DNS and DHCP

CSCI N321 – System and Network Administration

Copyright © 2007 by Scott Orr and the Trustees of Indiana University

Section Overview

DNS Overview

Bind

DNS Record Types

DHCP

References

Internet Software Consortium

RedHat Deployment GuideChapter 17 – DNSChapter 21 – DHCP

In the beginning…

Early name resolution All addresses in shared file Never 100% accurate

/etc/hostsIP_Addr Hostname [Aliases…]

127.0.0.1 localhost.localdomain localhost

134.68.140.203 pegasus.cs.iupui.edu pegasus

Domain Name Service (DNS)

Allows for IP-Hostname translationsDistributed Hierarchical Database Hostname to IP address IP Address to Hostname Root Servers (A-M)

Mail Server addressingResolver Library callsProtocol to exchange data

DNS Management

Internet Corporation for Assigned Names and Numbers (ICANN)Registries ARIN – North America RIPE - Europe APNIC – Asian Pacific AfriNIC - Africa LACNIC – Latin America

Domain Registrars and ISPsAuthoritative DNS Servers

Whois Queries

Owner LocationDomain nameDomain DNS ServersIP Address BlockContact Information Administrative (Tech) Abuse Noc

ISC BIND

Primary DNS Server Software in useStarted as a graduate student projectVersions 4.x – Depreciated 8.x – Maintenance Development only 9.x – Active Development

Authoritative (master & slave)CachingRecursive/Non-recursive

/etc/named.conf (Config)

options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file

"/var/named/data/named_stats.txt"; // query-source address * port 53;};

controls { inet 127.0.0.1 allow { localhost; } keys

{ rndckey; };};

/etc/named.conf (Zones)zone "." IN { type hint; file "named.ca";};

zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; };};

zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; };};

zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; };};

// CS Domain Config

zone "cs.iupui.edu" { type master; file "dns.cs.iupui.edu";};

zone "140.68.134.in-addr.arpa" { type master; file "rev.134.68.140";};

include "/etc/rndc.key";

Zone Files

Typically in /var/named/Forward and reverse filesRecord Format[name] [ttl] [class] type data TTL – Time to keep data cached Class

IN (Internet) CN (ChaosNet – No longer used) HS (Hesoid – internal database)

SOA Records

Server NameContact NameSerial (Must be increased w/ change)Refresh Secondary Retry RefreshExpire non-refreshed entriesMinimum time to live

SOA Record Example

@ IN SOA klingon.cs.iupui.edu. root.klingon.cs.iupui.edu. (

2007112500 ; Serial - increase when file changes 7200 ; Refresh secondaries every 2 hours 1200 ; Retry refresh every 20 minutes 2592000 ; Expire non-refreshed entries after 30 days 7200 ) ; Minimum time-to-live is 2 hours

Name Server Records

Which name servers support this domainDoes not differentiate between master and slave serversExample:

IN NS klingon.cs.iupui.edu.

IN NS dns1.iu.edu.

IN NS dns2.iu.edu.

Address (A) Records

A Records – Maps hostnames to IP addressesFormatHostname IN A #.#.#.#

Examples:tempest IN A 134.68.140.202

pegasus IN A 134.68.140.203

enigma IN A 134.68.140.206

Pointer (PTR) Records

PTR Records – Maps IP addresses to hostnamesFormat# IN PTR FQDN.

Examples:202 IN PTR tempest.cs.iupui.edu.

203 IN PTR pegasus.cs.iupui.edu.

206 IN PTR enigma.cs.iupui.edu.

Conical Name (CNAME) Records

Aliases for hostnamesUsually associated with ServicesFormatAlias IN CNAME Hostname

Examples:imap IN CNAME tempestns IN CNAME klingonsmtp IN CNAME tempestwww IN CNAME enigmawebmail IN CNAME tempest

Mail Exchanger (MX) Records

Special records for domain email serversPrioritization and round robin capabilityFormatDomain. IN MX pri host

Examples:cs.iupui.edu. IN MX 10 tempest

cs.iupui.edu. IN MX 100 enigma

Other Record Types

Service (SVC) Associated with network Services

Text (TXT) Notes (also SPF information)

HINFO Host information (no longer used)

ISC DHCPd

Provides IP addresses to client systems Static – Based on MAC Address Dynamic – Given to unknown hosts

Optionally provides other Network settings Subnet Masks DNS Servers ( /etc.resolv.conf ) Default Gateway Network and Broadcast Addresses

Lease times

/etc/dhcpd.conf

authorative;#ddns-update-style ad-hoc;ddns-update-style none;one-lease-per-client true;

host camera { hardware ethernet

00:40:8c:5b:c1:91; fixed-address 10.234.140.21;}

# Block Bad MAC address

host ronin { hardware ethernet

00:20:e0:67:53:68;}

subnet 134.68.140.0 netmask 255.255.255.0 {

option domain-name "cs.iupui.edu"; option domain-name-servers

134.68.140.1 option subnet-mask 255.255.255.0; option broadcast-address

134.68.140.255; option routers 134.68.140.100;

pool { range 134.68.140.101

134.68.140.199; default-lease-time 7200; max-lease-time 144000; deny known clients; }}

/etc/dhcpd.leases

Active Lease Entry

lease 134.68.140.134 { starts 3 2007/12/05 04:14:12; ends 3 2007/12/05 06:14:12; binding state active; next binding state free; hardware ethernet

00:13:72:da:2c:ad; uid "\001\000\023r\332,\255"; client-hostname "in-csci-16sl247";}

Expired Lease Entry

lease 134.68.140.121 { starts 2 2007/12/04 22:45:28; ends 3 2007/12/05 00:45:28; tstp 3 2007/12/05 00:45:28; binding state free; hardware ethernet

00:18:8b:d9:d5:a9; uid "\001\000\030\213\331\325\251"; client-hostname "in-csci-lt1";}