home       inleiding       sysadmin       services       links       bash       werk       nothing      

DNS -- reverse zone

 
Theorie -- zie linux-servers dr. Paul Cobbaut H4 en H5
 
extra informatie: DNS for rocket scientists
 

1. reverse mapping
    
   We willen ip-adressen van domein01.crazy kunnen omzetten naar hun domeinnaam.
    
   We gebruiken de servers van DNS1.
    
   We moeten een reverse-zone cre-eren:
   • de zone file zelf ....
   • een extra 'entry' in de /etc/bind/named.conf.local file
      
2. reverse zone file
    
   /etc/bind/16.172.in-addr.arpa.zone

   $TTL    86400 ; 24 hours, could have been written as 24h or 1d
   @  1D  IN    SOA ns1.domein01.crazy.    root.domein01.crazy. (
                 2016091512 ; serial
                 3H ; refresh
                 15 ; retry
                 1w ; expire
                 3h ; minimum
                )
   ; Name servers for the zone 
    IN  NS ns1.domein01.crazy.
    IN  NS ns2.domein01.crazy.
   ; server host definitions
   $ORIGIN 16.172.IN-ADDR.ARPA.
   1.10    IN  PTR     ns1.domein01.crazy.
   2.10    IN  PTR     ns2.domein02.crazy.         
   25.10   IN  PTR     apache.domein01.crazy.
   100.10  IN  PTR     mail.domein01.crazy.
   ; non server domain hosts
   10.255   IN  PTR        lynx.domein01.crazy.

    

3. named.conf.local
    
   We voegen de zone definitie toe aan de file
   /etc/bind/named.conf.local

   //
   // Do any local configuration here
   //
   zone "domein01.crazy" {
       type master;
       notify no;
       file "/etc/bind/domein01.crazy.zone";
   };
    
   zone "16.172.in-addr.arpa" {
   type master;
   notify no;
   file "/etc/bind/16.172.in-addr.arpa.zone";
   allow-update { none; };
   allow-query { 172.16.0.0/16; };
   };

    

4. service herstarten
    
   service restart:
    
   $ sudo service bind9 restart
[sudo] password for user: xxxxxxxx
Stopping domain name service... bind9
waiting for pid 2105 to die [ OK ]
Starting domain name service... bind9 [ OK ]
    
   PID controlleren:
    
   $ ps -A | grep named
2423 ? 00:00:00 named
    
   log files controlleren:
    
   user@ns1:/etc/bind$ tail -n 30 /var/log/syslog

   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 123.100.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 124.100.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 125.100.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 126.100.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 127.100.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 254.169.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: D.F.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 8.E.F.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 9.E.F.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: A.E.F.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: B.E.F.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
   Sep 15 13:27:35 localhost named[2423]: command channel listening on 127.0.0.1#953
   Sep 15 13:27:35 localhost named[2423]: command channel listening on ::1#953
   Sep 15 13:27:35 localhost named[2423]: managed-keys-zone: journal file is out of date: removing journal file
   Sep 15 13:27:35 localhost named[2423]: managed-keys-zone: loaded serial 9
   Sep 15 13:27:35 localhost named[2423]: zone 0.in-addr.arpa/IN: loaded serial 1
   Sep 15 13:27:35 localhost named[2423]: zone 127.in-addr.arpa/IN: loaded serial 1
   Sep 15 13:27:35 localhost named[2423]: zone 16.172.in-addr.arpa/IN: loaded serial 2016091512
   Sep 15 13:27:35 localhost named[2423]: zone domein01.crazy/IN: loaded serial 2016090801
   Sep 15 13:27:35 localhost named[2423]: zone 255.in-addr.arpa/IN: loaded serial 1
   Sep 15 13:27:35 localhost named[2423]: zone localhost/IN: loaded serial 2
   Sep 15 13:27:35 localhost named[2423]: all zones loaded
   Sep 15 13:27:35 localhost named[2423]: running

    

5. Testen
    
   Na drie kwartier zoeken kom ik tot de constatering dat je de reverse mapping niet kunt testen met dig vanaf de nameserver NS1 zelf.
   Ik test vervolgens vanaf de client:
    
   • controlleer je netwerk settings:
     /etc/network/interfaces

     # This file describes the network interfaces available on your system
     # and how to activate them. For more information, see interfaces(5).
      
     # The loopback network interface
     auto lo
     iface lo inet loopback
      
     # The primary network interface
     auto eth0
     iface eth0 inet static
     address 172.16.255.10
     netmask 16
     gateway 172.16.0.1
     dns-nameservers 172.16.10.1 172.16.10.2

   • controlleer de normale richting
     $ dig lynx.domein01.crazy

     ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> lynx.domein01.crazy
     ;; global options: +cmd
     ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57132
     ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
      
     ;; OPT PSEUDOSECTION:
     ; EDNS: version: 0, flags:; udp: 4096
     ;; QUESTION SECTION:
     ;lynx.domein01.crazy.       IN  A
      
     ;; ANSWER SECTION:
     lynx.domein01.crazy.    259200  IN  CNAME   client.domein01.crazy.
     client.domein01.crazy.  259200  IN  A   172.16.255.10
      
     ;; AUTHORITY SECTION:
     domein01.crazy.     259200  IN  NS  ns2.domein01.crazy.
     domein01.crazy.     259200  IN  NS  ns1.domein01.crazy.
      
     ;; ADDITIONAL SECTION:
     ns1.domein01.crazy. 259200  IN  A   172.16.10.1
     ns2.domein01.crazy. 259200  IN  A   172.16.10.2
      
     ;; Query time: 8 msec
     ;; SERVER: 172.16.10.1#53(172.16.10.1)
     ;; WHEN: Thu Sep 15 13:25:20 CEST 2016
     ;; MSG SIZE  rcvd: 153

   • controlleer reverse mapping:
     $ dig -x 172.16.255.10

     ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -x 172.16.255.10
     ;; global options: +cmd
     ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57206
     ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
      
     ;; OPT PSEUDOSECTION:
     ; EDNS: version: 0, flags:; udp: 4096
     ;; QUESTION SECTION:
     ;10.255.16.172.in-addr.arpa.    IN  PTR
      
     ;; ANSWER SECTION:
     10.255.16.172.in-addr.arpa. 86400 IN    PTR lynx.domein01.crazy.
      
     ;; AUTHORITY SECTION:
     16.172.in-addr.arpa.    86400   IN  NS  ns1.domein01.crazy.
     16.172.in-addr.arpa.    86400   IN  NS  ns2.domein01.crazy.
      
     ;; ADDITIONAL SECTION:
     ns1.domein01.crazy. 259200  IN  A   172.16.10.1
     ns2.domein01.crazy. 259200  IN  A   172.16.10.2
      
     ;; Query time: 8 msec
     ;; SERVER: 172.16.10.1#53(172.16.10.1)
     ;; WHEN: Thu Sep 15 13:33:52 CEST 2016
     ;; MSG SIZE  rcvd: 156