home       inleiding       sysadmin       services       links       bash       werk       nothing      

DNS -- reverse zone

 
Theorie -- zie linux-servers dr. Paul Cobbaut H4 en H5
 
extra informatie: DNS for rocket scientists
 

  1. reverse mapping
     
    We willen ip-adressen van domein01.crazy kunnen omzetten naar hun domeinnaam.
     
    We gebruiken de servers van DNS1.
     
    We moeten een reverse-zone cre-eren:
    • de zone file zelf ....
    • een extra 'entry' in de /etc/bind/named.conf.local file
       
  2. reverse zone file
     
    /etc/bind/16.172.in-addr.arpa.zone
    $TTL    86400 ; 24 hours, could have been written as 24h or 1d
    @  1D  IN    SOA ns1.domein01.crazy.    root.domein01.crazy. (
                  2016091512 ; serial
                  3H ; refresh
                  15 ; retry
                  1w ; expire
                  3h ; minimum
                 )
    ; Name servers for the zone 
     IN  NS ns1.domein01.crazy.
     IN  NS ns2.domein01.crazy.
    ; server host definitions
    $ORIGIN 16.172.IN-ADDR.ARPA.
    1.10    IN  PTR     ns1.domein01.crazy.
    2.10    IN  PTR     ns2.domein02.crazy.         
    25.10   IN  PTR     apache.domein01.crazy.
    100.10  IN  PTR     mail.domein01.crazy.
    ; non server domain hosts
    10.255   IN  PTR        lynx.domein01.crazy.

     

  3. named.conf.local
     
    We voegen de zone definitie toe aan de file
    /etc/bind/named.conf.local
    //
    // Do any local configuration here
    //
    zone "domein01.crazy" {
        type master;
        notify no;
        file "/etc/bind/domein01.crazy.zone";
    };
     
    zone "16.172.in-addr.arpa" {
    type master;
    notify no;
    file "/etc/bind/16.172.in-addr.arpa.zone";
    allow-update { none; };
    allow-query { 172.16.0.0/16; };
    };

     

  4. service herstarten
     
    service restart:
     
    $ sudo service bind9 restart
    [sudo] password for user: xxxxxxxx
    Stopping domain name service... bind9
    waiting for pid 2105 to die [ OK ]
    Starting domain name service... bind9 [ OK ]
     
    PID controlleren:
     
    $ ps -A | grep named
    2423 ? 00:00:00 named
     
    log files controlleren:
     
    user@ns1:/etc/bind$ tail -n 30 /var/log/syslog
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 123.100.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 124.100.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 125.100.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 126.100.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 127.100.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 254.169.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: D.F.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 8.E.F.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 9.E.F.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: A.E.F.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: B.E.F.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
    Sep 15 13:27:35 localhost named[2423]: command channel listening on 127.0.0.1#953
    Sep 15 13:27:35 localhost named[2423]: command channel listening on ::1#953
    Sep 15 13:27:35 localhost named[2423]: managed-keys-zone: journal file is out of date: removing journal file
    Sep 15 13:27:35 localhost named[2423]: managed-keys-zone: loaded serial 9
    Sep 15 13:27:35 localhost named[2423]: zone 0.in-addr.arpa/IN: loaded serial 1
    Sep 15 13:27:35 localhost named[2423]: zone 127.in-addr.arpa/IN: loaded serial 1
    Sep 15 13:27:35 localhost named[2423]: zone 16.172.in-addr.arpa/IN: loaded serial 2016091512
    Sep 15 13:27:35 localhost named[2423]: zone domein01.crazy/IN: loaded serial 2016090801
    Sep 15 13:27:35 localhost named[2423]: zone 255.in-addr.arpa/IN: loaded serial 1
    Sep 15 13:27:35 localhost named[2423]: zone localhost/IN: loaded serial 2
    Sep 15 13:27:35 localhost named[2423]: all zones loaded
    Sep 15 13:27:35 localhost named[2423]: running

     

  5. Testen
     
    Na drie kwartier zoeken kom ik tot de constatering dat je de reverse mapping niet kunt testen met dig vanaf de nameserver NS1 zelf.
    Ik test vervolgens vanaf de client:
     
    • controlleer je netwerk settings:
      /etc/network/interfaces
      # This file describes the network interfaces available on your system
      # and how to activate them. For more information, see interfaces(5).
       
      # The loopback network interface
      auto lo
      iface lo inet loopback
       
      # The primary network interface
      auto eth0
      iface eth0 inet static
      address 172.16.255.10
      netmask 16
      gateway 172.16.0.1
      dns-nameservers 172.16.10.1 172.16.10.2
    • controlleer de normale richting
      $ dig lynx.domein01.crazy
      ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> lynx.domein01.crazy
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57132
      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
       
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;lynx.domein01.crazy.       IN  A
       
      ;; ANSWER SECTION:
      lynx.domein01.crazy.    259200  IN  CNAME   client.domein01.crazy.
      client.domein01.crazy.  259200  IN  A   172.16.255.10
       
      ;; AUTHORITY SECTION:
      domein01.crazy.     259200  IN  NS  ns2.domein01.crazy.
      domein01.crazy.     259200  IN  NS  ns1.domein01.crazy.
       
      ;; ADDITIONAL SECTION:
      ns1.domein01.crazy. 259200  IN  A   172.16.10.1
      ns2.domein01.crazy. 259200  IN  A   172.16.10.2
       
      ;; Query time: 8 msec
      ;; SERVER: 172.16.10.1#53(172.16.10.1)
      ;; WHEN: Thu Sep 15 13:25:20 CEST 2016
      ;; MSG SIZE  rcvd: 153
    • controlleer reverse mapping:
      $ dig -x 172.16.255.10
      ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -x 172.16.255.10
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57206
      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
       
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;10.255.16.172.in-addr.arpa.    IN  PTR
       
      ;; ANSWER SECTION:
      10.255.16.172.in-addr.arpa. 86400 IN    PTR lynx.domein01.crazy.
       
      ;; AUTHORITY SECTION:
      16.172.in-addr.arpa.    86400   IN  NS  ns1.domein01.crazy.
      16.172.in-addr.arpa.    86400   IN  NS  ns2.domein01.crazy.
       
      ;; ADDITIONAL SECTION:
      ns1.domein01.crazy. 259200  IN  A   172.16.10.1
      ns2.domein01.crazy. 259200  IN  A   172.16.10.2
       
      ;; Query time: 8 msec
      ;; SERVER: 172.16.10.1#53(172.16.10.1)
      ;; WHEN: Thu Sep 15 13:33:52 CEST 2016
      ;; MSG SIZE  rcvd: 156