In this exercise, you configure LDAP replication with your neighbor.
You use a new LDAP entry
“uid=replicator,dc=digitalairlines,dc=com” with password “novell”
for replication.
In part IV, you change the surname of user kbailey from “Bailey” to
“Smith”. You do this on the master to see if the replication works correct.
Do the following:
■ Part I - Add the Replicator DN to the Master’s LDAP Directory
■ Part II - Configure the LDAP Master Server
■ Part III - Configure the LDAP Client Server
■ Part IV - Copy the Database and Start the Servers
■ Part V - Test Replication
Part I - Add the Replicator DN to the Master’s LDAP Directory
1. To add the new LDAP entry on the master create a new LDIF file by entering
vi replicator.ldif
2. Enter the following lines
dn: uid=replicator,dc=digitalairlines,dc=com
objectClass: inetOrgPerson
uid: replicator
cn: LDAP Replicator
sn: Replicator
You also can copy the file exercises/section_3/replicator.ldif from the Course DVD.
3. Save the file and exit by entering :wq.
4. Add the entry to the LDAP directory by entering
ldapadd -x -D
"cn=Administrator,dc=digitalairlines,dc=com" -W -f
replicator.ldif
5. To enter a password for the replicator enter
ldappasswd -x -D
"cn=Administrator,dc=digitalairlines,dc=com" -W -S
"uid=replicator,dc=digitalairlines,dc=com"
6. Enter novell twice as new password.
7. Enter the administrator password (also novell) to set the password.
Part II - Configure the LDAP Master Server
1. On the master stop your LDAP server by entering rcldap stop.
2. Open the file /etc/openldap/slapd.conf by entering
vi /etc/openldap/slapd.conf
3. Specify a file where the changes in the LDAP directory are stored by adding the line
replogfile /var/lib/ldap/master-slapd.replog
4. Specify the replication host (all in one line)
replica uri=ldap://slave_ip:389
binddn=”uid=replicator,dc=digitalairlines,dc=com”
bindmethod=simple credentials=novell
slave_ip is the IP address of your neighbor’s computer.
5. Save the file and exit by entering :wq.
Part III - Configure the LDAP Client Server
1. Stop your LDAP server by entering rcldap stop.
2. Open the file /etc/openldap/slapd.conf by entering
vi /etc/openldap/slapd.conf
3. Add the following lines
updatedn=”uid=replicator,dc=digitalairlines,dc=com”
updateref="ldap://master_ip"
master_ip is the IP address of your neighbor’s computer.
4. Change the following access rule
access to *
by * read
to
access to *
by dn=”uid=replicator,dc=digitalairlines,dc=com” write
by * read
5. Save the file and exit by entering :wq.
Part IV - Copy the Database and Start the Servers
1. On the master server enter
scp -r /var/lib/ldap/ host:/var/lib/ldap/
Replace host by the host name of the slave server.
2. Enter novell when prompted for a password.
3. On both servers start the slapd by entering
rcldap start.
4. On the master server start the slurpd by entering
rcslurpd start
Part V - Test Replication
1. To change some user information on the master, create a new
LDIF file by entering
vi change.ldif
2. Enter the following lines
dn: uid=kbailey,ou=people,dc=digitalairlines,dc=com
cn: Kate Smith
sn: Smith
You also can copy the file exercises/section_3/change.ldif from the Course DVD.
3. Save the file and exit by entering :wq.
4. To change the LDAP information, enter
ldapmodify -x -D
“cn=Administrator,dc=digitalairlines,dc=com” -W -f
change.ldif
5. On the master and slave enter
ldapsearch -x “uid=kbailey”
Wednesday, May 21, 2008
Set up an LDAP User Database
In this exercise, you create a password (“novell”) for user kbailey.
In part II you enable an automatically creation of the home directory if a user logs in using ssh.
In part III you login as user kbailey to test your configurations.
Do the following:
■ Part I - Set LDAP User Password
■ Part II - Configure Automatically Home Directory Creation
■ Part III - Login as kbailey via SSH
Part I - Set LDAP User Password
1. Use the command getent (Get Entry) to test whether the LDAP database is used by the glibc. Enter
getent passwd
The users in /etc/passwd and the LDAP database should be
listed. The end of the output may look similar to this:
...
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
geeko:x:1000:100:Geeko Chameleon:/home/geeko:/bin/bash
kbailey:*:1010:100:Kate Bailey:/home/kbailey:/bin/bash
2. To set the password for the user kbailey, enter
ldappasswd -x -D
"cn=Administrator,dc=digitalairlines,dc=com" -W -S
"uid=kbailey,ou=people,dc=digitalairlines,dc=com"
3. Enter novell twice as the new password.
4. Enter the administrator password (also novell) to set the password.
5. Search for your own LDAP entry by entering
ldapsearch -x -D
"cn=Administrator,dc=digitalairlines,dc=com" -x
“uid=kbailey” -W
6. Enter the administrator password (novell). Your encrypted user
password should be listed.
Part II - Configure Automatically Home Directory Creation
1. Open the file /etc/pam.d/sshd with vi by entering
vi /etc/pam.d/sshd
2. Add the following line
session required pam_mkhomedir.so skel=/etc/skel/
umask=0022
3. Save the file and exit by entering :wq.
Part III - Login as kbailey via SSH
1. Login as user kbailey by entering
ssh -l kbailey localhost
2. Enter yes to modify the list of known hosts.
3. Enter the password of kbailey (novell).
The home directory should be created.
4. Enter exit to log out.
In part II you enable an automatically creation of the home directory if a user logs in using ssh.
In part III you login as user kbailey to test your configurations.
Do the following:
■ Part I - Set LDAP User Password
■ Part II - Configure Automatically Home Directory Creation
■ Part III - Login as kbailey via SSH
Part I - Set LDAP User Password
1. Use the command getent (Get Entry) to test whether the LDAP database is used by the glibc. Enter
getent passwd
The users in /etc/passwd and the LDAP database should be
listed. The end of the output may look similar to this:
...
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
geeko:x:1000:100:Geeko Chameleon:/home/geeko:/bin/bash
kbailey:*:1010:100:Kate Bailey:/home/kbailey:/bin/bash
2. To set the password for the user kbailey, enter
ldappasswd -x -D
"cn=Administrator,dc=digitalairlines,dc=com" -W -S
"uid=kbailey,ou=people,dc=digitalairlines,dc=com"
3. Enter novell twice as the new password.
4. Enter the administrator password (also novell) to set the password.
5. Search for your own LDAP entry by entering
ldapsearch -x -D
"cn=Administrator,dc=digitalairlines,dc=com" -x
“uid=kbailey” -W
6. Enter the administrator password (novell). Your encrypted user
password should be listed.
Part II - Configure Automatically Home Directory Creation
1. Open the file /etc/pam.d/sshd with vi by entering
vi /etc/pam.d/sshd
2. Add the following line
session required pam_mkhomedir.so skel=/etc/skel/
umask=0022
3. Save the file and exit by entering :wq.
Part III - Login as kbailey via SSH
1. Login as user kbailey by entering
ssh -l kbailey localhost
2. Enter yes to modify the list of known hosts.
3. Enter the password of kbailey (novell).
The home directory should be created.
4. Enter exit to log out.
Add Users to the LDAP Directory
In this exercise, you add a user with the following information to your LDAP directory:
Information Value
Login kbailey
Name Kate Bailey
UID 1010
GID 100
Home directory /home/kbailey
Login shell /bin/bash
1. There should be some entries in the LDAP directory created by YaST. To see the content of your LDAP directory enter ldapsearch -x
2. Create an LDIF file by entering vi example.ldif
3. To create a Posix accout for a new user kbailey, add the following lines:
dn: uid=kbailey,ou=people,dc=digitalairlines,dc=com
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
uid: kbailey
uidNumber: 1010
gidNumber: 100
cn: Kate Bailey
givenName: Kate
sn: Bailey
homeDirectory: /home/kbailey
loginShell: /bin/bash
shadowMax: 99999
shadowWarning: 7
shadowInactive: -1
shadowMin: 0
shadowLastChange: 12609
You also can copy the file exercises/section_3/kbailey.ldif from the Course DVD.
4. Save the file and exit the text editor by entering :wq.
5. Add the LDIF file to your LDAP database by entering
ldapadd -x -D "cn=Administrator,dc=digitalairlines,dc=com" -W -f kbailey.ldif
6. Enter the password for the LDAP administrator (novell).
7. To see the content of your LDAP directory, enter
ldapsearch -x "uid=kbailey"
Information Value
Login kbailey
Name Kate Bailey
UID 1010
GID 100
Home directory /home/kbailey
Login shell /bin/bash
1. There should be some entries in the LDAP directory created by YaST. To see the content of your LDAP directory enter ldapsearch -x
2. Create an LDIF file by entering vi example.ldif
3. To create a Posix accout for a new user kbailey, add the following lines:
dn: uid=kbailey,ou=people,dc=digitalairlines,dc=com
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
uid: kbailey
uidNumber: 1010
gidNumber: 100
cn: Kate Bailey
givenName: Kate
sn: Bailey
homeDirectory: /home/kbailey
loginShell: /bin/bash
shadowMax: 99999
shadowWarning: 7
shadowInactive: -1
shadowMin: 0
shadowLastChange: 12609
You also can copy the file exercises/section_3/kbailey.ldif from the Course DVD.
4. Save the file and exit the text editor by entering :wq.
5. Add the LDIF file to your LDAP database by entering
ldapadd -x -D "cn=Administrator,dc=digitalairlines,dc=com" -W -f kbailey.ldif
6. Enter the password for the LDAP administrator (novell).
7. To see the content of your LDAP directory, enter
ldapsearch -x "uid=kbailey"
Set Up OpenLDAP with YaST
In this exercise, you set up an OpenLDAP server and client using YaST. The base DN is “dc=digitalairlines,dc=com” and the common name of the LDAP adminstrator is “cn=Administrator,dc=digitalairlines,dc=com” with password “novell”. TLS/SSL is not used in this exercise. Do the following:
■ Part I - Install OpenLDAP
■ Part II - Setup the OpenLDAP Server
■ Part III - Setup the OpenLDAP Client
Part I - Install OpenLDAP
1. From the main menu, start YaST.
2. Enter the root password (novell) and select OK.
3. From the YaST Control Center, select Software > Software
Management.
4. From the filter drop-down menu, select Search.
5. In the Search field, enter ldap; then select Search.
6. On the right, select the following packages:
❑ nss_ldap
❑ openldap2
❑ openldap2-client
❑ pam_ldap
7. Select Accept; then insert the requested SUSE Linux Enterprise
Server 10 DVD.
8. When installation is complete, remove the DVD and close the
YaST Control Center.
Part II - Setup the OpenLDAP Server
1. Start YaST.
2. Start the YaST module Network Services > LDAP Server.
3. Select Yes to start the LDAP server.
4. Select Configure.
5. In the LDAP Server Configuration dialog select Add Database
to add a database.
6. In the Add Database dialog enter the following information:
Textbox Value
Base DN dc=digitalairlines,dc=com
LDAP Password novell
Validate Password novell
7. Select OK.
8. In the left frame select Global Settings > TLS Settings. Make
Sure that the option TLS Active is set to no.
9. Select Finish.
Part III - Setup the OpenLDAP Client
1. Start the YaST module Network Services > LDAP Client.
2. Select Use LDAP to activate LDAP for user authentication.
3. Make sure that the content of Addresses of LDAP Servers is
127.0.0.1.
4. Make sure that the content of LDAP base DN is
dc=digitalairlines,dc=com
5. Make sure that the option LDAP TLS/SSL is deactivated.
6. Select Advanced Configuration.
7. Select the Administration Settings tab.
8. Enter cn=Administrator in the textbox Administration DN.
9. Activate the option Append Base DN.
10. Activate the option Create Default Configuration Objects.
11. Activate the option Home Directories on This Machine.
12. Select Accept.
13. Select Finish.
14. When asked to enter the administrator password enter novell.
■ Part I - Install OpenLDAP
■ Part II - Setup the OpenLDAP Server
■ Part III - Setup the OpenLDAP Client
Part I - Install OpenLDAP
1. From the main menu, start YaST.
2. Enter the root password (novell) and select OK.
3. From the YaST Control Center, select Software > Software
Management.
4. From the filter drop-down menu, select Search.
5. In the Search field, enter ldap; then select Search.
6. On the right, select the following packages:
❑ nss_ldap
❑ openldap2
❑ openldap2-client
❑ pam_ldap
7. Select Accept; then insert the requested SUSE Linux Enterprise
Server 10 DVD.
8. When installation is complete, remove the DVD and close the
YaST Control Center.
Part II - Setup the OpenLDAP Server
1. Start YaST.
2. Start the YaST module Network Services > LDAP Server.
3. Select Yes to start the LDAP server.
4. Select Configure.
5. In the LDAP Server Configuration dialog select Add Database
to add a database.
6. In the Add Database dialog enter the following information:
Textbox Value
Base DN dc=digitalairlines,dc=com
LDAP Password novell
Validate Password novell
7. Select OK.
8. In the left frame select Global Settings > TLS Settings. Make
Sure that the option TLS Active is set to no.
9. Select Finish.
Part III - Setup the OpenLDAP Client
1. Start the YaST module Network Services > LDAP Client.
2. Select Use LDAP to activate LDAP for user authentication.
3. Make sure that the content of Addresses of LDAP Servers is
127.0.0.1.
4. Make sure that the content of LDAP base DN is
dc=digitalairlines,dc=com
5. Make sure that the option LDAP TLS/SSL is deactivated.
6. Select Advanced Configuration.
7. Select the Administration Settings tab.
8. Enter cn=Administrator in the textbox Administration DN.
9. Activate the option Append Base DN.
10. Activate the option Create Default Configuration Objects.
11. Activate the option Home Directories on This Machine.
12. Select Accept.
13. Select Finish.
14. When asked to enter the administrator password enter novell.
Thursday, May 1, 2008
Configure Zone Transfers from the Master Server to Slave Server
In this exercise, you configure zone transfers from a master to a slave server.
In part I, you create a 128 bit MD5 key with the name zonetransfer.
In part II, you configure the master server to use this key for zone transfer. Create a file /etc/named.key where you enter the key zonetransfer options. This file is included into the /etc/named.conf
In part III, you configure the slave to server to use this key for zone transfer. Copy the file /etc/named.key from the master server to the client server and include it into the file /etc/named.conf.
Do the following:
■ Part I: Generate a Key
■ Part II: Configure the Master Server
■ Part III: Configure the Slave Server
Part I: Generate a Key
1. To stop the DNS server, enter
rcnamed stop
2. Change the directory by entering
cd /var/lib/named
3. To generate a key, enter (on one line)
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST zonetransfer
4. Record the file name of the key in the space below:
Part II: Configure the Master Server
Do the following:
1. Create a new file /etc/named.key with the following content:
key zonetransfer {
algorithm HMAC-MD5;
secret “key”;
};
Instead of key insert the key you created in part I.
2. Change the owner of the file to named by entering
chgrp named /etc/named.key
3. Remove the read permission for others from the file by entering
chmod o-r /etc/named.key
4. On the master server, open the /etc/named.conf file with a text editor.
5. Add the following line at the beginning of the file:
include “/etc/named.key”;
6. Change the content of the zone description of digitalairlines.com as follows:
zone "digitalairlines.com" in {
type master;
file "master/digitalairlines.com.zone";
allow-transfer {
key zonetransfer;
};
};
7. Change the content of the zone description of 0.0.10.in-addr.arpa as follows:
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
allow-transfer {
key zonetransfer;
};
};
8. Save the file and exit the text editor.
9. Open a second terminal window and enter su - to get root permissions.
10. When prompted, enter the root password novell.
11. Enter the command
tail -f /var/log/messages
12. Switch to the first terminal window and start bind by entering
rcnamed start
13. From the second terminal window, watch the log output of bind when the slave server is started.
Part III: Configure the Slave Server
Do the following:
1. Copy the file /etc/named.key from the master server to the slave server.
2. Change the owner of the file to named by entering
chgrp named /etc/named.key
3. Remove the read permission for others from the file by entering
chmod o-r /etc/named.key
4. On the slave server, open the /etc/named.conf file with a text editor.
5. Add the following line at the beginning of the file:
include “/etc/named.key”;
6. Add the following lines after the option section:
key zonetransfer {
algorithm HMAC-MD5;
secret “key”;
};
server IP_address_of_the_master_server {
keys {
zonetransfer;
};
};
In the secret option, enter the key of the master server.
7. Save the file and exit the text editor.
8. Remove the files in the directory /var/lib/named/slave/ by entering:
rm /var/lib/named/slave/*
9. Open a second terminal window and enter su - to get root
permissions.
10. When prompted, enter the root password novell.
11. Enter the command
tail -f /var/log/messages
12. Switch to the first terminal window and start bind by entering
rcnamed start
13. From the second terminal window, watch the log output of bind to see if the zone transfer will be done.
In part I, you create a 128 bit MD5 key with the name zonetransfer.
In part II, you configure the master server to use this key for zone transfer. Create a file /etc/named.key where you enter the key zonetransfer options. This file is included into the /etc/named.conf
In part III, you configure the slave to server to use this key for zone transfer. Copy the file /etc/named.key from the master server to the client server and include it into the file /etc/named.conf.
Do the following:
■ Part I: Generate a Key
■ Part II: Configure the Master Server
■ Part III: Configure the Slave Server
Part I: Generate a Key
1. To stop the DNS server, enter
rcnamed stop
2. Change the directory by entering
cd /var/lib/named
3. To generate a key, enter (on one line)
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST zonetransfer
4. Record the file name of the key in the space below:
Part II: Configure the Master Server
Do the following:
1. Create a new file /etc/named.key with the following content:
key zonetransfer {
algorithm HMAC-MD5;
secret “key”;
};
Instead of key insert the key you created in part I.
2. Change the owner of the file to named by entering
chgrp named /etc/named.key
3. Remove the read permission for others from the file by entering
chmod o-r /etc/named.key
4. On the master server, open the /etc/named.conf file with a text editor.
5. Add the following line at the beginning of the file:
include “/etc/named.key”;
6. Change the content of the zone description of digitalairlines.com as follows:
zone "digitalairlines.com" in {
type master;
file "master/digitalairlines.com.zone";
allow-transfer {
key zonetransfer;
};
};
7. Change the content of the zone description of 0.0.10.in-addr.arpa as follows:
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
allow-transfer {
key zonetransfer;
};
};
8. Save the file and exit the text editor.
9. Open a second terminal window and enter su - to get root permissions.
10. When prompted, enter the root password novell.
11. Enter the command
tail -f /var/log/messages
12. Switch to the first terminal window and start bind by entering
rcnamed start
13. From the second terminal window, watch the log output of bind when the slave server is started.
Part III: Configure the Slave Server
Do the following:
1. Copy the file /etc/named.key from the master server to the slave server.
2. Change the owner of the file to named by entering
chgrp named /etc/named.key
3. Remove the read permission for others from the file by entering
chmod o-r /etc/named.key
4. On the slave server, open the /etc/named.conf file with a text editor.
5. Add the following line at the beginning of the file:
include “/etc/named.key”;
6. Add the following lines after the option section:
key zonetransfer {
algorithm HMAC-MD5;
secret “key”;
};
server IP_address_of_the_master_server {
keys {
zonetransfer;
};
};
In the secret option, enter the key of the master server.
7. Save the file and exit the text editor.
8. Remove the files in the directory /var/lib/named/slave/ by entering:
rm /var/lib/named/slave/*
9. Open a second terminal window and enter su - to get root
permissions.
10. When prompted, enter the root password novell.
11. Enter the command
tail -f /var/log/messages
12. Switch to the first terminal window and start bind by entering
rcnamed start
13. From the second terminal window, watch the log output of bind to see if the zone transfer will be done.
Configure DNS Server with Forwarding
In this exercise, you work with a partner to configure a DNS master server and a DNS slave server for the domain digitalairlines.com. Both servers should be configured to make zone transfer.
The range of IP addresses is 10.0.0.2 to 10.0.0.12. The names of the computers in your network are da2 to da12.
The IP address of your forwarder is 10.0.0.254. Its name is da1.
In part V you configure a subdomain muc.digitalairlines.com. The master server for this subdomain is the slave server of digitalairlines.com.
The range of IP addresses in this subdomain is 10.0.1.100 to 10.0.1.102. The names of the computers is da100 to da102.
The master server of digitalairlines.com forwards requests concerning the subdomain to the slave server.
You need to work as a team on all parts of the exercise.
Do the following:
■ Part I - Switch to Static IP Addresses
■ Part II - Install BIND
■ Part III - Configure the DNS Master Server for the Domain
digitalairlines.com
■ Part IV - Configure the DNS Slave Server for the Domain
digitalairlines.com
■ Part V - Configure the DNS Master Server for the Domain
muc.digitalairlines.com
■ Part VI - Enable Forwarding
Part I - Switch to Static IP Addresses
To switch to static IP addresses, do the following:
1. From the GNOME desktop, open the main menu.
2. Select More Applications.
3. Enter term into the Filter text box.
4. Select the Gnome Terminal icon to start a terminal emulation.
5. Enter /sbin/ip address show to record the following information for your SUSE Linux Enterprise Server 10 server:
❑ IP address:
❑ Hostname:
6. Close the terminal window.
7. From the main menu, start YaST.
8. Enter the root password (novell) and select OK.
9. Select Network Card from the Network Devices YaST module.
10. Make sure that Traditional Method with ifup is selected and select Next.
Your network card is listed in the upper table.
11. Make sure your network card is selected; then select Edit.
12. Make sure that the Address tab is activated.
13. Switch the setup by selecting Static address setup.
14. In the IP Address field, enter the IP address from Part I.
15. In the Subnet mask field, enter 255.255.255.0.
16. Select Host name and name server.
17. (Conditional) If a dialog appears indicating that the resolv.conf
file has been temporarily modified, continue by selecting
Modify.
18. In the Hostname field, enter the hostname from Part I.
19. In the Domain Name field, enter digitalairlines.com.
20. Select OK.
21. Select Routing.
22. In the Default Gateway field, enter the IP address of your Internet
gateway (10.0.0.254).
23. Select OK.
24. Select Next.
25. Select Next.
Part II - Install BIND
To install BIND, do the following:
1. From the YaST Control Center, select
Software > Software Management
2. From the Filter drop-down menu, select Search.
3. In the Search field, enter bind; then select Search.
4. On the right, select the bind and the bind-chrootenv package.
5. Select Accept; then insert the requested SUSE Linux Enterprise Server 10 DVD.
6. When installation is complete, remove the DVD and close the YaST Control Center.
Part III - Configure the DNS Master Server for the Domain digitalairlines.com
Do the following to configure a DNS master server:
1. Open a terminal window and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To rename the file /etc/named.conf to /etc/named.conf.orig, enter
mv /etc/named.conf /etc/named.conf.orig
4. Create a new configuration file named /etc/named.conf with the following content:
# /etc/named.conf: Configuration of the master name server
options {
# Where are the files located?
directory "/var/lib/named";
# Forwarding requests to the classroom server
# forwarders { 192.0.2.1; 192.0.2.2; };
};
# Definition of root zone
zone "." in {
type hint;
file "root.hint";
};
# Definition of the zone localhost
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
5. Configure the forwarders line to match the following:
forwarders {10.0.0.254;};
Make sure that you delete the comment character from the beginning of the forwarders line.
6. Add the following two zone statements after the existing zone statements:
zone “digitalairlines.com” in {
type master;
file “master/digitalairlines.com.zone”;
};
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
};
7. Save and close the file.
8. Create a new file digitalairlines.com.zone in the directory
/var/lib/named/master/.
9. Enter the following zone configuration in the file:
$TTL 172800
digitalairlines.com. IN SOA your_FQDN. hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
digitalairlines.com. IN NS your_FQDN.
digitalairlines.com. IN NS slave_FQDN.
da1 IN A 10.0.0.254
da2 IN A 10.0.0.2
da10 IN A 10.0.0.10
da11 IN A 10.0.0.11
da12 IN A 10.0.0.12
The SOA record (including hostmaster.digitalairlines.com) must be on a single line.
Make sure you enter your FQDN (such as da50.digitalairlines.com) in the SOA and NS records.
Use the current date and “01” as the serial number (such as 2006071501).
Add an A record for your own host, such as
da50 IN A 10.0.0.50
10. Save and close the file.
11. Create a new file 10.0.0.zone in the directory /var/lib/named/master/.
12. Enter the following zone configuration in the file:
$TTL 172800
0.0.10.in-addr.arpa. IN SOA your_FQDN. hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
0.0.10.in-addr.arpa. IN NS your_FQDN.
0.0.10.in-addr.arpa. IN NS slave_FQDN.
254 IN PTR da1.digitalairlines.com.
2 IN PTR da2.digitalairlines.com.
10 IN PTR da10.digitalairlines.com.
11 IN PTR da11.digitalairlines.com.
12 IN PTR da12.digitalairlines.com.
13. Save and close the file.
14. Open a second terminal window and enter su - to get root permissions.
15. When prompted, enter the root password novell.
16. Enter the command
tail -f /var/log/messages
17. Switch to the first terminal window and start bind by entering
rcnamed start
18. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR Type or File Not Found.
If any errors occur, fix them and restart bind.
19. From the first terminal window, start bind automatically when the system is booted by entering
insserv named
20. Open the file /etc/resolv.conf in a text editor.
21. Delete all existing nameserver entries.
22. Add the following entry:
nameserver your_ip_address
23. Save and close the file.
24. Verify that your DNS server works by entering
host da10.digitalairlines.com
This should display the IP address of 10.0.0.10.
Part IV - Configure the DNS Slave Server for the Domain digitalairlines.com
To configure the DNS slave server, do the following on the DNS slave server:
1. Open a terminal window and and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To rename the file /etc/named.conf to /etc/named.conf.orig, enter
mv /etc/named.conf /etc/named.conf.orig
4. Create a new configuration file named /etc/named.conf with the
following settings:
# /etc/named.conf: Configuration of the slave name server
options {
# Where are the files located?
directory "/var/lib/named";
# Forwarding requests to the classroom server
# forwarders { 192.0.2.1; 192.0.2.2; };
};
# Definition of root zone
zone "." in {
type hint;
file "root.hint";
};
# Definition of the zone localhost
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
5. Configure the forwarders line to match the following:
forwarders {10.0.0.254;};
Make sure that you delete the comment character from the beginning of the forwarders line.
6. Enter the following two zone statements after the existing statements:
zone “digitalairlines.com” in {
type slave;
file “slave/digitalairlines.com.zone”;
masters {
master_server_ip_address;
};
};
zone “0.0.10.in-addr.arpa” in {
type slave;
file “slave/10.0.0.zone”;
masters {
master_server_ip_address;
};
};
7. Save the changes and close the editor.
8. Open a second terminal window and enter su - to get root permissions.
9. When prompted, enter the root password novell.
10. Enter the command
tail -f /var/log/messages
11. Switch to the first terminal window and start bind by entering
rcnamed start
12. From the second terminal window, watch the log output of bind for any messages such as Unknown RR Type or File Not
Found.
13. If any errors occur, try to fix them and restart bind.
14. Start bind automatically when the system boots by entering
insserv named
15. From the first terminal window, open the /etc/resolv.conf file in a text editor.
16. Delete all existing nameserver entries.
17. Add the following entry:
nameserver server_ip_address
18. Save and close the file.
19. Verify that your DNS server works by entering
host da10.digitalairlines.com
Part V - Configure the DNS Master Server for the Domain muc.digitalairlines.com
In the following, the slave server will also be configured as master server of the subdomain. To configure the DNS Master Server for the Domain muc.digitalairlines.com, do the following on the slave server:
1. Open a terminal window and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To stop the DNS server, enter
rcnamed stop
4. Open the file /etc/named.conf with your favorite editor.
5. Add the following two zone statements after the existing zone statements:
zone “muc.digitalairlines.com” in {
type master;
file “master/muc.digitalairlines.com.zone”;
};
zone “1.0.10.in-addr.arpa” in {
type master;
file “master/10.0.1.zone”;
};
6. Save and close the file.
7. Create a new file muc.digitalairlines.com.zone in the directory
/var/lib/named/master/.
8. Enter the following zone configuration in the file:
$TTL 172800
muc.digitalairlines.com. IN SOA your_FQDN.
hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
muc.digitalairlines.com. IN NS your_FQDN.
muc.digitalairlines.com. IN MX 1 da1.digitalairlines.com.
da100 IN A 10.0.1.100
da101 IN A 10.0.1.101
da102 IN A 10.0.1.102
9. Save and close the file.
10. Create a new file 10.0.1.zone in the directory
/var/lib/named/master/.
11. Enter the following zone configuration in the file:
$TTL 172800
1.0.10.in-addr.arpa. IN SOA your_FQDN.
hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
IN NS your_FQDN.
100 IN PTR da100.muc.digitalairlines.com.
101 IN PTR da101.muc.digitalairlines.com.
102 IN PTR da102.muc.digitalairlines.com.
12. Save and close the file.
13. Open a second terminal window and enter su - to get root permissions.
14. When prompted, enter the root password novell.
15. Enter the command
tail -f /var/log/messages
16. Switch to the first terminal window and start bind by entering
rcnamed start
17. From the second terminal window, watch the log output of bind for any messages such as Unknown RR Type or File Not
Found.
18. If any errors occur, fix them and restart bind.
19. Open the file /etc/resolv.conf in a text editor.
20. Modify the search entry to:
search digitalairlines.com muc.digitalairlines.com
21. Save and close the file.
22. Verify that your DNS server works by entering
host da100.muc.digitalairlines.com
This should display the IP address of 10.0.1.100.
Part VI - Enable Forwarding
To forward requests concerning a subdomain to the master server of the subdomain server, do the following on the master server for digitalairlines.com:
1. Open a terminal window and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To stop the DNS server, enter
rcnamed stop
4. Open the /etc/named.conf file with a text editor.
5. Add the following zone after the other zone definitions:
zone “muc.digitalairlines.com” in
{
type forward;
forward only;
forwarders {
IP_address_of_the_slave_server;
};
};
zone “1.0.10.in-addr.arpa” in
{
type forward;
forward only;
forwarders {
IP_address_of_the_slave_server;
};
};
6. Save and close the file.
7. Open a second terminal window and enter su - to get root
permissions.
8. When prompted, enter the root password novell.
9. Enter the command
tail -f /var/log/messages
10. Switch to the first terminal window and start bind by entering
rcnamed start
11. From the second terminal window, watch the log output of bind for any messages such as Unknown RR Type or File Not
Found.
12. If any errors occur, fix them and restart bind.
13. Verify that your DNS server works by entering
host da100.muc.digitalairlines.com
This should display the IP address of 10.0.1.100
The range of IP addresses is 10.0.0.2 to 10.0.0.12. The names of the computers in your network are da2 to da12.
The IP address of your forwarder is 10.0.0.254. Its name is da1.
In part V you configure a subdomain muc.digitalairlines.com. The master server for this subdomain is the slave server of digitalairlines.com.
The range of IP addresses in this subdomain is 10.0.1.100 to 10.0.1.102. The names of the computers is da100 to da102.
The master server of digitalairlines.com forwards requests concerning the subdomain to the slave server.
You need to work as a team on all parts of the exercise.
Do the following:
■ Part I - Switch to Static IP Addresses
■ Part II - Install BIND
■ Part III - Configure the DNS Master Server for the Domain
digitalairlines.com
■ Part IV - Configure the DNS Slave Server for the Domain
digitalairlines.com
■ Part V - Configure the DNS Master Server for the Domain
muc.digitalairlines.com
■ Part VI - Enable Forwarding
Part I - Switch to Static IP Addresses
To switch to static IP addresses, do the following:
1. From the GNOME desktop, open the main menu.
2. Select More Applications.
3. Enter term into the Filter text box.
4. Select the Gnome Terminal icon to start a terminal emulation.
5. Enter /sbin/ip address show to record the following information for your SUSE Linux Enterprise Server 10 server:
❑ IP address:
❑ Hostname:
6. Close the terminal window.
7. From the main menu, start YaST.
8. Enter the root password (novell) and select OK.
9. Select Network Card from the Network Devices YaST module.
10. Make sure that Traditional Method with ifup is selected and select Next.
Your network card is listed in the upper table.
11. Make sure your network card is selected; then select Edit.
12. Make sure that the Address tab is activated.
13. Switch the setup by selecting Static address setup.
14. In the IP Address field, enter the IP address from Part I.
15. In the Subnet mask field, enter 255.255.255.0.
16. Select Host name and name server.
17. (Conditional) If a dialog appears indicating that the resolv.conf
file has been temporarily modified, continue by selecting
Modify.
18. In the Hostname field, enter the hostname from Part I.
19. In the Domain Name field, enter digitalairlines.com.
20. Select OK.
21. Select Routing.
22. In the Default Gateway field, enter the IP address of your Internet
gateway (10.0.0.254).
23. Select OK.
24. Select Next.
25. Select Next.
Part II - Install BIND
To install BIND, do the following:
1. From the YaST Control Center, select
Software > Software Management
2. From the Filter drop-down menu, select Search.
3. In the Search field, enter bind; then select Search.
4. On the right, select the bind and the bind-chrootenv package.
5. Select Accept; then insert the requested SUSE Linux Enterprise Server 10 DVD.
6. When installation is complete, remove the DVD and close the YaST Control Center.
Part III - Configure the DNS Master Server for the Domain digitalairlines.com
Do the following to configure a DNS master server:
1. Open a terminal window and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To rename the file /etc/named.conf to /etc/named.conf.orig, enter
mv /etc/named.conf /etc/named.conf.orig
4. Create a new configuration file named /etc/named.conf with the following content:
# /etc/named.conf: Configuration of the master name server
options {
# Where are the files located?
directory "/var/lib/named";
# Forwarding requests to the classroom server
# forwarders { 192.0.2.1; 192.0.2.2; };
};
# Definition of root zone
zone "." in {
type hint;
file "root.hint";
};
# Definition of the zone localhost
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
5. Configure the forwarders line to match the following:
forwarders {10.0.0.254;};
Make sure that you delete the comment character from the beginning of the forwarders line.
6. Add the following two zone statements after the existing zone statements:
zone “digitalairlines.com” in {
type master;
file “master/digitalairlines.com.zone”;
};
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
};
7. Save and close the file.
8. Create a new file digitalairlines.com.zone in the directory
/var/lib/named/master/.
9. Enter the following zone configuration in the file:
$TTL 172800
digitalairlines.com. IN SOA your_FQDN. hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
digitalairlines.com. IN NS your_FQDN.
digitalairlines.com. IN NS slave_FQDN.
da1 IN A 10.0.0.254
da2 IN A 10.0.0.2
da10 IN A 10.0.0.10
da11 IN A 10.0.0.11
da12 IN A 10.0.0.12
The SOA record (including hostmaster.digitalairlines.com) must be on a single line.
Make sure you enter your FQDN (such as da50.digitalairlines.com) in the SOA and NS records.
Use the current date and “01” as the serial number (such as 2006071501).
Add an A record for your own host, such as
da50 IN A 10.0.0.50
10. Save and close the file.
11. Create a new file 10.0.0.zone in the directory /var/lib/named/master/.
12. Enter the following zone configuration in the file:
$TTL 172800
0.0.10.in-addr.arpa. IN SOA your_FQDN. hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
0.0.10.in-addr.arpa. IN NS your_FQDN.
0.0.10.in-addr.arpa. IN NS slave_FQDN.
254 IN PTR da1.digitalairlines.com.
2 IN PTR da2.digitalairlines.com.
10 IN PTR da10.digitalairlines.com.
11 IN PTR da11.digitalairlines.com.
12 IN PTR da12.digitalairlines.com.
13. Save and close the file.
14. Open a second terminal window and enter su - to get root permissions.
15. When prompted, enter the root password novell.
16. Enter the command
tail -f /var/log/messages
17. Switch to the first terminal window and start bind by entering
rcnamed start
18. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR Type or File Not Found.
If any errors occur, fix them and restart bind.
19. From the first terminal window, start bind automatically when the system is booted by entering
insserv named
20. Open the file /etc/resolv.conf in a text editor.
21. Delete all existing nameserver entries.
22. Add the following entry:
nameserver your_ip_address
23. Save and close the file.
24. Verify that your DNS server works by entering
host da10.digitalairlines.com
This should display the IP address of 10.0.0.10.
Part IV - Configure the DNS Slave Server for the Domain digitalairlines.com
To configure the DNS slave server, do the following on the DNS slave server:
1. Open a terminal window and and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To rename the file /etc/named.conf to /etc/named.conf.orig, enter
mv /etc/named.conf /etc/named.conf.orig
4. Create a new configuration file named /etc/named.conf with the
following settings:
# /etc/named.conf: Configuration of the slave name server
options {
# Where are the files located?
directory "/var/lib/named";
# Forwarding requests to the classroom server
# forwarders { 192.0.2.1; 192.0.2.2; };
};
# Definition of root zone
zone "." in {
type hint;
file "root.hint";
};
# Definition of the zone localhost
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
5. Configure the forwarders line to match the following:
forwarders {10.0.0.254;};
Make sure that you delete the comment character from the beginning of the forwarders line.
6. Enter the following two zone statements after the existing statements:
zone “digitalairlines.com” in {
type slave;
file “slave/digitalairlines.com.zone”;
masters {
master_server_ip_address;
};
};
zone “0.0.10.in-addr.arpa” in {
type slave;
file “slave/10.0.0.zone”;
masters {
master_server_ip_address;
};
};
7. Save the changes and close the editor.
8. Open a second terminal window and enter su - to get root permissions.
9. When prompted, enter the root password novell.
10. Enter the command
tail -f /var/log/messages
11. Switch to the first terminal window and start bind by entering
rcnamed start
12. From the second terminal window, watch the log output of bind for any messages such as Unknown RR Type or File Not
Found.
13. If any errors occur, try to fix them and restart bind.
14. Start bind automatically when the system boots by entering
insserv named
15. From the first terminal window, open the /etc/resolv.conf file in a text editor.
16. Delete all existing nameserver entries.
17. Add the following entry:
nameserver server_ip_address
18. Save and close the file.
19. Verify that your DNS server works by entering
host da10.digitalairlines.com
Part V - Configure the DNS Master Server for the Domain muc.digitalairlines.com
In the following, the slave server will also be configured as master server of the subdomain. To configure the DNS Master Server for the Domain muc.digitalairlines.com, do the following on the slave server:
1. Open a terminal window and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To stop the DNS server, enter
rcnamed stop
4. Open the file /etc/named.conf with your favorite editor.
5. Add the following two zone statements after the existing zone statements:
zone “muc.digitalairlines.com” in {
type master;
file “master/muc.digitalairlines.com.zone”;
};
zone “1.0.10.in-addr.arpa” in {
type master;
file “master/10.0.1.zone”;
};
6. Save and close the file.
7. Create a new file muc.digitalairlines.com.zone in the directory
/var/lib/named/master/.
8. Enter the following zone configuration in the file:
$TTL 172800
muc.digitalairlines.com. IN SOA your_FQDN.
hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
muc.digitalairlines.com. IN NS your_FQDN.
muc.digitalairlines.com. IN MX 1 da1.digitalairlines.com.
da100 IN A 10.0.1.100
da101 IN A 10.0.1.101
da102 IN A 10.0.1.102
9. Save and close the file.
10. Create a new file 10.0.1.zone in the directory
/var/lib/named/master/.
11. Enter the following zone configuration in the file:
$TTL 172800
1.0.10.in-addr.arpa. IN SOA your_FQDN.
hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
IN NS your_FQDN.
100 IN PTR da100.muc.digitalairlines.com.
101 IN PTR da101.muc.digitalairlines.com.
102 IN PTR da102.muc.digitalairlines.com.
12. Save and close the file.
13. Open a second terminal window and enter su - to get root permissions.
14. When prompted, enter the root password novell.
15. Enter the command
tail -f /var/log/messages
16. Switch to the first terminal window and start bind by entering
rcnamed start
17. From the second terminal window, watch the log output of bind for any messages such as Unknown RR Type or File Not
Found.
18. If any errors occur, fix them and restart bind.
19. Open the file /etc/resolv.conf in a text editor.
20. Modify the search entry to:
search digitalairlines.com muc.digitalairlines.com
21. Save and close the file.
22. Verify that your DNS server works by entering
host da100.muc.digitalairlines.com
This should display the IP address of 10.0.1.100.
Part VI - Enable Forwarding
To forward requests concerning a subdomain to the master server of the subdomain server, do the following on the master server for digitalairlines.com:
1. Open a terminal window and enter su - to get root permissions.
2. When prompted, enter the root password novell.
3. To stop the DNS server, enter
rcnamed stop
4. Open the /etc/named.conf file with a text editor.
5. Add the following zone after the other zone definitions:
zone “muc.digitalairlines.com” in
{
type forward;
forward only;
forwarders {
IP_address_of_the_slave_server;
};
};
zone “1.0.10.in-addr.arpa” in
{
type forward;
forward only;
forwarders {
IP_address_of_the_slave_server;
};
};
6. Save and close the file.
7. Open a second terminal window and enter su - to get root
permissions.
8. When prompted, enter the root password novell.
9. Enter the command
tail -f /var/log/messages
10. Switch to the first terminal window and start bind by entering
rcnamed start
11. From the second terminal window, watch the log output of bind for any messages such as Unknown RR Type or File Not
Found.
12. If any errors occur, fix them and restart bind.
13. Verify that your DNS server works by entering
host da100.muc.digitalairlines.com
This should display the IP address of 10.0.1.100
Subscribe to:
Posts (Atom)
