Workshop network setup

All machines in the workshop have been assigned an address of the form 220.128.48.XX or 220.128.52.XX by the Apricot DHCP Server. We will not change those addresses.

192.168.XX.1, 192.168.XX.2 and 192.168.xx.3. Note that these addresses all are in a /16 address range, so we can connect to our colleagues.

Let's configure the interface. Note that if you use a different system than the workshop boxes you may have to replace eth0 by eth1 in the example below.

ifconfig eth0:1 inet 192.168.XX.1 netmask 255.255.0.0 broadcast 192.168.255.255

ifconfig eth0:2 inet 192.168.XX.2 netmask 255.255.0.0 broadcast 192.168.255.255ifconfig eth0:3 inet 192.168.XX.3 netmask 255.255.0.0 broadcast 192.168.255.255

Setting up a forward zone

At the workshop Joe runs the registry for a TLD called bill. Below is the registry data for this TLD.

Domain	Nameservers	Nameserver glue	Tech-C
overdue.bill	ns1.overdue.bill ns2.overdue.bill	192.168.115.1 192.168.115.2	Ed
gates.bill	ns1.gates.bill ns2.gates.bill	192.168.94.1 192.168.94.2	Arth
sunny.bill	hot.sunny.bill chilly.sunny.bill	192.168.91.1 192.168.91.2	Sunny
my.bill	not.my.bill anna.my.bill	192.168.49.1 192.168.49.2	Anna
go.bill	ns1.go.bill dont.go.bill	192.168.49.1 192.168.49.2	Suh.
ghaz.bill	month1.ghaz.bill month2.ghaz.bill	192.168.48.1 192.168.48.2	Ghaz
dia.bill	ns1.dia.bill ns2.dia.bill	192.168.50.1 192.168.50.2	Dia
fiardinkum.bill	crikey.fiardinkum.bill bonza.fiardinkum.bill	192.168.89.1 192.168.89.2	Nurani
workhard.bill	ns1.workhard.bill ns2.workhard.bill	192.168.52.1 192.168.52.2	Miwa

All participants have set up a forward zone file (see example). The participants zone is served by two servers that are bound to virtual interfaces. See the ns1.conf file for the master server ns2.conf file for the slave server for overdue.bill.

After running named-checkconf (and named-checkzone) you can start the server by typing:

named -c ns1.conf

To test if your server is running try

dig @192.168.115.1 version.bind CH TXT

The result being the version of the nameserver you run:

; <<>> DiG 9.2.2rc1 <<>> @192.168.115.1 version.bind CH TXT ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48054 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;version.bind. CH TXT ;; ANSWER SECTION: version.bind. 0 CH TXT "9.2.2rc1" ;; Query time: 20 msec ;; SERVER: 192.168.115.1#53(192.168.115.1) ;; WHEN: Thu Feb 20 15:25:43 2003 ;; MSG SIZE rcvd: 51

To test the setup try:

dig @192.168.115.1 overdue.bill soa +multiline

The response should be something similar to:

<<>> DiG 9.2.2rc1 <<>> @192.168.115.1 overdue.bill soa +multiline ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25617 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;overdue.bill. IN SOA ;; ANSWER SECTION: overdue.bill. 900 IN SOA ns1.overdue.bill. root.ns1.overdue.bill. ( 1 ; serial 100 ; refresh (1 minute 40 seconds) 200 ; retry (3 minutes 20 seconds) 15 ; expire (15 seconds) 900 ; minimum (15 minutes) ) ;; AUTHORITY SECTION: overdue.bill. 900 IN NS ns2.overdue.bill. overdue.bill. 900 IN NS ns1.overdue.bill. ;; ADDITIONAL SECTION: ns1.overdue.bill. 900 IN A 192.168.115.1 ns2.overdue.bill. 900 IN A 192.168.115.2 ;; Query time: 28 msec ;; SERVER: 192.168.115.1#53(192.168.115.1) ;; WHEN: Thu Feb 20 14:53:26 2003 ;; MSG SIZE rcvd: 139

The next thing to test is a zone transfer (which is specifically allowed in ns1.conf):

dig @192.168.115.1 overdue.bill axfr +multiline

With the result being:

; <<>> DiG 9.2.2rc1 <<>> @192.168.115.1 overdue.bill axfr +multiline ;; global options: printcmd overdue.bill. 900 IN SOA ns1.overdue.bill. root.ns1.overdue.bill. ( 1 ; serial 100 ; refresh (1 minute 40 seconds) 200 ; retry (3 minutes 20 seconds) 15 ; expire (15 seconds) 900 ; minimum (15 minutes) ) overdue.bill. 900 IN NS ns1.overdue.bill. overdue.bill. 900 IN NS ns2.overdue.bill. alias.overdue.bill. 900 IN CNAME host.overdue.bill. another-alias.overdue.bill. 900 IN CNAME ns1.gates.bill. host.overdue.bill.overdue.bill. 900 IN A 127.0.0.1 host.overdue.bill. 900 IN A 127.0.0.1 ns1.overdue.bill. 900 IN A 192.168.115.1 ns2.overdue.bill. 900 IN A 192.168.115.2 ns2.overdue.bill. 900 IN MX 10 ns1.overdue.bill. ns2.overdue.bill. 900 IN MX 20 ns2.overdue.bill. text-message.overdue.bill. 900 IN TXT "the overdue bill zone" v6node.overdue.bill. 900 IN AAAA 3ffe:817::1 overdue.bill. 900 IN SOA ns1.overdue.bill. root.ns1.overdue.bill. ( 1 ; serial 100 ; refresh (1 minute 40 seconds) 200 ; retry (3 minutes 20 seconds) 15 ; expire (15 seconds) 900 ; minimum (15 minutes) ) ;; Query time: 47 msec ;; SERVER: 192.168.115.1#53(192.168.115.1) ;; WHEN: Thu Feb 20 15:17:42 2003 ;; XFR size: 15 records (messages 1)

RNDC configuration

Copy the text in the red section to rndc.ns1.conf and copy the green section to the ns1.conf. For the workshop where we have different servers that we want to reach with rndc on 127.0.0.1 so we will configure different portnumbers (we use port 1953 in ns1.conf an rndc.ns1.conf).# Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "GG3VBkDfEYVh5vhmf3RZXw=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf

Once you restarted the master server you can use rndc to control the nameserver.

number of zones: 3 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running

Apricot 2003 Thursday Notes

The network configuration

Setting up a forward zone

RNDC configuration