nsupdate description

4c8eadb2 · Goik Martin · 715efe07 · 4c8eadb2
Commit 4c8eadb2 authored 2 years ago by Goik Martin
--- a/Doc/Sdi/Dns/dns.xml
+++ b/Doc/Sdi/Dns/dns.xml
@@ -307,8 +307,8 @@ hdm-stuttgart.de.	3600	IN	NS	iz-net-2.hdm-stuttgart.de.</screen>
    <section xml:id="sdiDnsForwarder">
      <title>Forwarders</title>

-      <para>Enable recursive queries to parent nameservers enabling your
-      nameserver to resolve external machines like <code>www.w3.org</code> by
+      <para>Enable recursive queries to parent name servers enabling your name
+      server to resolve external machines like <code>www.w3.org</code> by
      delegation.</para>

      <tip>
@@ -333,5 +333,108 @@ hdm-stuttgart.de.	3600	IN	NS	iz-net-2.hdm-stuttgart.de.</screen>
      <code>...@hdm-stuttgart.de</code> or
      <code>...@mi.hdm-stuttgart.de</code> respectively.</para>
    </section>
+
+    <section xml:id="sdiDnsProjectNameServer">
+      <title>SDI exercises related <xref linkend="glo_DNS"/> server</title>
+
+      <para>This section explains how to define two publicly visible <xref
+      linkend="glo_DNS"/> A records to your VMs. The objective is defining two
+      <code>A</code> records <code>sdi1</code> and <code>sdi2</code> within
+      your respective <xref linkend="glo_DNS"/> domain.</para>
+
+      <para>With respect to upcoming <link
+      xlink:href="sdiApacheVirtualHosts">virtual host exercises</link> the MI
+      department provides a public <xref linkend="glo_DNS"/> integrated <xref
+      linkend="glo_Soft_Bind"/> based server
+      <code>nssdi.mi.hdm-stuttgart.de</code> allowing for <xref
+      linkend="glo_CLI"/> updates. This works as follows:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Each working group being registered below <link
+          xlink:href="https://learn.mi.hdm-stuttgart.de/ilias/goto.php?target=crs_12398&amp;client_id=iliasclient1">113475
+          Software defined Infrastructure</link> has access to a respective
+          zone file defining a subdomain of
+          <code>sdi.mi.hdm-stuttgart.de</code>. </para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Assuming you belong to <emphasis role="red">group
+              3</emphasis> your corresponding subdomain is <emphasis
+              role="red"><code>g3</code></emphasis>.<code>sdi.mi.hdm-stuttgart.de</code>.</para>
+            </listitem>
+
+            <listitem>
+              <para>You'll find a <filename>dnsupdate.sec</filename> file
+              containing the secret for authorizing your individual zone's
+              management:</para>
+
+              <screen>hmac-sha256:mykey.<emphasis role="red">g3</emphasis>:I5sDDS3L1BUHNGWU2n7LEmkWJfNq/giDuXb1u076VjQ=</screen>
+
+              <note>
+                <para>The per zone secrets are being created using <link
+                xlink:href="https://manpages.ubuntu.com/manpages/jammy/man8/ddns-confgen.8.html">tsig-keygen</link>.
+                The value appearing here does not reflect a production
+                setting.</para>
+              </note>
+            </listitem>
+          </itemizedlist>
+        </listitem>
+
+        <listitem>
+          <para><link
+          xlink:href="https://linux.die.net/man/8/nsupdate">nsupdate</link>
+          allows for zone management as being explained below.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>Adding an <code>A</code> record for <acronym>e.g.</acronym> your
+      second <code>sdi2</code> VM requires:</para>
+
+      <programlisting language="bash">HMAC=hmac-sha256:mykey.<emphasis
+          role="red">g3</emphasis>:I5sDDS3L1BUHNGWU2n7LEmkWJfNq/giDuXb1u076VjQ=
+
+goik&gt;nsupdate -y $HMAC
+&gt; server nssdi.mi.hdm-stuttgart.de
+&gt; update add sdi2.<emphasis role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de 86400 A 172.16.1.1
+&gt; send
+&gt; quit
+goik&gt;dig +noall +answer @nssdi.mi.hdm-stuttgart.de sdi2.<emphasis
+          role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de
+sdi2.<emphasis role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de. 86400	IN A	172.16.1.1</programlisting>
+
+      <para>This entry will be globally visible:</para>
+
+      <programlisting language="none">goik&gt;dig +noall +answer  sdi2.<emphasis
+          role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de
+sdi2.<emphasis role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A	172.16.1.1</programlisting>
+
+      <para>You should now be able to use your VMs <xref linkend="glo_DNS"/>
+      name rather than its raw IP: </para>
+
+      <programlisting language="none">&gt;ssh ...@sdi2.<emphasis role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de</programlisting>
+
+      <para>Deleting this <xref linkend="glo_DNS"/> record works
+      accordingly:</para>
+
+      <programlisting language="none">goik&gt;nsupdate -y $HMAC
+&gt; server nssdi.mi.hdm-stuttgart.de
+&gt; 
+&gt; update del sdi2.<emphasis role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de A
+&gt; send
+&gt; quit
+goik&gt;
+goik&gt;dig +noall +answer @nssdi.mi.hdm-stuttgart.de sdi2.<emphasis
+          role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de</programlisting>
+
+      <para>Due to caching it'll however take up to you <abbrev>SOA</abbrev>
+      or record specific settings for this deletion to be reflected globally.
+      The subsequent query result indicates another 7069 seconds to go before
+      issuing the next query:</para>
+
+      <programlisting language="none">goik&gt;dig +noall +answer  sdi2.<emphasis
+          role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de
+sdi2.<emphasis role="red">g3</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A	172.16.1.1</programlisting>
+    </section>
  </section>
 </chapter>