DHCP and DNS are the most basic services (and why not the most important) in a local network and Internet. We have worked with them before, such as in the guide Samba 4, but today we will see how to configure them independently of other services already have available in our local network. Precisely because of its importance, we will see some theoretical concepts taken from the book of Configuring Servers Free Range Joel Barrios first.
DHCP (Dynamic Host Configuration Protocol)
It is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnet mask, gateway, etc.) from a DHCP server. Its main purpose is to make easier to manage large networks. DHCP existed since 1993 as a standard protocol and is described in detail in RFC 2131.
Without the help of a DHCP server should be configured manually each IP address of each host belonging to a Local Area Network. If a host moves to another location where there is another local area network, you will need to configure a different order to join this new Local Area Network IP address. A DHCP server then monitors and distributes IP addresses from a Local Area Network assigning an IP address to each host to join the Local Area Network. When, for one example, a laptop is configured to use DHCP, the latter will be assigned an IP address necessary network variables to join each Local Area Network where it is located.
There are three methods of allocation in the DHCP protocol:
It is a distributed database and hierarchical database that stores the information needed for domain names. Its main uses are assigning domain names to IP addresses and the location of the corresponding email servers for each domain. The DNS was born from the need to provide human access to available servers on the Internet allowing it for a name, something easier to remember than IP address.
The DNS servers use TCP and UDP port 53 to answer queries. Almost all queries consist of a single UDP request from a DNS client, followed by a single UDP response from the server. A TCP connection is made when the size of the response data exceeding 512 bytes, as with tasks such as transferring areas.
DNS components
DNS operates through three components: Client DNS, DNS Servers and Zones Authority.
DNS Clients: These are programs running that generate a user requests to resolve names. Basically ask for the IP address corresponding to a given name.
DNS servers: These are services that answer the queries made by the DNS Client. There are two types of name servers:
Allow the Primary Master Server or upload information from an area. Each Zone Authority covers at least one domain and possibly its sub-domains, if the latter are impossible to delegate authority to other areas. The information in each Zone Authority is stored locally in a file on the DNS server. This file may include various types of records:
Configure the network interface
Forward Zone
Permits
You must have the DHCP service on this also for any eventuality, but it's good to deliver the IP in a different range to the primary to avoid conflicts of duplicity on the local network.
Configure the network interface
Forward Zone
Permits
More information and resources:
https://www.isc.org/downloads/bind/
https://www.isc.org/downloads/DHCP/
Configuring Servers with GNU / Linux
Help commands:
man named_selinux
man dhcpd_selinux
man dhcp-options
It is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnet mask, gateway, etc.) from a DHCP server. Its main purpose is to make easier to manage large networks. DHCP existed since 1993 as a standard protocol and is described in detail in RFC 2131.
Without the help of a DHCP server should be configured manually each IP address of each host belonging to a Local Area Network. If a host moves to another location where there is another local area network, you will need to configure a different order to join this new Local Area Network IP address. A DHCP server then monitors and distributes IP addresses from a Local Area Network assigning an IP address to each host to join the Local Area Network. When, for one example, a laptop is configured to use DHCP, the latter will be assigned an IP address necessary network variables to join each Local Area Network where it is located.
There are three methods of allocation in the DHCP protocol:
- Manual Assignment: The assignment uses a table with MAC addresses (acronym for Media Access Control Address, which translates to address Medium Access Control). Only hosts with a MAC address defined in the table receive the IP assigned to the same table. This is done through the hardware ethernet option combined with deny unknown-clients.
- Automatic assignment: An IP address available within a certain range is permanently assigned to the host who requests it.
- Dynamic allocation: It is arbitrarily determined a range of IP addresses and each host on the network is configured to request its IP address to the server when the network device is started, using a controllable time interval (options default-lease-time and max -read-time), so that the allocation of IP addresses is temporarily and reused them dynamically.
It is a distributed database and hierarchical database that stores the information needed for domain names. Its main uses are assigning domain names to IP addresses and the location of the corresponding email servers for each domain. The DNS was born from the need to provide human access to available servers on the Internet allowing it for a name, something easier to remember than IP address.
The DNS servers use TCP and UDP port 53 to answer queries. Almost all queries consist of a single UDP request from a DNS client, followed by a single UDP response from the server. A TCP connection is made when the size of the response data exceeding 512 bytes, as with tasks such as transferring areas.
DNS components
DNS operates through three components: Client DNS, DNS Servers and Zones Authority.
DNS Clients: These are programs running that generate a user requests to resolve names. Basically ask for the IP address corresponding to a given name.
DNS servers: These are services that answer the queries made by the DNS Client. There are two types of name servers:
- Master Server: Also called Primary. Domain data obtained from a file hosted on the same server.
- Slave Server: Also known as Secondary. When you start domain data obtained through a master (or primary) server, performing a process called zone transfer.
- Iterative queries (non-recursive): The client queries the DNS server and it responds with the best answer that can be given based on its cache or local areas. If it is impossible to give an answer, the query is forwarded to another DNS server repeating this process until you find the DNS server that has the Area Authority able to resolve the query.
- Recursive Queries: The DNS server assumes the entire burden of providing a complete answer to the query made by the DNS Client. The DNS server then develops Iterative queries to other DNS servers separate (rather than the DNS Client) to obtain the requested response.
Allow the Primary Master Server or upload information from an area. Each Zone Authority covers at least one domain and possibly its sub-domains, if the latter are impossible to delegate authority to other areas. The information in each Zone Authority is stored locally in a file on the DNS server. This file may include various types of records:
- A (Address): Address record, which resolves a host name to an IPv4 address 32 bits.
- AAAA Address record that resolves a host name to an IPv6 address 128 bits.
- CNAME (Canonical Name): Registration canonical name that makes a name is alias of another. Domains with alias obtained subdomains and DNS records of the original domain.
- MX (Mail Exchanger) Registering mail server used to define a list of mail servers for a domain, and the priority between them.
- PTR (Pointer): Registration pointer that resolves IPv4 addresses to host names. That is, does the opposite registration A. Used in areas Inverse Resolution.
- NS (Name Server): Registration of name server, used to define a list of authoritative name servers for a domain.
- SOA (Start of Authority): Record start of authority, responsible for specifying the DNS master (or primary) server to provide authoritative information about an Internet domain, email the administrator, the domain serial number and time parameters for the zone.
- SRV (Service): Service records, responsible for specifying information about services available through the domain. Protocols such as SIP (Session Initiation Protocol) and XMPP (Extensible Messaging and Presence Protocol) often require SRV records in the area to provide information to customers.
- TXT (Text): Text Records, responsible for allowing the administrator to insert arbitrary text into a DNS record. This type of registration is widely used by servers blacklisting DNSBL (DNS-based Blackhole List) for filtering spam. Another example of use would be the case of VPN, which usually required a TXT record to define a digital signature to be used by customers.
- Forwarding areas. They return IP addresses for searches made for FQDN (Fully Qualified Domain Name) names. In the case of public domain, responsibility for which there is an Area Authority for each zone Forwarding, corresponds to the same domain authority, ie who is registered as authority for the domain's WHOIS database where it is registered the domain. Those who acquire domains through a NIC (eg www.nic.mx) are those who should take charge of Zones Forwarding either through its own DNS server or through your ISP DNS servers. Except in the case of a domain for use in a local network, all domain should be first dealt with NIC, as a requirement to have legal right to use and to propagate through the Internet.
- Reverse Resolution zones. They return FQDN (Fully Qualified Domain Name) names for searches made for IP addresses. For segments of public network, responsibility for which there is a Zone Authority for each Zone Reverse Resolution, corresponds to the same authority segment, ie for a party who is registered as authority block IP addresses, information which can be obtained to query a WHOIS database. Large ISP and some businesses are who are in charge of Reverse Resolution Zones.
Network: 192.168.1.0/24 Primary DNS Server (Master): OS: CentOS 6.5 Hostname: masterdns.fcld.local IP Address: 192.168.1.90 Secondary DNS Server (Slave): OS: CentOS 6.5 Hostname: slavedns.fcld.local IP Address: 192.168.1.91 rainbox OS: Ubuntu Hostname: rainbox.fcld.local IP Address: 192.168.1.100SET PRIMARY DNS
Configure the network interface
[Root @ masterdns ~] # nano / etc / sysconfig / network-scripts / ifcfg-eth0 DEVICE = eth0 BOOTPROTO = none NM_CONTROLLED = no ONBOOT = yes TYPE = Ethernet IPADDR = 192.168.1.90 NETMASK = 255.255.255.0 GATEWAY = 192.168.1.1Restart the network service and ensure that start at boot with iptables
[Root @ masterdns ~] # service network restart [Root @ masterdns ~] # chkconfig network on [Root @ masterdns ~] # chkconfig iptables onInstall Bind and DHCP
[Root @ masterdns ~] # yum install -y dhcp bind bind-utils bind-libs bind-sdb
Configure the DHCP service. It should include directives to update DNS zones automatically, as they're adding clients to the domain. Edit the dhcpd.conf, being as follows masterdns root @ ~] # cat /etc/dhcp/dhcpd.conf # # DHCP Server Configuration file. # See /usr/share/doc/dhcp*/dhcpd.conf.sample # See 'man 5 dhcpd.conf' # ddns-update-style interim; ddns-updates on; ddns-domainname "fcld.local."; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; default-lease-time 900; max-lease-time 7200; option domain-name "fcld.local"; option domain-name-servers 192.168.1.90, 192.168.1.91; option netbios-name-servers 192.168.1.90, 192.168.1.91; ntp-servers option 0.pool.ntp.org; authoritative; include "/etc/rndc.key"; localdomain zone. { primary 127.0.0.1; key rndc-key; } 1.168.192.in.addr.arpa zone. { primary 127.0.0.1; key rndc-key; } fcld.local zone. { primary 127.0.0.1; key rndc-key; } subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.149; option broadcast-address 192.168.1.255; option routers 192.168.1.1; }SETTING THE SERVICE NAMED. Edit named.conf, being as follows
[Root @ masterdns ~] # nano /etc/named.conf // // Named.conf // // Provided by Red Hat package bind to configure the ISC BIND named (8) DNS // Server as a caching only nameserver (DNS resolve as to localhost only). // // See / usr / share / doc / bind * / sample / for example named configuration files. // options { listen-on port 53 {127.0.0.1; 192.168.1.90; }; listen-on-v6 port 53 {:: 1; }; directory "/ var / named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {localhost; 192.168.1.0/24; }; allow-update {localhost; 192.168.1.0/24; }; allow-transfer {localhost; 192.168.1.91; }; forwarders {8.8.8.8; 8.8.4.4; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; / * Path to ISC DLV key * / bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/ var / named / dynamic"; }; logging { default_debug channel { file "data / named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "fcld.local" IN { type master; file "dynamic / fcld.local.zone"; allow-update {localhost; 192.168.1.0/24; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "dynamic / 1.168.192.in-addr.arpa.zone"; allow-update {localhost; 192.168.1.0/24; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/rndc.key";CREATE FILE OF AREAS
Forward Zone
[Root @ masterdns ~] # nano /var/named/dynamic/fcld.local.zone $ TTL 86400 @ IN SOA masterdns.fcld.local. root.fcld.local. ( 2011071001; Serial 3600; Refresh 1800; Retry 604800; Expire 86400; Minimum TTL ) @ IN NS masterdns.fcld.local. @ IN NS slavedns.fcld.local. @ IN A 192.168.1.90 @ IN A 192.168.1.91 masterdns IN A 192.168.1.90 slavedns IN A 192.168.1.91Reverse Zone
[Root @ masterdns ~] # vi /var/named/dynamic/1.168.192.in-addr.arpa.zone $ TTL 86400 @ IN SOA masterdns.fcld.local. root.fcld.local. ( 2011071001; Serial 3600; Refresh 1800; Retry 604800; Expire 86400; Minimum TTL ) @ IN NS masterdns.fcld.local. @ IN NS slavedns.fcld.local. @ IN PTR fcld.local. masterdns IN A 192.168.1.90 slavedns IN A 192.168.1.91 90 IN PTR masterdns.fcld.local. 91 IN PTR slavedns.fcld.local.TEST CONFIGURATION FILES
[Root @ masterdns ~] # named-checkconf /etc/named.conf /etc/named.conf:54: open: /etc/rndc.key: file not found [Root @ masterdns ~] # named-checkzone fcld.local /var/named/dynamic/fcld.local.zone fcld.local zone / IN: loaded serial 2011071001 OK [Root @ masterdns ~] # named-checkzone fcld.local /var/named/dynamic/1.168.192.in-addr.arpa.zone fcld.local zone / IN: loaded serial 2011071001 OKHOME SERVICES named and dhcpd
[Root @ masterdns ~] # service named start Generating /etc/rndc.key: [OK] Starting named: [OK] [Root @ masterdns ~] # service dhcpd start Starting dhcpd: [OK] [Root @ masterdns ~] # chkconfig named on [Root @ masterdns ~] # chkconfig dhcpd onSECURITY SETTINGS: Permits, Iptables and SELinux
Permits
[Root @ masterdns ~] # chmod 640 /var/named/dynamic/fcld.local.zone [Root @ masterdns ~] # chmod 640 /var/named/dynamic/1.168.192.in-addr.arpa.zone [Root @ masterdns ~] # chown named: named /var/named/dynamic/fcld.local.zone [Root @ masterdns ~] # chown named: named /var/named/dynamic/1.168.192.in-addr.arpa.zone [Root @ masterdns ~] # chown root: named /etc/rndc.keyIptables
[Root @ masterdns ~] # iptables -t filter -I INPUT -s 192.168.1.0/24 -p tcp 7 -m tcp --dport 53 -j ACCEPT [Root @ masterdns ~] # iptables -t filter -I INPUT 8 -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT [Root @ masterdns ~] # service iptables save [Root @ masterdns ~] # service iptables restart iptables: Flushing firewall rules: [OK] iptables: Setting chains to policy ACCEPT: filter [OK] iptables: Unloading modules: [OK] iptables: Applying firewall rules: [OK]Selinux
[Root @ masterdns ~] # chcon -t named_zone_t /var/named/dynamic/fcld.local.zone [Root @ masterdns ~] # chcon -t named_zone_t /var/named/dynamic/1.168.192.in-addr.arpa.zone [Root @ masterdns ~] # chcon -t -u system_u -r object_r named_conf_t /etc/named.conf [Root @ masterdns ~] # setsebool -P named_write_master_zones 1SAME NEED YOUR sevidor DNS DNS
[Root @ masterdns ~] # nano /etc/resolv.conf domain fcld.local nameserver 192.168.1.90 nameserver 192.168.1.91DNS SERVER TESTING
[Root @ masterdns ~] # dig masterdns.fcld.local ; << >> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 << >> masterdns.fcld.local ;; Global options: + cmd ;; Got answer: ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ; Masterdns.fcld.local. IN A ;; ANSWER SECTION: masterdns.fcld.local. 86400 IN A 192.168.1.90 ;; AUTHORITY SECTION: fcld.local. 86400 IN NS masterdns.fcld.local. fcld.local. 86400 IN NS slavedns.fcld.local. ;; ADDITIONAL SECTION: slavedns.fcld.local. 86400 IN A 192.168.1.91 ;; Query time: 2 msec ;; SERVER: 192.168.1.91 # 53 (192.168.1.91) ;; WHEN: Tue July 8 23:24:44 2014 ;; MSG SIZE rcvd: 107
[Root @ masterdns ~] # nslookup masterdns.fcld.local Server: 127.0.0.1 Address: 127.0.0.1 # 53 Name: masterdns.fcld.local Address: 192.168.1.90SETTING THE SLAVE OR SECONDARY DNS.
You must have the DHCP service on this also for any eventuality, but it's good to deliver the IP in a different range to the primary to avoid conflicts of duplicity on the local network.
Configure the network interface
[Root @ slavedns ~] # vi / etc / sysconfig / network-scripts / ifcfg-eth0 DEVICE = eth0 BOOTPROTO = none NM_CONTROLLED = no ONBOOT = yes TYPE = Ethernet DEFROUTE = yes IPADDR = 192.168.1.91 NETMASK = 255.255.255.0 GATEWAY = 192.168.1.1 [Root @ slavedns ~] # service network restart [Root @ slavedns ~] # chkconfig network on [Root @ slavedns ~] # chkconfig iptables onInstall the required packages hereinafter
[Root @ slavedns ~] # yum install -y dhcp bind bind-utils bind-libs bind-sdb
Edit named.conf [Root @ slavedns ~] # cat /etc/named.conf // // Named.conf // // Provided by Red Hat package bind to configure the ISC BIND named (8) DNS // Server as a caching only nameserver (DNS resolve as to localhost only). // // See / usr / share / doc / bind * / sample / for example named configuration files. // options { listen-on port 53 {127.0.0.1; 192.168.1.91; }; listen-on-v6 port 53 {:: 1; }; directory "/ var / named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {localhost; 192.168.1.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; / * Path to ISC DLV key * / bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/ var / named / dynamic"; }; logging { default_debug channel { file "data / named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "fcld.local" IN { type slave; file "dynamic / fcld.local.zone"; masters {192.168.1.90; }; allow-update {localhost; 192.168.1.0/24; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "dynamic / 1.168.192.in-addr.arpa.zone"; masters {192.168.1.90; }; allow-update {192.168.1.0/24; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/rndc.key";CREATE FILE OF AREAS
Forward Zone
[Root @ slavedns ~] # nano /var/named/dynamic/fcld.local.zone $ TTL 86400 @ IN SOA slavedns.fcld.local. root.fcld.local. ( 2011071001; Serial 3600; Refresh 1800; Retry 604800; Expire 86400; Minimum TTL ) @ IN NS masterdns.fcld.local. @ IN NS slavedns.fcld.local. @ IN A 192.168.1.90 @ IN A 192.168.1.91 masterdns IN A 192.168.1.90 slavedns IN A 192.168.1.91Reverse Zone
[Root @ slavedns ~] # nano /var/named/dynamic/1.168.192.in-addr.arpa.zone $ TTL 86400 @ IN SOA slavedns.fcld.local. root.fcld.local. ( 2011071001; Serial 3600; Refresh 1800; Retry 604800; Expire 86400; Minimum TTL ) @ IN NS masterdns.fcld.local. @ IN NS slavedns.fcld.local. @ IN PTR fcld.local. masterdns IN A 192.168.1.90 slavedns IN A 192.168.1.91 90 IN PTR masterdns.fcld.local. 91 IN PTR slavedns.fcld.local.TEST CONFIGURATION FILES
[Root @ slavedns ~] # named-checkconf /etc/named.conf [Root @ slavedns ~] # named-checkzone fcld.local /var/named/fcld.local.zone fcld.local zone / IN: loaded serial 2011071001 OK [Root @ slavedns ~] # named-checkzone fcld.local /var/named/1.168.192.in-addr.arpa.zone fcld.local zone / IN: loaded serial 2011071001 OKSTART THE SERVICE BIND
[Root @ slavedns ~] # service named start Generating /etc/rndc.key: [OK] Starting named: [OK] [Root @ slavedns ~] # chkconfig named onSECURITY SETTINGS: Permits, Iptables and SELinux
Permits
[Root @ slavedns ~] # chmod 640 /var/named/dynamic/fcld.local.zone [Root @ slavedns ~] # chmod 640 /var/named/dynamic/1.168.192.in-addr.arpa.zone [Root @ slavedns ~] # chown named: named /var/named/dynamic/fcld.local.zone [Root @ slavedns ~] # chown named: named /var/named/dynamic/1.168.192.in-addr.arpa.zone [Root @ slavedns ~] # chown root: named /etc/rndc.keyIptables
[Root @ slavedns ~] # iptables -t filter -I INPUT -s 192.168.1.0/24 -p tcp 7 -m tcp --dport 53 -j ACCEPT [Root @ slavedns ~] # iptables -t filter -I INPUT 8 -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT [Root @ slavedns ~] # service iptables save [Root @ slavedns ~] # service iptables restart iptables: Flushing firewall rules: [OK] iptables: Setting chains to policy ACCEPT: filter [OK] iptables: Unloading modules: [OK] iptables: Applying firewall rules: [OK]Selinux
[Root @ slavedns ~] # chcon -t named_zone_t /var/named/dynamic/fcld.local.zone [Root @ slavedns ~] # chcon -t named_zone_t /var/named/dynamic/1.168.192.in-addr.arpa.zone [Root @ slavedns ~] # chcon -t -u system_u -r object_r named_conf_t /etc/named.conf [Root @ slavedns ~] # setsebool -P named_write_master_zones 1SAME NEED YOUR sevidor DNS DNS
[Root @ slavedns ~] # nano /etc/resolv.conf domain fcld.local nameserver 192.168.1.91 nameserver 192.168.1.90We verify that you are replicating the Primary DNS the two zones
[Root @ slavedns ~] # cat /var/named/dynamic/fcld.local.zone $ ORIGIN. $ TTL 86400; 1 day fcld.local IN SOA masterdns.fcld.local. root.fcld.local. ( 2011071011; serial 3600; refresh (1 hour) 1800; retry (30 minutes) 604800; expire (1 week) 86400; minimum (1 day) ) Masterdns.fcld.local NS. Slavedns.fcld.local NS. $ ORIGIN fcld.local. masterdns A 192.168.1.90 $ TTL 450; 7 minutes 30 seconds rainbox A 192.168.1.100 Antergos A 192.168.1.101 TXT "00ab356015937976bb3b430561702829aa" $ TTL 86400; 1 day slavedns A 192.168.1.91
[Root @ slavedns ~] # cat /var/named/dynamic/1.168.192.in-addr.arpa.zone $ ORIGIN. $ TTL 86400; 1 day 1.168.192.in-addr.arpa IN SOA masterdns.fcld.local. root.fcld.local. ( 2011071008; serial 3600; refresh (1 hour) 1800; retry (30 minutes) 604800; expire (1 week) 86400; minimum (1 day) ) Masterdns.fcld.local NS. Slavedns.fcld.local NS. $ ORIGIN 1.168.192.in-addr.arpa. $ TTL 21600; 6 hours 100 PTR rainbox.fcld.local. PTR 101 Antergos.fcld.local. $ TTL 86400; 1 day 90 masterdns.fcld.local PTR. 91 slavedns.fcld.local PTR.From the client do consultations with the host command
fraterneo @ rainbox: ~ $ host masterdns masterdns.fcld.local has address 192.168.1.90 fraterneo @ rainbox: ~ $ host rainbox rainbox.fcld.local has address 192.168.1.100Finally we have a resolution service DNS domain names in our local network, which will be updated automatically via DHCP to the extent that the hosts connect to the network.
More information and resources:
https://www.isc.org/downloads/bind/
https://www.isc.org/downloads/DHCP/
Configuring Servers with GNU / Linux
Help commands:
man named_selinux
man dhcpd_selinux
man dhcp-options
No comments:
Post a Comment
Terima kasih atas komentarnya