DNS Exercise 2

Setting up a domain

In this exercise, you will create a new domain:

ispX.pacnog.bluesky.as.

where X matches the number of your PC

You will create master nameservice on your own machine, and you'll need to work with a neighbour to get them to provide secondary service for you. You'll return the favour for them.

Then you will ask the administrator for the domain above you (pacnog.bluesky.as.) to delegate your domain to you.

Creating a zone file

1. Change directory to /etc/bind and make a new directory called zones

$ cd /etc/bind
$ sudo mkdir zones
$ sudo chgrp bind zones

2. Now we'll edit the zone file:

$ vi /etc/bind/zones/ispX.pacnog.bluesky.as

Don't forget to replace X with your number - use this template.

$TTL 10m
@       IN      SOA     pcX.pacnog.bluesky.as. pacnog.pcX.pacnog.bluesky.as. 
                           2006062100    ; Serial
                           10m           ; Refresh
			   10m           ; Retry
                           4w            ; Expire
                           10m )         ; Negative
 	IN      NS      pcX.pacnog.bluesky.as.   ; master
	IN      NS      pcY.pacnog.bluesky.as.   ; slave

www     IN      A       67.218.55.X             ; your own IP

We have chosen purposely low values for TTL, refresh, and retry to make
it easier to fix problems in the classroom. For a production domain you
would use higher values, e.g. `$TTL 1d`

3. Edit /etc/bind/named.conf.local to configure your machine as master for
your domain (see slides for information how to do this)

4. Check that your config file and zone file are valid, and then reload the
nameserver daemon:

$ sudo named-checkconf
$ sudo named-checkzone ispX.pacnog.bluesky.as /etc/bind/zones/ispX.pacnog.bluesky.as

If there are any errors, correct them.

$ sudo rndc reload
$ sudo tail /var/log/messages

If there are any errors, correct them. Some configuration errors can cause the daemon to die completely, in which case you may have to start it again.

5. Assist your secondaries to configure themselves as secondary for your domain, and configure yourself as a secondary if asked to do so by another table.

Again, the instructions for how to do this are on the slides. If you have changed your `named.conf.local` so that you are a secondary for someone else, make sure there are no errors in `/var/log/messages` after you do `rndc reload`.

6. Check that you and your secondaries are giving authoritative answers for your domain:

$ dig +norec @67.218.55.X ispX.pacnog.bluesky.as. soa
$ dig +norec @67.218.55.Y ispX.pacnog.bluesky.as. soa

Check that you get an AA (authoritative answer) from both, and that the serial numbers match.

7. Now you are ready to request delegation. Bring the following information to the classroom instructor:

Domain name: isp___.pacnog.bluesky.as

Master nameserver: pc____.pacnog.bluesky.as

secondary nameserver: pc____.pacnog.bluesky.as

secondary nameserver: pc____.pacnog.bluesky.as (optional)

secondary nameserver: pc____.pacnog.bluesky.as (optional)

You will not get delegation until the instructor has checked:

Your nameservers are all authoritative for your domain
They all have the same SOA serial number
The NS records within the zone match the list of servers you are requesting delegation for

Once you have delegation, try to resolve www.ispX.pacnog.bluesky.as:

On your own machine
On someone else's machine (who is not secondary for you)
On a machine elsewhere on the Internet, if you have access to one
Try to resolve www.ispX.pacnog.bluesky.as from root to your NS

Use $ dig www.ispX.pacnog.bluesky.as. A +trace

8. Add a new resource record to your zone file. Remember to update the serial number. Check that your secondaries have updated. Try resolving this new name from elsewhere.