Difference between revisions of "Named"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
 
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This needs work.
+
= Named serves DNS records =
  
named runs on einstein and roentgen, thus making these system DNS servers.
+
Named is the deamon that provides DNS services. It runs on [[jalapeno]], <strike> and [[lentil]] </strike>, where [[jalapeno]] is the master <strike>and [[lentil]] is the slave </strike>. These DNS services are only accessible <strike>on the backend network: 10.0.0.253 for jalapeno.</strike> on the "peers" group, i.e. the backend and the UNH network.
 +
 
 +
The configuration for DNS is in /etc/named.conf
 +
The entries for the DNS are on '''jalapeno''' in /var/named/<br>
 +
After making any edits, make sure you reload the tables: /etc/init.d/named reload
 +
 
 +
Note that to make use of jalapeno as a name server, the resolve.conf of the node has to have 10.0.0.253 come first. The UNH name servers will return the nuclear.unh.edu for anything *physics.unh.edu and thus give the wrong address for *.farm.physics.unh.edu
 +
 
 +
Configuration information for named i.e. BIND is found here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-BIND.html
 +
 
 +
There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working.
 +
 
 +
=== Securing ===
 +
See: https://www.us-cert.gov/ncas/alerts/TA13-088A
 +
Seems our system was used in a DDOS attack on Feb 22, 2016
 +
This was set wide open. Seems Aaron’s legacy, still had Xemed and “9green”, “sunsetlabs” etc in it, but commented out.
 +
I now restricted query, transfer and recursion to “peers”: local systems and the farm.
 +
 
 +
= OLD CONFIGURATION =
 +
 
 +
Comments below were for the old configuration. This is no longer the case.
 +
 
 +
Named used to run on Jalapeño and tomato, but it no longer runs on tomato. The alternate system is now lentil.
 +
 
 +
== Named (Bind) Configuration ==
 +
 
 +
We run named in a "chroot jail" for safety. The jail is in /var/named/chroot. See [http://www.faqs.org/docs/Linux-HOWTO/Chroot-BIND-HOWTO.html Chroot-BIND-HOWTO].
 +
The chroot directory does NOT need a "proc", which messes up backups of "var". "dev" also messes up the backups, but I'm unsure about whether this is actually necessary.

Latest revision as of 21:52, 27 February 2016

Named serves DNS records

Named is the deamon that provides DNS services. It runs on jalapeno, and lentil , where jalapeno is the master and lentil is the slave . These DNS services are only accessible on the backend network: 10.0.0.253 for jalapeno. on the "peers" group, i.e. the backend and the UNH network.

The configuration for DNS is in /etc/named.conf The entries for the DNS are on jalapeno in /var/named/
After making any edits, make sure you reload the tables: /etc/init.d/named reload

Note that to make use of jalapeno as a name server, the resolve.conf of the node has to have 10.0.0.253 come first. The UNH name servers will return the nuclear.unh.edu for anything *physics.unh.edu and thus give the wrong address for *.farm.physics.unh.edu

Configuration information for named i.e. BIND is found here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-BIND.html

There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working.

Securing

See: https://www.us-cert.gov/ncas/alerts/TA13-088A Seems our system was used in a DDOS attack on Feb 22, 2016 This was set wide open. Seems Aaron’s legacy, still had Xemed and “9green”, “sunsetlabs” etc in it, but commented out. I now restricted query, transfer and recursion to “peers”: local systems and the farm.

OLD CONFIGURATION

Comments below were for the old configuration. This is no longer the case.

Named used to run on Jalapeño and tomato, but it no longer runs on tomato. The alternate system is now lentil.

Named (Bind) Configuration

We run named in a "chroot jail" for safety. The jail is in /var/named/chroot. See Chroot-BIND-HOWTO. The chroot directory does NOT need a "proc", which messes up backups of "var". "dev" also messes up the backups, but I'm unsure about whether this is actually necessary.