Understanding Domain Names and DNS Configuration
Domain Names
A domain name is a unique string of characters that corresponds to a unique IP address. For example, the domain name www.cs.umb.edu corresponds to the IP address 158.121.106.222. You can use either, but the domain name is easier to remember.
Domain Name System (DNS)
The Domain Name System (DNS) is the process of turning a domain name into an IP address. It’s like a phone book for the internet. This system is governed by the DNS protocol. The Domain Name System is hierarchical.
The Domain Name Hierarchy (DNH)
The DNH splits responsibility among different machines. Each machine is responsible for a different part of the hierarchy. At the top of this hierarchy is the DNS Root Domain (which has no name). Beneath the DNS Root Domain are the Top Level Domain Names (TLDN), which are limited. Examples include .com, .edu, and .net.
The next level is domain names under a given top-level domain name, such as Apple.com or Google.com.
You can set up multiple subdomains. For example, the CS department is under the umb.edu domain (cs.umb.edu).
Components of a Domain Name
A domain name has two components: the name of the machine (hostname) and the name of the network.
www is commonly used for websites and designates the web server.
A domain name can be local (not available outside the network, using a private IP address) or a fully qualified domain name (used anywhere in the world, using a public IP address).
For example, in users1.cs.umb.edu:
- users1 is the unique machine.
- cs is the CS department subdomain.
- umb is the registered name.
- edu is the TLDN.
All components are separated by periods (.).
DNS: Registration and Resolution
DNS has two parts: domain name registration and name resolution.
Registrars deal with certain TLDNs and are responsible for a machine as the source of all information regarding the domain.
This machine is called the authoritative name server. It provides IP addresses for domain names in its zone. The zone consists of the network and subnetworks.
Turning a domain name into an IP address is called DNS name resolution.
Every Unix machine has a DNS configuration file, /etc/resolv.conf, which contains the address of the first machine to ask for the IP address of a given domain name. In Ubuntu, this is generated by the resolvconf utility.
Configuring DNS on it20
IT20 uses BIND (Berkeley Internet Name Domain), and the daemon is named. The software is bind9.
Install it with: sudo apt-get install bind9
Restart it with: sudo service bind9 restart
Configuration files are in /etc/bind/. The configuration file for the named daemon is /etc/bind/named.conf.
Our DNS is for three zones, each providing IPs for virtual machines on the lab, but on three different subnets:
- internals: IP addresses for IT lab machines.
- cslan: IP addresses for machines on the CS lan.
- external: IP addresses for any machine.
named.conf references /etc/bind/named.conf.local on IT20. This file contains the first information about the zones. The actual addresses associated with each machine’s hostname are inside /etc/bind, see directories.
Inside the directories is a db.it file with the hostnames of the VMs and their IP addresses.
The host line in /etc/nsswitch.conf must change to hosts: dns files to use its own DNS for name resolution.
Before using the version of /etc/hosts, restart BIND: /etc/init.d/bind9 restart
SSH, SCP, and SFTP
SSH, SCP, and SFTP are utilities within Unix. All three encrypt network traffic between two machines.
- SSH: Used to log in to another remote machine from a local machine. It’s a secure version of telnet.
- SCP: Used to copy files between a local machine and a remote machine. Note that it cannot copy from /etc/shadow (encrypted passwords).
- SFTP: Secure File Transfer Protocol. Like SCP, but with more features, and it uses relative paths.
Key-Based SSH Logins
Key-based SSH logins use two keys:
- Public key: Put on the remote machine.
- Private key: Stored in the ~/.ssh directory inside the home directory of the local machine connecting to.
To create keys, use: ssh-keygen
RSA (Rivest Shamir Aldeman) and DSA (Digital Signature Algorithm) are common key types.
Example: ssh-keygen -t rsa -b 4096 (creates two files: id_rsa and id_rsa.pub)
Keys with a passphrase are more secure. Enable this by adding the public key to the authorized_keys file in the .ssh directory.
Rdist
To distribute files to multiple machines, where every server needs /etc/profile, use rdist (remote distribution). It preserves permissions.