Introduction

This lab provides you with the instructions and practical experience setting up a cache only name server. This type of DNS server does not control any domains, and are therefore not "Authoritative" for any domains. A caching/forwarding DNS server only forwards requests to an upstream server, such as one at your ISP. A Caching only DNS server saves the answers to queries that it forwards, so they can be reused later

You can configure your host to always query a remote DNS name server and not run DNS locally, or you can configure your host (workstation) to resolve hostnames by running your own DNS server. You may want to take advantage of both methods. You query the remote DNS Name Server but keep track locally (cache) of names and IP addreses that have been resolved.

Pre Lab Requirements:

You are responsible for reading and understanding DNS in the BSD Handbook

Understanding the Bind-Style configuration file:

                setting-block {
                    string-setting      "string value";
                    keyword-setting     keyword;
                    ip-setting          127.0.0.1;
                    manyip-setting      { 10.100.1.1; 10.100.1.2; 10.100.1.3; };

                };

                //comment
                #another comment
                /*
                 * many line
                 * c-style
                 * comment
                 */

                complex-block     "somevalue" {
                    string-setting      "string value";
                    keyword-setting     keyword;
                    ip-setting          127.0.0.1;
                    manyip-setting      { 10.100.1.1; 10.100.1.2; 10.100.1.3; };                            
                };

How DNS Works:

The most basic DNS lookup tool, is called host, if you run host www.mohawkcollege.ca it will return the ip address(es) of the website [A Records]
The host command also works in reverse, if you run host 142.222.6.1 it will return the name(s) associated with that IP address [PTR records]
There are more advanced DNS query tools, such as dig, this command returns more verbose output, as well as any additional records such as the NS records
If we wanted to know which servers control mail for mohawkcollege, we could run: dig mohawkcollege.ca MX
Other valid record types you can query with the dig tool are: A, AAAA, ANY, CNAME, MX, NS, PTR, SOA, SRV, and TXT (See the handbook for definitions)
Dig also allows you to specify a non-default DNS server to use for your query, instead of reading /etc/resolv.conf, to do this: dig @142.222.125.21 name TYPE
Try some of these commands, use the man pages to determine what they are doing:
dig @a.root-servers.net (Query the root dns servers)
host hub.freebsd.org (A regular forward lookup)
host 216.136.204.18 (A reverse lookup)
host –v –t soa freebsd.org (State of Authority Record)
host –v –t soa freesbie.org ns0.sd.org. (State of Authority Record for a specific nameserver)
host –t mx freebsd.org. (Mail eXchanger record)
dig fake.domain.mohawkcollege.ca
host ns.uu.net

Setting up a cache only server

Setup your /etc/resolv.conf so that your domain is csait.ca
Enable "named" in /etc/rc.conf
The first time you start named, it needs to create some files, to do this, we use the command: /etc/rc.d/named forcestart
Any time after this, we can use the regular "start" and "stop" commands
Every time you change a config file, or a zone file (later) you must do: /etc/rc.d/named reload for it to load the changed files
The configuration directory for bind is /etc/namedb, and the main config file is named.conf in that directory
Look at the contents of this directory, and the subdirectory master
Go back to the /etc/resolv.conf and set your only name server to 127.0.0.1
Now edit the bind config file (/etc/namedb/named.conf), and set the "forwarder" setting to 10.100.1.150, in the "options" block
Once you have changed the configuration file, you must use the "reload" command to apply those changes
Whenever you apply new settings, you should check the log file /var/log/messages for problems with your changes

Testing DNS:

Run tcpdump -n -p -s0 in another terminal while doing some lookups (man tcpdump for explainations of switches)
To test that your DNS name server is caching records:

while tcpdump is running in one window use ping <domain_name>
you should see a DNS query from your IP address to 10.100.1.150 on port 53
the query should be an "A" record
use the same domain name and ping again. There should not be a second DNS query

You can also run the rndc command with the dumpdb argument to look at the contents of the cache.

rndc dumpdb
the results will be in the /var/named/var/dump directory

Run host FQDN.of.you.choice while capturing packets with wireshark, and answer these questions

Questions:

What nameserver was queried first?

What type of query was made?

What was the response from the nameserver?

What port does BIND listen on.?

Which lookup command do you prefer and why? Perfect question for your final exam is "compare theses tools"

Is your caching only DNS server working and how would you know? (again expect this question on you final exam)

Last updated: 2010-03-03
Written by Cheri Weaver