Differences

This shows you the differences between two versions of the page.

--- freelabs:dnssec:dnssec-workshop-20240812 [2024/08/12 15:14]
cacty Create
+++ freelabs:dnssec:dnssec-workshop-20240812 [2024/08/12 15:20] (current)
cacty Correct few glitches.
@@ Line 1: / Line 1: @@
+Source : https://nsrc.org/workshops/2023/icann-tr-dnssec/dns/materials/labs/en/New-lab-setup-configure-zone.html
@@ Line 32: / Line 38: @@
     grp32-ns1 & grp32-ns2 : secondary authoritative servers
-NOTE: In all this lab, be carefull to always replace 32 by your Group number in IP addresses, server name and any other place where required. Same for <lab_domain> to be replace by the domain name registered for the class.
+NOTE: In all this lab, be carefull to always replace 32 by your Group number in IP addresses, server name and any other place where required. Same for yaounde to be replace by the domain name registered for the class.
 Configure primary authoritative server (BIND)
 Intro
-We are going to configure a hidden authoritative server and create the authoritative zone grp32.<lab_domain>.te-labs.training.
+We are going to configure a hidden authoritative server and create the authoritative zone grp32.yaounde.te-labs.training.
 What we already know
-Our "parent" (<lab_domain>.te-labs.training) has already created the following in its own zone:
+Our "parent" (yaounde.te-labs.training) has already created the following in its own zone:
 ; grp32
-grp32             NS          ns1.grp32.<lab_domain>.te-labs.training.
+grp32             NS          ns1.grp32.yaounde.te-labs.training.
-grp32             NS          ns2.grp32.<lab_domain>.te-labs.training.
+grp32             NS          ns2.grp32.yaounde.te-labs.training.
 ; ---Placeholder for grp32 DS record (DO NOT MANUALLY EDIT THIS LINE)---
 ns1.grp32         A           100.100.32.130
@@ Line 65: / Line 71: @@
 $TTL    300
-@       IN      SOA     grp32.<lab_domain>.te-labs.training. dnsadmin.<lab_domain>.te-labs.training. (
+@       IN      SOA     grp32.yaounde.te-labs.training. dnsadmin.yaounde.te-labs.training. (
          ; Serial
          ; Refresh
@@ Line 74: / Line 80: @@
 ; grp32
-@             NS           ns1.grp32.<lab_domain>.te-labs.training.
+@             NS           ns1.grp32.yaounde.te-labs.training.
-@             NS           ns2.grp32.<lab_domain>.te-labs.training.
+@             NS           ns2.grp32.yaounde.te-labs.training.
 ns1         A           100.100.32.130
@@ Line 88: / Line 94: @@
 In the configuration file /etc/bind/named.conf.local we put the statement "zone":
-zone "grp32.<lab_domain>.te-labs.training" {
+zone "grp32.yaounde.te-labs.training" {
         type master;
         file "/etc/bind/zones/db.grp32";
@@ Line 98: / Line 104: @@
 rndc reload
-root@soa:/etc/bind# dig @localhost soa grp32.<lab_domain>.te-labs.training.
+root@soa:/etc/bind# dig @localhost soa grp32.yaounde.te-labs.training.
-; <<>> DiG 9.16.1-Ubuntu <<>> @localhost soa grp32.<lab_domain>.te-labs.training.
+; <<>> DiG 9.16.1-Ubuntu <<>> @localhost soa grp32.yaounde.te-labs.training.
 ; (2 servers found)
 ;; global options: +cmd
@@ Line 111: / Line 117: @@
 ; COOKIE: 270e2c46ed443c1c01000000609c59f04ba85015ff71998d (good)
 ;; QUESTION SECTION:
-;grp32.<lab_domain>.te-labs.training.        IN      SOA
+;grp32.yaounde.te-labs.training.        IN      SOA
 ;; ANSWER SECTION:
-grp32.<lab_domain>.te-labs.training. 30 IN   SOA     grp32.<lab_domain>.te-labs.training. dnsadmin.<lab_domain>.te-labs.training. 1 604800 86400 2419200 86400
+grp32.yaounde.te-labs.training. 30 IN   SOA     grp32.yaounde.te-labs.training. dnsadmin.yaounde.te-labs.training. 1 604800 86400 2419200 86400
 ;; Query time: 0 msec
@@ Line 143: / Line 149: @@
 //include "/etc/bind/zones.rfc1918";
-zone "grp32.<lab_domain>.te-labs.training" {
+zone "grp32.yaounde.te-labs.training" {
         type slave;
         file "/etc/bind/zones/db.grp32.slave";
@@ Line 170: / Line 176: @@
              └─739 /usr/sbin/named -f -u bind
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: all zones loaded
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: all zones loaded
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: running
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: running
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: zone grp32.<lab_domain>.te-labs.training/IN: Transfer started.
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: zone grp32.yaounde.te-labs.training/IN: Transfer started.
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: transfer of 'grp32.<lab_domain>.te-labs.training/IN' from 100.100.2.66#53: connec>
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: transfer of 'grp32.yaounde.te-labs.training/IN' from 100.100.2.66#53: connec>
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: zone grp32.<lab_domain>.te-labs.training/IN: transferred serial 1
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: zone grp32.yaounde.te-labs.training/IN: transferred serial 1
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: transfer of 'grp32.<lab_domain>.te-labs.training/IN' from 100.100.2.66#53: Transf>
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: transfer of 'grp32.yaounde.te-labs.training/IN' from 100.100.2.66#53: Transf>
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: transfer of 'grp32.<lab_domain>.te-labs.training/IN' from 100.100.2.66#53: Transf>
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: transfer of 'grp32.yaounde.te-labs.training/IN' from 100.100.2.66#53: Transf>
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: zone grp32.<lab_domain>.te-labs.training/IN: sending notifies (serial 1)
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: zone grp32.yaounde.te-labs.training/IN: sending notifies (serial 1)
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer com>
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer com>
-May 13 04:25:43 ns1.grp32.<lab_domain>.te-labs.training named[739]: resolver priming query complete
+May 13 04:25:43 ns1.grp32.yaounde.te-labs.training named[739]: resolver priming query complete
 We now configure the server ns2 [ns2.grp32]
@@ Line 208: / Line 214: @@
 zone:
-    name: "grp32.<lab_domain>.te-labs.training"
+    name: "grp32.yaounde.te-labs.training"
-    zonefile: "grp32.<lab_domain>.te-labs.training.forward"
+    zonefile: "grp32.yaounde.te-labs.training.forward"
     include-pattern: "fromprimary"
@@ Line 235: / Line 241: @@
              └─640 /usr/sbin/nsd -d
-May 13 05:02:35 ns2.grp32.<lab_domain>.te-labs.training systemd[1]: Starting Name Server Daemon...
+May 13 05:02:35 ns2.grp32.yaounde.te-labs.training systemd[1]: Starting Name Server Daemon...
-May 13 05:02:35 ns2.grp32.<lab_domain>.te-labs.training nsd[638]: nsd starting (NSD 4.1.26)
+May 13 05:02:35 ns2.grp32.yaounde.te-labs.training nsd[638]: nsd starting (NSD 4.1.26)
-May 13 05:02:35 ns2.grp32.<lab_domain>.te-labs.training nsd[638]: [2021-05-13 05:02:35.865] nsd[638]: notice: nsd starting (NSD 4.1.26)
+May 13 05:02:35 ns2.grp32.yaounde.te-labs.training nsd[638]: [2021-05-13 05:02:35.865] nsd[638]: notice: nsd starting (NSD 4.1.26)
-May 13 05:02:35 ns2.grp32.<lab_domain>.te-labs.training nsd[639]: nsd started (NSD 4.1.26), pid 638
+May 13 05:02:35 ns2.grp32.yaounde.te-labs.training nsd[639]: nsd started (NSD 4.1.26), pid 638
-May 13 05:02:35 ns2.grp32.<lab_domain>.te-labs.training nsd[639]: [2021-05-13 05:02:35.922] nsd[639]: notice: nsd started (NSD 4.1.26), pid 638
+May 13 05:02:35 ns2.grp32.yaounde.te-labs.training nsd[639]: [2021-05-13 05:02:35.922] nsd[639]: notice: nsd started (NSD 4.1.26), pid 638
-May 13 05:02:35 ns2.grp32.<lab_domain>.te-labs.training systemd[1]: Started Name Server Daemon.
+May 13 05:02:35 ns2.grp32.yaounde.te-labs.training systemd[1]: Started Name Server Daemon.
 Test your zone configuration and propagation.
@@ Line 247: / Line 253: @@
 We will now use dig tool to verify our own zone configuration and propagation, then do the same for one or two other groups in the class and share comments. From your client, run the following dig queries. All should return answer otherwise you should review your configurations before continiuing:
-    dig soa grp32.<lab_domain>.te-labs.training. @100.100.32.66
+    dig soa grp32.yaounde.te-labs.training. @100.100.32.66
-    dig soa grp32.<lab_domain>.te-labs.training. @100.100.32.130
+    dig soa grp32.yaounde.te-labs.training. @100.100.32.130
-    dig soa grp32.<lab_domain>.te-labs.training. @100.100.32.131
+    dig soa grp32.yaounde.te-labs.training. @100.100.32.131
-    dig soa grp32.<lab_domain>.te-labs.training. @100.100.32.131 +short
+    dig soa grp32.yaounde.te-labs.training. @100.100.32.131 +short
-    dig soa grp32.<lab_domain>.te-labs.training. @100.100.32.131 +multi
+    dig soa grp32.yaounde.te-labs.training. @100.100.32.131 +multi
-    dig NS grp32.<lab_domain>.te-labs.training. @100.100.32.130
+    dig NS grp32.yaounde.te-labs.training. @100.100.32.130
-    dig NS grp32.<lab_domain>.te-labs.training. @100.100.32.130 +multi
+    dig NS grp32.yaounde.te-labs.training. @100.100.32.130 +multi
 Zone transfer
@@ Line 276: / Line 282: @@
 Source : https://nsrc.org/workshops/2023/icann-tr-dnssec/dns/materials/labs/en/New-lab-setup-configure-zone.html

cmNOG wiki

User Tools

Site Tools

Differences

Page Tools