Skip to content
Snippets Groups Projects
Commit 9c6b0fe5 authored by Goik Martin's avatar Goik Martin
Browse files

Zone corrections

parent 6e85cc73
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 54 additions and 41 deletions
Doc/Sdi/Dns/dns.xml
+ 54
41
View file @ 9c6b0fe5
......@@ -200,7 +200,8 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
</section>
<section xml:id="sdiBindInstall">
<title>Installing <xref linkend="glo_Soft_Bind"/></title>
<title>Installing and configuring <xref
linkend="glo_Soft_Bind"/></title>
<para>You may follow:</para>
......@@ -225,33 +226,33 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
</itemizedlist>
<para>Install the <productname>bind9</productname> server package on
your <quote>a</quote> virtual machine. The MI department has already set
up a <xref linkend="glo_DNS"/> service for
your first <quote>A</quote> virtual machine. The MI department has
already set up a <xref linkend="glo_DNS"/> service for
<code>mi.hdm-stuttgart.de</code>. But regarding upcoming exercises we
want to be able configuring private host aliases.</para>
<para>Consider the example virtual machine
<code>sdi04a.mi.hdm-stuttgart.de / 141.62.75.104</code> hosting a <xref
linkend="glo_DNS"/> server. Create a complete new zone describing a
domain sdi4<code>.mi.hdm-stuttgart.de</code> containing both your
machine's <code>sdi04a.sdi4.mi.hdm-stuttgart.de</code> and
<code>sdi04b.sdi4.mi.hdm-stuttgart.de</code> address records. Your <xref
<para>If you are a member of <abbrev>e.g.</abbrev> group 7 <code>then
sdi04a.mi.hdm-stuttgart.de </code>will host your <xref
linkend="glo_DNS"/> server. Create a complete new zone
<code>g7.sdi.mi.hdm-stuttgart.de</code> containing both your machines
<code>sdia.g7.sdi.mi.hdm-stuttgart.de</code> and
<code>sdib.g7.sdi.mi.hdm-stuttgart.de</code> address records. Your <xref
linkend="glo_DNS"/> server should provide at least the following
data:</para>
<glosslist>
<glossentry>
<glossterm>Your sdi4.mi.hdm-stuttgart.de domain's primary
<glossterm>Your g7.sdi.mi.hdm-stuttgart.de domain's primary
nameserver</glossterm>
<glossdef>
<para>Primary name server for domain
<code>sdi4.mi.hdm-stuttgart.de</code>.</para>
<code>g7.sdi.mi.hdm-stuttgart.de</code>.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>sdi04a.sdi4.mi.hdm-stuttgart.de</glossterm>
<glossterm>vm1.g7.sdi.mi.hdm-stuttgart.de</glossterm>
<glossdef>
<para>Your first machine's host name.</para>
......@@ -259,7 +260,7 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
</glossentry>
<glossentry>
<glossterm>sdi04b.sdi4.mi.hdm-stuttgart.de</glossterm>
<glossterm>vm2.g7.sdi.mi.hdm-stuttgart.de</glossterm>
<glossdef>
<para>Your second machine's host name.</para>
......@@ -267,18 +268,19 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
</glossentry>
<glossentry>
<glossterm>www4.sdi4.mi.hdm-stuttgart.de and
www4-2.sdi4.mi.hdm-stuttgart.de</glossterm>
<glossterm>www.g7.sdi.mi.hdm-stuttgart.de and
cloud.g7.sdi.mi.hdm-stuttgart.de</glossterm>
<glossdef>
<para>An (<code>CNAME</code>) alias to
sdi04a.sdi4.mi.hdm-stuttgart.de.</para>
<para>(<code>CNAME</code>) aliases to
<code>vm1.g7.sdi.mi.hdm-stuttgart.de</code> or
<code>vm2.g7.sdi.mi.hdm-stuttgart.de</code>.</para>
</glossdef>
</glossentry>
</glosslist>
<para>All host names (albeit not yet existing) should point to your
virtual machine's IP. This requires setting up a forward zone
virtual machines' IP. This requires setting up a forward zone
file.</para>
<tip>
......@@ -308,14 +310,14 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
</listitem>
<listitem>
<para><code>www</code>4 (Future webserver, see <xref
<para><code>www</code> (Future webserver, see <xref
linkend="sdiApache"/>).</para>
</listitem>
</itemizedlist>
<para>Test your configuration using <code>dig</code> <option>@&lt;your
host-IP&gt;</option> <option>...</option> . You should be able to
resolve e.g. <code>www4.sdi4.mi.hdm-stuttgart.de</code> to your local
resolve e.g. <code>www.g7.sdi.mi.hdm-stuttgart.de</code> to your local
host's IP address.</para>
</section>
......@@ -325,15 +327,15 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
<para>Define a reverse zone file to answer queries asking for an IP
address' machine name <abbrev>i.e.</abbrev> resolving
<code>141.62.75.104</code> to
<code>sdi04a.mi.hdm-stuttgart.de</code>.</para>
<code>vm1.g7.sdi.mi.hdm-stuttgart.de</code>.</para>
</section>
<section xml:id="sdiDnsForwarder">
<title>Forwarders</title>
<para>Enable recursive queries to parent name servers enabling your name
server to resolve external machines like <code>www.w3.org</code> by
delegation.</para>
<para>Enable recursive queries to parent name servers enabling your own
private name server to resolve external machines like
<code>www.w3.org</code> by delegation.</para>
<tip>
<para>You may have to disable <code>DNSSEC</code> in order to allow
......@@ -344,18 +346,26 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
<section xml:id="sdiBindMx">
<title>Mail exchange record</title>
<para>Provide a mail exchange record pointing to mx1.hdm-stuttgart.de.
Test this configuration using dig accordingly.</para>
<para>Provide a mail exchange record pointing to
<code>mx1.hdm-stuttgart.de</code>. Test this configuration using
<command>dig</command> accordingly.</para>
<para>Caveat: Configuring a client machine using your name server and
sending a mail to <code>xy123@sdi04.mi.hdm-stuttgart.de</code> won't
work since <code>mail.hdm-stuttgart.de</code> will reject mails being
sent to any domain other than <code>hdm-stuttgart.de</code>.</para>
sending a mail to <code>xy123@g7.sdi.mi.hdm-stuttgart.de</code> won't
actually work since <code>mail.hdm-stuttgart.de</code> will reject mails
being sent to any domain other than certain subdomain of
<code>hdm-stuttgart.de</code>.</para>
</section>
<section xml:id="sdiDnsProjectNameServer">
<title>SDI exercises related <xref linkend="glo_DNS"/> server</title>
<para>In this part you'll transfer your current <xref
linkend="glo_DNS"/> configuration to a dedicated MI nameserver
<code>nssdi.mi.hdm-stuttgart.de</code>. This one being connected to the
global <xref linkend="glo_DNS"/> system allows for publishing your
records worldwide.</para>
<figure xml:id="sdiDnsSubdomainPerGroup">
<title>Subdomain per group</title>
......@@ -374,7 +384,9 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
<listitem>
<para>Zone edits require a subdomain specific <code>hmac</code>
secret key being provided as <filename>dnsupdate.sec</filename>
file in your course group:</para>
file in your personal group entry below the <link
xlink:href="https://learn.mi.hdm-stuttgart.de/ilias/goto.php?target=crs_33735">SDI
course</link>:</para>
<screen>hmac-sha256:mykey.<emphasis role="red">g7</emphasis>:I5sDDS3L1BU...</screen>
......@@ -387,7 +399,9 @@ hdm-stuttgart.de. 3600 IN NS iz-net-2.hdm-stuttgart.de.</screen>
</listitem>
<listitem>
<para>Edits become globally visible.</para>
<para>Edits become globally visible. Mind the TTL setting: A
higher value means you'll have to wait longer until error
corrections become visible.</para>
</listitem>
</itemizedlist>
</figure>
......@@ -413,19 +427,18 @@ nextcloud.g7.sdi.mi.hdm-stuttgart.de. 5000 IN CNAME www.g7.sdi.mi.hdm-stuttgart.
goik&gt;nsupdate -y $HMAC
&gt; server nssdi.mi.hdm-stuttgart.de
&gt; update add sdi2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de 86400 A 172.16.1.1
&gt; update add vm2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de 86400 A 141.62.75.114
&gt; send
&gt; quit
goik&gt;dig +noall +answer @nssdi.mi.hdm-stuttgart.de sdi2.<emphasis
role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de
sdi2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 86400 IN A 172.16.1.1</programlisting>
goik&gt;dig +noall +answer @nssdi.mi.hdm-stuttgart.de vm2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de
vm2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 86400 IN A 141.62.75.114</programlisting>
</figure>
<para>This entry will be globally visible:</para>
<para>This entry should now be globally visible:</para>
<programlisting language="none">&gt;dig +noall +answer sdi2.<emphasis
<programlisting language="none">&gt;dig +noall +answer vm2.<emphasis
role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de
sdi2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A 172.16.1.1</programlisting>
vm2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A 141.62.75.114</programlisting>
<figure xml:id="sdiDnsNsupdateDeleteRecord">
<title>Modify by delete/create</title>
......@@ -447,11 +460,11 @@ sdi2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A 172.1
<para>Due to caching it'll however take up to you <abbrev>SOA</abbrev>
or record specific settings for this deletion to be reflected globally.
The subsequent query result indicates another 7069 seconds to go before
issuing the next query:</para>
issuing the next update:</para>
<programlisting language="none">goik&gt;dig +noall +answer sdi2.<emphasis
<programlisting language="none">goik&gt;dig +noall +answer vm2.<emphasis
role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de
sdi2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A 172.16.1.1</programlisting>
vm2.<emphasis role="red">g7</emphasis>.sdi.mi.hdm-stuttgart.de. 7069 IN A 141.62.75.114</programlisting>
</section>
</section>
</chapter>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment