RK - 2021/22 - LDN9 Sistem DNS v GNS3 - resitev Starc Aljaz

• Adapted from: rkvaje.lrk.si

Setup

Za laufanje BIND strezika bomo uporabljali Alpine ter matjazp/ubuntu-bind Docker image-a, ki jih v GNS3 uvozis z slednjim postopkom:

1. zazeni GNS3
2. toolbar -> Edit -> Preferences (slika 1)
3. Na levi v sidebar-u izberi meni "Docker containers" (slika 2)
4. Alpine
   1. Ce se nimas "Alpine" containerja ga dodaj
   2. Izberi "New image" ter vpisi v input alpine:latest (slika 3)
   3. Vse ostale nastavitve pusti na privzetih vrednostih in dodaj template (slika 4)
5. Ubuntu-bind
   1. Izberi "new" za dodajanje novega template-a
   2. Izberi opcijo "New image: ter vpisi ghcr.io/matjazp/ubuntu-bind:latest
   3. vse ostale opcije pusti privzete in dodaj template (slika 5)

Slika 1

Slika 1

Slika 2

Slika 2

Slika 3

Slika 3

Slika 4

Slika 4

Slika 5

Slika 5

Networking scheme

Ime naprave	Tip naprave
SW1	Ethernet switch (builtin)
CLIENT1	Alpine (docker)
DNS1	matjazp/ubuntu-bind (docker)
DNS2	matjazp/ubuntu-bind (docker)

Networking config

Vsaki napravi v omrezju nastavimo lokalni IPv4 naslov, da bodo lahko med seboj komunicirale.

na DNS1

ip addr add 192.168.1.1/24 broadcast + dev eth0

na DNS2

ip addr add 192.168.1.2/24 broadcast + dev eth0

na CLIENT1

ip addr add 192.168.1.3/24 broadcast + dev eth0

DNS1 - zone

Own domain

Dodamo zone db file import na konec datoteke named.conf.local.

na DNS1

cat << EOF >> /etc/bind/named.conf.local

zone "starc.rk" {
    type master;
    file "/etc/bind/db.rk.starc";
};
EOF

Definiramo zone db config (DNS record-e)

na DNS1

cat << EOF > /etc/bind/db.rk.starc
; starc.rk
\$TTL    604800
starc.rk.       IN      SOA     ns1.starc.rk.   hostmaster.starc.rk.    (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

starc.rk.       IN      NS      ns1.starc.rk.
ns1             IN      A       192.168.1.1
ns2             IN      A       192.168.1.2
www             IN      CNAME   ns1
EOF

Verificiramo novo kreiran zone db - na DNS1

named-checkzone starc.rk /etc/bind/db.rk.starc

Pricakovan output

zone starc.rk/IN: loaded serial 1
OK

restartamo named service - na DNS1

service named restart

Pricakovan output

* Stopping domain name service... named
waiting for pid 248 to die
                                                [ OK ]
* Starting domain name service... named         [ OK ]

izvedemo DNS zahtevo za naso domeno - na DNS1

dig ns1.starc.rk @localhost

Pricakovan output

; <<>> DiG 9.16.15-Ubuntu <<>> ns1.starc.rk @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61062
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: bd4731d203abd769010000006281894b1a3dca4204c62136 (good)
;; QUESTION SECTION:
;ns1.starc.rk.                  IN      A

;; ANSWER SECTION:
ns1.starc.rk.           604800  IN      A       192.168.1.1

;; Query time: 3 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sun May 15 23:14:19 UTC 2022
;; MSG SIZE  rcvd: 85

Za nas je pomembno, da dobimo veljaven odgovor, ki nam pove, da ns1.starc.rk je ekvivalenten ipv4 192.168.1.1.

;; ANSWER SECTION:
ns1.starc.rk.           604800  IN      A       192.168.1.1

Reverse DNS

Reverse-dns bomo nastavili za cono 1.168.192.in-addr.arpa

na DNS1

cat << EOF > /etc/bind/db.1.168.192.in-addr.arpa
; 1.168.192.in-addr.arpa
\$TTL    604800
1.168.192.in-addr.arpa. IN      SOA     ns1.starc.rk.   hostmaster.starc.rk.	(
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

1.168.192.in-addr.arpa. IN      NS      ns1.starc.rk.
1                       IN      PTR     ns1.starc.rk.
2                       IN      PTR     ns2.starc.rk.
EOF

Append-amo zone db file import v named.conf.local file

na DNS1

cat << EOF >> /etc/bind/named.conf.local

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.1.168.192.in-addr.arpa";
};
EOF

na DNS1

named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192.in-addr.arpa
service named restart
dig 1.1.168.192.in-addr.arpa @localhost PTR

Client1 use local DNS

na CLIENT1

echo "nameserver 192.168.1.1" > /etc/resolv.conf
nslookup ns1.starc.rk

Secondary DNS server

Nastavimo permission-e za /etc/bind folder, da bo lahko uporabnik, ki ga bind server uporablja (da lahko pozneje v koraku Reverse DNS prenese in zapise datoteko, ko jo prenese iz DNS1).

na DNS2

chmod 775 /etc/bind

Own domain

Vstavimo konfiguracijo za slave-server

na DNS2

cat << EOF >> /etc/bind/named.conf.local

zone "starc.rk" {
    type slave;  
    file "/etc/bind/db.rk.starc-slave";
    masterfile-format text;
    masters {
        192.168.1.1;
    };
};
EOF

Zajem prometa

Pred naslednjim korakom zaženemo zajem prometa na povezavi SW <> DNS2 in spremljamo dogajanje.

Zajem prometa shranimo v datoteko dns-transfer.pcapng

Startamo zajem prometa, restartamo named service na DNS2 ter oddamo zahtevo za refresh za cono starc.rk na DNS2.

na DNS2

service named restart
rndc refresh starc.rk

Pocakamo da se prenos konca in zajem prometa shranimo v export-file imenovan dns-transfer.pcapng.

Reverse DNS

Na DNS2 samo definiramo slave-config, saj bo zapis cone (tak kot smo ga zapisali na DNS1) v poznejsem koraku samodejno prenesen iz DNS1 na DNS2.

na DNS2

cat << EOF >> /etc/bind/named.conf.local

zone "1.168.192.in-addr.arpa" {
    type slave;  
    file "/etc/bind/db.1.168.192.in-addr.arpa-slave";
    masterfile-format text;
    masters {
        192.168.1.1;
    };
};
EOF

Povecamo update index - na DNS1

rndc reload

restartamo named service - na DNS2

service named restart
rndc refresh 1.168.192.in-addr.arpa

Sedaj pocakaj par sekund, saj ukaz rndc refresh doda zahtevo za prenos z queue in zato Ko je prenos izveden, v terminalu prikazemo vsebino datoteke /etc/bind/db.1.168.192.in-addr.arpa-slave ter zajamemo screenshot terminala v datoteko imenovano db.1.168.192.in-addr.arpa-slave.png

oddamo zahtevo za refresh za cono `starc.rk` - na DNS2

cat /etc/bind/db.1.168.192.in-addr.arpa-slave

Pricakovan izpis je enak vsebini datoteke v prvem koraku v Reverse DNS sekciji.

Wrapping up

Koncno smo koncali nalogo. Datoteki dns-transfer.pcapng ter db.1.168.192.in-addr.arpa-slave.png za-zipp-aj v datoteko VPISNA_STEVILKA.zip (kjer je VPISNA_STEVILKA tvoja lastna vpisna stevilka).

zip VPISNA.zip db.1.168.192.in-addr.arpa-slave.png dns-transfer.pcapng

Zip file oddaj na eucilnico.

---

Zadnja posodobitev: May 17, 2022