Transcript Lecture 4

Sample DNS configurations
Example 1: Master



'master' DNS and is authoritative for this
zone for example.com
provides 'caching' services for all other
domains
provides recursive query services to local
resolvers only (a closed DNS)
Example 2: Slave




‘Slave’ DNS for this zone for example.com
Gets its information from the zone master
and is authoritative when it has a valid zone
configuration.
provides 'caching' services for all other
domains
provides recursive query services to local
resolvers only (a closed DNS)
Example 3: Caching only
server

The name server is not a 'master' or 'slave'
for any domain




All BIND servers will cache previous queries until
TTL expires
Provides 'caching' services for all other
domains
Provides recursive query services to local
resolvers only (a closed DNS)
[Could act as caching only for some
domains, master for other domains (zones)]
Example 4: Forwarding server
Also known as Proxy, Remote and Client Server
The name server is not a 'master' or 'slave' for any
domain
All requests are forwarded to the specified
forwarders






Only means it will stop if the forwarders have no answer
default is first – start with forwarders and then look
elsewhere
Reduces network traffic – particularly over a slow
link.
Example 5: Stealth server



Also known as DMZ or Split Server
Need for a public DNS to enable access to
web, mail ftp etc..
Does not want the world to see any of its
internal hosts either by interrogation (query
or zone transfer) or should the DNS service
be compromised.
Example 5: Stealth server

How?
Example 5: Stealth server


The zone file for the 'Stealth' server will
contain both public and private hosts
Whereas the 'Public' server's master zone file
will contain only public hosts.

Options such as 'master', 'allow-notify','allowtransfer' must not refer to the Stealth Server
DHCP
Dynamic Host Configuration Protocol
DHCP




Dynamic Host Configuration Protocol
Provides services to both DHCP and BOOTP clients
DHCP/BOOTP Clients request and are granted IP
addresses (and other information about themselves
and the network)
Best to have only one machine on an Ethernet
segment (VLAN) is designated a DHCP server
DHCP Service Profile

System-V Managed Service




Daemon: dhcpd
Script: dhcpd
Ports: 67 (bootps) 68 (bootpc)
Configuration:



/etc/dhcpd.conf
/var/lib/dhcp/dhcp.leases
Client: dhclient
DHCP Configuration



/etc/dhcpd.conf
Must have a broadcast address specified for
the relevant interface (ifconfig)
Leases are recorded in


/var/lib/dhcp/dhcpd.leases
as they are assigned
DHCP
DHCP Information

Typically a DHCP server will supply information
about






the network’s subnet address and mask
The default gateway
Domain Name and DNS Servers
Locations of kick-start configuration files (for diskless
clients)
DHCP is a superset of BOOTP
BOOTP does not have the notion of a ‘lease’ period
DHCP – How it works

DHCP Client sends a DHCP Discover
message



Subnet broadcast address as destination
0.0.0.0 as source address
DHCP server responds with a DHCP Offer
message

Includes a suggested IP address to use
DHCP – How it works



DHCP Client receives DHCP Offer and sends
DHCP Request Message
DHCP Server receives DHCP Request and
sends a DHCP Ack message
DHCP Client receives DHCP Ack message


Configures TCP/IP stack to use the address
Other messages:


DHCP Inform
DHCP Release
Configuration in /etc/dhcp.conf
#global settings
option domain-name “example.com”
option domain-name-servers 192.158.0.254
default –lease-time 21600 # 6 hours to expiry
max-lease-time 43200 # max lease time
Dynamic/Static IP Addresses

IP addresses are either assigned



dynamically from a pool of available addresses or
Statically, based on the MAC address of the
requesting machine. This is usually called a
reservation
The assigned IP address is made available for a
configurable amount of time, the ‘lease’ period,
and may be renewed by the client
DHCP Configuration by scope
# DHCP scope settings
subnet 192.168.0.0 netmask 255.255.255.0
{
range 192.168.0.128 192.168.0.250;
option domain-name “example.com”;
option routers 192.168.0.254;
host station1{
hardware ethernet 00:ab:08:33:cd:92;
fixed-address 192.168.0.129;
}
}