Post on 18-Jul-2015
NETWORK ADMINISTRATION DNS Server(Windows & Linux)
2013-2014
PASSERELLES NUMERIQEUS CAMBODIA
Street 371 Phum Tropeang Chhuk (Borey Sorla), Sangkat Tek Thia Khan Sek Sok P.O. Box 511 Phnom Penh, Cambodia
Table of Content
1. Configure Domain Name ................................................................................................................................2
2. Install Bind package ..........................................................................................................................................4
3. Create: Forward Lookup zone file & Reverse Lookup zone file in the
master DNS zone. .........................................................................................................................................................4
4. Create Resource Record with: ....................................................................................................................5
5. Create Zone transfer .............................................................................................................................................. 10
5. Encryption transfer protocol...................................................................................................................... 17
I. On Windows: ................................................................................................................................................... 20
1. Install DNS + AD service ............................................................................................................................ 22
2. Configure DNS zone: .............................................................................................................................................. 30
- Configure Forward ............................................................................................................................................ 30
-Revers lookup zone ........................................................................................................................................... 31
3. Create Resource Record: ..................................................................................................................................... 38
A(Resolve from host to host) ........................................................................................................... 38
PTR(pointer) ................................................................................................................................................... 40
CNAME(alias) .................................................................................................................................................. 42
MX(Mail Exchanger) .................................................................................................................................. 45
4. Create multiple domains name ........................................................................................................................ 48
-Forward New zone ................................................................................................................................................... 48
-Reverse New Zone .................................................................................................................................................. 52
5. Configure DNS zone transfer............................................................................................................................. 57
- Configure on Primary DNS server ................................................................................................................ 57
- Allow only sna2015.lan ....................................................................................................................................... 59
- Configure on Secondary DNS server (Transfer only sna2015.lan) .......................................... 60
-Enable master transfer zone ............................................................................................................................. 66
6. Active Directory-integrated DNS zone: ....................................................................................................... 68
- Configure AD-integrated Replication .......................................................................................................... 68
- Set Dynamic update as Security only ........................................................................................................ 79
Suse Linux:
1. Configure Domain Name
-Go to by type yast lan =>Hostname/DNS =>input the Domain name and
Server name => OK
-Configure by input the domain name: tola091.lan
-Show IP Address and restart network services config(rcnetwork restart,
ifconfig)
-Show hostname
2. Install Bind package
-Types the yast –I => install the packet bind (bind) =>type bind in the
Search Phrase and Accept to install. Or (zipper install –y bind)
OR
3. Create: Forward Lookup zone file & Reverse Lookup zone file
in the master DNS zone.
- After we finished install the dns services, we need to back up the file
named.conf that store in the locate /etc to other or some locations.( cp
/etc/named.conf /etc/named.conf.bk)
- Forward zone is a zone that map name of host to IP address.
- Reverse zone is a zone that map IP address to name of host.
- Create these zone we need to: vim /etc/name.conf for configure the file
named.conf.
-Configure the zone by creaete forward zone: tola091.lan.zone and reverse zone:
192.168.1.zone and disable for file include as the picture below:
-Save them after configure by use :x1 or ZZ
4. Create Resource Record with:
-Backup the forward zone and reverse zone of loca to master
-Create resource record and confure for forward zone and reverse zone
as A, PTR,MX,CNAME
-Type this command vim tola091.lan.zone to configure forward zone
- A = Resolves a host to an IP address
- PTR = Resolves an IP to a host name (1.168.192.in-addr.arpa)
- CNAME = Resolves from hostname to hostname
- MX = The mail Server
-Type this command vim 192.168.1.zone to configure reverse zone
-Use command rcnamed restart to restart service named
- Use command vim /etc/resolv.conf to add more line of DNS
-NSLookup Tools
Nslookup is a command-line utility used to diagnose DNS infrastructure
-DIG command
+ Let client test
5. Create Zone transfer
- Configure on Master DNS server
Additional command for enable master transfer zone to slave
allow-update { none; };
allow-query { any; };
allow-transfer { 192.168.1.2; };
- Configure on Slave DNS server
-Check IP and Hostname
-Test Connection
-Configure Domain Name for DNS Slave
-Use command zipper install –y bind
-Use command cp /etc/named.conf /etc/named.conf.bk for backup
-Zone Transfer, Use command vim /etc/named.conf to configure to get
the zone transfer from master dns.
-All the zone will transfer from master zone
-Restart rcnamed restart
- The zone will change directory to /var/lib/named/slave so we will
see the zone that transfer from master zone.
-Show the Reverse Zone Configuration of DNS slave that transfer from
master DNS
-Show the Forward zone Configuration of DNS slave that transfer from
master DNS
-additional line
-Use NSLookup Tool
-Use DIG Tool
5. Encryption transfer protocol
-Encryption zone transfer means we would transfer the zone from master
to slave by using security of encrypt password.
-Type command dnssec-keygen –a HMAC-MD5-b 96 –n HOST tola in
order to create encrypt password.
-Copy encryption file from master to slave to bring this key encrypt to
slave.
-Go to the named configuration to pass the encrypt key.
-Restart named services
7. Let testing of Zone transfer and Encryption transfer
I. On Windows:
+Before we install other services we need to modify the hostname and
assigned the real IP address of host.
-Assigned IP by type command ncpa.cpl to configure the IP address.
-Right on LAN and then click Properties
-Check Hostname
1. Install DNS + AD service
-Select Server Manager.Or from the Quick Launch Taskbar.
-Select Roles. Then Add Roles. Before you continue verify that;
-You can skip this page by default.
-Click Next to continue
-Select Active Directory Domain Services. There is no need to select DNS
Server; this role will be added with DCPROMO. Then Click Next.
- Ensure you read Things to Note. Then Click Next. Click Install.
- The Active Directory Binaries have been installed. Click Close this wizard
and launch dcpromo.exe. You can also launch dcpromo from the Run box.
Click Next. Or type the dcpromo on the run.
- Operating System Compatibility warning about new Server 2008 security
settings. Check there is no compatibility issue with existing network
infrastructure. If none click Next.
- Select Create a new domain in a new forest and Click Next.
-
- There are 3 Forest functional levels Windows 2000, Windows 2003,
Windows 2008 and Windows Server 2008 R2.
- Select DNS server then Next to continue. Next to continue. The Wizard
cannot contact the DNS server for this zone. Select yes to continue; DNS
will then be installed. The Database folders are assigned. Click Next to
accept the defaults. Restore mode password must be set, click Next to
continue.
- The Active Directory components are installed. Click Finish to complete
the installation. The Server needs to be restarted to finalise the
installation. Click Restart Now. Server restarts.
-
2. Configure DNS zone:
- Configure Forward
A Forward lookup is the most common form of DNS lookup. This
type of lookup converts a hostname into an IP address. A Forward
Lookup-Zone contains Name to IP Address mappings.
-Click Start> Administrative Tools> DNS >Expand by clicking the + next
to the DNS server
-To add a New Forward Lookup Zone Right click Forward Lookup Zones.
Click New Zone.
-Revers lookup zone
- Right click Reverse Lookup Zones and Select New Zone.
- Select Primary Zone and tick Store
- Select IPv4 Reverse Lookup Zone. and Next to continue
- Type in the Network ID and Next to continue
- The Wizard will ask you if you want to accept dynamic updates. As the
wizard shows there are drawbacks to having it enabled, but there are also
drawbacks for having it disabled.
- New Delegation to class Monitor as Admin
- To open DNS Manager, click Start, point to Administrative Tools, and
then click DNS.
- right-click the applicable subdomain, and then click New Delegation.
- Follow the instructions in the New Delegation Wizard to finish creating
the new delegated domain.
3. Create Resource Record:
A(Resolve from host to host)
-Open DNS Manager
- right-click the forward lookup zone to which you want to add the record,
and then click New Host (A or AAAA).
- In Name, type the DNS computer name for the new host.
In IP address, type the IP address for the new host. You can type the
address in IP version 4 (IPv4) format (to add a host (A) resource record)
or format (to add a host (AAAA) resource record).
-
PTR(pointer)
-You can use this procedure to create a pointer (PTR) resource record in a
reverse lookup zone in Domain Name System (DNS).
- right-click the reverse lookup zone that you want to manage, and then
click New Pointer (PTR).
-In the Host IP number text box, type the host IP address in IP version 4
(IPv4),
-As an option, you can click Browse to search the DNS namespace for
hosts that have host (A or AAAA) resource records already defined.
CNAME(alias)
- Alias (CNAME) resource records are also sometimes called canonical
name resource records. With these records, you can use more than one
name to point to a single host,
- right-click the applicable forward lookup zone, and then click New Alias.
- In Alias name, type the alias name.
- In Fully qualified domain name (FQDN) for target host, type the FQDN of
the DNS host computer for which this alias is to be used.
As an option, you can click Browse to search the DNS namespace for
hosts in this domain that have host (A) resource records already defined.
-
-Click OK to add the new record to the zone.
MX(Mail Exchanger)
-You can use this procedure to add a mail exchanger (MX) resource
record to a Domain Name System (DNS) zone to provide message routing
to a mail exchanger host.
- right-click the forward lookup zone to which you want to add the record,
and then click New Mail Exchanger (MX).
4. Create multiple domains name
- (tola091.lan) New Domain
-Forward New zone
-Reverse New Zone
- sna2015.lan(My own Domain)
5. Configure DNS zone transfer
- Configure on Primary DNS server
- Allow only sna2015.lan
- Configure on Secondary DNS server (Transfer only sna2015.lan)
-Transfer Reverse
-Enable master transfer zone
6. Active Directory-integrated DNS zone:
- Configure AD-integrated Replication
- Set Dynamic update as Security only