Topics
Some of the below topics will be excluded, if we do not get to cover those topics in class before the exam!
- Ubuntu Server
- Hostname
- sudo
- ping
- apt_get
- it20 is a Router
- Networking and the Boot Process
- Configuring a Network Interface Controller
- Understanding the /etc/network/interfaces File
- The Loopback Interface
- /etc/hosts
- Private IP Addresses
- Doing without DHCP
- NIS
- Daemons
- How We Will Use NIS
- NIS Domain Name
- NIS Software
- /etc/nsswitch.conf
- Creating New Accounts on Ubuntu
- /etc/passwd
- /etc/shadow
- /etc/group
- chown and chgrp
- Distributed File Systems
- NFS
- Ports and Network Conversations
- /etc/exports
- autofs
- Private IP Addresses and the Internet
- Using IP Addresses to Communicate over the Internet
- Network Address Translation
- IP Addresses
- Domain Names
- DNS (Domain Name System)
- The Domain Name Hierarchy
- Components of a Domain Name
- How DNS Works
- DNS Name Resolution
- Configuring DNS on it20
Ubuntu Server
- We are installing Ubuntu Server 16.04 LTS
- Ubuntu is a very popular Linux distribution ...
- based on Debian Linux
- Development of Ubuntu is led by Canonical ...
- a company based in the Isle of Man in Great Britain ...
- A new Ubuntu version is released every 6 months
- The Ubuntu version number is composed of the year and month of its release
- So version 16.04 was released in April of 2016
- LTS stands for "Long Term Support"
- An LTS version will be supported for 5 years after its release
- A new LTS version is released every 2 years
- One of the reasons for Ubuntu's success is its package manager
- If you type in a command that is not installed ...
- Ubuntu will suggest packages that would install the command
Hostname
- The hostname is the name by which a computer is known on the network
- Every networked machine must have a hostname
- All the Windows machines in this lab have hostnames
- Your virtual machine will also be on the network
- So it needs a hostname too
- The hostname must be the team name
sudo
- The most important account on any Unix/Linux machine is root
- The setup and configuration of any machine must be done using the root account
- But because root is powerful, it is also dangerous
- In Ubuntu, access to the root account is blocked
- To administer an Ubuntu server ...
- you must use the sudo command
- The first account created by the Ubuntu installer ...
- is on the sudoers list ...
- and can run sudo
- Here is the format for sudo
sudo LINUX_COMMAND - After you hit Enter, sudo will ask you for your password
- If your user account is on the sudoers list ...
- you can enter your password ...
- and the command you entered after sudo will run
ping
- ping is a network tool
- It is used to test whether a particular machine ...
- is reachable over the network ...
- by sending a series of test packets ...
- to an IP address or a domain name
apt_get
- To obtain new software packages ...
- or to update existing ones ...
- Ubuntu uses a technology called Advanced Packaging Tool (APT)
- You access this technology through the apt-get command
- apt-get can only be run by root ...
- so you must run sudo to use it
- APT uses an online database of existing software packages ...
- and all the software those packages depend on
- apt-get uses a local copy of this database
- This local copy must be updated periodically as follows
sudo apt-get update
it20 is a Router
- it20 is functioning as a router ...
- so it20 is connected to two networks
- cs.umb.edu
- it.cs.umb.edu
- In order to do this, it20 needs two Ethernet cards
- Each of these cards must be configured separately
Networking and the Boot Process
- When any machine boots, it knows, nothing about it's hardware ...
- or the network it is connected to
- On Linux machines it gets this information from scripts ...
- in a special directory
- This directory is init.d
- On Ubuntu the absolute address of this directory is /etc/init.d
- On Red Hat, you will find it in /etc/rc.d/init.d
- init.d contains shell scripts that can start, stop and restart services
- Not all services are started automatically ...
- when you boot the machine ...
- but all services come up, go down, or restart using scripts in /etc/init.d
- To bring up the network ...
- a Linux machine runs the script networking ...
- which is one of the many scripts in init.d
- The networking script reads configuration information ...
- from text files in /etc/network
Network Interface Controllers
- To connect to a network, a computer needs special hardware
- Usually, this hardware is an Ethernet card
- An Ethernet card is one example of a network interface controller ...
- usually abbreviated NIC
- A NIC is a hardware device that connects a computer to a network
Configuring a Network Interface Controller
- When a Linux machine boots ...
- it needs information to configure its network card
- It gets this information in the text file interfaces ...
- which, on Ubuntu, can be found in the /etc/network/ directory ...
- so its absolute pathname is /etc/network/interfaces
- All the information a Linux machine needs to connect to the network ...
- is found in interfaces
- So if you want to change anything ...
- you need to edit this file
- But only root can change this file ...
- so you must use sudo to run a text editor on it
- If you want to see how a machine is configured for the network ...
- you can either look at interfaces ...
- or run ifconfig utility without any arguments
- If the computer has more than one network card ...
- each one must be configured in interfaces
- The first network card is eth0 ...
- and the second one is eth1
Understanding the /etc/network/interfaces File on
- it20 has two NICs
- For each network interface in /etc/network/interfaces ...
- you see a line beginning with "auto" ...
- and followed by an interface name
auto eth0 - This line tells the operating system to automatically bring up this NIC ...
- every time the system is booted
- Each network interface controller must have an IP address
- There are two ways give the NIC its configuration information
- Provide that information in the interfaces file
- Use DHCP
- There are two types of IP addresses that can be assigned to a NIC
- A static IP address
- A dynamic IP address obtained from an address pool
- A static IP address never changes
- It must be written into /etc/network/interfaces ...
- or specifically assigned to a machine through DHCP
- DHCP stands for Dynamic Host Configuration Protocol
- DHCP allows a machine to obtain all its network configuration information ...
- from another machine
- This other machine is the DHCP server
- In the entry below, the first Ethernet card, eth0
- is configured to use DHCP
auto eth0 iface eth0 inet dhcp - The second Ethernet card is eth1 because the first is eth0
- The second Ethernet card is configured to use a static IP address
iface eth1 inet static address 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255 - Since this NIC is not using DHCP ...
- it must get the other network configuration information it needs ...
- from /etc/network/interfaces
- The netmask and network values tells it20 which NIC to use ...
- when sending an IP packet
- If the packet is addressed to the local network, it.cs.umb.edu ...
- it uses eth1 ...
- otherwise it uses eth0
- it20 is the gateway for the IT Lab network
- eth1 talks to the cs.umb.edu network ...
- and the greater Internet to which it is connected
- The broadcast address is given by this line
broadcast 10.0.0.255 - A packet sent to this broadcast address ...
- is sent to every machine on the local, IT Lab, network
- You virtual machines need two other pieces of information ...
- for their NICs
- They need a gateway address
- A gateway is a router that connects the local network ...
- to the Internet
- Your machines also need the address of a DNS server
The Loopback Interface
- Every /etc/network/interfaces file has an entry for loopback
- The loopback device is named lo
- The loopback device is not a physical device
- It is a software emulation of a network card
- Any packets sent to the loopback device ...
- come right back to the machine ...
- without every going out on the network
- The loopback device is used for testing ...
- and some services depend on it
/etc/hosts
- Every machine on the internet has an IP address
- But you don't usually type that address into your browser
- Instead you enter a URL ...
- which is much easier to remember
- Most of the time, your machine sends this name to a DNS server ...
- which translates the name into an IP address ...
- which your machine then uses to get the web page
- But there is another way to turn a name into an IP address
- Your machine can also look in the text file /etc/hosts
- Each line of this text file contain a hostname and an IP address
- Using this file instead of DNS is fast ...
- because you don't have to send a network message to get it
Private IP Addresses
- Not all IP addresses are public
- Public IP addresses are visible to the world at large ...
- and you have to get them from your regional Internet registry
- Both IPv4 and IPv6 provide for private addressing
- Private addresses are only visible inside a network
- Only one machine can have a given public IPv4 or IPv6 address
- Inside a network, only one machine can have a given private IP address
- But every local network can assign its machines addresses ...
- from certain IP address blocks
- For IPv4 these blocks are
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
- Two different machines can both have the same private address, say 10.0.0.1 ...
- as long as they are on different local networks
- Because private IP addresses are invisible outside the network ...
- they offer security from the dangers of the Internet
- They also make life easier for system administrators
- Every machine that is on the public internet needs a public IP address ...
- which can only be obtained from a regional Internet registry
- But a system administrator can assign machines private address ...
- without having to get permission from anyone
Doing without DHCP
- DHCP is not the only way to give your virtual machine an IP address
- You can give your machine a static IP address ...
- by entering it in your machine's /etc/network/interfaces file
- One way or another, each NIC on a machine must get the following information
- Network address
- IP address
- Gateway address
- Broadcast address
- Netmask
- DNS Nameserver addresses
- It can get this from a DHCP server ...
- or from /etc/network/interfaces
NIS
- NIS stands for Network Information Service
- The idea behind NIS was to have one place ...
- where configuration files for an entire network could be stored ...
- which could then be copied automatically ...
- to the individual machines on the network
- The information that NIS provides is stored in files ...
- that NIS calls maps
- These map files are not text
- They are in a special binary format
- To read these files you need special NIS tools
- The maps exists on the NIS server ...
- and all other machines on the network ...
- get copies of these files from the server
- NIS always has a master server ...
- but there may be additional servers ...
- which have copies of the master server files ...
- and can stand in for the master server if it is not available
- These servers are called slave servers
- NIS was developed by Sun and was originally called Yellow Pages
- For legal reasons, the name had to be changed ...
- but many of the commands used in NIS start with "yp"
Daemons
- NIS, like many network services, relies on daemons to provide its services
- Daemons are processes that provide services ...
- and run in the background ...
- never interacting directly with any user ...
- even root
- Daemons are often started when the machine is booted
- The programs that are run in these processes often have names ending in "d"
- The daemon that a web server runs is called httpd
- NIS uses several daemons, but the two must important daemons are
- ypserv
- ypbind
- ypserv runs on the master server ...
- and ypbind runs on the other machines that use NIS services
- These other machines are called clients
How We Will Use NIS
- NIS is an efficient way of distributing four configuration files
- /etc/passwd
- /etc/shadow
- /etc/group
- /etc/hosts
- /etc/passwd is where user account data is stored
$ head -3 /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh - /etc/shadow is where encrypted passwords are stored
sudo head -3 /etc/shadow root:$6$cK5nAMAJ$u7JjXprWnrDompvB4tO0eJgphRWpLSYa6LiZDeAtRUToOHblHPLiuugzSiajJ.Rnnk/HdUsbxEqkDJbIwABgA1:15770:0:99999:7::: daemon:*:15722:0:99999:7::: bin:*:15722:0:99999:7::: - /etc/group is where data about groups is stored
$ head -3 /etc/group root:x:0: daemon:x:1: bin:x:2: - /etc/hosts is used to associate hostnames with IP addresses
$ head -20 /etc/hosts # /config/IT/root/etc/hosts installed as # it20:/etc/hosts. # If you modify this file, please notify sysprog # so your mods can be fetched back to repository. # Associate ip addresses with names. # Myself (loop back) 127.0.0.1 localhost #127.0.1.1 it20.it.cs.umb.edu it20 10.0.0.1 it20.it.cs.umb.edu it20 # Inside vm's for s13, per abird. # 10.0.0.128 itvm21-1.it.cs.umb.edu itvm21-1 10.0.0.129 itvm22-1.it.cs.umb.edu itvm22-1 10.0.0.130 itvm23-1.it.cs.umb.edu itvm23-1 10.0.0.131 itvm24-1.it.cs.umb.edu itvm24-1 10.0.0.132 itvm25-1.it.cs.umb.edu itvm25-1 10.0.0.133 itvm26-1.it.cs.umb.edu itvm26-1
NIS Domain Name
- When you configure NIS, you will be asked for a domain name
- This is not the same as an Internet domain name
- The NIS domain name is used by NIS only
- It can be any value ...
- but all machines on the network need to use the same NIS domain name
- For simplicity, we will use our network domain, it.cs.umb.edu ...
- for our NIS domain name
NIS Software
- There are two components of the NIS package
- Server software runs on a server ...
- and provides copies of the configuration file
- Client software runs on all machines ...
- that use the software provided by the NIS Server
/etc/nsswitch.conf
- /etc/nsswitch.conf tells a machine
- the order to get information ...
- from NIS or other information sources
- Each entry in this file represents a source of information ...
- that the machine uses to obtain configuration data
- For example the entry
hosts: files dnstell the machine to first look in /etc/hosts ... - when resolving a domain name into an IP address ...
- and then to use DNS
- The most common values for information sources are
Value Information Source file Local configuration file nis NIS server ldap LDAP server compat Local configuration file with some special options - For more information run
man nsswitch.conf
Creating New Accounts on Ubuntu
- One of the most basic tasks of a system administrators ...
- is creating an account for a new user
- On Ubuntu there are two commands that will do this
- adduser
- useradd
- useradd is an executable file ...
- while adduser is a Perl script ...
- that uses useradd, but is more user_friendly
- These programs make entries in the following configuration files
- I will use adduser to create accounts for each of you on it20
- Each of you will have an account on it20
- that has the same Unix ID as your account on the CS LAN
- Using NIS, this account information will be put on every machine ...
- So you can log in to every machine in the Lab using this account
- I am using adduser to do this because it has an option I need
- The --no-create-home option tells adduser not to create a home directory for this account
- The reason I am using this option is that your home directory will be on your virtual machine
- In the next project, we will use NFS to make this directory available on every virtual machine
/etc/passwd
- /etc/passwd contains basic information about each account on the machine
- At one time, this file did contain passwords ...
- but no longer
- Passwords have been moved to /etc/shadow ...
- where they are encrypted
- /etc/passwd can be read by anyone ...
- but only root can change it
- Each line is a entry for a specific account
- Each account record consists of 7 fields ...
- each separated by colons, :
- The first field has the account name ...
- second field used to contain the passwords
- An x in the Password field means the password is in /etc/shadow
- Two other important fields in /etc/passwd ...
- contain the absolute address of your home directory ...
- and your default login shell
/etc/shadow
- /etc/shadow stores passwords in an encrypted form
- As with /etc/passwd each line represents an account on the machine ...
- and individual fields are separated by a colon, :
- The Password field is encrypted
- Other fields in this file are for password management
/etc/group
- A group is a collection of user accounts
- Groups can only be created by root
- /etc/group contains group data
- There is a line in this file for each group on the machine ...
- and individual fields are separated by a colon, :
- The last field in an entry in /etc/group ...
- contains a list of usernames ...
- which are included in the group
- A unique group is usually created automatically ...
- for each new user
- In this special group, the group name ...
- is the same as the username
chown and chgrp
- Every file or directory has an owner ...
- and an assigned group
- By default the owner is the account that created the file or directory ...
- and the group is the special group created for that user
- To change the owner use chown
chown UNIX_USERNAME FILE_OR_DIRECTORY - To change the group use chgrp
chgrp GROUPNAME FILE_OR_DIRECTORY - Only root can run chown or chgrp
Distributed File Systems
- Unix has a technology called NFS that allows machines ...
- to make their files available to anyone on the network ...
- forming a distributed filesystem
- Our CS LAN has such a distributed filesystem
- You can log into any machine on the network ...
- and you will always land in your home directory ...
- even though you are not connected to the machine ...
- that has your home directory on its hard disk
- Your home directory lives on the hard disk ...
- of some machine on the network
- The contents of this hard disk appear on the file system ...
- whichever machine you log in to
- There are two major file server packages that are commonly used on Linux
- NFS
- Samba
- Samba allows files to be shared between Linux/Unix and Windows machines
- NFS only works on Linux and Unix
NFS
- NFS stands for Network File System ...
- and it only works on Unix and Linux
- NFS allows each machine on the network ...
- to make some of its directories available to other machines
- Every version of Unix and Linux has NFS as part of the kernel
- NFS makes it seem like all shared directories ...
- are part of one big file system
- Its does this through mount points
- A mount point is a directory on your machine ...
- where other shared directories will appear ...
- as if there were actually part of your local filesystem
- Directories used as mount points should be empty
- Shared NFS directories can be mounted automatically ...
- when the machine is booted ...
- or made available from the command line ...
- using the mount command
Ports and Network Conversations
- All network services involve communication over the network
- This communication takes place using packets
- Packets are chunks of information ...
- sent out over a network ...
- that allow two computers to communicate
- On the Internet, there are two major protocols for packets
- TCP
- UDP
- UDP stands for User Datagram Protocol
- TCP stands for Transmission Control Protocol
- UDP is simpler than TCP
- TCP establishes a connection between two machines
- UDP does not
- The connection means that packets can keep going back and forth ...
- until one machine gets all it needs from another
- Knowing the IP address of the machine providing a service is not enough ...
- because that machine may be talking to several other machines ...
- at the same time
- To provide for more than one conversation between machines ...
- we use ports
- A port a communication channel ...
- at a specific IP address ...
- on a specific machine
- Ports are identified by their port number
- To get a service from another machine ...
- you need its IP address ...
- and the port number
- The combination of an IP address, a port ...
- and the protocol used ...
- is called a socket
- Port number from 0 to 1023 are special
- They are known as the well-known ports
- On Linux, only root ...
- can start a process that uses a well-know port
/etc/exports
- Whenever a machine shares a directory on its hard drive ...
- with other machines on the network ...
- it must make an entry in /etc/exports
- There must one entry in this file ...
- for each directory that is shared
- Each entry will have the same format
DIRECTORY_PATHNAME HOST(OPTIONS) - DIRECTORY_PATHNAME is the absolute pathname of the shared directory ...
- on your virtual machine
- HOST is the machine or machines that can access the shared directory
- You can specify the host many ways
- By the hostname
- By the IP address
- All the machines in a specific network or subdomain
- We will use the last format in today's project
- OPTIONS specify how the directory is to be shared
autofs
- autofs mounts shared directories automatically ...
- when the machine boots
- The main configuration file for autofs is /etc/auto.master
- Each line in this file lists a mount point ...
- and points to another file ...
- with information about the directories to be mounted there
- There will be one line in this other file ...
- for each directory that will appear at the mount point
- These entries have the format
DIRECTORY_NAME HOST:ABSOLUTE_ADDRESS_OF_DIRECTORY
Private IP Addresses and the Internet
- For one computer to talk to another over the Internet ...
- both machines must be assigned IP addresses
- But most computers on a network are assigned private IP addresses ...
- which routers cannot send out over the Internet ...
- since they are not unique
- In order for machines with private IP addresses to communicate over the Internet ...
- the gateway must provide a service called Network Address Translation
In the sections that follow, the photos may not show. In that event, just check the corresponding lecture slides for the relevant images.
Using IP Addresses to Communicate over the Internet
- When you ask your browser to get you a web page ...
- it sends out a request for data to a web server ...
- using the HTTP protocol
- The web server should then respond with an HTML file
- The web server must have a public IP address ...
- to be accessible over the Internet
- Let's assume that the machine running your browser has a public IP address
- The machine running the browser must know the IP addresses of the web server ...
- as well as which port to use on that IP address
- All web servers listen for HTTP requests on port 80
- If the client machines were trying to get a web page from nytimes.com ...
- whose web server has the IP address 170.149.172.130 ...
- it would send the request to port 80 at this address ...
- which is written
170.149.172.130:80 - Since the client machine needs to get information back from the web server
- it needs to provide a return address to the web server
- This return address also consists of an IP address and a port
- The IP address will be the address of the client machine ...
- but the port number will be chosen randomly
- Let's say the client machine has IP address 139.183.134.111 ...
- and that it chooses port 2345 to receive the web page
- The client machine will send its HTTP request to
170.149.172.130:80 - giving the following as the return address
139.183.134.111:2345 - The TCP packet goes to the router of the client machine's network ...
- and since the IP address is public ...
- the router sends it out over the Internet
- Eventually, the request arrives at the router for the New York Times ...
- which sends it to the web server
- The process looks like this
- When the web server replies with the requested page ...
- information flows in the other direction
Network Address Translation
- No machine with a public IP address ...
- can contact another machine using a private IP address ...
- because private IP addresses are not routable over the Internet
- Network Address Translation is a service ...
- provided by the router
- It takes the packet sent to a machine outside the network ...
- and changes the return address
- It changes the IP part of the return address to its own IP address ...
- but it changes the port part of the return address as well
- Here is how it works
- Let's say the client has the private IP address 10.0.0.237 ...
- and that it has created a HTTP request for the New York Times web site ...
- which has the TCP address
170.149.172.130 - Since this request is sent to a web server, the port is 80
- So the destination of this request is
170.149.172.130:80 - The web browser has to pick a random port for the return message
- Let's say it picks port 2159 ...
- So the return address of for the request is
10.0.0.237:2159 - The client sends this request out on the local network ...
- where it is caught by the router
- So the situation looks like this
- The router has two IP addresses ...
- one for each of its two Ethernet cards
- One NIC connects to the local network ...
- and has a private IP address
- The other NIC connects to the Internet ...
- and has a public IP address
- Let's say the private address is
10.0.0.01 - and the public address is
87.92.131.121 - so the situation looks like this
- The router cannot send this request over the Internet ...
- even though it's destination is a public IP address ...
- because the return address is a private IP address ...
- so a reply cannot be sent back over the Internet
- Here is where NAT comes into play
- NAT changes the return address
- it changes the IP part of the return address ...
- to its own public IP address
- But what about the port number?
- Here is where NAT does something clever
- It picks its own random port number ...
- say 2333 ...
- to create the new return address
87.92.131.121:2333 - This is a valid return address ...
- for sending the request over the Internet
- But what happens where the reply comes back to this address?
- NAT needs to know where to forward the reply
- In order to do this, it creates a entry in a table
- The key for this table is the port number the router chose ...
- for public return address
- The value associated with this key ...
- is the private return address
- So here is our situation now
- Now that the request has a proper public address ...
- it can be sent out over the Internet
- When the reply is sent back ...
- the original return address is the now the destination address ...
- and the new return address points to the web server
- The reply eventually reaches the router ...
- that performed the original Network Address Translation
- Now the router has to figure out where to forward the reply
- It takes the port number on the destination address ...
- and uses it to find the real destination address
- Then it changes the destination address ...
- to the original reply address ...
- and sends the packet on its way
IP Addresses
- For a computer to talk to the Internet it must have an IP address
- The IP address is a unique number ...
- assigned to an individual machine
- There are two protocols used in forming IP addresses
- Internet Protocol version 4 (IPv4)
- Internet Protocol version 6 (IPv6)
- IPv6 was created as the world started running out ...
- of unique IPv4 addresses
- An IPv4 address looks like this
192.168.106.239 - An IPv4 address consists of 4 numbers ...
- each of which runs from 0 to 255 ...
- and are separated from the other numbers by a dot, .
- Each one of these numbers is called an octet ...
- because each one can be represented by 8 bits
- An IPv6 address consists of eight hexadecimal numbers ...
- each each of which has 4 digits ...
- and is separated from the other numbers by a colon, :
- An IPv6 address looks like this
fe80::250:56ff:fe9a:1862 - An IP address may be either public or private
- A public IP address is unique on the entire Internet
- A private IP address is only unique in a local network
Domain Names
- In order for one computer to talk to another over the Internet ...
- it must know the IP address of the other machine
- Humans are not very good a remembering numbers ...
- but they are much better at remembering names
- A domain name is a unique string of characters ...
- which corresponds to a unique IP address
- For example, the domain name www.cs.umb.edu ...
- corresponds to the public IP address 158.121.106.222
- In order to obtain a service from another machine ...
- like get a web page from a web server ...
- you need to know that machine's IP address ...
- but it is easier to remember the machines domain name
- Wherever you use a domain name ...
- you can also use the corresponding IP address
Domain Name System
- The work of turning a domain name into an IP address ...
- is performed by the Domain Name System ...
- usually abbreviated DNS
- DNS is like a phone book for the Internet
- Just like a phone book translates a name ...
- into a telephone number ...
- the Domain Name System translates a domain name ...
- into an IP address
- The mechanics of this system are governed by the DNS protocol
- Since there are many millions of IP addresses ...
- it would be impractical to have the list of all domain names ...
- and their corresponding IP addresses ...
- on a single machine
- So the Domain Name System is hierarchical
The Domain Name Hierarchy
- What makes the Domain Name System work is its hierarchical nature
- Instead of having one place that lists all IP addresses ...
- and the corresponding domain names ...
- the domain name system splits that responsibility ...
- among different machines
- Each machine is responsible for a different part of the hierarchy
- At the top of this hierarchy is the DNS Root Domain
- The DNS Root Domain has no name
- Beneath the DNS Root Domain are the Top Level Domain Names
- There are a limited number of Top Level Domain Names ...
- though new ones are being added
- Some examples are
- com
- edu
- mil
- net
- The next level in this hierarchy are domain names ...
- under a given Top Level Domain Name
- For example
- apple.com
- ibm.com
- google.com
- Once you have a domain name like this ...
- you can set up as many subdomains as you wish
- For example the CS Department has set up the cs subdomain ...
- under the registered domain name umb.edu
Components of a Domain Name
- A domain name has two components
- The name of the machine
- The name of the network
- The machine name is often the hostname ...
- though it does not have to be
- The www that is used to get to a web site ...
- designates the web server for that site ...
- but it is probably not the hostname of the web server
- A domain name can either be local ...
- or a fully qualified domain name
- A local domain name can be used on a local network ...
- but not outside that network
- A fully qualified domain name can be used anywhere in the world ...
- and the last part is always a Top Level Domain Name
- So a fully qualified domain name is like a public IP address ...
- and a local domain is like a private IP address
- Each component of a domain name is separated from what follows ...
- by a dot, .
- A you read a domain name from left to right ...
- you go from specific to more general
- Consider the machine users1 on our CS department network
- It's domain name is users1.cs.umb.edu
- This domain name has four components:
- users1
- cs
- umb
- edu
- The first part of this domain name, users1 ...
- specifies a unique machine
- The next component, cs ...
- specifies CS Department subdomain
- The next component, umb ...
- is a name registered under edu
- The last component, edu ...
- is the Top Level Domain Name
How DNS Works
- There are two parts to the DNS system
- Domain name registration
- Domain name resolution
- To obtain a domain name visible on the Internet ...
- you have to go to a domain name registrar
- Registrars only only deal with certain Top Level Domain Names
- The domain name registrar is also responsible for providing a machine ...
- that serves as the source of all information about the domain
- This machine is called an authoritative name server
- So when our University acquired the domain name umb.edu ...
- it had to contact a domain registrar ...
- for the top level domain edu
- to register the domain name umb
- This is the registration part of the DNS system
- This registrar provides an authoritative name server ...
- that points all requests for domain names ending in umb.edu ...
- to a machine on our network
- This machine serves as the authoritative name server ...
- for any domain that ends in umb.edu
- Every subdomain of a fully qualified domain name ...
- must have an authoritative name server for that subdomain
- Each authoritative name server is responsible for providing IP addresses ...
- for domain names in its zone
- The zone consists of the network and subnetworks ...
- for which that proper authoritative name server ...
- is the ultimate authority
- Though one machine can be an authoritative name server ...
- many other machines are given copies of the information ...
- to spread out the workload
- The process of turning a domain name into an IP address ...
- is called DNS name resolution
- This is the second part of the DNS system
DNS Name Resolution
- DNS name resolution is something that happens ...
- every time you put a domain name into your browser
- Every Unix machine has a DNS configuration file /etc/resolv.conf
- This file contains the address of the first machine to ask ...
- for the IP address that corresponds to a given domain name
- In Ubuntu this file is generated automatically ...
- by the resolvconf utility
- This DNS server will will consult its cache of domain names ...
- to see if it already knows the IP address you are looking for
- If the name is not in the cache ...
- what happens next depends on the configuration of this DNS Server
- If has been configured with a forwarder ...
- it contacts that machine for the IP address
- A forwarder is a machine that that one DNS Server contacts ...
- when it cannot resolve a domain name
- If no forwarder is configured ...
- the DNS Server contacts the root name server
- The root name server has the IP address ...
- of every top level domain name ...
- such as com, edu and org
- With this information the DNS server contacts the the top level domain server ...
- and asks for the IP address of the authoritative name server ...
- for the first part of the domain name
- With this information, the DNS server contacts the authoritative name server ...
- and asks for the IP address it is looking for
- If the domain name has several components ...
- the process of contacting an authoritative domain server ...
- may happen more than once
- All of the above is spelled out on page 269 of Beginning Ubuntu LTS Server Administration
Configuring DNS on it20
- The name of the DNS server software Linux uses is BIND ...
- which stands for Berkeley Internet Name Domain
- The name of the BIND name server daemon is named
- The software package Ubuntu uses for DNS is bind9
- The package was installed using apt-get
sudo apt-get install bind9 - This service can restarted, after configuration changes, using
sudo service bind9 restart - The configuration files for BIND are located in /etc/bind/
- The configuration file for the named daemon is /etc/bind/named.conf
- Our DNS is set up to provide to serve as a DNS server for three different zones
- Each of these zones provides the IP address for the virtual machines on our Lab network ...
- but they provide these addresses to machines on three different subnets
- internals - provides the IP addresses to machines on the Lab network, it.cs.umb.edu
- cslan - provides the IP addresses to machines on the CS LAN cs.umb.edu
- external - provides the IP address to any machine on the internet
- The primary configuration file for the named daemon is /etc/bind/named.conf
- On it20, this file does little but reference /etc/bind/named.conf.local
- This file contains the first information about the zones ...
- but the actual addresses associated with each machine's hostname is contained in separate zone files
- Inside /etc/bind you will see directories for each zone
- Inside each of these directories is a db.it file ...
- with hostnames of the virtual machines ...
- and the IP addresses for each one
- Once these files are all properly configured ...
- the hosts line in /etc/nsswitch.conf ...
- must be changed to
hosts: dns files - This line instructs it20 to use its own DNS service for name resolution ...
- before using its version of /etc/hosts
- After this configuration was done, the service had to be restarted
/etc/init.d/bind9 restart