Domain Name System
Domain Name System, or DNS, is one of the Internet’s fundamental building blocks. It is the global, hierarchical, and distributed host information database that’s responsible for translating names into addresses and vice versa, routing many services to its proper destination.
Understand how work a DNS server, take a small example. Please type in a Web browser address fixed IP 1 :
http://193.252.173.102
We arrive on a Web site, it is on, but which one?
The Domain Names c-extra.com www.c-extra.com are hosted per this IP address.
We arrive on the first line of Hostname or Machine Name of the hosts File of this Server.
In this specific example the resolution DSN is not done, because the IP 1 address stays in the browser web page.
However the computer server of DNS and HTTP serves all these Domain Names and these Web sites on same locally IP address.
#
192.168.1.1 c-extra.com www.c-extra.com ftp.c-extra.com mail.c-extra.com
192.168.1.1 c-extra.fr www.c-extra.fr ftp.c-extra.fr mail.c-extra.fr
192.168.1.1 c-extra.net www.c-extra.net ftp.c-extra.net mail.c-extra.net
192.168.1.1 c-expresso.com www.c-expresso.com ftp.c-expresso.com mail.c-expresso.com
192.168.1.1 c-expresso.fr www.c-expresso.fr ftp.c-expresso.fr mail.c-expresso.fr
192.168.1.1 cextra.com www.cextra.com ftp.cextra.com mail.cextra.com
192.168.1.1 impress.fr www.impress.fr ftp.impress.fr mail.impress.fr Redirection DNS manquante
192.168.1.1 infologism.com www.infologism.com ftp.infologism.com mail.infologism.com
192.168.1.1 infologism.net www.infologism.net ftp.infologism.net mail.infologism.net Redirection DNS manquante
192.168.1.1 infologisme.com www.infologisme.com ftp.infologisme.com mail.infologisme.com
192.168.1.1 infologisme.net www.infologisme.net ftp.infologisme.net mail.infologisme.net
192.168.1.1 rollsplayer.com www.rollsplayer.com ftp.rollsplayer.com mail.rollsplayer.com
192.168.1.1 rollsplayer.fr www.rollsplayer.fr ftp.rollsplayer.fr mail.rollsplayer.fr
192.168.1.1 rollsplayer.net www.rollsplayer.net ftp.rollsplayer.net mail.rollsplayer.net
Quite simply the first of the list of the names of host, since in request HTTP there is no Domain Name includes with fixed IP 1 address.
We can see if the Apache Server does not use the package Apache ModSecurity by typing the fixed IP 1 address: http://193.252.173.102 in a Web browser.
After having gone on this Web site, the navigator must discover IP address of DNS Server Web site: www.c-extra.com
Therefore it makes a query to the local DNS resolver, which in turn queries the local DNS server. The DNS server does some more work - quickly finds out the matching IP address - and returns this answer back to the resolver.
In DNS jargon, this lookup is called a query for the "A record". This record describes the relation between a hostname and the corresponding IP 1 address in DNS.
Your web browser is now able to contact the host www.c-extra.com using its IP 1 address. Further information retrieval takes place using the HTTP protocol.
Of course, the complete DNS resolving process is slightly more complicated. But finding the corresponding IP address for a hostname -or vice versa- is one of the basic tasks of DNS. The DNS protocol however has a lot more features and applications. For a complete understanding of the workings of the Domain Name System, you’re encouraged to visit the DNS links section on this website.
The original DNS protocol is described in RFC 1034 and RFC 1035.
* RFC 1034 - Introduces domain style names, their use for Internet mail and host address support, and the protocols and servers used to implement domain name facilities.
* RFC 1035 - Describes the details of the domain system and protocol, and assumes that the reader is familiar with the concepts discussed in a companion RFC 1034.
Note: 1 Public IP Address
BIND
BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:
* Domain Name System server
* Domain Name System resolver library
* Tools for managing and verifying the proper operation of the DNS server
The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization’s naming architecture can be built.
The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.
BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND architecture. Some of the important features of BIND 9 are DNS Security (DNSSEC, TSIG), IPv6, DNS Protocol Enhancements (IXFR, DDNS, DNS Notify, EDNS0), Views, Multiprocessor Support, and an Improved Portability Architecture.
Today, BIND version 4 is officially deprecated and BIND version 8 development is considered maintenance-only in favor of BIND version 9. No additional development will be done on BIND version 4 or BIND version 8 other than for security related patches. ISC encourages all BIND users to upgrade to version 9 at their earliest convenience.
In the BIND Nameserver links section you’ll find a lot of BIND howtos, notes and links related to configuring the BIND nameserver. And there’s an online version of the BIND Manual where you can learn how to configure your BIND nameserver.
BIND Installion and implementation
Then there, Warning! if one scrupulously does not respect the order of the operations to BIND install, as much to piss in a violin, that will make the same effect.
Initially to parameter the NAT and Firewall of the router.
Example:
Router IP Address 192.168.1.254 /24
Server computer, DNS and HTTP server 192.168.1.1/24
The NAT and Firewall of the router xDSL, to open only ports 21, 25, 53, 80 and 443 if need be. (To serve a Web site HTTPS)
For a router ZyXel P653HWI-11
NAT - Edit SUA/NAT Server Set
|
Start Port No. |
End Port No. |
IP Address |
| 1 |
All ports |
All ports |
0.0.0.0 |
| 2 |
53 |
53 |
192.168.1.1 |
| 3 |
80 |
80 |
192.168.1.1 |
| 4 |
20 |
21 |
192.168.1.1 |
| 5 |
443 |
443 |
192.168.1.1 |
Port forwarding continues on 12 lines
Adjust IPTables as indicated on this article: Webmin - Configure IPTables Firewall - Fedora FC8 - Fedora FC9 - FC10 - Fedora FC12
Lan Security Concept:
Network HTTP behind a router xDSL and a physical router firewall plus the IPTables firewall Unix. (2 NAT physics, 3 firewalls)
eth0 : 172.16.1.1/24 Gateway: 172.16.1.254/24
Paranoia haunts me, that becomes complicated to write a Datagram, too unknown factor...
Network to reach to the routers xDSL with alias of interface network eth1:0 Ethernet (Virtual interface). (1 NAT physics, 2 firewalls)
eth1 : 192.168.1.1/24 Gateway: 192.168.1.254/24
eth1:0 : 192.168.4.1/24 Gateway: none
Network to reach the machines using of phpMyAdmin, Webmin or Samba SMB protocol.
eth2 : 192.168.16.1/24 Gateway: 192.168.16.254/24
See also the configuration of Samba - A small dance not very Brazil
Each Network has its own Switch.
List ports open on a HTTP Server.
| Port |
Etat |
Service |
| 21 |
open |
FTP |
| 22 |
open |
SSH |
| 53 |
open |
Domain |
| 80 |
open |
HTTP |
| 111 |
open |
SunRpc |
| 443 |
open |
HTTPS |
| 664 |
open |
Asf-Secure-Rmcp |
| 3306 |
open |
MySQL |
Apply the Name of Host or hostname as it is indicated to the article: DNS Resolution Hostname and hosts File - Apache name based hosting
The question which one can put, why make this preparation?
An extremely simple answer, it is already necessary to transform the machine into Name server before wanting to serve the DNS. Because the installation of Linux with Fedora Core 6 is reasoned like one "Workstation" and not like a Name server.
Considerations when installing BIND Server, accord version different, it will occur several things of which, import of authentication key and setup to create of RNDC configuration file /etc/rndc.conf. will wait to contact the Master DNS Server for download the BIND root Zone.
Operating system:
Fedora 12 FC12 and earlier Versions or another Linux distribution.
FreeBSD BIND Domain Name System - FreeBSD or another Unix.
Necessary softwares and servers:
Components or Packages: BIND
See the article on the installation of Webmin - System and server administration
Master zone
Webmin makes it possible to visualize all that
With Webmin in section Servers then BIND DNS Server and this section Create master zone, Accept the proposed option, then click on button click; Apply changes.
Create master zone
Fill the three fields as below without touching with the remainder of the form.
That gives this result:
$ttl 38400
site-name.com. IN SOA product.site-name.com. root.site-name.com (
1234476834
10800
3600
604800
38400 )
site-name.com. IN NS product.site-name.com.
Do not touch the TTL, and the numbers, the syntax should be as below:
Edit Master zone with Webmin or with Emacs /var/named/chroot/var/named/site-name.com.hosts
$ttl 38400
site-name.com. IN SOA product.site-name.com. root.site-name.com (
1234476834
10800
3600
604800
38400 )
@ IN NS product.site-name.com.
site-name.com. IN A 192.168.1.1
www.site-name.com. IN A 192.168.1.1
ftp.site-name.com. IN A 192.168.1.1
mail.site-name.com. IN A 192.168.1.1
Here is BIND Server parameters, it is the end of the moment of pleasure...
Like one of my friends say, normally that will occur well!
DNS Redirect
DNS Redirect for example at GANDI
@ 3600 IN A 000.000.000.000
ftp 3600 IN A 000.000.000.000
www 3600 IN A 000.000.000.000
|
