Difference between revisions of "Named"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
Line 1: Line 1:
 
= Named serves DNS records =
 
= Named serves DNS records =
  
Named is the deamon that provides DNS services. It runs on [[jalapeno]], and [[lentil]], where [[jalapeno]] is the master and [[lentil]] is the slave. These DNS services are only accessible on the backend network: 10.0.0.253 for jalapeno.
+
Named is the deamon that provides DNS services. It runs on [[jalapeno]], <strike> and [[lentil]] </strike>, where [[jalapeno]] is the master <strike>and [[lentil]] is the slave </strike>. These DNS services are only accessible <strike>on the backend network: 10.0.0.253 for jalapeno.</strike> on the "peers" group, i.e. the backend and the UNH network.  
  
 
The configuration for DNS is in /etc/named.conf
 
The configuration for DNS is in /etc/named.conf
Line 12: Line 12:
  
 
There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working.
 
There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working.
 +
 +
=== Securing ===
 +
See: https://www.us-cert.gov/ncas/alerts/TA13-088A
 +
Seems our system was used in a DDOS attack on Feb 22, 2016
 +
This was set wide open. Seems Aaron’s legacy, still had Xemed and “9green”, “sunsetlabs” etc in it, but commented out.
 +
I now restricted query, transfer and recursion to “peers”: local systems and the farm.
  
 
= OLD CONFIGURATION =
 
= OLD CONFIGURATION =

Latest revision as of 21:52, 27 February 2016

Named serves DNS records

Named is the deamon that provides DNS services. It runs on jalapeno, and lentil , where jalapeno is the master and lentil is the slave . These DNS services are only accessible on the backend network: 10.0.0.253 for jalapeno. on the "peers" group, i.e. the backend and the UNH network.

The configuration for DNS is in /etc/named.conf The entries for the DNS are on jalapeno in /var/named/
After making any edits, make sure you reload the tables: /etc/init.d/named reload

Note that to make use of jalapeno as a name server, the resolve.conf of the node has to have 10.0.0.253 come first. The UNH name servers will return the nuclear.unh.edu for anything *physics.unh.edu and thus give the wrong address for *.farm.physics.unh.edu

Configuration information for named i.e. BIND is found here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-BIND.html

There is STILL a problem with the UNH network and the forwarding request reaching servers. On September 16 2014 this completely stopped working.

Securing

See: https://www.us-cert.gov/ncas/alerts/TA13-088A Seems our system was used in a DDOS attack on Feb 22, 2016 This was set wide open. Seems Aaron’s legacy, still had Xemed and “9green”, “sunsetlabs” etc in it, but commented out. I now restricted query, transfer and recursion to “peers”: local systems and the farm.

OLD CONFIGURATION

Comments below were for the old configuration. This is no longer the case.

Named used to run on Jalapeño and tomato, but it no longer runs on tomato. The alternate system is now lentil.

Named (Bind) Configuration

We run named in a "chroot jail" for safety. The jail is in /var/named/chroot. See Chroot-BIND-HOWTO. The chroot directory does NOT need a "proc", which messes up backups of "var". "dev" also messes up the backups, but I'm unsure about whether this is actually necessary.