| Server IP : 134.29.175.74 / Your IP : 216.73.216.160 Web Server : nginx/1.10.2 System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586 User : Administrator ( 0) PHP Version : 7.1.0 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/nginx/html/MichaelMalz/CST2608/Labs/Lab04/ |
Upload File : |
<?
// JimMartinson/CST2608/Labs/Lab04/Lab04.phpinc
$js .= ',/MichaelMalz/CST2608/Labs/Lab03/Lab03.js';
require('Gradebook/EvaluationSubmission_BEGIN.phpinc'); // Replaced.
require('JimMartinson/CST2608/Labs/StudentServerNameNAT.phpinc');
$disabled = '';
#$disabled = ' disabled';
?>
<fieldset><legend>Description</legend>
The purpose of this lab is to setup a DNS server on a Linux server platform.
<br>
<span class="note normal">DO NOT PERFORM THIS LAB UNTIL ALL PREVIOUS LABS HAVE BEEN PERFORMED!</span>
<br>
<span class="note">In the ip addresses below:<br>
Replace <?=$octet1?> with the 1st octet in your network.<br>
Replace <?=$octet2?> with the 2nd octet in your network.<br>
Replace <?=$octet3?> with the 3rd octet in your network.<br>
Replace <?=$octet4?> with the 4th octet of your server's IP address.<br>
<b>This will happen automatically if your enter your server's ip address in step 1.3 below.</b>
</span>
<?=$gradeNote?>
<? if ( $disabled ) { ?><span class="error bold">Notice: Do not perform this assignment unless this notice has been removed.</span><? } ?>
</fieldset>
<!--<fieldset><legend>Example:</legend>
View a recording of me performing Lab 4: <a href="CST1608_Lab04_DNS_Server.wrf">CST1608_Lab04_DNS_Server.wrf</a>
</fieldset>-->
<fieldset><legend>Lab Instruction</legend>
Create a folder for this <?=strtolower($evaluationType)?> named <b><?=$evaluationName?></b> and keep all documents used for <?=$evaluationType?> <?=$evaluationNumber?> in that folder.
<ol id="main" class="count">
<!-- 1 -->
<li>Get your server's ip address.
<ol>
<li>Open a terminal window.</li>
<li>Enter the command <kbd class="copyText">ip a</kbd>.</li>
<li>Copy down the ip address (inet addr) and enter it here: <input type="text" name="ipaddress" id="inp_ipaddress" onInput="CheckAddresses(this);" maxlength="15" style="width:8em;">
<div id="div_addressesText">
<span class="warning">The ip address has not been entered.</span>
</div>
</li>
</ol>
</li>
<!-- 2 -->
<li>Install and configure the DNS server.
<ol type="a">
<!-- 2.1 -->
<li>Install the DNS server and utilities.<br>
<kbd class="copyText">sudo apt install bind9 dnsutils</kbd>
</li>
<!-- 2.2 -->
<li>Configure the DNS forwarders settings.
<ol>
<li>Open <tt class="copyText">/etc/bind/named.conf.options</tt> in an editor. <span class="note">This file lists DNS servers to forward a request to when your server is not the master.</span></li>
<li>Uncomment the forwarders lines and change the ip address to the Google DNS server <b class="copyText">8.8.8.8</b>.</li>
<li>Save the changes.</li>
</ol>
<? showBegin('See example named.conf.options file'); ?><br>
<pre class="code">options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
<span class="codechange">
forwarders {
<?=$octet1?>.<?=$octet2?>.<?=$octet3?>.1;
};</span>
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};</pre>Notes: <span class="codechange">Changes are this color</span>. <note>The <code>//</code> comment characters were removed and the ip address of my default gateway was entered.</note><br><? showEnd(); ?>
</li>
<!-- 2.3 -->
<li>Configure the DNS zone file settings.
<br>Open <tt class="copyText">/etc/bind/named.conf.local</tt> in an editor. <span class="note">This file contains the settings for any zone and reverse lookup files.</span>
<br><? showBegin('See example named.conf.local file'); ?><br>
<pre class="code">//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
<span class="codechange">
zone "<?=$domain?>" {
type master;
file "/etc/bind/db.<?=$domain?>";
};
zone "<?=$octet3?>.<?=$octet2?>.<?=$octet1?>.in-addr.arpa" {
type master;
file "/etc/bind/rev.<?=$domain?>";
};</span></pre><!-- rev.<?=$octet3?>.<?=$octet2?>.<?=$octet1?>.in-addr.arpa" -->
Note: <span class="codechange">Changes are this color</span>.<br>
<? showEnd(); ?>
</li>
<!-- 2.4 -->
<li>Create the zone file. <span class="note">This file contains the <b>SOA</b>, <b>NS</b>, <b>A</b>, <b>MX</b>, and <b>CNAME</b> records.</span>
<ol>
<li>Open <tt class="copyText">/etc/bind/db.<?=$domain?></tt> in an editor.</li>
<li>Begin the file with:
<pre class="copyText codechange">$TTL 604800
@ IN SOA <?=$Uservername?>.<?=$domain?>. <?=$Uusername?>.<?=$domain?>. (
1 ; Serial (Increment this number each time you re-config your zone)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers NS (name server) records
IN NS <?=$Uservername?>.<?=$domain?>.
; name servers A (ip4 address) records
; A (ip4 address) records
; MX (Mail) records
; CNAME (Alias) records
</pre>
</li>
<li>Add an <b>A</b> record for your name server to its ip address.</li>
<li>Add an <b>A</b> record for your domain to your server's ip address.</li>
<li>Add an <b>A</b> record for <b>cst</b> to cst.ridgewater.edu's ip address. <span class="note">ping cst.ridgewater.edu to get the ip address.</span></li>
<li>Add an <b>MX</b> record for your domain to your server's FQDN (<?=$Uservername?>.<?=$domain?>).</li>
<li>Add an <b>CNAME</b> record for <b>home</b> to your server's FQDN.</li>
</ol>
<? showBegin('See example zone file'); ?><br>
<pre class="copyText code">$TTL 604800
@ IN SOA <?=$Uservername?>.<?=$domain?>. <?=$Uusername?>.<?=$domain?>. (
1 ; Serial (Increment this number each time you re-config your zone)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers NS (name server) records
IN NS <?=$Uservername?>.<?=$domain?>.
; name servers A (ip4 address) records
<?=$Uservername?>.<?=$domain?>. IN A <?=$octet1?>.<?=$octet2?>.<?=$octet3?>.<?=$octet4?>
; A (ip4 address) records
<?=$domain?>. IN A <?=$octet1?>.<?=$octet2?>.<?=$octet3?>.<?=$octet4?>
cst IN A 134.29.175.74
; MX (Mail) records
<?=$domain?>. IN MX 10 <?=$Uservername?>.<?=$domain?>.
; CNAME (Alias) records
home IN CNAME <?=$Uservername?>
</pre>
<? showEnd(); ?>
</li>
<!-- 3.5 -->
<li>Create the reverse DNS zone file.
<br>Open <tt class="copyText">/etc/bind/rev.<?=$domain?></tt> in an editor.
<br>This file contains the reverse lookup information for your server.
<br><? showBegin('See example reverse DNS zone file'); ?><br>
<pre class="copyText code">@ IN SOA <?=$Uservername?>.<?=$domain?>. <?=$Uusername?>.<?=$domain?>. (
1 ; Serial (Increment this number each time you re-config your reverse zone)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers NS (name server) records
IN NS <?=$Uservername?>.<?=$domain?>.
; PTR (reverse lookup) records
<?=$octet4?> IN PTR <?=$Uservername?>.<?=$domain?>.</pre><? showEnd(); ?>
</li>
</ol>
</li>
<!-- 3 -->
<li>Setup the server name and domain and to use itself as the DNS server.
<br>This is now done with netplan. See the recording.
<br>I also had to fix /etc/resolv.conf. This file is read by dns requests to determine your DNS server. I did this with the following commands:
<br><kbd class="copyText">sudo rm /etc/resolv.conf</kbd> <span class="note">Remove the current link to /run/systemd/resolve/stub.resolv.conf</span>
<br><kbd class="copyText">sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf</kbd> <span class="note">Create the correct link to /run/systemd/resolve/resolv.conf</span>
</li>
<!-- 4 -->
<li>Restart the server with the commad:<kbd class="copyText">sudo reboot</kbd>.</li>
<!-- 5 -->
<li>Verify the DNS server is working. <span class="note">This step is done on your Ubuntu server.</span>
<ol>
<li>Open a terminal window on your server.</li>
<li>Perform a lookup with the command: <kbd class="copyText">dig <?=$Uservername?>.<?=$domain?></kbd>.</li>
<? $screenshot1 = $courseNumber.'-'.$evaluationName.'-diglookup-'.$userFileName.'.png'; ?>
<li><b class="info">Take a screenshot</b> of the termainal window and save it as <b class="copyText" style="white-space:nowrap;"><?=$screenshot1?></b>.
<? showBegin('See example lookup'); ?><br><img src="images/diglookup.png" width="814" height="607" alt=""/><br><? showEnd(); ?>
</li>
<li>Perform a <b>reverse</b> lookup with the command: <kbd class="copyText">dig -x <?=$octet1?>.<?=$octet2?>.<?=$octet3?>.<?=$octet4?></kbd>.</li>
<? $screenshot2 = $courseNumber.'-'.$evaluationName.'-digreverse-'.$userFileName.'.png'; ?>
<li><b class="info">Take a screenshot</b> of the termainal window and save it as <b class="copyText" style="white-space:nowrap;"><?=$screenshot2?></b>.
<? showBegin('See example reverse lookup'); ?><br><img src="images/digreverse.png" width="814" height="607" alt=""/><br><? showEnd(); ?>
</li>
</ol>
</li>
<!-- 6 -->
<li>Configure Webmin to manage your <b>BIND DNS server</b>.
<ol>
<li>Open a browser and open Webmin by going to <b class="copyText">https://<?=$Uservername?>.<?=$domain?>:10000</b>.</li>
<li>Go to <b>Servers</b>/<b>BIND DNS Server</b> <span class="note">You may have to click the <img src="images/RefreshModules.png" width="119" height="18" alt="Refresh Modules"> link in the lower left for it to show up.</span></li>
<li>Configure <b>Bind DNS Server</b> and change <b>Is named.conf under chroot directory?</b> to <b>No</b>.</li>
<li>Save the change and restart the BIND DNS Server.</li>
</ol>
</li>
<!-- 7 -->
<li>Turn in your assignment:
<ol type="a">
<li>Copy the <b class="copyText">/etc/bind/named.conf.local</b> file to your <b><?=$evaluationName?></b> folder.</li>
<li>Copy the <b class="copyText">/etc/bind/named.conf.options</b> file to your <b><?=$evaluationName?></b> folder.</li>
<li>Copy the <b class="copyText">/etc/bind/db.<?=$domain?></b> file to your <b><?=$evaluationName?></b> folder.</li>
<li>Copy the <b class="copyText">/etc/bind/rev.<?=$domain?></b> file to your <b><?=$evaluationName?></b> folder.</li>
<li>Copy the <b class="copyText">/run/systemd/resolve/resolv.conf</b> to your <b> file<?=$evaluationName?></b> folder.
<!--<br><span class="note">In order to copy this file you need to <b>sudo</b> the cp command. This copies the file as the root user.
<br>Since the file is owned by root you cannot do anything with it without using sudo.
<br>You need to change ownership to your user with the command <kbd class="copyText">sudo chown <?=$Uusername?>:<?=$Uusername?> resolv.conf</kbd>
<br>You can use the <kbd class="copyText">ls -l</kbd> command to see who owns files.
</span>-->
</li>
<li>Ensure the following files are in your <b><?=$evaluationName?></b> folder:<?
$fileList = array(
$screenshot1,
$screenshot2,
'named.conf.local',
'named.conf.options',
'db.'.$domain,
'rev.'.$domain,
'resolv.conf',
);
natcasesort($fileList);
foreach ($fileList as $fileName) {
?>
<br> <?=$fileName?>
<?
}
?>
</li>
<li>Zip up your <b><?=$evaluationName?></b> folder into a file named <b><?=$uploadFilename?></b>.</li>
<li>Then attach this file to the assignment in D2L for grading.</li>
</ol>
</li>
</ol><? if ( $disabled ) { ?><span class="error bold">Notice: Do not perform this assignment unless this notice has been removed.</span><? } ?>
</fieldset>
<?
require('Gradebook/EvaluationSubmission_END.phpinc'); // Replaced.
if ($TRACK != '') $_SESSION['TRACK'] .= "<li>End ".basename(__FILE__)."</ol>\n";
?>