Reflection: My DNS knowledge always seemed fuzzy when setting it up in Microsoft. After setting it up in linux I have a much clearer view of how it all works. Even though it does take a little more effort ounce you do it a couple of times it makes much more since. We relied to heavily on webmin and it hurt us in the end. But it did give us a starting point in configuring our DNS. Webmin is a useful tool that still can be applied to much of the configuration. Procedure: 1-Install webmin – We did a wget of the rpm package webmin-1.441-1.noarch.rpm – rpm –I webmin-1.441-1.noarch.rpm to install the package ○ after installation webmin was enabled by default with ssl and set to port 10,000 2-Configure Win2k3 as a Domain controller – start, run, dcpromo – On the domain controller page select domain controller for an existing domain. Type in the full dns name for the domain. Group3.com. – Verify the file locations are acceptable and proceed to the DNS Registration Diagnostics. Click next. – Click next to accept the default permission option on the permission page. – Put in the administrator password on the next menu to complete the installation of active directory. You should see the message come up on the next screen “This server is Now a domain controller” – restart the PC 3-Install DNS on the Fedora machine as a master server – after switching the server to use an external address we then used yum install bind – after bind was installed and started with /etc/init.d/named start – now we need to create the zones for the DNS – Created the forward lookup zone in /var/named/group3.com.hosts file – group3.com. IN SOA group3-Fedora10. fake.fake.com. ( 1232999249 10800 3600 604800 38400 )group3.com. IN NS group3-Fedora10.Win2k3.group3.com. IN A 10.10.3.150Ubuntu.group3.com. IN A 10.10.3.200WinXP.group3.com. IN A 10.10.3.10Kubuntu.group3.com. IN A 10.10.3.11Fedora10.group3.com. IN A 10.10.3.100www.group3.com. IN A 10.10.3.200mail.group3.com. IN MX 1 10.10.3.100
○
The beginning of the file states the FQDomain Name, the start of authority, and then the name server’s hostname that will be used and then followed by the email address for administration contact.
○
Second line is used for serial number
○
refresh interval
○
retry interval
○
expiration interval
○
min TTL
○
Then we specified the NS recorder
○
followed by our host A records
○
After creating the file we restartded the named service /etc/init.d/named restart
–
when then checked the /etc/resolv.conf file
–
Now we created the reverse lookup zone under /var/named/0.3.10.10.inaddr.arpa ○ this file must be in this format or it will not work ○ it does not matter what the forward lookup zone is named
–
$ttl 38400 3.10.10.in-addr.arpa. IN 1233008038 10800 3600 604800 38400 ) 3.10.10.in-addr.arpa. IN 150.3.10.10.in-addr.arpa. 100.3.10.10.in-addr.arpa. 200.3.10.10.in-addr.arpa. 10.3.10.10.in-addr.arpa. 11.3.10.10.in-addr.arpa.
– – – – – – – – – – – – – –
SOA
group3-Fedora10. fake.fake.com. (
NS IN IN IN IN IN
group3-Fedora10. PTR Win2k3.group3.com. PTR Fedora10.group3.com. PTR Ubuntu.group3.com. PTR WinXP.group3.com. PTR Kubuntu.group3.com.
○ setup is very similar to the forward lookup zone After the reverse zone is created we then needed to edit the /etc/named.conf main configuration file options { listen-on port 53 { 10.10.3.100; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-update{10.10.3.0/24;
– – – – – –
}; allow-query {10.10.3.0/24;}; recursion yes; forwarders {10.10.254.200;}; forward first;}; logging {channel default_debug { file "data/named.run"; severity dynamic;};}; zone "." IN { type hint; file "named.ca";}; include "/etc/named.rfc1912.zones"; zone "group3.com" { type master; file "/var/named/group3.com.hosts"; }; zone "3.10.10.in-addr.arpa" { type master; file "/var/named/0.3.10.10.inaddr.arpa"; };
–
This file needed to be edited in a few places the listen-on port needs to have the file the allow update area needs changed to your network options set recursion to yes need to add the forward and reverse lookup zone files names now that it is saved restart the named service with /etc/init.d/named restart
–
need to change the /etc/resolv.conf file to support the new DNS server
–
Now that the fedora machine is setup as the master DNS server we setup our win2k3 server as the read-only secondary DNS server ○ to add the DNS role to the server we had to add it from the control panel ○ After launching the setup for the DNS server we configured it through the computer administration tools ○ We used the wizard and set the forwarder to 10.10.3.100 (our fedora box) ○ Now we needed to setup our trusted zone transfer we right clicked our group3.com forward lookup zone • forwarder tab ○ added 10.10.3.100 to the forwarder ip list ○ added 10.10.254.100 to the forwarder ip list
○