DNS Exercise 4.2: Setting up Reverse DNS (in-addr.arpa.) for a /24 IP Block =========================================================================== AfriNIC has allocated 196.222.0.0/16 for reverse DNS (in-addr.arpa.) exercises in this workshop. Each student will be allocated a /24 for this exercise. Each student will setup reverse DNS for the /24 allocated to them. The allocation will be done based on the students PCs number so if your PC is `pc1.sse.ws.afnog.org`, and your IP address is `196.200.219.1`, then the /24 assigned to you will be `196.222.1.0/24`. In this exercise, you will setup reverse DNS for 196.222.X.0/24, where X is your PCs number. You will create master nameservice on your own machine, and someone else will setup their machine to be a slave server for your X.222.196.in-addr.arpa. domain. Then you will ask the administrator for the domain (your RIR in real life) above you (222.196.in-addr.arpa) to delegate the /24 to you. Please refer to DNS Exercise 3.1 on Setting up a domain Exercise -------- * Write the domain allocated to you here: `____.222.196.in-addr.arpa.` (e.g. pc12 will write 12.222.196.in-addr.arpa.) * Find someone who will agree to be slave for your domain. You must choose someone on a DIFFERENT table to you. (Remember RFC2182: secondaries must be on remote networks). You can have more than one slave if you wish. * Create your zone file in `/var/named/etc/namedb/master/X.222.196.in- addr.arpa` (where X is your PCs number) > $TTL 10m > @ IN SOA pcX.sse.ws.afnog.org. yourname.example.com. ( > 2006051000 ; Serial > 10m ; Refresh > 10m ; Retry > 4w ; Expire > 10m ) ; Negative > > IN NS pcX.sse.ws.afnog.org. ; master > IN NS pcY.sse.ws.afnog.org. ; slave > > 1 IN PTR dhcp1.xxxxx.afnog.org.rw. > > $GENERATE 11-254 $ IN PTR ppp$.xxxxx.afnog.org.rw. Replace `yourname.example.com.` with your home E-mail address, changing "@" to "." and adding a "." to the end. Replace xxxxx.afnog.org.rw with the domain you setup in DNS Exercise 3.1: Setting up a domain We have chosen purposely low values for TTL, refresh, and retry to make it easier to fix problems in the classroom. For a production domain you would use higher values, e.g. `$TTL 1d` * Edit `/var/named/etc/namedb/named.conf` to configure your machine as master for your domain (see slides for information how to do this) * Check that your config file and zone file are valid, and then reload the nameserver daemon: # named-checkconf # named-checkzone X.222.196.in-addr.arpa \ /var/named/etc/namedb/master/X.222.196.in-addr.arpa *If there are any errors, correct them* # rndc reload # tail /var/log/messages *If there are any errors, correct them*. Some configuration errors can cause the daemon to die completely, in which case you may have to start it again: # /etc/rc.d/named restart * Assist your slaves to configure themselves as slave for your domain, and configure yourself as a slave if asked to do so by another table. Again, the instructions for how to do this are on the slides. If you have changed your `named.conf` so that you are a slave for someone else, make sure there are no errors in `/var/log/messages` after you do `rndc reload`. * Check that you and your slaves are giving authoritative answers for your domain: # dig +norec @196.200.219.X X.222.196.in-addr.arpa. soa # dig +norec @192.200.219.Y X.222.196.in-addr.arpa. soa Check that you get an AA (authoritative answer) from both, and that the serial numbers match. * Now you are ready to request delegation. Bring the following form to the classroom instructor: Domain name: __.222.196.in-addr.arpa. Master nameserver: pc____.sse.ws.afnog.org Slave nameserver: pc____.sse.ws.afnog.org Slave nameserver: pc____.sse.ws.afnog.org (optional) Slave nameserver: pc____.sse.ws.afnog.org (optional) * You will not get delegation until the instructor has checked: - Your nameservers are all authoritative for your domain - They all have the same SOA serial number - The NS records within the zone match the list of servers you are requesting delegation for - The slave(s) are not on the same desk as you * Once you have delegation, find the names associated with 196.222.X.1 and 196.222.X.12: Try this: - On your own machine # dig +norec @196.200.219.X -x 196.222.X.1 # dig +norec @192.200.219.X -x 196.222.X.12 - On someone else's machine (who is not slave for you) - On a machine elsewhere on the Internet, if you have access to one (www.dnsstuff.com) * Ensure that the forward and reverse DNS entries match. You will have to edit your xxxxx.afnog.org.rw zonefiles and add the following records. Don't forget to increase the serial number in the zone file. > dhcp1 IN A 196.222.X.1 > > $GENERATE 11-254 ppp$ IN A 196.222.X.$