Вы находитесь на странице: 1из 76

ApA

Hacer para Aprender

DHCP & DNS


Laboratorio de Redes y Comunicaciones

Profesor: Ing. Abel Crespo

Agenda
Introduccin a DHCP
PDU DHCP

Un servidor DHCP en un segmento de red


Configuracin de clientes dinmicos

Configuracin de clientes fijos


Opciones de configuracin

DHCP RELAY
Ejemplo con dos subredes

DHCP Failover
Configuracin en dos subredes Configuracin de NTP (Network Time Protocol)

INTRODUCCION A DHCP

15
HARDWARE TYPE HARDWARE LENGTH HOP COUNT

31

OPERATION CODE

TRANSACTION ID SECONDS ELAPSED MUST BE ZERO (MBZ) CLIENT IP ADDRESS

YOU IP ADDRESS
SERVER IP ADDRESS

CLIENT HARDWARE ADDRESS (64 BYTES)

BOOT FILE NAME (128 BYTES)

OPTIONS (UP TO 312 BYTES)

DHCP - Servicio Bsico

192.168.1.1/24 eth1

192.168.1.2/24 eth0

SW

DHCP SERVER

eth0 DHCP CLIENT

PC1

DHCP_SERVER
# dhcpd.conf # Configuration file for ISC dhcpd (see 'man dhcpd.conf') ddns-update-style interim; # Required for dhcp 3.0+ ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.128 192.168.1.254; # Range of IP addresses to be issued to DHCP clients option subnet-mask 255.255.255.0; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.255; # Default broadcast address to be used by DHCP clients option routers 192.168.1.1; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients option netbios-name-servers 192.168.1.100; # Specify a WINS server for MS/Windows clients. # (Optional. Specify if used on your network) # DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured. # option ipforwarding off; default-lease-time 21600; # Amount of time in seconds that a client may keep the IP max-lease-time 43200; option time-offset -18000; # Eastern Standard Time # option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients # option netbios-name-servers 192.168.1.1; # --- Selects point-to-point node (default is hybrid). # Don't change this unless you understand Netbios very # option netbios-node-type 2; # We want the nameserver "ns2" to appear at a fixed address. # Name server with this specified MAC address will recieve this IP. host ns2 { next-server ns2.your-domain.com; hardware ethernet 00:02:c3:d0:e5:83; fixed-address 40.175.42.254; } # Laser printer obtains IP address via DHCP. This assures that the # printer with this MAC address will get this IP address every time. host laser-printer-lex1 { hardware ethernet 08:00:2b:4c:a3:82; fixed-address 192.168.1.120; } }

DHCP SERVER
root@DHCP_SERVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ WARNING: Host declarations are global. They are not limited to the scope you declared them in. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 0 leases to leases file. Listening on LPF/eth0/7a:71:c6:80:89:66/192.168.1/24 Sending on LPF/eth0/7a:71:c6:80:89:66/192.168.1/24 Sending on Socket/fallback/fallback-net root@DHCP_SERVER:~# netstat -uta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address tcp 0 0 *:time *:* tcp 0 0 *:auth *:* tcp 0 0 *:ssh *:* tcp 0 0 *:telnet *:* tcp6 0 0 [::]:ssh [::]:* udp 0 0 *:biff *:* udp 0 0 *:time *:* udp 0 0 *:bootps *:* root@DHCP_SERVER:~#

State LISTEN LISTEN LISTEN LISTEN LISTEN

PC1
root@PC1:~# tcpdump -w dhcp.cap -s0 port 67 or port 68 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 4 packets captured 4 packets received by filter 0 packets dropped by kernel root@PC1:~#

PC1
root@PC1:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth0/22:6b:a7:cb:6d:72 Sending on LPF/eth0/22:6b:a7:cb:6d:72 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 DHCPOFFER from 192.168.1.2 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.2 bound to 192.168.1.128 -- renewal in 10208 seconds.
root@PC1:~#

DHCP_SERVER
root@DHCP_SERVER /var/state/dhcp~# ls
dhclient.leases dhcpd.leases dhcpd.leases~ root@DHCP_SERVER /var/state/dhcp~# nano dhcpd.leases # The format of this file is documented in the dhcpd.leases(5) manual page. # This lease file was written by isc-dhcp-V3.1.2p1 lease 192.168.1.128 { starts 2 2010/08/31 02:51:35; ends 2 2010/08/31 08:51:35; cltt 2 2010/08/31 02:51:35; binding state active; next binding state free; hardware ethernet 22:6b:a7:cb:6d:72; } root@DHCP_SERVER /var/state/dhcp~#

PC1

192.168.1.1/24

eth1

192.168.1.2/24 eth0

SW

DHCP SERVER

eth0

DHCP CLIENT PC1

No. 1

Time 0.000000

Source 0.0.0.0

Destination 255.255.255.255

Protocol DHCP

Info DHCP Discover Transaction ID 0x4a402d53

Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0... .... .... .... = Broadcast flag: Unicast .000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Discover Option: (53) DHCP Message Type Length: 1 Value: 01 Option: (t=55,l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 011C02030F060C 1 = Subnet Mask 28 = Broadcast Address 2 = Time Offset 3 = Router 15 = Domain Name 6 = Domain Name Server 12 = Host Name End Option Padding

No. 2

Time 0.795182

Source 192.168.1.2

Destination 192.168.1.128

Protocol Info DHCP DHCP Offer - Transaction ID 0x4a402d53


Option: (t=2,l=4) Time Offset = -5 hours Option: (2) Time Offset Length: 4 Value: FFFFB9B0 Option: (t=3,l=4) Router = 192.168.1.1 Option: (3) Router Length: 4 Value: C0A80101 Option: (t=15,l=15) Domain Name = "your-domain.org" Option: (15) Domain Name Length: 15 Value: 796F75722D646F6D61696E2E6F7267 Option: (t=6,l=8) Domain Name Server Option: (6) Domain Name Server Length: 8 Value: 28AF2AFE28AF2AFD IP Address: 40.175.42.254 IP Address: 40.175.42.253 End Option

Bootstrap Protocol Message type: Boot Reply (2) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 192.168.1.128 (192.168.1.128) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Offer Option: (53) DHCP Message Type Length: 1 Value: 02 Option: (t=54,l=4) DHCP Server Identifier = 192.168.1.2 Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=51,l=4) IP Address Lease Time = 6 hours Option: (51) IP Address Lease Time Length: 4 Value: 00005460 Option: (t=1,l=4) Subnet Mask = 255.255.255.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00 Option: (t=28,l=4) Broadcast Address = 192.168.1.255 Option: (28) Broadcast Address Length: 4 Value: C0A801FF

No. 3

Time 0.796066

Source 0.0.0.0

Destination 255.255.255.255

Protocol DHCP

Info DHCP Request

- Transaction ID 0x4a402d53

Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0... .... .... .... = Broadcast flag: Unicast .000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Request Option: (53) DHCP Message Type Length: 1 Value: 03 Option: (t=54,l=4) DHCP Server Identifier = 192.168.1.2 Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=50,l=4) Requested IP Address = 192.168.1.128 Option: (50) Requested IP Address Length: 4 Value: C0A80180

Option: (t=55,l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 011C02030F060C 1 = Subnet Mask 28 = Broadcast Address 2 = Time Offset 3 = Router 15 = Domain Name 6 = Domain Name Server 12 = Host Name End Option Padding

No. 4

Time 0.838925

Source 192.168.1.2

Destination 192.168.1.128

Protocol DHCP

Info DHCP ACK - Transaction ID 0x4a402d53

Bootstrap Protocol Message type: Boot Reply (2) Option: (t=28,l=4) Broadcast Address = 192.168.1.255 Hardware type: Ethernet Option: (28) Broadcast Address Hardware address length: 6 Length: 4 Hops: 0 Value: C0A801FF Transaction ID: 0x4a402d53 Option: (t=2,l=4) Time Offset = -5 hours Seconds elapsed: 0 Option: (2) Time Offset Bootp flags: 0x0000 (Unicast) Length: 4 0... .... .... .... = Broadcast flag: Unicast Value: FFFFB9B0 .000 0000 0000 0000 = Reserved flags: 0x0000 Option: (t=3,l=4) Router = 192.168.1.1 Client IP address: 0.0.0.0 (0.0.0.0) Option: (3) Router Your (client) IP address: 192.168.1.128 (192.168.1.128) Length: 4 Next server IP address: 0.0.0.0 (0.0.0.0) Value: C0A80101 Relay agent IP address: 0.0.0.0 (0.0.0.0) Option: (t=15,l=15) Domain Name = "your-domain.org" Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Option: (15) Domain Name Client hardware address padding: 00000000000000000000 Length: 15 Server host name not given Value: 796F75722D646F6D61696E2E6F7267 Boot file name not given Option: (t=6,l=8) Domain Name Server Magic cookie: (OK) Option: (6) Domain Name Server Option: (t=53,l=1) DHCP Message Type = DHCP ACK Length: 8 Option: (53) DHCP Message Type Value: 28AF2AFE28AF2AFD Length: 1 IP Address: 40.175.42.254 Value: 05 IP Address: 40.175.42.253 Option: (t=54,l=4) DHCP Server Identifier = 192.168.1.2 End Option Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=51,l=4) IP Address Lease Time = 6 hours Option: (51) IP Address Lease Time Length: 4 Value: 00005460 Option: (t=1,l=4) Subnet Mask = 255.255.255.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00

DHCRELAY ENTRE 2 SUBREDES

eth0 02:00:00:11:11:11

SW2
192.168.1.129/25 eth1 192.168.1.1/25 eth0

PRINTER

192.168.1.2/24 eth0

SW1

DHCP SERVER

eth0

DHCP CLIENT PC1

DHCP SERVER
ddns-update-style interim; ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.128 { range 192.168.1.3 192.168.1.20; option subnet-mask option broadcast-address option routers option domain-name option domain-name-servers option netbios-name-servers default-lease-time 21600; max-lease-time 43200; option time-offset # Required for dhcp 3.0+ / Red Hat 8.0+

# Range of IP addresses to be issued to DHCP clients 255.255.255.128; # Default subnet mask to be used by DHCP clients 192.168.1.127; # Default broadcast address to be used by DHCP clients 192.168.1.1; # Default gateway to be used by DHCP clients "your-domain.org"; 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients 192.168.1.100; # Specify a WINS server for MS/Windows clients. # (Optional. Specify if used on your network) # Amount of time in seconds that a client # may keep the IP address

-18000; # Eastern Standard Time } subnet 192.168.1.128 netmask 255.255.255.128 { range 192.168.1.130 192.168.1.140; option subnet-mask 255.255.255.128; option broadcast-address 192.168.1.255; option routers 192.168.1.129; option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # option netbios-name-servers 192.168.1.254; default-lease-time 21600; max-lease-time 43200; option time-offset -18000; host printer { hardware ethernet 02:00:00:11:11:11; fixed-address 192.168.1.150; } }

R
root@R:~# dhcrelay 192.168.1.2 Internet Systems Consortium DHCP Relay Agent V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth1/3a:97:4c:da:17:32 Sending on LPF/eth1/3a:97:4c:da:17:32 Listening on LPF/eth0/fa:ae:81:8f:d6:42 Sending on LPF/eth0/fa:ae:81:8f:d6:42 Sending on Socket/fallback root@R:~# ps -aux | grep dhcrelay Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 1401 0.0 1.1 2004 316 ? Ss 03:12 0:00 dhcrelay 192.168.1.2 root 1403 0.0 2.2 2260 620 tty2 S+ 03:12 0:00 grep dhcrelay root@R:~#

1 4 5 8

SW R SW

eth0

2 3 6 7

DHCP FAILOVER

eth0 02:00:00:11:11:11

SW2
192.168.1.129/25 eth1 192.168.1.1/25 eth0

PC2
eth0 192.168.1.130/25

SW1
eth0 192.168.1.2/25

DHCP FAILOVER DHCP SERVER


eth0

DHCP CLIENT PC1

DHCP_SERVER
#dhcpd.conf # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # authoritative; ddns-update-style interim; failover peer "dhcp-failover" { primary; address 192.168.1.2; port 647; peer address 192.168.1.130; peer port 647; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; mclt 1800; split 128; } subnet 192.168.1.0 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; range 192.168.1.3 192.168.1.5; # Range of IPaddresses to be issued to DHCP clients option subnet-mask 255.255.255.128; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.127; # Default broadcastaddress to be used by DHCP clients option routers 192.168.1.1; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # Default NTP server to be used by DHCP clients } } CONTINA >>>>>>

DHCP_SERVER
subnet 192.168.1.128 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; max-lease-time 1800; range 192.168.1.131 192.168.1.133; option subnet-mask 255.255.255.128; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.255; # Default broadcastaddress to be used by DHCP clients option routers 192.168.1.129; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # Default NTP server to be used by DHCP clients } } }

DHCP_SERVER
# # # # # # # # Sample /etc/ntp.conf: Configuration file for ntpd. Undisciplined Local Clock. This is a fake driver intended for backup and when no outside source of synchronized time is available. The default stratum is usually 3, but in this case we elect to use stratum 0. Since the server line does not have the prefer keyword, this driver is never used for synchronization, unless no other other synchronization source is available. In case the local host is controlled by some external source, such as an external oscillator or another protocol, the prefer keyword would cause the local host to disregard all other synchronization sources, unless the kernel modifications are in use and declare an unsynchronized condition.

server 127.127.1.0 # local clock #fudge 127.127.1.0 stratum 10 #server pool.ntp.org # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be # used for making requests. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # Don't serve time or stats to anyone else by default (more secure) restrict default noquery nomodify # Trust ourselves. :-)

DHCP_SERVER
root@DHCP_SERVER:~# /etc/rc.d/rc.ntpd start Starting NTP daemon: /usr/sbin/ntpd g root@DHCP_SERVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Wrote 0 leases to leases file. Listening on LPF/eth0/8e:2c:61:3d:2a:e8/192.168.1.0/25 Sending on LPF/eth0/8e:2c:61:3d:2a:e8/192.168.1.0/25 Sending on Socket/fallback/fallback-net failover peer dhcp-failover: I move from recover to startup root@DHCP_SERVER:~#

DHCP_FAILOVER
# # # # # # # # Sample /etc/ntp.conf: Configuration file for ntpd. Undisciplined Local Clock. This is a fake driver intended for backup and when no outside source of synchronized time is available. The default stratum is usually 3, but in this case we elect to use stratum 0. Since the server line does not have the prefer keyword, this driver is never used for synchronization, unless no other other synchronization source is available. In case the local host is controlled by some external source, such as an external oscillator or another protocol, the prefer keyword would cause the local host to disregard all other synchronization sources, unless the kernel modifications are in use and declare an unsynchronized condition.

server 192.168.1.2 # local clock fudge 127.127.1.0 stratum 10 #server pool.ntp.org # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be # used for making requests. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # Don't serve time or stats to anyone else by default (more secure) restrict default noquery nomodify # Trust ourselves. :-)

DHCP_FAILOVER
#dhcpd.conf CONTINA # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # authoritative; ddns-update-style interim; failover peer "dhcp-failover" { secondary; address 192.168.1.130; port 647; peer address 192.168.1.2; peer port 647; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; } subnet 192.168.1.0 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; range 192.168.1.3 192.168.1.5; option subnet-mask 255.255.255.128; option broadcast-address 192.168.1.127; option routers 192.168.1.1; option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; default-lease-time 21600; max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # } }

>>>>>>

DHCP_FAILOVER
subnet 192.168.1.128 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; max-lease-time 1800; range 192.168.1.131 192.168.1.133; option subnet-mask 255.255.255.128; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.255; # Default broadcastaddress to be used by DHCP clients option routers 192.168.1.129; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # Default NTP server to be used by DHCP clients } } }

DHCP_FAILOVER
root@FAILOVER:~# /etc/rc.d/rc.ntpd start Starting NTP daemon: /usr/sbin/ntpd g root@FAILOVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Wrote 3 leases to leases file. Listening on LPF/eth0/02:97:ce:7c:8a:a9/192.168.1.128/25 Sending on LPF/eth0/02:97:ce:7c:8a:a9/192.168.1.128/25 Sending on Socket/fallback/fallback-net failover peer dhcp-failover: I move from normal to startup root@FAILOVER:~# ntpdate -u 192.168.1.2 14 Sep 21:22:16 ntpdate[1549]: adjust time server 192.168.1.2 offset -0.000304 sec root@FAILOVER:~#

ROUTER
root@R:~# dhcrelay 192.168.1.2 192.168.1.130 Internet Systems Consortium DHCP Relay Agent V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth1/3a:97:4c:da:17:32 Sending on LPF/eth1/3a:97:4c:da:17:32 Listening on LPF/eth0/fa:ae:81:8f:d6:42 Sending on LPF/eth0/fa:ae:81:8f:d6:42 Sending on Socket/fallback root@R:~#

PC1
root@PC1:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/5e:dc:d1:06:fc:d4 Sending on LPF/eth0/5e:dc:d1:06:fc:d4 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 DHCPOFFER from 192.168.1.1 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.3 -- renewal in 712 seconds. root@PC1:~#

eth0 R & FAILOVER

SW2

192.168.1.129/25 eth1

PC2
192.168.1.130/25

eth0 192.168.1.1/25

SW1
FAILOVER
192.168.1.2/25

PC1 DHCP SERVER

PC1

HpA
Hacer para Aprender

DNS
Laboratorio de Redes y Comunicaciones

Profesor: Ing. Abel Crespo

AGENDA
Introduccin a DNS

Topologa de Experimentacin
Construccin de la topologa Configuracin de Routers

BIND
Archivos de configuracin Dominios, Zonas Creacin de zonas Delegacin de Dominios Consultas: Iterativas, Recursivas Resolucin Inversa

INTRODUCCIN
DNS es un sistema jerrquico con estructura de rbol. La raz del rbol es root y se escribe como .

Bajo la raz se hallan los dominios de ms alto nivel (TLD, del ingls, Top Level Domain), cuyos ejemplos ms representativos son org, com, edu, net y mil, si bien existen muchos ms.

root

(.)

TLDs

ar

net

com

edu

edu

unlpam

fchst

ing

vet

Zona (.) Zona AR


<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3> <AR> <COM> <EDU> <ADDRESS NS> <ADDRESS NS> <ADDRESS NS>

DELEGACIN ZONES TLD


DELEGACIN ZONE EDU.AR

Zona EDU.AR
<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3>

COM EDU MIL

NET ORG GOV

DELEGACIN ZONE UNLPAM.EDU.AR

Zona UNLPAM.EDU.AR
<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1>

<ADDRESS 2> <ADDRESS 3>

DELEGACIN ZONE ING. UNLPAM.EDU.AR

Zona ING.UNLPAM.EDU.AR
<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <NOMBRE N> <ADDRESS 1>

<ADDRESS 2> <ADDRESS 3>


<ADDRESS N>

RECURSIVO
2Q 3R www.uba.edu.ar ? 1Q 4Q

NO RECURSIVO

root (.)

Resolver
10 A

ns.gov.ar

5R

ar

6Q 7R

edu.ar

9A

8Q

uba.edu.ar
Q R A QUERY REFERRAL ANSWER PETICIN REFERENCIA RESPUESTA

root@ns:~# cat named.conf

options {
directory "/var/named"; version "no disponible"; allow-query { any; }; allow-recursion { any; };
}; zone "." IN { type hint; file "named.ca; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; };

Bajo la sentencia options se declara un conjunto de opciones globales. Sin embargo ellas pueden ser sobrescritas por nuevas en la seccin de declaracin de zonas.

La sentencia zone especifica las zonas de resolucin directa y/o resolucin inversa. La ubicacin de los archivos de zona son relativos al path especificado en directory

root@dns:/var/named# cat org.zone $TTL ; @ 825225 IN SOA org. posmaster.org. 2010101801 10800 900 604800 86400 (

) ; dns.org. pc1.org. IN IN IN NS A A dns.org. 10.3.0.2 10.3.0.3

root@dns:/var/named#

TOPOLOGA LGICA PARA EXPERIMENTACIN

root
( )

ar org

arpa

edu

in-addr

TOPOLOGA DE EXPERIMENTACIN

SW3
10.4.0.1/16

SW4
eth3
10.2.0.1/16

eth2
10.4.0.2/16 10.2.0.1/16

dns.in-addr.arpa
10.2.0.2/16

eth1

RA

SW2
10.3.0.1/16

10.1.0.1/16

eth0

eth2
192.168.1.1/24

SW1
dns.arpa
10.2.0.2/16

eth1

RB

eth0

SW6
192.168.1.2/24

SW5
10.1.0.2/16

(.)
eth1
192.168.2.1/24 10.3.0.3/16

RC
192.168.2.2/24

eth0

pc1.org

10.3.0.2/16

dns_org.org

SW7

eth1
172.16.0.1/16

eth0

RD
192.168.2.3/24

192.168.2.4/24

SW8
dns.ar
172.16.0.3/16

pc1.ar

pc1.edu.ar
172.16.0.2/16

dns.edu.ar

CONFIGURACIN DE RUTAS

SW3
10.4.0.1/16

SW4
eth3
10.2.0.1/16

eth2
10.4.0.2/16 10.5.0.1/16

dns.in-addr.arpa
10.5.0.2/16

eth1

RA

SW2
10.3.0.1/16

10.1.0.1/16

eth0

eth2
192.168.1.1/24

SW1
dns.arpa
10.2.0.2/16

eth1

RB

eth0

SW6
192.168.1.2/24

SW5
10.1.0.2/16

(.)
eth1
192.168.2.1/24 10.3.0.3/16

RC
192.168.2.2/24

eth0

pc1.org

10.3.0.2/16

dns_org.org

RA

SW7

eth1
172.16.0.1/16

eth0

RE
192.168.2.3/24

SW8
dns.ar
172.16.0.3/16

pc1.edu.ar
172.16.0.2/16

#!/bin/sh # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ip link set eth0 up ip addr add 192.168.2.4/24 10.1.0.1/16 brd 255.255.0.0 dev eth0 ip link pc1.ar set eth1 up ip addr add 10.5.0.1/16 brd 255.255.0.0 dev eth1 ip link set eth2 up ip addr add 10.4.0.1/16 brd 255.255.0.0 dev eth2 ip link set eth3 up ip addr add 10.2.0.1/16 brd 255.255.0.0 dev eth ip route add default via 10.5.0.2 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward

dns.edu.ar

SW3
10.4.0.1/16

SW4
eth3
10.2.0.1/16

eth2
10.4.0.2/16 10.5.0.1/16

dns.in-addr.arpa
10.5.0.2/16

eth1

RA

SW2
10.3.0.1/16

10.1.0.1/16

eth0

eth2
192.168.1.1/24

SW1
dns.arpa
10.2.0.2/16

eth1

RB

eth0

SW6
192.168.1.2/24

SW5
10.1.0.2/16

(.)
eth1
192.168.2.1/24 10.3.0.3/16

RC
192.168.2.2/24

eth0

pc1.org

10.3.0.2/16

dns_org.org

RB

SW7

eth1
172.16.0.1/16

eth0

RE
192.168.2.3/24

SW8
dns.ar
172.16.0.3/16

pc1.edu.ar
172.16.0.2/16

dns.edu.ar

#!/bin/sh # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ip link set eth0 up ip addr add 192.168.2.4/24 10.3.0.1/16 brd 255.255.0.0 dev eth0 ip link pc1.ar set eth1 up ip addr add 192.168.1.1/24 brd 255.255.255.0 dev eth1 ip link set eth2 up ip addr add 10.5.0.2/16 brd 255.255.0.0 dev eth2 ip route add 10.1.0.0/16 via 10.5.0.1 dev eth2 ip route add 10.2.0.0/16 via 10.5.0.1 dev eth2 ip route add 10.4.0.0/16 via 10.5.0.1 dev eth2 ip route add default via 192.168.1.2 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward

SW3
10.4.0.1/16

SW4
eth3
10.2.0.1/16

eth2
10.4.0.2/16 10.5.0.1/16

dns.in-addr.arpa
10.5.0.2/16

eth1

RA

SW2
10.3.0.1/16

10.1.0.1/16

eth0

eth2
192.168.1.1/24

SW1
dns.arpa
10.2.0.2/16

eth1

RB

eth0

SW6
192.168.1.2/24

SW5
10.1.0.2/16

(.)
eth1
192.168.2.1/24 10.3.0.3/16

RC
192.168.2.2/24

eth0

pc1.org

10.3.0.2/16

dns_org.org

RC

SW7

eth1
172.16.0.1/16

eth0

RE
192.168.2.3/24

SW8
dns.ar
172.16.0.3/16

#!/bin/sh # # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 192.168.2.4/24 eth0 up ip link set pc1.ar add 192.168.2.1/24 brd 255.255.255.0 dev eth0 ip addr ip link set eth1 up ip addr add 192.168.1.2/24 brd 255.255.255.0 dev eth1 ip route add 172.16.0.0/16 via 192.168.2.2 dev eth0 ip route add default via 192.168.1.1 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward

pc1.edu.ar
172.16.0.2/16

dns.edu.ar

SW3
10.4.0.1/16

SW4
eth3
10.2.0.1/16

eth2
10.4.0.2/16 10.5.0.1/16

dns.in-addr.arpa
10.5.0.2/16

eth1

RA

SW2
10.3.0.1/16

10.1.0.1/16

eth0

eth2
192.168.1.1/24

SW1
dns.arpa
10.2.0.2/16

eth1

RB

eth0

SW6
192.168.1.2/24

SW5
10.1.0.2/16

(.)
eth1
192.168.2.1/24 10.3.0.3/16

RC
192.168.2.2/24

eth0

pc1.org

10.3.0.2/16

dns_org.org

RE

SW7

eth1
172.16.0.1/16

eth0

RE
192.168.2.3/24

SW8
dns.ar
172.16.0.3/16

#!/bin/sh # # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 192.168.2.4/24 eth0 up ip link set pc1.ar add 172.16.0.1/16 brd 255.255.0.0 dev eth0 ip addr ip link set eth1 up ip addr add 192.168.2.2/24 brd 255.255.255.0 dev eth1 ip route add default via 192.168.2.1 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward

pc1.edu.ar
172.16.0.2/16

dns.edu.ar

CONFIG. DEL SERVIDOR RAZ

RAIZ
// named.conf in /etc/named.conf options { directory "/var/named"; allow-transfer { none; }; recursion no; allow-query { any; }; }; zone "." IN { type master; file "raiz.zone"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; };

RAIZ
; /var/named/raiz.zone $TTL 86400 ; Entrada para el registro SOA (Start of Authority) . IN SOA raiz. postmaster.raiz. ( 2010091801 10800 3600 604800 86400 ) ; IN NS raiz. raiz. IN A 10.1.0.2 ; ar. IN NS dns.ar. dns.ar. IN A 192.168.2.3 ; org. IN NS dns.org. dns.org. IN A 10.3.0.2 ; arpa. IN NS dns.arpa. dns.arpa. IN A 10.1.0.3

Definicin del servidor autorizado en la zona raz

Delegacin de TLDs

CONFIG. DEL SERVIDOR ORG

Configuracin de parmetros de red en el servidor dns_org en /etc/rc.d/rc.local

DNS_ORG
#!/bin/sh # # /etc/rc.d/rc.local: Local system initialization script. # # Put any local startup commands in here. Also, if you have # anything that needs to be run at shutdown time you can # make an /etc/rc.d/rc.local_shutdown script and put those # commands in there. ip link set eth0 up ip addr add 10.3.0.2/16 brd 255.255.0.0 dev eth0 ip route add default via 10.3.0.1 dev eth0

DNS_ORG
options { directory "/var/named"; version "no disponible"; allow-query { any; }; allow-recursion { any; }; }; zone "." IN { type hint; file "named.ca; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "org" IN { type master; file "org.zone"; allow-update { none; }; }; zone "3.10.in-addr.arpa" IN { type master; file "3.10.in-addr.arpa.zone"; allow-update { none; }; };

Definicin de la zona org y la especificacin del archivo de zona Definicin de la zona de resolucin inversa y la especificacin del archivo de zona

Definicin del servidor autorizado en la zona org y nombres de dominio que la zona resuelve

DNS_ORG
root@dns:/var/named# ls 3.10.in-addr.arpa.zone caching-example/ named.ca org.zone root@dns:/var/named# cat org.zone $TTL ; @ 825225 IN SOA org. posmaster.org. 2010101801 10800 900 604800 86400 (

) ; dns.org. pc1.org. IN IN IN NS A A dns.org. 10.3.0.2 10.3.0.3

root@dns:/var/named#

Configuracin del archivo de resolucin inversa en la zona .org

DNS_ORG
root@dns:/var/named# ls 3.10.in-addr.arpa.zone $TTL @ 86400 IN SOA org. 10800 900 604800 86400 ) IN dns.org. 2.0 3.0 . raiz. IN IN IN 3600000 3600000 NS A PTR PTR IN IN dns.org. 10.3.0.2 dns.org. pc1.org. NS A raiz. 10.1.0.2 root.org. ( 2010101801 caching-example/ named.ca org.zone root@dns:/var/named# cat 3.10.in-addr.arpa.zone

Configuracin del archivo named.ca que contiene informacin para que el servidor DNS en org puede alcanzar al servidor raz (.)

root@dns:/var/named# cat named.ca

root@dns:/var/named#

CONFIG. DEL SERVIDOR AR

DNS_AR
root@dns:~# cat /etc/named.conf options { directory "/var/named"; version "get lost"; recursion yes; allow-query { any; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "ar" IN { type master; file "ar.zone"; allow-update { none; }; }; zone "2.168.192.in-addr.arpa" IN { type master; file "2.168.192.in-addr.arpa.zone"; allow-update { none; }; }; root@dns:~#

Definicin de zona .ar y datos para la zona en el archivo /var/named/ar.zone

Definicin de zona para la resolucin inversa a travs del archivo 2.168.192.in-addr.arpa

DNS_AR
root@dns:/var/named# ls
ar.zone named.ca 2.168.192.in-addr.arpa.zone caching-example/

root@dns:/var/named# cat ar.zone $TTL 86400 ; @ IN

SOA ar. 2010091806 10800 900 604800 86400

root.ar. (

Servidor autorizado en la zona ar y nombres de dominio en la misma zona

) ; dns.ar. pc1.ar. ; ;DELEGACIN EDU.AR ; edu.ar. IN dns.edu.ar. IN IN IN IN NS A A dns.ar. 192.168.2.3 192.168.2.4

Delegacin del dominio edu.ar al servidor dns.edu.ar

NS A

dns.edu.ar. 172.16.0.2

root@dns:/var/named#

DNS_AR
root@dns:/var/named# cat 2.168.192.in-addr.arpa.zone $TTL 86400 ; @ IN

SOA ar. 2010091806 10800 900 604800 86400

root.ar. (

Datos para resolucin inversa en el dominio ar

) ; IN NS dns.ar. dns.ar. IN A 192.168.2.3 ; 3 IN PTR dns.ar. 4 IN PTR pc1.ar. ; root@dns:/var/named# cat named.ca . 3600000 IN NS raiz. raiz. 3600000 IN A 10.1.0.2 root@dns:/var/named#

named.ca para alcanzar la zona raz

CONFIG. DEL SERVIDOR EDU.AR

DNS_EDU_AR
root@dns:~# cat /etc/named.conf options { directory "/var/named"; version versin desconocida"; allow-query { any; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; de resolucin file "caching-example/named.local"; Zona allow-update { none; }; inversa en edu.ar. }; zone "edu.ar" IN { type master; file "edu.ar.zone"; allow-update { none; }; }; zone "16.172.in-addr.arpa" IN { type master; file "16.172.in-addr.arpa.zone"; allow-update { none; }; }; root@dns:~#

Definicin de zona .edu.ar y datos para la zona en el archivo edu.ar.zone

DNS_EDU_AR
root@dns:~# cd /var/named root@dns:/var/named# ls 16.172.in-addr.arpa.zone caching-example/ named.ca root@dns:/var/named# cat edu.ar.zone $TTL @ 86400; IN edu.ar.zone

Archivo edu.ar.

de

zona

dns.edu.ar. pc1.edu.ar. $TTL @ 86400 IN

SOA dns.edu.ar. hostmaster.edu.ar. ( 2010091806 10800 900 604800 86400 ) IN NS dns.edu.ar. IN A 172.16.0.2 IN A 172.16.0.3

Archivo de zona para resolucin inversa en edu.ar.

root@dns:/var/named# cat 16.172.in-addr.arpa.zone SOA edu.ar. root.edu.ar. ( 2010091806 10800 900 604800 86400 IN IN IN IN NS A PTR PTR dns.edu.ar. 172.16.0.2 dns.edu.ar. pc1.edu.ar.

) dns.edu.ar. ; 2.0 3.0

root@dns:/var/named#

CONFIG. DEL SERVIDOR ARPA

DNS_ARPA
root@dns:~# cat /etc/named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "arpa" IN { Definicin type master; zona arpa. file "arpa.zone"; }; root@dns:~#

de

la

DNS_ARPA
root@dns:/var/named# cat arpa.zone $TTL 86400 ; @ IN SOA arpa. root.arpa. ( 2010091801 10800 900 604800 86400 ) ; IN NS dns.arpa. dns.arpa. IN A 10.2.0.2 ; in-addr.arpa. IN NS dns.in-addr.arpa. dns.in-addr.arpa. IN A 10.4.0.2 root@dns:/var/named#

Delegacin del subdominio in-addr en arpa.

CONFIG. DEL SERVIDOR IN-ADDR.ARPA

DNS_IN-ADDR
options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "in-addr.arpa" IN { type master; file "arpa.in-addr.zone"; };

Declaracin de la zona para delegacin de servidores de resolucin inversa

DNS_IN-ADDR
root@dns:/var/named# cat arpa.in-addr.zone $TTL 86400 ; @ IN

SOA

in-addr.arpa. 2010061801 10800 3600 604800 86400 NS A NS NS NS

root.in-addr.arpa. (

Delegacin de dominios de resolucin inversa desde in-addr.arpa.


dns.in-addr.arpa. 10.4.0.2 dns.edu.ar. dns.ar. dns.org.

) IN dns.in-addr.arpa. IN 16.172.in-addr.arpa. IN 2.168.192.in-addr.arpa. IN 3.10.in-addr.arpa. IN root@dns:/var/named#

CHEQUEAR ARCHIVOS DE CONFIGURACIN

Es muy importante utilizar los comandos de BIND para chequear tanto los archivos de zonas, as como tambin el archivo de configuracin named.conf . A continuacin se muestra la aplicacin de los comandos en IN-ADDR

DNS_IN-ADDR
root@dns:/var/named# named-checkzone in-addr.arpa /var/named/arpa.in-addr.zone zone in-addr.arpa/IN: loaded serial 2010061801 OK root@dns:/var/named# named-checkconf /etc/named.conf root@dns:/var/named#

zona archivo de zona

RESOLUCIN DIRECTA

SW3
10.4.0.1/16

SW4
eth3
10.2.0.1/16

eth2
10.4.0.2/16 10.5.0.1/16

dns.in-addr.arpa
10.5.0.2/16

eth1

RA

SW2
10.3.0.1/16

10.1.0.1/16

eth0

eth2
192.168.1.1/24

SW1
dns.arpa
10.2.0.2/16

eth1

RB

eth0

SW6
192.168.1.2/24

SW5
10.1.0.2/16

(.)
eth1
192.168.2.1/24 10.3.0.3/16

RC
192.168.2.2/24

eth0

pc1.org

10.3.0.2/16

dns_org.org

SW7 PC1_EDU_AR
192.168.2.4/24

eth1
172.16.0.1/16

eth0

RE

SW8

172.16.0.2/16

root@pc1:~# ping -c 1 pc1.org pc1.ar PING pc1.org (10.3.0.3) 56(84) bytes of data. 192.168.2.3/24 64 bytes from pc1.org (10.3.0.3): icmp_seq=1 ttl=63 time=21.8 ms dns.ar --- pc1.org ping statistics --1 packets transmitted, 1 received, 0% packet loss, time 0ms 172.16.0.3/16 rtt min/avg/max/mdev = 21.871/21.871/21.871/0.000 ms pc1.edu.ar root@pc1:~#

dns.edu.ar

RESOLUCIN INVERSA

eth0 en dns.edu.ar

PC1.EDU.AR
root@pc1:~# host 10.3.0.3 3.0.3.10.in-addr.arpa domain name pointer pc1.org. root@pc1:~#

eth0 en pc1.edu.ar

eth0 en dns.in-addr.arpa

eth0 en

dns.org

eth0 en (.)