DNS Exercise - Delegation

=========================

 

In this exercise, you will create a new domain,

_something_.ghe0.dns.gh. You will create master nameservice on your own

machine, and someone else will provide slave service. Then you will ask the

administrator for the domain above you (ghe0.dns.gh) to delegate your

domain to you.

 

Firstly, note that each machine in the classroom has been given a working

DNS name: pcX.ghe0.dns.gh. Check that it is configured correctly by

using the `hostname` command - e.g. on pc18 you should see

 

>     # hostname

>     pc10.ghe0.dns.gh

 

If not, then configure your server with its name: e.g. for pc10

 

>     # hostname pc10.ghe0.dns.gh

>     # vi /etc/rc.conf

>     ...

>     hostname="pc10.ghe0.dns.gh"

>     # vi /etc/hosts

>     ...

>     41.218.234.110     pc10.ghe0.dns.gh

 

You should also be able to see your machine's hostname at the login screen

on the console:

 

>     FreeBSD/i386 (pc10.ghe0.dns.gh) (ttyv0)

>

>     login:

 

Exercise

--------

 

*   Choose a new domain, write it here:  `___________________.ghe0.dns.gh` 

    (Do not choose any of the pc names, e.g. `pc10`, as your subdomain)

 

    This could for example be the name of your country code or country name, but

    REMEMBER that someone might pick the same name!  First come, first serve.

 

*   Find someone who will agree to be slave for your domain. Please find

    someone across the room (Remember RFC2182: secondaries must be on remote

    networks in real life). You can have more than one slave if you wish.

 

*   Create your zone file in `/etc/namedb/master/xxxxxx.ghe0.dns.gh`

    (where xxxxxx is your chosen domain)

 

    >     $TTL 10m

    >     @       IN      SOA     pcX.ghe0.dns.gh. yourname.example.com. (

    >                                     2008052801    ; Serial

    >                                     10m           ; Refresh

    >                                     10m           ; Retry

    >                                     4w            ; Expire

    >                                     10m )         ; Negative

    >

    >                 IN      NS      pcX.ghe0.dns.gh.   ; master

    >                 IN      NS      pcY.ghe0.dns.gh.   ; slave

    >

    >     www     IN      A       41.218.234.X             ; your own IP

 

    Replace `yourname.example.com.` with your home E-mail address, changing

    "@" to "." and adding a "." to the end.

 

    We have chosen purposely low values for TTL, refresh, and retry to make

    it easier to fix problems in the classroom. For a production domain you

    would use higher values, e.g. `$TTL 1d`

 

*   Edit `/etc/namedb/named.conf` to configure your machine as master for

    your domain:

 

      zone ”zone.name” { type master; file ”master/zone.name.txt”; };

 

    Pay attention to the ';' and '}' !

 

*   Check that your config file and zone file are valid, and then reload the

    nameserver daemon:

 

        # named-checkconf

        # named-checkzone xxxxxx.ghe0.dns.gh /etc/namedb/master/xxxxxx.ghe0.dns.gh

 

    *If there are any errors, correct them*

 

*   Enable named in your server's configuration, by editing the file

    /etc/rc.conf and adding, if this is not already done (it should be).

 

        named_enable="YES"

 

    Start named with

 

        # /etc/rc.d/named start

 

    Check the result with

 

        # tail /var/log/messages

 

    *If there are any errors, correct them*. Some configuration errors can

    cause the daemon to die completely, in which case you may have to

    start it again:

 

        # /etc/rc.d/named restart

 

*   Assist your slaves to configure themselves as slave for your domain, and

    configure yourself as a slave if asked to do so by another table.

    Again, the instructions for how to do this are on the slides. If you

    have changed your `named.conf` so that you are a slave for someone

    else, make sure there are no errors in `/var/log/messages` after you

    do `rndc reload`.

 

*   Check that you and your slaves are giving authoritative answers for

    your domain:

 

        # dig +norec @41.218.234.X xxxxxx.ghe0.dns.gh. soa

        # dig +norec @41.218.234.Y xxxxxx.ghe0.dns.gh. soa

 

    Check that you get an AA (authoritative answer) from both, and that

    the serial numbers match.

 

*   Now you are ready to request delegation. Bring the following form to the

    classroom instructor:

 

        Domain name:          ___________________.ghe0.dns.gh

 

        Master nameserver:    pc____.ghe0.dns.gh

 

        Slave nameserver:     pc____.ghe0.dns.gh

 

        Slave nameserver:     pc____.ghe0.dns.gh (optional)

 

        Slave nameserver:     pc____.ghe0.dns.gh (optional)

 

*   You will not get delegation until the instructor has checked:

 

    - Your nameservers are all authoritative for your domain

    - They all have the same SOA serial number

    - The NS records within the zone match the list of servers you are

      requesting delegation for

    - The slave(s) are not on the same desk as you

 

*   Once you have delegation, try to resolve www.xxxxxx.ghe0.dns.gh:

 

    - On your own machine

    - On someone else's machine (who is not slave for you)

    - On a machine elsewhere on the Internet, if you have access to one

 

*   Add a new resource record to your zone file. Remember to update the

    serial number. Check that your slaves have updated. Try resolving this

    new name from elsewhere.