **dns2** and compare it to the primary zone file on **dns1**. The file should be empty on **dns1** while on dns2 it should look like this:
### 4.3. Study of the LAN SERVER
The subnetwork you are now going to study is a /22 mask network. This means that you will only be able to use 1024 addresses from **10.0.0.0**.
Now perform a scan of the **LAN SERVER** network with the command `nmap -T5 -sP 10.0.0.0/22`, this may take a few seconds, don't worry!
This will allow you to get the IP addresses of the machines in the subnet.
In order to map each machine that makes up the **LAN SERVER** to their respective IP address, connect via SSH to each of the collected IPs.
Use the username **tc** and the password **plop**.
If you want to retrieve the name of a machine use `hostname` when you are connected to it.
### 4.4. The main area
On **dns1** in `/etc/bind/db.netas` add an **A** entry for each web server listed above:
```
s1 IN A 10.0.2.1
s2 IN A 10.0.2.2
s3 IN A 10.0.2.3
```
Don't forget to restart the service!
Then add a CNAME entry for each web server:
```
creative IN CNAME s1
grayscale IN CNAME s2
wonder IN CNAME s3
```
Test the correct operation of your main entries as well as your aliases from the **client1** (which uses **dns1**) and **client2** (which uses **dns2**) machines.
Now go to **client1** and start the graphical mode with the command `startx`, then type as URL in a web browser.
- creative.netas
- grayscale.netas
- wonder.netas
These are the websites registered in the DNS zone.
To verify that the secondary server zone **dns2** has been updated, perform the same test on **client2**.
### 4.5. The reverse zone
Now you will declare the reverse zone of the main **netas** domain which is located in the `/etc/bind/named.conf` file of the **dns1** server and create the associated zone file :
In `/etc/bind/db.netas.conf.local`:
```
zone "2.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.netas-rev";
};
```
In `/etc/bind/db.netas-rev` :
```
$TTL 86400
@ IN SOA dns1.netas. contact.netas. (
1
604800
86400
2419200
86400 )
@ IN NS dns1.netas.
@ IN NS dns2.netas.
1 IN PTR s1.netas.
2 IN PTR s2.netas.
3 IN PTR s3.netas.
```
Check on **client1** with the help of **ping** and **host** commands that you get the associated name using the IP address or aliases of the **s1**,**s2** and **s3** machines. So :
- `ping s1.netas`/`host s1.netas`
- `ping s2.netas`/`host s2.netas`
- `ping s3.netas`/`host s3.netas`
Update the configuration of the **dns2** server so that it becomes a secondary server of the **netas** reverse zone, so add the block :
```
zone "2.0.10.in-addr.arpa"{
type slave;
file "/var/lib/bind/db/netas-rev";
masters {192.168.0.1;};
};
```
As usual you can check the correct operation of the secondary reverse zone on **client2** with the **ping** and **host** commands.
### 4.6. Configuration of a sub-domain
Add in the main netas zone a new NS entry to include the new subdomain managed by the **dns1** server itself, in `/etc/bind/db.perf.netas` :
```
$TTL 86400
@ IN SOA dns1.perf.netas. contact.netas. (
2
604800
86400
2419200
86400
)
@ IN NS dns1 // cette ligne là
dns1 IN A 192.168.0.1
```
Now you need to declare this new subdomain in `/etc/bind/named.conf.local` :
```
zone "perf.netas"{
type master;
file "/etc/bind/db.perf.netas";
};
```
So create the associated zone file :
```
@ IN SOA dns1.perf.netas. contact.netas. (
1
604800
86400
2419200
86400 )
@ IN NS dns1
dns1 IN A <IP de dns1>
```
Complete the field file to include the **A** entries pointing to **p1** and **p2**, so add the line :
```
p1 IN A 10.0.3.1
p2 IN A 10.0.3.2
```
Check your configuration from **client1** using the **ping** and **host** commands, it should look like this :
In order to distribute the computational load between these two servers, you need to associate the same **A** entry for the **scale.perf.netas** address to both **p1** and **p2** servers, add in `/etc/bind/db.perf.netas` :
```
scale IN A <IP de p1>
scale IN A <IP de p2>
```
On **client1**, check that the returned address changes pseudo-randomly (with the ping command).
On **client1** and **client2**, install the programs iperf :
```
apt install iperf
```
Now update the configuration of the **dns1** and **dns2** servers so that **dns2** becomes a **secondary server** of the **perf.netas** zone :
```
```
You can run throughput tests simultaneously from **client1** and **client2** to verify that the 2 servers **p1** and **p2** are used in parallel :
```
iperf -t 5 -c scale.perf.netas
```
*Takes between 5 and 10 seconds to return a result
Now add the reverse zone of the **perf.netas** zone on **dns1** (primary) and **dns2** (secondary).
In the file `/etc/bind/db.named.conf.local`:
```
zone "3.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.netas-rev"
};
```
**p1** and **p2** must point to the same name **scale.perf.netas**.
To do this, add the following lines to the `/etc/bind/db.netas.perf-rev` file :
```
1 IN PTR scale.perf.netas.
2 IN PTR scale.perf.netas.
```
### 4.7. Configuration of a new sub-domain
Configure a new subdomain admin.netas containing the machines a1 (alias dash.admin.netas) and a2 (alias ela.admin.netas). The zone must be primary on dns1 and secondary on dns2. Don't forget to
configure the relative reverse zone.
On dns1, add the following lines to the file `/etc/bind/db.named.conf.local` :
```
zone "admin.netas" {
type master;
file "/etc/bind/db.admin.netas";
};
zone "1.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.admin-rev";
};
```
On dns2, add the following lines to the file `/var/lib/bind/db.named.conf.local` :
```
zone "admin.netas" {
type slave;
file "/var/lib/bind/db.admin.netas";
masters { 192.168.0.1; };
};
zone "1.0.10.in-addr.arpa" {
type slave;
file "/var/lib/bind/db.admin-rev";
masters { 192.168.0.1; };
};
```
On dns1, put the following lines in the file `/etc/bind/db.admin.netas` :
```
$TTL 86400
@ IN SOA dns1.admin.netas. contact.netas. (
1
604800
86400
2419200
86400)
;
@ IN NS dns1
@ IN NS dns2
dns1 IN A 192.168.0.1
dns2 IN A 192.168.0.2
a1 IN A 10.0.1.1
dash IN CNAME a1
a2 IN A 10.0.1.2
ela IN CNAME a2
```
On dns1, put the following lines in the file `/etc/bind/db.admin.netas-rev` :
```
$TTL 86400
@ IN SOA dns1.admin.netas. contact.netas. (
1
604800
86400
2419200
86400)
;
@ IN NS dns1.admin.netas.
@ IN NS dns2.admin.netas.
1 IN PTR a1.admin.netas.
2 IN PTR a2.admin.netas.
```
As usual, you can check with the **host** and **ping** commands.
Finally, check that your configuration is working properly in the browsers of **client1** and **client2**.
You should get the following results :
Portfolio section:
This network project taught us how to set up a dns network. It gave us a lot of knowledge on the administration of a network, we now feel more comfortable with the use of networks file and their utility.
Sign in with Wallet
Connect another wallet