To understand the basic working of DNS server. For the same, one will also require to configure DNS server. We will use “Wireshark” packet sniffer for better understanding of the protocols. Resources Available:
1. 2. 3. 4.
PCs NIC NICs Hub Data ata ccab able less
3 N os. 3 Nos. 1 No.
Experimental Setup:
1. Network Network is establishe established d as per the diagram diagram below. below. It include includess all the details details of IP addresses and hostnames also. 2. Wireshark Wireshark is is installe installed d on all the machines. machines. Prior Preparation: Theoretical: 1. 2. 3.
A theoretical theoretical understanding of the Domain Domain name name Service. Service. Also required is the IP addressing scheme, class concept with subnet ting. Linux file hierarchy with clear clear understanding of services to be used.
Practical: 1. Give the the respectiv respective e IP addresses addresses to the the machine machine as shown shown in the diagram diagram 2. Give the respec respective tive Host names with domain. domain. 3. Ping Ping the the mach machin ines es to check check the the conne connect ctiv ivit ity. y. One shou should ld be able able to ping ping and and telnet all the machines in network /etc/resolv.conf and /etc/hosts. 4. Check the availability of files /etc/host.conf, /etc/resolv.conf 5. Check for the availability of “named” service. This does Name Serving service. It is included from Bind package and is present in /usr/sbin/named.
Initially the system is in the default state (Not configured). Experiment 1:
To understand working of “Wireshark”. It will be kept active to understand the protocol working and its packet details. details. Answer following questions:
1. What all devices you can capture using Wireshark? 2. What is to be done in case we need to capture all the traffic on the network i.e. to check the packets that are even routed through the machine? 3. Attach screen shots explaining the layout of Wireshark screen. This should explain all the sections of the information displayed. Also show how to check the packet formats. You may attach 2-3 screen shots explaining all the details. 4. How the statistics of the packets types are achieved? 5. One should try filtering the packets of the required type. At least write the process for doing so. Experiment 2:
To create DNS Servers and make the complete setup working. For the task to be completed, we need to perform following steps:
Master Server & Slave Configuration 1.
Study /etc/host.conf file. This is to check the order of files to be checked for DNS entries.
2.
Make the entries in /etc/resolv.conf file. search daiict.ac.in. nameserver 127.0.0.1
3.
Make entries in /etc/named.conf file. zone "daiict.ac.in." IN { type master; file "daiict.zone"; notify yes; };
zone "0.168.192.in-addr.arpa" IN { type master; file "daiict.rev"; notify yes; }; 4.
Study /var/named/chroot/var/named/named.localhost file.
5.
Study /var/named/chroot/var/named/named.loopback file. Both the files are the zone files for localhost and simillar files are to be created for actual domain and subdomain zones.
6. Create “daiict.zone” and “daiict.rev” files at /var/named/chroot/var/named location. 7. Make entries for IP to name mapping in daiict.zone file. $TTL 86400 @ IN SOA ns1.daiict.ac.in. root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns1.daiict.ac.in. ns1 IN A 192.168.0.1 pc1 IN A 192.168.0.2 pc2 IN A 192.168.0.3 8.
Make entries for name to IP mapping in “daiict.rev” file. $TTL 86400 @ IN SOA ns1.daiict.ac.in. root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns1.daiict.ac.in. 1 IN PTR ns1.daiict.ac.in. 2 IN PTR pc1.daiict.ac.in. 3 IN PTR pc2.daiict.ac.in.
9. Restart named. (restart service named) 10.
Observe the /var/log/messages file and see if there is any error messages or not
11.
Configure pc1 and pc2 as follows. In /etc/resolv.conf, make same entry as shown in point 2 above, but set nameserver as 192.168.0.1 (i.e. ns1).
Run nslookup and see the answers by giving the machine name and IP addressing. You may also use dig or host. Check forward and reverse lookups both.
12.
13.Notice the working of DNS with the check of all the protocols used in “Wireshark”. Also check for the packet formats used. Answer the following questions: 1. Locate the DNS query and response messages. Are then sent over UDP or TCP? 2. What is the destination port for the DNS query message? What is the source port of DNS response message? 3. To what IP address is the DNS query message sent? Use ifconfig to determine the IP address of your local DNS server. Are these two IP addresses the same? 4. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? Provide a screenshot. 5. Perform the query on DNS server itself and check whether any messages are captured? 6. Find out the time delay between the query and the response received. 7. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message? Experiment 3:
To configure Iterative and recursive forwarding. 1. Set IP addresses as follows : gcet.ac.in domain : ns1 - 192.168.2.1 (name server) , pc1 - 192.168.2.2, pc2 192.168.2.3 (clients) daiict.ac.in domain : ns1 - 192.168.1.1 (name server), pc1 - 192.168.1.2, pc2 192.168.1.3 (clients) ns.ac.in. : ns - 192.168.3.1 (name server)
2. Configure name servers and clients of gcet and daiict domains as explained above in Experiment 2. 3. In addition make following entries in name servers of daiict and gcet domain. In /etc/named.conf, add following line in 'options' block. forwarders {192.168.3.1;} (i.e. name server of ac.in) 4. Configuring nameserver ns. Configure /etc/resolv.conf file. Make following entries in /etc/named.conf. zone "ac.in." IN { type master; file "ac.zone"; notify yes; }; zone "168.192.in-addr.arpa" IN { type master; file "ac.rev";
notify yes; }; Make following entries in ac.zone file. $TTL 86400 @ IN SOA ns.ac.in. root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.ac.in. gcet.ac.in. IN NS ns1.gcet.ac.in. daiict.ac.in. IN NS ns1.daiict.ac.in. ns1.gcet.ac.in. IN A 192.168.2.1 ns1.daiict.ac.in. IN A 192.168.1.1 ns IN A 192.168.3.1 Make following entires in ac.rev file. $TTL 86400 @ IN SOA ns.ac.in root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.ac.in. 1 IN NS ns1.daiict.ac.in. 2 IN NS ns1.gcet.ac.in. 1.3 IN PTR ns.ac.in. 1.1 IN PTR ns1.daiict.ac.in. 1.2 IN PTR ns1.gcet.ac.in. 5. Restart 'named' in ns. 6. From pc1.daiict.ac.in try "host pc1.gcet.ac.in". See If the result is IP address of pc1.gcet.ac.in. Same can be done for any machine from any other machine. Also check reverse lookup. 7. To enable recursive forwarding, make following entry in 'options' block of /etc/named.conf file on name server. allow-recursion {;}; To disable recursive forwarding, comment the above option.
Answer the following questions: 1. Locate the DNS query and response messages. Are then sent over UDP or TCP? 2. What is the destination port for the DNS query message? What is the source port of DNS response message? 3. To what IP address is the DNS query message sent? Use ifconfig to determine the IP address of your local DNS server. Are these two IP addresses the same? 4. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? Provide a screen shot. 5. Examine the complete flow of DNS response and note the delays in the timings of the response. 6. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers” ? 7. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? References:
1. TCP/IP Network Administration (Pg. 57 to 59, Ch 8 202 onwards) 2. Man pages for commands 'ifconfig','route' etc. 3. /HOWTO/DNS-HOWTO.html 4.