Академический Документы
Профессиональный Документы
Культура Документы
Agenda
Introduccin a DHCP
PDU DHCP
DHCP RELAY
Ejemplo con dos subredes
DHCP Failover
Configuracin en dos subredes Configuracin de NTP (Network Time Protocol)
INTRODUCCION A DHCP
15
HARDWARE TYPE HARDWARE LENGTH HOP COUNT
31
OPERATION CODE
YOU IP ADDRESS
SERVER IP ADDRESS
192.168.1.1/24 eth1
192.168.1.2/24 eth0
SW
DHCP SERVER
PC1
DHCP_SERVER
# dhcpd.conf # Configuration file for ISC dhcpd (see 'man dhcpd.conf') ddns-update-style interim; # Required for dhcp 3.0+ ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.128 192.168.1.254; # Range of IP addresses to be issued to DHCP clients option subnet-mask 255.255.255.0; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.255; # Default broadcast address to be used by DHCP clients option routers 192.168.1.1; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients option netbios-name-servers 192.168.1.100; # Specify a WINS server for MS/Windows clients. # (Optional. Specify if used on your network) # DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured. # option ipforwarding off; default-lease-time 21600; # Amount of time in seconds that a client may keep the IP max-lease-time 43200; option time-offset -18000; # Eastern Standard Time # option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients # option netbios-name-servers 192.168.1.1; # --- Selects point-to-point node (default is hybrid). # Don't change this unless you understand Netbios very # option netbios-node-type 2; # We want the nameserver "ns2" to appear at a fixed address. # Name server with this specified MAC address will recieve this IP. host ns2 { next-server ns2.your-domain.com; hardware ethernet 00:02:c3:d0:e5:83; fixed-address 40.175.42.254; } # Laser printer obtains IP address via DHCP. This assures that the # printer with this MAC address will get this IP address every time. host laser-printer-lex1 { hardware ethernet 08:00:2b:4c:a3:82; fixed-address 192.168.1.120; } }
DHCP SERVER
root@DHCP_SERVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ WARNING: Host declarations are global. They are not limited to the scope you declared them in. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 0 leases to leases file. Listening on LPF/eth0/7a:71:c6:80:89:66/192.168.1/24 Sending on LPF/eth0/7a:71:c6:80:89:66/192.168.1/24 Sending on Socket/fallback/fallback-net root@DHCP_SERVER:~# netstat -uta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address tcp 0 0 *:time *:* tcp 0 0 *:auth *:* tcp 0 0 *:ssh *:* tcp 0 0 *:telnet *:* tcp6 0 0 [::]:ssh [::]:* udp 0 0 *:biff *:* udp 0 0 *:time *:* udp 0 0 *:bootps *:* root@DHCP_SERVER:~#
PC1
root@PC1:~# tcpdump -w dhcp.cap -s0 port 67 or port 68 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 4 packets captured 4 packets received by filter 0 packets dropped by kernel root@PC1:~#
PC1
root@PC1:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/
Listening on LPF/eth0/22:6b:a7:cb:6d:72 Sending on LPF/eth0/22:6b:a7:cb:6d:72 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 DHCPOFFER from 192.168.1.2 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.2 bound to 192.168.1.128 -- renewal in 10208 seconds.
root@PC1:~#
DHCP_SERVER
root@DHCP_SERVER /var/state/dhcp~# ls
dhclient.leases dhcpd.leases dhcpd.leases~ root@DHCP_SERVER /var/state/dhcp~# nano dhcpd.leases # The format of this file is documented in the dhcpd.leases(5) manual page. # This lease file was written by isc-dhcp-V3.1.2p1 lease 192.168.1.128 { starts 2 2010/08/31 02:51:35; ends 2 2010/08/31 08:51:35; cltt 2 2010/08/31 02:51:35; binding state active; next binding state free; hardware ethernet 22:6b:a7:cb:6d:72; } root@DHCP_SERVER /var/state/dhcp~#
PC1
192.168.1.1/24
eth1
192.168.1.2/24 eth0
SW
DHCP SERVER
eth0
No. 1
Time 0.000000
Source 0.0.0.0
Destination 255.255.255.255
Protocol DHCP
Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0... .... .... .... = Broadcast flag: Unicast .000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Discover Option: (53) DHCP Message Type Length: 1 Value: 01 Option: (t=55,l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 011C02030F060C 1 = Subnet Mask 28 = Broadcast Address 2 = Time Offset 3 = Router 15 = Domain Name 6 = Domain Name Server 12 = Host Name End Option Padding
No. 2
Time 0.795182
Source 192.168.1.2
Destination 192.168.1.128
Bootstrap Protocol Message type: Boot Reply (2) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 192.168.1.128 (192.168.1.128) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Offer Option: (53) DHCP Message Type Length: 1 Value: 02 Option: (t=54,l=4) DHCP Server Identifier = 192.168.1.2 Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=51,l=4) IP Address Lease Time = 6 hours Option: (51) IP Address Lease Time Length: 4 Value: 00005460 Option: (t=1,l=4) Subnet Mask = 255.255.255.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00 Option: (t=28,l=4) Broadcast Address = 192.168.1.255 Option: (28) Broadcast Address Length: 4 Value: C0A801FF
No. 3
Time 0.796066
Source 0.0.0.0
Destination 255.255.255.255
Protocol DHCP
- Transaction ID 0x4a402d53
Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x4a402d53 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0... .... .... .... = Broadcast flag: Unicast .000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Client hardware address padding: 00000000000000000000 Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Request Option: (53) DHCP Message Type Length: 1 Value: 03 Option: (t=54,l=4) DHCP Server Identifier = 192.168.1.2 Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=50,l=4) Requested IP Address = 192.168.1.128 Option: (50) Requested IP Address Length: 4 Value: C0A80180
Option: (t=55,l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 011C02030F060C 1 = Subnet Mask 28 = Broadcast Address 2 = Time Offset 3 = Router 15 = Domain Name 6 = Domain Name Server 12 = Host Name End Option Padding
No. 4
Time 0.838925
Source 192.168.1.2
Destination 192.168.1.128
Protocol DHCP
Bootstrap Protocol Message type: Boot Reply (2) Option: (t=28,l=4) Broadcast Address = 192.168.1.255 Hardware type: Ethernet Option: (28) Broadcast Address Hardware address length: 6 Length: 4 Hops: 0 Value: C0A801FF Transaction ID: 0x4a402d53 Option: (t=2,l=4) Time Offset = -5 hours Seconds elapsed: 0 Option: (2) Time Offset Bootp flags: 0x0000 (Unicast) Length: 4 0... .... .... .... = Broadcast flag: Unicast Value: FFFFB9B0 .000 0000 0000 0000 = Reserved flags: 0x0000 Option: (t=3,l=4) Router = 192.168.1.1 Client IP address: 0.0.0.0 (0.0.0.0) Option: (3) Router Your (client) IP address: 192.168.1.128 (192.168.1.128) Length: 4 Next server IP address: 0.0.0.0 (0.0.0.0) Value: C0A80101 Relay agent IP address: 0.0.0.0 (0.0.0.0) Option: (t=15,l=15) Domain Name = "your-domain.org" Client MAC address: 22:6b:a7:cb:6d:72 (22:6b:a7:cb:6d:72) Option: (15) Domain Name Client hardware address padding: 00000000000000000000 Length: 15 Server host name not given Value: 796F75722D646F6D61696E2E6F7267 Boot file name not given Option: (t=6,l=8) Domain Name Server Magic cookie: (OK) Option: (6) Domain Name Server Option: (t=53,l=1) DHCP Message Type = DHCP ACK Length: 8 Option: (53) DHCP Message Type Value: 28AF2AFE28AF2AFD Length: 1 IP Address: 40.175.42.254 Value: 05 IP Address: 40.175.42.253 Option: (t=54,l=4) DHCP Server Identifier = 192.168.1.2 End Option Option: (54) DHCP Server Identifier Length: 4 Value: C0A80102 Option: (t=51,l=4) IP Address Lease Time = 6 hours Option: (51) IP Address Lease Time Length: 4 Value: 00005460 Option: (t=1,l=4) Subnet Mask = 255.255.255.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00
eth0 02:00:00:11:11:11
SW2
192.168.1.129/25 eth1 192.168.1.1/25 eth0
PRINTER
192.168.1.2/24 eth0
SW1
DHCP SERVER
eth0
DHCP SERVER
ddns-update-style interim; ignore client-updates; subnet 192.168.1.0 netmask 255.255.255.128 { range 192.168.1.3 192.168.1.20; option subnet-mask option broadcast-address option routers option domain-name option domain-name-servers option netbios-name-servers default-lease-time 21600; max-lease-time 43200; option time-offset # Required for dhcp 3.0+ / Red Hat 8.0+
# Range of IP addresses to be issued to DHCP clients 255.255.255.128; # Default subnet mask to be used by DHCP clients 192.168.1.127; # Default broadcast address to be used by DHCP clients 192.168.1.1; # Default gateway to be used by DHCP clients "your-domain.org"; 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients 192.168.1.100; # Specify a WINS server for MS/Windows clients. # (Optional. Specify if used on your network) # Amount of time in seconds that a client # may keep the IP address
-18000; # Eastern Standard Time } subnet 192.168.1.128 netmask 255.255.255.128 { range 192.168.1.130 192.168.1.140; option subnet-mask 255.255.255.128; option broadcast-address 192.168.1.255; option routers 192.168.1.129; option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # option netbios-name-servers 192.168.1.254; default-lease-time 21600; max-lease-time 43200; option time-offset -18000; host printer { hardware ethernet 02:00:00:11:11:11; fixed-address 192.168.1.150; } }
R
root@R:~# dhcrelay 192.168.1.2 Internet Systems Consortium DHCP Relay Agent V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth1/3a:97:4c:da:17:32 Sending on LPF/eth1/3a:97:4c:da:17:32 Listening on LPF/eth0/fa:ae:81:8f:d6:42 Sending on LPF/eth0/fa:ae:81:8f:d6:42 Sending on Socket/fallback root@R:~# ps -aux | grep dhcrelay Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 1401 0.0 1.1 2004 316 ? Ss 03:12 0:00 dhcrelay 192.168.1.2 root 1403 0.0 2.2 2260 620 tty2 S+ 03:12 0:00 grep dhcrelay root@R:~#
1 4 5 8
SW R SW
eth0
2 3 6 7
DHCP FAILOVER
eth0 02:00:00:11:11:11
SW2
192.168.1.129/25 eth1 192.168.1.1/25 eth0
PC2
eth0 192.168.1.130/25
SW1
eth0 192.168.1.2/25
DHCP_SERVER
#dhcpd.conf # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # authoritative; ddns-update-style interim; failover peer "dhcp-failover" { primary; address 192.168.1.2; port 647; peer address 192.168.1.130; peer port 647; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; mclt 1800; split 128; } subnet 192.168.1.0 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; range 192.168.1.3 192.168.1.5; # Range of IPaddresses to be issued to DHCP clients option subnet-mask 255.255.255.128; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.127; # Default broadcastaddress to be used by DHCP clients option routers 192.168.1.1; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # Default NTP server to be used by DHCP clients } } CONTINA >>>>>>
DHCP_SERVER
subnet 192.168.1.128 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; max-lease-time 1800; range 192.168.1.131 192.168.1.133; option subnet-mask 255.255.255.128; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.255; # Default broadcastaddress to be used by DHCP clients option routers 192.168.1.129; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # Default NTP server to be used by DHCP clients } } }
DHCP_SERVER
# # # # # # # # Sample /etc/ntp.conf: Configuration file for ntpd. Undisciplined Local Clock. This is a fake driver intended for backup and when no outside source of synchronized time is available. The default stratum is usually 3, but in this case we elect to use stratum 0. Since the server line does not have the prefer keyword, this driver is never used for synchronization, unless no other other synchronization source is available. In case the local host is controlled by some external source, such as an external oscillator or another protocol, the prefer keyword would cause the local host to disregard all other synchronization sources, unless the kernel modifications are in use and declare an unsynchronized condition.
server 127.127.1.0 # local clock #fudge 127.127.1.0 stratum 10 #server pool.ntp.org # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be # used for making requests. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # Don't serve time or stats to anyone else by default (more secure) restrict default noquery nomodify # Trust ourselves. :-)
DHCP_SERVER
root@DHCP_SERVER:~# /etc/rc.d/rc.ntpd start Starting NTP daemon: /usr/sbin/ntpd g root@DHCP_SERVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Wrote 0 leases to leases file. Listening on LPF/eth0/8e:2c:61:3d:2a:e8/192.168.1.0/25 Sending on LPF/eth0/8e:2c:61:3d:2a:e8/192.168.1.0/25 Sending on Socket/fallback/fallback-net failover peer dhcp-failover: I move from recover to startup root@DHCP_SERVER:~#
DHCP_FAILOVER
# # # # # # # # Sample /etc/ntp.conf: Configuration file for ntpd. Undisciplined Local Clock. This is a fake driver intended for backup and when no outside source of synchronized time is available. The default stratum is usually 3, but in this case we elect to use stratum 0. Since the server line does not have the prefer keyword, this driver is never used for synchronization, unless no other other synchronization source is available. In case the local host is controlled by some external source, such as an external oscillator or another protocol, the prefer keyword would cause the local host to disregard all other synchronization sources, unless the kernel modifications are in use and declare an unsynchronized condition.
server 192.168.1.2 # local clock fudge 127.127.1.0 stratum 10 #server pool.ntp.org # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. # driftfile /etc/ntp/drift multicastclient # listen on default 224.0.1.1 broadcastdelay 0.008 # Keys file. If you want to diddle your server at run time, make a # keys file (mode 600 for sure) and define the key number to be # used for making requests. # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote # systems might be able to reset your clock at will. # #keys /etc/ntp/keys #trustedkey 65535 #requestkey 65535 #controlkey 65535 # Don't serve time or stats to anyone else by default (more secure) restrict default noquery nomodify # Trust ourselves. :-)
DHCP_FAILOVER
#dhcpd.conf CONTINA # # Configuration file for ISC dhcpd (see 'man dhcpd.conf') # authoritative; ddns-update-style interim; failover peer "dhcp-failover" { secondary; address 192.168.1.130; port 647; peer address 192.168.1.2; peer port 647; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; } subnet 192.168.1.0 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; range 192.168.1.3 192.168.1.5; option subnet-mask 255.255.255.128; option broadcast-address 192.168.1.127; option routers 192.168.1.1; option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; default-lease-time 21600; max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # } }
>>>>>>
DHCP_FAILOVER
subnet 192.168.1.128 netmask 255.255.255.128 { pool { failover peer "dhcp-failover"; deny dynamic bootp clients; max-lease-time 1800; range 192.168.1.131 192.168.1.133; option subnet-mask 255.255.255.128; # Default subnet mask to be used by DHCP clients option broadcast-address 192.168.1.255; # Default broadcastaddress to be used by DHCP clients option routers 192.168.1.129; # Default gateway to be used by DHCP clients option domain-name "your-domain.org"; option domain-name-servers 40.175.42.254, 40.175.42.253; # Default DNS to be used by DHCP clients default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address max-lease-time 43200; option time-offset -18000; # Eastern Standard Time option ntp-servers 192.168.1.2; # Default NTP server to be used by DHCP clients } } }
DHCP_FAILOVER
root@FAILOVER:~# /etc/rc.d/rc.ntpd start Starting NTP daemon: /usr/sbin/ntpd g root@FAILOVER:~# dhcpd Internet Systems Consortium DHCP Server V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Wrote 3 leases to leases file. Listening on LPF/eth0/02:97:ce:7c:8a:a9/192.168.1.128/25 Sending on LPF/eth0/02:97:ce:7c:8a:a9/192.168.1.128/25 Sending on Socket/fallback/fallback-net failover peer dhcp-failover: I move from normal to startup root@FAILOVER:~# ntpdate -u 192.168.1.2 14 Sep 21:22:16 ntpdate[1549]: adjust time server 192.168.1.2 offset -0.000304 sec root@FAILOVER:~#
ROUTER
root@R:~# dhcrelay 192.168.1.2 192.168.1.130 Internet Systems Consortium DHCP Relay Agent V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth1/3a:97:4c:da:17:32 Sending on LPF/eth1/3a:97:4c:da:17:32 Listening on LPF/eth0/fa:ae:81:8f:d6:42 Sending on LPF/eth0/fa:ae:81:8f:d6:42 Sending on Socket/fallback root@R:~#
PC1
root@PC1:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.1.2p1 Copyright 2004-2009 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/5e:dc:d1:06:fc:d4 Sending on LPF/eth0/5e:dc:d1:06:fc:d4 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 DHCPOFFER from 192.168.1.1 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 bound to 192.168.1.3 -- renewal in 712 seconds. root@PC1:~#
SW2
192.168.1.129/25 eth1
PC2
192.168.1.130/25
eth0 192.168.1.1/25
SW1
FAILOVER
192.168.1.2/25
PC1
HpA
Hacer para Aprender
DNS
Laboratorio de Redes y Comunicaciones
AGENDA
Introduccin a DNS
Topologa de Experimentacin
Construccin de la topologa Configuracin de Routers
BIND
Archivos de configuracin Dominios, Zonas Creacin de zonas Delegacin de Dominios Consultas: Iterativas, Recursivas Resolucin Inversa
INTRODUCCIN
DNS es un sistema jerrquico con estructura de rbol. La raz del rbol es root y se escribe como .
Bajo la raz se hallan los dominios de ms alto nivel (TLD, del ingls, Top Level Domain), cuyos ejemplos ms representativos son org, com, edu, net y mil, si bien existen muchos ms.
root
(.)
TLDs
ar
net
com
edu
edu
unlpam
fchst
ing
vet
Zona EDU.AR
<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1> <ADDRESS 2> <ADDRESS 3>
Zona UNLPAM.EDU.AR
<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <ADDRESS 1>
Zona ING.UNLPAM.EDU.AR
<NOMBRE 1> <NOMBRE 2> <NOMBRE 3> <NOMBRE N> <ADDRESS 1>
RECURSIVO
2Q 3R www.uba.edu.ar ? 1Q 4Q
NO RECURSIVO
root (.)
Resolver
10 A
ns.gov.ar
5R
ar
6Q 7R
edu.ar
9A
8Q
uba.edu.ar
Q R A QUERY REFERRAL ANSWER PETICIN REFERENCIA RESPUESTA
options {
directory "/var/named"; version "no disponible"; allow-query { any; }; allow-recursion { any; };
}; zone "." IN { type hint; file "named.ca; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; };
Bajo la sentencia options se declara un conjunto de opciones globales. Sin embargo ellas pueden ser sobrescritas por nuevas en la seccin de declaracin de zonas.
La sentencia zone especifica las zonas de resolucin directa y/o resolucin inversa. La ubicacin de los archivos de zona son relativos al path especificado en directory
root@dns:/var/named# cat org.zone $TTL ; @ 825225 IN SOA org. posmaster.org. 2010101801 10800 900 604800 86400 (
root@dns:/var/named#
root
( )
ar org
arpa
edu
in-addr
TOPOLOGA DE EXPERIMENTACIN
SW3
10.4.0.1/16
SW4
eth3
10.2.0.1/16
eth2
10.4.0.2/16 10.2.0.1/16
dns.in-addr.arpa
10.2.0.2/16
eth1
RA
SW2
10.3.0.1/16
10.1.0.1/16
eth0
eth2
192.168.1.1/24
SW1
dns.arpa
10.2.0.2/16
eth1
RB
eth0
SW6
192.168.1.2/24
SW5
10.1.0.2/16
(.)
eth1
192.168.2.1/24 10.3.0.3/16
RC
192.168.2.2/24
eth0
pc1.org
10.3.0.2/16
dns_org.org
SW7
eth1
172.16.0.1/16
eth0
RD
192.168.2.3/24
192.168.2.4/24
SW8
dns.ar
172.16.0.3/16
pc1.ar
pc1.edu.ar
172.16.0.2/16
dns.edu.ar
CONFIGURACIN DE RUTAS
SW3
10.4.0.1/16
SW4
eth3
10.2.0.1/16
eth2
10.4.0.2/16 10.5.0.1/16
dns.in-addr.arpa
10.5.0.2/16
eth1
RA
SW2
10.3.0.1/16
10.1.0.1/16
eth0
eth2
192.168.1.1/24
SW1
dns.arpa
10.2.0.2/16
eth1
RB
eth0
SW6
192.168.1.2/24
SW5
10.1.0.2/16
(.)
eth1
192.168.2.1/24 10.3.0.3/16
RC
192.168.2.2/24
eth0
pc1.org
10.3.0.2/16
dns_org.org
RA
SW7
eth1
172.16.0.1/16
eth0
RE
192.168.2.3/24
SW8
dns.ar
172.16.0.3/16
pc1.edu.ar
172.16.0.2/16
#!/bin/sh # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ip link set eth0 up ip addr add 192.168.2.4/24 10.1.0.1/16 brd 255.255.0.0 dev eth0 ip link pc1.ar set eth1 up ip addr add 10.5.0.1/16 brd 255.255.0.0 dev eth1 ip link set eth2 up ip addr add 10.4.0.1/16 brd 255.255.0.0 dev eth2 ip link set eth3 up ip addr add 10.2.0.1/16 brd 255.255.0.0 dev eth ip route add default via 10.5.0.2 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward
dns.edu.ar
SW3
10.4.0.1/16
SW4
eth3
10.2.0.1/16
eth2
10.4.0.2/16 10.5.0.1/16
dns.in-addr.arpa
10.5.0.2/16
eth1
RA
SW2
10.3.0.1/16
10.1.0.1/16
eth0
eth2
192.168.1.1/24
SW1
dns.arpa
10.2.0.2/16
eth1
RB
eth0
SW6
192.168.1.2/24
SW5
10.1.0.2/16
(.)
eth1
192.168.2.1/24 10.3.0.3/16
RC
192.168.2.2/24
eth0
pc1.org
10.3.0.2/16
dns_org.org
RB
SW7
eth1
172.16.0.1/16
eth0
RE
192.168.2.3/24
SW8
dns.ar
172.16.0.3/16
pc1.edu.ar
172.16.0.2/16
dns.edu.ar
#!/bin/sh # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 ip link set eth0 up ip addr add 192.168.2.4/24 10.3.0.1/16 brd 255.255.0.0 dev eth0 ip link pc1.ar set eth1 up ip addr add 192.168.1.1/24 brd 255.255.255.0 dev eth1 ip link set eth2 up ip addr add 10.5.0.2/16 brd 255.255.0.0 dev eth2 ip route add 10.1.0.0/16 via 10.5.0.1 dev eth2 ip route add 10.2.0.0/16 via 10.5.0.1 dev eth2 ip route add 10.4.0.0/16 via 10.5.0.1 dev eth2 ip route add default via 192.168.1.2 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward
SW3
10.4.0.1/16
SW4
eth3
10.2.0.1/16
eth2
10.4.0.2/16 10.5.0.1/16
dns.in-addr.arpa
10.5.0.2/16
eth1
RA
SW2
10.3.0.1/16
10.1.0.1/16
eth0
eth2
192.168.1.1/24
SW1
dns.arpa
10.2.0.2/16
eth1
RB
eth0
SW6
192.168.1.2/24
SW5
10.1.0.2/16
(.)
eth1
192.168.2.1/24 10.3.0.3/16
RC
192.168.2.2/24
eth0
pc1.org
10.3.0.2/16
dns_org.org
RC
SW7
eth1
172.16.0.1/16
eth0
RE
192.168.2.3/24
SW8
dns.ar
172.16.0.3/16
#!/bin/sh # # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 192.168.2.4/24 eth0 up ip link set pc1.ar add 192.168.2.1/24 brd 255.255.255.0 dev eth0 ip addr ip link set eth1 up ip addr add 192.168.1.2/24 brd 255.255.255.0 dev eth1 ip route add 172.16.0.0/16 via 192.168.2.2 dev eth0 ip route add default via 192.168.1.1 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward
pc1.edu.ar
172.16.0.2/16
dns.edu.ar
SW3
10.4.0.1/16
SW4
eth3
10.2.0.1/16
eth2
10.4.0.2/16 10.5.0.1/16
dns.in-addr.arpa
10.5.0.2/16
eth1
RA
SW2
10.3.0.1/16
10.1.0.1/16
eth0
eth2
192.168.1.1/24
SW1
dns.arpa
10.2.0.2/16
eth1
RB
eth0
SW6
192.168.1.2/24
SW5
10.1.0.2/16
(.)
eth1
192.168.2.1/24 10.3.0.3/16
RC
192.168.2.2/24
eth0
pc1.org
10.3.0.2/16
dns_org.org
RE
SW7
eth1
172.16.0.1/16
eth0
RE
192.168.2.3/24
SW8
dns.ar
172.16.0.3/16
#!/bin/sh # # /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 192.168.2.4/24 eth0 up ip link set pc1.ar add 172.16.0.1/16 brd 255.255.0.0 dev eth0 ip addr ip link set eth1 up ip addr add 192.168.2.2/24 brd 255.255.255.0 dev eth1 ip route add default via 192.168.2.1 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward
pc1.edu.ar
172.16.0.2/16
dns.edu.ar
RAIZ
// named.conf in /etc/named.conf options { directory "/var/named"; allow-transfer { none; }; recursion no; allow-query { any; }; }; zone "." IN { type master; file "raiz.zone"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; };
RAIZ
; /var/named/raiz.zone $TTL 86400 ; Entrada para el registro SOA (Start of Authority) . IN SOA raiz. postmaster.raiz. ( 2010091801 10800 3600 604800 86400 ) ; IN NS raiz. raiz. IN A 10.1.0.2 ; ar. IN NS dns.ar. dns.ar. IN A 192.168.2.3 ; org. IN NS dns.org. dns.org. IN A 10.3.0.2 ; arpa. IN NS dns.arpa. dns.arpa. IN A 10.1.0.3
Delegacin de TLDs
DNS_ORG
#!/bin/sh # # /etc/rc.d/rc.local: Local system initialization script. # # Put any local startup commands in here. Also, if you have # anything that needs to be run at shutdown time you can # make an /etc/rc.d/rc.local_shutdown script and put those # commands in there. ip link set eth0 up ip addr add 10.3.0.2/16 brd 255.255.0.0 dev eth0 ip route add default via 10.3.0.1 dev eth0
DNS_ORG
options { directory "/var/named"; version "no disponible"; allow-query { any; }; allow-recursion { any; }; }; zone "." IN { type hint; file "named.ca; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "org" IN { type master; file "org.zone"; allow-update { none; }; }; zone "3.10.in-addr.arpa" IN { type master; file "3.10.in-addr.arpa.zone"; allow-update { none; }; };
Definicin de la zona org y la especificacin del archivo de zona Definicin de la zona de resolucin inversa y la especificacin del archivo de zona
Definicin del servidor autorizado en la zona org y nombres de dominio que la zona resuelve
DNS_ORG
root@dns:/var/named# ls 3.10.in-addr.arpa.zone caching-example/ named.ca org.zone root@dns:/var/named# cat org.zone $TTL ; @ 825225 IN SOA org. posmaster.org. 2010101801 10800 900 604800 86400 (
root@dns:/var/named#
DNS_ORG
root@dns:/var/named# ls 3.10.in-addr.arpa.zone $TTL @ 86400 IN SOA org. 10800 900 604800 86400 ) IN dns.org. 2.0 3.0 . raiz. IN IN IN 3600000 3600000 NS A PTR PTR IN IN dns.org. 10.3.0.2 dns.org. pc1.org. NS A raiz. 10.1.0.2 root.org. ( 2010101801 caching-example/ named.ca org.zone root@dns:/var/named# cat 3.10.in-addr.arpa.zone
Configuracin del archivo named.ca que contiene informacin para que el servidor DNS en org puede alcanzar al servidor raz (.)
root@dns:/var/named#
DNS_AR
root@dns:~# cat /etc/named.conf options { directory "/var/named"; version "get lost"; recursion yes; allow-query { any; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "ar" IN { type master; file "ar.zone"; allow-update { none; }; }; zone "2.168.192.in-addr.arpa" IN { type master; file "2.168.192.in-addr.arpa.zone"; allow-update { none; }; }; root@dns:~#
DNS_AR
root@dns:/var/named# ls
ar.zone named.ca 2.168.192.in-addr.arpa.zone caching-example/
root.ar. (
NS A
dns.edu.ar. 172.16.0.2
root@dns:/var/named#
DNS_AR
root@dns:/var/named# cat 2.168.192.in-addr.arpa.zone $TTL 86400 ; @ IN
root.ar. (
) ; IN NS dns.ar. dns.ar. IN A 192.168.2.3 ; 3 IN PTR dns.ar. 4 IN PTR pc1.ar. ; root@dns:/var/named# cat named.ca . 3600000 IN NS raiz. raiz. 3600000 IN A 10.1.0.2 root@dns:/var/named#
DNS_EDU_AR
root@dns:~# cat /etc/named.conf options { directory "/var/named"; version versin desconocida"; allow-query { any; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; de resolucin file "caching-example/named.local"; Zona allow-update { none; }; inversa en edu.ar. }; zone "edu.ar" IN { type master; file "edu.ar.zone"; allow-update { none; }; }; zone "16.172.in-addr.arpa" IN { type master; file "16.172.in-addr.arpa.zone"; allow-update { none; }; }; root@dns:~#
DNS_EDU_AR
root@dns:~# cd /var/named root@dns:/var/named# ls 16.172.in-addr.arpa.zone caching-example/ named.ca root@dns:/var/named# cat edu.ar.zone $TTL @ 86400; IN edu.ar.zone
Archivo edu.ar.
de
zona
SOA dns.edu.ar. hostmaster.edu.ar. ( 2010091806 10800 900 604800 86400 ) IN NS dns.edu.ar. IN A 172.16.0.2 IN A 172.16.0.3
root@dns:/var/named# cat 16.172.in-addr.arpa.zone SOA edu.ar. root.edu.ar. ( 2010091806 10800 900 604800 86400 IN IN IN IN NS A PTR PTR dns.edu.ar. 172.16.0.2 dns.edu.ar. pc1.edu.ar.
root@dns:/var/named#
DNS_ARPA
root@dns:~# cat /etc/named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "arpa" IN { Definicin type master; zona arpa. file "arpa.zone"; }; root@dns:~#
de
la
DNS_ARPA
root@dns:/var/named# cat arpa.zone $TTL 86400 ; @ IN SOA arpa. root.arpa. ( 2010091801 10800 900 604800 86400 ) ; IN NS dns.arpa. dns.arpa. IN A 10.2.0.2 ; in-addr.arpa. IN NS dns.in-addr.arpa. dns.in-addr.arpa. IN A 10.4.0.2 root@dns:/var/named#
DNS_IN-ADDR
options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "caching-example/localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "caching-example/named.local"; allow-update { none; }; }; zone "in-addr.arpa" IN { type master; file "arpa.in-addr.zone"; };
DNS_IN-ADDR
root@dns:/var/named# cat arpa.in-addr.zone $TTL 86400 ; @ IN
SOA
root.in-addr.arpa. (
Es muy importante utilizar los comandos de BIND para chequear tanto los archivos de zonas, as como tambin el archivo de configuracin named.conf . A continuacin se muestra la aplicacin de los comandos en IN-ADDR
DNS_IN-ADDR
root@dns:/var/named# named-checkzone in-addr.arpa /var/named/arpa.in-addr.zone zone in-addr.arpa/IN: loaded serial 2010061801 OK root@dns:/var/named# named-checkconf /etc/named.conf root@dns:/var/named#
RESOLUCIN DIRECTA
SW3
10.4.0.1/16
SW4
eth3
10.2.0.1/16
eth2
10.4.0.2/16 10.5.0.1/16
dns.in-addr.arpa
10.5.0.2/16
eth1
RA
SW2
10.3.0.1/16
10.1.0.1/16
eth0
eth2
192.168.1.1/24
SW1
dns.arpa
10.2.0.2/16
eth1
RB
eth0
SW6
192.168.1.2/24
SW5
10.1.0.2/16
(.)
eth1
192.168.2.1/24 10.3.0.3/16
RC
192.168.2.2/24
eth0
pc1.org
10.3.0.2/16
dns_org.org
SW7 PC1_EDU_AR
192.168.2.4/24
eth1
172.16.0.1/16
eth0
RE
SW8
172.16.0.2/16
root@pc1:~# ping -c 1 pc1.org pc1.ar PING pc1.org (10.3.0.3) 56(84) bytes of data. 192.168.2.3/24 64 bytes from pc1.org (10.3.0.3): icmp_seq=1 ttl=63 time=21.8 ms dns.ar --- pc1.org ping statistics --1 packets transmitted, 1 received, 0% packet loss, time 0ms 172.16.0.3/16 rtt min/avg/max/mdev = 21.871/21.871/21.871/0.000 ms pc1.edu.ar root@pc1:~#
dns.edu.ar
RESOLUCIN INVERSA
eth0 en dns.edu.ar
PC1.EDU.AR
root@pc1:~# host 10.3.0.3 3.0.3.10.in-addr.arpa domain name pointer pc1.org. root@pc1:~#
eth0 en pc1.edu.ar
eth0 en dns.in-addr.arpa
eth0 en
dns.org
eth0 en (.)